Privacy policy

I. Introduction

We are pleased that you are visiting our website. We respect your privacy. Data protection and data security when using our website are very important to us. This privacy policy is intended to inform you about the scope of data collected when using our website and the purposes for which we use this data. We would also like to inform you of your rights in this regard.

II. General Information

In the following, we inform you in accordance with Art. 13 GDPR about the collection of personal data when using our website. Personal data includes all data that can be personally related to you, e.g., name, address, email addresses, user behaviour.

III. Accessing Our Website

When using the website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originates
• Browser
• Operating system and its interface
• Language and version of the browser software

We may also use a third-party provider to display the privacy policy. In this case, an embed code is used, through which your IP address is transmitted to that provider (preeco GmbH).

We process your data based on our legitimate interest for a limited time to trace personal data in the event of unauthorised access or access attempts to our servers, to correctly display the privacy policy, and to load our fonts from our own server (Art. 6 para. 1 lit. f GDPR).

IV. Contact

1. Type and Purpose of Processing

   Our website provides contact details such as addresses, phone numbers and email addresses to enable you to contact us quickly and communicate directly with us and our employees. If you contact us, we process the personal data you provide depending on the communication channel chosen. This may include your full name, address, phone number used, email address used and other personal data you disclose during communication.

2. Legal Basis of Processing

   Processing of your personal data is based on legitimate interest (Art. 6 para. 1 lit. f GDPR). By providing contact details, we aim to make it easy for you to reach out to us. The data you provide will be stored for the purpose of processing your request and for follow-up questions. If you contact us to request an offer, your data will be processed for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

3. Categories of Data

   Phone number, email address, name, your message or inquiry.

4. Recipients

   Recipients of the data are internal employees of INTERPLAN Congress, Meeting & Event Management AG.

5. Storage Periods

   Data will be deleted no later than 6 months after the request has been processed. If a contractual relationship arises, we are subject to statutory retention periods under commercial and tax law and delete your data after these periods have expired.

6. Legal / Contractual Requirement

   Providing your personal data is voluntary. However, we can only process your request if you provide us with your name, email address, and the reason for your inquiry.

   Third Country Transfer

   Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

   Right to Object

   You can object to the processing of your personal data at any time. You can inform us of your withdrawal via the contact details provided at the beginning of this privacy policy.

   Automated Decision-Making and Profiling

   As a responsible company, we do not use automated decision-making or profiling in this data processing.

V. Hosting

The hosting services we use (services for operating and providing the website) serve to make the following services available: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, as well as technical maintenance services we use for the purpose of operating this online offering.

In doing so, we and/or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects, and visitors to this online offering based on our legitimate interest in the efficient and secure provision of this online offering pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

VI. Use of Cookies

In addition to the aforementioned data, cookies are stored on your device when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the party setting the cookie (in this case, us). They serve to make the internet offering more user-friendly and effective overall.

We differentiate between two categories of cookies:
(a) Essential cookies, without which the functionality of our website would be limited, and
(b) Optional cookies for purposes of website analysis and marketing.

The use of optional cookies is based on your consent (Art. 6 para. 1 lit. a GDPR).

Our cookie banner provides detailed information about the optional cookies used on this website.

VII. Consent Management – Borlabs

Which cookie banner do we use?

This website uses the Borlabs cookie consent technology to obtain your consent for storing certain cookies on your device and to document this in accordance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.

Website: https://de.borlabs.io (hereinafter “Borlabs”)

When you enter our website, the following information is stored in the borlabs-cookie (this does not include personal data):

• Cookie duration
• Cookie version
• Domain and path of the WordPress site
• Consents, including for withdrawals
• UID

The use of Borlabs is to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

VIII. Google DoubleClick

1. Type and Purpose of Processing

   We use the Google “DoubleClick” online marketing service to display ads within the Google advertising network (e.g., in search results, videos, websites). DoubleClick allows ads to be displayed in real time based on assumed user interests. This enables us to display ads in and on our website that are tailored to users’ potential interests. For instance, if users are shown ads for products they have previously shown interest in on other websites, this is called “remarketing”.

   For this purpose, a Google code is executed and (re)marketing tags (invisible graphics or code, also called “web beacons”) are integrated into the website. A unique cookie is stored on the user’s device (or comparable technologies may be used). This file notes which websites the user has visited, what content they are interested in, and what offers they clicked, along with browser and OS info, referring websites, visit times, and usage data.

   The user’s IP address is also collected and, within EU member states or other EEA states, shortened before transmission to Google’s US server. Google may combine the above data with other sources. Based on this pseudonymous profile, users can be shown ads on other sites tailored to their interests.

   Data is processed pseudonymously — ads are assigned to cookies, not identified individuals, unless the user has expressly permitted Google to do otherwise.

2. Legal Basis of Processing

   Processing is based on your voluntary consent (Art. 6 para. 1 lit. a GDPR).

3. Categories of Data

   IP address, browser, timestamp, etc.

4. Recipients

   Data recipients are internal IT and marketing staff and Google as processor.

5. Storage Periods

   Data is deleted once its purpose no longer applies and we stop using Google DoubleClick.

6. Legal / Contractual Requirement

   Providing your data is voluntary and solely based on your consent. Without it, we cannot grant access to certain services.

7. Third Country Transfer

   Processing may occur outside the EU/EEA. We have signed standard data protection clauses with Google.

8. Withdrawal of Consent

   You can find further information about Google’s data use and opt-out options in Google’s privacy policy (https://policies.google.com/technologies/ads) and ad settings (https://adssettings.google.com/authenticated). You may withdraw your consent at any time with future effect.

9. Automated Decision-Making and Profiling

   As a responsible company, we do not use automated decision-making or profiling in this context.

IX. Google Fonts

1. Type and Purpose of Processing

   To display our content correctly and graphically appealing across browsers, we use “Google Web Fonts” (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The privacy policy of the library operator Google can be found at:
   https://www.google.com/policies/privacy/.
   Calling up script or font libraries automatically triggers a connection to the library operator. It is theoretically possible (though unclear) that Google collects data in this context. Further details:
   https://developers.google.com/fonts/faq.

2. Legal Basis of Processing

   The integration of Google Web Fonts and the related data transfer to Google are based on your consent (Art. 6 para. 1 lit. a GDPR).

3. Categories of Data

   IP address, browser, timestamp, etc.

4. Recipients

   Internal staff in marketing and IT and Google as data processor.

5. Storage Periods

   Data is processed only as long as the consent is active. Afterwards, it is deleted unless legal retention periods apply.

6. Legal / Contractual Requirement

   Providing the data is voluntary based on consent. Without it, correct display of content may not be possible.

7. Third Country Transfer

   Google processes data in the USA. We have signed standard data protection clauses with Google.

8. Withdrawal of Consent

   JavaScript is regularly used to display content. You can object by disabling JavaScript in your browser or using a JavaScript blocker. This may limit website functionality.

9. Automated Decision-Making and Profiling

   No automated decision-making or profiling is used.

X. Google Maps

1. Type and Purpose of Processing

   We use Google Maps from Google Cloud EMEA Ltd. to display interactive maps. By visiting the page, Google receives data about the specific sub-page accessed, regardless of whether you are logged into a Google account. If you are logged in, data is linked to your account. To prevent this, log out before use. Google may use this data for personalized advertising and statistics. You have a right to object to the creation of such profiles.

2. Legal Basis of Processing

   Based on your consent (Art. 6 para. 1 lit. a GDPR).

3. Categories of Data

   IP address, browser, timestamp, etc.

4. Recipients

   Internal IT and marketing teams and Google.

5. Storage Periods

   Processed only as long as consent is active. Deleted afterwards unless legally required.

6. Legal / Contractual Requirement

   Voluntary, based solely on consent. Disabling access may limit website functionality.

7. Third Country Transfer

   Processing outside EU/EEA cannot be excluded.

8. Withdrawal of Consent

   Disable JavaScript in your browser to prevent Google from collecting data. This may limit functionality. Consent can be revoked at any time.

9. Automated Decision-Making and Profiling

   No automated profiling or decisions are made.

XI. YouTube

1. Type and Purpose of Processing

   We embed YouTube videos operated by YouTube, Google Building Gordon House, 4 Barrow Street, Dublin. When visiting a page with a YouTube plugin, a connection to YouTube’s servers is established and informs them which page you visited. If logged into your YouTube account, your browsing behaviour is linked to your profile. Logging out prevents this. When a video starts, cookies are used to collect data. Details can be found in Google’s privacy policy:
   https://policies.google.com/privacy

2. Legal Basis of Processing

   Based on your consent (Art. 6 para. 1 lit. a GDPR).

3. Categories of Data

   IP address, browser, timestamp, etc.

4. Recipients

   Internal IT and marketing teams and YouTube/Google.

5. Storage Periods

   YouTube stores non-personal data in cookies unless you have disabled ads cookies. Block cookies in your browser to prevent this.

6. Legal / Contractual Requirement

   Data is voluntarily provided based on your consent. Blocking access may limit functionality.

7. Third Country Transfer

   Data may be processed outside the EU/EEA. We have signed EU Standard Contractual Clauses with Google.

8. Withdrawal of Consent

   Consent can be withdrawn at any time with future effect.

9. Automated Decision-Making and Profiling

   No automated decision-making or profiling is used.

XII. Matomo

1. Type and Purpose of Processing

   We use Matomo (formerly Piwik), an open-source tool by InnoCraft Ltd. for statistical analysis. It uses cookies to help analyse website use. The data is stored on our server in Germany and anonymised immediately after processing. Cookies can be blocked via browser settings. Visit:
   https://matomo.org/docs/privacy/

2. Legal Basis of Processing

   Based on your consent (Art. 6 para. 1 lit. a GDPR).

3. Categories of Data

   IP address, browser, timestamp, etc.

4. Recipients

   Internal staff at Interplan AG. Data is hosted on our own servers in Germany.

5. Storage Periods

   Deleted when no longer needed or if consent is withdrawn.

6. Legal / Contractual Requirement

   Data provision is voluntary and based solely on consent.

7. Third Country Transfer

   Although Matomo is based in New Zealand, all data is hosted in Germany. No processing occurs outside the EU/EEA.

8. Withdrawal of Consent

   You can change cookie preferences via our banner at any time.

9. Automated Decision-Making and Profiling

   Matomo allows analysis of behaviour to create pseudonymous profiles.

XIII. WooCommerce

1. Type and Purpose of Processing

   We use the “WooCommerce” plugin as a technical ordering system to offer products or services for booking or reservation. Payment processing is not done on this website but externally via a separate system. Creating user accounts is neither required nor possible. WooCommerce is a plugin from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. It is a company based in a third country (USA). Personal data is not transferred to Automattic unless additional services (like Jetpack) are enabled.

2. Legal Basis of Processing

   Data is processed for the purpose of fulfilling a contract (Art. 6 para. 1 lit. b GDPR) and based on our legitimate interest (Art. 6 para. 1 lit. f GDPR).

3. Categories of Data

   First name, last name, email address, company contact details, order details, etc.

4. Recipients

   Internal employees in marketing and IT, and WooCommerce as processor.

5. Storage Periods

   Order data is stored in line with statutory commercial and tax retention requirements (typically 6–10 years). Session cookies (e.g., for shopping carts) are deleted after the browser is closed or within 1–2 days.

6. Legal / Contractual Requirement

   Providing data is required to fulfill a contract. Without it, we cannot process your booking or reservation.

7. Third Country Transfer

   A transfer of data outside the EU/EEA cannot be excluded.

8. Right to Object

   You have the right to object to processing at any time with future effect.

9. Automated Decision-Making and Profiling

   We do not use automated decision-making or profiling.

XIV. Your Rights

If your personal data is processed, you are a data subject under the GDPR and have the following rights:

• Right to access (Art. 15 GDPR)
• Right to rectification or erasure (Art. 16, 17 GDPR)
• Right to restrict processing (Art. 18 GDPR)
• Right to be informed about rectification or erasure (Art. 19 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 para. 3 GDPR) without affecting the lawfulness of processing based on consent before its withdrawal
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact options for supervisory authorities in each federal state

XV. Use of Wordfence

1. Type and Purpose of Processing

   We use Wordfence on this site. Provider: Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA.

   Wordfence protects our site from unauthorized access or malicious cyberattacks. It establishes a permanent connection to Wordfence servers so that it can check access attempts against its databases and block them if necessary.

   The transfer of data to the USA is based on EU Commission standard contractual clauses. Details:
   Wordfence GDPR

2. Legal Basis of Processing

   Consent under Art. 6 para. 1 lit. a GDPR and our legitimate interest in cyber security (Art. 6 para. 1 lit. f GDPR).

3. Categories of Data

   IP address, browser, location data, etc.

4. Recipients

   Internal employees of Interplan AG and Wordfence.

5. Storage Periods

   Data is deleted when no longer needed for the intended purpose.

6. Legal / Contractual Requirement

   Providing data is voluntary and based solely on consent. Blocking access may limit website functionality.

7. Third Country Transfer

   Data may be processed outside the EU/EEA. We have signed EU standard contractual clauses with the provider.

8. Withdrawal of Consent

   You may withdraw your consent at any time with future effect.

9. Automated Decision-Making and Profiling

   We do not use automated decision-making or profiling in this data processing.