New Release

Too Big to Fill? Reducing Gaps in Development Finance Post-USAID | Munich Security Analysis 3/2025

More

Event-related Privacy Policy

With the following information we would like to inform you about the processing of your data in our company and the data protection claims and rights to which you are entitled comprehensively in the sense of Art. 13 of the European Data Protection Regulation (EU GDPR).

Information requirements for accreditation

Who is responsible for data processing and whom can you contact?

Responsible body:

Stiftung
Münchner Sicherheitskonferenz (non-profit) GmbH
Karolinenplatz
80333 Munich
E-Mail: office@securityconference.org
Phone: +49 89 3797 949 0

The company data protection officer is

Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse  14
93047 Regensburg
E-Mail: anfragen@projekt29.de
Phone.: +49 941-2986930


What data is processed and from which sources does this data originate?

We process the data that we have received from you in the course of preparing for and participating in our activities on the basis of consent (personnel) or in the course of your registration (personnel) or application or in the course of your employment with us.

Personal data include:

The following minimum contents are recorded by MSC gGmbH in advance:

  • First name
  • Last name
  • Birth name
  • Date of birth
  • Birthplace
  • Availability by phone - mobile
  • E-mail address
  • ID number, as far as professionally to be raised and, if necessary
  • Copy of an identification document, if necessary
  • Image data (biometric)
  • Organization or employer
  • Access authorizations of the participants
  • Video recordings and image data

In addition, we also process the following other personal data:

  • Information about the nature and content of contract data, order data, sales and document data, customer and supplier history, and consulting records,
  • Advertising and sales data,
  • Information from your electronic traffic with us (e.g. IP address, portal ID, person ID, log-in data),
  • other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
  • Data that we generate ourselves from master / contact data and other data, such as by means of customer demand and customer potential analyses,
  • If applicable, documentation of your consent for longer-term storage of your data,

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended.

On the basis of consent, Art. 6 para. 1 p. 1 a) GDPR

The processing, storage and, if necessary, transfer of personal data of our participants/service providers at events is carried out by Stiftung Münchner Sicherheitskonferenz gGmbH for the purposes of storing your data beyond the processing purpose. We only store your data beyond the conference with your consent in order to ensure a smooth process at subsequent events. The processing is only based on consent according to Art. 6 (1) a) GDPR, unless you have objected to the processing and storage.

The issuance of such a declaration of consent is voluntary and the signatory will not suffer any disadvantages (under employment law or otherwise) if he or she refrains from issuing such a declaration. The declaration of consent can be withdrawed at any time without giving reasons with effect for the future.

Fulfillment of a contract or pre-contractual measures, Art. 6 para. 1 b) GDPR

If you are an employee of MSC or of a contracted service provider, we process your data for accreditation purposes and for the performance of the contractual basis.

Legitimate interest according to Art. 6 para. 1 f) DSGVO

For monitoring and security of the event, some areas of the event will be under video surveillance. The areas are marked with appropriate signs.

For the accreditation process, image data will be processed by an external IT service provider (KI-based decision, if image quality is sufficient for usage).

Who receives my data?

If we use a service provider in the sense of commissioned processing, we nevertheless remain responsible for the protection of your data. All commissioned processors are contractually obligated to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfill their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system. In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data. In addition, for the purpose of contract initiation and fulfillment, insurance companies, banks, credit agencies and service providers may be recipients of your data. Otherwise, we do not pass on your data to third parties.

How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (such as from the Commercial Code, the Tax Code, or the Working Hours Act). If we are permitted to store your data on the basis of your consent, we will process your data until you revoke it, but in the case of service providers only for a maximum of five years ; beyond that, until the end of any legal disputes in which the data is required as evidence. In the case of conference participants, we store and process your personal data until your revocation or if the purpose of the processing is no longer necessary, in which case we delete your personal data.


Is personal health data transferred to a third country?

In principle, we do not transfer any health data to a third country.

Am I obliged to provide data?

The processing of your data is necessary for the implementation or fulfillment of your event participation (registration or commitment and implementation of participation) in an MSC activity. If you do not provide us with this data, we will usually have to refuse participation in our activities or will no longer be able to carry out an existing participation and consequently have to terminate it.

Data subject rights

You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, as well as a right to object to the processing and a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to access:

You can request information from us as to whether and to what extent we process your data.

Right of rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right of erasure (right to be forgotten):

You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests of protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing:

You may request us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse erasure and request restriction of data use instead
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have objected to the processing of the data.

Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that

  • we process such data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us; and
  • this processing is carried out with the help of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.

Right to object:

If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to lodge a complaint with a supervisory authority:

If you are of the opinion that we are violating German or European data protection law in processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this privacy information

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please make sure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce them on our website.

All interested parties and visitors to our website can contact us regarding data protection issues at:

Mr. Christian Volkmer
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg

Tel.: +49 941 298 693 0
Fax: +49 941 298 693 16
anfragen@projekt29.de
www.projekt29.de