privacy policy

Privacy policy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to our website, which is accessible under this domain and the various subdomains ("our website").

Objection to advertising e-mails

We hereby object to the use of the contact data published in the legal notice, the data protection notice and other contact data published on the website for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Who is responsible and how can I reach you?

Person responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

SSM Veranstaltungstechnik GmbH
Landshuter Street 11
85716 Unterschleißheim

Data Protection Officer

Stephan Krischke, datenschutz@ssm.de

What is it about?

This privacy policy fulfills the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations.

Who receives my data?

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR,
the disclosure is permitted in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 lit. c GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR.

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This does not apply in the case of data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

As part of the processing operations described in this Privacy Policy, personal data may be transferred to the USA. In particular, US investigative authorities may oblige US companies to hand over or disclose personal data without the data subjects being able to take effective legal action against this. This means that there is a fundamental possibility that your personal data will be processed by US investigative authorities. We have no influence on these processing activities. Data is transferred to the USA in accordance with Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. If the standard contractual clauses are not sufficient to establish an adequate level of security or if it is not possible to conclude the standard contractual clauses, your consent may serve as the legal basis for the transfer in accordance with Art. 49 para. 1 lit. a) GDPR.

Do you use cookies?

Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.

What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Information in accordance with Art. 15 GDPR about the personal data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us;
Deletion in accordance with Art. 17 GDPR of the data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
restriction of processing pursuant to Art. 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose the erasure of the data because you need it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR.
Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible.
Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is carried out for the establishment, exercise or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.
Revocation pursuant to Art. 7 para. 3 GDPR of your consent with effect for the future.
Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.

How is my data processed in detail?

Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling.

Provision of the website

Type and scope of processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which the access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis

Processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 (f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

Storage duration

The aforementioned data is stored for the duration of the display of the website and - for technical reasons - for a maximum of 7 days thereafter.

Registration of a user account

Type and scope of processing

You have the option of registering a user account to use certain areas of our website. The information collected during registration via the mandatory fields is required to provide access to the user account. You can also voluntarily provide additional information for supplementary (convenience) functions.

When registering a user account, your personal data will only be passed on in accordance with this privacy policy.

Purpose and legal basis

We process your data for the purpose of providing a user account to fulfill a contract with you in accordance with Art. 6 para. 1 lit. b GDPR. There is a contractual obligation to provide your data, as this information is required to identify you and to fulfill the contract on our part. There is no legal obligation to provide the data. Without the provision of this information, the registration of a user account and thus the conclusion of a contract is not possible.

In addition, the processing of additional voluntarily provided information for the purpose of providing further (convenience) functions is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. By deactivating the functions / deleting the voluntary information in the user account, you can declare your revocation at any time with effect for the future in accordance with Art. 7 para. 3 GDPR.

Storage duration

We store your personal data as part of the provision of the user account for the duration of the contractual relationship. After the end of the contract / deletion of the user account, your data will only be stored further if there are statutory retention obligations (e.g. tax and commercial law).

Additional information that you provide to us on the basis of your consent will only be stored until you revoke your consent by deactivating the functions / deleting the data, but at the latest until the end of the contract on which the provision of the user account is based.

Technology

SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the "https://" in the address line of the browser instead of "http://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Plug-ins

Type and scope of processing

By using the ‘SSM live’ portal, we offer you the option of using additional services in the form of plug-ins for your event. However, these may need to be ordered separately. In this case, the plug-in operator is responsible for complying with the data protection requirements of the GDPR vis-à-vis you as the client.

Sli.do

Type and scope of processing

We use functions provided by the external service provider Sli.do on our website. The provider is sli.do s. r. o., Vajnorská 100/A, 831 04 Bratislava, Slovakia (European Union). We integrate the interactive tool from Sli.do to enable question and answer sessions in real time. Use of Sli.do is voluntary. Please note that Sli.do can only be used if cookies are allowed to be set. Information in the form of personal data (the IP address, information about the device used (hardware model, operating software used), access time, SSL protocol, SSL certificates, information about any system crashes of the interaction tool, hardware settings, language settings, query of pre-installed cookies to identify the browser or any Sli.do account (if installed on the device used) are collected and stored to ensure functionality and to recognise function-critical access to the Sli.do system. It is possible to use the interaction tool anonymously after consenting to the use of data by Sli.do, so that no personal data (such as names) is transmitted to other participants or Sli.do. This option can be set in the settings of the interaction tool.

Purpose and legal basis

Cookies are only installed after you have given your express consent in accordance with Art. 6 para. 1 lit. a. GDPR. The request for consent is made within the tool via a so-called two-click solution. This means that before the interaction tool is used, reference is made to the data protection guidelines of the tool's operator and consent to the use and transfer of data is given with a click. After that, the interaction tool can be used with a second click. Personal data is only transmitted after your consent.

Storage duration

We have no influence on the specific storage duration of the processed data; this is determined by Sli.do. Further information can be found in the Sli.do privacy policy: https://www.slido.com/terms#privacy-policy.

January 2025