Data Protection Regulation (GDPR) for visitors
Information pursuant to the EU General Data Protection Regulation (GDPR) for users of the online ticket shop
Mobile Seasons GmbH, a member of Messe Berlin GmbH group, attaches great importance to data protection. This information notice informs about the processing of the personal data in connection with the ticket sale and supplements the Data Protection Policy of Mobile Seasons GmbH, which you can find at https://www.de.droidcon.com/. For particular processing activities, there will be separate information notices, where necessary.
1 Controller and data protection officer
Controller within the meaning of the General Data Protection Regulation (GDPR): Mobile Seasons GmbH, Messedamm 22, 14055 Berlin, Germany, e-mail: email@example.com
Data protection officer: group data protection officer: Messe Berlin GmbH, Messedamm 22, 14055 Berlin, Germany, e-mail: firstname.lastname@example.org).
Mobile Seasons GmbH is the controller and service provider responsible for data storage and processing. If you have any queries, requests, or comments on the subject of data protection, please contact the Data Protection Officer of Messe Berlin by e-mail: email@example.com.
2 Categories and sources of personal data
When using the ticket shop, users are asked to enter their e-mail addresses and certain personal data. For verification of the specified e-mail address, the user receives a confirmation code by e-mail, which must be entered in the registration mask in order to continue the ordering process. Providing the data enables to execution of the ticket purchases and other benefits, such as the later personalization, modification, or re-download of the tickets. The following categories of data are collected during the ordering process: e-mail address, title, salutation, first name, surname, company if applicable, language and address, and further optional information. In addition, the payment processing for the online ticket requires the mandatory provision of payment data.
The tickets are personalized (i.e., provision of the name) of the purchased ticket is required. When users register or purchase a ticket for another person (third party) or provide a third party’s data (e.g., contact details of a contact person) users ensure and assure that they are authorized to provide these data to Mobile Seasons GmbH and that Mobile Seasons GmbH may lawfully process those data for the purposes mentioned in section 3 below and that the third party/ies concerned have been sufficiently informed by the users about the processing of the personal data pursuant to this notice.
3 Purposes and legal basis of processing
a. Performance of the contract
Mobile Seasons GmbH process the personal data pursuant to section 2 for the establishment and execution of the contractual relationship with Mobile Seasons GmbH (legal basis: Art. 6 (1) (b) GDPR). The payment processing of the ticket purchase is based on the performance of the contract. Users can thereby select various payment service providers who directly collect and process personal data during the ordering process. The respective payment service provider is responsible for the processing of the payment data. Ticket dispatch also is based on the legal basis of performance of a contract pursuant to Art. 6 (1) (b) GDPR. The tickets will be e-mailed to the users so that the tickets can either be printed, saved as a file on a mobile device, or used as a wallet entry as proof of purchase on-site.
Mobile Seasons GmbH process the personal data to remind the personalization and printing out the ticket(s) already purchased before the event begins. The legal basis is the legitimate interest of Mobile Seasons GmbH in allocating the valid ticket to the correct person (identification purpose) and thus ensuring smooth admission to the event (Art. 6 (1) (f) GDPR).
b. Payment methods and Credit check
For payment processing you can choose different payment methods: Credit/Debit, Pay by Sepa Direct Debit and Pay by SOFORT Überweisung. In order to offer you these different methods, Mobile Seasons GmbH cooperates with different payment service providers who collect and process your personal data during the ordering process. The payment service provider bears the responsibility for your payment data. The processing of the payment data takes place for the fulfilment of your agreement with us, the legal basis being in accordance with art. 6 para. 1 letter b) GDPR.
If users choose an electronic payment method, a credit check will be carried out. During this process, a payment service provider processes the personal data for the purpose of checking the solvency in order to avoid non-payment. The legal basis is the legitimate interest of Mobile Seasons GmbH (Art. 6 (1) (f) GDPR). If the credit check is negative, another payment option must be arranged and agreed upon.
c. Lead tracking service and transmission
Mobile Seasons GmbH offers all attendees a lead tracking service. This service enables the sponsors and attendee to scan the badge of other attendees and thus obtain their contact information similar to the exchange of business cards. In this case, the attendee will receive the following data of the ticket holder for the purpose of contacting by e-mail and electronic marketing for their own products and services: company name, title, first and last name, position, country, e-mail address. The data is only collected at personal request. By giving permission to scan the ticket (badge), consent is given to pass on the data. The processing takes place on the basis of the consent of the user (legal basis: Art. 6 (1) (a) GDPR). This may also include attendees based outside the EU and therefore outside the scope of the GDPR. This consent insofar also extends to the transfer of your personal data to a third country (see section 5).
d. Contact for information and advertising purposes by companies of the Mobile Service GmbH group and newsletter registration
Furthermore, we use your personal data for the purpose of contacting you in order to provide you with information accompanying the droidcon and information on subsequent events. Subsequent events also include other events organized or held by Mobile Seasons GmbH or any other affiliated company in Germany and abroad. In particular, we will use the email addresses of the ticket users to offer them the subscription to our “droidcon Newsletter” and access to the “Droidcon Community Platform”. For these purposes, we also forward your data to other companies of Messe Berlin GmbH group. This is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. The justified interest lies in the optimal support of our customers during and after the droidcon and the promotion of identical and similar products from the event portfolio of the Messe Berlin GmbH group. Please note that you are entitled to this right of objection (see below “Your Rights”).
e. Statistical purposes, PR and Surveys
We use some of the requested information especially your gender for statistical purposes and for our public relations work. They are used for the optimal further development of the droidcon and informing the public about the composition of our visitors. The basis for this processing is the legitimate interest of Mobile Seasons GmbH (Art. 6 para. 1 sentence 1 lit. f) GDPR in optimally organizing its events and in satisfying the public’s interest in the information. Please note that you are entitled to this right of objection (see below “Your Rights”).
We regularly invite our visitors to participate in voluntary and anonymous online surveys in order to continuously improve our products and services and adapt them to their needs. In doing so, we will use the data provided in the ticket purchase process (Section 2.4) to contact our visitors. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR. Please note that you are entitled to this right of objection (see below “Your Rights”).
If you have given us your consent within the scope of the online survey, we process your personal data on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR. Please note that you are entitled to this right of revocation (see below “Your Rights”).
Our ticket shop is managed by a service provider, pretix, a product of rami.io GmbH, Markgräfler Straße 16, 69126 Heidelberg, Deutschland, (“pretix”), with whom we have entered into a data processing agreement.
The dispatch of the tickets takes place by email and is carried out by pretix. The legal basis for this is the fulfillment of the agreement in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR.
4. Categories of recipients of the data
Besides the use of an external ticketing platform provider, Mobile Seasons GmbH might assign other external service providers to carry out certain processing activities (in particular lead tracking service, for an event app, event platform, communication activities, hosting, IT support), which process the personal data on behalf of Mobile Seasons GmbH (so-called “processors”).
Insofar as persons subject to particular personal protection by the Federal Criminal Police Office (Bundeskriminalamt – BKA) or the Federal State Criminal Police Office (Landeskriminalamt – LKA) (for example, constitutional organs such as the Federal President of the Federal Government or foreign guests) participate in events, the BKA or LKA may examine all event participants. In the framework of such examination, the BKA or LKA may request data such as name, company/organization, and function from the organizer.
In the case of incidents, disorder, emergencies, and crises the data of participants may also be transmitted to the police, law enforcement authorities, the fire brigade and ambulances, other public authorities (such as the Health Office (Gesundheitsamt)).
In addition, data are passed on to third parties for the purpose of the performance of the contract. These are the following partners who are own controllers within the meaning of the GDPR: Transport companies, courier services, postal services (for orders), banks, credit institutions, and payment service providers (for payments) as well as, in the legitimate interest of the Mobile Seasons GmbH insolvency to credit rating companies.
Disclosure of data to authorities and public bodies may occur if Mobile Seasons GmbH is legally obliged to do so, be it due to laws and regulations (e.g., supervisory authority procedures) or due to a court order, resolution, judgment, and the like. For compliance with tax and trade laws and regulations, the personal data are shared with the tax and other relevant public and regulatory authorities. The categories of recipients of the personal data also include courts and lawyers in the context of legal disputes, legal disputes as well as for the purpose of legal advice and furthermore auditors
5. Data transfer to third countries
Some of the foreign representatives and processors are located in third countries outside the EU, which do not provide the same level of data protection as the EU, in particular, due to the absence of a legal framework, independent supervisory authorities, or data protection rights and remedies. We will only transfer personal data to those third countries if the European Commission (“EU Commission”) has adopted a so-called adequacy decision in this respect (Art. 45 GDPR) or otherwise where appropriate safeguards in accordance with Art. 46 GDPR have been provided, in particular standard data protection clauses adopted by the EU Commission pursuant to Art. 46 (2) (c) GDPR and, where necessary, supplementary measures. A copy of the safeguards can be obtained upon request (e.g., by e-mail – for contact details see section 1 above).
With regard to the transfer of data to foreign representations, other participants, and external service providers, the transfer is necessary for the performance of the contract (Art. 49 (1) (b/c) GDPR); otherwise, it takes place on the basis of explicit consent despite the lack of adequate data protection in the third countries outside the EU and the associated risks (Art. 49 (1) (a) GDPR).
6. Storage period
Stored personal data will be erased once they are no longer needed for achieving the relevant purpose of their processing. In so far as the processing takes place on the basis of consent or legitimate interest of Mobile Seasons GmbH, the data in question will no longer be processed for the purpose in question, and where appropriate, erased after receipt of the revocation of consent or objection to the processing, unless the conditions for a statutory exception are met. Notwithstanding the foregoing, personal data which are subject to retention obligations under commercial or tax laws will only be deleted after the expiry of the statutory retention periods (generally 6 or 10 years). Documentation of given consent will be stored for a maximum of three years after the date on which the consent is revoked or otherwise becomes invalid.
7. Data protection rights
To exercise the following rights, data subjects can contact the controller at any time (contact details see section 1 above).
Rights of the data subjects pursuant to Art. 12-21 GDPR: the right to access personal data, the right to rectification, erasure, and data portability as well as to restriction of the processing. If consent has been given, this can be revoked at any time with effect for the future.
Rights of objection
If the processing is based on legitimate interests, there is the right to object to the processing of personal data for reasons relating to your particular situation. Furthermore, the processing of personal data and its use for marketing purposes can be objected to at any time.
Furthermore, there is the right to object to the processing and use of data for advertising purposes at any time. The newsletters also include an unsubscribe link.
If data subjects are of the opinion that the data processing violates data protection law, they have the right to lodge a complaint with the competent supervisory authority of their choice (Art. 77 GDPR in conjunction with section 19 of the German Federal Data Protection Act (Bundesdatenschutzgesetz).