IFA Management GmbH (hereinafter “IFA Management” or “we/our/us”) appreciate you visiting our website and your interest in the products and services we offer. Protecting your personal data is very important to us. IFA Management attaches great importance to data protection. This data protection notice informs about the processing of personal data of website visitors or users (hereinafter referred to as "users") in connection with the use of the websites and the associated sub-pages (hereinafter referred to as "websites") as well as the online offers/presence of IFA Management and marketing. For particular processing activities there will be separate information notices, where necessary. IFA Management will process the personal data of website visitors or users in accordance with this notice and applicable data protection and privacy laws. Our data protection notice on the use of our websites and online offers/presence does not apply to your activities on the websites of social networks or other providers that may be accessed using the links on our websites. Please read the data protection provisions on the websites of those providers.
1. The Controller as per the EU General Data Protection Regulation (GDPR)
Controller: IFA Management GmbH,
IFA Management GmbH. c/o Willkie Farr & Gallagher LLP, An der Welle 4,60322 Frankfurt am Main
Registergericht Berlin Charlottenburg. HRB 236087 B
Data protection officer: Group data protection officer of IFA Management GmbH firstname.lastname@example.org.
2. Collecting and processing your personal data
Whenever you visit our websites or engage with our online offers/presence we store certain information from those interactions. IFA Management processes the following personal data for the websites and its online offers/presence:
Newsletter registration/surveys, competitions (marketing): e-mail address and, if applicable, first name, surname, date and time of consent, type of newsletter, survey and competition and, if applicable, information on interests and answers to questions and communication.
Contact requests: surname, first name, position, company/organisation, e-mail address, date and time of the enquiry and subsequent communication with IFA Management, as well as other information provided in the course of the enquiry.
Comment function, where applicable: in addition to the name of the user, the comments posted, the date and time of the comment and technical data such as the IP address of the user’s equipment.
Social Media Profile: use of and interaction with profiles and content of the various IFA Management events on social media such as Facebook, Twitter, LinkedIn, Instagram, YouTube, Xing and TikTok. Comments, shares and likes can be processed.
Registration/Log in: some websites and online offers/presence may only be accessible after previous registration or to a restricted group of persons. As a rule, the name, e-mail address and date/time of registration/log-in or any consent given are processed for this purpose and the identity of the user is verified. For further details, please see the individual registration/log-in process.
Logfiles: When using the websites and online offers/presence, information may be automatically sent from the end device of the user to the server of the website. This information is stored for a limited time in a so-called log file and includes the following data: Internet browser type and version, operating system, IP address, referrer URL and host name of the accessing end device, timestamp and duration of use, activities performed and result.
Log files have a storage period of 30 days.
Technical data: Cookies or similar tracking technologies automatically collect data when using the websites. For details, see the information on cookies and tracking technologies on the website.
IFA Management processes the following data for e-mail marketing purposes:
Open, click and bounce rates.
When users provide details for (another) person(s) (hereinafter referred to as "third party(ies)") or provide their data, users must ensure and assure that they are authorised to provide IFA Management with such third party(ies)' data, that IFA Management may lawfully process such data for the purposes mentioned in section 3, and that the third party(ies) concerned have been sufficiently informed by the users about the processing of the personal data pursuant to this notice.
Users are not legally obligated to share their (or any third party(ies)) personal information. However, certain features of our websites may depend on the sharing of personal information. If users do not provide the requisite personal information in such cases, the users may not be able to use those features, or they may be available with limited functionality.
The users themselves are the source of the personal data. Otherwise, the data is collected automatically or, in individual cases, transmitted by third parties (especially if the registration is carried out by another person). Mandatory information is marked as such in online forms. Unless otherwise stated, in such cases the information is required for the conclusion of a contract or for access to a specific online offer/presence.
In individual cases, data from other providers (website operators) may be transmitted to IFA Management and processed. In particular, this may be data containing information on the origin of the user, i.e., the source from which the user was directed to our website.
3. Purposes of use
We use the personal information collected during your visit to any of our websites to make using them as convenient as possible for you and to help to protect our IT systems against attacks and other unlawful activities.
If you share additional information with us – for example, by filling out a registration form, completing a survey or entering a competition – we will use that information for the designated purposes and for the purpose of customer management.
In particular, IFA Management processes the personal data mentioned in section 2 for the following processing purposes pursuant to the legal basis specified below:
3.1 Direct marketing, newsletter, market research, surveys and competitions (marketing)
Users can voluntarily register for newsletters or participate in (opinion) surveys or competitions on some of IFA Management's websites and online offers/presence. In these cases, the personal data will be processed for the purpose of contacting the user by e-mail or post and sending the electronic or postal newsletter or participating in and carrying out surveys or competitions. This includes the periodic or event-related electronic dispatch of information about IFA Management and its subsidiaries and affiliates, trade fair/event-related information about IFA Management's own and guest events, including about exhibitors, sponsors, association and other cooperation partners of the respective event as well as their respective products and services, and information about opening, accompanying and subsequent events. Subsequent events also include other trade fairs and events organised or held by IFA Management or its affiliates in Germany and abroad (for the purposes of this notice, “affiliates” means the direct and indirect subsidiaries of Comet Topco Limited, registered in the Cayman Islands (registered number 325378) which is the ultimate holding company of IFA Management). The personal data is also processed for market research purposes, for online surveys and for direct marketing purposes (e.g., individualised online advertising). The legal basis for the processing of data for these marketing purposes is the consent (Art. 6 (1) (a) GDPR) or legitimate interest where applicable (Art. 6 (1) (f) GDPR).
For information on the rights, in particular the right to object to the processing and use of data for marketing purposes, see section 7.
3.2 Contact requests and comment function
IFA Management processes personal data in order to be able to process and respond to inquiries to IFA Management. This can also include information material for marketing purposes, insofar as this serves to answer the inquiry. The processing is based on the legitimate interest of IFA Management in responding appropriately to inquiries and, depending on the kind of addressees, also in press and public relations activities (legal basis: Art. 6 (1) (f) GDPR) or for the performance of a contract or for the implementation of pre-contractual measures, insofar as the inquiry relates thereto (legal basis: Art. 6 (1) (b) GDPR).
On some websites and online offers/presence there may be the possibility to post comments. The personal data in this regard is processed on the basis of the consent of the user (legal basis: Art. 6 (1) (a) GDPR).
3.3 Social media and social media profiles
On the IFA Management websites, buttons for sharing and liking content via social networks may be implemented using the "Shariff" software, which only transmits data to the respective operators of the networks when the buttons are clicked. IFA Management maintains publicly accessible profiles on social networks and social media channels for public relations, external presentation, customer acquisition, advertising and communication with participants of the social networks. The legal basis for data processing is the legitimate interest of IFA Management in a corresponding public presence and acquisition and maintenance of business contacts, also in the interest of the users (Art. 6 (1) (f) GDPR).
3.4 Operation, usability, operability and safety/security
The data in the log files are processed for the purposes of operation, usability, operability and safety/security, including troubleshooting, in the legitimate interest of IFA Management and users (legal basis: Art. 6 (1) (f) GDPR). Some cookies or other technologies used on the websites of IFA Management and online offers/presence also automatically collect data for these purposes. The subsequent processing of this data serves the aforementioned purposes in the legitimate interests of IFA Management and the users (legal basis: Art. 6 (1) (f) GDPR).
When users purchase a ticket or register for an event, personal data is processed for the purpose of establishing and implementing the contractual relationship with IFA Management (legal basis: Art. 6 (1) (b) GDPR). For further information on data protection, please see the separate data protection notices in the registration forms of the respective event.
3.6 Analysis, optimisation and personalised marketing
Cookies or other technologies used on the IFA Management or online offers/presence help IFA Management to analyze the use of the websites or online offers, to measure performance and to optimise the websites or online offers (so-called functional technologies). The subsequent processing of this data for these purposes serves these legitimate interests of IFA Management (legal basis: Art. 6 (1) (f) GDPR). The email marketing data are processed for the purposes of analysing and improving the effectiveness of email marketing. Some technologies are used to display personalised ads that correspond to users' interests (so-called marketing technologies). The subsequent processing of this data for this purpose is based on the consent of the users (legal basis: Art. 6 (1) (a) GDPR).
3.7 Compliance with statutory or legal obligations
IFA Management also processes personal data in order to comply with statutory or other legal obligations (in particular commercial and tax law in the case of contracts, business communication and payments, and data security) (legal basis: Art. 6 (1) (c) GDPR). IFA Management retains any data protection consents and other consents given by users in its legitimate interest (legal basis: Art. 6 (1) (f) GDPR) in providing evidence thereof, inter alia, to comply with its legal obligations (such as accountability under Art. 5 (2) GDPR).
4. Categories of recipients
When users register for newsletters or make an inquiry, the personal data is processed by the competent IFA Management departments (in particular Marketing & Media or Corporate Communication and the respective event team).
Where necessary, personal data (in particular contact details, trade fair/event-related data, status, ticket sales, interests) will be transmitted to other affiliates of IFA Management or to the relevant foreign representative office for the purposes stated in section 3 (in particular, to respond to contact inquiries or, in the case of the foreign representative offices, so that they can serve as the first point of contact in the country of origin and provide support at local level throughout the entire (post-) sales process with respect to the participation in or presence at the trade fair/event, including visa matters, support before and after the trade fair/event (legal basis: Art. 6 (1) (b) GDPR).
If applicable, when users post comments on IFA Management websites or online offers/presence, these may be accessed by all website visitors worldwide (legal basis: Art. 6 (1) (a) GDPR).
On some websites and online offers/presence of IFA Management, services and functions of third parties may be integrated in the form of external links. These links are marked. When users click on these links and use these offers (legal basis: Art. 6 (1) (a) GDPR), they leave the IFA Management website or online offer/presence and are redirected to the website of the respective third party, which may use its own cookies and tracking technologies. These third parties process the data as own controllers within the meaning of the GDPR. For more information, please refer to the data protection and cookie notices of the respective third party.
In order to carry out certain processing activities in connection with the purposes mentioned in section 3 (in particular some special services, shipping/mailings, market research/customer surveys, hosting and IT support, website and content management, data management), external service providers may be used which process the personal data on behalf of IFA Management (so-called "processors“) or in case of telecommunications providers or postal/courier service providers as own controllers (legal basis: Art. 6 (1) (f) GDPR).
Personal data may be disclosed to authorities and public bodies if IFA Management is legally obliged to do so, whether on the basis of laws and regulations (e.g., as part of supervisory authority procedures or by court order, resolution, judgment and the like) (legal basis: Art. 6 (1) (c) or (e) GDPR). For compliance with tax and commercial laws and regulations, personal data are disclosed to the tax and other competent authorities and public institutions.
The categories of recipients of the personal data also include courts and lawyers in the context of litigation, legal disputes and for the purpose of legal advice as well as auditors (legal basis: Art. 6 (1) (c) and (f) GDPR.
5. Data transfers to third countries
Some of the foreign representative offices, affiliates of IFA Management, processors, service providers and third-party providers of social media and social media channels, cookies and tracking technologies are located in third countries outside the EU, which do not provide the same level of data protection as the EU, in particular due to the absence of a legal framework, independent supervisory authorities or data protection rights and remedies. The transfer of personal data to those third countries takes place, if the European Commission has adopted a so-called adequacy decision in this respect (Art. 45 (3) GDPR) or otherwise where appropriate safeguards in accordance with Art. 46 GDPR have been provided, in particular standard data protection clauses adopted by the European Commission pursuant to Art. 46 (2) (c) GDPR (for the latest version see here) and, where necessary, supplementary measures.
With regard to the transfer of data to affiliates of IFA Management and other website visitors or users, the transfer of data to third countries is necessary for the performance of the contract (Art. 49 (1) (b/c) GDPR); otherwise, it takes place on the basis of explicit consent of the users despite the lack of adequate data protection in the third countries outside the EU and the associated risks (Art. 49 (1) (a) GDPR).
6. Storage period
Stored personal data will be erased once they are no longer needed for achieving the relevant purpose of their processing or where you have not participated, attended or registered to attend or participate in one of our events, or otherwise engaged with us in four years, we will delete your data, unless we have an obligation to retain it for longer (for example for taxation purposes). The comments and the associated data (e.g., IP address) remain on the websites and online offers/presence of IFA Management until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e.g., offensive comments).
Insofar as processing is based on consent or on the basis of the legitimate interest of IFA Management or an affiliate of IFA Management, the data in question will no longer be processed for the associated purpose after receipt of the withdrawal of consent or receipt of the objection to the processing and, if applicable, will be deleted, unless legal exceptions to this rule are met. Notwithstanding the foregoing, data with regard to which there are obligations to retain data under commercial or tax law (e.g., German Trade Act) will only be deleted after expiry of the statutory periods (generally 6 or 10 years). Evidence of consent given will be stored for a maximum of three years after the date on which the consent is revoked or otherwise becomes invalid.
7. Data protection rights
To exercise the following rights, users and other data subjects can contact the controller at any time (contact details see section 1 above).
Rights of the data subjects pursuant to Art. 12-21 GDPR: the right to access about personal data, the right to rectification, erasure and data portability as well as to restriction of processing. If consent has been given, this can be withdrawn at any time with effect for the future.
Rights of objection
Insofar as the processing is based on the legal basis of legitimate interest (Art. 6 (1) (f) GDPR) (see section 3 above), the data subject has the right to object to the processing of personal data at any time on grounds relating to the particular situation of the data subject.
Furthermore, an objection to the processing and use of the data for advertising purposes can be lodged at any time with effect for the future. The newsletters also include an unsubscribe link.
If data subjects are of the opinion that the data processing violates data protection law, they have the right to lodge a complaint with the competent supervisory authority of their choice (Art. 77 GDPR in conjunction with section 19 of the German Federal Data Protection Act (Bundesdatenschutzgesetz)).