Menu

Data Protection Information of Messe Düsseldorf GmbH
Last updated: 04/12/2024

1. General Information of Data Protection
2. Public Directory of Procedures
3. Cookies
4. Video surveillance at the exhibition centre
5. Data protection for special applications
6. Other visitor services
7. Sanctions List Screening
8. Additional information for using our app
8.1 Download of the app
8.2 App use
8.2.1 Functional capability of the app
8.2.2 Registration and “staying logged in”
8.2.3 Push notifications
8.2.4 My tickets
8.2.5 My recommendations
8.3 Cookies in the app
8.3.1 General
8.3.2 Cookies used in the app
8.3.3 Technically necessary cookies
8.3.4 Google Analytics 4
8.3.5 Matomo
8.3.6 Google Firebase
8.3.7. Use of the Usercentrics Consent Management Platform
8.4 Third-party data processing
8.4.1 Categories of recipients
8.4.2 Legal obligation for transmitting specific data
9. Candidate Management
10. Your rights as a data subject

1. General Information of Data Protection

This data protection information explains how personal data is handled, in particular how it is used, stored and protected, as well as the rights to which data subjects are entitled. The Messe Düsseldorf GmbH Internet portal is primarily a marketplace for doing business. Although much information is also available to anonymous users, it is sometimes necessary for us to require data from users, which can be either company-related or personal, in order for them to receive the desired services. Personal data is protected in our systems in accordance with internationally applicable data protection standards, the European Union's General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) (hereinafter referred to as "GDPR") and national data protection regulations. We want users to be able to rely on responsible and confidential treatment of their data.

Personal data will only be used for the purposes stated in this data protection information or purposes expressly declared at the time of subsequent data collection. This data protection information relates to data processing on our website as well as our trade fair-specific websites (including mobile application), our social media channels and any forms of communication used. It does not apply to other websites to which we merely refer via a hyperlink. Since we are not responsible for their information, we recommend that you carefully read the information on data protection there. Whenever content is requested from our website, personal data (e.g. name of the requested file, date/time, amount of data transferred) about this process is stored in a log file. We thus track user behaviour across the entire website. However, we do not combine this information with data about individual users without their prior express consent. We break down all usage statistics according to the user's domain name, browser type and the MIME type in which this information is read from the browser string (the information contained in each user's browser). We track and catalogue the search terms entered by users in search engines, but this tracking is never related to individual users.

Encryption procedures are used for the secure transmission of payment data. This means that the communication between the user's browser and our system cannot be read by other participants on the Internet.

2.Public Process Directory

2.1 Name of controller

Messe Düsseldorf GmbH

2.2 Management (legally representing controller)

Wolfram N. Diener (Chief Executive Officer of the Management Board)
Marius Berlemann
Bernhard J. Stempfle

2.3 Contact details of controller

Adresse: Messeplatz, Stockumer Kirchstraße 61, D-40474 Düsseldorf, Deutschland
Phone: +49 211 4560-01
Fax: +49 211 4560-66
E-Mail: info[at]messe-duesseldorf.de
Internet: https://www.messe-duesseldorf.de/

2.4 Contact details of the data protection officer

Data Protection Officer of Messe Düsseldorf GmbH
c/o migosens GmbH
Wiesenstr. 35
45473 Mülheim an der Ruhr
E-mail: dsb-messe-duesseldorf[at]migosens.net

2.5 Purpose of data collection, process ingoruse/legitimate interests of Messe Düsseldorf GmbH

The purpose of Messe Düsseldorf GmbH is to promote the economy by organising trade fairs and exhibitions in Germany and abroad, by organising or holding congresses and conferences, and by all activities connected with the trade fair, exhibition, congress, and conference business. The main focus of our activities is the organisation of trade fairs, which are aimed at narrowly defined target groups based on their respective professional orientation. To fulfil this purpose, we maintain trade fair and exhibition centres as well as congress and conference rooms, which we use for events or rent out for an appropriate fee. For this purpose, we process personal data of especially exhibitors, trade fair (trade) visitors, trade fair (general interest) visitors, journalists, service providers, suppliers, cooperation partners (or their respective employees, bodies, or other agents), as well as persons who are close to our company due to personal ties. The data processing of personal data is based either on consent (e.g. Article 6, Section 1 lit. (a) GDPR) of the data subject (in particular in the case of direct marketing measures by electronic means or in the case of photo and video use for advertising purposes) or on the basis of other permissions granted by the GDPR for the exercise of the declared purposes of the company, in particular for the implementation of our range of events, for the handling of business processes, for quality assurance and improvement of our trade fair events, including the provision of information to our customers (see item 2.6, categories A, B, F below) before and after an event and regarding subsequent events. In doing so, we pursue the legitimate interest of granting access to our trade events exclusively to visitors with a professional connection to the respective topic of the event in question. This serves to promote the quality of the professional exchange. Subsequent events may also be other events organised or held by us in Germany and abroad that have a thematic connection to the respective event.

Members of trade fair clubs additionally receive promotional information from partner companies via us on such offers that correspond to the stated interests.

Personal data will not be passed on to third parties for the purpose of advertising, unless this is part of our service provision. This is the case, for example, when scanning admission tickets (regardless of their form), exhibitor badges and press badges (admission tickets, exhibitor badges and press badges hereinafter collectively referred to as "badges"). The badges can be scanned by exhibitors, Messe Düsseldorf GmbH or other third parties (e.g. organizers of special forums). This is subject to the condition that the visitor, exhibitor or press representative allows the barcode on their badge to be scanned. The above-mentioned groups of persons thus decide independently on the disclosure of their personal data. The information contained on the badges, which is provided during registration, can be read upon presentation of the badge and stored and used for the own purposes of the exhibitor, Messe Düsseldorf GmbH or other third parties. If Messe Düsseldorf GmbH passes on your personal data to third parties in the context of scanning badges, you will be explicitly informed of this. In such a case, the data protection information of the third party shall apply under its own responsibility.

2.6 Description of the groups of persons concerned and the data or categories of data concerned

In order to fulfil the purposes mentioned under 2.5, the following personal data is collected, processed and used for each group of persons:

Group of personsDataCategory
Representatives of exhibiting companies Company data with addresses, contact persons and communication data, information on branch of industry, product data, contract and settlement data. A
Professional exhibition visitors (representatives of companies visiting trade exhibitions) Registration data such as company data with addresses, contact persons and communication data, if applicable indication of health status, the information whether or not a voucher has been redeemed and whether or not and whether or not it has actually been used to access the trade fair premises, information on branch of industry, product interests aswell as contract and billing data B
Exhibition visitors (public events without status as professional visitor) Name, address, communication data, exhibitor interests, payment data, the information whether or not a voucher has been redeemed and whether or not it has actually been used to access the trade fair premises C
Exhibitors of interest (potential new customers) Company data with addresses, contact persons and communication data, information on branch of industry, product data, interests D
Contact persons of suppliers, service providers, other business partners Company data or data of institutions with addresses, contact persons and communication data, information on products and services, contract and billing data E
Club Members Name, address, communication data, exhibition interests, payment data, personal data (date of birth, household income, purchasing behaviour) F

2.7 Recipients or categories of recipients to whom the data may be disclosed

  • Public bodies in the case of overriding legal provisions (category A-F) / legal basis for data transfer: Article 6, Sec. 1 lit. (c) GDPR
  • Companies of the Messe Düsseldorf Group (category A, B, C, F) / the data transfer takes place within the framework of commissioned processing pursuant to Article 28, GDPR
  • Companies/Entrepreneurs who acquire an exhibition event, company shares or assets from Messe Düsseldorf GmbH, or implementing partners of Messe Düsseldorf (category A-F) / Legal basis for data transfer: Article 6, Sec. 1 lit. (f) GDPR
  • Foreign representations, insofar as the residence of the person visiting the trade fair is abroad (category A, B, C, F) / the data transfer takes place within the scope of a commissioned processing according to Article 28 GDPR
  • Other processors of Messe Düsseldorf GmbH (category A-D, F) / the data transfer takes place within the scope of a commissioned processing pursuant to Article 28 GDPR
  • Service providers for services accompanying the trade fair, insofar as the person requests corresponding services from Messe Düsseldorf (category A-D, F) / Legal basis for data transfer: Article 6, Sec. 1 lit. (b) GDPR
  • Entrepreneurs who have issued visitor vouchers receive the visitor data (name, address, communication data) of the redeemed vouchers, insofar as this is contractually agreed (category B, C, F) / legal basis for the data transmission: Article 6, Sec. 1 lit. (f) GDPR
  • Sponsors or partners who contribute to the financing or other implementation of separate exhibition areas and/or exhibitions forms receive the visitor data (category A, B) / legal basis for data transmission: Art. 6 para. 1 lit. f GDPR;
  • In addition, we may offer exhibitors or other third parties the service of electronic use of the personal data of visitors, exhibitors and press representatives. This service is subject to the condition that the visitor, exhibitor or press representative authorizes the exhibitor, third party or Messe Düsseldorf GmbH to scan the barcode on their badge (see section 2.5.). The aforementioned persons thus decide for themselves whether their personal data stored on the badge is transferred to the exhibitor, the third party or Messe Düsseldorf GmbH (category A, B, C, F) / legal basis for data transfer: Article 6 para. 1 lit. a) GDPR.

In all cases listed above, the transfer of data serves the purposes listed in section 2.5.

2.8 Change of purpose

Your personal data will only be processed for purposes other than those described if this is permitted by law and/or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide all other relevant information.

2.9 Criteria for data deletion

In principle, all personal data are deleted as soon as they are no longer necessary for the purposes for which they were collected or otherwise processed. Deletion shall also take place in cases where data deletion is required by law and in cases where the data subject has withdrawn his or her consent to the processing of personal data relating to him or her or has lodged an objection thereto. This does not apply if and to the extent that, despite the withdrawal of consent or despite the objection to data processing, there is another legal basis or there are overriding legitimate grounds for data processing. This may be the case, for example, in the event of the existence of statutory retention obligations (such as those for commercial correspondence or accounting records).

2.10 Data transmission abroad

In order to provide our customers and business partners with the best possible service worldwide, we transfer personal data within the companies of the Messe Düsseldorf Group. In order to fulfill contractual purposes or to carry out pre-contractual measures with companies from third countries interested in exhibiting or visiting, it is essentially necessary to transfer data to the foreign representative office of the relevant third country. For this purpose, the relevant data, as listed under 2.6, will be transmitted to the competent foreign representation. In the case of representatives of companies from third countries visiting a trade fair, the visitor's name may also be given to the relevant foreign representation, provided there is no objection to the transfer. The registration data of a company whose representative is visiting an exhibitor at the exhibition stand can - provided the visitor does not object to the scanning of his/her data on the barcode of the admission ticket - be transmitted to the exhibitor visited, irrespective of whether the exhibitor is from Germany, the EU or a third country. In all cases in which we ourselves arrange for personal data to be transferred to third countries that do not have an adequate level of data protection regulated by law, the data will only be transferred if the data recipient contractually undertakes to comply with equivalent standards of data protection and data security as we ourselves do.

3. Cookies

We use cookies. Cookies are small files that are sent by us to the browser of your terminal device when you visit our website and are stored there. They are used to enable you to make the best possible use of our web pages.

Your cookie settings can be viewed and changed at any time under Cookie Settings in the Usercentrics Consent Management Tool. There you will find an overview of all providers used and the respective processing purposes. Consent for functional cookies and marketing cookies can be given individually or generally and can be revoked at any time for the future.

If the use of certain cookies or cookies in general is not desired, users can also prevent their storage on their terminal device by making the appropriate settings on their terminal device and/or Internet browser. Users can select "do not accept cookies" in their browser settings. The procedures for managing and deleting cookies in the settings of the respective browser can be found in the help function of the respective browser.

Stored cookies can be deleted at any time in the system settings of your terminal device and/or internet browser. Please note that the functionality and range of functions of our website may be limited if cookies are blocked or if you do not give your consent to the use of cookies.

Further information on the cookies used can be found in the following explanations.

3.1 Essential cookies

These cookies are mandatory for the use of our websites and cannot be deactivated. The legal basis for the processing of personal data using these cookies is - if a contractual relationship exists - Article 6, Sec. 1 lit. (b) GDPR or Article 6, Sec. 1 lit. (c) GDPR. In addition, however, it is also our legitimate interest according to Article 6, Sec. 1 lit. (f) GDPR. The legitimate interest is derived from the purposes of use of the cookies.

3.2 Functional cookies

Functional cookies are used to evaluate website usage. Some of these cookies are used/deployed by third-party providers, i.e. service providers carefully selected by us. Through the use of such cookies, we can, for example, count the visits to our website and understand from which other websites a redirection to our website took place. This analysis tells us which parts of our website are the most popular, which are the least used and how visitors move around our web pages. This enables us to improve the performance of the website and optimise the content. The processing of data by means of cookies in this context takes place exclusively on the basis of voluntary consent in accordance with Article 6, Sec. 1 lit. (a) GDPR. If consent is given, cookies are deployed for analysis when our website is called up or when an offer provided via the site is called up. It is possible to extend the consent either to individual cookies or to all cookies of this category.

3.3 Marketing-Cookies

Marketing cookies are used to provide interest-based content and ads. This allows more accurate reports on campaign performance to be obtained. Some of these cookies are deployed by third parties. They receive information about the user’s use of our website and may combine this information with other data they may have received elsewhere. This enables us, with the help of selected partners, to address visitors who have shown an interest in the content and offers on our website with advertising geared to their interests (retargeting / remarketing). The display of advertising on the websites of our marketing and social media partners is based on an analysis of previous usage behaviour on our website.

Such usage profiles are created partially anonymously or pseudonymously in line with the information stated by the providers of the retargeting / remarketing services we use. Data collected in this way is not used by us to identify users personally and is never merged with personal data stored by us. We use these cookies, for example, to address interested users with the appropriate information and thus to continuously optimise marketing communication with visitors to our website in order to feature relevant advertising content for them, including outside our web pages.

The data is processed exclusively on the basis of voluntary consent in accordance with Article 6, Sec. 1 lit. (a) GDPR. If users give us their consent, marketing cookies will be set when they visit our website or access an offer provided via the site, and users will also be able to experience interest-based advertising from us on other websites and social media offerings.

3.4 Storage period

Cookies can be divided into session cookies and permanent cookies depending on how long they are stored.

3.4.1 Session cookies

Most cookies are only needed for the duration of the current service call or session and are deleted again or lose their validity as soon as users leave our website or their current session expires (so- called "session cookies"). These are used, for example, to maintain the registration for our ticket shop.

3.4.2 Permanent cookies

These cookies are stored for a longer period of time in order to recognise users when they return to the website at a later date and to be able to call up stored settings. This enables users to access the website more quickly and conveniently, for example, or to avoid having to reapply certain settings again. Permanent cookies are automatically deleted after 180 days.

3.4.2.1 Staying logged in

Insofar as this is technically set up on the Internet portal, we offer users the "stay logged in" option for their account when logging in, which can be used on a voluntary basis. If users do not wish to use the login service, they are free to use the Internet portal without the "stay logged in" option. However, when visiting the site again later after the session has ended (browser session), users have to log in again. If they select the "stay logged in" option, they do not have to do this again; they remain logged in. For this purpose, we use an IDP cookie that automatically recognises users when they visit the Internet portal again. In the course of this, a session ID is stored. This has a reference to their account. The browser only stores the IDP cookie; the IP address is not stored. We base the processing of personal data on the granting of consent in accordance with Article 6, Sec. 1 lit. (a) of GDPR, for which the active ticking of the box provided is required. In order to cancel the "stay logged in" option and revoke the consent given for the future, users must click on "log out". The IDP cookie used has a duration of eight weeks. This means that after a certain period of time, users will have to log in again, even if they have chosen the "stay logged in" option and have not logged out since then. Also, if users change their password, they will need to log in again. Finally, we strongly recommend that the "stay logged in" option not be used on terminals that users do not use only for themselves. Otherwise, there is an increased risk of unauthorised access to the respective customer account by third parties.

3.5 Third-party providers

We also include third-party features on our website in order to use their services. These features use third-party cookies that are placed directly on your device by these services. When you visit our website for the first time, you will be informed about the use of these cookies via the Consent Management Tool. The cookies are only used if users consent to their use. The legal basis is therefore Article 6, Sec. 1 lit. (a) GDPR.

3.6 Use of the Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform to fulfill the legal obligation pursuant to Article 7, Sec. 1 GDPR. The operator is Usercentrics GmbH, Rosental 4, 80331 Munich. Usercentrics Consent Management Platform collects log file data, user agent (device, browser type, browser language, browser version, resolution) and consent data (consent yes/no, timestamp, data scope, data attributes, controllerID, processorID, consentID) via a JavaScript. This JavaScript enables Usercentrics GmbH to inform the user about certain tags and web technologies on our website and to obtain, manage and document his or her consent. The legal basis for processing the data is Article 6, Sec. 1 lit. (c) GDPR, as we are legally obliged to provide evidence of consent (pursuant to Article 7, Sec. 1 GDPR). The aim is to know the preferences of our users and to implement them accordingly as well as to document them in a legally secure manner. The data is deleted as soon as it is no longer required for our logging and there are no legal storage obligations to the contrary. Visitors can permanently prevent the execution of JavaScript at any time by making the appropriate settings in their browser, which would also prevent Usercentrics from executing the JavaScript.

4. Video surveillance at the exhibition centre

Video surveillance is carried out on our exhibition grounds. This is carried out for the purpose of exercising domiciliary rights, preventing criminal offences and preserving evidence in the event of criminal offences. It is also carried out for logistical reasons for traffic management, in particular for parking management, tailback prevention, coordination of passenger bus transports and truck management. The legal basis for video surveillance is Article 6, Sec. 1 lit. (f) of the General Data Protection Regulation (GDPR), whereby the legitimate interests pursued on our part result from the aforementioned purposes. If and insofar as a video recording is made, it will be deleted after 72 hours, unless longer storage is necessary for the exercise of the aforementioned legitimate interests. In the latter case, deletion shall only take place after the purpose of the processing has ceased to exist.

5. Data protection for special applications

5.1 Online orders

We offer exhibitors / exhibitor representatives (the natural person behind the exhibitor / contact person of the exhibitor) and visitors the opportunity to book services online.

5.1.1 Visitor Registration / Exhibitor Staff Registration / Ticket Shop

By using the online registration for visitors (trade fair trade visitors and general-interest trade fair visitors) and for exhibitor representatives (all aforementioned groups of persons hereinafter also referred to collectively as "user" or "data subject"), we collect the data required to process ticket orders in the Ticket Shop. The legal basis is Article 6, Sec. 1 lit. (b) GDPR. The data collected during registration can also be corrected or changed by the user at a later date and at any time after clicking on the edit link in the user profile, with the exception of surnames and first names. Visitors to the fair (i.e. visitors to general-interest events without trade visitor status) have the option of using a guest access to book services online without registering and without providing additional data relating to the mere processing of the contract. By requesting additional data from trade fair visitors (i.e. visitors with trade visitor status) and exhibitor representatives in the registration process, for example on special trade interests or the type of journey, we are pursuing the legitimate interest of recognising market-relevant trends and opinion developments and better aligning our trade events with the professional interests and needs of the visitors and exhibitors at the event in question or offering digital exchange services among all users. This also enables us to provide users with targeted specialist information even before a follow-up event. The classification of a data subject as either a trade fair trade visitor or a general trade fair visitor is either based on the fact that certain events are only accessible to trade fair trade visitors, or it is based on the fact that the user has guest access to the ticket shop, or it is based on a corresponding query. All this serves to promote the quality of the professional exchange, which is essential for the successful implementation of trade fairs, exhibitions, congresses and conferences and is therefore also in the interest of both trade fair trade visitors and exhibitor representatives. The legal basis is Article 6, Sec. 1 lit. (f) GDPR. No conflicting interests of the data subjects that outweigh the aforementioned legitimate interests of Messe Düsseldorf GmbH in this respect are apparent. In the case of the redemption of admission ticket vouchers for free or discounted ticket orders, we base both the registration and the aforementioned request for information not merely relating to the processing of the ticket order on the fact that visitors' services are paid for in full or in part or exchanged for (in part) by providing the personal data requested. The legal basis for data processing is Article 6, Sec. 1 lit. (b) GDPR. We will also send to those users who have booked a service online advertising on similar goods and/or services of their company by electronic means (e.g. by e-mail). If users do not wish to receive advertising, they can object to the use of their data for this purpose at any time by sending an e-mail to privacy@messe-duesseldorf.de or by clicking on the unsubscribe link in each e-mail, without incurring any costs other than the transmission costs according to the basic rates. The legal basis is Article 7, Sec. 3 UWG (Act against Unfair Competition) in conjunction with Article 6, Sec. 1 lit. (f) GDPR.

Insofar as personal data of special categories are processed in accordance with Article 9, Sec. 1 GDPR (e.g. requesting health status in order to be able to obtain a free ticket for an accompanying person), we expressly point this out to you at the relevant points.

5.1.2 Online registration (OR)

Online registration (OR) offers the possibility of booking a stand online as an exhibitor at a trade fair (web application together with the associated database). Personal data of the exhibitor representatives are also processed in this process. The legal basis is Article 6, Sec. 1 lit. (f) GDPR (balancing of interests). The legitimate interest pursued by us lies in the proper processing of orders, for which a natural person is required as a contact person for the exhibitor, e.g. in order to be able to discuss queries or other details. If, in individual cases, the exhibitor is the same person as the natural person placing an order as a contractual partner of Messe Düsseldorf GmbH itself, the latter shall be based on Article 6, Sec. 1 lit. (b) GDPR, i.e. on the initiation or fulfilment of a contract to which the person concerned is a party. We will forward the data to the contact person appointed by the exhibitor representative (contact person) for the processing of the order. In addition, the exhibitor’s e-mail address provided on registration for the trade fair will be sent advertising about similar goods and services of the exhibitor's company by electronic means. If the sending of advertising should not be desired, the use of the processing of the data for this purpose can be objected to at any time by sending an e-mail to privacy@messe-duesseldorf.de or via an unsubscribe link in each e-mail, without incurring any costs other than the transmission costs according to the basic rates. The legal basis for data processing is Article 7, Sec. 3 UWG in conjunction with Article 6, Sec. 1 (f) GDPR.

5.1.3 Online Order System (OOS) for exhibitors

We operate the Online Order System (OOS) for the acceptance of orders and the subsequent conclusion of contracts via the Internet as an online shop for exhibitors. This is a web application and database for ordering trade fair-related articles and services in addition to the stand space. A log-in is required to use the OOS. The providers are Messe Düsseldorf GmbH and its affiliated service partners. We base the processing of personal data here in pursuit of legitimate interests on a balancing of interests pursuant to Article 6, Sec.1 (f) GDPR. The legitimate interest pursued by us lies in the proper processing of orders, for which a natural person is required as a contact person for the exhibitor, e.g. in order to be able to discuss queries or other details. If the exhibitor is the same person as the natural person who places an order as a contractual partner of Messe Düsseldorf GmbH, the latter is based on Article 6, Sec. 1 lit. (b) GDPR, i.e. on the initiation or performance of a contract to which the data subject is a party.

5.1.4 Payment processing in the online order system (OOS)

The data controller has integrated components from Novalnet AG www.novalnet.com on this website. Novalnet AG is a full payment service provider that handles payment processing, among other things. If the data subject selects a payment method during the ordering process in the online store, the data of the data subject is automatically transmitted to Novalnet AG. By selecting a payment option, the data subject consents to the transfer of personal data for the purpose of processing the payment.
The personal data transmitted to Novalnet may include first name, surname, address, gender, e-mail address, IP address and, if applicable, date of birth, telephone number, cell phone number and other data required to process a payment. Personal data relating to the respective order is also required to process the purchase contract. In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, data on goods and services, prices.
The purpose of transmitting the data is, in particular, identity verification, payment administration and fraud prevention. The controller will transfer personal data to Novalnet AG in particular if there is a legitimate interest in the transfer. The personal data exchanged between Novalnet AG and the controller may be transmitted by Novalnet AG to credit reference agencies. The purpose of this transmission is to check identity and creditworthiness.
Novalnet AG also passes on personal data to service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed.
The data subject has the option of withdrawing consent to the handling of personal data at any time from Novalnet AG. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

5.2. Stand Construction Configurator

We use 3D configurators from redPlant GmbH based in Düsseldorf on our website, specifically in the area of stand construction configuration (further information on redPlant GmbH can be found at: https://redplant.de/). The 3D configurators serve as planning software. Depending on the use of the 3D configurators, the following data will be processed by you: Browser type and browser version, operating system used, device type used, time of access, IP address and your contact details. The specific contact data processed can be found in the contact form in the stand construction configurator. The temporary processing of this data by the 3D configurators is necessary in order to technically provide you with basic functionalities of the planning software. This data is not merged with other data sources. The information is processed exclusively for the use of the stand construction configurator. The legal basis is therefore Article 6 para. 1 lit. f GDPR. In addition, in the case of giving consent, Art. 6 para. 1 lit. a GDPR is the legal basis as well as Art. 6 para. 1 lit. b GDPR in the case of the fulfillment of a (pre-)contractual obligations. The deletion of the aforementioned personal data takes place subject to any relevant legal regulations once the underlying purpose no longer applies.

5.3 Surveys

We enable participation in interactive surveys so that users can easily share their opinions with other users. Surveys also serve the purpose of being able to tailor the content and services even more specifically to our clientele. We use a system of ‘tagging’ users after they have voted, so that they can only cast one vote on a particular question. There is no correlation between this tagging and information about individual users. At our own discretion, we share the demographic information accumulated in these surveys with the other users of the respective fair-specific website, but never personal data. The legal basis is Article 6, Sec. 1 lit. (a) GDPR.

5.3.1 Panels

In the course of Trend Reports we regularly conduct a survey of industry experts from e.g. manufacturers and suppliers on current issues and assessments of the market (so-called panels). The aim is to identify and then present the current trends and relevant topics in the relevant area. Participants can register for the panels either via our website or by agreeing to the information email we send them. The legal basis for data processing is Article 6, Sec. 1 lit. (a) GDPR. If necessary (e.g. to evaluate the responses and create a report), the respective data will be forwarded to our service provider. A corresponding contractual relationship exists with the respective service providers.

5.3.2 Market research

We regularly conduct market research surveys on relevant topics from various areas of the trade fair industry. The purpose of this is to identify and respond to market trends and the wishes of our contractual partners and users. Registration for the survey takes place via the information e-mail sent to us, from which the relevant types of data (as a rule this is: Name, e-mail address and telephone number). In some cases, we also work together with market research companies or external service providers as part of order processing in accordance with Art. 28 GDPR, so that the personal data is passed on to them. Whether such cooperation takes place can be seen from the respective information email. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. Our legitimate interest arises from the aforementioned purpose. Your data will only be stored for as long as is necessary for the above-mentioned purposes.

5.4 Electronic newsletter

We make it possible to order electronic newsletters on various topics. For this purpose, we collect the e-mail addresses of those users who voluntarily register as subscribers. The legal basis for sending the newsletter(s) is Article 6, Sec. 1 lit. (a) GDPR in conjunction with § 7 Section 2 No. 2 UWG (consent). We use the so-called double opt-in procedure to register for our newsletter. This means that after registering for the newsletter, the user receives an e-mail to the specified e-mail address asking for confirmation. Users can revoke their consent to receive the newsletter at any time with effect for the future by clicking on the unsubscribe link provided in every newsletter or by sending an e-mail to privacy@messe-duesseldorf.de.

5.5 Prize competitions, loyalty programmes

Insofar as we run loyalty programmes or prize competitions, all rules and information about the respective procedure and the use of personal data during the term of the programme will be clearly stated in the respective conditions of participation. Furthermore, the information collected is used to verify the user identity and to notify the winners or prize winners. Again, we do not share information about specific individuals with third parties.

5.6. 7 Wonders of Al

We use an AI application (“Messebuddy”) from 7 Wonders of AI from Munich, Germany. The Messebuddy informs people who are interested in a specific trade fair by answering questions that they asked in the AI application about the fair. To do this, it uses the publicly accessible information from our trade fair-specific websites as well as the publicly accessible websites of the exhibitors. Only the following data are processed: first and last names of the speakers appearing at the respective trade fair and your IP address. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in customer service. Otherwise personal data are only processed if the interested party enters them independently into the Messebuddy. The legal basis for the processing is therefore Art. 6 para. 1 lit. a GDPR. Further information about 7 Wonders of AI can be found at: https://www.sevenwondersof.ai/english/home/

6. Other visitor services

6.1 Matchmaking

Matchmaking is a networking platform for participants of Messe Düsseldorf GmbH events. The matchmaking engine calculates and displays the people, products and/or services that are most relevant to the user of the GRIP matchmaking services. The GRIP Matchmaking Platform thus facilitates the professional exchange between visitors and exhibitors. Personal data is transferred to our service provider, Intros.at Ltd, Epworth House, 25 City Rd, London EC1Y 1AA, London, United Kingdom (as a processor). This service provider operates an event-related digital networking platform (for desktop devices and mobile devices) in the form of the GRIP Matchmaking Service. We base the processing of personal data in the context of the provision of the GRIP Matchmaking Services on Article 6, Sec. 1 lit. (b) GDPR. Insofar as personal data is transferred to a third country in the context of the use of the "Teams" and "Instant Video Calls" functions, we base this transfer on the legal basis of Article 49, Sec. 1 Sub-section 1 lit. (b) GDPR. In doing so, we process the following types of data provided by the user himself/herself in the visitor registration or in his/her GRIP profile: Name, email address, city, country, interests (for registered users), usage data of the GRIP matchmaking services, other so-called structural data of the registration, product or service categories in which there is interest. The provision of the types of data listed above in their own GRIP profile is not obligatory for users. Data transferred from the visitor registration can be edited and/or deleted by the user in the GRIP profile. However, the consequence of not providing this data is that the full functionality of the GRIP Matchmaking Services can only be used to a limited extent. In particular, the creation of matches, i.e. the determination of matches with other users of the GRIP Matchmaking Service, is not possible or only possible to a limited extent. In order to be able to use the virtual meeting room function within the matchmaking platform, it is necessary for technical reasons to use the service of the video meeting provider Whereby. If the exhibitor representative uses the matchmaking service and is also entered as a contact person in our exhibitor and product database, this person will be shown there as a matchmaking participant. We base the processing of personal data that takes place when this service is used within the framework of the exercise of legitimate interests on a balancing of interests in accordance with Article 6, Sec. 1 lit. (f) GDPR.

6.2 Web sessions

Depending on the Messe Düsseldorf GmbH event, web sessions are offered by Messe Düsseldorf GmbH and external parties (e.g. exhibitors or associations). Web sessions are seminars, events or conferences in which people can participate via the Internet. The latest products, processes or general specialist topics are presented to the registered specialist audience. We use the “Zoom X” platform from Telekom Deutschland GmbH, based in Bonn, for this purpose. It is not necessary to download the aforementioned platform or register to participate in the web session. Prior to participation, it is only necessary to register on the respective trade fair websites or in the ticket store of the respective trade fair in order to receive the access authorization and data for the web session. The personal data processed there can be found in the respective registration. In “Zoom X” itself, only the first name, surname and e-mail address are required. This personal data is also forwarded to the aforementioned platform. In this case, we base the processing of personal data on the fact that the data transfer is in the interest of the data subject. In particular, since “Zoom X” is technically particularly suitable for conducting the web sessions in order to offer participants an informative and high-quality web experience, there is a close and significant connection between the data transfer and the contract concluded between Messe Düsseldorf GmbH and the provider of “Zoom X” in the interests of the participants. The relevant legal basis is therefore Art. 6 para. 1 lit. f) GDPR. If the use of “Zoom X” is necessary for the performance of a contract, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR.

For participation in a free web session, the participant also agrees that his/her data (namely surname, first name, e-mail address, company affiliation, professional position, country) may be passed on to the presenting exhibitor or the presenting association, in particular for their own marketing purposes. We base the processing of personal data in this respect on the granting of consent in accordance with Article 6 para. 1 lit. a) GDPR (possibly in conjunction with Art. 44 ff. GDPR). You can object to the transfer at any time and without giving reasons. You can find more information on this under “Your rights as a data subject”.

By participating in a web session, the personal data (surname, first name, e-mail address, company affiliation, professional position, country) of the respective participant will be passed on to the presenting exhibitor or the presenting association, in particular for their own marketing purposes. We base the processing of personal data in this respect on Article 6 para. 1 lit. b) and Article 6 lit. f) GDPR (in conjunction with Art. 44 ff. GDPR where applicable). Our legitimate interest lies in the provision of free services (“paying with data”).

6.3 Vehicle owner query / parking spaces of Messe Düsseldorf GmbH

We operate paid parking spaces for motor vehicles (KFZ) for rental. In cases where vehicles have been parked in chargeable parking spaces and the maximum parking time has been exceeded or no valid parking ticket has been purchased, we carry out a vehicle owner query at the Federal Motor Transport Authority. This serves to enforce parking fee claims in accordance with the parking conditions posted for the use of the parking spaces. In the event of personal identity between the holder and the parking space tenant, we rely on the legal basis of Article 39, Sec. 1 StVG (German Road Traffic Act) in conjunction with Article 6, Sec. 1 lit. (b) GDPR; otherwise (in the absence of personal identity) on the legal basis of Article 39, Sec. 1 StVG (German Road Traffic Act) in conjunction with Article 6, Sec. 1 lit. (f) GDPR (pursual of legitimate interests after weighing up interests). The vehicle owner query is both necessary and indispensable for asserting, securing or enforcing or for satisfying or defending legal claims in connection with the assertion of outstanding parking fee claims. This is because it is the only suitable means of enforcing the law. This, as well as the assessment made by the legislator in Article 39 of the German Road Traffic Act, means that our interest in carrying out the vehicle owner query outweighs the interest of the owner in not having the associated encroachment on his or her personal rights.

7. Sanctions List Screening

We screen personal data of representatives of (exhibiting) companies. Screening against sanctions lists is carried out to ensure compliance with legal requirements. The screening serves to ensure that there are no transactions or relationships with persons, organizations or companies on national or international sanctions lists. The processing of your personal data is based on Art. 6 para. 1 lit. c GDPR, as it is necessary to fulfill a legal obligation. The following personal data is processed as part of the screening process: first and last name, nationality, place of residence/address and other data required for identification. The data collected comes from the information provided by the data subject or from publicly accessible sources. The data is used exclusively internally or, if necessary, passed on to the responsible authorities or the contracted service provider, who acts within the framework of order processing. In detail, this is the company Rausoft GmbH, based in Leonberg, Germany. Further information on data protection at Rausoft GmbH can be found at www.rausoft.de. Data will only be transferred to third countries if there is an adequate level of data protection there or suitable guarantees are in place. The personal data will only be stored for as long as is necessary to fulfill the legal obligations or until the data subject has no further reference to sanction-relevant requirements.

8. Additional information for using our app

The information below relates solely to the use of our trade-fair specific apps.

8.1 Download of the app

When downloading the apps the required information is transferred to the respective App stores (Apple App Store and Google Play Store). This includes, in particular, username, email address, time of download, payment data if applicable and the individual device identification number. In addition, the respective App store collects various data independently and provides you with analysis results. We have no influence on this data processing and refer you to the respective data protection information of the respective App store provider, who is responsible for this.

8.2 App use

In order to provide you with the benefits of our app, certain personal data required for the operation of the app will be collected when you use it. We only collect this data if necessary for the performance of the contract between you and us (Art. 6 Sect. 1 lit. b GDPR). Furthermore, we collect this data if we have a legitimate interest unless overridden by your interest in protecting your personal data (Art. 6 Sect. 1 lit. f GDPR), or if you have given consent to the processing (Art. 6 Sect. 1 lit. a GDPR). If the processing of the data requires the storage of information in your terminal device or access to information that is already stored in the terminal device, § 25 Sect. 1, no. 2 TDDDG (Law on Data and Privacy Protection in Telecommunications and Digital Services) is the legal basis for this.

8.2.1 Functional capability of the app

When using the app personal data is collected that is technically required for the functionality, stability and security of our app. These include the following personal data:

  • IP address
  • Content of the request (specific page)
  • Transmitted data volume
  • Operating system
  • Language

The legal basis for data processing is therefore Art. 6 Sect. 1 lit. f GDPR in conjunction with § 25 Sect. 2 no. 2 TDDDG. Our legitimate interest lies in ensuring the aforementioned purposes.

8.2.2 Registration and “staying logged in”

We offer you the option of creating a user account in our app. Creating a user account is voluntary and not mandatory for using the app. However, some functions (such as MyOrganiser) are subject to the existence of a user account. The prerequisite for creating a user account is, if not already done, registration in the ticket shop of the respective trade fair. The personal data processed there (family name, first name, address etc.) can be retrieved from the respective registration form. The log-in data provided during registration shall be used to log in to the app. The legal basis for the use of the data entered in the ticket shop for the user account in the app is Art. 6 Sect. 1 lit. f GDPR. The legitimate interest lies in avoiding the existence of several accounts with Messe Düsseldorf GmbH and thus serves to minimise data.

The account in the ticket shop of the respective trade fair and, hence, also the user account in the app can be deleted at any time without giving reasons. For this purpose, a corresponding e-mail with the cancellation request shall be sent to privacy@messe-duesseldorf.de. Alternatively, the cancellation request can also be sent here or by post (Messe Düsseldorf GmbH, G2-RV, PF 101006, 40001 Düsseldorf, Germany). Please note that deleting your account will irrevocably remove all your personal data and content. Make sure that you have backed up all the necessary information before you proceed

Once you have logged in with your log-in files, you will remain logged in until you log yourself out or until the period specified below has expired. For this purpose, the login credentials are stored in a local database on the device after a successful log-in. The legal basis for data processing is Art. 6 Sect. 1 lit. f GDPR. The legitimate interest lies in the barrier-free presentation of services and the facilitation of an uncomplicated log-in procedure. You will be automatically logged out after 60 days (sixty days). This means that you will have to log in again after a certain period of time, even if you have not logged out since then. If you change your password, you will also need to log in again.

8.2.3 Push notifications

You will receive push notifications on general information about the respective trade fair (e.g. trends and topics, event tips, etc.) if you have given your consent to this. The legal basis for data processing is Art. 6 Sect. 1 lit. a GDPR. You can revoke your consent at any time and without giving reasons in the app settings and in the settings of your mobile device. With regard to your further rights as a data subject, please refer to Section 9 of this Data Protection Information.

8.2.4 My tickets

Purchased tickets are automatically loaded into the app and are available there for access to the respective event. The tickets are requested from the app in the ticket shop of the respective trade fair using a Rest API route. Authentication takes place via the IDP session and an encrypted https connection. The QR codes are cached in the app and are therefore also available offline. The legal basis for data processing is Art. 6 Sect. 1 lit. b GDPR.

8.2.5 My recommendations

Preferences can be derived on the basis of the structural data specified in the ticket shop registration. These can be used to display rule-based and/or personalised recommendations (e.g. exhibitors, products, contact persons or events) that are particularly relevant to you and make your visit to the trade fair more attractive. The legal basis for data processing is Art. 6 Sect. 1 lit. f GDPR. The legitimate interest lies in improving the trade fair experience and making it easier for you to find trade fair content that is relevant to you. The information from the structural data is not forwarded to third parties.

8.3 Cookies in the app

8.3.1 General

Cookies are used in our app. Cookies are small text files that are placed and stored on your mobile device. On the one hand, they serve the technical functionality of the app. On the other hand, they enable us to improve user-friendliness, effectiveness and security.

Insofar as the cookies serve the technical operation of the website and are absolutely necessary for technical operation, the data processing is carried out on the legal basis of Art. 6 Sect. 1 lit. f GDPR. The legitimate interest arises from the aforesaid. Cookies that are not absolutely necessary for the operation of the app are processed on the basis of consent pursuant to Art. 6 Sect. 1 lit. a GDPR.

8.3.2 Cookies used in the app

The following is an overview of the cookies used in the app, including a brief description. Further information on the cookies used, in particular on the deletion periods, can be found in the Cookie Consent Manager.

Please note that the cookie settings in the Cookie Consent Manager can be changed by you at any time and without giving reasons, regardless of your rights under Section 9 of this Data Protection Information.

8.3.3 Technically necessary cookies

These cookies must always be set to enable the basic functions and proper use of our app. The legal basis for data processing is Art. 6 Sect. 1 lit. f GDPR in conjunction with § 25 Sect. 2 no. 2 TDDDG.

8.3.4 Google Analytics 4

We use the web analytics service Google Analytics 4 from Google Ireland Ltd. in Ireland. Google Analytics 4 is a software for measuring the advertising return on investment (“ROI”) and for tracking user behaviour. Cookies are used for this purpose. The information generated by the cookies is transmitted to Google servers in the USA. We would like to point out that the EU Commission has issued an adequacy decision for the USA (EU-U.S. Data Privacy Framework). Google is also certified in accordance with the EU-U.S. Data Privacy Framework. The legal basis for data processing using Google Analytics 4 cookies is Art. 6 Sect. 1 lit. a GDPR in conjunction with Art. 45 Sect. 1 GDPR. You can find more information about Google at: https://about.google/?fg=1&utm_source=google-DE&utm_medium=referral&utm_campaign=hp-header.

8.3.5 Matomo

We use Matomo from InnoCraft Ltd. from New Zealand as a web analysis service. Matomo is an open-source software for the statistical analysis of visitor access. Cookies are used for this purpose. The information generated by the cookies about your use of the app is collected, stored and processed on our server in Germany and is not transmitted to third parties. The IP address is automatically anonymised by making parts of the IP address unrecognisable. The legal basis for data processing using Matomo cookies is your consent in accordance with Art. 6 Sect. 1 lit. a GDPR. Further information about InnoCraft Ltd. and Matomo can be found on the website https://www.innocraft.com/#aboutus.

8.3.6 Google Firebase

We use Google Firebase. This is a service for the development of mobile and web applications from Google Ireland Ltd. from Ireland. The information generated by the cookies is transferred to Google servers in the USA. We would like to point out that the EU Commission has issued an adequacy decision for the USA (EU-U.S. Data Privacy Framework). Google is also certified in accordance with the EU-U.S. Data Privacy Framework. The legal basis for data processing using Google Analytics 4 cookies is Art. 6 Sect. 1 lit. a GDPR in conjunction with Art. 45 Sect. 1 GDPR. If the service is absolutely necessary for the provision of services, the legal basis for data processing is Art. 6 Sect. 1 lit. f, Art. 45 Sect. 1 GDPR in conjunction with § 25 Sect. 2 no. 2 TDDDG. You can find more information about Google at: https://about.google/?fg=1&utm_source=google-DE&utm_medium=referral&utm_campaign=hp-header.

8.3.7. Use of the Usercentrics Consent Management Platform

We use the Usercentrics Consent Management Platform of Usercentrics GmbH from Munich to fulfil our legal obligation under Art. 7 Sect. 1 GDPR (proof of consent) and to inform you about certain tags and web technologies on our app and to obtain, manage and document the necessary consents. The Usercentrics Consent Management Platform collects log file data, user agent (device, app language, app version, resolution) and consent data (consent yes/no, timestamp, data scope, data attributes, ControllerID, ProcessorID, ConsentID). The legal basis for the processing of the data is Art. 6 Sect. 1 lit. c GDPR in conjunction with Art. 7 Sect. 1 GDPR.

8.4 Third-party data processing

8.4.1 Categories of recipients

We use external service providers (e.g. for IT). These service providers only act in accordance with our instructions and are contractually obliged to comply with data protection regulations within the meaning of Art. 28 GDPR.

The following categories of recipients, which are usually processors, may receive access to your personal data in connection with the app:

  • IT service providers and operators of data centres. The legal basis for the transfer is Art. 6 Sect. 1 lit. b GDPR;
  • Service providers for tracking and analysing the app. The legal basis for the transfer is Art. 6 Sect. 1 lit. a GDPR or Art. 6 Sect. 1 lit. f GDPR in conjunction with § 25 Sect. 2 no. 2 TDDDG. If data is transferred to a third country, Art. 45 Sect. 1 GDPR is also the legal basis for the transfer. Further information on this can be found in Section 7.5 (Cookies) of this Data Protection Information.

8.4.2 Legal obligation for transmitting specific data

Under certain circumstances, we may be subject to a special statutory or legal obligation to provide the lawfully processed personal data to third parties, in particular public authorities. The legal basis for the processing and disclosure of this personal data is Art. 6 Sect. 1, sentence 1, lit. c GDPR.

9. Candidate Management

9.1 Application Procedure

The following data protection information under item 7 applies exclusively to the application procedure and thus between the candidate and Messe Düsseldorf GmbH.

Upon receipt of an online application for a specific job advertisement, an application based on an initiative application or an application based on a previous recruitment interview, the candidate's personal data will be processed for recruitment purposes. During the contractual initiation phase of an employment relationship, Messe Düsseldorf GmbH has an interest in ensuring that you have the necessary professional competence and personal aptitude for the vacant position. The scope of data processing, the application procedure and the choice of means (e.g. telephone interview, personal interview, etc.) depend on the requirements of the specific job advertisement. These also determine which persons are involved in the data processing and therefore have access to your personal data. These persons regularly include employees of the Human Resources department and supervisors and, in some cases, specialist managers. Depending on your position, your data may also be processed by members of the works council or members of the representative bodies of severely disabled employees by exercising their statutory co-determination rights. These persons have been trained in data protection law and are obliged to maintain confidentiality. If other persons or bodies (e.g. service providers) also have access to your data, this is always done on the basis of a contractual agreement. The specific service providers can be found in the data subject information sent to the applicant by email with the confirmation of receipt of their application.

If contact is made via the social media platform LinkedIn, its data protection information applies under its own responsibility. We would like to point out that in this case personal data may be transferred to a third country that may not have an adequate level of data protection.

The data is collected, stored and used exclusively for the operation of the application process. The legal basis for data processing is therefore Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. b GDPR. If no employment relationship is established, the candidate's personal data will be deleted after six months. Any further storage of the data will only take place with the express consent of the candidate.
The use of personal data can be objected to here at any time.

9.2 Job Subscription

We offer a so-called job subscription. This is a job finder service that belongs directly to a specific job market and that informs the searcher about new jobs. Persons interested in working for Messe Düsseldorf GmbH can set up such a job subscription online. There, the interested party enters his / her e-mail address and a password of his / her choice and selects which type of job advertisements are to be sent to him / her after publication on the homepage. Registration takes place according to the double opt-in procedure. In the case of this job agent, the data of the interested party will be stored until revoked after successful registration and confirmed registration and used within the scope of the services of the job agent.

10. Your rights as a data subject

10.1 Right to information / data deletion / restriction of processing

Any data subject has the right to obtain, on request, confirmation as to whether personal data relating to him or her are being processed by us. If such processing takes place, the data subject may request information about the personal data processed by us concerning him or her. Furthermore, he or she may request data rectification, data erasure, restriction of processing and data portability, as well as object to the processing.

10.2 Right of appeal

Any person affected by data processing has the right to lodge a complaint with a competent supervisory authority.

10.3 Right of objection

Of course, you are free to declare for which purpose your personal data should not be used. If you no longer wish your data to be used for a specific purpose, you can object to any further use of your data here.

10.4 Assertion of your legal rights

If you assert your legal rights regarding your personal data (see Section 9 of this Data Protection Information), we will process the data contained in your request in addition to the personal data already available to us in order to review your request, respond to it and, if necessary, take the necessary measures. The legal basis for data processing is Art. 6 para. 1 lit. c GDPR.