Data Protection Policy for AFMG Business Events

Introduction

This Data Protection Policy provides information on how we process personal data of individuals who meet us at business events, such as tradeshows, conferences, business meetings, technical committee summits, and the like (hereinafter: “Business Events”) and provide us their contact information, e.g. through the provision of business cards or via electronic means.

For any questions or requests in this regard, please feel free to contact our Customer Success Team via email to @email or by phone at +49 (0)30 467 092 – 30.

Overview

1. General

  1.1. Data Controller and Data Processor Identification
  1.2. Definitions

2. Data processing when providing your contact information to AFMG staff members

3. Automated data processing

  3.1. IP Address and device information
  3.2. Use of cookies

4. Recipients of the Personal Data

5. Your rights as a Data Subject

 

1. General

  1.1. Data Controller and Data Processor Identification

The Data Controller is AFMG Technologies GmbH (hereinafter: “AFMG”, “we”, and “us”), Borkumstr. 2, 13189 Berlin, Germany. Tel.: +49 (0)30 467 092 – 30, Fax.: +49 (0)30 467 092 – 27, email: @email.

AFMG’s Data Processors:

  • The Rocket Science Group, LLC d/b/a Mailchimp (hereinafter: “Mailchimp”), 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States of America.
  • For InfoComm fair, only: CompuSystems, Inc. (hereinafter: “CompuSystems”), 2651 Warrenville Rd., Suite 400, Downers Grove, IL 60515. Tel.: +1 708 344 9070.
  • For ISE fair, only: FIRA INTERNACIONAL DE BARCELONA with CIF Q-0873006-A and its subsidiaries ALIMENTARIA EXHIBITIONS SLU with CIF B-62704457 and FIRA BARCELONA INTERNATIONAL EXHIBITIONS AND SERVICES SL with CIF B-66507088 (hereinafter: “FIRA DE BARCELONA”), Av. Reina Mª Cristina s/n 08004 Barcelona. Tel.: 932 332 000. E-mail: dpo [at] firabarcelona.com.

  1.2. Definitions

Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”).

Cookie is a simple computer file made of text, which is typically stored by the end user’s browser when visiting a website. It can include a range of information, such as details about your device and usage behavior, previously visited websites, and custom configurations. This data can be used, e.g. to allow websites to operate properly, to personalize the user’s experience when visiting a website, and to find out if someone has visited a website before.

Data Controller means the entity that determines the purposes and means for the processing of Personal Data.

Data Processor means the entity that processes Personal Data on behalf of the Data Controller.

Sub-processor means any Data Processor engaged by Mailchimp or its affiliates to assist in fulfilling its obligations with respect to providing services as Data Processor to AFMG.

GDPR is an abbreviation for REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Back to overview.

 

2. Data processing when providing your contact information to AFMG staff members

Explanation and purposes of processing

Whenever meeting one or more AFMG staff members during a Business Event, it is only natural that the parties exchange business contact information for possible future businesses. AFMG uses the Personal Data freely provided by you in two ways:

  1. We store your name and business email address for the purpose of sending you a single follow-up email with general information and links you can refer to in order to know more about AFMG and our software solutions, and how they could be of help to your business. The email also contains links to the sign-up form that allows you to opt-in to our email marketing platform AFMG News. We will not subscribe you to AFMG News without your consent.

    The above-mentioned Personal Data is stored in our email marketing platform Mailchimp (see section 4. Recipients of the Personal Data), in the belonging Follow-Up List. After the follow-up email is sent, we will automatically unsubscribe you from the Follow-Up List created for this purpose and your Personal Data will be taken out of operation. This data will remain stored for a limited time as evidence that AFMG used it in accordance with this data protection policy and GDPR. We will permanently delete your Personal Data from this platform three years after the end of the year in which you were unsubscribed. No archived copies will be kept.
     
  2. Additionally, the AFMG staff members that have been in touch with you may choose to store your name, company name, business email address, business phone numbers, and business address, in our servers, for the purpose of developing and maintaining a joint business relationship, and at no circumstance for marketing or publicity purposes.

We may collect your Personal Data during a Business Event by electronic means, provided you give us permission to do so. Particularly during tradeshows, conventions, conferences, and the like, we may use a badge scanner or smart device to scan your badge and collect Personal Data you previously provided to the company managing the corresponding Business Event.

AFMG will not store and will not use any additional data which may be temporarily available on business cards or through electronic means, other than the above-mentioned Personal Data. Additional data may be only temporarily available to AFMG and will be destroyed within one year after the Business Event.

The collected Personal Data will be stored and processed only for as long as it is required for the purposes for which they have been collected, provided no exception as per Art. 17 (3) GDPR applies. Art. 17 (3) GDPR lays out the exceptional conditions for not erasing Personal Data.

We do not intend to store your Personal Data longer than needed.

Legal basis

The legal basis for this processing of data is Art. 6 (1), first sentence, (f) GDPR. The legitimate interest in processing the relevant data, in a way that is reasonably expected by the industry, is that it allows AFMG to reasonably create and maintain business relationships, permitting the company growth and the continued provision of solutions to customers interested on them for their businesses.

Back to overview.

 

3. Automated data processing

  3.1. IP Address and device information

  Explanation and purposes of processing

Although AFMG automatically removes you from the temporary list created to process your data according to Section 2, bullet-point 1, you can still manually unsubscribe from this list, as well as verify and change your data.

In order to manage your preferences and to unsubscribe from the Follow-Up list, you will be linked to and use webpages under the domain of afmg.us3.list-manage.com, which are hosted by Mailchimp on our behalf (hereinafter: “Follow-Up List Profile Webpages”).

When clicking the links “why did I get this?”, “unsubscribe from this list”, or “update subscription preferences” available in the follow-up email received, you visit the related Follow-Up List Profile Webpages.

The following information is automatically collected and processed by Mailchimp when you visit the Follow-Up List Profile Webpages:

  • The IP address and operating system of your computer or other end device (e.g. tablet or smartphone)
  • Browser data, such as type, version, display settings, language, usage data, log files, and requests sent by your browser

The IP address and operating system of your device are necessary for technical reasons, so that you can visit and use the Follow-Up List Profile Webpages. These websites cannot be accessed and operate properly without this data being processed. The processing of the IP address is either anonymized or deleted once it is no longer required for technical reasons for you to access/use the form website.

Browser data is also necessary for technical reasons, so that the form can operate properly and be displayed suitably. In addition, this data is used for optimization of the website and as a basis for future improvements to the website (when applicable).

Legal basis

The legal basis for this processing of data is Art. 6 (1), first sentence, (f) GDPR. The legitimate interest in processing the relevant data is that it makes accessing the website technically possible, allows optimization of the content display for the user, and enables the continued improvement of the internet service in the future.

  3.2. Use of cookies

  Explanation and purposes of processing

When you visit the Follow-Up List Profile Webpages in order to manage your preferences or to unsubscribe from the Follow-Up List, Mailchimp uses first-party cookies for the purposes described below. These cookies are automatically removed according to the specified expiration date.

The following essential cookies are strictly necessary to provide you with services and to use some of the features available through AFMG News websites.

Cookie Name Description Expiration
_AVESTA_ENVIRONMENT
This cookie allows a visitor to use the forms to manage his registration, and unsubscribe.

This cookie is also used to enhance the performance and functionality of Follow-Up List Profile Webpages. Without this cookie, certain functionality may become unavailable. 
End of the browser session
PHPSESSID This cookie is a so-called session cookie. It preserves user session state across page requests and is necessary for the administration of Follow-Up List Profile Webpages.  End of the browser session 

When registered users visit the Follow-Up List Profile Webpages under the domain of afmg.us3.list-manage.com in order to manage their preferences, or to unsubscribe from this list, Mailchimp uses the following first party analytics and customization cookies, to collect information that allows Mailchimp to understand interactions with these webpages, and ultimately refine the websites’ usability and experience.

Cookie Name Description Expiration
_gid Used to distinguish users 24 hours
_ga Used to distinguish users 2 years
_gat Used to control the request rate 1 minute

You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies you may still use Follow-Up List Profile Webpages though your access to some functionality and areas of these webpages may be restricted. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, refer to your browser’s help menu for more information. You will also find instructions on how to change your cookie preferences for some of the most popular browsers here:

Cookie settings in Chrome
Cookie settings in Firefox
Cookie settings in Internet Explorer
Cookie settings in Safari on Mac

  Legal basis

The legal basis for this processing of data is Art. 6 (1), first sentence, (f) GDPR. The legitimate interest in processing the data is that it enables the use of the website and its functions, the optimization of the content displayed to the user, and the improvement of the services provided.

Back to overview.

 

4. Recipients of the Personal Data

Processors

For the InfoComm fair in the United States of America, the processing of Personal Data related to badge scanning services is carried out by CompuSystems on behalf of AFMG. To learn more about how your data is used when attending InfoComm fair visit InfoComm Show Policies and AVIXA Privacy Policy, as well as CompuSystems Privacy Policy.

For the Integrated Systems Europe (ISE) fair in Europe, the processing of Personal Data related to badge scanning services is carried out by FIRA DE BARCELONA on behalf of AFMG. To learn more about how your data is used when attending the ISE fair please refer to FIRA Privacy Policy, ISE Privacy Policy, as well as ISE Terms and Conditions.

The sending of the follow-up email is carried out by Mailchimp on behalf of and based on instructions provided by AFMG. Your Personal Data is transmitted outside the EU based on a controller-processor-agreement.

Both Mailchimp and CompuSystems are required to provide an adequate level of protection (within the meaning of EU Data Protection Law) for the Personal Data. Mailchimp, as well as CompuSystems, are contractually committed to transfer and process the Personal Data in compliance with the Standard Contractual Clauses for processors, as approved by the European Commission or Swiss Federal Data Protection Authority (as applicable).

Sub-processors

Mailchimp, Compusystems and FIRA DE BARCELONA use affiliates and a range of third-party Sub-processors to assist in providing the services used by AFMG. These companies are required to enter into written agreement with their Sub-processors imposing data-protection terms that require the Sub-processors to protect the Personal Data to the standard required by data-protection laws.

An up-to-date list of Mailchimp Sub-processors can be viewed here:

https://mailchimp.com/legal/subprocessors/

These Sub-processors provide Mailchimp with cloud hosting and storage services, content delivery, content review services, assist in providing customer support, as well as incident tracking, response, diagnosis, and resolution services. Mailchimp may transfer and process your Personal Data anywhere in the world where Mailchimp, its affiliates, or its Sub-processors maintain data-processing operations (within the limits of GDPR).

Back to overview.

 

5. Your rights as a Data Subject

You may exercise certain rights regarding AFMG’s processing of the Personal Data that relates to you.

Right to rectification

You have the right to obtain from AFMG the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement (Art. 16 GDPR).

Right to erasure

You have the right to obtain from AFMG the erasure of Personal Data concerning you (Art. 17 (1) GDPR), provided no exception as per Art. 17 (3) GDPR applies.

Within 30 days after we have received your request, we will permanently delete the Personal Data concerning you from our Data Processor. We will also isolate and archive your data internally, for a limited time, inside AFMG headquarters, only to be used in the cases laid out in Art. 17 (3) GDPR. After three years have passed since the end of the year the Personal Data was isolated, we will also process the permanent removal of the Personal Data concerning you from our archive.

Right to object to processing on the basis of legitimate interests

To the extent that processing of data is based on Art. 6 (1), first sentence, (f) GDPR ("legitimate interests"), you have the right, under Art. 21 GDPR, and on grounds relating to your particular situation, to object at any time to the processing of Personal Data concerning you.

In the case of an objection, AFMG will no longer process the Personal Data, unless the processing serves the assertion, exercise, or defense of legal claims or AFMG can prove necessary, legitimate grounds for the processing that override the interests, rights, and freedoms of the Data Subject.

Right to access your data

You have the right, under Art. 15 GDPR, to obtain from AFMG confirmation as to whether or not Personal Data concerning you are being processed and, if applicable, to obtain a copy of the Personal Data undergoing processing.

Right to restrict the processing of your data

In certain cases, you have the have the right to obtain from AFMG restriction of processing of Personal Data concerning you. These cases are laid out in Art. 18 (1) GDPR.

Right to portability

You have the right to receive the Personal Data concerning you, which you have provided to AFMG, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller, in the cases laid out in Art 20 (1) GDPR.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular within the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of Personal Data relating to you infringes the GDPR (Art. 77 GDPR). Please refer to your local data protection authority for more information. On the European Commission website, you can refer to the list of data protection authorities within the European Economic Area.

Back to overview.

 

We may review and, where necessary, update this data protection policy. If we plan to use your Personal Data for a new purpose, that is incompatible with the original purposes described, we will update this policy and when appropriate request consent for the new purpose.

 

Version: 2.0

Berlin, March 28, 2024