Controller

meetingmasters.de e.K.
Dipl.-Kfm. Christoph Schwind
Rudi-Schillings-Straße 17
54296 Trier
USt.-IdNr.: DE230247069
Amtsgericht Wittlich HRA 41376

Authorised Representatives: Dipl.-Kfm. Christoph Schwind
E-mail address: info(at)meetingmasters.de 
Phone +49 (0)651 145789-00
Legal Notice: https://www.meetingmasters.de/impressum

Data Protection Officer

DAWOCON GmbH
An der Müllerwiese 10
51069 Köln
Phone +49 (0)221 68003767

Contact

If you have any questions or comments on the subject of data protection, please contact datenschutz(at)meetingmasters.de. All other contact options can be found in the imprint.

Purposes of Processing:

• Communication
• Security measures
• Direct marketing
• Web Analytics
• Targeting
• Remarketing
• Conversion tracking
• Affiliate Tracking
• A/B Tests
• Organisational and Administrative Procedures
• Job Application Process
• Feedback
• Marketing
• Profiles with user-related information
• Provision of our online services and usability
• Information technology infrastructure
• Public relations

• Job application process as a pre-contractual or contractual relationship (Article 6 (1) (b) GDPR) - If special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data, such as severely handicapped status or ethnic origin) are requested from applicants within the framework of the application procedure, so that the responsible person or the person concerned can carry out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law, their processing shall be carried out in accordance with Article 9 (2)(b) GDPR, in the case of the protection of vital interests of applicants or other persons on the basis of Article 9 (2)(c) GDPR or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 (2)(d) GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Article 9 (2)(a) GDPR.

Reference to the applicability of the GDPR and the Swiss DPA:
These privacy policy serves both to provide information pursuant to the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). 

For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms used in the GDPR are applied. In particular, instead of the terms used in the Swiss FADP such as "processing" of "personal data", "predominant interest", and "particularly sensitive personal data", the terms used in the GDPR, namely "processing" of "personal data", as well as "legitimate interest" and "special categories of data" are used. 

However, the legal meaning of these terms will continue to be determined according to the Swiss FADP within its scope of application.

Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we employ TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information that is transferred between the website or app and the user's browser (or between two servers), thereby safeguarding the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions conform to the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being securely and encryptedly transmitted.

Data Transfer within the Organization: We may transfer personal data to other departments or units within our organisation or grant them access to it. 

If the data is shared for administrative purposes, it is based on our legitimate business and economic interests or occurs if it is necessary to fulfil our contractual obligations or if the data subjects have given their consent or a legal permission exists.

This dual safeguard ensures comprehensive protection of your data: The DPF serves as the primary level of protection, while the Standard Contractual Clauses act as an additional security measure. Should any changes occur within the DPF framework, the Standard Contractual Clauses will serve as a reliable fallback option. This ensures that your data remains adequately protected even in the event of political or legal changes.

For individual service providers, we will inform you whether they are certified under the DPF and if Standard Contractual Clauses are in place. The list of certified companies and further information about the DPF can be found on the U.S. Department of Commerce's website at www.dataprivacyframework.gov.

For data transfers to other third countries, appropriate safeguards apply, particularly Standard Contractual Clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission: commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en.

We will inform you which of our service providers are certified under the Data Privacy Framework as part of our data protection notices.

In cases where multiple retention periods or deletion deadlines for a date are specified, the longest period always prevails.

If a period does not expressly start on a specific date and lasts at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the deadline is the time at which the termination or other termination of the legal relationship takes effect.

Data that is no longer stored for its originally intended purpose but due to legal requirements or other reasons are processed exclusively for the reasons justifying their retention.

• Six years - Other business documents: received commercial or business letters, copies of dispatched commercial or business letters, and other documents to the extent that they are significant for taxation purposes, for example, hourly wage slips, operating accounting sheets, calculation documents, price tags, as well as payroll accounting documents, provided they are not already accounting vouchers and cash register tapes Section (Section 147 Paragraph 1 No. 2, 3, 5 in conjunction with Paragraph 3 of the German General Tax Code (AO), Section 257 Paragraph 1 No. 2 and 3 in conjunction with Paragraph 4 of the German Commercial Code (HGB)).
• Three years - Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experiences and common industry practices, will be stored for the duration of the regular statutory limitation period of three years. This period begins at the end of the year in which the relevant contractual transaction took place or the contractual relationship ended in the case of ongoing contracts (Sections 195, 199 of the German Civil Code).

• Right to rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
• Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
• Right to data portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
• Complaint to the supervisory authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

• to statistically analyse the use of moreDirect,
• to inform you about the further development of moreDirect and other products as well as about training events and other services of meetingmasters.de.

You can of course object to this at any time.

Categories of recipients of personal data:

• Account management
• Accounting
• IT department

Your personal data is collected, stored and processed electronically. We store the data you enter in the search form so that your search query (hotel search, location search, MICE service provider search) can be successful and the storage of enquiry and watch lists works.

Enquiries are initially sent anonymously to the selected service providers (hotels, venues, other MICE service providers). Personal data is only transmitted and processed if this is necessary for the fulfilment of the contract. Unless there is a framework agreement between the enquirer and the hotel. meetingmasters.de ensures that it does not take any actions that violate existing data protection regulations as part of the fulfilment of the agency agreement.

In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless it is still necessary to store it. For example, we store your data due to legal obligations to provide evidence and retain data. The storage periods are then up to ten full years.

We use so-called ‘remember me’ cookies for the login. These are activated by ticking the box in the login process so that we can restore your login on your next visit. These cookies are stored for 14 days.

We create web statistics to improve service quality and for marketing and optimisation purposes. We use an analysis technology developed in-house for this purpose. Your data is stored in anonymised form so that it cannot be linked to the identity of the user.

Further information on processing methods, procedures and services used:

• Provision of online offer on rented hosting space: For the provision of our online services, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web hoster"); Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
• Collection of Access Data and Log Files: Access to our online service is logged in the form of so-called "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, known as DDoS attacks), and to ensure server load management and stability; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Retention period: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.

General information on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also object to the processing according to legal regulations, including through the privacy settings of their browser.

• Processed data types: Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).
• Data subjects: Users (e.g. website visitors, users of online services).
• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

• Processing Cookie Data on the Basis of Consent: We implement a consent management solution that obtains users' consent for the use of cookies or for the processes and providers mentioned within the consent management framework. This procedure is designed to solicit, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies employed to store, read from, and process information on users' devices. As part of this procedure, user consents are obtained for the use of cookies and the associated processing of information, including specific processing and providers named in the consent management process. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated queries and to provide proof of consent according to legal requirements. The storage is carried out server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to associate the consent with a specific user or their device.If no specific details about the providers of consent management services are provided, the following general notes apply: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details on the scope of consent (e.g., relevant categories of cookies and/or service providers), as well as information about the browser, system, and device used; Legal Basis: Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

• HubSpot CRM: Management of customer contacts, tracking of sales activities, automation of marketing campaigns, analysis of sales data, creation and management of email campaigns, integration with other tools and platforms, management of customer support inquiries, AI-supported content generation, personalised email creation, predictive sales forecasts, automatic workflow descriptions and AI chatbots for customer interaction
  Service provider: HubSpot Irland Limited, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland
  Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR)
  Website: https://www.hubspot.de/pa/crm
  Privacy Policy: https://legal.hubspot.com/privacy-policy
  Data Processing Agreement: https://legal.hubspot.com/dpa
  Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.hubspot.com/dpa), Data Privacy Framework (DPF)Standard Contractual Clauses (https://legal.hubspot.com/dpa).
• Hubspot Forms: Creation and management of forms, collection and storage of user data, integration into websites and CRM systems, automation of follow-up emails, analysis of form performance, segmentation of data for targeted marketing campaigns
  Service provider: HubSpot Irland Limited, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland
  Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
  Website: https://www.hubspot.com/products/marketing/forms
  Privacy Policy: https://legal.hubspot.com/privacy-policy
  Data Processing Agreement: https://legal.hubspot.com/dpa
  Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.hubspot.com/dpa), Data Privacy Framework (DPF)Standard Contractual Clauses (https://legal.hubspot.com/dpa).

• Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
• Security measures: IP Masking (Pseudonymization of the IP address).
• Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

HubSpot Tracking Code: The tracking code and tracking pixel collect visitor data, including website activities, IP addresses, and online identifiers, to monitor website traffic and analyze user behavior. This data helps identify visiting companies, associate visits with known contacts, and store information about browsers and devices. The insights gained contribute to optimizing user experience and website performance.

The collected data includes the company domain (when self-identified through form submission or registration), IP address, visit timestamps, visitor ID, page views, clicks, and device information. Additionally, interactions such as scrolling behavior, time spent on pages, navigation paths, and referring URLs are tracked to enable a more precise analysis of user behavior and detailed insights into visitor journeys. This data is processed based on cookie consent and account settings to improve digital services, generate reports on website traffic and interactions, and refine strategies for optimizing content and user engagement. By analyzing user behavior, businesses can tailor content, improve conversion rates, and optimize marketing efforts. Furthermore, the data collection helps identify repeat visits, segment audiences, and personalize user experiences based on past interactions. 

Additionally, tracking mechanisms allow businesses to track leads and assess the effectiveness of marketing campaigns by analyzing click-through rates, form submissions, and interactions with call-to-action elements. This data helps optimize strategies, target audiences more effectively, and maximize engagement with digital content
Service provider: HubSpot Irland Limited, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland
Legal Basis: Consent (Article 6 (1) (a) GDPR)
Website: https://knowledge.hubspot.com/account/how-does-hubspot-track-visitors
Privacy Policy: https://legal.hubspot.com/privacy-policy
Data Processing Agreement: https://legal.hubspot.com/dpa
Basis for third-country transfers: Standard Contractual Clauses (https://legal.hubspot.com/dpa), Standard Contractual Clauses (https://legal.hubspot.com/dpa).

Also in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

• Processed data types: Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.). Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Communication; Feedback (e.g. collecting feedback via online form). Public relations.
• Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

• LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
  
  We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum," https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. 
  
  The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
  Website: https://www.linkedin.com;
  Privacy Policy: https://www.linkedin.com/legal/privacy-policy
  Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://legal.linkedin.com/dpa), Data Privacy Framework (DPF)Standard Contractual Clauses (https://legal.linkedin.com/dpa)
  Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Xing: Social network
  Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
  Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
  Website: https://www.xing.com
  Privacy Policy: https://privacy.xing.com/en

• Purposes of processing: Provision of our online services and usability.
• Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years.).
• Legal Basis: Consent (Article 6 (1) (a) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

• Google Maps: We integrate the maps of the service "Google Maps" from the provider Google. The data processed may include, in particular, IP addresses and location data of users
  Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
  Legal Basis: Consent (Article 6 (1) (a) GDPR)
  Website: https://mapsplatform.google.com/
  Privacy Policy: https://policies.google.com/privacy
  Basis for third-country transfers: Data Privacy Framework (DPF), Data Privacy Framework (DPF)
• Font Awesome (from the server of the provider): Obtaining fonts (and symbols) for the purpose of a technically secure, maintenance-free and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform presentation and consideration of possible restrictions under licensing law.
  
  The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted which are necessary for the provision of the fonts depending on the devices used and the technical environment
  Service provider: Fonticons, Inc. ,6 Porter Road Apartment 3R, Cambridge, MA 02140, USA
  Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
  Website: https://fontawesome.com/
  Privacy Policy: https://fontawesome.com/privac

Ereasure of data: In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, to which applicants are entitled at any time. Subject to a justified revocation by the applicant, the deletion will take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our duty of proof under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Admission to a talent pool - Admission to a talent pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time for the future.

• Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.). Job applicant details (e.g. Personal data, postal and contact addresses and the documents pertaining to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, etc., as well as other information on the person or qualifications of applicants provided with regard to a specific job or voluntarily by applicants).
• Data subjects: Job applicants.
• Purposes of processing: Job Application Process (Establishment and possible later execution as well as possible later termination of the employment relationship).
• Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
• Legal Basis: Job application process as a pre-contractual or contractual relationship (Article 6 (1) (b) GDPR).

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

• Personal Data: "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Log data: Protocol data, or log data, refer to information regarding events or activities that have been logged within a system or network. These data typically include details such as timestamps, IP addresses, user actions, error messages, and other specifics about the usage or operation of a system. Protocol data is often used for analyzing system issues, monitoring security, or generating performance reports.
• Web Analytics: Web Analytics serves the evaluation of visitor traffic of online services and can determine their behavior or interests in certain information, such as content of websites. With the help of web analytics, website owners, for example, can recognize at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of their websites to the needs of their visitors. For the purposes of web analytics , pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online service.
• Remarketing: Remarketing" or "retargeting" is the term used, for example, to indicate for advertising purposes which products a user is interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.
• Location data: Location data is created when a mobile device (or another device with the technical requirements for a location determination) connects to a radio cell, a WLAN or similar technical means and functions of location determination. Location data serve to indicate the geographically determinable position of the earth at which the respective device is located. Location data can be used, for example, to display map functions or other information dependent on a location.
• Targeting: "Tracking" is the term used when the behaviour of users can be traced across several websites. As a rule, behavior and interest information with regard to the websites used is stored in cookies or on the servers of the tracking technology providers (so-called profiling). This information can then be used, for example, to display advertisements to users presumably corresponding to their interests.
• Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Processing: The term "processing" covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.
• Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any kind of automated processing of personal data that consists of using these personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) (e.g. interests in certain content or products, click behaviour on a website or location). Cookies and web beacons are often used for profiling purposes.