Privacy Policy

Privacy Policy

1. Introduction

With the following information, we would like to provide you as the “data subject” with an overview of the processing of your personal data by us and your rights under data protection laws. The use of our websites is generally possible without entering personal data. However, if you wish to make use of specific services offered by our company through our website, it might become necessary to process personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent. The processing of personal data, such as your name, address, or email address, always occurs in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “KelCon GmbH.” Through this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process. As the entity responsible for processing, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection of the personal data processed through this website. Nevertheless, internet-based data transmissions can have inherent security vulnerabilities, and therefore, absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us through alternative means, such as by telephone or postal mail.

2. Controller

The controller according to the GDPR is:

KelCon GmbH

Tauentzienstr. 1

10789 Berlin

Phone: 030 – 679 66 88 500

Fax: 030 – 679 66 88 55

Email: info@kelcon.de

Head of the responsible entity: Steffen Liebich

(see also our Imprint). https://www.kelcon.de/de/impressum

3. Data Protection

Officer You can reach our Data Protection Officer at datenschutzbeauftragter@kelcon.de or at our postal address with the addition “Data Protection Officer”.

4. Definitions

The privacy policy is based on the terminology used by the European Directive and Regulation legislator in the enactment of the General Data Protection Regulation (GDPR). Our privacy policy aims to be easily readable and comprehensible for both the public and our customers and business partners. To ensure this, we would like to explain the terminologies used beforehand. In this privacy policy, we use the following terms among others:

1. Personal Data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Data Subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.

5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

6. Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. Processor

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

8. Recipient

Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

9. Third Party

Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

10. Consent

Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of their personal data.

5. Legal Basis of Processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations necessary for carrying out pre-contractual measures, for example, in cases of inquiries about our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were to be injured and their name, age, health insurance data, or other vital information would need to be passed on to a doctor, hospital, or other third parties. In this scenario, the processing would be based on Article 6(1)(d) of the GDPR. Finally, processing operations could be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal grounds, when processing is necessary for the legitimate interests pursued by our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override such interests. Such processing operations are particularly permitted to us because they have been mentioned specifically by the European legislator. He considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 of the GDPR).

6. Technology

6.1 SSL/TLS Encryption

To ensure the security of data processing and protect the transmission of confidential content such as orders, login information, or contact requests that you send to us as the operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the “https://” in the address bar of your browser and the padlock symbol in your browser’s address bar. When SSL/TLS encryption is enabled, the data you transmit to us cannot be intercepted by third parties.

When using our website for purely informational purposes, i.e., if you do not register or provide us with information in any other way, we only collect the data that your browser transmits to our server (in so-called “server log files”). With each visit to a page on our website, our website automatically collects a range of general data and information. These general data and information are stored in the server log files.

The following data can be collected:

1. Types and versions of browsers used

2. Operating system used by the accessing system

3. Website from which an accessing system reaches our website (so-called referrer)

4. Subpages accessed on our website by an accessing system

5. Date and time of access to the website

6. Internet Protocol address (IP address)

7. Internet service provider of the accessing system

We do not draw any conclusions about your identity from the use of this general data and information. Rather, this information is needed to:

1. Correctly deliver the content of our website

2. Optimize the content of our website and its advertising

3. Ensure the ongoing functionality of our IT systems and the technology of our website

4. Provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack

We analyze this collected data and information both statistically and with the aim of increasing data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The data from the server log files is stored separately from all personal data provided by an individual. The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes listed above for data collection.

7. Cookies

We use cookies on our website. These are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, trojans, or other malicious software. The cookie stores information related to the specific end device being used. However, this does not mean that we gain immediate knowledge of your identity through this. The use of cookies serves, on the one hand, to make your use of our offerings more convenient. For instance, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our site. Furthermore, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a defined period of time. When you revisit our site to utilize our services, it is automatically recognized that you have been with us before and what inputs and settings you have made, so you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These cookies enable us to automatically recognize, upon revisiting our site, that you have already been here. These cookies are automatically deleted after a defined period of time. The data processed through cookies is necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties according to Article 6(1)(f) of the GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that you are always prompted before a new cookie is created. Nevertheless, completely deactivating cookies may lead to not being able to use all functions of our website.

8. Content of Our Website

We collect and process personal data of applicants for the purpose of handling the application process. Processing can also take place electronically, especially when an applicant submits application documents electronically, for example via email or through a web form on the website. If we enter into an employment contract with an applicant, the transmitted data will be stored for the purpose of handling the employment relationship in compliance with legal regulations. If we do not enter into an employment contract with the applicant, the application documents will be automatically deleted six months after the decision to reject the application, unless other legitimate interests on our part oppose deletion. Another legitimate interest in this context could be the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG). The data processing is based solely on our legitimate interest according to Article 6(1)(f) of the GDPR.

We process the personal data provided with your registration to ensure a smooth process during your registration, access control, and the course of the congress. The processing of your personal data is based on the legal grounds of Article 6(1)(a), (b), and (f) of the GDPR (consent, contract performance, legitimate interest). The requirements of consent according to Article 7 have been fulfilled. We generally assume an indefinite business relationship, therefore, we will delete your data only after eighteen months have passed. If legal obligations for retention (commercial and tax law) oppose deletion, the data will be deleted after the expiration of these periods. The data processing is based solely on our legitimate interest according to Article 6(1)(f) of the GDPR.

We are delighted that you are interested in one of our events. To process your registration, it is necessary to process and store your personal data. The processing of your personal registration data is in accordance with the General Data Protection Regulation and with the specific data protection regulations applicable to KelCon GmbH. For this purpose, KelCon GmbH has implemented numerous technical and organizational measures to ensure the protection of your applicant data.

For what purposes is the processing of your personal data necessary, and what are the legal bases? We process the personal data provided with your registration to ensure a smooth process during your registration, access control, and the course of the congress. The processing of your personal data is based on the legal grounds of Article 6(1)(a), (b), and (f) of the GDPR (consent, contract performance, legitimate interest). The requirements of consent according to Article 7 have been fulfilled.

Who receives your data? We treat your data confidentially. We only transfer data to third parties when it is absolutely necessary and there is a corresponding legal basis. For example, to: Internally (individuals responsible for organizing the event at KelCon GmbH) Externally (tax consultants, authorities, partner companies). We also share your data with external service providers who support us in the field of IT, archiving, and destruction, and with whom separate contracts for data processing have been concluded. Additionally, in individual cases, legal obligations may arise for data transmission, but these arise only in specific cases and not as a general rule. There is no transmission to third countries.

How long do we keep your data? We generally assume an indefinite business relationship, therefore, we will delete your data only after eighteen months have passed. If legal obligations for retention (commercial and tax law) oppose deletion, the data will be deleted after the expiration of these periods.

Provision of personal data and consequences of non-provision: Registration without providing the required information is not possible.

Automated decision-making: There is no automated decision-making or profiling.

9. Newsletter Dispatch

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range via email. For this, we do not need to obtain separate consent from you according to § 7(3) of the German Unfair Competition Act (UWG). The data processing is based solely on our legitimate interest in personalized direct advertising according to Article 6(1)(f) of the GDPR. If you initially objected to the use of your email address for this purpose, we will not send any emails for this purpose. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the responsible party mentioned at the beginning. For this, you will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.

10. Plugins and Other Services

Our website uses web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for a consistent display of fonts. When you visit a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly. For this purpose, the browser you are using must establish a connection to Google’s servers. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts serves the purpose of a uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Google Ireland Limited, based in Ireland, is certified under the EU-US Privacy Shield framework, which ensures compliance with the level of data protection applicable in the EU. For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and consult Google’s Privacy Policy: https://www.google.com/policies/privacy/

11. Your Rights as a Data Subject

11.1 Right to Confirmation You have the right to request confirmation from us as to whether or not personal data concerning you is being processed.

11.2 Right to Information (Article 15 GDPR) You have the right to obtain from us free-of-charge information about the personal data stored about you and to receive a copy of this data.

11.3 Right to Rectification (Article 16 GDPR) You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data.

11.4 Deletion (Article 17 GDPR) You have the right to demand that the personal data concerning you be deleted without undue delay if one of the legally prescribed grounds applies and to the extent that processing is not required.

11.5 Restriction of Processing (Article 18 GDPR) You have the right to request us to restrict processing if one of the legal conditions is met.

11.6 Data Portability (Article 20 GDPR) You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability pursuant to Article 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible, and where this does not adversely affect the rights and freedoms of others.

11.7 Objection (Article 21 GDPR) You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is based on Article 6(1)(e) (processing in the public interest) or (f) (processing based on a legitimate interest) GDPR, including profiling based on those provisions. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims. In individual cases, we process personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such advertising. This also applies to profiling to the extent that it is associated with such direct marketing. If you object to us processing your personal data for direct marketing purposes, we will no longer process your personal data for these purposes. Additionally, you have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary to fulfill a task carried out in the public interest. You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

11.8 Withdrawal of Consent to Data Processing You have the right to withdraw consent to the processing of personal data at any time with effect for the future.

11.9 Complaint to a Supervisory Authority You have the right to lodge a complaint with a supervisory authority responsible for data protection about our processing of personal data.

12. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal regulations to which our company is subject. If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the legal provisions.

13. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiration of the period, the corresponding data will be routinely deleted unless they are no longer necessary for the fulfillment of a contract or for contract initiation.

This privacy policy is currently valid and is as of June 2020.

Due to the ongoing development of our websites and offerings or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed by you at any time on the website at https://www.kelcon.de/en/privacy-policy.