As of: March 2023

Messe Berlin GmbH (hereinafter “Messe Berlin”) attaches great importance to data protection. This information notice informs about the processing of the personal data in connection with the accreditation of employees of the Messe Berlin group of companies as well as service providers commissioned by Messe Berlin and its subsidiaries as well as invited guests for own and guest events, set-up and dismantling phases and studio operation. This data protection notice supplements the data protection notice on the website of Messe Berlin. For particular processing activities there will be separate information notices, where necessary.

1. Controller and data protection officer

Controller within the meaning of the General Data Protection Regulation (GDPR) for the data processing described in this data protection notice: Messe Berlin GmbH Messedamm 22, 14055 Berlin, Germany, e-mail: info@messe-berlin.de. Data protection officer: group data protection officer (address: as before; e-mail: datenschutz@messe-berlin.de).

2. Categories and sources of personal data

The following categories of data of the aforementioned employees or commissioned service providers or their employees or invited guests are collected in the ticket shop: e-mail address, title, first name, last name, company/company/organization, event and, if applicable, function. If the accreditation is performed by using a provided code, the circumstance and time of the redemption are also processed.

If in connection with the accreditation of employees or commissioned service providers or their employees or invited guests a personal check is carried out by order of the Federal Criminal Police Office (BKA), the following mandatory data will (additionally) be collected: Title, date/place of birth, gender, company, function and place of employment.

As part of access control, the ticket type, date and time of attendance are processed, if necessary digitally by reading out the ticket data when entering and leaving the event or studio area. This data is further processed in aggregated/anonymized form for the purposes of quality assurance, maintaining security and order, as well as for static evaluation purposes and to improve the planning/organization of future events.

Insofar users of the ticket shop provide information for another person (third party) or transmit their data, the users must ensure and the users assure that they are authorized to transmit this data of the third party to Messe Berlin, that Messe Berlin may lawfully process this data for the purposes stated in section 3 below and that the person(s) concerned has/have been sufficiently informed by the users about the processing of the person's data in accordance with this data protection notice.

3. Purposes and legal basis of the processing

Messe Berlin processes personal data pursuant to section 2 in its own legitimate interest as operator of the event site, as organizer of its own events and user/operator of the studio, and, where applicable, in the interest of the respective (guest) organizer or user/tenant of the studio in each case for the purpose of accreditation for the own and guest events, set-up and dismantling phases and studio operations, including organization, badging, access control, quality assurance, security and order, evaluation and improvement of the planning/organization of future events and the use/utilization of the studio operations and the exhibition grounds (legal basis: Art. 6 (1) (f) GDPR). In the event of a personal check and data transfer to the BKA, the legal basis for processing is: Art. 6 (1) (c) GDPR, §§ 22, 24 Federal Data Protection Act in conjunction with §§ 5, 21 and §§ 25, 28 Federal Criminal Police Office Act respectively.

4. Categories of recipients of the data 

The personal data will be transferred to the guest organizer or studio user or to the BKA, as necessary, for the purposes stated in Section 3. In order to carry out certain processing activities (ticket shop, access control, scanning (reading of tickets), hosting, IT support), Messe Berlin uses subsidiaries of the Messe Berlin group of companies and external service providers which process the personal data on behalf of Messe Berlin (so-called "processors").

Insofar as persons subject to particular personal protection by the Federal Criminal Police Office (Bundeskriminalamt – BKA) or the Federal State Criminal Police Office (Landeskriminalamt – LKA) (for example, constitutional organs such as the Federal President or the Federal Government or foreign guests) participate in events, the BKA or LKA may examine all participants in the event, as well as employees of subsidiaries of the Messe Berlin group of companies, service providers and their employees and invited guests, including during the set-up and dismantling phases. In the framework of such examination the BKA or LKA may request data such as name, company/organization and function from the organizer.

In the case of incidents, disorder, emergencies and crises the data of participants may also be transmitted to the police, law enforcement authorities, the fire brigade and ambulances, other public authorities (such as the Health Office (Gesundheitsamt)).

A transfer of data to authorities and public bodies may occur if Messe Berlin is legally obliged to do so, be it due to laws and regulations (e.g., within the framework of supervisory authority procedures) or due to a court order, resolution, judgement and the like. For compliance with tax and trade laws and regulations, the personal data are shared with the tax and other relevant public and regulatory authorities. The categories of recipients of the personal data also include courts and lawyers in the context of legal disputes, legal disputes as well as for the purpose of legal advice and furthermore auditors

5. Data transfers to third countries

Some of the Messe Berlin Group companies, guest organizers and processors are located in third countries outside the EU which do not provide the same level of data protection for personal data as the EU, in particular due to the absence of a legal framework, independent supervisory authorities or data protection rights and remedies. The transfer of personal data to such third countries takes place to the extent that a decision of the European Commission on the existence of an adequate level of protection (Art. 45 (3) GDPR) is available with regard to the third country or organization and otherwise subject to appropriate safeguards within the meaning of Art. 46 GDPR, in particular the standard data protection clauses approved by the European Commission pursuant to Art. 46 (2) (c) GDPR and, if necessary, additional measures. A copy of these can be obtained on request (e.g., by e-mail for contact details see Section 1 above).

6. Storage period

Stored personal data will be erased once they are no longer needed for achieving the relevant purpose of their processing. Insofar as the processing takes place on the legal basis of the legitimate interest of Messe Berlin (Art. 6 (1) (f) GDPR), the data concerned will no longer be processed for the associated purpose after receipt of the objection and, if applicable, will be deleted, unless there are legal exceptions to this rule. Date and time of attendance (time of entering/leaving the event) are deleted at the latest one day after the end of the event (with the exception of aggregated/anonymized data without personal reference). Notwithstanding the foregoing, personal data which are subject to retention obligations under commercial or tax laws will only be deleted after the expiry of the statutory retention periods (generally 6 or 10 years).

7. Data protection rights

In order to exercise the following rights, data subjects can contact the controller at any time (for contact details, see section 1 above) or also contact the data protection officer.

Rights of the data subjects pursuant to Art. 12-21 GDPR: the right to access about personal data, the right to rectification, erasure and data portability as well as to restriction of processing. If consent has been given, this can be revoked at any time with effect for the future.

Rights of objection

If the processing is based on legitimate interests, there is the right to object to the processing of personal data for reasons relating to your particular situation.

If data subjects are of the opinion that data processing violates data protection law, they have a right to lodge a complaint with the competent supervisory authority of their choice (Art. 77 GDPR in conjunction with section 19 of the German Federal Data Protection Act (Bundesdatenschutzgesetz)).