1. How to contact us
The point of contact and so-called controller for the processing of your personal data when visiting this website within the meaning of the General Data Protection Regulation (DSGVO) is
For all questions regarding data protection in connection with our services or the use of our website, you can also contact our data protection officer at any time. She can be reached both at the above postal and e-mail address (keyword: “attn. data protection officer”). We expressly point out that if you use the e-mail address given above, the contents might not be viewed exclusively by our data protection officer. If you wish to exchange confidential information, please therefore first request direct contact via this e-mail address.
2. Data processing on our website
2.1. Visiting our website/access data
Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:
- IP address of the requesting device,
- Date and time of the request,
- Address of the accessed website and the requesting website,
- Information about the browser and operating system used,
- Online identifiers (e.g. device identifiers, session IDs).
The data processing of this access data is necessary to enable the visit of the website and to ensure the permanent functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above, in order to compile statistical information about the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if the proportion of mobile devices used to access the pages increases) and for general administrative maintenance of our website.
The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, if the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 p. 1 lit. f GDPR due to our legitimate interest in the permanent functionality and security of our systems.
2.2. Contacting us
You have various options for contacting us. These include the contact form and the contact options via our e-mail address and/or telephone number. When you contact us, we collect the following data from you:
- First and last name,
- E-mail address.
The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 p. 1 lit. f GDPR due to our legitimate interest by you contacting us and us being able to answer your inquiry.
The data collected when using the contact form or our other contact options will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 5 “Retention period”).
2.3. Ticket orders
During an order process, we collect mandatory data necessary for the processing of the contract:
- First and last name,
- Date of birth,
- E-mail address,
- Job title and company name,
- Billing and shipping address.
Optionally, information such as telephone and fax number are also possible, so that we can contact you in case of queries using these ways. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
2.4. Application as a Speaker
You can apply as a speaker with us to talk about customer experience in your daily business as part of the program. The required mandatory information is:
- First and last name,
- Job title,
- E-mail address.
The legal basis of the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
2.5. Registration for the CX1 Conference
You can register for our CX1 Conference event via this website. The mandatory registration data are:
- First and last name,
- E-mail address,
- Job title.
When you register, we use your data to create lists of participants with names and positions. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR as far as the organisation, implementation and handling of the event is concerned as well as Art. 6 para. 1 sentence 1 lit. f GDPR due to our legitimate interest in the preparation of the event as well as for the purpose of providing information about the participants.
Furthermore, your data will be passed on to our partners for follow-up purposes exclusively in relation to the specific event in which you participated. A partner is anyone who signs a partner agreement with us and is announced as a partner. Usually, a partner has an exhibitor stand and/or a speaking session.
Below, we list the Tools we use by category, informing you in particular about the providers of the Tools, the storage period of the cookies and the transfer of data to third parties. We also explain in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent.
3.1 Legal basis and revocation
3.1.1 Legal basis
We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 para. (1) sentence 1 lit. f GDPR to enable you to use our website more conveniently and individually and to make use of it as time-saving as possible. In certain cases, these tools may also be necessary for the performance of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
We use all other tools, in particular those for marketing purposes, on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and pursuant to Section 15 para. 3 sentence 1 TMG, insofar as user profiles are created for the purposes of advertising or market research. Data processing only takes place with the help of these tools if we have received your consent in advance.
If personal data is transferred to third countries, please refer to section 5 (“Data transfer to third countries”), also with regard to the risks this may entail.
3.1.2 Obtaining your consent
We use the Usercentrics tool from Usercentrics GmbH, Rosental 4, 80331 Munich (“Usercentrics”) to obtain and manage your consent. This generates a banner which informs you about the data processing on our website and gives you the opportunity to consent to all, individual or no data processing through optional tools. This banner appears the first time you visit our website and when you revisit the selection of your preferences to change them or withdraw consent.
Your consents or revocations, your IP address, information about your browser, your terminal device and the time of your visit are transmitted to Usercentrics as part of your website visit. Usercentrics also uses a necessary cookie to store your consents and revocations. If you delete your cookies, we will ask you for your consent again when you visit the site at a later date.
The data processing by Usercentrics is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Usercentrics is Art. 6 para. 1 sentence 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for cookie consent management.
3.1.3 Withdrawing your consent or changing your preferences
You can revoke your consent for certain tools at any time. To do so, click on the following Link/Button: email@example.com. Here you can also change the selection of the tools you wish to consent to using and obtain additional information on the cookies. Alternatively, you can assert your revocation for certain tools directly with the provider.
3.2 Necessary Tools
We use certain tools to enable the basic functions of our website (“Necessary Tools”). Without these tools, we would not be able to provide our service. Therefore, Necessary Tools are used without consent based on our legitimate interests pursuant to Art. 6 para. (1) sentence 1 lit. f GDPR or for the performance of a contract or for the execution of pre-contractual measures pursuant to Art. 6 para (1) sentence 1 lit. b GDPR.
3.2.1 Google Tag Manager
Our website uses Google Tag Manager, a service provided for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).
The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website, for example, to record specified usage data. The Google Tag Manager ensures that the usage data required by our partners is forwarded to them.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in a straightforward manner.
We have concluded an order processing contract with Google. Partially, data is processed on a Google server in the USA. For further information, please refer to section 5 (“Data transfer to third countries”). For more information, please refer to Google’s information on the Tag Manager.
3.3 Functional tools
In order to improve our website, we use tools for the statistical collection and analysis of general usage behaviour based on access data (“analysis tools”). We also use analytics services to evaluate the use of our various marketing channels.
Our website uses the chat programme of Delaware corporation, 55 2nd Street, San Francisco, CA 94105, USA (“Intercom”) to improve communication with visitors.
If you have general or specific questions or problems about our products, the website or our company, you can send us a message via Intercom. You will be notified if someone is currently online to respond to you immediately. If this is not the case, we will answer your enquiry immediately during our business hours. In this context, we process data solely for the purpose of communicating with you.
The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the data is required to answer your enquiry in the context of initiating or executing a contract, and otherwise Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our legitimate interest is to maintain communication with (potential) customers and to create a positive external impact by making our employees quickly accessible.
The data collected in this context may be transferred to a server of Intercom in the USA and stored there. For further information, please refer to section 5 (“Data transfer to third countries”).
We use Planhat, a CRM service tool for customer management offered by Planhat AB, Sveavägen 98, 113 50 Stockholm, Sweden. Planhat is a CRM tool that allows us to track and structure our communications with our customers. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR for the purpose of effective customer data management. For more information, please visit https://www.planhat.com/privacy-policy/.
3.4 Analysis tools
In order to improve our website, we use tools for the statistical collection and analysis of general usage behaviour based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels.
The legal basis for the analysis tools is – unless otherwise stated – your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. For the revocation of your consent, see section 6: “Revoking your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 para. 1 sentence 1 lit. a GDPR). Please refer to section 5 (“Data transfer to third countries”) for the associated risks.
We use the analysis service of Heap, Inc, 225 Bush St. San Francisco, CA 94104, USA (“Heap”). This service helps to understand users and make data-driven decisions. Further information regarding Heap’s data processing can be found here: https://heap.io/privacy.
Our website uses Hotjar, a web analytics service provided by Hotjar Ltd, 3 Elia Zammit Street, St Julians STJ 1000, Malta (“Hotjar”). Hotjar is used to create so-called heat maps. Heat maps graphically display statistics about mouse movements and clicks on our site in order to analyse our website with regard to your user behaviour. This allows us to identify frequently used features of our website and further improve the site. However, your IP address is shortened before the usage statistics are analysed so that no conclusions can be drawn about your identity. In addition to mouse movements and clicks, information on the operating system, browser, incoming and outgoing references (links), geographical origin as well as resolution and type of device are evaluated for statistical purposes. This information is pseudonymous and will not be passed on to third parties by us or by Hotjar. Data entered by you in form fields on our website are hidden and not collected by Hotjar.
Our website uses Mixpanel from Mixpanel, Inc., 405 Howard St., CA 94105 San Francisco, USA (“Mixpanel”). Mixpanel stores and processes information about your user behaviour on our website. For this purpose, Mixpanel uses, among other things, cookies which are stored locally in the cache of your web browser on your end device and which enable an analysis of your use of our website. Information regarding data processing at Heap can be found here: https://mixpanel.com/legal/privacy-policy/.
3.4.4 Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). According to Google, the contact for all data protection issues is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses tools to analyse and improve our website based on your user behaviour. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.
3.5 Marketing tools
We also use tools for advertising purposes (“marketing tools”). Some of the data collected when using our website is used for interest-based advertising. By analysing and evaluating this data, we are able to show you personalised advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites of other providers.
The legal basis for the marketing tools is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. For the revocation of your consent, see point 6: “Revocation of your consent or change of your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the data transfer (Art. 49 para. 1 sentence 1 lit. a GDPR). Please refer to section 5 (“Data transfer to third countries”) for the associated risks.
In the following section, we would like to explain these technologies and the providers used for this purpose in more detail. The data collected may include in particular:
- the IP address of the device;
- the identification number of a cookie;
- the device identifier of mobile devices (Device ID);
- Referred URL (previously visited page);
- Pages accessed (date, time, URL, title, length of stay);
- Downloaded files;
- Clicked links to other websites;
- Achievement of specific goals (conversions), if applicable;
- Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
- Approximate location (country and city, if applicable).
However, the collected data is stored exclusively pseudonymously, so that no direct conclusions can be drawn about the persons.
3.5.1 Microsoft Advertising (formerly Bing Ads)
In addition to withdrawing your consent, you also have the option of deactivating the personalised ads at Microsoft Advertising or in the settings for ads in your Microsoft account.
3.5.2 Facebook Pixel
For marketing purposes, our websites use the “Facebook Pixel” service of the social network Facebook, a service offered for users outside the USA and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and for all other users by Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (together “Facebook”).
We use Facebook Pixel to analyse the general use of our websites and to track the effectiveness of Facebook advertising (“conversion tracking”). In addition, we use Facebook Pixel to play you individualised advertising messages based on your interest in our products (“Retargeting”). For this purpose, Facebook processes data that the service collects via cookies, web beacons and comparable storage technologies on our websites.
The data collected in this context may be transferred by Facebook to a server in the USA for analysis and stored there.
If you are a Facebook member and have allowed Facebook to do so via the privacy settings of your account, Facebook may also link the information collected about your visit to us to your member account and use it for the targeted placement of Facebook ads. You can view and change the privacy settings of your Facebook profile at any time.
If you have not consented to the use of Facebook Pixel, Facebook will only display generic Facebook Ads that are not selected based on the information collected about you on this website.
3.5.3 Google Ads conversion tracking and Ads remarketing (formerly AdWords)
Our websites use the “Google Ads” service, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland and by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”) for all other users.
The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.
If you use a Google account, Google may, depending on the settings stored in the Google account, link your web and app browsing history to your Google account and use information from your Google account to personalise ads. If you do not wish this association with your Google account, it is necessary for you to log out of Google before accessing our website.
If you have not consented to the use of Google Ads, Google will only display general advertising that has not been selected on the basis of the information collected about you on this website. In addition to withdrawing your consent, you also have the option of disabling personalised advertising in Google’s advertising settings.
On this website, we use Capterra for our online marketing activities. Capterra is operated by Capterra Inc, 901 North Glebe Road, Suite 1010, Arlington, VA 22203, USA. Further information about Capterra’s data processing can be found here: https://www.capterra.com/legal/privacy-policy.
3.5.5 Adobe Audience Manager
We use the Adobe Audience Manager of Adobe Systems Software Ireland Ltd, 4-6 Riverwalk, City West Business Campus, Dublin 24, Ireland (“Adobe”). When the website is called up, a so-called tracking pixel is called up from Adobe’s servers. The tracking pixel allows an interest-based and personalised advertising approach based on user behaviour, which can also be displayed on other of your end devices (e.g. tablet or smartphone) as well as on other websites because of cross-device pixel mapping. Further information on the data protection and tracking procedures of Adobe Analytics: http://www.adobe.com/de/privacy.html.
We use Pipedrive of Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia to improve customer relationship management activities. Further information on Pipedrive’s data processing and data protection can be found here: https://www.pipedrive.com/en/privacy.
3.5.7 LinkedIn Ads
We use “Marketing Solutions (formerly LinkedIn Ads)” on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “Marketing Solutions”). Marketing Solutions stores and processes information about your user behaviour on our website. For this purpose, Marketing Solutions uses, among other things, cookies, i.e. small text files which are stored locally in the cache of your web browser on your end device and which enable an analysis of your use of our website. Further information on data protection can be found here: https://www.linkedin.com/legal/privacy-policy.
3.6 External media
We also use tools from external media, such as embedded videos. The legal basis for this is – unless otherwise stated – your consent in accordance with Art. 6 para (1) sentence 1 lit. a GDPR, which you give via the cookie banner or with the respective tool itself by individually allowing its use via a banner (overlay) placed above it. For the revocation of your consent, see point 6: “Revoking your consent or changing your selection”. In the event that personal data is transferred to the USA or other third countries, your consent expressly extends to the transfer of data (Art. 49 para. 1 sentence 1 lit. a DSGVO). Please refer to section 5 (“Data transfer to third countries”) for the associated risks.
We have integrated videos into our website that are stored on YouTube and can be played from our websites if you have consented. YouTube is a multimedia service of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”), a group company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
By visiting our website, YouTube and Google receive the information that you have accessed the corresponding sub-page of our website. This takes place regardless of whether you are logged in to YouTube or Google or not. YouTube and Google use this data for the purposes of advertising, market research and the needs-based design of their websites. If you call up YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not wish the association, it is necessary that you log out of Google before calling up our website.
4. Data Transfer
The data we collect is only transferred if:
- you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed,
- we are legally obliged to disclose your data according to Art. 6 para. 1 sentence 1 lit. c GDPR or this is legally permissible and necessary according to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.
In addition, disclosure may be made in connection with official enquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.
4.1 Conduct of the CX1 Conference
4.1.1 Online live streaming for hybrid events
The CX1 Conference may take place in a hybrid manner. If it takes place digitally, it will take place via livestream. The data processing during a livestream is the same as under point 2.1. For the implementation of the event, a stream on the website of the provider Hopin of Hopin Limited, Seedcamp Office, 5 Bonhill Street, Shoreditch, London, England, EC2A 4BX, is used. The legal basis is the necessity for the fulfilment of a contract or the implementation of pre-contractual measures according to Art. 6 para. 1 sentence 1 lit. b GDPR. In some cases, the data may also be processed on servers in the USA. In the event that personal data is transferred to the USA or other third countries, this is done on the basis of Art. 49 (1) sentence 1 lit. b GDPR in order to enable the performance of a contract with you or the implementation of pre-contractual measures. For further information, please refer to section 5 (“Data transfer to third countries”). For more information on Hopin’s data processing, please visit https://hopin.com/privacy.
4.2 Filming and photography
During the event, film or photo recordings may be made. These may be published on our website and social media channels. You can assert your rights under section 7 against us and our partners insofar as film and photo recordings are concerned.
5 Data transfer to third countries
If a third country transfer is provided for and no adequacy decision or suitable guarantees are in place, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the cookie banner, you will also be informed of this.
6. Data retention
In principle, we only store personal data for as long as is necessary to fulfil contractual or legal obligations for which we have collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for claims under civil law or due to statutory retention obligations.
For evidentiary purposes, we must retain contractual data for three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred at this point at the earliest in accordance with the standard statutory limitation period.
Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified therein for the retention of documents range from two to ten years.
7. Your rights, in particular revocation and objection
You are entitled to the data subject rights formulated in Art. 15 – 21, Art. 77 DSGVO at any time:
- Right to revoke your consent;
- Right to object to the processing of your personal data (Art. 21 GDPR);
- Right to information about your personal data processed by us (Art. 15 GDPR);
- Right to rectify your personal data stored by us that is incorrect (Art. 16 GDPR);
- Right to erasure of your personal data (Art. 17 GDPR);
- Right to restrict the processing of your personal data (Art. 18 GDPR);
- Right to data portability of your personal data (Art. 20 GDPR);
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
To exercise your rights described here, you can contact us at any time using the contact details above. Provided that the respective legal requirements are met, we will comply with your data protection request.
Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, even longer for the assertion, exercise or defence of legal claims. The legal basis is Art. 6 (1) sentence 1 lit. f GDPR, based on our interest in defending against any civil claims under Art. 82 DSGVO, avoiding fines under Art. 83 GDPR and fulfilling our accountability obligations under Art. 5 (2) GDPR.
You have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it is a matter of objecting to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details above.
You have the right to complain to the data protection supervisory authority responsible for us. You can assert this right with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Berlin, where we are based, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
8. Changes to the data protection declaration
Version 1.0 / Status: April 2021