Data Protection Policy
Data protection at a glance
The protection of your data and your privacy rights when collecting, processing and using your personal data is an important issue for us. Complying with the statutory provisions regarding data protection is therefore a natural part of our business. This document is intended to provide a brief outline of how we protect your data and what this means for you when you use our (online) services.
Normally, we collect personal data when you contact us, e.g. visit our fairs, use our online portal and services or visit our websites. This document provides you with information about your rights and the data processing carried out by Messe Berlin. Please do not hesitate to contact us in person if you have any further queries regarding data protection.
Messe Berlin GmbH carries out the data processing on our websites.
Telephone: +49 3038 0
The responsible body is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses etc.).
One way in which we obtain your data is if you give them to us. This could be data that you provide in a contact form, for example. Other data are automatically collected when you visit the websites via our IT systems. This particularly includes technical data (e.g. internet browser, operating system or time of visiting the page). These data are collected automatically as soon as you access our websites.
Some data are collected to ensure that we provide our websites free of errors. Other data could be used to analyse your user behaviour or to enable us to fulfil our contractual obligations towards you.
Generally, we process data on the basis of the following legal bases:
- If you give us your express consent (Art. 6 (1) (a) GDPR), e.g. if you want us to contact you directly or if you subscribe to our newsletter.
- For performing our contractual duties (Art. 6 (1) (b) GDPR), e.g. if you place an order using our ticket shop.
- As a company, we are subject to various legal obligations (Art. 6 (1) (c) GDPR).
- We also process data on the basis of a legitimate interest pursued by us or third parties (Art. 6 (1) (f) GDPR). This includes data processing for the purposes of direct marketing and promotions and for the needs-oriented design of the website.
- If you apply for a job with us, we process your data for the purpose of creating an employment relationship (§ 26 (1) New German Federal Data Protection Act (New BDSG)).
We may disclose your data to Messe Berlin group companies or selected partner companies to enable us to process your data for the above purposes. Where necessary, we have concluded an order processing contract with the recipients. These services include e.g. ticketing, mailings, stand construction services and catalogue entries.
We may also disclose your data to third parties if this is necessary to perform our services. This could include the following partners: transport companies (for orders), credit institutions and payment service providers, credit checks.
We may also transfer data if we are obliged to transfer data to public bodies or if such transfer is the subject of a Court order.
Your browsing habits can be evaluated statistically when you visit our websites. This particularly happens using cookies and so-called analytics programmes. Your browsing habits are usually analysed anonymously; the browsing habits cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Please refer to our Data Protection Policy for details regarding this.
You can object to this analysis. We will provide you with information on how you can object in this Data Protection Policy.
You have the right to receive information regarding the origin, recipient and purpose of your stored personal data. You also have a right to request the correction, blocking or deletion of these data and a right to data portability. If you have given us you consent, you can revoke this with future effect. You can contact the data protection officer at any time about this and any other issues in relation to data protection. You also have the right to complain to the relevant supervisory authorities.
Data processing on our website
When you use our websites, various personal data are collected. Personal data are data that can be used to identify you personally. This Data Protection Policy sets out which data we collect and what we use them for. It also sets out how and for what purpose this happens.
Please note that data transfer over the internet (e.g. when communicating by email) may involve security breaches. It is not possible to completely protect data from being accessed by third parties.
The website provider automatically collects and stores information in so-called server log files that your browser automatically sends to us. This information is:
- type of browser and browser version
- operating system used
- referrer URL
- host name of the accessing computer
- time of the server request
- IP address
These data shall not be consolidated with other data sources.
The basis for the data processing is Art. 6 (1) (f) GDPR.
If you make enquiries using our contact form, we store your details from the enquiry form including any contact details you have provided for the purposes of processing the enquiry and in the event of any further related queries. We shall not disclose these data without your consent.
The data provided in the contact form shall be processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You may revoke this consent at any time. An informal notice by email is sufficient for this. The lawfulness of the data processing operations carried out before revocation shall remain unaffected by such revocation.
We shall retain the data you provide in the contact form until you ask us to delete it, revoke your consent to storage or the purpose for the data storage has lapsed (e.g. after your enquiry has been processed). Mandatory legal provisions – particularly retention periods – remain unaffected.
If you wish to receive the newsletter offered on our website, we need your email address and information that would allow us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data shall not be collected or shall only be collected if the data subject agrees. We use these data exclusively for the purpose of sending the requested information; we do not disclose this to third parties.
The data provided in the newsletter application form shall be processed exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). You may revoke your consent to store data and your email address and your consent to the use of the same for the purposes of sending the newsletter at any time by using the “unsubscribe” link in the newsletter. The lawfulness of any data processing operations that have already taken place shall not be affected by the revocation.
We store the data you have provided to us for the purpose of the newsletter subscription until you cancel the newsletter and delete it after unsubscribing from the newsletter. Data that we have stored for other purposes (e.g. email addresses for the member’s area) remain unaffected by this.
You can register to use our websites in order to use additional features on our sites. We only use the data provided for this purpose for the use of the respective services for which you have registered. The compulsory details requested during registration must be provided in full. If you fail to do this then we shall decline your registration.
We use the email address provided during registration to inform you about any significant changes such as changes to the range of services or technically necessary changes.
The data provided during registration shall be processed on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke any consent you have provided at any time. An informal notice by email is sufficient for this. The lawfulness of the data processing already carried out shall remain unaffected by such revocation.
We store the data collected during registration for as long as you are registered on our websites, after which time such data shall be deleted. Any legal retention periods are not affected.
Instead of registering directly on our website, you can register using Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you decide to register with Facebook Connect and click on the “Login with Facebook” or “Connect with Facebook” button, you will be redirected to the Facebook platform automatically. You can register with your user data here. By doing this, your Facebook profile will be linked with our website. This link enables us to gain access to your data stored on Facebook. This particularly includes:
- Facebook name
- Facebook profile picture and cover picture
- Facebook cover picture
- Email address stored by Facebook
- Facebook ID
- Facebook friends list
- Facebook likes
- Date of birth
These data are used for setting up, providing and customising your account.
Data are processed on the basis of your consent (Art. 6 (1) (a) GDPR).
For the comments function on our websites, details of the time your comment was made, your email address and, unless you posted anonymously, your chosen username are stored in addition to your comment.
Our comments function stores the IP address of the user making comments. As we do not check comments on our websites before they are activated, we need these data so that we can take action in the event of legal infringements such as insults or propaganda against the author.
As a user of the website, you can subscribe to comments after registering. You will get a confirmation email to check whether you are the owner of the email address. You can unsubscribe from this feature at any time using the link in the information email. The data provided when subscribing to comments are deleted in this event; however, if you have given us these data for other purposes and in other places (e.g. newsletter subscription), we shall retain such data.
The comments and associated data (e.g. IP address) are stored and will be retained on our websites until the content that has been commented on has been completely deleted or the comments have to be deleted for legal reasons (e.g. defamatory comments).
The comments are stored on the basis of your consent (Art. 6 (1) (a) GDPR). You can revoke any consent you have provided at any time. An informal notice by email is sufficient for this. The lawfulness of the data processing operations already carried out shall remain unaffected by such revocation.
Websites sometimes use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies allow us to make our offer more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most cookies that we use are so-called “session cookies”. These are automatically deleted at the end of your visit. Other cookies remain on your device until you delete them. These cookies allow us to recognise your browser the next time you visit our website.
You can set your browser in such a way that you are informed about the placement of cookies and only allow cookies in individual cases, exclude cookies for specific events or generally, or automatically delete cookies when closing your browser. If you disable cookies, the functionality of our website may be limited.
Cookies that are necessary for carrying out the electronic communication operations or for providing specific features required by you (e.g. shopping basket feature) are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in storing cookies so that it can provide technically faultless and optimal services. If other cookies (e.g. cookies for analysing your browsing habits) are stored, these are dealt with separately in this Data Protection Policy.
Messe Berlin uses “social plugins”, technology that allows you to share certain content on social networks. In order to protect your privacy, we provide this social plugin as a so-called “2 click button”. The “2-click solution” prevents data from being transferred to social networks such as e.g. Facebook as soon as you access our website.
The buttons are deactivated by default and are only activated when you first click on the social plugin. The content of the plugin is transferred from Facebook, Twitter and Google directly to your browser and integrated into our website.
By clicking the social plugin for the second time, you can make full use of the features such as “recommend”.
This activation is stored in your browser for up to 8 weeks. You can deactivate the feature at any time by clicking the appropriate button or by deleting the cookies in your browser.
Please note the following points for the respective plugins:
Facebook plugins (like & share button)
Our websites may contain plugins from the social network Facebook (service provider: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). The Facebook plugins can be recognised by the Facebook logo or the “Like” button on our website. An overview of the Facebook plugins can be found at: https://developers.facebook.com/docs/plugins/.
When visiting our website, the plugin establishes a direct connection between your browser and the Facebook server. In this way, Facebook receives information that you have visited our website from your IP address. If you click on the Facebook “Like” while you are logged into your Facebook account, you can link the contents of our website to your Facebook profile. This enables Facebook to allocate your visit to our website to your user account. Please note that, as the website provider, we have no knowledge of the content of the transferred data or the use of such data by Facebook. Further information about this can be found in Facebook’s Data Protection Policy at: https://de-de.facebook.com/policy.php.
If you do not want Facebook to be able to allocate your visit to our website to your Facebook user account, please log out of your Facebook user account.
Features of the service provider Twitter may be associated with our website. These features are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “retweet” feature, the websites you have visited are linked to your Twitter account and are disclosed to other users. Data are also transferred to Twitter in this way. Please note that we as the service provider of the website obtain no knowledge about the content of the transferred data or the use of such data by Twitter. Further information about this can be found in Twitter’s Data Protection Policy at: https://twitter.com/privacy.
You can change your data protection settings with Twitter by going to your account settings athttps://twitter.com/account/settings.
Our websites may use Google+ features. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Collection and transfer of information. You can publish information worldwide using the Google+ button. You and other users obtain personalised content from Google and our partners using the Google+ button. Google also stores the information that you have provided as +1 content as well as information about the website that you viewed when clicking on +1. Your +1, together with your profile name and photo, may be displayed as a reference in Google services such as search results or in your Google profile, or in other places on websites and internet adverts.
Google records information about your +1 activities in order to improve Google services for you and others. In order to be able to use the Google+ button, you need a public Google profile that is visible worldwide and that must at least contain the name selected for the profile. This name will be used in all Google services. In some cases, this name may also replace another name you have used when sharing content via your Google account. The identity of your Google profile may be shown to users who know your email address or who have other information that identifies you.
Use of the collected information: In addition to the above purposes, the information you have provided is also used in accordance with the applicable Google Data Protection Policy. Google may publish summarised statistics on the +1 activities of users or disclose the same to users and partners such as publishers, advertisers or affiliated websites.
Features of the service provider Instagram may be associated with our website. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can link the content of our website to your Instagram profile by clicking the Instagram button. In this way, Instagram can allocate your visit to our website to your user account. Please note that we as the service provider of the website obtain no knowledge about the content of the transferred data or the use of such data by Instagram.
You can find further information about this in Instagram’s Data Protection Policy: https://instagram.com/about/legal/privacy/.
Our websites may use buttons for the service Tumblr. The provider is Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA.
These buttons allow you to share a post or a website with Tumblr or to follow the provider on Tumblr. If you access one of our websites using the Tumblr button, the browser will create a direct connection to the Tumblr servers. We have no control over the extent of the data that Tumblr collects and transfers using this plugin. Currently, the user’s IP address and the URL of the relevant website are transferred.
Further information about this can be found in Tumblr’s Data Protection Policy at: https://www.tumblr.com/policy/de/privacy.
Our website may use features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you access one of our websites containing LinkedIn features, a connection to the LinkedIn servers is created. LinkedIn will be informed that you have visited our websites using your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to allocate your visit to our websites to you and your user account. Please note that we as the service provider of the website have no knowledge about the content of the transferred data or the use of such data by LinkedIn.
You can find further information about this in LinkedIn’s Data Protection Policy at: https://www.linkedin.com/legal/privacy-policy.
Our websites may use features of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time you access one of our websites containing XING features, a connection to the XING servers is created. As far as we are aware, no storage of personal data takes place during this. In particular, no IP addresses are stored and user behaviour is not evaluated.
Further information regarding data protection and the XING share button can be found in the XING Data Protection Policy: https://www.xing.com/app/share?op=data_protection.
Our websites may use social plugins from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest").
If you access a website that contains such a Pinterest plugin, your browser will create a direct connection to the Pinterest servers. The plugin transfers protocol data to the Pinterest server in the USA. These protocol data may contain your IP address, the address of the visited website that also contains Pinterest features, the type of browser and browser settings, date and time of access, the way in which you use Pinterest and cookies.
Further information regarding the purpose, extent and further processing and use of the data by Pinterest and your associated rights and opportunities regarding the protection of your privacy can be found in the Pinterest Data Protection Policy. https://about.pinterest.com/de/privacy-policy.
We have integrated various analytics services from our websites. The services are used to collect information about your visit to our website so that we are able to check the functionality of our websites and make them more user-friendly. This data processing is purely statistical. Your IP address is therefore shortened to the last octet by default so that the previous personal user data are anonymised directly and cannot be attributed to any individual user.
Data are processed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its online services and its marketing.
The following analytics services are integrated into our website:
User behaviour is pseudonymised and evaluated on our websites to provide adverts that are tailored to your personal interests. Information is collected regarding your activities on the website (e.g. browsing habits, subpages visited, amount of time spent on the website, etc.). The data are not matched with the bearer of the pseudonym without your express agreement.
Our websites may use Google AdSense, a service for integrating Google Inc. (“Google”) advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google AdSense uses “cookies”, text files that are stored on your computer and allow the use of the websites to be analysed. Google AdSense also uses so-called web beacons (invisible graphics). Using these web beacons, information such as visitor traffic can be evaluated on these websites.
The information about the use of our websites and delivery of advertising formats obtained via cookies and web beacons (including your IP address) is transferred to and stored on a Google server in the USA. This information may be disclosed by Google to Google’s contractual partners. However, Google shall not consolidate your IP address with your other stored data.
You can prevent the installation of cookies by adjusting your browser settings accordingly; however, please note that in this case you may be unable to fully use all features of our websites. By using our websites you confirm that you agree to the processing of the data about you collected by Google in the aforementioned way and for the aforementioned purpose.
Google Analytics Remarketing
Our websites may use the Google Analytics Remarketing features in connection with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
This feature allows the target marketing groups created using Google Analytics Remarketing to be linked with the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-related and personalised advertisements tailored to you according to your previous usage and browsing habits on one device (e.g. mobile phone) can be shown even on another device (e.g. tablet or PC).
If you have provided the relevant consent, Google will link your web and app browser history with your Google account for this purpose. In this way the same personalised advertisements can be connected on all devices onto which you log in using your Google account.
To support this function, Google Analytics creates Google-authenticated IDs for the user that are temporarily linked to our Google Analytics data in order to define and create target groups for cross-device advertising.
You can object to cross-device remarketing / targeting permanently by deactivating personalised adverts in your Google account; click on this link to do this: https://www.google.com/settings/ads/onweb/.
You can find further information and the data protection provisions in Google’s Data Protection Policy at: https://www.google.com/policies/technologies/ads/.
Google AdWords and Google Conversion-Tracking
Our websites may use Google AdWords. AdWords is an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).
With regard to Google AdWords, we use so-called conversion tracking. If you click on an advert delivered by Google, a cookie is set for conversion tracking. Cookies are small text files placed on the user’s computer by the internet browser. These cookies expire after 30 days and are not used to identify the user personally. If the user visits certain pages on our websites and the cookie has not yet expired, both we and Google can see that the user has clicked on the advertisement and been redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via AdWords customers’ websites. The information gathered using the conversion cookies is used to produce conversion statistics for AdWords customers who have selected conversion tracker. Customers can see the total number of users who have clicked on their advertisements and been redirected to a website with a conversion tracking tag. However, they are not provided with any information that allows the user to be identified personally. If you do not wish to be included in tracking, you can easily object to this use by deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
Further information on Google AdWords and Google conversion tracking can be found in Google's Data Protection Policy: https://policies.google.com/privacy?hl=en.
You can set your browser in such a way that you are informed about the placement of cookies and only allow cookies in individual cases, exclude cookies for specific events or generally, or automatically delete cookies when closing your browser. If you disable cookies, the functionality of our website may be limited.
In order to evaluate conversions, our websites may use the visitor promotion pixel provided by Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
This allows the website visitor’s behaviour to be tracked after they have been redirected to the provider’s website by clicking on a Facebook advertisement. In this way, the effectiveness of the Facebook advertisement can be evaluated for statistical and market research purposes and future advertising strategies can be optimised.
The collected data are anonymous for us as the operator of our websites; we cannot trace the identity of the user. However, the data are stored and processed by Facebook so that it is possible for there to be a connection to the relevant user profile. Facebook may use the data for its own marketing purposes in accordance with the Facebook policy on data use. In this way, Facebook is able to link advertisements on Facebook pages and outside of Facebook. As the website operator, we are unable to control this use of data.
You can find further information regarding the protection of your privacy in Facebook’s Data Protection Policy: https://www.facebook.com/about/privacy/.
You can also deactivate the “custom audiences” remarketing feature in the advert settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be registered with Facebook to be able to do this..
If you do not have a Facebook account, you can deactivate Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/.
Our websites may use plugins from YouTube, a website operated by Google. The operator of the websites is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our websites that is equipped with a YouTube plugin, a connection is made to the YouTube servers. This provides the YouTube server with details regarding which of our websites you have visited.
If you are logged into your YouTube account, you enable YouTube to allocate your browsing habits directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interests of the effective presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) DSGVO.
You can find further information about handing user data in YouTube’s Data Protection Policy.
Our websites may use plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our websites that is equipped with a Vimeo plugin, a connection is made to the Vimeo servers. This provides the Vimeo server with details regarding which of our websites you have visited. Vimeo also obtains your IP address. This also applies if you are not logged into Vimeo or if you do not have a Vimeo account. The information collected by Vimeo is transferred to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to allocate your browsing habits directly to your personal profile. You can prevent this by logging out of your Vimeo account.
You can find further information about handing user data in Vimeo’s Data Protection Policy.
Google Web Fonts
This website may use so-called web fonts provided by Google to ensure the consistent presentation of fonts. When you access a website, your browser downloads the required web fonts in your browser’s cache to present text and fonts correctly.
For this purpose, your browser must contact the Google servers. This lets Google know that our websites have been accessed via your IP address. Google Web Fonts is used in the interests of a uniform and effective presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) DSGVO.
If your browser does not support Web Fonts, a standard font from your computer will be used.
Our websites may use the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Your IP address needs to be stored in order to use the Google Maps features. This information is generally transferred to a Google server in the USA and stored there. The provider of this website has no control over this data transfer.
Google Maps is used in the interests of the effective presentation of our online services and enables the places specified on the websites to be located easily. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) DSGVO.
You can find further information about handling user data in Google’s Data Protection Policy.
This website uses SSL or TLS encryption for security reasons and in order to protect the transfer of confidential content, such as orders or enquiries that you send to us as the website operator. You can see if the connection is encrypted if the browser’s address bar changes from “http://” to “https://” and the padlock symbol is shown in your browser bar.
If SSL or TLS encryption is enabled, the data you transfer to us cannot be viewed by third parties.
If you are obliged to let us have your payment details (e.g. account number for direct debit authorisation) after the conclusion of a contract involving a payment, these data shall only be used for processing payments.
Payment using common means (Visa / MasterCard, direct debit) shall only take place over an encrypted SSL or TLS connection. You can see if the connection is encrypted if the browser’s address bar changes from “http://” to “https://” and the padlock symbol is shown in your browser bar.
Using encrypted communication, your payment details that you transfer to us cannot be viewed by third parties.