Privacy Policy Statement for event registration under article 13 of Regulation (EU) 2016/679
Var Group GmbH (hereinafter also “the Company"), part of Group Var Group, with registered office at Mies-van-der-Rohe-Straße, 8 - 80807 München, Deutschland, hereby informs users regarding the terms and conditions under which it processes personal data. The Company acts in the capacity of “data controller”, defined as “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”.
The privacy policy statement applies in particular to the personal data of users registering for this event. Under personal data processing legislation, users who register for the event are classified as “data subjects”, meaning the natural persons to whom the data being processed refer.
1. Data Controller’s Contacts
Please contact our Data Protection Office for any further information regarding personal data processing relative to the event: digitallaw&[email protected]
2. Personal data processed
With regard to registration for this event, the Company may process the following personal data of Users:
a. Identification data including full name, email address and duration of the service;
b. special categories of data as defined by art. 9 GDPR (e.g. food allergies or intolerances);
c. any photos and/or videos shot at the event location during the event itself (if relevant). If material is recorded during the event, a separate privacy policy statement will be affixed at the entrance.
3. Purpose and legal basis of the processing of personal data
The personal data referred to in point 2) section a) of this privacy policy statement will be processed pursuant to article 6(1)(b) GDPR for the organisation and holding of the event. In this case, the basis of the processing is the fulfilment of specific requests and the performance of precontractual measures, and therefore users’ specific consent is not required.
Personal data referred to in point 2) section b) will be processed for the purpose of the organisation of the event and the serving of suitable food (e.g. in case of food allergies or intolerances). These data are processed on the basis of specific consent in accordance with article 9(1)(a) GDPR
To conclude, information as per point 2), section c) of this privacy policy statement will be processed, where relevant, for the production of photographic and/or multimedia material for use as advertising material by the company. The basis of this processing is the legitimate interest of the company, supported by an analysis of the balance of interests under article 6(1)(f) GDPR.
If material is recorded during this event, participants will be notified accordingly by specific privacy policy statements affixed at the entrance and will be able to avoid the areas where recordings are made. Event participants note the possible range of telephoto lenses and/or cameras in general and the possible use of their photos for publication in media intended for dissemination for the company’s advertising purposes, and recognise that they shall have no grounds for claims or complaints on these grounds. The Company shall be relieved of any financial obligation or liability with regard to any misuse of the material by third parties.
4. Procedure for contribution of personal data
The contribution of the data as per point 2) subsection a) is compulsory, since participation at the event is not possible in the absence of these data.
In the case of the data as per point 2) subsection b), the contribution of these data by data subjects is optional and voluntary. Data subjects contributing these data must give their consent in order to enable the company to process them and thus comply with special dietary needs. The company will be unable to process these data in the absence of this consent.
The contribution of the data as per point 2), subsection c), where relevant, is optional and voluntary.
Participants may withdraw their consent to the processing of their personal data at any time by emailing digitallaw&[email protected]; withdrawal of consent shall not affect the lawfulness of any processing performed prior to the withdrawal.
5. Methods and duration of processing of personal data
Users’ personal data are processed by company staff specifically authorised by the company; all such staff are informed and instructed in writing. Processing may be performed with the aid of electronic devices and electronic systems or telematic apps or also in paper form, in accordance with legislation safeguarding the security and confidentiality of personal data together with data’s accuracy, timeliness and relevance to the declared purposes.
Personal data are stored in electronic or paper databases at the company’s head office or commercial premises.
In the case in point, data for the purposes as per point 2), subsection a) will be stored in a form which allows the identification of the data subject for a period of time not exceeding 15 days.
In the case in point, data for the purposes as per point 2), subsection b) will be deleted within 15 days after the end of this event, unless the data subject requests their erasure prior to this term.
The Company will process data for the purposes as per point 2), subsection c) until their erasure is requested by the data subject, unless otherwise required by law. The company will no longer disseminate your data after receipt of any such erasure request. After any erasure request as aforesaid, the Company will no longer disseminate your data, but it will be unable to guarantee their effective erasure as they may be reproduced virtually ad infinitum by third parties.
Please also note that specific security measures have been adopted to prevent the lost of data, illegal or improper use, or unauthorised access.
6. Recipients of personal data
Within the limits of the purposes identified in this policy, users’ personal data may be disclosed, in order to fulfil legal obligations, within the European Union (EU) or European Economic Area (EEA).
For the contractual purposes for which data as per point 2) subsection a) are processed, your personal data may be transferred to the following categories of recipients within the European Union:
- Any suppliers of support services and consulting relating to areas of activity such as (for example) event organiser companies;
- People and authorities whose right of access to personal data is specifically established by laws, regulations, or measures of the competent authorities
For the purposes of organisation of the event with regard to which data will be processed further to consent as per point 2) subsection b), your personal data may be transferred to the following categories of recipients within the European Union:
- Any catering service providers
- People and authorities whose right of access to personal data is specifically established by laws, regulations, or measures of the competent authorities
For the purposes of the recording of images for the production of photographic and/or multimedia material for use as advertising material by the company on the basis of the Company’s legitimate interest as per point 2 subsection c):
- Any providers of multimedia material production services (e.g. photographers, videomakers);
It should also be noted that personal data will not be transferred outside the European Union (EU) or European Economic Area (EEA). Personal data will not be disseminated and will therefore not be divulged to the public or an unlimited number of people, except for the purposes as per point 2), subsection c).
The full list of entities which process the data in the capacity of data processors is available on request from the contacts provided in this privacy policy statement or via email from digitallaw&[email protected]
7. Rights pursuant to articles 15, 16, 17, 18, 20 and 21 of Regulation (EU) 2016/679
Within the limits established by the relevant legislation, you may exercise the following rights at any time free of charge by emailing digitallaw&[email protected]:
a) data subject’s right of access under article 15 GDPR;
b) right to rectification under article 16 GDPR;
c) right to erasure under article 17 GDPR;
d) right to restriction of processing under article 18 GDPR;
e) right to portability under article 20 GDPR;
f) right to object under article 21 GDPR.
It should be noted that the data subject’s personal data will be processed in order to verify their identity if they exercise any of the aforesaid rights pursuant to article 6(1)(c) GDPR.
You may exercise your rights by emailing: digitallaw&[email protected]
Under article 77 GDPR and section 19 of the German Federal Data Protection Act, the data subject also has the right to lodge a complaint with the supervisory authority.
The competent authority for Var Group GmbH is:
list here
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Postfach 1349
Telefon: 0981 180093-0
E-Mail: [email protected]