Privacy policy for apps from Koelnmesse GmbH

Koelnmesse GmbH (Koelnmesse) attaches a high value to your privacy and observes the legal stipulations regarding data protection. In the following we would like to explain to you how we handle your personal data which is collected and processed within or via this app.

As part of the function of this app, we enable you to call up information regarding the trade fair. You can, for example, see which exhibitors have a stand and in which hall they are located. In the process, you can search for exhibitors alphabetically, by location or by product range. The app also offers you a hall plan, an overview of the events and additional features related to the trade fair.

When you use the app, we process your personal data. All information relating to an identified or identifiable natural person is to be considered personal data.

The data controller responsible under the data protection laws is Koelnmesse GmbH, Messeplatz 1, 50679 Köln, Germany

Our data protection officer can be contacted under the following e-mail address: datenschutz-km@koelnmesse.de

Certain information is automatically processed as soon as you use the app. We have listed exactly which personal data we process below:

• 3.1 Information that is collected during the download
  Certain necessary information is transferred to your chosen app store (e. g. Google Play or Apple App Store) when the app is downloaded in particular the username, the e-mail address, the customer number of your account, the time of the download, payment information and the individual identification number of your device can be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control..
• 3.2 Information that is collected automatically
  When you use the app, we collect certain data via Google Analytics (see also item 3.5 of this privacy policy). These include: (i.) the internal device ID, (ii.) the type and version of your operating system, (iii.) the time of the access, (iv.) the pages you visited and (v.) the search terms you entered. In addition, the data listed in item 3.3 of this privacy policy are also processed.
  This data is automatically transferred to us, (1) in order to provide you with the service and the functions associated with the service; (2) to improve the functions and features of the app and (3) to prevent and eliminate misuse and malfunctions. This data processing is lawful because (1) the processing is necessary for the purpose of fulfilling the contract between you as the data subject and ourselves pursuant to Article 6 (1) (b) GDPR for the use of the app, or (2) we have a legitimate interest in guaranteeing the functioning and the error-free operation of the app and being able to offer a service which is appropriate to the market and our interests, which in this case overrides your rights and interests in the protection of your personal data pursuant to Article 6 (1) (f) GDPR.
• 3.3 Creation of a user account (registration) and logon
  You can create a user account via the respective trade fair website and use it for your registration in the app. Mandatory information required during registration is indicated with an asterisk and is required for the agreement of a contract of use. If this data is not supplied, you cannot create a user account.
  In addition, you can also supply information, e. g. internet address, postal address, voluntarily during the registration process. We use the mandatory information in order to authenticate you during the login and to follow up queries for resetting your password. The data that you enter during the registration or when logging on is processed and used by us, (1) in order to verify your right to administer the user account; (2) to enforce the terms of use of the app including all of the associated rights and duties and (3) to get in contact with you in order to be able to send you technical or legal notes, updates, security messages or other messages that relate to the administration of your user account.
  We use voluntary information in order to display these items according to the settings that you have made while using the app and to make them accessible to other users of the app at your request.
  This data processing is lawful because (1) the processing is necessary for the purpose of fulfilling the contract between you as the data subject and ourselves pursuant to Article 6 (1) (b) GDPR for the use of the app, or (2) we have a legitimate interest in guaranteeing the functioning and the error-free operation of the app, which in this case over-rides your rights and interests in the protection of your personal data pursuant to Article 6 (1) (f) GDPR.
• 3.4 Use of the app
  The app also requires the following permissions for the use of all its functions, which you can optionally set:
  • Internet access: This is required to download the current trade fair data to your device. In addition, functions such as sending contact requests (networking) or watching livestreams (event programme) require internet access.
  • Camera access: This is required so that QR codes can be scanned. These are used, for example, to import contact details of scanned trade fair participants (QR code on trade fair ticket or networking QR code in the app) into the networking address book in the app. The function also makes it possible to transfer favourites from the online exhibitor search to the app. In addition, the camera access is required for navigation purposes on the Koelnmesse exhibition grounds, provided that this service is offered at the respective event.
  • Location and Bluetooth access: Access is required for location-based navigation and information purposes on the Koelnmesse exhibition grounds, provided this service is offered at the respective event (see also Item 3.7).
  • Access to the gallery: This is required if you wish to upload a profile photo from your photo album.
  • Access to the contact list: This is required to be able to save contacts in your device's contact list or to check whether the user is in the device’s contact list in order to invite them to use the app if they are not yet an app user or networking participant.
  • Calendar access: This is required in order to import/save appointments made via the app into your calendar.
  • Device memory access: This is needed to save export files of contact lists on your device.
  The processing and use of the usage data is carried out for the purpose of providing the service. This data processing is lawful because the processing is necessary for the purpose of fulfilling the contract between you as the data subject and ourselves pursuant to Article 6 (1) (b) GDPR for the use of the app.
• 3.5 Cookies
  The app uses cookies (referred to in the following as “cookies”) in order to be able to optimally design the app.
  
  Cookies are small data files that are saved on your terminal when the app is used. If you call up the app again, your terminal will send the contents of the cookies back to the respective provider and so enable the terminal to be recognized. These cookies can be used in order to determine whether your terminal has already communicated with us. Only the cookie on your terminal is identified. You have the possibility of blocking, deleting or deactivating cookies using the functions supported by your browser or device.
  We have a legitimate interest in our use of cookies pursuant to Article 6 (1) (f) GDPR in order to make our website more user friendly, more effective and more secure.
  We only receive pseudonymized information from our use of cookie technology. This information concerns, for example, which pages have been visited, which products have been viewed etc.
  
  You will find further information on third-party cookies and similar technologies and how you can prevent their use on the following websites:
  
  http://www.youronlinechoices.eu
  http://www.aboutads.info/choices
  http://www.networkadvertising.org/choices
  
  When you use the app, we automatically collect data that could possibly refer to your person using:
  
  Google Analytics SDK
  
  As previously mentioned in item 3.2, the app uses the Google Analytics SDK, in order to analyse the use of the app, so that Koelnmesse can continually improve the app. Google Analytics is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google Analytics with the additional function to anonymize IP addresses provided by Google. In this process, the IP address is usually already shortened by Google within the EU; only in exceptional cases is it first shortened in the USA, and in all cases it is only stored in its abbreviated form. You can object to or disable the data collection and data storage by Google Analytics in the context of the app with future effect — depending on your operating system — using the settings of your mobile device for the app or in the settings of the app itself. The app uses functions from Google. These functions, YouTube for example, are offered by the company Google Inc. Data is transferred to Google when Google is used. We would like to point out that we, as the providers of the webpages, do not know which data is transmitted or how it is used by Google. You will find further information on this subject in Google’s privacy policy at https://www.google.com/policies/privacy/
  
• 3.6 Participant groups
  The app differentiates between 'public + private participants' of the event. This differentia-tion is relevant to whether and when the respective contact is listed in public directories and whether this service is optional, if applicable.
  
  • "Public participants" are (i.) the persons named by the respective exhibitor and (ii.) those who provide a specific service within the scope of an agreement with Koelnmesse, such as a moderator. These persons are always listed in the respective lists of persons and can optionally participate in networking. Public participants also include (iii) trade visitors who have not deactivated the networking functions.
  • "Private attendees" are all attendees who have deactivated the networking function. These persons, if they have deactivated this function, will be removed from the People directory.
  
  The networking function is activated by default. However, you can deactivate or reactivate it under Home/"My Profile".
  
  Furthermore, the app can be used by third parties (e. g. private visitors) who are not as-signed to any of the aforementioned participant groups.
• 3.7 Further functions
  
  a) Networking
  
  In addition to the basic functions, there are so-called additional functions which are reserved for registered and logged-in participants (in part only with a valid ticket). Details of these functions can be found in the relevant terms and conditions, unless otherwise stated in this data protection notice.
  
  For optimal use of the networking functions, we process your following personal data: Name, first name, position, company, country, mobile number, e-mail address, (profile) picture and interests. Your contact and profile data are imported into the app from previous systems such as the ticket shop and our CRM system, if available.
  
  Contact data will only be displayed for approved profiles of trade visitors once you have accepted a "request" from the enquirer. Only in this case is your full profile linked to that of the enquirer and made visible.
  
  The legal basis for data processing for private participants (trade visitors etc.) is based on Art. 6 para. 1 sentence 1 lit. a) GDPR and for public participants on Art. 6 para. 1 sentence 1 lit. b) and f) GDPR.
  
  Each participant can revoke their consent for the networking function at any time in the app under Home/"My Profile" with the function "Deactivate Networking" with effect for the future (opt-out).
  
  b) Push messages
  
  If included in the scope of services of the respective app and if you have agreed to this function when using the app, the app will inform you about interesting news concerning your trade fair stay (e. g. event highlights, new products, etc.) via push messages on your terminal device. The push messages can be deactivated and reactivated at any time in the settings of your operating system.
  
  The legal basis for data processing for participants (trade visitors, etc.) is also based on Art. 6 (1) sentence 1 lit. a) GDPR.
  
  c) Location data and reception of interest-based messages
  
  For selected events, Koelnmesse also offers a location- and interest-based messaging service in the app. This can be used by all participants by granting permission in the app to receive notifications and to access their Bluetooth function and location (optionally also when using the app in the background). Depending on their location at the exhibition grounds, participants can receive relevant information from exhibitors at the event as well as organizational and security-related information from Koelnmesse if the Bluetooth function is activated and depending on the data they provided during registration or ticket purchase (e.g. country of origin, interests).
  
  This function uses a so-called geofencing/Bluetooth technology on the exhibition grounds, which makes it possible to trigger a message in the app from Koelnmesse based on the location of the mobile device. The location of the mobile device is not stored.
  
  You can revoke access at any time in the settings of your operating system. Please note that some functions may not be available or not fully available if you do not allow access to your location data.
  
  Koelnmesse does not pass on any data to the exhibitor as a result of the participant using this function.
  
  The legal basis for data processing for participants (trade visitors, etc.) is also based on Art. 6 (1) sentence 1 lit. a) GDPR.

Koelnmesse will not transfer your data to third parties at any time without your express permission unless Koelnmesse is obliged to do so due to a legal requirement. However, we can make use of services provided by third parties in order to provide you with the app and its functions. Insofar as these activities necessitate a disclosure of your personal data, we will ensure that the legal re-quirements are observed, including a corresponding agreement concerning the carrying out of such contract data processing insofar as this may be necessary.

Data is not processed outside the European Economic Area.

The processing of your personal data for purposes other than those described will only take place to the extent permitted by a legal regulation or subject to your consent for the change of purpose of the data processing. In the event of further processing for purposes other than those for which the data were originally collected, we will inform you of these other purposes before the further processing and make all relevant information available to you.

We delete or anonymize your personal data as soon as they are no longer required for the pur-poses according to the aforementioned items for which we collected or used them.

Specific statements in this privacy policy or legal requirements for the storage and deletion of personal data, in particular such as those that we must retain for purposes of compliance with tax law, remain unaffected.

We utilize technical and organizational security measures in order to protect your personal data from accidental or wilful manipulation, loss, destruction or against access by unauthorized persons. Our data processing and our security measures are continually improved in line with the technological development.

At our company, data transferred during the use of the app are always securely transferred using encryption. We use the SSL (Secure Socket Layer) encryption system. Nobody can guarantee absolute protection. However, we secure our app and other systems against loss, destruction, access to and alteration or dissemination of your data by unauthorized persons to your data by means of technical and organizational measures.

• 9.1 Right to information
  
  Pursuant to Article 15 GDPR, you have the right to request us at any time to provide you with information concerning personal data relating to you that we process. You can make this request by sending a postal letter or e-mail to the address given below.
• 9.2 Right to rectification of incorrect data
  
  You have the right to request us to immediately rectify your personal data if they are inaccurate. To do so, please contact the addresses given below.
• 9.3 Right to erasure
  
  You have the right to obtain from us the erasure of your personal data on the grounds described in Article 17 GDPR. These grounds especially give you the right to erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if the personal data have been unlawfully processed, if we have received an objection to the processing, or the personal data have to be erased in compliance with a legal obligation in Union or Member State law to which Koelnmesse is subject. With regard to the duration of the data storage, see Item 7 of this privacy policy. To exercise your right to erasure, please contact the addresses given below.
• 9.4 Right to restriction of processing
  
  You have the right to request us to restrict processing pursuant to Article 18 GDPR. This right applies, in particular, to the following cases: When the accuracy of the personal data is contested between the user and ourselves, for a period enabling us to verify the accuracy of the personal data; the user has an existing right to erasure but opposes the erasure of the personal data and requests the restriction of their use instead; the data are no longer needed for our purposes, but they are required by the user for the establishment, exercise or defence of legal claims; the user has objected to processing pending the verification whether our legitimate grounds override those of the user. To exercise your right to the restriction of processing, please contact the addresses given below.
• 9.5 Right to data portability
  
  You have the right to receive the personal data concerning yourself, which you have provided to us, in a structured, commonly used and machine-readable format pursuant to Article 20 GDPR. To exercise your right to data portability, please contact the addresses given below.

Pursuant to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on e. g. point (e) or (f) of Article 6 (1) GDPR. In that case, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If you have a complaint, you also have the right to appeal to the responsible regulatory authority. The responsible regulatory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf, Germany

Telephone +49 211/38424-0

Fax +49 211/38424-999

e-mail: poststelle@ldi.nrw.de

We always keep this privacy policy up to date. We therefore reserve the right to change it from time to time and to make changes to the collection, processing and use of your data. The current version of this privacy policy can always be called up within the app under “Data Protection”.

Status: March 2023