Privacy policy ITCS

Privacy policy ITCS

Person in charge

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

ITCS Conference GmbH

Meisengasse 11

60313 Frankfurt am Main

Germany

E-mail for data protection enquiries: datenschutz@it-cs.io

Further details about the company can be found in the imprint on our website.

2. General information on data processing

We only process personal data to the extent it is necessary for the provision of our website, the execution of our events and services, communication with interested parties, participants, applicants, companies and partners, or as required by legal obligations.

Personal data is any information relating to an identified or identifiable natural person. This may include, in particular, name, email address, contact details, professional details, usage data, technical access data, ticket data, application data, and communication content.

The relevant legal bases are, in particular, Article 6(1)(a) of the GDPR (consent), Article 6(1)(b) of the GDPR (performance of a contract and pre-contractual measures), Article 6(1)(c) of the GDPR (legal obligation), and Article 6(1)(f) of the GDPR (legitimate interest). For access to information in end-user devices, for instance through cookies or comparable technologies, the provisions of the TDDDG also apply.

3. Your Rights

You have the right, in accordance with the legal requirements, to access the personal data we process, the right to rectification of inaccurate data, the right to erasure, the right to restrict processing, the right to data portability, and the right to object to certain processing.

Where processing is based on your consent, you can withdraw this consent at any time with effect for the future. The lawfulness of the processing until withdrawal remains unaffected.

To exercise your rights, you can contact datenschutz@it-cs.io at any time.

You also have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection regulations.

4. Provision of the website and server log files

When you visit our website purely for informational purposes, the web server automatically processes technical data that your browser transmits. This includes, in particular, the IP address, date and time of access, the page accessed, the referrer URL, browser type and version, operating system, language settings, HTTP status code, and the amount of data transferred.

Processing is carried out for the technical provision, stability and security of the website. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure and functional operation of our website.

5. Contact and Forms

If you contact us by email, contact form, or other input masks, we will process the data you provide, such as your name, email address, company, position, message, and any other voluntary information, in order to process your request.

The legal bases are Article 6(1)(b) GDPR, insofar as the request relates to a contract or pre-contractual measures, and Article 6(1)(f) GDPR on the grounds of our legitimate interest in responding to enquiries. Where we obtain separate consent, Article 6(1)(a) GDPR is the legal basis.

6. hCaptcha

To protect forms against abuse, spam, and automated entries, we can use hCaptcha. The provider is Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA.

hCaptcha can process technical information, in particular IP address, browser and device data, interaction data, and information about whether input is made by a human or automated. Integration only occurs where form protection is required.

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our website, forms, and IT systems from misuse and automated attacks. Insofar as consent is required for the loading of an external protection service, integration will only be carried out after appropriate consent has been obtained on the basis of Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Further information can be found in the hCaptcha Privacy Policy at https://www.hcaptcha.com/privacy.

7. Registration, User Account and Protected Areas

For certain functions, user accounts may be required, such as for visitor, applicant, company, or partner areas. When registering for and using such areas, we process the data necessary for the creation, management, and use of the respective account. This may include, in particular, name, e-mail address, company, role, professional details, profile data, interests, application or matching data, login details, and usage data within the account.

The legal basis is Article 6(1)(b) GDPR, insofar as the processing is necessary for the provision of the user account and the booked or requested services. Furthermore, Article 6(1)(f) GDPR may be relevant, for example, for security and abuse prevention.

8. Registration via third parties

Where we offer registration via third-party providers such as GitHub, LinkedIn, Facebook or XING, you will be redirected to the respective provider for authentication. After successful registration, we will receive the profile data required for registration or login, such as name, email address, and technical account identifiers, provided you authorise this with the respective provider.

The legal basis is Art. 6(1)(b) GDPR, insofar as registration is necessary for the use of the account, and Art. 6(1)(a) GDPR, insofar as you consent to data transmission by the third-party provider.

The respective third-party provider's data protection information applies to data processing by that third party.

9. Newsletters and promotional communications

When you sign up for a newsletter or agree to marketing communications, we will process your email address and any other voluntary details you provide to send you information about events, offers, content, and news.

The legal basis is your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example, by using the unsubscribe link in the respective email or by sending us a message.

For sending newsletters, we can use rapidmail. The provider is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg im Breisgau, Germany. rapidmail processes the data required for sending newsletters on our behalf.

10. Preparation courses, shuttle services, and other registrations

To the extent that you register for preparation courses, shuttle services, or other free or paid offers via our website, we will process the data requested in the respective form. This may include, in particular, your name, e-mail address, field of study, professional status, desired date, event details, and other voluntary information.

Processing is carried out for the purpose of handling the application, fulfilling the respective offer, and communicating with you. The legal basis is Art. 6(1)(b) GDPR. To the extent that you provide voluntary information or consent to further communication, the legal basis is Art. 6(1)(a) GDPR.

11. Events, Tickets and pretix

For event registration, ticket purchasing, and ticket management, we can use the pretix ticketing system. The provider is pretix GmbH, Berthold-Mogel-Straße 1, 69126 Heidelberg, Germany. Integration can be done via our ticket subdomain ticket.it-cs.io.

When using ticketing, the data required for booking, ticket provision, admission, communication, and billing is processed. This may include, in particular, name, email address, ticket data, payment status, billing data, order number, event data, and technical access data.

The legal basis is Art. 6(1)(b) GDPR, insofar as the processing is necessary for the performance of the ticket booking or participation. For statutory retention obligations, Art. 6(1)(c) GDPR is relevant.

Further information about pretix can be found at https://pretix.eu/about/de/privacy.

12. Payment Processing

Where paid services or tickets are booked, we process the data required for payment processing and invoicing. Depending on the chosen payment method, payment data may be transmitted to payment service providers.

The legal bases are Article 6(1)(b) GDPR and Article 6(1)(c) GDPR, insofar as tax or commercial law retention obligations exist.

13. Lead scanning at events

At ITCS events, a lead scanning function can be offered to exhibitors. If you have your QR code or visitor ticket scanned by an exhibitor, the contact details stored on the ticket or in your profile can be transmitted to the respective exhibitor. This may include, in particular, name, email address, company, professional or field of study, interests, and event data.

The transfer will only take place if you actively enable scanning. The legal basis is Art. 6(1)(a) GDPR, insofar as you consent to the disclosure, and Art. 6(1)(b) GDPR, insofar as the function is part of the event services you are using.

The respective exhibitor is independently responsible for the further processing of the received data, insofar as they process the data for their own purposes.

14. Job board, matching and application functions

To the extent we offer job, career, matching, company, or application functions, we process the data required to provide these functions. This may include, in particular, profile details, professional qualifications, interests, job preferences, application documents, messages, company details, and interaction data.

When you apply for a job, arrange interview appointments with companies, or upload application documents, your data may be transmitted to the respective company to the extent necessary for the desired function or if you have consented to the transmission.

The legal bases are Art. 6(1)(b) GDPR for the provision of the respective functions and Art. 6(1)(a) GDPR, insofar as you make voluntary declarations or consent to specific transfers. Insofar as data is processed for the initiation of an employment relationship, § 26 BDSG may also be relevant.

15. Online trade fairs and digital event features

As far as we offer online trade fairs, digital trade fair stands, chat functions, profile pages or similar digital event functions, we process the data required for the use of these functions. This may include, in particular, registration data, profile data, visit and interaction data, chat content, uploaded documents and technical access data.

When you visit digital trade fair stands, chat with exhibitors, or share documents, the data required for this can be transmitted to the respective exhibitor. The legal bases are Art. 6 para. 1 lit. b GDPR for the organisation of the event and Art. 6 para. 1 lit. a GDPR, insofar as you provide voluntary information or consent to specific data sharing.

16. Cookies, similar technologies and consent management

We use cookies and comparable technologies. Cookies are small text files that are stored on your terminal device. Comparable technologies can also store or retrieve information on your terminal device.

Some of these technologies are technically necessary for our website to function, be operated securely, manage sessions, save cookie settings, or provide expressly requested features. Depending on their purpose, technically necessary cookies can be stored as session cookies only for the duration of the visit or as persistent cookies for a specific period.

The legal basis for storing or accessing technically necessary information is § 25 para. 2 TDDDG. The subsequent processing of personal data is based on Art. 6 para. 1 letters b, c or f GDPR, depending on the purpose.

For non-technically necessary technologies, particularly analytical, marketing, or external media services, we will obtain your consent in advance. The legal basis for storing or accessing information is § 25(1) TDDDG; the legal basis for the subsequent processing of personal data is Art. 6(1)(a) GDPR.

We use Borlabs Cookie to manage consent for cookies, tracking technologies, and external content. The provider of the tool is Borlabs GmbH, Germany.

Borlabs Cookie stores your consent decision so that we can document it and take it into account on your next visit. In particular, consent status, time of consent, version of consent, language setting, and a technical identifier may be processed.

The legal basis for using Borlabs Cookie is § 25 para. 2 TDDDG, Art. 6 para. 1 lit. c GDPR, and Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the legally compliant management and documentation of consents.

You can revoke or change granted consents at any time with future effect. You can access the respective settings again via the cookie settings on our website.

17. Analysis, Tag Management and Marketing

Analysis and marketing services are only used if effective consent has been obtained for them. Without consent, these services will not be activated for analysis or marketing purposes.

The legal basis for accessing end devices is § 25 para. 1 TDDDG. The legal basis for the subsequent processing of personal data is Article 6 para. 1 lit. a GDPR.

17.1 Google Tag Manager

We can use Google Tag Manager from Google Ireland Limited to centrally manage website tags. Google Tag Manager is used to trigger other services. Where services requiring consent are loaded via Google Tag Manager, this will only happen after appropriate consent has been given.

17.2 Google Analytics

We can use Google Analytics 4 from Google Ireland Limited to analyse your use of our website and improve our services. This may involve processing page views, interactions, technical device and browser data, approximate location, referrers, and pseudonymous identifiers.

Google Analytics is only used with consent. The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

17.3 Meta Pixel und PixelYourSite

We can use the Meta Pixel from Meta Platforms Ireland Limited, technically managed via the WordPress plugin PixelYourSite. The Meta Pixel can help us measure the effectiveness of campaigns and build audiences for advertising campaigns. In doing so, page views, clicks, referrers, technical device and browser data, cookie IDs or comparable identifiers, and event data can be processed.

The Meta Pixel and server-side submissions via the Meta Conversions API are only used after obtaining the appropriate consent. The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.

17.4 TikTok Pixel

We can use the TikTok Pixel to measure campaigns and evaluate marketing activities. In particular, this may involve the processing of page views, clicks, technical information, cookie IDs or similar identifiers, as well as event data.

The TikTok Pixel is only used with consent. The legal basis is Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

18. External media, maps and embedded content

Our website may feature embedded content from external providers. This can include, in particular, YouTube, Vimeo, Podigee and Google Maps. Such content is blocked by default via our consent management and will only be loaded once you actively release the respective content or give your consent.

Following consent, the respective providers may process personal data, in particular IP address, device and browser data, referrer, usage data, and, if applicable, cookie or account data if you are logged in to the respective provider. The legal basis is Article 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

18.1 YouTube and Vimeo

Videos from YouTube or Vimeo will only be loaded after approval. When playing or unblocking, a connection can be established to the respective provider's servers.

18.2 Podigee

For podcast or audio content, we can use the Podigee player. The player will only be loaded once given the go-ahead. Technical access data and usage data may be transmitted to Podigee in this process.

18.3 Google Maps

To display venues, we can embed Google Maps. Google Maps will only load after approval. After approval, Google may process technical and usage data.

19. Fonts

Our website uses fonts for the consistent display of content. Where possible, fonts are provided locally from our own servers or as system fonts from your device.

Where third-party external fonts are integrated in individual cases, a connection to the respective provider's servers may be established when the website is accessed. This may involve the processing of IP addresses, technical browser and device data, and the requested page, in particular. Where consent is required for this, the integration will only take place after appropriate consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

20. Social media links and profiles

Our website may contain links to our profiles on social networks, particularly LinkedIn, Instagram, Facebook, YouTube, XING, GitHub or similar platforms. As long as you do not click on these links, no connection will be established with the respective social networks.

When you click on a link, you will leave our website. The respective provider is responsible for the processing of personal data on the respective platform. The provider's data protection information applies.

21. Recipients and Processors

We only disclose personal data where this is necessary to fulfil the described purposes, there is a legal obligation, you have consented, or there is any other legal basis.

Recipients may include, in particular, IT and hosting service providers, ticketing and payment service providers, email service providers, analytics and marketing providers, event partners, exhibitors, security and support service providers, as well as authorities within the scope of statutory obligations.

Where service providers process personal data on our behalf, we conclude data processing agreements in accordance with Article 28 of the GDPR.

22. Third-country transfers

When using individual services, personal data may be transferred to countries outside the EU or EEA. This applies in particular to services from international providers such as Google, Meta, TikTok, YouTube, Vimeo, LinkedIn, GitHub, or other platform providers.

Unless an adequacy decision exists, such a transfer will only take place on the basis of appropriate safeguards, in particular EU standard contractual clauses, or on the basis of your explicit consent.

23. Storage period

We only store personal data for as long as is necessary for the respective purposes, legal retention periods apply, or legitimate interests justify further storage.

Upon cessation of the purpose or expiry of relevant deadlines, the data will be deleted or blocked.

24. Data Security

We are taking technical and organisational measures to protect personal data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are regularly reviewed and adapted to the state of the art.

25. Current Status of this Privacy Policy

We will update this privacy policy if our website, services used, or legal requirements change. The version published on our website at the time is authoritative.

As at: 27 May 2026