Privacy Policy

You find our Data Security Enquiry Form here

Data Privacy Statement

Please find below our statement on the processing of personal data by our company in accordance with the legal requirements, especially with the EU General Data Protection Regulation (GDPR - available at here).

Contents:

I. General Information

Definition of main terms

Scope of validity

Controller

Data protection officer

II. Itemisation of data processing operations

1. General information about the data processing operations
2. Accessing our services
3. Newsletter subscriptions
4. Application for DLD conferences
5. Participating in DLD conferences
6. Tracking
7. Youtube and Flickr
8. Side Events

III. Rights of data subjects

1. Right to object
2. Right of access
3. Right to rectification
4. Right to erasure ("right to be forgotten")
5. Right to restriction of processing
6. Right to data portability
7. Right to withdraw consent
8. Right to lodge a complaint

I. General information

This section of the privacy statement contains information on the scope of validity, the person responsible for data processing, the data protection officer and data security. It also begins with a list of definitions of important terms used in the data privacy statement.

1. Definition of main terms

Browser: Computer program used to display websites (e.g., Chrome, Firefox, Safari)

Cookies: Text files which the web server places on the user's computer by means of the browser which is used. The stored cookie information may contain both an identifier (cookie ID) for recognition purposes and content data, such as login status or information about websites visited. The browser sends the cookie information back to the web server with each new request upon subsequent repeat visits to these sites. Most browsers accept cookies automatically. Cookies can be managed using the browser functions (usually under "Options" or "Settings"). The storage of cookies may be disabled in this way or it may be made dependent on the user’s approval in any given case or otherwise restricted. Cookies may also be deleted at any time.

Third countries: Countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

Personal data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Services: Our offers to which this data privacy statement applies (cf. Scope of validity).

Tracking: The collection of data and their evaluation regarding the behaviour of visitors in response to our services.

Tracking technologies: Actions can be tracked either via the activity records (log files) stored on our web servers or by collecting data from end devices via pixels, cookies or similar tracking technologies.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pixel: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is downloaded from a server on the Internet and the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually carried out by calling up a small program (JavaScript). Certain types of information can be detected on your computer system in this way and shared, such as the content of cookies, the time and date of the visit, and a description of the page on which the tracking pixel is located.

2. Scope of validity

This data privacy statement applies to the following offers:

 - our website www.dld-conference.com or www.dld.co

 -  whenever reference is made to this data privacy statement from one of our offers (e.g., websites, subdomains, mobile applications, web services or integrations in third-party websites), regardless of the way in which it is accessed or used.

All these offers are also collectively referred to as "services".

3. Controller

The following party is responsible for the processing of data in relation to the services, i.e., this is the person who determines the purposes and means of processing personal data:

DLD Media GmbH
Arabellastr. 23
81925 Munich
Tel.: 049/899250-1111 or -3549
email: info@dld-confernce.com

4. Data protection officer

Our data protection officer can be contacted under the data given in I. 3. for the attention of the data privacy department or via dataprivacy@dld-conference.com.

 

II. Itemisation of data processing operations

This section of the data privacy statement contains detailed informati,on about the processing of personal data in the context of our services. The information is subdivided for greater clarity into certain functions in connection with our services. In case of the normal use of the services, different functions and therefore also different processing operations can be implemented consecutively or simultaneously.

1. General information about the data processing operations

The following applies to all the processing operations listed below, unless stated otherwise:

a. No obligation to provide personal data & consequences of failure to provide such data

The provision of personal data is not required by law or contract, and you are under no obligation to provide any data. We will inform you during the data entry process when personal information needs to be provided for the relevant service (e.g., by indicating "mandatory fields"). In cases where the provision of data is required, the consequence of not providing data will be that the service in question cannot be provided. Otherwise, failure to provide data may result in our inability to provide our services in the same form and quality.

b. Consent

In various cases, you may also grant us your consent to the further processing of data (or some of the data, where applicable) in connection with the operations listed below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all the procedures and the scope of the consent and about the purposes which we pursue in these processing operations. The processing operations based on your consent are therefore not listed again here (Art. 13, subs. 4, GDPR).

c. Transfer of personal data to third countries

When we send data to third countries, i.e., countries outside the European Union, the data are then transmitted strictly in compliance with the statutory conditions of admissibility.

If the transmission of the data to a third country does not serve the purpose of fulfilling our contract with you, if we do not have your consent, if the transmission is not required for the establishment, exercise or defence of legal claims, and if no other exemption applies under Art. 49 GDPR, we will only transmit your data to a third country if in possession of an adequacy decision pursuant to Art. 45 GDPR or appropriate safeguards under Art. 46 GDPR.

One of these adequacy decisions is the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the "EU-US Privacy Shield" for the USA. The level of data protection is generally considered to be appropriate according to Art. 45 GDPR for transfers to companies which are certified under the EU-US Privacy Shield.

Alternatively or additionally, safeguards under Art. 46 subs. 2 c) GDPR through the conclusion of the EU standard data protection clauses adopted by the European Commission with the receiving body provide appropriate safeguards and an adequate level of data protection. Copies of the standard EU data protection clauses are available on the website of the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en .

d. Hosting at external service providers

Our data processing work is carried out to a large extent with the involvement of hosting service providers who provide us with storage space and processing capacities at their data centres and who also process personal data on our behalf according to our instructions. It may be the case that personal data are transmitted to hosting service providers in respect of all of the functions listed below. Our service provider processes data exclusively in Germany based on the standard EU data protection clauses (cf. subsection

e. Transmission to government authorities

We send personal information to government authorities (including law enforcement agencies) when required to fulfil a legal obligation to which we are subject (legal basis: Art. 6, subs. 1 c), GDPR) or when it is necessary for the assertion, exercise or defence of legal claims (legal basis: Art. 6, subs. 1 f), GDPR).

f. Period of storage

The time specified in the "period of storage" paragraph indicates how long we use the data for the purposes in any given case. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continued processing and storage are required by law (in particular, because it is necessary to fulfil a legal obligation or for the establishment, exercise or defence of legal claims) or unless you grant us extended consent.

g. Data categories

The category names listed below are used for specific types of data in the following sections:

• Account data: Login/user ID and password
• Personal master data: Title, salutation/gender, forename, surname, date of birth
• Address data: Street, house number, additional address lines (where applicable), postcode, city, country
• Contact data: Telephone number(s), fax number(s), email address(es)
• Login data: Information about the service via which you logged on; times and technical information on login, authentication and logout; data entered by you when logging on
• Purchase order data: Ordered products, prices, payment and delivery information
• Payment data: Account information, credit card details, data for other payment services such as PayPal
• Press mailing list usage data: Accreditation subject, accreditation time, approval of usage restriction/consent form, downloads of press materials
• Newsletter user profile data: Opening of newsletter (date and time), contents, selected links, as well as the following information relating to the computer system accessing the newsletter: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information.
• Access data: Date and time of visit to our service; the page from which the system accessed our site; pages visited during the session; session identification data (session ID), as well as the following information relating to the computer system accessing the service: Internet Protocol address used (IP address), browser type, browser version, device type, operating system and similar technical information.

2. Accessing our services

The passages below set out how your personal data are processed when you access our services (e.g., loading and viewing the website, opening the mobile website). We would point out, in particular, that it is impossible not to send access data to external content providers (cf. subsection b.) due to the technical processes involved in transmitting information over the Internet. The third-party providers are themselves responsible for the privacy-compliant operation of the IT systems which they use. The service providers are required to decide how long the data will be stored.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category	Intended purposes	Legal basis	Legitimate interest, where applicable	Storage period
Access data	Establishing connection, presenting contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis	Art. 6, subs. 1 f), GDPR	Proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference in information systems	4 weeks

 

b. Recipients of personal data

Recipient category	Data concerned	Legal basis	Legitimate interests, where applicable
External content providers who provide content which is needed to display the service (e.g., images, videos, embedded postings from social networks, banner ads, fonts, update information)	Access data	Art. 6, subs. 1 f), GDPR; in case of transmission to the USA also Art. 45 GDPR in conjunction with the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the "EU-US Privacy Shield”	Proper functioning of services, (accelerated) display of content
IT security service providers	Access data	Art. 6, subs. 1 f), GDPR	Prevention of attacks through exploitation of security gaps / vulnerabilities

 

3. Newsletter subscriptions

The tables below show how your personal data are processed when you subscribe to a newsletter:

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category	Intended purposes	Legal basis	Legitimate interest, where applicable	Period of storage
Email address	Verification of the application (double opt-in procedure), sending of the newsletter	Art. 6, subs. 1 b), c) GDPR, in case of transmission to the USA also Art. 45 GDPR in conjunction with the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the "EU-US Privacy Shield”		Duration of newsletter subscription + 4 years
Personal master data	Personalisation of newsletter	Art. 6, subs. 1 b), GDPR, in case of transmission to the USA also Art. 45 GDPR in conjunction with the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the "EU-US Privacy Shield”		Duration of newsletter subscription
Login data	Traceability of newsletter registration / confirmation / deregistration	Art. 6, subs. 1 b), c), f), GDPR, in case of transmission to the USA also Art. 45 GDPR in conjunction with the Commission Implementing Decision (EU) 2016/1250 of 12.07.2016 on the "EU-US Privacy Shield”	Proof of successful newsletter registration / confirmation / deregistration	Duration of newsletter subscription + 4 years

 

b. Recipients of personal data

Recipient category	Data concerned	Legal basis	Data transfer to third country?	Adequacy decision, where applicable (Art. 45 GDPR)
Newsletter distribution service providers	All data listed in 2.a.	Processing on behalf of a controller (Art. 28 GDPR)	Yes, USA	Commission Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Data Protection Shield" ("Privacy Shield")

 

 

4. Application for DLD conferences and myDLD account

The tables below set out how your personal data are processed in connection with an application process for your participation for one of our DLD conferences.

Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage.

Data category	Intended purposes	Legal basis	Legitimate interests, where applicable	Period of storage
contact data(email and name) personal data (gender, city, country, company, job title) application text	provided data is used by DLD to make decisions on a requested invitation to a DLD conferences	Art. 6, subs. 1 b), GDPR		5 years mandatory
My DLD account (emailadress and password)	provided data is used to run account and enable ticketing for owner of the account	Art. 6, subs. 1 b), GDPR		duration of subscription + 4 years

 

5. Participation in DLD conferences

The tables below set out how your personal data are processed in connection with your participation in one of our DLD conferences.

a. Purposes of data processing, legal basis, legitimate interests (where applicable), and period of storage

Data category	Intended purposes	Legal basis	Legitimate interest, where applicable	Period of storage
(a) pictures (conference (mood) pictures (b) contact data (c) personal data	Participant registration, access control to conference venue, picture coverage of conference, basic statistics, speaker presentation	a)-c)Art. 6, subs. 1 b) and 1f) GDPR	marketing purpose, documentation purpose,	5 years
In case of participation as a speaker: name, biography (as provided by you), photo, appearance at conference (video/audio)	marketing and documentation of DLD conferences	Art. 6 subs. 1 b), f) GDPR	marketing purposes

 

b.  Recipients of personal data

Recipient category	Data concerned	Legal basis	Legitimate interests, where applicable
(a) Payment and ticketing service provider (XING SE)	(b) ticket category, personal data (name, company, title), contact data (emailadress)	(c) Data Processing (Art. 28 GDPR)

 

6. Tracking

The passages below explain how your personal data are processed with the help of tracking technologies to analyse and optimise our services and to serve promotional purposes.

The explanation of the tracking methods also includes information on how to prevent or object to the processing of data.

Please note that this "opt-out” request, i.e., denial of consent to processing, is usually stored via cookies. If you use our services on a new end device or in a different browser, or if you have deleted the cookies set by your browser, you will need to reconfirm the refusal of consent.

The tracking methods presented here will only process personal data in pseudonymous form. No connection is made with a specific, identified natural person, i.e., the data are not merged with information which would reveal the identity of the person behind the pseudonym.

a. Tracking for the analysis and optimisation of our services and their use

(1) Purpose of processing

The analysis of user behaviour by means of tracking helps us to check the effectiveness of our services, to improve and adapt them to the needs of the users, and to correct errors. It also allows us to produce statistics on the use of our services (reach, intensity of use, surfing habits of users) – on the basis of uniform standard procedures – and thereby to obtain comparable figures across the market.

(2) Legal basis of processing

In cases where we provide services under a contract, the tracking and the associated analysis of user behaviour are carried out in order to fulfil our contractual obligations. The legal basis for this processing of personal data is Art. 6, subs. 1 b), GDPR. The evaluation of information obtained through tracking is necessary in order to optimise the provision of services according to the contractual purpose and to ensure the greatest possible benefit for you.

Otherwise, i.e., in cases where services are not connected with a contract, the legal basis for this processing of personal data is Art. 6, subs. 1 f), GDPR. We hereby pursue the legitimate interest in providing attractive services as efficiently as possible on the basis of the information gained through tracking and marketing them in the best possible way.

(3) Explanation of individual tracking methods

 

Google Maps

Name of tracking method	Purpose of tracking	Processing of personal data	Legal basis	Data transfer to third country?	Option to prevent processing (opt-out)	Adequacy decision, where applicable (Art. 45 GDPR)
Google Maps is a service by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland	The service allows a more appealing presentation of our online offers and provides users with an easier way to locate places we refer to on our websites.	In order to display the map material, Google processes technically necessary data for this purpose, such as GPS location data, IP address, sensor data from your device, information about objects near your device, such as WLAN access points, radio masts, and Bluetooth enabled devices.	The legal basis for this data processing is Art. 6 Para. 1 b) DSGVO, since the IP address is required in order to be able to provide you with the desired service. By using Google Maps, the user enters directly into a usage relationship with Google. Further information on data processing by Google can be found in Google’s privacy policy.	Yes, USA	Google LLC is responsible for further data processing. For more information on how Google uses your data, please follow this link.	Commission Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Data Protection Shield” (“Privacy Shield”)

 

Google Analytics

Click here to opt-out of Google Analytics

Name of service	Name of tracking method	Mode of operation	Option of preventing processing (opt-out)	Data transfer to third country?	Adequacy decision, where applicable (Art. 45 GDPR)	Appropriate guarantees, where applicable (Art. 46 GDPR)
Google Analytics Our services use Google Analytics, a web analysis service of Google LLC ("Google"). Google Analytics uses cookies that enable an analysis of your use of the website.	We use Google Analytics including the functions of Universal Analytics. Universal Analytics allows us to analyze the activities on our services across devices (e.g. for access via laptop and later via a tablet). This is made possible by the pseudonymous assignment of a user ID.	The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. We have also added the code "anonymizeIP" to our Google Analytics services. This guarantees the masking (shortening of the last eight digits) of your IP address, so that all data is collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the services, to compile reports on activities within the framework of the services and to provide us with further services associated with the use of the services and the Internet. The data transferred and linked to cookies or user IDs will be deleted after 26 months. Data whose retention period has been reached is automatically deleted once a month.	You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our services. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link. This plugin is provided by Google; please note that we cannot verify or control its functionality. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking this link. An opt-out cookie is set that prevents future collection of your data when you visit the services. The opt-out cookie is only valid in this browser and only for the respective website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all used systems.>Google’s privacy policy.	Yes, USA	Commission Decision (EU) 2016/1250 of 12.07.2016 on the so-called "EU-US Data Protection Shield" ("Privacy Shield").	Commission Decision (EU) 2016/1250 of 12.07.2016 on the so-called “EU-US Data Protection Shield” (“Privacy Shield”)

7. Youtube and Flickr

Our pages refer by links to the pages of the social networks YouTube and Flickr. We operate a DLD site on each of this platforms. The individual pages can be reached by clicking on the thumbnail of the video or photo. If you click on the links to Flickr or Youtube, you will be redirected to the external site of this network provider. If you are also logged in as a member of the social network you are visiting, the operator of the social network can assign the visit to our site to your respective user account. If you do not want the social networks to collect and store information about your visit to our website, you must log out of your respective user account on these social networks before clicking on the videos or photos on our site.

For Youtube DLD uses the YouTube API Services. You may find more information concerning YouTube API Services here: Terms of Service, Google Security Setting page

8. Side Events

During a DLD conference side events, which are organized in collaboration with our partners, take place. In order to invite our participants to a suitable side event, we may share their name, employer and position with the partner. We base this processing on the GDPR Regulations, Article 6.1 f). With each partner we are jointly responsible for the data processing. We pursue a legitimate interest in providing our participants with suitable offers for side events for the duration of the conference. You can assert your rights against us, such as an objection to this data processing, by using the enquiry form below.

 

III. Rights of data subjects

1. Right to object

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing with future effect, which includes profiling to the extent that it is related to such direct marketing.

You also have the right, at any time with future effect and for reasons relating to your particular situation, to object to the processing of personal data concerning you which is based on Art. 6, subs. 1 e) or f), GDPR, including profiling based on these provisions.

The right to object may be exercised free of charge. In order to be able to process your request faster, please preferably use the form available at the following link: Dataprivacy

2. Right of access

You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the other information listed in  .

3. Right to rectification

You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. Right to erasure ("right to be forgotten")

You have the right to obtain from us the erasure of personal data concerning you without undue delay if one of the reasons listed in Art. 17, subs. 1, GDPR is applicable and the processing operations are not required for one of the purposes approved in Art. 17, subs. 3, GDPR.

5. Right to restriction of processing

You are entitled to obtain from us the restriction of the processing of personal data if one of the conditions laid down in Art. 18, subs. 1 a) to d), GDPR is met.

6. Right to data portability

Under the conditions set out in Art. 20, subs. 1, GDPR, you have the right to receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance on our part. In exercising your right to data portability, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.

7. Right to withdraw consent

If the processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority responsible for our company. The supervisory authority responsible for our company is:

Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, http://www.lda.bayern.de

Enquiry Form