Data privacy

Privacy Policy

In connection with the use of this website, personal data concerning you will be processed by us, as the controllers responsible for data processing, and stored for as long as is necessary to fulfill the specified purposes and statutory obligations. The following provides information on the nature of the data concerned, the manner in which they are processed, and the rights to which you are entitled in this context.

Pursuant to Article 4(1) of the General Data Protection Regulation (GDPR), personal data means any information relating to an identified or identifiable natural person.

1. Controller within the meaning of the GDPR

This Privacy Policy applies to data processing on the website online-print-summit.com by the joint controllers:

Verband Druck und Medien Beratung GmbH
Einsteinring 1a
85609 Aschheim

and

zipcon consulting GmbH
Am Buchenhain 4
45239 Essen
Germany

(hereinafter collectively referred to as “OPS”).

Inquiries regarding data protection (including requests for data erasure or the withdrawal of consent) may be directed to us at:

E-mail: privacy-policy@online-print-summit.com

2. Processing of Personal Data and Purposes of Processing

Personal data refers to any information relating to an identified or identifiable natural person. This includes, for example, date of birth, email address, postal address, telephone number, and profile photo. Personal data also includes information that is automatically collected through the use of our website, our ticket shop, and our digital event platform (so-called access data). In addition to access data, we process personal data only if you voluntarily provide it to us, e.g., as part of registration, a contact request, newsletter subscription, or ticket purchase. Personal data will only be used to the extent necessary and exclusively for the purpose to which you have consented or that is legally permissible.

a) When visiting the website

You may access the website online-print-summit.com without disclosing your identity. When you access our website, your device automatically transmits data for technical reasons. The following data is stored separately from other information you may provide to us:

  • Date, time, and duration of your visit
  • IP address
  • Accessed web page
  • User tool (i.e., web browser, operating system) used to access content
  • Actions carried out on our website
  • Whether access was successful or not
  • Retrieved information, including downloads

These data are stored in log files and deleted after 14 days. The data contained in log files are stored separately from other data relating to you.

Longer storage occurs only in exceptional cases (e.g., in cases of suspected misuse or fraud). In such cases, the relevant log files are retained until the matter has been clarified and any subsequent necessary measures have been completed.

The access data is technically necessary for us to display the website to you and to ensure its stability and security. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR, as we have a legitimate interest in being able to offer you our services in a technically flawless, secure and optimized manner.

For the provision of our website and related services, we use service providers who process your data exclusively on our behalf and in accordance with our instructions (so-called processors pursuant to Art. 28 GDPR). These include:

  • Website hosting provider: united domains
  • Customer Relationship Management provider: HubSpot, Inc., WordPress
  • Ticket shop provider: Stripe
  • Video embedding provider: YouTube
  • Digital community app provider: Eventify by TeksMobile Australia Pty Ltd., 1/10-14 Boyle St, Sutherland, NSW 2232, Australia
 

b) When booking tickets / registering for and using the community app

If you wish to participate in the Online Print Summit, you must purchase a ticket or redeem a voucher code via our website or the digital community app. Without the mandatory information listed below, it is not possible to book a ticket or create the required account in the community app. With the purchase of a ticket, an account in the digital community app is automatically created for you. Ticket purchases without registration are only possible during the event on-site. After registration, you must log into our digital community (event platform) app. We process the personal data you provide to us during registration for this purpose.

Our events are reserved for professional participants. To purchase a ticket or redeem a voucher code, we require the following mandatory information:

  • Name
  • Business email address
  • Position
  • Company
  • Country
  • Address
  • Interests/marketing characteristics

In addition, you may voluntarily provide the following information in your profile during or after registration for the digital community app:

  • Academic title
  • Telephone number(s)
  • Expertise/know-how
  • Company size and industry
  • Job title
  • Profile photo

These details are voluntary and not required for purchasing a ticket or creating an account in the community app.

By default, the following information is visible to other participants in the community app: name, company, and position. Your email address and postal address are not publicly visible in the community app. If you provide voluntary information, these details are also visible to other users of the app. You may remove the visibility of voluntary information at any time by deleting it.

The personal data provided as mandatory information are required to create your account in the digital community app after ticket purchase. These details are also needed to identify you as a professional participant and grant access to the event. Finally, this data is necessary to respond to any inquiries you may have. The legal basis for this processing is Art. 6(1)(b) GDPR, as it is required for the performance of a contract. The participant list, basic profile visibility (name, company, position), event communication, and on-site check-in are also carried out for the performance of the contract, pursuant to Art. 6(1)(b) GDPR.

Your mandatory information is also used to connect you with suitable exhibitors or contacts. Sharing your information with other participants through the community app facilitates networking during the event. This processing is based on our legitimate interest under Art. 6(1)(f) GDPR.

You will only receive push notifications via the community app if you have expressly consented in the community app or your device settings, pursuant to Art. 6(1)(a) GDPR. Consent for push notifications can be withdrawn at any time via your device settings.

The data is also processed for the purpose of advertising our events and services (on the basis of Section 7 (3) UWG or, if consent has been given, in accordance with Art. 6 (1) sentence 1 lit. a) GDPR) as well as to optimize the event and for market and opinion research. This includes information such as name, company name, photos, videos, logo, quotes and voluntarily published contributions/texts.

Specifically, we process your personal data for the following purposes:

  • Purchase of tickets for our events and formats
  • Redemption of vouchers
  • Verification of your status as a professional participant
  • Creation of an account and user profile in the digital community app
  • Sending newsletters and mailings with announcements, professional information, and other materials relating to events and content you are interested in
  • Offering customized service offerings
  • Requests to participate in market and opinion research
  • Prevention or detection of misuse and fraud, in particular regarding vouchers and free tickets
  • Easy updating of your personal data via the internet

Data entered at a later date is also assigned to the customer account.

We regularly store ticket and billing data for 10 years due to legal obligations. App accounts, including the chats/appointment arrangements they contain, are deactivated a maximum of 360 days after the end of the event and permanently deleted after a further 14 days. We document consents and objections for up to three years after last use.

To provide our digital community app, we use the Eventify service of TeksMobile Australia Pty Ltd, 1/10-14 Boyle St, Sutherland, NSW 2232, Australia as a processor. This may involve the transfer of personal data to Australia. We have concluded the EU standard contractual clauses with Eventify and implemented additional protective measures. Details on recipients and third country transfers can be found under section 3.

c) Registration for the newsletter

If you have expressly consented pursuant to Art. 6(1)(a) GDPR, we will use your email address to send you our personalized newsletter on a regular basis. To receive the newsletter, providing an email address is sufficient. Additional details are optional and serve to adapt the newsletter to your specific needs.

We use the double opt-in procedure. After registering, you will receive an email asking you to confirm your subscription. Only after confirmation will the newsletter be sent. We record the time of registration and confirmation, the IP address used, and any changes to your newsletter preferences in order to be able to demonstrate your consent.

For distribution, management, and statistical analysis of our newsletter, we use the services of HubSpot as a processor. The processor is HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland. HubSpot Ireland is a subsidiary of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. This may involve the transfer of personal data to the USA. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework (DPF). Transfers to the USA are therefore based on the adequacy decision of the EU Commission (Art. 45 GDPR). The current certification status can be checked at: https://www.dataprivacyframework.gov/s/participant-search. Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/privacy-policy (see also Section 3(b)).

To measure the effectiveness of our newsletters, we use web beacons (tracking pixels) and individualized links through HubSpot. This allows us to record, among other things, openings, clicks, deliveries, bounces, unsubscribes, and, where applicable, conversions. This evaluation is used for statistical analysis and to improve our content. The legal basis for sending newsletters and measuring effectiveness is your consent (Art. 6(1)(a) GDPR).

You may withdraw your consent to receive the newsletter at any time with effect for the future. To do so, you can unsubscribe via a link provided at the end of each newsletter. Alternatively, you may send your unsubscribe request at any time via email to contact@online-print-summit.com.

If we send emails to existing customers about our own similar products/events, this is based on Section 7(3) UWG in conjunction with Art. 6(1)(f) GDPR. You may object to this at any time without incurring costs other than the basic transmission charges (see also Section 10).

We process your data for newsletter purposes until you withdraw your consent/unsubscribe. Unsubscribed email addresses are added to a suppression list (blacklist) to prevent further emails. Records of consents and unsubscribes are retained for up to three years after the last newsletter was sent to you in order to comply with legal proof obligations.

3. Disclosure of personal data

a) Disclosure of personal data

Your personal data will be disclosed to third parties to the extent permitted by law and in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you or in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR to protect our interests or those of third parties. This includes in particular

  • Disclosure of your registration data to the ticket shop service provider and community app operator Eventify, as well as the payment service provider Stripe, for the purpose of handling online registration and payment processing;
  • Disclosure of your registration data to the organizers, VDM Beratung GmbH, Einsteinring 1a, 85609 Aschheim, and zipcon consulting GmbH, Am Buchenhain 4, 45239 Essen, for the purpose of event planning and execution; disclosure of your data for the enforcement of our rights, in particular for the enforcement of claims arising from the contractual relationship with you;
  • Disclosure of your data to Eventify as the operator of the community app, which is deployed as a white-label solution by the organizers.

Your first and last name as well as your function will be listed on participant lists of the event, which will be issued to other participants upon request. This data processing serves to enable participants to network and therefore to fulfill the contract for participation in the event and is based on Art. 6 para. 1 sentence 1 b) GDPR.

b) Transfer to third countries

Personal data will only be transferred to third countries if the requirements of Art. 44 et seq. GDPR are met.

A third country is a country outside the European Economic Area (EEA) in which the GDPR does not apply directly. A third country is considered unsafe if the EU Commission has not issued an adequacy decision pursuant to Art. 45(1) GDPR confirming that the country provides an adequate level of protection for personal data.

For transfers to recipients in the USA that are certified under the EU-U.S. Data Privacy Framework (DPF), we rely on the adequacy decision of the EU Commission of 10 July 2023 (Art. 45 GDPR). You can check the current certification status of the relevant recipients at: https://www.dataprivacyframework.gov/s/participant-search.

If the transfer is made to recipients not covered by an adequacy decision, we use the EU Standard Contractual Clauses pursuant to Art. 46 GDPR and, where necessary, implement additional safeguards. In particular, it cannot be excluded in these countries that authorities may access data for control and monitoring purposes. We assess such transfers in the context of a Transfer Impact Assessment.

We inform you in this privacy notice when and how we transfer personal data to the USA or to other unsafe third countries. We transfer your personal data only if:

  • the recipient provides sufficient safeguards under Art. 46 GDPR for the protection of personal data,
  • you have expressly consented to the transfer after we have informed you of the risks in accordance with Art. 49 para. 1 lit. a) GDPR,
  • the transfer is necessary for the performance of contractual obligations between you and us, or
  • another exception under Art. 49 GDPR applies.
    Safeguards under Art. 46 GDPR may include the EU Standard Contractual Clauses. In these clauses, the recipient undertakes to adequately protect the data and ensure a level of protection comparable to the GDPR. We have verified in advance that the recipient is able to comply with the agreed safeguards.

c) Other disclosure of data

Personal data may also be disclosed if there is a legal obligation to do so in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR.

4. Cookies

We use cookies and other technologies such as pixel tags or similar tools (hereinafter collectively referred to as “cookies”) on our website. Cookies are small files that your browser automatically generates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device, nor do they contain viruses, trojans, or other malicious software.

The information stored in cookies is specific to the device being used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves, on the one hand, to make your use of our website more convenient. For example, we use session cookies to recognize that you have already visited individual pages of our website.

In addition, we use temporary cookies to optimize user experience. These cookies are stored on your device for a defined period of time. If you return to our website to use our services again, it will automatically recognize that you have already visited us and recall the inputs and settings you previously selected, so you do not have to re-enter them.

We also use cookies to collect statistical data on the use of our website and to evaluate it for the purpose of optimizing our services. These cookies allow us to automatically recognize repeat visits to our site. Such cookies are deleted automatically after a defined period.

We only use cookies to the extent that you have consented to their use via our cookie management tool. Cookies that are technically necessary for providing a service you have requested are set without requiring consent. Data processed by cookies are handled either on the basis of your consent pursuant to Art. 6(1)(a) GDPR or on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. The purposes outlined above are necessary to safeguard our legitimate interests.

You may withdraw your consent at any time for the future or adjust your settings through our cookie management tool.

We use the consent management service provided by:

Complianz BV
CoC 717814475
Kalmarweg 14-5
9723 JG Groningen, The Netherlands

In this context, the date and time of the visit, browser information, consent data, device information, and the anonymized IP address of the requesting device are processed. The legal basis is Art. 6(1)(f) GDPR. The collection and management of legally required consents is deemed a legitimate interest within the meaning of the aforementioned provision. Records of withdrawn consents are retained for a period of one year.

5. YouTube

On the basis of your consent pursuant to Art. 6(1)(a) GDPR, we integrate components (videos) from YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”), a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can provide this consent through the consent management tool and withdraw it at any time with effect for the future.

We use YouTube’s “enhanced privacy mode” option.

When you visit a page containing an embedded video, a connection is established to YouTube’s servers and the content is displayed in your browser.

According to YouTube, in “enhanced privacy mode”, your data—including which of our pages you visited, as well as device information including your IP address—are only transmitted to YouTube servers in the USA if you actually view the video. By clicking on the video, you consent to this transmission.

If you are logged into YouTube at the same time, this information will be associated with your YouTube account. You can avoid this by logging out of your YouTube account before visiting our website.

Further information on data protection in connection with YouTube can be found in Google’s privacy policy.

Google processes data on servers in the USA, which is considered an insecure third country. The transmitted data are pseudonymous; it is not possible to directly identify you. We have entered into a data processing agreement with Google incorporating the EU Standard Contractual Clauses to ensure a level of protection comparable to that within the EU (see also Section 3(b) on data transfer to the USA).

6. google maps

On the basis of your consent pursuant to Art. 6(1)(a) GDPR, we use Google Maps, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to display interactive maps. Your consent can be withdrawn at any time for the future via the consent management tool. By implementing Google Maps, Google collects device-specific information, log data including IP address, and location data. The personal data collected by Google are transferred to a Google server in the USA and stored there. The USA is classified as an insecure third country (see Section 3(b)), meaning that no data protection level comparable to that of the EU is guaranteed. We have concluded a data processing agreement with Google incorporating the EU Standard Contractual Clauses to ensure an adequate level of data protection comparable to that in the EU is maintained (see also Section 3(b) on data transfer to the USA).

Google uses personal data to analyse website usage, compile reports on website activities, and provide other services related to website and internet use, including for market research and demand-oriented website design. Google may also transfer this information to third parties if required by law or if third parties process this data on Google’s behalf. Further information on Google Maps’ data processing can be found in Google’s privacy policy.

7. Data Subject Rights

You have the right to:

  • Withdraw consent pursuant to Art. 7(3) GDPR at any time with effect for the future, in which case we will no longer continue the data processing based on this consent;
  • Request access to your personal data processed by us pursuant to Art. 15 GDPR, including information on processing purposes, categories of personal data, recipients, planned retention periods, the existence of rights to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data (if not collected from you), and the existence of automated decision-making, including profiling, and meaningful information about the details thereof;
  • Request rectification of inaccurate or incomplete personal data pursuant to Art. 16 GDPR;
  • Request erasure of your personal data pursuant to Art. 17 GDPR, unless processing is necessary for the exercise of freedom of expression and information, compliance with a legal obligation, reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • Request restriction of processing pursuant to Art. 18 GDPR if you contest the accuracy of the data, if the processing is unlawful but you oppose erasure, if we no longer require the data but you need it to establish, exercise, or defend legal claims, or if you have objected to processing pursuant to Art. 21 GDPR;
  • Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or request transfer to another controller pursuant to Art. 20 GDPR;
  • Lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, generally with the authority of your habitual residence, place of work, or our registered office.

8. Right to Object under Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) GDPR (data processing in the public interest) or Art. 6(1)(f) GDPR (data processing on the basis of legitimate interests), including profiling based on those provisions pursuant to Art. 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If your objection relates to the processing of data for direct marketing purposes, we will cease such processing immediately. In this case, it is not necessary to provide grounds relating to your particular situation. The same applies to profiling insofar as it is related to direct marketing.

To exercise your right to object, it is sufficient to send an email to privacy-policy@online-print-summit.com.

9. Data Security

All personal data transmitted by you is encrypted using the industry-standard TLS (Transport Layer Security) protocol. TLS is a secure and proven standard, also used in online banking. You can recognize a secure TLS connection by the “https://” prefix in your browser’s address bar and/or by the lock symbol in your browser window.

We also implement appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Validity and Amendments

This Privacy Policy is currently valid and was last updated in August 2025.