Information pursuant to the EU-General-Data-
Protection-Regulation (GDPR) for digital services of Messe Berlin
Version dated January 15, 2026
Data protection is a high priority at Messe Berlin GmbH (hereinafter referred to as "Messe Berlin"). This data protection information provides information about the processing of personal data in connection with the use of Messe Berlin's digital services (hereinafter referred to as "digital services"). Separate data protection information may apply to specific cases of data processing. This will be indicated separately in this data protection information or in the relevant data processing.
The digital services can be used via an app or a web browser. The services include various functions such as exhibitor and product directories, supporting programs and streaming services, participant directories, networking, lead tracking, location-based services, and additional services subject to a fee (such as booking meeting rooms or cloakroom services) and, for exhibitors, an advertising shop. Due to technical reasons, some functions are only available via the app.
Responsible party and data protection officer
Individual processing operations
Use of digital services
Purpose and legal basis
When you use our digital services, i.e., even if you do not register or otherwise actively submit information, e.g., via input forms, information of a general nature is automatically collected. This information (log files) includes the type of web browser, the operating system used, device and SIM card identifiers (including IMEI, UDID, IMSI, MAC address, MSISDN), the mobile phone number, the domain name of your Internet service provider, your IP address, referrer URL, date and time of access, and similar information.
It is processed in particular for the following purposes:
Ensuring smooth connection to digital services,
ensuring the smooth use of our digital services, and
Ensuring and evaluating system security and stability, in particular for the detection of misuse and for the technically error-free display and optimization of digital services.
We do not use your data to draw conclusions about your person. However, we reserve the right to check the log files retrospectively if there are concrete indications of illegal use.
Processing is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of digital services and ensuring system security and misuse detection.
Recipients of the data
We use service providers for operation and maintenance who act as our processors. All service providers are contractually obliged to treat your data confidentially.
Storage period
Data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 30 days, unless a security-related event occurs (e.g., a DDoS attack). In the event of such an event, server log files are stored until the security-related event has been resolved and fully investigated.
Provision of data
The provision of the aforementioned personal data is neither required by law nor contractually stipulated. However, without the IP address and cookie ID, the service and its functionality cannot be guaranteed. In addition, individual services may be unavailable or restricted.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
General functions of digital services
Purpose and legal basis
Personal data is processed for the purpose of using the digital services. The main purposes of the digital services are both the networking of all users and the advertising opportunities for exhibitors for the respective events. Messe Berlin processes in particular data from exhibitors or participating companies (hereinafter referred to as "exhibitors") and their employees, as well as private and trade visitors, sponsors, media representatives, speakers and presenters, business partners or other participants (hereinafter referred to as "participants") (hereinafter collectively referred to as "users"). Users of the digital services can, among other things, present themselves and, if applicable, their company (profile), attend events via these services, follow presentations and lectures live or afterwards, and meet and network (communication and networking).
In this context, the processing of personal data is necessary for the provision of digital services (Art. 6
(1) (b) GDPR ), which are set out in the General Terms and Conditions of Use for Digital services ("Terms of Use"). Personal data may also be processed in the legitimate interest of Messe Berlin in providing an interesting, personalized, efficient, secure, innovative, and profitable service, Art. 6 (1) (f) GDPR. For this purpose, personal data is processed, for example, for market and user research in order to continuously improve our own offerings, products, and services and to adapt them to needs within the framework of market and user analysis. Personal data is also processed if the data subject has given their consent to the processing, Art. 6 (1) (a) GDPR. Processing may also take place if it is necessary to protect vital interests or to protect a natural person, Art. 6 (1) lit. d GDPR, or if the processing is necessary to fulfill a legal obligation of Messe Berlin, Art. 6 (1) lit. c GDPR. These processing purposes and legal bases also include, in particular, the following functions of the digital services:
Online registration
Some digital services can be used without registration. For certain functions, such as networking, making appointments, or using paid content and services, registration and authentication as a participant in the event is necessary.
Profile
A profile can be created in the digital services to represent the respective user. In addition to displaying and connecting all users, this enables exhibitors to present products and services and post job advertisements on the job board. User data must be entered during online registration and profile creation. This can be done automatically in some cases, for example, if registration is completed as part of the ticket purchase process or if the user is already a user of Messe Berlin's digital services in another context.
The following mandatory information is required to create a profile: first name, last name, email address, and company/organization. The following optional information may be processed: language, country, address (street address, postal code, city), telephone number, profile picture, professional interests, biographical information, social media accounts, and various other optional information. Profiles can be found by other users within the digital services via search and matchmaking functions. The visibility of your own data can be customized by the user in the settings. The processing of personal data is necessary in this context for the provision of the digital services.
Communication and networking
Users can communicate with each other (e.g., chats, video calls), set up, stream, and participate in meetings, , and arrange and conduct appointments and video calls between different users (including notification function). Within the user communication center, contacts can be searched for, recommended, favorited, and blocked, your own status can be specified, and the network function can be activated or deactivated. When participating in digital meetings, additional personal data is processed, such as the voice and image of the meeting participants. The processing of personal data is necessary in this context for the provision of digital services.
Push notifications
Users of the digital services can be informed centrally by the event team via push notifications about the event itself or its exhibitors and products. The receipt of push notifications is subject to the consent of users via their respective end devices by granting authorization in the web browser or app settings. The respective push notification service can be switched off individually at any time and consent can thus be revoked. In the case of push notifications, the data is generally deleted as soon as the request has been processed.
Recipients of the data
We use service providers who act as our processors for the operation and maintenance of our digital services. All service providers are contractually obliged to treat your data confidentially.
Storage period
We process users' personal data until the profile is deleted. The profile can be deleted by the user themselves or will be deleted 3 years after the user's inactivity. Otherwise, we only process the user's personal data for as long as is necessary to fulfill the purposes pursued. In addition, we are subject to statutory retention periods, which arise, for example, from the German Commercial Code or the German Fiscal Code and may in some cases lead to longer processing of personal data.
Provision of data
The processing of the above-mentioned personal data is necessary in order to fulfill our contractual obligations for digital services and the functions used. Without the provision of your personal data, we cannot perform the digital services in the manner offered.
Withdrawal of consent
Consent can be revoked at any time with effect for the future. Revocation of consent does not affect the lawfulness of processing based on consent before revocation. The revocation must be addressed to the controller. In some cases, consent can be revoked in the app or web browser settings by withdrawing the respective authorization.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Ticket Wallet (app)
Purpose and legal basis
We process personal data for the ticket wallet of the digital services. Tickets from ticket shops and transport companies are added to the ticket wallet. This requires the transfer of personal data (master data). We offer tickets for events for purchase via ticket providers. Through Berliner Verkehrsbetriebe ("BVG," Holzmarktstraße 15-17, 10179 Berlin), we offer the option of purchasing tickets for public transportation to match the respective event. The process is partly automatic and partly only takes place after the user has manually activated the function in the digital services. The processing of personal data that takes place in this context is necessary in order to fulfill Messe Berlin's contractual obligation with regard to the ticket wallet and ticket functions, Art. 6 (1) lit. b GDPR.
Recipients of the data
In addition to our technical service provider for digital services, the recipients of the data are also the ticket shop providers and the BVG. All service providers are contractually obliged to treat your data confidentially.
Storage period
Your personal data will only be stored for as long as is necessary for the purpose of processing or to comply with our statutory retention periods.
Provision of data
The provision of the aforementioned personal data is contractually required to ensure the functionality of the Ticket Wallet feature.
Surveys
Purpose and legal basis
Survey tools from external service providers may be used for voluntary online surveys during the event period in connection with participation in the event. The personal data collected varies depending on the respective survey. The legal basis for processing the data to provide this function is our legitimate interest in efficient and interesting networking, Art. 6 (1) lit. f GDPR.
Recipients
We use service providers who act as our processors for operation and maintenance. All service providers are contractually obliged to treat your data confidentially.
Storage
Your personal data will only be stored for as long as is necessary for the purpose of processing.
Provision of data
The provision of your data is voluntary and based solely on your consent.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Lead and contact management
Purpose and legal basis
As part of digital services, users' personal data is processed with regard to their behavior or movements on the digital services. Some of this data is made available to users when they connect with each other on the digital services. This data is also made available to exhibitors depending on the services assigned or booked and the relevance for the respective exhibitor. Among other things, exhibitors can see how often users have viewed products, posts, and coupons.
In this context, exhibitors are shown the information from the profile of the respective user. In addition to the mandatory information specified in "General functionality of the digital services//profile," voluntary information from the profile is also processed. The legal basis for the processing is our legitimate interest in enabling personalized, efficient, and interesting networking and user experience within the digital services and in operating a profitable service, Art. 6 (1) lit. f GDPR. For the exchange of profile data between participants, processing is necessary for the fulfillment of the purpose of networking on the digital services, Art. 6 (1) lit. b GDPR.
Recipients of the data
We use service providers who act as our processors for the operation and maintenance of the digital services. All service providers are contractually obliged to treat your data confidentially.
Storage period
We only process your personal data for as long as the user profile exists.
Provision of data
The provision of your personal data is voluntary with regard to the optional information. However, the full functionality of the digital services cannot be guaranteed without processing. With regard to the mandatory information in the profile, the provision of this information is necessary for the conclusion of the contract.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Advertising Shop
Purpose and legal basis
In the advertising shop, exhibitors can purchase additional digital products for their company and product presentations or further marketing measures for the digital services in an online shop (advertising shop). In doing so, personal data is transferred to service providers. The processing of personal data is based on our legitimate interest (Art. 6 (1) (f) GDPR) in offering a modern and interesting online shop and ensuring a smooth shopping experience.
Recipients of the data
The advertising shop is offered via technical service providers. When you visit the advertising shop, personal data may be transferred to our technical service providers. All service providers are contractually obliged to treat your data confidentially.
Storage period
Data is stored in server log files in a form that allows the identification of the persons concerned for a maximum period of 30 days, unless a security-related event occurs (e.g., a DDoS attack). In the event of such an incident, server log files will be stored until the security-related incident has been resolved and fully investigated. Further storage will only take place if personal data is provided during the purchase process. This data will only be processed for as long as is necessary to fulfill the intended purposes or legal retention periods.
Provision of data
The provision of the aforementioned personal data is neither required by law nor contractually stipulated. However, without the IP address and cookie ID, the service and functionality of our website cannot be guaranteed. In addition, individual services may be unavailable or restricted.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Contact
Purpose and legal basis
Within the scope of digital services, there are various options for contacting us electronically. If a user takes advantage of this option, data is transmitted to us and stored. At the time the message is sent, the following data is also stored:
Date and time of the request
URL from which the request was made
IP address from which the request was made
Web browser and operating system used
We collect the content of your request. Your data is stored for the purpose of individual communication with you. The data entered for the purpose of establishing contact is processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR). Our legitimate interest in processing your data is to enable you to contact us easily.
Recipients of the data
We use service providers who act as our processors for the operation and maintenance of digital services. If you send us an inquiry regarding an offer, service providers used by us may receive data for these purposes, provided that they need the data to perform their respective services (e.g., IT services). All service providers are contractually obliged to treat your data confidentially.
Storage period
Data will be deleted no later than 6 months after the request has been processed.
Provision of data
The provision of your personal data is voluntary. However, we can only process your request if you provide us with the necessary data and the reason for the request.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Use of cookies - Basic information
A cookie is a small data record that is created when you visit a website and is temporarily stored on the system of the website user. If the server of these web applications is accessed again by the website user, the browser of the website user sends the previously received cookie back to the server. The server can evaluate the information obtained through this process. Cookies can make it easier to navigate a website. Cookies can be deleted at any time via the respective web browser.
Detailed information on cookies and which cookies are used on this website (after consent) can be found in our cookie consent tool, which you can access at any time by clicking on the icon at the bottom left of your web browser, and in our cookie policy.
Use of technically necessary cookies
Purpose and legal basis
We use cookies to make digital services more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:
Language settings
Consent management
Login information
Technically necessary cookies help to make the digital services usable by enabling basic functions such as page navigation and access to secure areas. Some functions cannot be offered without the use of cookies. For these, it is necessary for the user to be recognized.
Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in a user-friendly design of the digital services and in the documentation of consent.
Recipients of the data
We use technical service providers to operate and maintain our digital services, who act as our processors. All service providers are contractually obliged to treat your data confidentially.
Storage period
Details on the storage period of cookies and the technologies used in these tracking tools can be found in our cookie consent tool and in the cookie policy.
Provision of data
The provision of the aforementioned personal data is neither required by law nor contractually stipulated. However, without this data, the service and functionality of the digital services cannot be guaranteed. In addition, individual services may be unavailable or restricted.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Use of technically unnecessary cookies
Purpose and legal basis
When providing digital services, we also use cookies that enable analysis of users' surfing behavior. These cookies are used to make the use of the website more efficient and attractive. We use web analysis technologies from the following providers:
Google Ireland Limited
Amazon Web Services, Inc.
The legal basis for this processing is your consent, Art. 6 (1) (a) GDPR. Recipients of the data and third-country transfers
We use technical service providers to operate and maintain the digital services, who act as our processors. All service providers are contractually obliged to treat your data confidentially. Further recipients and details about the technical functioning of the tools used and information on how you can prevent data transmission (tracking) can be found in our cookie consent tool.
Third-country transfers take place with individual providers. Third-country transfers always take place on the basis of an adequacy decision or subject to appropriate safeguards in accordance with Chapter V of the GDPR. The corresponding services of the providers are listed as processing operations in the course of the data protection information.
Storage period
Details on the storage duration of cookies and the technologies used in these tracking tools can be found in our cookie consent tool and in our cookie policy.
Provision of data
The provision of your data is voluntary and based solely on your consent.
Withdrawal of consent
You can revoke your consent at any time by adjusting the desired settings in the cookie consent tool.
Profiling
Web analysis tools can be used to evaluate the behavior of visitors and users of digital services and analyze their interests. For this purpose, we create a pseudonymous user profile.
Cookie consent management
Purpose and legal basis
We use the consent manager from Usercentrics to obtain your consent to the storage of certain cookies on your device and the transfer of data to external service providers, and to document this in accordance with data protection regulations. This technology is provided by Usercentrics GmbH, Rosental 4, 80331 Munich (hereinafter "Usercentrics").
When you visit our website, the following personal data is transmitted to Usercentrics:
Your consent(s) or the revocation of your consent(s)
Your IP address
Information about your browser
Information about your device
The time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.
Recipients of the data
The recipients of the personal data are our technical service providers and Usercentrics, who act as processors for us. All service providers are contractually obliged to treat your data confidentially.
Storage period
The consent data (consent and revocation of consent) is stored for three years. The data is then deleted.
Provision of data
The provision of your personal data is voluntary. However, the functionality of the digital services cannot be guaranteed without processing.
Objection
Please read the information below about your right to object under Art. 21 GDPR. You can find options for objecting to and removing Usercentrics at: https://usercentrics.com/de/datenschutzerklaerung/.
Google Tag Manager
If you have given your consent (Art. 6 (1) (a) GDPR), our digital services use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a solution that allows us to manage tags used for tracking and marketing via a single interface. It enables the rapid deployment and updating of JavaScript and HTML tags on our web applications. The Google Tag Manager tool that implements these tags does not set cookies or collect personal data. Rather, it is used solely to manage other services, such as Google Analytics. These services may collect data themselves.
Further information on this can be found on the following website: https://www.google.com/intl/de/tagmanager/use-policy.html.
Recipients and third-country transfers
When you visit our digital services, your personal data, including your IP address, is transferred to Google in the USA. Google LLC is certified under the Data Privacy Framework. The transfer of data to the USA is therefore based on the European Commission's adequacy decision for the USA.
Storage period
The cookies used in this context, which are not used for personal identification, expire after 30 days.
Provision of data
The provision of your data is voluntary and based solely on your consent.
Revocation of consent
If you wish to prevent the tracking of your activities, you can refuse the use of cookies required for this purpose, for example by deactivating the automatic use of cookies in your browser or by making the appropriate settings in the cookie consent management system.
Google Analytics
Purpose and legal basis
If you have given your consent (Art. 6 (1) (a) GDPR), Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), is used on the web applications of the digital services. Google Analytics uses cookies that enable us to analyze your use of our digital services and draw conclusions about user behavior on our digital services. The information generated by the cookie about your use of the digital services is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these web applications, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of Messe Berlin, Google uses this information to evaluate your use of the web applications, to compile reports on activities and to provide other services related to platform usage.
For more information about data processing by Google, please visit the following link: https://policies.google.com/privacy.
Recipients and third-country transfers
The data is transmitted to Google. To enable this, we have concluded a data processing agreement with Google . Google processes your data in the USA. Google LLC is certified under the Data Privacy Framework. The transfer of data to the USA is therefore based on the adequacy decision of the European Commission for the USA.
Storage period
The data will be deleted as soon as you revoke your consent or it is no longer required to achieve the purpose for which it was collected. The data is generally deleted 14 months after it is provided.
Provision of data
The provision of your data is voluntary and based solely on your consent.
Withdrawal of consent
In addition to revoking the authorization to set analysis cookies and deleting them, you can prevent tracking by Google Analytics on our web application by deactivating this cookie in the Consent Management Tool.
You can also prevent Google from collecting and processing the data generated by the cookie and related to your use of the web applications (including your IP address) by downloading and installing the browser plugin available at the following link: Browser add-on to disable Google Analytics.
Google Firebase Analytics
Purpose and legal basis
If you have given your consent (Art. 6 (1) (a) GDPR), Google Firebase Analytics, an analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), is used via the digital services app. Google Firebase Analytics uses cookies that enable us to analyze your use of our digital services and draw conclusions about user behavior on our digital services. The information generated about your use of the digital services is usually transferred to a Google server in the USA and stored there. On behalf of Messe Berlin, Google uses this information to evaluate your use of the app, to compile reports on activities, and to provide other services related to the digital services.
For more information about data processing by Google, please visit the following link: https://firebase.google.com/support/privacy?hl=de.
Recipients and third-country transfers
The data is transferred to Google. To enable this, we have concluded a data processing agreement with Google.
Google processes your data in the USA. Google LLC is certified under the Data Privacy Framework. The transfer of data to the USA is therefore based on the adequacy decision of the European Commission for the USA.
Storage period
The data will be deleted as soon as you revoke your consent or it is no longer required to achieve the purpose for which it was collected. The data is generally deleted 14 months after it is provided.
Provision of data
The provision of your data is voluntary and based solely on your consent.
Withdrawal of consent
You can prevent tracking by Google Firebase Analytics by not giving permission to set the required cookie or by withdrawing your permission.
Google Ads and conversion tracking
Purpose and legal basis
If you have given your consent (Art. 6 (1) (a) GDPR), our digital services use Google Double Click, Ads, and Conversion Tracking. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of this processing is so-called conversion tracking, i.e., we can see what happened after you clicked on our ad. If you access our digital services via a Google ad, Google Ads sets a cookie on your device.
If you visit certain subpages of our digital services and the cookie has not yet expired, we and Google can recognize that you clicked on an ad and were redirected to us. The information collected by the conversion cookie is used to compile statistics regarding Google Ads. We receive the total number of users who clicked on our ad and were redirected to our digital services. However, the information received does not enable us to identify users personally.
For more information, please visit the following link: https://policies.google.com/privacy. Recipients and third-country transfers
When you visit our digital services, your personal data, including your IP address, is transferred to Google in the USA. Google LLC is certified under the Data Privacy Framework. The transfer of data to the USA is therefore based on the European Commission's adequacy decision for the USA.
Storage period
The cookies used in this context, which are not used for personal identification, expire after 30 days.
Provision of data
The provision of your data is voluntary and based solely on your consent.
Revocation of consent
If you want to prevent the corresponding tracking of your activities, you can refuse the use of cookies required for this purpose, for example by deactivating the automatic use of cookies in your browser or by blocking cookies from the domain "googleleadservices.com". In addition, you can deactivate relevant cookies at the following link: https://adssettings.google.com.
Google Marketing Platform
Purpose and legal basis
If you have given your consent (Art. 6 (1) (a) GDPR), our digital services use the services of the Google Marketing Platform (formerly "DoubleClick"), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This tool uses cookies to serve ads that are relevant to users, to improve marketing campaigns, and to prevent a user from seeing the same ad multiple times. For this purpose, Google uses a cookie ID to record which ads have been displayed in which browser. In addition, Google can use the cookie ID to record so-called conversions, i.e., the fact that a web application visitor visited our web applications after seeing a relevant ad. If you are logged into your Google account, Google can associate your visit to the corresponding web application with your user account. If you do not want this, please log out of your Google account beforehand.
Recipients and third-country transfers
Your personal data will be transferred to Google in the USA. Google LLC is certified under the Data Privacy Framework. The transfer of data to the USA is therefore based on the adequacy decision of the European Commission for the USA.
Storage period
Your data will be deleted as soon as you revoke your consent or the data is no longer required to achieve the purpose for which it was collected.
Provision of data
The provision of your data is voluntary and based solely on your consent.
Withdrawal of consent
To prevent the use of the Google Marketing Platform, you can, in addition to the options in the consent management banner, prevent the setting of the corresponding cookies, for example in your browser settings or by adjusting your settings accordingly at the following link: https://adssettings.google.com.
Contact for information and advertising purposes by companies of the Messe Berlin Group
Purpose and legal basis
Messe Berlin processes the information from the profile, in particular the contact details, for the purpose of establishing contact and sending users information, including in particular (editorial) newsletters, print and digital media offerings, industry-specific web portals, and lead campaigns. For these purposes, Messe Berlin also forwards the data to other companies within the group. The processing is based on our legitimate interest in providing an interesting and personalized customer experience, Art. 6 (1) lit. f GDPR, or in the case of newsletters and similar communications, on your consent pursuant to Art. 6 (1) lit. a GDPR.
Storage period
For more information on the storage period for contact data in your profile, please refer to the chapter "General functions of digital services." Lists for newsletters can be created so that persons who have revoked their consent to receive newsletters no longer receive them. The email addresses stored there are deleted as soon as they are no longer required for the purpose.
Recipients of the data
We use service providers who act as our processors for the operation and maintenance of the digital services. All service providers are contractually obliged to treat your data confidentially. The companies within the group receive the personal data on the basis of an intercompany agreement (ICA).
Provision of data
In order to fulfill our contractual obligations for digital services and the functions used, it is necessary to process personal data used for establishing contact.
Revocation of consent
Consent can be revoked at any time with effect for the future. Revocation of consent does not affect the lawfulness of processing based on consent before revocation. The revocation must be addressed to the controller. In some cases, consent can be revoked in the app or web browser settings by withdrawing the respective authorization.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Crash reporting
Purpose and legal basis
Crash reporting is a separate function used to identify errors in the event of an app crash. In this context, the following data is processed: the device ID, device model, device name, operating system, timestamp, and cause of the error. The data is required for crash reporting in order to analyze and fix errors or crashes in the app. This purpose represents our legitimate interest in data processing. The processing is therefore based on the legal basis of Art. 6 (1) lit. f GDPR.
Recipients and third country transfers
We use the CrashLytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Your personal data is transferred to Google in the USA. Google LLC is certified under the Data Privacy Framework. The transfer of data to the USA is therefore based on the adequacy decision of the European Commission for the USA.
Storage period
The data will be deleted as soon as it is no longer required for the purpose for which it was collected.
Objection
Please read the information below about your right to object under Art. 21 GDPR.
Location-based services
Purpose and legal basis
Access to the location of the smartphone is required for so-called location-based services. This service is used to obtain helpful information about the respective event depending on the individual location. Among other things, the location data is used to show the user their respective location and associated nearby services or advertising, as well as to generate accumulated movement profiles of users (e.g., so-called heat maps). The location service provider pseudonymizes the personal data in such a way that Messe Berlin can no longer assign it to specific individuals.
Processing only takes place after consent has been given or authorization to access the user's location data has been granted when setting up the app (legal basis: Art. 6 (1) (a) GDPR). Access can be terminated at any time in the operating system settings by deactivating the corresponding authorization.
Recipients of the data
We use service providers who act as our processors for the operation and maintenance of the digital services. All service providers are contractually obliged to treat your data confidentially.
Storage period
Only data provided by the user is stored. The user can delete this data independently. Automatic deletion occurs when the user profile is deleted.
Provision of data
The provision of your personal data is voluntary. However, the full functionality of the digital services cannot be guaranteed without processing.
Revocation of consent
Consent can be revoked at any time. To do so, please deactivate the permissions in the app settings on your device.
Calendar, address book, camera, device wallet, photo gallery, and storage access
Purpose and legal basis
When setting up the app, the user can give their consent (legal basis Art. 6 (1) (a) GDPR) or authorization to access the following data on their smartphone: calendar, address book, camera, device wallet, photo gallery, and storage. Access to the calendar, device wallet, and address book is used exclusively to store data from the digital services on the user's device. No personal data is transferred from the device to the digital services. When accessing the camera, photo gallery, and memory of the terminal device, only the personal data that is captured with the camera or loaded from the memory to the digital services is read. This may include images, for example. In addition, certain data, such as the digital business card or individual trade fair visit data, may be stored from the digital services on the user's terminal device.
Recipients of the data
We use service providers who act as our processors for the operation and maintenance of the digital services. All service providers are contractually obliged to treat your data confidentially.
Storage period
Only data provided by the user themselves is stored. The user can delete this data independently. Automatic deletion occurs when the user profile is deleted.
Provision of data
The provision of your personal data is voluntary. However, the full functionality of the digital services cannot be guaranteed without processing.
Withdrawal of consent
Consent can be revoked at any time. To do so, please deactivate the permissions in the app settings on your device.
Data security
We only handle personal data in accordance with data protection regulations. We also take all necessary technical and organizational security measures to protect your personal data from unauthorized access and misuse at all times.
Where we store or process personal data, this is done within a high-security data center. To protect the security of your data during transmission, we use encryption methods (e.g., SSL) via HTTPS. Our servers are secured by firewalls and virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.
Our employees are obliged to comply with the provisions of the GDPR and the BDSG when handling data.
Data protection rights
Every data subject has the right to information in accordance with Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR, and the right to data portability under Art. 20 GDPR.
The restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right to information and the right to erasure.
You can revoke your consent to the processing of personal data at any time. Please note that the revocation only applies to the future. Processing that took place before the revocation is not affected.
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). A list of supervisory authorities with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links- node.html
Information about your right to object under Art. 21 GDPR
Right to object in individual cases
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) lit. f GDPR (data processing based on a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
Recipients of an objection
The objection can be made informally with the subject line "Objection" and stating your name, address, or other identifying characteristics to:
Messe Berlin GmbH Messedamm 22
14055 Berlin
Email datenschutz@messe-berlin.de
Changes to our privacy policy
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
The current version is dated January 15, 2026.