Privacy policy

Below, we provide information about the collection of personal data via the website of Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG www.innovation-festival.de

§ 1 – Definitions and contact details

1. Personal data is all data that relates or can be related to you personally, e.g. name, address, email addresses, usage behaviour.

2. The responsible body for data processing is Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG, represented by its managing director Jens Mohrmann. 

You can contact the responsible body at

Address: Neuer Messplatz 3, 79108 Freiburg
Telephone: +49 761 3881 - 02
Email: info@innovation-festival.de

3. The data protection officer of FWTM Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG is the certified data protection officer and solicitor Marc E. Evers.

Address: DataSEKure Rechtsanwaltsgesellschaft mbH, Weilerstraße 9, 79252 Stegen
Telephone: +49 761 2057430
Email: datenschutz@datasekure.de

§ 2 – Purpose and legal basis of data processing

1. Collection of personal data when visiting the website

When you use the website for informational purposes only, i.e. when you visit our website, we do not process any personal data, with the exception of the data that your browser transmits to enable you to visit the website. This means that we only store access data in so-called server log files, which are stored until they are automatically deleted. These are:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring convenient use of the website
  • Evaluating system security and stability, and
  • For other administrative purposes

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

In addition, we use cookies and analysis services when you visit our website. You can find more detailed information on this in Sections 6 and 7 of this privacy policy.

2. Collection of personal images or videos when attending events 

During events in the rooms and open spaces used by Freiburg Wirtschaft und Touristik GmbH & Co.KG, photos and videos are taken. This may also include photos or videos in which individual visitors or organisers can be recognised. These photos and videos are collected for the purpose of presenting the events in brochures, press reports, social media channels and on the FWTM websites.

This serves to safeguard our legitimate interests in advertising the event and addressing our customers in accordance with Art. 6 (1) (f) GDPR, which prevail in the context of a balancing of interests. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

For more detailed information on your rights regarding photo and video recordings, please refer to Section 5 (2) of this privacy policy.

Section 3 – Recipients of your data

1. Your data will not be passed on to third parties without your express consent. In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Your personal data will therefore not be transferred to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 (1) (a) GDPR,
  • the transfer is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

2. Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contract conclusions or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.

3. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the offer.

§ 4 – Duration of storage of your data

1. When you contact us by e-mail, we will store the data you provide (your e-mail address, your name and telephone number, if applicable) in order to answer your questions. We will delete the data collected in this context once it is no longer necessary to store it, or we will restrict its processing if there are legal retention obligations.

2. The data you have provided will also be stored for the duration of the ongoing business relationship with you. If this contractual relationship expires or you exercise your rights under § 5, your data will be treated in accordance with your rights under § 5 and deleted if necessary, unless legal regulations stipulate longer retention periods.

Section 5 – Your rights

1. to information, correction, deletion, restriction or data transfer

You have the right to request information from us at any time about the data we have stored about you, as well as its origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage.

You have the right to have the data we store about you corrected, restricted or deleted at any time, unless there are legal retention periods that prevent this.

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller.

2. to object to or revoke the processing of your data at any time

(1) If you have given your consent to the processing of your data, you can revoke this consent at any time. Such revocation affects the permissibility of the processing of your personal data after you have notified us of your revocation.

(2) Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is not necessary in particular for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or point out to you our compelling legitimate reasons for continuing the processing.

(3) You may, of course, object to the processing of your personal data for advertising and data analysis purposes at any time.

3. Complaint to the data protection authority

If you do not agree with the way we handle your data stored with us, you have the right to lodge a complaint with the competent data protection authority.

§ 6 – Cookies

1. We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware.

2. Information is stored in the cookie that is related to the specific device used. However, this does not mean that we immediately become aware of your identity.

3. The use of cookies serves, on the one hand, to make the use of our website more pleasant for you. We use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our website.

4. In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a specific period of time. If you visit our site again to use our services, it will automatically recognise that you have already been with us and what entries and settings you have made, so that you do not have to enter them again.

5. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see § 7). These cookies enable us to automatically recognise that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

6. The data processed by cookies is necessary for the purposes mentioned above in order to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

7. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

§ 7 – Usercentrics consent management tool

In order to fulfil our data protection obligations, we use the consent management tool Usercentrics from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich ("Usercentrics").

By using Usercentrics, data from website visitors regarding consent given or revoked (opt-in, opt-out data, consent ID, consent number, date and time of consent, implicit or explicit consent, banner language, customer settings, template version) and device data (device information, browser information (http agent, http referrer), anonymised IP address) is processed. This data is transmitted to Usercentrics.

Data processing is carried out to fulfil our legal obligations in accordance with Art. 6 (1) c) GDPR. Further information on data processing at Usercentrics can be found at https://usercentrics.com/privacy-policy/.

You can adjust your preferences at any time in our cookie settings.

§ 8 – Use of Google Analytics

1. This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP analysis is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

2. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

3. You may refuse the use of cookies by selecting the appropriate settings on your browser software; however, please note that if you do this, you may not be able to use the full functionality of this website.

4. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de

5. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

6. Google Analytics is used in accordance with the requirements agreed between the German data protection authorities and Google. Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use, overview of data protection, and privacy policy.

§ 9 – Microsoft Clarity 

We use the web analytics service Microsoft Clarity from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, to analyse the use of our website, improve it regularly and make it more interesting for you as a user. The following data is collected by Microsoft: 

  • IP address
  • Location data
  • Browser information
  • Screen resolution
  • Language settings
  • Websites/subpages visited
  • Date and time of website visit
  • Clicks, scroll movements and mouse movements
  • Session recordings (videos of user interactions)
  • Heat map data (visualisation of user interactions) 

This data is only provided to us in summarised, anonymised form, so that we cannot draw any conclusions about individual users from the data provided to us. In session recordings, sensitive data that could allow conclusions to be drawn about the user's identity is masked by Microsoft Clarity. 

Any linking of data provided via Microsoft Clarity with Google Analytics is also only carried out in such a way that no association with the individual user is possible. In addition, Microsoft Clarity states that it never sells user data to third parties. 

Microsoft Clarity uses JavaScript code embedded in our website to collect data. This code sets cookies and uses the browser's local storage to store information and ensure the functionality of the tool. All relevant information about the cookies, including their name, purpose and storage duration, is contained in our detailed list of cookies used. 

The data collected by Microsoft Clarity is stored for a period of up to 13 months. After this period has expired or when the service is no longer used, the data is deleted, provided that there are no legal retention obligations. 

Additional details can be found at https://learn.microsoft.com/en-us/clarity/setup-and-installation/data-retention. We recommend checking these links regularly for changes, as Microsoft may update the functionality and data processing of Clarity. 

We have also concluded a data processing agreement with Microsoft. 

The legal basis for the processing of your data is Art. 6(1)(a) GDPR, i.e. integration only takes place with your consent. You can revoke your consent at any time, most easily via our cookie manager. Your data may also be processed on servers belonging to Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, i.e. also in the USA. Microsoft participates in the EU-US Data Privacy Framework, which came into force on 10 July 2023, and has thus officially committed itself to the US Department of Commerce to comply with the principles of the EU-US Data Privacy Framework. Microsoft's EU-US Data Privacy Framework registration can be viewed at https://www.dataprivacyframework.gov/list. The EU-US Data Privacy Framework guarantees an adequate level of data protection, i.e. one that is equivalent to that of the EU, in accordance with the European Commission's adequacy decision of 10 July 2023. In addition, we have agreed so-called standard contractual clauses with Microsoft, the purpose of which is to ensure an adequate level of data protection in third countries. 

Further information is available at https://clarity.microsoft.com. For more information on how Microsoft Clarity handles user data, please refer to Microsoft's privacy policy: https://www.microsoft.com/de-de/privacy/privacystatement.

§ 10 Integration of YouTube videos
1. We have integrated YouTube videos into our online offering, which are stored on https://www.YouTube.com and can be played directly from our website. [These are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transferred. We have no influence on this data transfer.] This serves to safeguard our legitimate interests in the optimal marketing of our offering in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, which prevail in the context of a balancing of interests. 

2. When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in § 2 of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want this assignment to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. 

3. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

§ 11 – SOCIAL MEDIA

  • LinkedIn
  • Instagram
  • Facebook

FWTM would like to expressly point out that Meta, Google and LinkedIn store their users' data (e.g. personal information, IP address, etc.) in accordance with their data usage policies and use it for business purposes. FWTM has no knowledge of the collection and processing of data by social networks. Further information can be found in the privacy policies of Meta, LinkedIn and Google.

§ 12 – Data security

When you visit our website, we use the widely used SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

§ 13 – Use of Meta Pixel (formerly "Facebook Pixel")

Our website uses advertising measures from Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland) (formerly Facebook, Inc.) ("Meta"). By integrating the analysis and marketing tool "Meta Pixel" (formerly "Facebook Pixel") on our website, we can display our advertising measures ("Facebook Ads") to users of our website and the social networks Facebook and Instagram, and measure and evaluate the success and effectiveness of our advertising measures ("conversion tracking") and optimise our public relations work with regard to our event and location marketing by addressing interested parties in a targeted manner in line with their needs. This connection between the social network and our website is technically established via "Meta Pixel". The legal basis for the processing of your data is Art. 6 (1) (a) GDPR, i.e. the integration only takes place with your consent.

Due to the marketing tools used, your browser automatically establishes a direct connection to Meta's server when you visit our website. We have no influence on the scope and further use of the data collected by Meta through the use of this tool and therefore present the processes known to us to you: Through the integration of Meta Pixel, Meta receives the information that you have accessed the corresponding website of our Internet presence or clicked on an advertisement from us. If you are registered with a Facebook or Instagram service, Meta can assign the visit to your account. Even if you are not registered with Meta or have not logged in with a Meta-affiliated social media account, it is possible that the provider may obtain your IP address and other identifying features and use them to create a profile.  Specific interactions on our website (such as ticket purchases, completed bookings or form submissions), the achievement of certain goals defined by us (contact requests, bookings, etc.) as well as browser and device settings are also processed.

The information collected is stored on Meta servers, possibly also on servers of Meta Platforms Inc. (1601 Willow Rd. Menlo Park, CA 94025, USA), i.e. also in the USA. Meta participates in the EU-US Data Privacy Framework, which came into force on 10 July 2023, and has thus officially committed itself to the US Department of Commerce to comply with the principles of the EU-US Data Privacy Framework. Meta's EU-US Data Privacy Framework registration can be viewed at https://www.dataprivacyframework.gov/list. The EU-US Data Privacy Framework guarantees an adequate level of data protection, i.e. one that is equivalent to that of the EU, in accordance with the European Commission's adequacy decision of 10 July 2023. In addition, we have agreed so-called standard contractual clauses with Meta, the purpose of which is to ensure an adequate level of data protection in the third country.

You can withdraw your consent at any time without affecting the lawfulness of the processing until withdrawal. The easiest way to withdraw your consent is via our Consent Manager. In addition, logged-in users can deactivate personalised advertising via the settings of their respective social media accounts. You also have the option of setting tracking and advertising blockers in your browser settings.

Further information on data processing by Meta is available at https://www.facebook.com/privacy/center/.

Data protection guidelines for registering for the Käpsele Innovation Festival

 

§ 14 Organiser

The organisers are:

IHK Südlicher Oberrhein

Schnewlinstr. 11-13, 79098 Freiburg, info@freiburg.ihk.de, +49761 3858-0, www.ihk.de/freiburg/

Freiburg Wirtschaft Touristik und Messe GmbH & Co.KG

Neuer Messplatz 3, 79108 Freiburg, kontakt.info@fwtm.de, 0761 3881-01, www.fwtm.freiburg.de

Hereinafter referred to as the organiser.

This data protection policy applies to contracts concluded with the organisers (IHK Südlicher Oberrhein, Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG) for participation in the "Käpsele Innovation Festival" event.
 

§ 15 Description of the processing activity

The data protection information is provided in connection with registration for the "Käpsele Innovation Festival" event.
 

§ 16 Name and contact details of the controller

The controller responsible for data processing is Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG, represented by its managing director Jens Mohrmann.

You can contact the responsible body at the following address: Neuer Messplatz 3, 79108 Freiburg, +49 761 3881-01, kontakt.info@fwtm.de www.fwtm.freiburg.de

The data protection officer of Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG is the certified data protection officer and lawyer Marc E. Evers. You can contact our data protection officer using the contact details above.
 

§ 17 Purposes and legal basis of processing

Personal data is not spied on or collected by the organiser without your knowledge. Only personal data that you voluntarily provide to the organiser in the course of a transaction is stored electronically.
The stored personal data is collected and processed for the purposes listed below. The organiser assures you that your information will be treated confidentially. Only those employees of the organiser who are processing your case/request/registration will have access to your information. 

This personal data is collected:

  • Company
  • Title, first name, surname
  • Email
  • Address
  • Telephone number
  • Date and time of registration/ticket purchase
  • Discount code redeemed
  • Amount to be paid
  • Status of ticket personalisation
  • Information necessary for the provision of services within the scope of the order.

The data is processed in order to

  • Organise and carry out the event
  • Perform statistical analysis and processing of the events
  • Send invitations to follow-up events
  • guarantee payment processing
  • set up an event newsletter
  • Supporting the company in relation to the organisers' business purposes
  • processing any liability claims that may arise and asserting any claims against you.

Personal data is processed on the basis of Art. 6 (1) (b) GDPR (contract/preliminary contract) and on the basis of Art. 6 (3) sentence 1 (b) GDPR (organisational investigations and business statistics).
 

§ 18 Photo and film recordings

Photographs and film recordings will be made during the event for the purposes of documentation, public relations and advertising. The recordings will be used in press releases and print media, on the website and on the organisers' social media channels. In addition, selected image and video material will be used to promote future events. For these purposes, the organisers will also pass on the recordings to third parties (e.g. press companies, sponsors, speakers and cooperation partners).

The participant may be recognisable in the photos and film recordings. By registering and purchasing a ticket, the participant agrees that photos and film recordings may be stored, used and published for the purposes described above.

Within this framework, participants waive any payment of fees and do not make any claims in connection with the use of their photographs.

Permission to take photographs or film is not a prerequisite for participation in the event. Objections may be submitted to the organiser in writing by email.

The legal basis for this is the organiser's legitimate interest in public relations work for the event and documentation of the offer and service; Art. 6 (1) (f) EU GDPR. The recordings will be used for the duration of the communication measures or for permanent archiving. The image databases are regularly maintained and recordings that are no longer needed are deleted.

You are hereby informed of your legal rights as a participant: You may object in accordance with Art. 21 EU GDPR; request information in accordance with Art. 15 EU GDPR, request correction or completion in accordance with Art. 16 EU GDPR, request deletion in accordance with Art. 17 EU GDPR, request restriction of processing in accordance with Art. 18 EU GDPR, request transfer in accordance with Art. 20 EU GDPR, complain to a supervisory authority. Further information can be found in the data protection provisions for the event.
 

§ 19 Recipients/category of recipients of personal data

The personal data will be transferred to:

  • service providers commissioned with the organisation and implementation of an event,
  • to third parties if the organiser is legally obliged to do so or if you have given your prior consent to the transfer of data, or to institutions that are co-organisers, or if the event takes place in another company or venue, for admission control purposes, if applicable
  • the financial accounting department within Freiburg Wirtschaft Messe GmbH & Co. KG for payment processing
  • If applicable, to the speakers at the event
  • Employees of the organisers entrusted with planning, implementation and execution

The service providers responsible for technical support for the application and for event management have access to the data.

§ 20 Duration of storage of personal data

Personal data will be processed for the duration of the fulfilment of the above-mentioned purposes. Once the purpose has been fulfilled, the aforementioned data will be deleted, if possible within the system; otherwise, the personal reference will be removed through anonymisation and access to your data will be blocked. Legal, contractual or statutory retention periods may prevent the deletion or blocking of data. The limitation periods may be up to thirty years due to Sections 195 et seq. of the Civil Code; the regular limitation period is three years. In addition, tax, commercial, tax law and other statutory retention obligations must be observed. The retention/documentation periods provided for therein are six to ten years, plus a further four years for the limitation period for assessment. In order not to violate legal regulations or lose the possibility of enforcing a claim or defending ourselves against such a claim, the organisers reserve the right to delete the data only after the expiry of the last period that legitimises data storage. In the event of consent, the data will be deleted upon revocation of consent.

§ 21 Transfer of data to third parties

Personal data will not be transferred to third parties for purposes other than those listed above. Data will only be passed on to other third parties in consultation with you. 

§ 22 Rights of data subjects

As a participant, you are hereby informed of your legal rights: You may lodge an objection in accordance with Art. 21 EU GDPR; request information in accordance with Art. 15 EU GDPR, request correction or completion in accordance with Art. 16 EU GDPR, request deletion in accordance with Art. 17 EU GDPR, request restriction of processing in accordance with Art. 18 EU GDPR, request transfer in accordance with Art. 20 EU GDPR, request transfer; pursuant to Art. 77 EU GDPR, lodge a complaint with a supervisory authority.

If you have any complaints regarding data protection, you can contact the competent supervisory authority: State Commissioner for Data Protection and Information Security Baden-Württemberg. For more information, visit: www.baden-wuerttemberg.datenschutz.de.

 

As of January 2026