Privacy Policy Regulation (GDPR)

1. Data Protection at a Glance

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

How do we collect your data?

Your data are collected in two ways: by you providing them to us, for example when entering information in a contact form, and automatically through our IT systems when you visit the website. These automatically collected data are primarily technical data (e.g., internet browser, operating system, or time of page access). Collection of these data occurs automatically as soon as you access our website.

For what purposes do we use your data?

Some of the data are collected to ensure the error-free provision of the website and our services. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction, blocking, or deletion of these data. For this purpose, as well as for further questions on data protection, you can contact us at any time using the address provided in the imprint. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Analysis tools and third-party tools

When you visit our website, your surfing behavior may be statistically evaluated. This mainly occurs through cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis. The options for objection are described in this privacy policy.

2. General Information and Mandatory Information

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains which data we collect and for what purpose we use them. It also explains how and for what purpose this is done.

We point out that data transmission over the internet (e.g., when communicating by e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

Responsible body for data processing:

impact media projects GmbH
Represented by: Thilo Jörgl, Anita Würmser
Eckherstr. 10 b
85737 Ismaning, Germany
Phone: +49 89 215384612 – This email address is being protected from spambots. You need JavaScript enabled to view it.

The responsible body is the natural or legal person that alone or jointly with others decides on the purposes and means of processing personal data.

3. Collection and Processing of Data on This Website

We collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services, and only if a legal basis allows us to do so. Automated decision-making or profiling does not take place.

Your data is collected:

• Through your input, e.g., by filling out a contact or registration form, or sending an e-mail inquiry.
• Automatically by our IT systems when visiting the website, e.g., IP address, browser type, operating system, time of access.

Legal basis

Processing is carried out in accordance with:

• Art. 6(1)(a) GDPR (Consent)
• Art. 6(1)(b) GDPR (Performance of a Contract)
• Art. 6(1)(c) GDPR (Legal Obligation)
• Art. 6(1)(f) GDPR (Legitimate Interest)

Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them.

Purposes of Processing

• Providing a functional website
• Performing and processing contracts (e.g., ticket purchases, event management)
• Conducting and processing our offers, awards, and events
• Communication with you
• Analyzing user behavior and optimizing our services
• Complying with legal obligations

Hosting

Our websites are hosted by:

Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany
https://www.strato.de/datenschutz/

SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content (e.g., orders or inquiries), this site uses SSL/TLS encryption. A secure connection can be recognized when the browser address line changes from “http://…” to “https://…” and by the padlock symbol in the browser’s address bar. When SSL/TLS encryption is enabled, data transmitted to us cannot be read by third parties.

Cookies and Tracking

Our websites use cookies to make the offer more user-friendly, efficient, and secure. Cookies are small text files stored by your browser. Session cookies are automatically deleted after your visit; other cookies remain stored until you delete them. You can block cookies in your browser settings or allow them on a case-by-case basis, which may limit the functionality of the website.

Cookies required for the operation of the site or desired functions (e.g., shopping cart) are stored on the basis of Art. 6(1)(f) GDPR.

When visiting our website, data about the accessing system is automatically collected, including:

• Browser type and version
• Operating system
• Internet service provider
• IP address
• Date and time of access
• Websites from which you reached our site
• Websites you access via our site

This data is stored in our system log files as well as in central systems for analysis but is not linked to other personal data of the users.

Server Log Files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of server request
• IP address

Merging this data with other data sources does not occur. The legal basis for processing is Art. 6(1)(b) GDPR, which permits data processing for the fulfillment of a contract or pre-contractual measures.

Contact Forms

We provide you with the option to contact us via contact forms on our website. To respond to your inquiry, your name, company, a valid e-mail address, and telephone number are required. The IP address is stored when sending the form for the secure operation of the website and underlying IT systems.

Additional information may be provided voluntarily. Voluntary fields are those not clearly marked as mandatory (e.g., red asterisk or other symbols). These personal data are used to contact you for follow-ups, conclude contracts, issue invoices, deliver orders and offers, or otherwise respond to inquiries.

The data is processed and stored based on Art. 6(1)(b) or (f) GDPR until the purpose is fulfilled or you request deletion. Mandatory legal provisions, especially retention periods, remain unaffected.

Apps

When using our apps or third-party apps, we only process data required to provide the app (e.g., device ID). Location data is only used if you permit it.

Newsletter, Information Services, Network Information, and Email Contact

When registering, we use your name and e-mail address to send personalized newsletters and network information. Registration occurs via a contact form or personal request. For registration, we use name, e-mail address, and, if applicable, IP address and registration date to prevent misuse. Sending is carried out solely on the basis of your consent under Art. 6(1)(a) GDPR. You can unsubscribe at any time; data may be stored for up to three years to demonstrate consent.

Newsletter registration uses the double opt-in procedure: after signing up, you receive an e-mail requesting confirmation. Only after confirmation is registration effective.

Participation in Awards, Competitions, Sweepstakes, or Surveys

As part of participation in our awards, competitions, sweepstakes, or surveys, we collect data from participants or contact persons as well as information about your company, professional position, and industry as mandatory information. Additional data may be collected on a voluntary basis.

We may collect the following data:

• IP address – anonymized
• User’s operating system
• Time the user is online
• Other information (chat functionality via third-party providers)

In the registration/approval process for our awards and events, the following personal data is collected as mandatory information from the contact person:

• Form of address
• Company
• First name
• Last name
• Position/Function
• Telephone/Mobile phone
• Full company address
• Country of the company
• Email address
• Other information (e.g., allergies)
• VAT ID number
• Users can find all mandatory and voluntary data fields in the current registration form.

The data is stored for the processing and handling of award applications as well as for market research purposes, to identify and inform you as a potential finalist or winner.

By participating, you consent to receiving email communications (e.g., confirmation of participation, applicant information, nomination information, notification of winnings) and to the publication of your first and last name, title, position, company name, and product name in connection with a nomination or win on our website and in our publications.

For awards, sweepstakes, or surveys conducted in cooperation with partners, your data will only be shared with these partners as necessary to carry out the respective event, evaluate and interpret results, and for required follow-ups.

The legal basis for processing is Art. 6(1)(b) and (f) GDPR.

Events (In-person/Online)

When registering for our events (gala receptions, award ceremonies, congresses, seminars, workshops, exhibitions, etc.), we collect participants’ data including first and last names, title, address, email address, company, professional position, and industry as mandatory information. Additional information may be collected voluntarily.

We may collect the following data:

• IP address – anonymized
• User’s operating system
• Time the user is online
• Password
• Other information (chat functionality via third-party providers)

Mandatory information in the registration/approval process for events:

• Form of address
• Company
• Title
• First name
• Last name
• Position/Function
• Telephone/Mobile phone
• Full address
• Email address
• Other information (e.g., allergies, accompanying persons)
• Users can find all mandatory and voluntary fields in the current registration form

Legal basis: Art. 6(1)(b) and (f) GDPR to fulfill the contract for the purpose of attending the event. This includes in particular:

• Access control
• Customer support (contact person for logistics/business)
• Accompanying measures (photography, filming for reporting, social media, website, marketing)

Data Sharing with Cooperation Partners

Where necessary for the organization and execution of the event, personal data may be shared with cooperation partners (e.g., co-organizers, service providers, exhibitors with booked services). Further sharing of your data with sponsors or advertising partners for marketing purposes will only occur with your explicit consent (opt-in).

Lead Management (In-person Events)

At in-person events, a personal data record may be used for lead management purposes. Participants can have the QR code on their ticket scanned by exhibitors or sponsors. By actively allowing the scan, participants give their explicit consent for the data stored in the QR code to be processed by the respective exhibitor/sponsor and, if applicable, used later for marketing purposes or to provide discounts and vouchers (Art. 6(1)(a) and (f) GDPR).

1. Press Accreditation

   For accredited press representatives, submission and acceptance of accreditation establishes Art. 6(1)(f) GDPR as the legal basis for data processing.

2. Direct Marketing and Analysis

   If data processing is not solely for contract fulfillment, it is based on our legitimate interest according to Art. 6(1)(f) GDPR. This particularly applies to processing and using exhibitor and participant data for marketing via post or email.
   For emails, usage behavior may also be analyzed based on § 7(3) UWG to tailor communications for our events and services. The legal basis is our legitimate interest in targeted direct marketing.

3. Right to Object

   You can object to the processing of your data for direct marketing purposes at any time, without incurring any costs other than standard transmission costs.

4. Deletion

   After the contract has been fully processed, once our interest in further processing ceases, or if you revoke any consent given, your data will be deleted taking into account statutory retention periods unless you have explicitly consented to further use.

Consent to Use of Photos and Videos

During our in-person and online events, photo and video recordings may be made and published across various media (print, online, social media).

Legal basis: Recording and use is either based on our legitimate interest under Art. 6(1)(f) GDPR for reporting, public relations, and marketing, or on your explicit consent under Art. 6(1)(a) GDPR.

If you do not wish to be photographed or filmed, you can inform the photographer or videographer on-site. This will be respected.

By participating in our events, you consent to images in which you are identifiable, or which you provide to us, being used by us without temporal, spatial, or content restrictions for our communication purposes.

Recordings may be used in particular for:

• Reporting on the event
• Marketing and PR measures
• Presentation of our services and offerings
• Publication on our websites, social media channels, and in print media

Press Photos

Events usually also have accredited press representatives who independently make their own photo and video recordings for journalistic purposes. These publications are carried out independently by the respective media under press law and are outside our control. Please note that objecting to our use of images does not affect external media coverage.

Revocation

If you wish to revoke a given consent, you can do so at any time with effect for the future. In this case, we will cease further publication and, where possible, remove existing material.

4. Plugins and Tools

YouTube

Our website uses plugins from YouTube, LLC, 901 Cherry Avenue, San Bruno, California 94066, United States. When visiting a page with a YouTube plugin, a connection is established to YouTube’s servers. YouTube is informed which of our pages you have visited.

If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your profile. You can prevent this by logging out of your account.

The use of YouTube is in the interest of an appealing presentation of our online offerings (Article 6(1)(f) GDPR).

Further information: YouTube Privacy Policy. https://www.google.de/intl/de/policies/privacy.

Vimeo

We use plugins from the video portal Vimeo, provider: Vimeo Inc., 555 West 18th Street, New York, New York 10011, United States. When visiting a page with a Vimeo plugin, a connection to Vimeo’s servers is established, your IP address is collected, and information is transmitted to the servers in the United States.

If you are logged into Vimeo, Vimeo can directly associate your browsing behavior with your profile. Log out to prevent this.

Purpose of use: appealing presentation of our online offerings (Article 6(1)(f) GDPR).

Further information: Vimeo Privacy Policy. https://vimeo.com/privacy

Yumpu

Our website uses plugins from Yumpu, provider: i-magazine AG, Gewerbestrasse 3, 9444 Diepoldsau, Switzerland. When visiting a page with a Yumpu plugin, your IP address is collected and transmitted to servers in Switzerland.

If you are logged into Yumpu, Yumpu can directly associate your browsing behavior with your profile. Log out to prevent this.

Purpose: appealing presentation of our online offerings (Article 6(1)(f) GDPR).

Further information: Yumpu Privacy Policy. https://www.yumpu.com/de/info/privacy_policy.

Dropbox

Plugins from the file hosting service Dropbox, operator: Dropbox International Unlimited Company, One Park Place, Floor 5, Upper Hatch Street, Dublin 2, Ireland, are used on our website. When visiting a page with a Dropbox plugin, a connection to Dropbox’s servers is established.

If you are logged into your Dropbox account, Dropbox can directly associate your browsing behavior with your profile. Log out to prevent this.

Purpose: appealing presentation of our online offerings (Article 6(1)(f) GDPR).

Further information: Dropbox Privacy Policy. https://www.dropbox.com/terms.

Google Analytics

We use Google Analytics (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, United States) to analyze the use of our website. The information generated is usually transmitted to Google servers in the United States.

• Legal basis: Article 6(1)(f) GDPR
• IP anonymization: activated
• Contract processing: contract with Google to comply with German data protection requirements
• Objection: Opt-Out Google Analytics https://tools.google.com/dlpage/gaoptout?hl=de

Google reCAPTCHA

We use Google reCAPTCHA to prevent spam and automated inputs. reCAPTCHA analyzes your behavior (e.g., IP address, mouse movements). The data is transmitted to Google and is used exclusively for website security. Legal basis: Article 6(1)(f) GDPR (legitimate interest in protection against abuse).

Further information: Google reCAPTCHA. https://www.google.com/intl/de/policies/privacy/ https://www.google.com/recaptcha/intro/android.html

Google Web Fonts

For uniform display of fonts, we load web fonts from Google in your browser. Google can recognize that our website was accessed via your IP address. If your browser does not support web fonts, a standard font from your computer is used.

Purpose: appealing presentation of our online offerings (Article 6(1)(f) GDPR).

Further information: Google Fonts FAQ. https://developers.google.com/fonts/faq

Google Maps

We use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. When accessing subpages with an embedded map, your data, possibly including your IP address, is transmitted to Google servers.

If you are logged into your Google account, Google can associate your data with your profile. Log out if you want to prevent this.

Purpose: presentation of geographic information and facilitation of directions (Article 6(1)(f) GDPR).

The terms of use of Google can be found at: https://www.google.de/intl/de/policies/terms/regional.html

The additional terms for Google Maps can be found at: https://www.google.com/intl/de_US/help/terms_maps.html

Detailed information on data protection related to Google Maps is available on Google’s website (“Google Privacy Policy”): https://www.google.com/intl/de/policies/privacy/

Pretix

For our ticket shop, we use pretix (rami.io GmbH, Berthold-Mogel-Straße 1, 69126 Heidelberg, Germany). Technically necessary cookies enable the order process. pretix does not store IP addresses or browser information beyond the duration of the request.

Further information about data protection at pretix can be found here: https://pretix.eu/about/de/privacy

The use of third-party providers can be part of our (pre-)contractual services if the use of the third parties has been agreed upon within this framework (Article 6(1)(b) and (f) GDPR).

Other Third-Party Providers

For trade fair management, ticket booking, and payment processing, we may use the following third-party providers:

• Stripe (payment processing): https://stripe.com/de/privacy

• Profairs (trade fair management): https://profairs.com/datenschutz

Since our online events are conducted via websites operated by third parties, cookies may process personal data (e.g., IP address). We have no influence on the processing of such personal data by the third parties. Please refer to the privacy policies of these third-party providers during the registration process.

Social Media / Social Media Plugins

We use social media platforms such as Facebook, YouTube, Instagram, X (formerly Twitter), LinkedIn, Xing, Yumpu, and Vimeo to provide content and communicate with users. When using these services, data may be transferred to countries outside the European Economic Area (EEA). The providers are committed to complying with EU data protection standards via Standard Contractual Clauses (SCCs).

When you visit one of our pages equipped with social media plugins, a connection is established to the servers of the respective platform. The respective server is informed which of our pages you have visited.

If you are logged into the platform, your browsing behavior can be directly associated with your personal profile. You can prevent this by logging out of your account.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in professional presentation).

Further information on data handling and opt-out options can be found in the privacy policies of the platforms:

• Facebook: https://www.facebook.com/privacy/explanation
• YouTube: https://policies.google.com/privacy
• Instagram: https://help.instagram.com/519522125107875
• X (formerly Twitter): https://twitter.com/en/privacy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Xing: https://privacy.xing.com/de/datenschutzerklaerung
• Vimeo: https://vimeo.com/privacy
• Yumpu: https://www.yumpu.com/de/info/privacy_policy

5. Data Deletion and Retention Period

Personal data will be deleted or blocked as soon as the purpose for its storage no longer applies. Storage may also continue for as long as required by European or national legislation, including EU regulations, laws, or other provisions applicable to the data controller (e.g., retention and documentation obligations under the German Commercial Code (HGB) or the Fiscal Code (AO), as well as statutory limitation periods under the German Civil Code (BGB)). Data will also be blocked or deleted once a legally prescribed retention period expires, unless there is a necessity to retain the data further for the conclusion or fulfillment of a contract.

6. Disclosure of Data to Third Parties

Personal data will only be shared with third parties where legally permissible and for specific purposes, for example:

• For contract processing and the execution of events, including ticket codes
• To service providers within the scope of order processing (hosting, IT, call centers, payment service providers, printing, logistics)
• To fulfill legal obligations or in the public interest
• Where there is a legitimate interest of the company or third parties (e.g., authorities, debt collection agencies, lawyers)
• With the explicit consent of the data subject

Internal Access: Only authorized employees may access personal data. External parties may use the data solely for the purpose for which it was provided.

7. Use of Links to and from External Providers

Our websites contain links to external providers, for example in blog posts. When you click on such links, you are leaving our site and entering third-party websites, whose data protection and security measures we do not influence. We assume no responsibility for their content or data processing.

8. Processing of Your Data in a Third Country or by an International Organization

When you visit our website or use our services, personal data may be transferred to third countries where the GDPR does not apply. Such a transfer only takes place if an adequate level of data protection exists, appropriate safeguards pursuant to Art. 46 GDPR are in place, or an exception according to Art. 49 GDPR applies.

As appropriate safeguards, we use standard contractual clauses for the transfer of personal data to processors in third countries: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087

9. Payment Service Providers

In the context of contractual and other legal relationships, due to legal obligations, or on the basis of our legitimate interests, we offer participants payment options for paid services.

Personal data (name, address, payment information) is transmitted exclusively to the service providers for the purpose of processing orders/events.

Data processed by the payment service providers includes account data, such as first and last name and address, bank data, such as account or credit card numbers, passwords, TANs and checksums, as well as contract-, amount-, and recipient-related information. This information is required to carry out transactions. The entered data is only processed and stored by the payment service providers. This means we do not receive account or credit card information, only confirmation or negative notification of the payment. In some cases, the data may be transmitted by the payment providers to credit agencies for identity and credit checks. For more information, please refer to the terms and conditions and privacy notices of the payment providers.

Legal basis: Art. 6(1)(b) and (f) GDPR.

10. Data Protection Rights

If personal data about you is processed, you are a data subject under the GDPR. You have the following rights:

• Right of access (Art. 15 GDPR): You have the right to obtain information from us about the personal data we store about you, its origin, recipients, and the purpose of processing (subject to any restrictions under § 34 BDSG).
• Right to rectification (Art. 16 GDPR): Upon your request, we will promptly correct inaccurate or incorrect data.
• Right to erasure (Art. 17 GDPR): We will delete your data unless statutory retention obligations or restrictions under § 35 BDSG or overriding legitimate interests of ours (e.g., for asserting our rights and claims) prevent deletion.
• Right to restriction of processing (Art. 18 GDPR): Under statutory conditions, you can request a restriction of processing.
• Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format or to request transmission to a third party.
• Right to withdraw consent: You can withdraw any consent given for the processing of personal data at any time with effect for the future.
• Right to lodge a complaint (Art. 77 GDPR): You have the right to file a complaint with a data protection supervisory authority. In Bavaria, this is the Bavarian State Office for Data Protection Supervision: https://www.lda.bayern.de/de/impressum.html

Right to Object under Art. 21 GDPR

You have the right to object at any time to the processing of your personal data if it is carried out on the basis of Art. 6(1)(f) GDPR (processing based on a balancing of interests) and there are reasons arising from your particular situation. This also applies to profiling based on this provision pursuant to Art. 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

We may also process your personal data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object at any time; this also applies to associated profiling. We will respect this objection in the future.

 

Privacy Policy Status: August 2025. Changes may occur as we further develop our online offerings.