Data Protection Policy

We protect your data in accordance with German data protection laws (Datenschutzgrundverordnung, abbreviated by DSGVO) and the EU-GDPR. The following data protection policy provides detailed information on which data we collect, store, and how we use it.

§1 SCOPE OF THIS DATA PROTECTION POLICY

This data protection policy applies to the websites operated by ERNW Enno Rey Netzwerke GmbH (hereafter also “ERNW” or “we”) under the domains www.ernw.de, www.troopers.de, www.cfp.troopers.de and tickets.ernw.de. For other websites in cooperation with third-party providers’ separate privacy policies and regulations may apply.

The ticket shop and websites are hosted by ERNW Enno Rey Netzwerke GmbH.

§2 CONTROLLER, DATA PROTECTION OFFICER, CONTACT DATA

§2.1 Controller

ERNW Enno Rey Netzwerke GmbH

George-Boole-Weg 4

69124 Heidelberg

Germany

Tel. +49 6221 480390

Email: info@ernw.de

§2.2 Data protection officer

Data Protection Officer of ERNW Enno Rey Netzwerke GmbH

ERNW Enno Rey Netzwerke GmbH

George-Boole-Weg 4

69124 Heidelberg

Germany

Tel. +49 6221 480390

Email: datenschutz@ernw.de

§3 GENERAL INFORMATION ON THE COLLECTION AND USE OF DATA WHEN USING OUR SERVICES

§3.1 What comprises personal data

Personal data means any information relating to an identified or identifiable natural person (e.g. your name, address or telephone number).

§3.2 What information do we store and for which purposes?

When you access any part of our website (except for the contact form and our ticket shop – see below), data which could be used to identify you (e.g. your IP address) and other information such as the date, time, and the pages accessed during the session is stored only in anonymized form using a pseudonym. We do not perform any data analysis except for statistical purposes. After the statistical analysis, the anonymized data is deleted.

You have a right to object to the creation of these utilization profiles. If you wish to exercise this right, please notify us in writing by email or by regular mail. When a user submits the contact form or buys an event or training ticket in our ticket shop, the sender’s current IP address is stored for security reasons.

This data is stored on the servers of ERNW for a limited period for marketing and optimization purposes and undergoes statistical analysis so that we can offer you even better services in the future. This data does not enable us to identify any specific person.

Please note: When using certain services, however, you must register with your personal data (e.g. signing up for an event or training).

If you register on our pages or contact us using the contact form, we will process and use the personal data collected (e.g. your email address) as needed in order to fulfill the related purpose.

The purpose of this website and ticket shop is to operate the ERNW & Troopers websites and host trainings, events, and other educational content. Personal data is collected, processed and utilized exclusively in connection with this purpose.

§3.3 Recipients or categories of recipients to whom the data may be provided

• Public authorities in case of overriding legal regulations

• External contractors as defined in Section 28 of the EU-GDPR

• External offices and departments within the company to achieve the business purposes specified below

§3.4 Duration of storage

We comply with the principles of data avoidance and data minimization. Consequently, we store your personal data only as long as necessary for achieving the specified purposes or as stipulated under the various storage periods required by law. After the relevant purpose no longer applies or the expiry of these periods, the corresponding data will be blocked from further processing or deleted routinely in accordance with the statutory regulations.

§4 PROCESSING OF PERSONAL DATA

4.1 Collection of general information

When you access our website, information of a general nature is automatically logged. This information (server log files) contain such data as the type of web browser, the operating system, the domain name of your internet service provider, etc. It is not possible to use any of this information to identify you. This data is needed for technical reasons for correct delivery of the website contents requested by you and is necessary when using the internet. We perform statistical analysis on anonymous information of this kind to optimize our website and the underlying technology.

The following data is collected in a record:

• Used web browser agent

• Accessed web page

• Date including the timestamp of the access request

• Internet service provider domain name

4.2 Registration on our website

When registering to use our personalized services or buying tickets for events, some personal data is collected such as your name, address, and contact and communication data such as your telephone number and email address. If you are registered with us, you can access content and services that we offer to registered users only. Registered users can also change or delete the data provided at registration as required at any time. Of course, we will also provide you with information at any time on your personal data stored by us. We will be happy to correct or delete these data on request unless statutory archiving obligations stipulate otherwise. To contact us in this regard, please use the contact information provided at the end of this Privacy Statement.

4.3 Troopers Registration Data

Depending on the type of your registration, a portion of or all of the following data will be processed if you register for the conference “Call for Papers”, “Call for Trainings”, or as an attendee.

Potentially processed data:

• Contact information (email)

• Individual Customer Information

• Business Customer

• Attendee Name

• Email

• Name on badge

• Payment information in form of payment provider verification token. Please note, that no actual payment data is stored on our systems.

4.4 Delivery of billable services

In order to provide billable services, we request additional data, e.g. payment details. To protect the security of the data transfer, we use state-of-the-art encryption methods (e.g. TLS) via the HTTPS protocol. However, actual payment data is processed by a third-party payment provider and never stored or processed on our systems.

4.5 Newsletter

The data provided by you when registering to subscribe to our newsletter are used exclusively for that purpose. Subscribers may also be informed by email of circumstances relevant to the service or registration (e.g. changes in the newsletter service or technical issues).

For your registration to take effect, we need a valid email address. To check that the registration is in fact coming from the owner of the email address, we employ the double opt-in process. For that purpose, we log the newsletter order, the dispatch of the confirmation email and the receipt of the requested reply. No other data are collected. These data are used exclusively for sending the newsletter and are not forwarded to third parties.

You can revoke your consent to store your personal data and unsubscribe from the newsletter at any time. Every newsletter contains instructions for that purpose. In addition, you can unsubscribe directly on this website at any time or inform us of your request using the contact options provided at the end of this document.

The following data is collected in a record:

• Email address to be used for receiving newsletter emails

4.6 Use of cookies

Cookies are text files that are stored by your browser. The collected data can be used to create utilization profiles under a pseudonym for the web pages visited. As a result, cookies enable us to recognize your browser. This is useful, for example, in ensuring that your input is not lost in case an activity on our website is not completed (e.g. if the network connection is interrupted).

The data collected when using our services is stored and statistically analyzed for marketing and optimization purposes. However, the data collected is not used to identify the site users individually, nor is it combined with personal data through the assigned pseudonym unless you give us your express consent.

If you do not want ERNW Enno Rey Netzwerke GmbH or its cooperation partners to use cookies, simply deactivate this function in your browser. You can also delete cookies at any time. Please note that deactivating or deleting cookies may restrict your use of the website and the available services. For more information, consult the help files for your browser.

§5 YOUR RIGHT TO INFORMATION, CORRECTION, DELETION AND OBJECTION

You have the right to obtain information from us at any time on your personal data stored by us. You also have the right to have such data corrected or blocked and – subject to the required storage of data for completing business transactions – to have it deleted. Please submit your request in writing using the contact data below.

To ensure that a data block can be complied with at all times, this data must be kept in a blocked file for monitoring purposes. You can also request the deletion of data unless a statutory archiving obligation applies. If there is such an obligation, we will block your data upon written request.

You can make changes or revoke a declaration of consent with future effect at any time by notifying us accordingly. Your consent is legally effective only until such time at which it is revoked.

Contact data for exercising your rights as a data subject in writing:

ERNW Enno Rey Netzwerke GmbH

c/o Data Protection

George-Boole-Weg 4

69124 Heidelberg

Germany

Email: datenschutz@ernw.de

§6 RIGHT TO SUBMIT COMPLAINTS TO THE REGULATORY AUTHORITY

Other remedies under administrative law or through litigation notwithstanding, you have the right to file a complaint with a regulatory authority, in particular in the EU member state of your residence, employment or the location of the alleged violation if you believe that the processing of the personal data pertaining to you is unlawful.

The responsible regulatory authority for Baden-Württemberg:

Staatsministerium Baden-Württemberg

Richard-Wagner-Straße 15

70184 Stuttgart

Germany

§7 CHANGES TO OUR DATA PROTECTION REGULATIONS

We reserve the right to amend this Privacy Statement as needed from time to time to ensure that it is always in compliance with the current legal requirements or to implement changes in our services in the Privacy Statement, e.g. when introducing new services. The latest amended version of the data protection declaration will then be published on our website (ernw.de and troopers.de).

§8 QUESTIONS FOR THE DATA PROTECTION OFFICER

If you have questions about data protection, please contact our data protection officer or send us an email to: datenschutz@ernw.de

§9 EXTERNAL SERVICES

The following external services may be used, if a ticket payment is initiated. Please note, that in this case ERNW is not the controller of your payment related data, as the complete processing is performed by below entities. Your payment data never arrives on ERNW systems and therefore is not processed by us.

• Stripe (Credit Card Data Processing for TROOPERS and other ERNW event-related payments). We never receive any credit card data from you as those are directly transmitted to Stripe.

• Paypal (TROOPERS and other ERNW event-related payments)

§10 DATA PROTECTION MEASURES

Our staff and our delegated service provider companies are obliged to maintain secrecy and to adhere to the regulations of the applicable data protection laws.

We take all necessary technical and organizational measures in order to ensure an appropriate standard of protection and to protect your data that are administered by us especially from the risks of unintentional or unlawful destruction, manipulation, loss, alteration or unauthorized disclosure or unauthorized access. Our security measures are continually improved according to the technological development.

§11 USER RIGHTS

To enforce your rights, please use the details provided in the “YOUR RIGHT TO INFORMATION, CORRECTION, DELETION AND OBJECTION” section (see no. 5). In doing so, please ensure that an unambiguous identification of your person is possible.

11.1 Right to information and disclosure

You have the right to obtain information from us concerning the processing of your data. For this purpose, you can enforce a right to information in relation to the personal information that we process from you.

11.2 Right of rectification and deletion

You can demand from us the rectification of false data and – insofar as the legal prerequisites are fulfilled – the completion or deletion of your data.

This does not apply to data which are necessary for invoicing or accounting purposes or are subject to the statutory retention obligation. Insofar as the access to such data is not required, the processing thereof will be restricted (see below).

11.3 Restriction of processing

You can demand from us the restriction of the processing of your data insofar as the legal prerequisites are fulfilled.

11.4 Data portability

You will continue to have the right to obtain data that you have provided to us transmitted in a structured, conventional and machine-readable form or as far as this is technically feasible, to demand that the data are transmitted to a third party.

11.5 Right of objection

11.5.1 Case-related right of objection

Insofar as we undertake processing of data on the basis of a predominantly justified interest, as represented in this data protection policy, you have the right to file an objection to this processing, at any time, for reasons resulting from your special situation.

We will then discontinue the processing of your data, unless we can prove, in accordance with the statutory regulations, mandatory reasons worthy of protection for further processing, which outweigh your interests, rights and liberties, or if the further processing serves the assertion, exercising or defending of legal claims.

11.5.2 Objection against the processing of data for direct marketing purposes

Furthermore, you can file an objection to the processing of your personal data for commercial purposes at any time (“objection to advertising”). Please take into consideration the fact that there could be an overlapping between your objection and the utilization of your data in the scope of an ongoing campaign.

11.6 Rights of revocation

If you have given us your consent to the processing of your data, you can revoke this with future effect at any time. This also applies to the revocation of declarations of consent, granted to us prior to the validity of the GDPR, therefore prior to 25. May 2018. The legality of the processing of your data shall remain unaffected unless revoked.

11.7 Right to appeal to the supervisory authority

You have the right to submit an appeal to a data protection supervisory authority. For this purpose, you can refer to the data protection supervisory authority, which is competent for your place of residence of federal state or to the data protection supervisory authority which is competent for our group. The data protection supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg (for contact details, please see section 6. “RIGHT TO SUBMIT COMPLAINTS TO THE REGULATORY AUTHORITY”).

Effective: February 20, 2022