Privacy Policy
Cookies & tracking
This website uses no tracking or marketing cookies and no analytics tools (e.g. no Google Analytics). For basic functions – such as showing the intro once and the language selection – we use only technically necessary browser storage (session/local storage), which does not require consent.
External media (YouTube & Vimeo)
Some projects embed videos from YouTube and Vimeo. These are loaded only once you actively consent. On loading, personal data – in particular your IP address – may be transferred to Google Ireland Ltd. or Vimeo Inc. (USA). You can withdraw your consent at any time via “Cookie settings” in the footer.
Hosting & libraries
To render the site, software libraries are loaded via the jsDelivr content delivery network, which technically transmits your IP address. Fonts are served locally from our server.
We are pleased that you are visiting our website. Protecting and securing your personal information when you use our website is very important to us. We would therefore like to inform you here about which of your personal data we collect when you visit our website and for what purposes it is used.
This privacy policy applies to the online offering of iventos, which is accessible at the domain www.iventos.de as well as the various subdomains ("our website").
Who is responsible and how can I reach you?
Controller
responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
iventos
Feldstraße 9a
44867 Bochum
DE
02327 97 99 30
iventos@iventos.de
Data Protection Officer
INNAVIS Treuhand GmbH & Co. KG
Gutenbergstraße 1
26632 Ihlow Riepe
DE
Mario Barthel
barthel@innavis.de
What is this about?
This privacy policy meets the legal requirements for transparency in the processing of personal data. Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your email address, your IP address or your user behaviour when visiting a website. Information that we cannot relate to you (or only with disproportionate effort), e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collecting, querying, using, storing or transmitting) always requires a legal basis and a defined purpose.
Stored personal data is deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for continuing to retain the data. We inform you about the specific retention periods or criteria for storage within the individual processing operations. Irrespective of this, in individual cases we store your personal data for the establishment, exercise or defence of legal claims and where statutory retention obligations exist.
Who receives my data?
We only disclose the personal data we process on our website to third parties if this is necessary to fulfil the purposes and is covered in the individual case by the legal basis (e.g. consent or the protection of legitimate interests). In addition, in individual cases we disclose personal data to third parties where this serves the establishment, exercise or defence of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.
Where we use service providers to operate our website who process personal data on our behalf as part of a data processing agreement pursuant to Art. 28 GDPR, these may be recipients of your personal data. You can find more detailed information about the use of processors and web services in the overview of the individual processing operations.
Do you use cookies?
Cookies are small text files that we send to and store in the browser of your device when you visit our web pages. As an alternative to using cookies, information can also be stored in your browser's local storage. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses, so that, for example, we are able to recognise the browser you use when you visit our website again and to transmit various information to us (non-essential cookies). Among other things, cookies enable us to make our online offering more user-friendly and effective for you, for instance by tracking your use of our website and identifying your preferred settings (e.g. country and language settings). Where third parties process information via cookies, they collect this information directly via your browser. Cookies do not cause any damage to your device. They cannot run any programs and cannot contain any viruses.
We inform you about the respective services for which we use cookies within the individual processing operations. Detailed information on the cookies used can be found in the cookie settings of this privacy policy / consent manager.
What rights do I have?
Subject to the conditions of the legal provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), you as a data subject have the following rights:
- Access pursuant to Art. 15 GDPR, Section 34 BDSG to the data stored about you in the form of meaningful information on the details of the processing, as well as a copy of your data;
- Rectification pursuant to Art. 16 GDPR of inaccurate or incomplete data stored by us;
- Erasure pursuant to Art. 17 GDPR of the data stored by us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- Restriction of processing pursuant to Art. 18 GDPR, where the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you object to its erasure because you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
- Data portability pursuant to Art. 20 GDPR, where you have provided us with personal data on the basis of consent pursuant to Art. 6 (1) (a) GDPR or on the basis of a contract pursuant to Art. 6 (1) (b) GDPR and this data has been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format, or we will transmit the data directly to another controller where this is technically feasible.
- Objection pursuant to Art. 21 GDPR to the processing of your personal data, where this is carried out on the basis of Art. 6 (1) (e) or (f) GDPR and there are grounds arising from your particular situation, or the objection is directed against direct marketing. The right to object does not exist if compelling legitimate grounds for the processing that override your interests are demonstrated, or the processing serves the establishment, exercise or defence of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.
- Withdrawal pursuant to Art. 7 (3) GDPR of the consent you have given, with effect for the future.
- Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data infringes the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company's registered office.
How exactly is my data processed?
Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective retention period. Automated decision-making in individual cases, including profiling, does not take place.
Provision of the website
Nature and scope of the processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in what is known as a log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which the access is made (referrer URL)
- Browser used and, where applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us directly, but by a service provider who processes the aforementioned data on our behalf pursuant to Art. 28 GDPR for the purpose of providing the website.
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring its security and stability on the basis of Art. 6 (1) (f) GDPR. The collection of the data and its storage in log files is strictly necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) GDPR. Where the further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 (1) (c) GDPR. There is no legal or contractual obligation to provide the data; however, it is technically impossible to access our website without providing the data.
Retention period
The aforementioned data is stored for the duration of the display of the website and, for technical reasons, beyond that for a maximum of 7 days.
Contact form
Nature and scope of the processing
On our website, we offer you the option of contacting us via a form provided. The information collected through mandatory fields is necessary in order to process your request. In addition, you can voluntarily provide further information that you consider necessary for processing your contact request.
When you use the contact form, your personal data is not disclosed to third parties.
Purpose and legal basis
The processing of your data through the use of our contact form is carried out for the purpose of communicating with you and processing your request on the basis of your consent pursuant to Art. 6 (1) (a) GDPR. Where your request relates to an existing contractual relationship with us, the processing is carried out for the purpose of performing the contract on the basis of Art. 6 (1) (b) GDPR. There is no legal or contractual obligation to provide your data; however, it is not possible to process your request without the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.
Retention period
Where you use the contact form on the basis of your consent, we store the data collected for each request for a period of three years, beginning with the completion of your request or until you withdraw your consent.
Should you use the contact form within the scope of a contractual relationship, we store the data collected for each request for a period of [three years] from the end of the contractual relationship.
Google reCAPTCHA
Nature and scope of the processing
We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service provided by Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is made automatically by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, where applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the purposes stated above and to maintain the security and functionality of Google reCAPTCHA.
Purpose and legal basis
Google reCAPTCHA is used on the basis of your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out pursuant to Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US sub-processors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards within the meaning of Art. 44 et seq. GDPR with the recipients of the data. Unless otherwise stated, these are the standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before any such third-country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 (a) GDPR, which you grant via your consent in the consent manager (or other forms, registrations, etc.). We would like to point out that third-country transfers may involve risks that are unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Google Analytics
Nature and scope of the processing
We use Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analytics service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our online offering, the subpages visited and the dwell time of visitors.
Google Analytics uses cookies and other browser technologies to evaluate user behaviour and to recognise users.
This information is used, among other things, to compile reports on website activity.
Purpose and legal basis
Google Analytics is used on the basis of your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out pursuant to Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US sub-processors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards within the meaning of Art. 44 et seq. GDPR with the recipients of the data. Unless otherwise stated, these are the standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before any such third-country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 (a) GDPR, which you grant via your consent in the consent manager (or other forms, registrations, etc.). We would like to point out that third-country transfers may involve risks that are unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Google Tag Manager
Nature and scope of the processing
We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website.
Purpose and legal basis
Google Tag Manager is used on the basis of your consent pursuant to Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The transfer of data to the USA is carried out pursuant to Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US sub-processors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards within the meaning of Art. 44 et seq. GDPR with the recipients of the data. Unless otherwise stated, these are the standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before any such third-country transfer, we obtain your consent pursuant to Art. 49 (1) sentence 1 (a) GDPR, which you grant via your consent in the consent manager (or other forms, registrations, etc.). We would like to point out that third-country transfers may involve risks that are unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Retention period
The specific retention period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.