Privacy policy for events

The protection of your personal data is of particular concern to us. With this privacy policy, we would like to inform you about how and to what extent we process personal data in the context of organizing events in accordance with Regulation (EU) 679/2016 - General Data Protection Regulation ("GDPR"), the Federal Data Protection Act ("BDSG") and other applicable data protection regulations.

This privacy policy applies to all participants of events organized by ada Learning GmbH (also referred to as "us", "we"). It applies both to face-to-face events and to hybrid formats that can also be attended online.

"Personal data" in this sense is all information that can be used to establish a connection to a person. For example, certain characteristics that allow conclusions to be drawn about the identity (e.g. the assignment of an IP address to a specific person by querying the connection with an Internet service provider). We use the term "personal data" in this privacy policy as defined in Art. 4 No. 1 GDPR.

The data controller is us, the

ada Learning GmbH
Graf-Adolf-Platz 15
40213 Düsseldorf
Deutschland
E-Mail: hello@join-ada.com

‍

You can reach our Data Protection Officer, the

Clandestine GmbH
Dornberger Straße 27
33615 Bielefeld
www.clandestine.de

can be reached via post under the above address or via email under privacy@join-ada.com.

As an event organizer, we process a range of personal data of our participants. The categories of personal data processed include in particular:

• Your full name and contact details (e.g. address, (mobile) telephone number, e-mail address);
• Data from the device you used to order the ticket and - in the case of hybrid events - to participate in the event online;
• Online usage data (e.g. your IP address) of the connection via which you ordered the ticket and - in the case of hybrid events - via which you participate in the event online;
• Payment data;
• Your voice (if audio recordings are made at events);
• Your image (if photos or video recordings are made at events).

We use your personal data in accordance with the rules of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant laws.

We mainly require the data to enter a contractual relationship (ticket purchase) with you so that you are entitled to attend the event. This is the data that is requested in mandatory fields in the order form. We process the data required for this based on Art. 6 para. 1 lit. b GDPR.

If some data queries in the ordering process are marked as optional, you can provide the answers voluntarily. We use this data for statistical purposes. If you provide the data voluntarily, you give your consent to this (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR). If necessary, we aggregate the data later and combine it with the responses of other participants. As a result, the data is anonymized and thus falls outside the scope of the applicable data protection law.

If we take photographs and videos, we generally process your personal data on the basis of your consent (Art. 6 (1) (a) GDPR, Art. 7 GDPR). We are also permitted to take overview photos of our events in which individual persons do not stand out but appear as part of the overall scenery. In accordance with Sections 22, 23 (1) Nos. 2 and 3 KUG, we may also take such photographs without your consent and process your personal data if you are recognizable in the photographs. We base this on our legitimate interest (Art. 6 para. 1 lit. f GDPR in conjunction with Art. Art. 85 GDPR.)

In any case, we will provide clearly visible notices at the event venue to draw attention to the taking of photographs and video recordings and their use (e.g. social media platforms).

We generally make audio recordings based on your consent (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR).

Your personal data is generally collected directly from you when you order tickets or during the event (e.g. photographs). If third parties (e.g. an organization for which you are employed) make the registrations for you, we will receive your personal data from this organization.

Personal data may be passed on to internal and external third parties as part of the ticket ordering process and when organizing events. Internal recipients are generally the employees responsible for organizing the events and our accounting department.

We also use several external IT service providers and other service providers at the event location. These are mostly processors. We have concluded corresponding order processing contracts to ensure that personal data is only processed on behalf of and in accordance with instructions.

We can summarize the recipients of personal data in the following categories:

• Event service managers (e.g. event agencies);
• Ticket Sales Service Provider;
• Operator/landlord of the locations;
• Photographers/Videographers;
• Social media platforms;
• Software tools, e.g. for streaming hybrid events.

‍

Parts of the data processing may take place in countries outside the European Union and the European Economic Area (so-called "third countries"). Personal data will only be processed in third countries if one of the following conditions is met:

• There is an adequacy decision for the respective third country.
• We have concluded EU standard contractual clauses with the respective partner.
• There is another suitable guarantee (e.g. certification under the EU US Data Privacy Framework for data recipients in the USA).

In this way, we ensure that an appropriate level of data protection is ensured during processing.

We only store your personal data for as long as is necessary. As soon as this is no longer the case, personal data will be anonymized or deleted.

We generally retain data that is stored based on your consent for as long as we can legally assume that consent exists. In principle, consent must be revoked in order to lose its validity. However, some consents (e.g. for marketing purposes) may also lose their validity due to the passage of time. Although we are no longer permitted to use the consent after it has been withdrawn and, if applicable, after it has expired, we may still retain it for a limited period of time for evidence purposes in order to be able to prove that effective consent has been given in the event of legal disputes.

As a rule, we store data required for the performance of the contract for the duration of the statutory limitation periods plus a waiting period of six months.

Accounting data is stored for the duration of the statutory retention periods, which are generally ten years.

Insofar as we process data based on our legitimate interest, we generally store the data for as long as our legitimate interest exists.

Under the provisions of the GDPR, you have the right to

• To request information about which personal data (e.g. name, address, etc.) is stored about you (Art. 15 GDPR: Right of access by the data subject).
• If you notice any errors, you have the right to have the data corrected. (Art. 16 GDPR: Right to rectification).
• If you do not want us to continue storing your data, you can request that we erase it (Art. 17 GDPR: Right to erasure).
• If you do not want us to continue using your data, you can request that we restrict processing (Art. 18 GDPR: Right to restriction of processing).
• To receive your data from us in a commonly used format so that it can be passed on to a third party of your choice. (Art. 20 GDPR: right to data portability), lodge a complaint with a supervisory authority at any time (Art. 77 GDPR in conjunction with Section 19 BDSG: Right to lodge a complaint with a supervisory authority).

If we process your data on the basis of a legitimate interest, you have the right to object to the use of your data at any time (Art. 21 GDPR: Right to object). In this case, we will no longer process your personal data.
‍

Exception:

We have grounds that override your rights or need to use your data to pursue legal claims.  
‍

Direct advertising:

If your data is used for direct advertising, you can also object to this at any time.
‍

Right to withdraw consent:

If you have given us your consent, you have the right to withdraw your consent at any time. In this case, all data processing that we have carried out up to your revocation remains lawful. You can withdraw your consent via any communication channel, e.g. by sending an email to privacy@join-ada.com. If you inform me in this message that you do not wish to receive e-mails in future, we will no longer send any messages to the e-mail address you have provided.