Contact: +49 30 2045 9090

Privacy Notice

Information regarding data protection to be provided in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR)
 

MCI takes the protection of your personal data very seriously. Our goal is to use different formats (in-person, digital, hybrid) to provide you with a convenient range of training, while also protecting your right to informational self-determination and ensuring the protection of your privacy. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) for the sole purpose of complying with contractual obligations (point (b) of Article 6(1), first clause GDPR), on the basis of your consent (point (a) of Article 6(1), first clause GDPR) or on the basis of legal requirements (point (c) of Article 6(1), first clause GDPR), as well as when we have a legitimate interest (point (f) of Article 6(1), first clause GDPR). The following Privacy Notice gives you an overview of when we store which data, for which purpose we use it and how we ensure the protection of your personal data.

I. The controller’s contact details
MCI Deutschland GmbH
Markgrafenstraße 56, 10117 Berlin, Germany
Tel.: +49 30 20459-0
Email: datenschutz@wearemci.com

II. The data protection officer’s contact details
Data protection officer of MCI Deutschland GmbH
Mr Thomas Werning
Dieselstraße 12, 32791 Lage, Germany
Tel.: +49 5232 98047-00, E-Mail: dsb-mci-bi@werning.com

III. Data processing

1.           Which personal data do we process?

We process the following personal data:

  • First name, surname, academic title
  • Postal address, email addresss, telephone number, mobile number
  • Company, department
  • Profession
  • Financial and bank details, but only if they are required for remuneration for our services or for the reimbursement of expenses
  • IP address
  • if you are a supplier to the forging industry, a manufacturer of forgings or none of those, postal address, telephone, fax and your email address.

 

2.           Purpose of the processing

2.1         Purpose of the processing when participating in events on-site

Data is processed in order to host and arrange training events, conventions, conferences and other seminar services within the scope of the performance of our contracts with our participants or to perform pre-contractual measures, which are carried out on request. The purposes of data processing are primarily based on the specific service (e.g. medical specialist course, further training course, specialist convention, one-day seminar). If necessary, we continue to process your data past the actual fulfilment of the contract on the grounds of our legitimate interests (e.g. exercise of legal claims and defence in the event of legal disputes). Data processing may also be carried out on the basis of your consent or on the grounds of a legitimate interest on our part.

We process photos, videos and audio recordings of you during the event in order to broadcast the event to third parties live on a conference or streaming platform and/or to make all or part of the event available to third parties on demand via various channels. These channels are the MCI online media library, conference platforms and platforms for further training events, as well as social media (Instagram, Facebook, Twitter).

We also process photos and videos for the purposes of documentation and illustration, both on various online channels and for printed materials (e.g. training brochures). Examples of the online channels include the MCI homepage and training platforms.

2.2         Purpose of the processing when participating in virtual events

Data is processed in order to host and arrange digital and hybrid training events, conventions, conferences and other seminar services within the scope of the performance of our contracts with our digital participants or to perform pre-contractual measures, which are carried out on request. The purposes of data processing are primarily based on the specific service (e.g. online specialist conference, online medical specialist course, online seminars), either digital or hybrid. If necessary, we continue to process your data past the actual fulfilment of the contract on the grounds of our legitimate interests (e.g. exercise of legal claims and defence in the event of legal disputes). Data processing may also be carried out on the basis of your consent or on the grounds of a legitimate interest on our part.

We process photos, videos and audio recordings to enable us to provide you with a comprehensive portfolio of online services when participating in digital events, particularly to enable you and/or to make it easier for you to participate in video conferences or to communicate in chatrooms/breakout rooms.
 

3.           Data categories

3.1         Data processing in companies

3.1.1      General

We process personal data when you register (online, e.g. when requesting event materials) and/or when you sign up for an event.
When signing up, you have the option to enter a different billing address.

Furthermore, every time a user visits a page we operate, data pertaining to this process is stored in a log file. This data is used for analyses for statistical purposes; it is not merged with the personal details provided by the user.
Specifically, the following types of data are stored each time a page is viewed:

  • Name of the file retrieved
  • Date and time of visit
  • Data volume transmitted
  • Message as to whether access was successful
  • Description of the type of web browser used
  • Operating system used
3.1.2      When participating in an event on-site

As a participant of an in-person event you get a participant ID card on which the personal data provided when registering/signing up is stored and then read at the event location using a barcode/QR code scanner. We process your personal data every time this is scanned when moving around the conference site. Some scanning processes can be actively carried out by the participants themselves, e.g. at certain exhibition stands, and are sometimes automatic, e.g. when switching rooms. In particular, the purpose of the scanning procedure is to provide proof of your mandatory training. Data processing procedures carried out by the sponsor, which carries these out in the form of scanning procedures subject to consent at its exhibition stand, are subject to the relevant sponsor’s data protection statement.

3.1.3      At virtual  events

We process personal data when you register (online, e.g. when requesting event materials) and/or when you sign up on the relevant conference platform.
We also process personal data every time you sign up for a chatroom, breakout room or video conference. If you activate access on your microphone and/or video camera, audio and video data is processed and played back.  As a participant, you can disable such access again at any time using the buttons with the relevant symbols.  Participation in a digital event is still possible if you disable access. There is also the opportunity to send text messages in a group chat, which are visible to all the participants in a given case. Clear notices are used on visibility and recording for individual participants when breakout rooms are entered for individual meetings.
You are given further information on the platforms we use in general, on how your data is handled and on server locations when visiting the relevant provider’s website or installing the provider’s application on your device. These service providers act as our processors when using video conferencing systems during digital and hybrid events.
 

3.2     External service providers

We sometimes use external service providers to carry out our duties. You can find a list of the contractors and service providers with which we have permanent business relationships in the attached overview.
The data collected during registration is also used for our own statistical purposes and is also encrypted and sent to our service providers and sponsors, provided that consent has been given.

3.3     Other recipients

We do not transfer your personal data to any other recipients.
 
4.       Legal basis

In accordance with point (a) of Article 6(1), first clause GDPR, we use the photos, videos and audio recordings of you during events on the basis of your consent to the processing of personal data concerning you.
The processing of the specified data for the purpose of performing our contracts with our participants or for performing pre-contractual measures is also carried out on the basis of points (b) and (f) of Article 6(1), first clause GDPR. Processing is also required to implement the agreement.

Our legitimate interest lies in an essential and appropriate customer relationship with you. We would like to use direct marketing to provide you with detailed information on other available training opportunities following your event and to encourage you to take part in these, as well as to send you offers for our services.

You have the right to object to the processing of data concerning you that is being carried out in accordance with point (f) of Article 6(1), first clause GDPR at any time and to state the reasons for this. The objection can be made in any form and should be directed, where possible, to: datenschutz@mci-group.com. If you do object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
 

5.     Right of withdrawal

You can withdraw consent that you have given at any time with effect for the future; this does not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal. Consent granted by law remains unaffected by a withdrawal of consent, for example because the recording of the event constitutes an image from contemporary history or you have only appeared as an accessory or participated in a similar convention or event (legal basis point (f) of Article 6(1), first clause GDPR and Section 23(1) of the German Art Copyright Act (Kunsturhebergesetz, KUG)). If a claim for erasure is made, the recordings are removed from our own web pages or rendered unrecognisable (e.g. through pixelation) and no longer used for new printed materials. Information published on the Internet may remain accessible through archiving services even after it has been erased from the original web page. According to the information currently available, it is no longer possible to erase photos and data on social media services; instead, they are simply no longer publicly displayed.

6.     Duration of storage

We erase your personal data as soon as it is no longer required for the aforementioned purposes. There are different storage periods depending on the nature of the personal data:

6.1      Billing data (first name, surname, academic title and postal address): max. 10 years (retention of encrypted data only)
6.2      Event organisation data:
6.2.1   Images, videos and audio recordings of on-site events: 3 months to max. 1 year (depending on the media library program)
6.2.2   Images, videos and audio recordings of virtual events: 3 months to max. 1 year
6.2.3   Other essential data for hosting the event (IP addresses, email addresses, telephone numbers, mobile numbers, fax numbers): Erased immediately after the event
6.3      Data serving as proof of mandatory training (affiliation with a particular occupational group, membership, company, department, profession, professional function, specialist area/specialism, EFN if applicable): 3 years
6.4      Data used for direct marketing (email addresses, telephone numbers, mobile numbers, fax numbers, postal addresses): 3 years
6.5      Financial and bank details: Erased immediately after payment

7.     Sources of personal data

We obtain the data collected from

  • Your registration
  • or from our own database.
  • Participant data from previous training events
8.     Automated decision-making

We do not carry out any automated decision-making, including profiling.
 
  
IV.     Data security

We take appropriate technical and organisational safety measures to protect your data against accidental or intentional data manipulation, partial or complete loss, destruction or unauthorised third-party access (e.g. TSL encryption), taking into consideration the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including the probability and consequences thereof) for data subjects. Our security measures are continuously improved in line with technological developments. We would be happy to provide you with further information regarding this on request. To request this, please contact: datenschutz@mci-group.com.
 
V.    International data transfers

MCI Germany processes personal data on servers in the Netherlands and Ireland.
When transferring data, MCI Germany complies with all provisions laid down in the GDPR which apply for the processing of EU citizens’ personal data.
MCI Germany processes personal data on the servers in its data centre in Switzerland.
There is an existing adequacy decision for Switzerland as a third country in accordance with Article 45(1) and (3) GDPR. When transferring data to Switzerland, MCI Germany complies with all provisions laid down in the GDPR which apply for the processing of EU citizens’ personal data.
 
VI.    Data subject rights

In accordance with Article 15 GDPR, you can request access to the data concerning you that we are storing via the address above. Under certain circumstances, you can also obtain the rectification of your data in accordance with Article 16 GDPR or the erasure of your data in accordance with Article 17 GDPR. Additionally, you have the right to the restriction of processing of your data in accordance with Article 18 GDPR as well as the right to the provision of the data in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions laid down in Sections 34 and 35 BDSG apply.
 
You also have the option to lodge a complaint with the data protection officer above or a data protection authority. The data protection supervisory authority responsible for us is:
 
The Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit)
Friedrichstraße 219, 10969 Berlin, Germany
mailbox@datenschutz-berlin.de
 

 

VI. Overview of service providers

Overview of the service providers of the controller in accordance with the legal obligation to provide information

Service provider

Service/Purpose of the assignment

EventClasss GmbH

Online registration

Palacio Euskalduna

Conference Center

Trust & Desire GbR

Hosting of Website

MCI Suisse SA

Data storage

Haberling GmbH & Co. Int. Sped. KG

File shredding

drehwerk e.K

Audio-visual communication

Vision Concept

Supplier technique

emfITs GmbH

Virtual platform




VIII.       Notification of change

This Privacy Notice may be updated on a regular basis. We will update the date of this Privacy Notice accordingly.

 
RIGHT TO OBJECT
Information on your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)
CASE-SPECIFIC RIGHT TO OBJECT
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1), first clause GDPR (data processing on the basis of a balance of interests). If you do object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended for the assertion, exercise or defence of legal claims.
The objection can be made in any format and should be directed, where possible, to: datenschutz@wearemci.com
 
 
Version dated March 2022