Privacy Policy for the SPIEL Essen App

Version 2.0, 01 August 2024

Thank you for your interest in our app. The protection of your personal data when processing it for the use of the app is paramount to us. Your personal data is collected and processed in compliance with the applicable data protection regulations, particularly the General Data Protection Regulation (hereinafter referred to as “GDPR”), the Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei digitalen Diensten (hereinafter referred to as “TDDDG”) and the regulations of the EU member states which apply to us. This Privacy Policy provides information on the type, scope and purpose of the personal data processing activities within the scope of the use of the app and related functions. This Privacy Policy also explains your rights.

By downloading and installing / using our app, you enter into a contract with us on the use of the app and explicitly agree with the information and methods stated in the Privacy Policy.

1. Controller

Responsible for the processing of personal data:

Eyeled GmbH
Science Park 1
66123 Saarbrücken
Germany
Phone: +49 (0)681 3096 - 110
E-mail: [email protected]
Website: www.eyeled.de

2. Data protection officer

The data protection officer responsible for data processing is:

Michael Wirth
Eyeled GmbH
Phone: +49 (0)681 3096 - 110
E-mail: [email protected]

Please contact our data protection officer directly should you have questions or suggestions relating to data protection or wish to object to the processing of your data in accordance with this Data Protection Declaration.

3. Data processing

If you would like to use our mobile app, we collect the following data that is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security. The legal basis for the processing is, unless otherwise stated, Art. 6 (1) lit. b GDPR and § 25 Abs. 2 Nr. 2 TDDDG.

a. Device information and events

We process device data to send you push notifications and for crash reporting to determine errors that may have caused the app to crash. This includes the following data: device ID, model and name, operating system, time stamp and error cause.

We process device data to send you push notifications only with your consent and the legal basis for this data processing is therefore Art. 6 (1) lit. a GDPR. Push notification data is deleted as soon as the query has been processed. You can deactivate the push notification service and thus object to the processing of your personal data. For further information on push notification function go to Section Event Information.

The data is required for crash reporting in order to analyse and correct errors and/or app crashes. This purpose represents our legitimate interest in the data processing activities and the legal basis for the processing is therefore Art. 6 (1) lit. f GDPR. The data is essential for crash reporting; you cannot object to this processing. The crash data is deleted as soon as it is no longer required for analysis and error correction purposes. Please uninstall the app and contact the controller if you object to the data being processed for this purpose.

The data is deleted as soon as it is no longer required for fulfilling the purpose for which it was collected.

b. Location data

We need access to the location of your device to provide you with location based services. As part of this service, we send you helpful information relating to your location and the respective event. Your location data is determined via GPS data, Wi-Fi network IDs in the area, mobile communications data and Bluetooth and is only used for the technical implementation of the corresponding functions.

Your location data is not used to create movement profiles other than your current location and we neither log nor store it.

If you do not give us permission to access it, we will not use the location data. The legal basis for this data processing is therefore Art. 6 (1) lit. a GDPR and §25 Abs. 1 TDDDG.

You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.

c. Calendar access

We need to access your calendar to give you the option to store the dates of your trade fair visit plans in your calendar. We do not read or store any personal data from your calendar during this process. You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.

d. Address book access

We need to access your address book to give you the option to store contacts you have been given in the form of digital business cards, matchmaking or list of exhibitors or speakers. We do not read or store any personal data from your address book during this process. You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.

e. Camera access

We need to access your camera to read QR codes or barcodes, e.g. digital business cards, and to take image notes. The data is stored on your device. You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.

f. Device storage access

We need to access your device’s storage to select your profile photo and to store your own digital business card and trade fair visit data created by you. You can object to this access by adjusting the settings of your operating system at any time. Please note that individual functions may not be available if you block access.

g. Usage Tracking

This app uses Matomo (formerly Piwik). Matomo is a web analytics application. We use Matomo to record data on the manner, how and which app functions have been used. This includes search requests, advertising banner clicks and which groups of goods and exhibitor entries are called up in the app and at which frequency. The information generated about your use of this app is first stored locally on your device and then transferred to our servers if you have a sufficient internet connection. The information recorded on the use of this app is transferred to our servers and not to third parties.

We only use Matomo with activated IP anonymisation. The IP address of the user is abbreviated to two bytes. This abbreviation makes it impossible to link the IP address to your person.

The processing of personal data enables us to analyse the behaviour of the users of our app. This data is analysed to continuously optimise our app, its contents and ease of use.

The processing only takes place with your consent when you first start the app and the legal basis for the processing is therefore Art. 6 (1) lit. a GDPR and §25 Abs. 1 TDDDG.

You can revoke your consent at any time for the future and prevent the collection and processing of your data related to your use of the app by Matomo by switching off the function in the App Settings.

The personal data is deleted after 24 months.

h. E-Ticketing

Through e-ticketing, the fair tickets are integrated into the app for display. Within the scope of e-ticketing, we process the following personal data: Surname, first name and e-mail address of the ticket holder, if this has not been specified of the ticket purchaser, company and company position and the ticket barcode.

The provision of the functionality and thus the processing of the personal data takes place until a maximum of 4 weeks after the trade fair. You have the possibility to object to the data processing at any time. To do so, please contact the controller.

i. Event Information

This app offers the possibility to receive advertisements and information on the topics of the event via push notification. Push notifications are messages that appear on your smartphone without opening the respective app. The received push messages are saved on your device.

In order to provide you with this function, your push id, your interest profile and the content of the push notification are processed.

For technical reasons, the processing of the push messages by your operating system provider (Google or Apple) takes place in the USA, among other places.

For push notifications, your push id and the content of the push notification are transmitted to your operating system provider.

For more information, please see the privacy policy of Google:
https://policies.google.com/privacy
https://firebase.google.com/support/privacy

For more information, please see the privacy policy of Apple:
https://www.apple.com/legal/privacy/

What does data transfer to a third country mean?
When using the push notification function, data may also be transferred to third countries, in particular to the USA. There may not be the same level of data protection law and your European data protection rights may not be enforced. In particular, there is the possibility that security authorities in the third country access the transmitted data at the operating system provider and and analyse it, for example by linking data with other information.
This concerns the above data. Other information from the app is not covered by this. In all other respects, the data transmitted by the app will be stored exclusively on servers in Germany or in another country in the EU (or the European Economic Area), which are subject to the strict requirements of the General Data Protection Regulation (GDPR).

This concerns your push id and the content of the push notification. Other information from the app is not covered by this. In all other respects, the data transmitted by the app will be stored exclusively on servers in Germany or in another country in the EU (or the European Economic Area), which are subject to the strict requirements of the General Data Protection Regulation (GDPR).

The processing only takes place with your consent and the legal basis for the data processing is therefore Art. 6 (1) lit. a GDPR and §25 Abs. 1 TDDDG. The legal basis for the processing of data in a third country is your consent pursuant to Art. 49 (1) lit. a.

You can revoke your consent for the future at any time by deactivating the push notifications in your app settings.

j. Route planner

This app offers you the possibility to create a daily plan for visiting the trade fair according to your favorites and appointments. To be able to plan the day, the following data must be processed on a server: the arrival time at the trade fair, the used entrance to the event as a starting point for planning, exhibitor ID including stand ID, event and appointment IDs including stand ID, start time and duration, and your IP address. The plan created on the server, the start time and the used entrance to the event are then saved on your device.

The processing only takes place with your consent prior to the first use of this functionality and is thus based on the legal basis of Art. 6 (1) lit. a GDPR and §25 Abs. 1 TDDDG.

You can revoke the consent at any time for the future under Route planner.

The deletion of personal data on the server takes place after the planning of your route.

k. External websites

This app contains links to third party websites. External links are marked with this symbol:

When you click on an external link, data is transmitted to the link destination. This is technically necessary due to the protocol on which the Internet is based (TCP/IP). The transmitted data are in particular: Your IP address, the time at which you clicked on the link and the page on which you clicked on the link.

l. External Content

This app can automatically load content from third-party platforms such as Google Maps, X (Twitter), Vimeo or YouTube.

In the process, data is transferred to the third-party provider in a third country, in particular in the USA. This is technically necessary due to the protocol on which the Internet is based (TCP/IP). The transmitted data are in particular: Your IP address, the time at which you loaded data and the page on which you loaded the data.

For more information, please see privacy policies of the individual third-party platforms under the following links:

• Google Maps: https://policies.google.com/privacy?hl=en&gl=en
• X (Twitter): https://twitter.com/en/privacy
• YouTube: https://support.google.com/youtube/answer/2801895?hl=en
• Vimeo: https://vimeo.com/privacy

What does data transfer to a third country mean?
When loading external content, data may also be transferred to third countries, in particular to the USA. There may not be the same level of data protection law and your European data protection rights may not be enforced. In particular, there is the possibility that security authorities in the third country access the transmitted data at the operating system provider and and analyse it, for example by linking data with other information.
This concerns the above data. Other information from the app is not covered by this. In all other respects, the data transmitted by the app will be stored exclusively on servers in Germany or in another country in the EU (or the European Economic Area), which are subject to the strict requirements of the General Data Protection Regulation (GDPR).

This concerns your IP address, the time at which you clicked on the link and the page on which you clicked on the link. Other information from the app is not covered by this. In all other respects, the data transmitted by the app will be stored exclusively on servers in Germany or in another country in the EU (or the European Economic Area), which are subject to the strict requirements of the General Data Protection Regulation (GDPR).

The processing only takes place with your consent and the legal basis for the data processing is therefore Art. 6 (1) lit. a GDPR and §25 Abs. 1 TDDDG. The legal basis for the processing of data in a third country is your consent pursuant to Art. 49 (1) lit. a.

You can revoke your consent for the future at any time by deactivating the loading of external content in your app settings.

4. Security measures

We have implemented numerous technical and organisational measures for the processing of personal data to ensure that the processed personal data is as fully protected as possible. However, we would like to point out that it is impossible to fully protect the data against third-party access during internet-based data transfer due to the general security gaps of the latter.

5. Transfer to third parties and countries

We generally only use your personal data within our company.

We only disclose or transfer personal data to other persons or companies or grant them any other form of access to the data within the scope of our processing activities if we are permitted to do so by law, have your consent and/or a legal obligation to do so or if this is based on our legitimate interests.

In the event of us engaging a third party with the processing of personal data based on an order processing agreement, the legal basis is Art. 28 GDPR.

Data transfer to instances or persons outside the EU only takes place within the scope of the Event Information and loading of External Content on the basis of your respective consent pursuant to Art. 49 (1) a.
No further data transfer to instances or persons outside the EU takes place and is not planned.

What does data transfer to a third country mean?
When using the push notification function within the Matchmaking and/or Event Information functionality, data may also be transferred to third countries, in particular to the USA. There may not be the same level of data protection law and your European data protection rights may not be enforced. In particular, there is the possibility that security authorities in the third country access the transmitted data at the operating system provider and and analyse it, for example by linking data with other information.
This concerns the processed data in sections Event Information and External Content. Other information from the app is not covered by this. In all other respects, the data transmitted by the app will be stored exclusively on servers in Germany or in another country in the EU (or the European Economic Area), which are subject to the strict requirements of the General Data Protection Regulation (GDPR).

6. Rights of the data subject

The applicable laws give you various rights regarding your personal data. If you wish to assert these rights, please send your request, including a clear identification of your person, via e-mail or mail to the address stated in No. 2.

Below is an overview of your rights.

a. Right to information

You have the right to obtain information from us at any time about the processing of personal data carried out by us.

b. Right to correction

You have the right to request that we correct any inaccurate personal data relating to you without delay.

c. Right to deletion

You have the right to request that we delete your personal data without delay.

d. Right to limitation of processing

You have the right to request that we limit the processing of your personal data.

e. Right to data transferability

You have the right to receive your personal data which you provided to us in a structured, standard and machine-readable format.

f. Right to objection

You have the right to object against the future processing of your personal data which is based on Art. 6 (1) lit. e or f GDPR at any time.

In the event of an objection, we no longer process your personal data, unless we have proof of compelling reasons for the processing activities that are worth protecting and which outweigh your interests, rights and freedoms, or the processing activities serve to enforce, execute or defend legal claims.

g. Right to withdraw consent to process personal data

You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of this consent does not affect the legality of the processing based on the consent until its withdrawal.

h. Right to complain to a supervisory authority (Art. 77 GDPR)

You have the right to complain to a responsible supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR. The following is the responsible supervisory authority: Unabhängiges Datenschutzzentrum Saarland, Fritz-Dobisch-Straße 12, 66111 Saarbrücken. However, the complaint can also be lodged with another supervisory authority.

7. Amendments to our Data Protection Declaration

We reserve the right to amend this Data Protection Declaration to ensure that it always meets legal requirements. Please refer to the version number, including date, at the top of the Data Protection Declaration in this respect.