Information pursuant to the EU General Data Protection Regulation (GDPR) for ITB Buyers Circle Members
Messe Berlin GmbH (herinafter "Messe Berlin") attaches great importance to data protection. This information notice informs about the processing of the personal data in connection with the ITB Buyers Circle and supplements the Data Protection Notice on the website of Messe Berlin. For particular processing activities there will be separate information notices, where necessary.
1. Controller and data protection officer
Controller within the meaning of the General Data Protection Regulation (GDPR): Messe Berlin GmbH, Messedamm 22, 14055 Berlin, Germany, e-mail: info@messe-berlin.de. Data protection officer: group data protection officer of Messe Berlin (address: as before; e-mail: datenschutz@messe-berlin.de).
2. Categories and sources of personal data
Messe Berlin processes the following data in connection with the application for participation in the ITB Buyers Circle: First name, last name, e-mail address, telephone number, position seniority as well as company name, address and website. In addition, further information such as type and size of company, purchasing volume, transaction volume, professional interest in participating in ITB Berlin, geographical interests, interests in products and services as well as the level of responsibility in the professional position will be requested.
The complete information is required to evaluate the application for participation in the ITB Buyers Circle.
In addition, information can be requested about the respective interest in participating in event-specific segments, events and functions. When choosing the time and place of participation, a corresponding preference such as fixed days or times is collected.
After registration, the evaluation process begins. To simplify and accelerate the evaluation process, registrants can voluntarily provide their LinkedIn profile via the associated LinkedIn link.
To enable ITB Buyers Circle members to participate in ITB events and trade fairs, further registration in the ticket shop or on the digital event platform of the respective event is necessary in some cases. Further information on data processing and data protection rights can be found in the separate data protection notices there. Otherwise, ITB Buyers Circle members will receive the ticket automatically by email; this can either be printed out or saved as a file on a mobile device. In addition to the date and times, the type of ticket, the event and whether the ticket was redeemed, as well as related communication with the ITB Buyers Circle members, will be processed.
At events where a personal check by the Federal Criminal Police Office (BKA) or the State Criminal Police Office (LKA) is required, the name at birth, date of birth and place of birth are also mandatorily collected.
When registrants perform ITB Buyers Circle membership for another person (third party) or provide their data, they must ensure and assure that they are authorized to provide Messe Berlin these third-party data, that Messe Berlin may lawfully process these data for the purposes stated in section 3 and that the person(s) concerned have been sufficiently informed about the processing of the person's data pursuant to this notice.
3. Purposes and legal basis of processing
a. Performance of the contract and legitimate interest
Messe Berlin processes personal contact data pursuant to Section 2 to establish, process and handle the application for “ITB Buyers Circle” and performance of the relationship with Messe Berlin that probably initiates a contract (legal basis: Art. 6 (1) (b) GDPR).
Furthermore, Messe Berlin process the personal data regarding the professional interest in attending ITB Berlin, position’s level of responsibility and geographical interests as well as the data of the company (section 2) to evaluate the registration appropriately. The legal basis is the legitimate interest of Messe Berlin to select an exclusive and high-quality group of buyers in the industry and to ensure this quality feature for the "ITB Buyers Circle" (legal basis: Art. 6 (1) (f) GDPR).
If a LinkedIn profile is provided via the associated LinkedIn link, the profile data will neither be collected nor processed in any other way than to use it exclusively for the verification process, which includes comparing the data in your profile with the information on the questionnaire (section 2). The legal basis is the legitimate interest of Messe Berlin to simplify and accelerate the evaluation process (legal basis: Art. 6 (1) (f) GDPR).
Registrants whose applications cannot be considered will be informed by ITB Berlin by e-mail after the evaluation. The eligible candidates will also be informed by e-mail confirming their membership in the "ITB Buyers Circle".
The data of confirmed ITB Buyers Circle members are automatically forwarded to the digital matchmaking platform “ITB Match & Meet” and “ITB Speed Networking Tool”, both hosted by the software provider Eyeled GmbH, Geschäftsanschrift: Science Park 1, 66123 Saarbrücken, Germany. The name and company name will be visible to all suppliers who use the matchmaking platform ITB Match & Meet. The visibility of the profile can be deactivated any time. For participating in the matching process for the Speed Networking the personal profile must be initially proactively activated. The purpose of this is to offer ITB Buyers Circle members a more efficient service and the best variety of suitable business contacts to meet during the ITB Speed Networking event and therefore establish relevant new business contacts. The legal basis for the transfer of your personal data to ITB Match & Meet and Speed Networking and the processing of your personal data within the tools is your contract with Messe Berlin for ITB Buyers Circle (Art. 6 (1) (b) GDPR. Further information on data processing in Match & Meet and Speed Networking can be found in the respective data protection notices, provided here.
Applications of applicants which were not considered can be stored and used for further application procedures, if the applicant agrees to it. The legal basis for this data processing is the consent of the applicant (Art. 6 (1) (a) GDPR).
b. Support of companies with headquarters outside Germany
Insofar as a company is established outside Germany, Messe Berlin will transmit the data for the purpose of providing advice to the competent foreign representative in the respective country. This representative will be available as a local contact, in particular for providing information in connection with the event, including subsequent events, and support at the event. For the competent foreign representative, please see here. The transmission of the personal data is based on the performance of the contract with the company (legal basis: Art. 6 (1) (b) GDPR).
c. Lead tracking service and transmisson
Messe Berlin offers exhibitors the use of a lead scanning app. This service allows the exhibitor to scan the ticket or badge of the participant of an event and thus obtain their contact information similar to the exchange of business cards. If the exhibitor scans a QR code on the participant's ticket or badge using the QR code scanner of the Lead Scanning App, the matching data record is determined in the customer database of Messe Berlin and the following data are made available to the exhibitor, also for the purpose of direct advertising: title, name, company, function, department, industry, areas of responsibility, postal address and e-mail address. The exhibitor may supplement this data record at his own discretion with further information, such as a note, evaluation or categorization of the participant by the exhibitor. Messe Berlin has no influence on this and does not use this additionally collected data for further purposes. The exhibitor can download the complete data record including any additions made by the exhibitor. Exhibitors must separately inform visitors about their processing activities, including processing purposes, and must obtain the consent of visitors to the transfer of their data from Messe Berlin to the exhibitor when they scan the QR code on the ticket or badge (legal basis: Art. 6 (1) (a) GDPR). Messe Berlin and the respective exhibitor using the Lead Scanning App are joint controllers within the meaning of the GDPR for data processing in connection with the use of the Lead Scanning App. Messe Berlin and the respective exhibitor have concluded an agreement in accordance with Art. 26 GDPR, which specifies who fulfills which obligations under the GDPR in accordance with the division of responsibilities.
d. Contact and processing for information and advertising purposes by companies of the Messe Berlin group
Furthermore, Messe Berlin processes the personal data for the purpose of contacting user in order to provide them with information accompanying the trade fair/event. This includes the periodic or event-related electronic dispatch of information about Messe Berlin and its affiliated companies, trade fair/event-related information about Messe Berlin's own events and guest events, including exhibitors, sponsors, association and other cooperation partners of the respective event, as well as their products and services, and information about opening, accompanying and subsequent events. Subsequent events also include other trade fairs and events organized or held by Messe Berlin or other Messe Berlin group companies in Germany and abroad. Messe Berlin also process the personal data for purposes of market research and online surveys. The processing is based on the legitimate interest of Messe Berlin in providing the users with support before, during and after the trade fair or event and in advertising identical and similar products or services from the trade fair portfolio of the Messe Berlin group of companies (legal basis: Art. 6 (1) (f) GDPR).
4. Categories of recipients of the data
As described in sections 3 above, Messe Berlin will transfer the personal data to foreign representatives or other companies of the Messe Berlin group of companies for the afore-mentioned purposes. External service providers are used to carry out certain processing activities (in particular lead tracking, networking tool, event platform, communication activities, hosting, IT support), which process the personal data on behalf of Messe Berlin (so-called “processors”). In the case of events held in cooperation with associations or business partners, Messe Berlin will also transfer the data to them. At some events, separate consent is obtained to provide data to third person for the purpose of direct marketing.
Insofar as persons subject to particular personal protection by the Federal Criminal Police Office (Bundeskriminalamt – BKA) or the Federal State Criminal Police Office (Landeskriminalamt – LKA) (for example, constitutional organs such as the Federal President or the Federal Government or foreign guests) participate in events, the BKA or LKA may examine all event participants. In the framework of such examination the BKA or LKA may request data such as name, company/organization and function from the organizer.
In the case of incidents, disorder, emergencies and crises the data of participants may also be transmitted to the police, law enforcement authorities, the fire brigade and ambulances, other public authorities (such as the Health Office (Gesundheitsamt)).
In addition, data are passed on to third parties for the purpose of performance of the contract. These are the following partners who are own controller within the meaning of the GDPR: Transport companies, courier services, postal services (for orders), banks, credit institutions and payment service providers (for payments) as well as, in the legitimate interest of the Messe Berlin in solvency to credit rating companies.
A disclosure of data to authorities and public bodies may occur if Messe Berlin is legally obliged to do so, be it due to laws and regulations (e.g., supervisory authority procedures) or due to a court order, resolution, judgement and the like. For compliance with tax and trade laws and regulations, the personal data are shared with the tax and other relevant public and regulatory authorities. The categories of recipients of the personal data also include courts and lawyers in the context of legal disputes, legal disputes as well as for the purpose of legal advice and furthermore auditors.
5. Data transfer to third countries
Some of the foreign representatives and processors are located in third countries outside the EU, which do not provide the same level of data protection as the EU, in particular due to the absence of a legal framework, independent supervisory authorities or data protection rights and remedies. Messe Berlin will only transfer personal data to those third countries if the European Commission has adopted a so-called adequacy decision in this respect (Art. 45 GDPR) or otherwise where appropriate safeguards in accordance with Art. 46 GDPR have been provided, in particular standard data protection clauses adopted by the European Commission pursuant to Art. 46 (2) (c) GDPR and, where necessary, supplementary measures. A copy of the safeguards can be obtained upon request (e.g., by e-mail – for contact details see section 1 above).
With regard to the transfer of data to foreign representations, other participants and external service providers, the transfer is necessary for the performance of the contract (Art. 49 (1) (b/c) GDPR); otherwise, it takes place on the basis of explicit consent despite the lack of adequate data protection in the third countries outside the EU and the associated risks (Art. 49 (1) (a) GDPR).
6. Storage period
Stored personal data will be erased once they are no longer needed for achieving the relevant purpose of their processing. In so far as the processing takes place on the basis of consent or a legitimate interest of Messe Berlin, the data in question will no longer be processed for the purpose in question, and where appropriate, erased after receipt of the revocation of consent or objection to the processing, unless the conditions for a statutory exception are met. Notwithstanding the foregoing, personal data which are subject to retention obligations under commercial or tax laws will only be deleted after the expiry of the statutory retention periods (generally 6 or 10 years). Documentation of given consent will be stored for a maximum of three years after the date on which the consent is withdrawn or otherwise becomes invalid.
7. Data protection rights
To exercise the following rights, data subjects can contact the controller at any time (contact details see section 1 above).
Rights of the data subjects pursuant to Art. 12-21 GDPR: the right to access personal data, the right to rectification, erasure and data portability as well as to restriction of processing. If consent has been given, this can be withdrawn at any time with effect for the future.
Rights of objection
If the processing is based on legitimate interests, there is the right to object to the processing of personal data for reasons relating to the particular situation.
Furthermore, there is the right to object to the processing and use of data for advertising purposes at any time. The newsletters also include an unsubscribe link.
If data subjects are of the opinion that the data processing violates data protection law, they have the right to lodge a complaint with the competent supervisory authority of their choice (Art. 77 GDPR).