Privacy Policy

Privacy Policy

This is the privacy policy for the website https://cieca2026.com.

We process the personal data collected via this website exclusively as set out in this policy. In this privacy policy, we inform you in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR) how we process your personal data, for what purposes it is processed, with whom it is shared, and what control and information rights you may have.

Responsible for data processing

TÜV | DEKRA arge tp 21 GmbH
Wintergartenstraße 4, 01307 Dresden
Managing Director: Dipl.-Ing. Mathias Rüdel
Phone: +49 351 20789-0
Email: sekretariat@argetp21.de

Provision of the website and creation of log files

  1. The provider of this website and its pages automatically collects and stores information in so-called server log files that originate from the device used to access the website (e.g., computer, mobile phone, tablet, etc.). The information includes:
    1. Information about the browser type and version used;
    2. the operating system of the accessing device;
    3. Host name of the accessing computer;
    4. the IP address of the accessing device;
    5. date and time of access;
    6. Websites and resources (images, files, other page content) that were accessed on our website;
    7. Websites from which the user’s system accessed our website;
    8. Notification of whether the retrieval was successful;
    9. Amount of data transferred.
  2. This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website. To achieve this, server log files must be recorded.

Contact

When you contact us (e.g., by email or telephone), the information provided by the inquiring persons will be processed to the extent necessary to respond to the contact inquiries and any requested measures.

Responding to contact requests within the framework of contractual or pre-contractual relationships is done to fulfill our contractual obligations (Art. 6 para. 1 sentence 1 lit. b GDPR) or to respond to (pre)contractual inquiries (Art. 6 (1) (b) GDPR) and, in addition, on the basis of legitimate interests in responding to inquiries (Art. 6 (1) (f) GDPR).

We process the following types of data: contact details (e.g., names, addresses, email, telephone numbers) and content data (e.g., entries in online forms).

Those affected by data processing are our communication partners.

Data processing fulfills the purpose of contact requests and communication.

The contact data will only be stored for as long as is necessary to fulfill the purpose of the contact.

Server location

Our website is hosted on servers within the EU.

The server log files are stored exclusively on these servers.

Hosting provider: ALL-INKL.COM – Neue Medien Münnich
Address: Domstraße 20, 09111 Chemnitz, Germany

The hosting provider processes personal data for us as a processor in accordance with Art. 28 GDPR and uses it exclusively for the provision and maintenance of the website.

Operation of the online store (WooCommerce)

We use the WordPress content management system with the WooCommerce plugin to operate our online shop.

We use the payment service provider Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to process credit card payments.

  1. Processed data
    The following personal data is processed when using the shop:
    1. Last name, first name
    2. Billing address
    3. Email
    4. Telephone number, if applicable
    5. Booking and contract data
    6. Payment method (e.g., Stripe, bank transfer)
    7. IP address
    8. Technical metadata (timestamp, status information)

    When using Stripe as a payment method, additional payment information such as credit card details is transmitted directly to Stripe. The payment data is not stored on our servers but is processed directly by Stripe. When paying by bank transfer, bank details (IBAN, account holder) are processed.

  2. Purpose of processing
    Data processing is carried out for the following purposes:
    1. Processing of conference registrations and online shop orders
    2. Fulfillment of contracts
    3. Invoicing and accounting
    4. Customer management
    5. Fraud prevention and secure payment processing (with Stripe)
  3. Legal basis
    1. Art. 6 (1) (b) GDPR – for the performance of the purchase or service contract
    2. Art. 6 (1) (f) GDPR – legitimate interest in secure payment processing (only for Stripe)
    3. Art. 6 (1) (c) GDPR – statutory retention obligations (accounting, tax law)
  4. Obligation to provide
    The provision of data is necessary for the execution of the booking, payment processing, and invoicing. Without the provision of this data, the contract cannot be fulfilled.
  5. Storage period
    Personal data will be deleted as soon as it is no longer required for the above-mentioned purposes, taking into account statutory retention periods.
    Commercial and tax law requirements: 6–10 years
    Log and system data: after the technically necessary period
  6. Automated decisions/profiling
    Stripe may use partially automated processing for fraud prevention. There is no exclusively automated decision-making within the meaning of Art. 22 GDPR.
  7. Third country transfers
    Personal data transferred to Stripe may be transferred to third countries outside the EU/EEA (e.g., the US). The transfer is based on appropriate safeguards such as standard contractual clauses (SCCs) or the EU-US Data Privacy Framework.
  8. Further information
    Further details on data protection at Stripe can be found here: https://stripe.com/de/privacy

Cookies

We only use technically necessary cookies that are required for the operation of the website and the online store (e.g., shopping cart, security).

These cookies do not require consent in accordance with Section 25 (2) TDDDG.

Disclosure of your data to third parties

Your personal data will only be passed on if:

  1. this is necessary for the execution of a contract,
  2. we are legally obliged to do so,
  3. or a data processing agreement pursuant to Art. 28 GDPR exists.

Recipients/categories:
  1. Hosting provider (EU)
  2. Payment service providers (Stripe)
  3. Banks
  4. IT and maintenance service providers
  5. Tax advisors

Deletion periods

Personal data will be deleted immediately if one of the following reasons applies and there are no overriding legitimate reasons for processing:

  1. the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
  4. the personal data has been processed unlawfully.

Your rights

Within the framework of the applicable legal provisions, you have the right to request information about your personal data at any time. To assert your rights as a data subject, please contact:

Email: datenschutz@argetp21.de

Specifically, you have the following rights:

  1. Right of access (Art. 15 GDPR)
    You have the right to request information about whether and which personal data we process about you. In particular, you can request information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients, the planned storage period, and your other rights in connection with data processing.
  2. Right to rectification (Art. 16 GDPR)
    You have the right to request the immediate rectification of inaccurate personal data or the completion of incomplete personal data, insofar as it concerns you.
  3. Right to erasure (Art. 17 GDPR)
    You have the right to request the erasure of your personal data if one of the reasons provided for by law applies, in particular if the data is no longer necessary for the purposes for which it was collected or if you have revoked your consent and there is no other legal basis for the processing. The right to erasure does not apply if there are legal retention obligations or overriding legitimate reasons for processing.
  4. Right to restriction of processing (Art. 18 GDPR)
    You have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you oppose its erasure, or if we no longer need the data but you need it for the establishment, exercise, or defense of legal claims.
  5. Right to object (Art. 21 GDPR)
    If your personal data is processed on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms.
  6. Right to data portability (Art. 20 GDPR)
    You have the right to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer of this data to another controller, insofar as this is technically feasible.
  7. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
    You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
  8. Withdrawal of consent
    If the processing of your personal data is based on your consent, you have the right to revoke this consent at any time with effect for the future. The revocation does not affect the legality of the processing carried out on the basis of the consent until revocation.

Competent supervisory authority

The supervisory authority responsible for us is:

Saxon Data Protection and Transparency Commissioner:

Dr. Hundert
Maternistraße 17
01067 Dresden

Phone: +49 351 85471-101
Fax: +49 351 85471-109
Email: post@sdtb.sachsen.de

Links to other websites

This website may contain links to external websites. We are not responsible for the data protection measures or the content of websites outside our company. For this reason, we recommend that you carefully read the privacy policies of these external websites.

Use of map services

Our website only contains external links to Google Maps.

By clicking on the link, you will be redirected to the Google website. Only at this point will personal data (e.g., IP address) be processed by Google.

We have no influence on the type and scope of data processed by Google. Processing is carried out exclusively under Google’s responsibility.

Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de

Name and contact details of the data protection officer

Jakob Heilmann

datenschutz@argetp21.de

Phone: +49 351 20789-585