Welcome to our DMEXCO website – we’re glad you’re here!
Like all websites, our site collects personal data from our visitors.
The protection and security of your data are important to us, and our website complies with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Below you can read about what data we use during your visit, why we might pass these data along, and, if so, to whom.
You can either read the entire Privacy Statement or – with the help of the overview – click areas of interest to select them.
1. Controller within the meaning of the GDPR:
a) The controller within the meaning of the laws for the protection of privacy is:
50679 Cologne Germany
b) Data Protection Officer:
If you have any questions regarding the handling of your personal data or wish to exercise your rights as a data subject, you are welcome to contact our Data Protection Officer:
50679 Cologne Germany
2. Which personal data are processed?
Personal data is any information relating to an identified or identifiable natural person. These include things such as your name, date of birth, your E-Mail address, address and telephone number and profile picture. But personal data also include information that is automatically collected about the use of our website, our ticket shop and our digital event platform (known as “access data”). In addition to the access data, we will process personal data only if you voluntarily provide it to us, e.g. in the context of a registration, contact request or newsletter subscription, or when ordering tickets. Personal data will be used only to the extent required and only for such purposes as you have approved and/or as are permissible under law.
2.1 Collection of access data
For technical reasons, whenever you access our website, your end device automatically transmits data. The following data are stored separately from other data that you may transmit to us:
- date, time and duration of your visit to our website
- IP address
- the webpage visited
- the user tool (i.e. web browser, operating system) you used to access the website
- the action carried out on our website
- the search term entered in search engines and in the site search function, as well as the search result
- whether the access attempt was successful or not
- information retrieved, including downloads
- your server and the website that directed you to our website
We store these data in log files and delete them after 14 days. The data contained in the log files are stored separately from your other data.
Data is only stored for periods longer than this in certain individual cases (e.g. in case of suspicion of abuse or fraud). In these cases, the respective log files are stored until the facts have been clarified and any subsequent measures required have been completed.
For technical reasons, we require the access data to display the website to you, and to ensure stability and security. The legal basis for this is Article 6(1), subparagraph 1, point (f) of the GDPR, since we have a legitimate interest in offering you our services in a technically flawless, secure and optimized manner.
- Website hosting service provider: PlusServer GmbH
- Custom relationship management provider: HubSpot, Inc.
- Service provider for operation of the ticket shop: Tito Limited
- Service provider for integration of the press box function: Press 1 – HighText Verlag Graf und Treplin OHG
- Service provider for integration of videos: Vimeo, Inc.
- Service provider for the digital event platform: Swapcard Corporation SAS
- Lead management provider: Validar, Inc.
- Service provider for surveys: Typeform S.L.
- Service provider for link shorteners: Rebrandly (Radiate Capital Limited)
You can contact us by phone, e-mail, or using our contact form (via HubSpot). The data processing that occurs when you contact us can be performed for different purposes, depending on the nature of your expressed concern. As a rule, we store and process the data provided so that we can process the matter you contacted us about. Your data are also stored and processed in a CRM (customer relationship management) system. We currently use software by HubSpot for this purpose. The legal basis for this use of your personal data is provided under Article 6(1), subparagraph 1, point (f) of the GDPR.
However, if the content of your message serves to execute a contractual relationship between us, we will base the processing of your data on Article 6(1), subparagraph 1, point (b) of the GDPR.
Provided there are no legal retention obligations that prevent us from erasing the data processed in connection with contacting us, we will erase these data as soon as we no longer require them.
2.3 Event calendar
As a DMEXCO exhibitor or partner, you have the opportunity to list your own events on the DMEXCO Event Calendar. These events will then appear on our website. This generates visibility for your events and makes them quicker and easier to find for partners and customers. There is no entitlement to inclusion in the Calendar.
Your personal data are processed on the basis of Art. 6 (1) (b) GDPR, since your participation in this offer constitutes a license agreement.
In order to offer you this service, we process the following personal data:
- Your status (media representative, exhibitor or neither),
- E-Mail address, telephone number,
- Contact for inquiries:
We also need the name of your company as well as a few additional details about the event and its target group. The details for this can be found in the inquiry screen.
The data you provide will not be disclosed to third parties. However, we do enlist the assistance of Hubspot for the technical implementation of the tool and the data processing associated with it.
2.4 Use of the Usercentrics Consent Management Platform
The goal is to know the preferences of our users and implement these accordingly, and to document them in a legally sound manner. The data are erased as soon as they are no longer required for our logging, provided that this erasure does not conflict with legal retention obligations.
2.5 General information about cookies
We use what are known as “browser cookies” to collect information about your use of our website. These are small text files that are stored to your data medium and save specific settings and data for exchange with our system via your browser. As a rule, a cookie contains the name of the domain from which the cookie data were sent as well as information about the age of the cookie and an alphanumeric identifier. Cookies enable our systems to recognize the user’s device and make any presettings available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard disk of that user’s computer.
The cookies we use have different purposes. They are used, on the one hand, to ensure security during website visits (“necessary cookies”), and on the other to implement certain features such as standard language settings (“functional cookies”), to improve the user experience or performance on the website (“performance cookies”), and for purposes of direct marketing (“targeting/advertising cookies”).
Specifically, we use the following cookies:
- _ga |Traffic analysis / functional | 2 years | Google Analytics
- _gid | Traffic analysis / functional | 24 hours | Google Analytics
- _gat | Minimization of data traffic / functional | 1 minute | Google Analytics
- __hstc | Traffic analysis | 13 months | Hubspot
- hubspotutk | Traffic analysis | 24 hours | Hubspot
- __hssc | Traffic analysis | 24 hours | Hubspot
- pll_language |Savest he language setting / functional | 24 hours | Polylang WordPress Plugin
- _fbp | Marketing/targeting | 24 hours | Facebook
- lidc I Marketing/Retargeting I 24 Stunden I LinkedIn
- ajs_anonymous_id | Video tool/functional | 1 year | Go Essential
- ajs_user_id | Video tool/functional | 1 year | Go Essential
- ajs_group_id | Video tool/functional | 1 year | Go Essential
- JSESSIONID | 24 hours | SAP | General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.
ROUTE | 24 hours | SAP | SAP Commerce Cloud load-balancer server value
- OptanonConsent | 1 year| OneTrust | This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.
- OptanonAlertBoxClosed | 1 year | OneTrust | This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a one year lifespan and contains no personal information.
2.6 Tools for website analysis
We use the services of the following third parties:
Google Analytics with Conversion Tracking
We use Google Analytics, a web analytics service provided by Google Inc. (“Google”), including the Conversion Tracking feature. Google Analytics uses so-called “cookies,” text files that are stored on your device and permit analysis of your use of the website, the products you view and any purchases you make. No personal data are collected in the process. The information the cookie generates (including your truncated IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate this information, to compile reports about website activities and about products viewed or sold for the website operators, and to provide additional services relating to the website and the use of the Internet. Google may also forward this information to third parties where required by law, or where these third parties have been commissioned by Google to process these data.
For more information about how Google uses your information, please consult Google’s policy on privacy:
If you do not want website analysis, you can use a browser add-on to disable Google Analytics. You can download this here:
The use of Google Analytics with Conversion Tracking is based on our legitimate interest in demand-oriented design, statistical evalu-ation and efficient promotion of our website, and the fact that your legitimate interests do not outweigh ours in this case, Art. 6 (1) (f) GDPR.
Google Tag Manager
Google Tag Manager is a solution that allows us to manage various website tags through an interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data under certain circumstances. The Google Tag Manager does not access this data. If deactivation occurs at domain or cookie level, it remains in use for all tracking tags, which are implemented by Google Tag Manager.
(1) This website uses Bing Ads Universal Event Tracking (UET) to collect and store data, which is used to create pseudonymised usage profiles. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track your activity on our website when you visit our website through ads displayed by Bing Ads. If you reach our website through such an ad, a cookie will be set on your computer. A Bing UET tag is embedded on our website. This is a code that is used in conjunction with the cookie to store some non-personal information about your use of the website. This includes, but is not limited to, the length of time spent on the website, which areas of the website were accessed and which advertisement direct users to the website
(2) The information collected is sent to a Microsoft server in the US and stored there, generally for no more than 180 days. You can prevent the data generated by the cookie about your use of the website from being sent to and processed by disabling cookies from being set. This may restrict the functionality of the website under certain circumstances.
(3) In addition, Microsoft may be able to track your usage patterns across multiple electronic devices using cross-device tracking, which enables Microsoft to display personalised ads on or within Microsoft websites and apps. You can disable this by visiting http://choice.microsoft.com/en-uk/opt-out.
2.7 Marketing and optimization tools
Facebook Conversion Pixel
On this website we use what is known as the “Facebook Pixel” of the provider Facebook (for EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; International: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). This is a small, invisible pixel that connects to Facebook servers when you visit our website. Personal data may be transmitted in the process, such as the IP address and additional information including browser type/version, the operating system in use, the page you previously visited, the host name of the accessing device and the IP address and time of the request. This enables Facebook to identify users of our website and display advertisements targeting users with an interest in our website. In addition, we can use the Facebook Pixel to track whether our Facebook ads are effective.
Insofar as data are processed outside the EEA, where there is no level of data protection in place that satisfies the European Standard, this is done on the basis of the EU-US Privacy Shield:
https://www.facebook.com/full_data_use_ policy. You can object to the collection of your data by the Facebook Pixel and the use of these data here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
We also use what is known as “Conversion Tracking” with Twitter Pixel, a tool of Twitter Inc. (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). With Conversion Tracking, Twitter downloads a cookie to your device if you click on a Twitter ad to visit our website. Conversion Tracking is used solely for the generation of statistics, and not to identify individuals. We simply want to be able to evaluate which Twitter ads or interactions lead users to our website.
We can use this information to more effectively manage banner advertising and calculate the cost/benefit ratio accordingly. It should be noted, however, that because Twitter data can be stored and processed, a connection to the respective user profile is possible. Further information on this can be found in the Twitter privacy statement: http://twitter.com/privacy.
To edit your privacy preferences and the consent you provide on Twitter, go to: https://twitter.com/account/settings
Use of the Twitter Pixel is in the interest of optimizing our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
LinkedIn Insight Tag
On our website, we use the “LinkedIn Insight Tag”. This is a conversion and retargeting tool from the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. It enables us to receive information about the use of our website in order to show you customized ads on LinkedIn. Furthermore, it makes it possible to create anonymous reports on the effectiveness of the advertisements and website interaction, which we receive from LinkedIn in the context of anonymous reports. A cookie is placed in your browser for this function.
The data collected is encrypted, anonymized within seven days and the anonymized data deleted within 90 days. The legal basis for the processing of personal data is Art. 6 para. 1 lit. f GDPR. In this context, our legitimate interest in an effective advertising and marketing campaign prevails.
HubSpot is another provider we use for purposes of analysis (i.e. not only for the technical distribution of our newsletters). HubSpot, a service of Hubspot Inc., is an American company with a branch in Ireland (Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Tel.: +353 1 5187500).
HubSpot is certified under the EU-US Privacy Shield.
For instructions, please visit: http://meine-cookies.org/cookies_verwalten/index.html
(only available in german language) If you do not wish your data to be used to display targeted advertising, you can click to unsubscribe at:
If you would like to attend DMEXCO, you must first purchase a ticket or redeem a voucher code (register) on our website. After registering, you can log in to our digital community, event platform and app. To that end, we process the personal data you provide during the registration process.
Our events are reserved for the professional public. To purchase a ticket through our ticket shop or to redeem a voucher code, we will require various data from you. The following information is required:
- Company name
- Email address
- Billing address (only for paid tickets)
- Telephone number
- Company size
- Job title
After purchasing a ticket in the ticket shop, this data is required to create an account on the digital event platform. We also need this data to check your eligibility as a trade visitor and to put you in touch with relevant exhibitors or contact persons as part of our matchmaking service. Last but not least, we need this data to be able to respond to any queries you may send us.
In addition, you can provide the following optional information during registration or on your profile:
- Upload a profile picture
It is up to you whether to provide this information and it is not required to purchase a ticket.
We process personal data to be able to provide our ticket shop services and to initiate, execute and process the ticket purchase and the associated user contract as per Article 6 Paragraph 1 Sentence 1(b) GDPR. Data is also processed for the purpose of advertising our events and services on the basis of Section 7 Paragraph 3 of the German Act Against Unfair Practices (Gesetz gegen den unlauteren Wettbewerb [UWG]) and for the purpose of optimisation and market and opinion research.
Data is disclosed to third parties to process payment (disclosure to financial service providers), to perform contractually agreed services, as well as to authorities and consultants to the extent permitted by law.
Specifically, we process all of your personal data for the following purposes:
- Purchasing tickets for our events;
- Redeeming vouchers;
- Verifying trade visitor status;
- Creating an account on the digital event platform;
- Delivery and payment of other Koelnmesse products and services (e.g. trade fair directories and catalogues);
- Sending newsletters and mailings with announcements, information and other materials for events that interest you;
- Offering tailored services;
- Requests to participate in market and opinion research;
- Preventing or identifying abuse and fraud, in particular in the case of vouchers and free tickets;
- Where applicable, simply to update your personal data online.
As the point person for a specific exhibitor, your data will also be processed for the following purposes:
- For one of our sales contacts to send individual emails;
- Sending emails and newsletters with contractually relevant information, e.g. credentials, ticket codes, information on participation, etc., as well as sending emails with offers relating to your participation, e.g.
- additional services and marketing services such as advertising space, etc.;
- Requests to complete surveys.
Additionally, the following applies for speakers:
- Embedded on the website;
- Included in the conference guide (agenda);
- Announcements of speaker slots via social media, newsletters and other media;
- Speaker-related mailings (e.g.: briefings, VIP events and VIP services).
Data collected later will also be assigned to the customer account.
If you want to erase your user account, including your data, please send us an email to firstname.lastname@example.org. We would be happy to comply with your request, provided it does not involve data we are required to retain under commercial or tax law. In that case, continued storage of your data is based on Article 6 Paragraph 1 Sentence 1(c) GDPR.
3.2 Networking features
Through our digital community, event platform and APP (Swapcard), we offer a networking feature that allows you to interact with other users.
Profiles are visible by default. However, you can deactivate your profile (hide it), and it is possible to then reactivate it after it has been deactivated to make it visible again. When your profile is visible, the following basic information is displayed to other attendees: profile picture (if uploaded by the user), name, position, company details and social media links.
In the course of networking with other users and any form of meeting request to other users and/or exhibitors, they are given the opportunity to export all contact and profile data of the user. This serves the purpose of targeted addressing by the other user or exhibitor.
You have the opportunity to subscribe to newsletters free of charge. When you subscribe to the newsletter, the data are transmitted to us from the input screen. We also collect data on the IP address and the time of registration as proof of your consent to receive the newsletter.
To prevent abuse, first you will receive an e-mail with a confirmation link that you must then activate in order to receive the actual newsletter (known as a “double opt-in” procedure). If you register in the Koelnmesse ticket shop and subscribe to the newsletter at the same time, the e-mail with the registration confirmation link substitutes for the double opt-in procedure.
With registration you agree to the measurement, storage and evaluation of opening rates, click rates, reading duration and used e-mail client in your profile for the purpose of developing future e-mail newsletters according to your interests.
4. Data processing in the context of further online presences
If you communicate with us through these online presences, we will process the data in your messages and posts based on the content contained therein, and based on the purposes pursued with the communication, on the basis of either Article 6 (1) (1) (b) GDPR or Article 6 (1) (1) (f) GDPR.
We are represented in the following online platforms:
Facebook (Facebook Fanpage)
Facebook page is used for active communication with our customers and prospective customers. We use this platform to provide information about our events. When you visit our Facebook page, your data can be automatically collected and stored for purposes of market research and advertising. These data are used, along with pseudonyms, to create what are known as “user profiles.” For this purpose, the cookies typically placed on your device store a record of visitor behavior and the user interests. Facebook provides further information on this under the following link: https://www.facebook.com/help/pages/insights
Within the framework of a balancing of interests, the statistical information provided by Facebook about the use of the Facebook page (“Facebook Insights”) is used in accordance with Art. 6 (1) (f) GDPR in exercise of our overriding legitimate interest in an optimized presentation of our offerings and effective communication with customers and prospective customers. Data are processed on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR. This agreement can be consulted here: https://www.facebook.com/legal/terms/ page_controller_addendum
Facebook has its registered office in the USA. The European Commission has passed an adequacy decision the USA. This goes back to the EU-US Privacy Shield, to which Facebook has submitted:
You can find a link to the opt-out here: https:// www.facebook.com/settings?tab=ads
You’ll find privacy information at Twitter (Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA) here: www.twitter.com/privacy
If you would like to object to future data collection by Twitter, you can set an opt-out cookie here: https://twitter.com/personalization Insofar as data are processed outside the EEA, where there is no level of data protection in place that satisfies the European Standard, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/ participant?id=a2zt0000000TORzAAO
Information on data protection at Xing (Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) can be found here:
Information about data protection at Instagram (Instagram LLC., 1601 Willow Road,
Menlo Park, CA 94025, USA) and an opportunity to object can be found here:
Information on privacy at LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) can be found here:
https://www.linkedin.com/legal/privacy-policy. If you would like to object to future data collection by LinkedIn, you can set an optout cookie here: https://www.linkedin.com/psettings/guest-controls/retargeting-optout
Insofar as data are processed outside the EEA, where there is no level of data protection in place that satisfies the European Standard, this is done on the basis of the EU-US Privacy Shield:
We use Typeform (Typeform S.L., B65831836, Bac de Roda, 163, Barcelona 08018, Spain) to conduct surveys. We conduct the surveys in order to continuously improve our range of services and the organization of events according to your feedback. That’s why your opinion is very important to us.
If you decide to participate in the survey, Typeform will collect information about your device, IP address, the version of your operating system, and information on the browser type.
As part of the survey, we query the gender, age, status and position of the participants for purely statistical purposes. We do this in order to be able to include social components in the assessments of the results and to optimize them accordingly. In addition, you may voluntarily provide your first and last name as well as an e-mail address (“voluntary information”). We usually request this information when we offer a prize drawing among the participants. We need your voluntary information in order to contact you in the event that you win a prize. However, this information will be deleted once the prize drawing is completed.
The processing of your data is based on consent pursuant to Article 6(1), point (a) of the GDPR. Participation is on a voluntary basis.
You can contact us at any time to request erasure of your survey data, including personal data (by sending an e-mail to info@dmexco. com). However, individual responses cannot be corrected once the survey has been submitted.
Typeform collects your information on our behalf in order to create reports that we can use to analyze your satisfaction with the event offering and evaluate your suggestions.
We also want to point out that Typeform usually transmits the data to a server in the USA and stores them there. A second back-up server is located in Frankfurt, Germany. You can find information about opting out of cookies here.
Detailed information about the data security measures implemented by Typeform can be found here.
6. Disclosure of data
In principle, your personal data will only be disclosed without your express prior consent in the following cases:
- We rely on contracted third parties and external service providers (“processors”) to provide the services. In such cases, personal data will be passed on to these processors to enable them to continue processing. These processors are carefully selected and regularly reviewed by us to ensure that your privacy is respected. Processors may only use the data only for the purposes specified by us; we also place them under a contractual obligation to treat your data exclusively in accordance with this Privacy Statement and German laws on data protection.
- As part of the further development of our business, the structure of Koelnmesse GmbH may change due to a change in the legal form, or through the establishment, acquisition or sale of subsidiaries, parts of companies or components. In such transactions, customer information is ordinarily passed along with that portion of the company that is to change hands. In any disclosure of personal data to third parties of a scope as described above, we ensure that this is done in accordance with this Privacy Statement and the relevant data protection laws.
Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances if necessary, provided that this is not outweighed by your rights and interests in the protection of your personal data, Art. 6 (1) (f) GDPR.
7. Erasure of data
We will delete or anonymize your personal data as soon as it is no longer required for the purposes for which we have collected or used it in accordance with the preceding provisions and no legal retention periods prevent its erasure, or the data is required for a longer period of time for criminal prosecution or to secure, assert or enforce legal claims.
9. Your rights as a data subject
Right to information
You have the right to obtain information from us at any time upon request about the personal data processed by us concerning you within the scope of Art. 15 GDPR. To do so, you can submit an application by mail or e-mail to the address shown above.
Right to rectify inaccurate data
You have the right to ask us to rectify your personal data immediately if they are incorrect. To do so, please get in touch with us using the contact addresses shown above.
Right to erasure
You have the right to ask us to erase personal data concerning you under the conditions described in Art. 17 GDPR. Specifically, these conditions provide for a right of erasure where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed and in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase in accordance with Union law or the law of the Member State to which we are subject. To exercise your above right, please get in touch with us at the contact addresses shown above.
Right to restrict processing
You have the right to require us to restrict processing of your data in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the duration that the verification of the accuracy requires and in the event that the user requires restricted processing in the case of an existing right to erasure in lieu of erasure; furthermore, in the event that the data are no longer necessary for the purposes pursued by us, but the user needs them in order to assert, exercise or defend legal claims, and if the successful exercise of an objection between us and the user is still in dispute. To exercise your above right, please get in touch with us at the contact addresses shown above.
Right to data portability
You have the right to receive from us the personal data concerning you that you have provided to us in a structured, conventional and machine-readable format in accordance with Art. 20 GDPR. To exercise your above right, please get in touch with us at the contact addresses shown above.
Right to object
Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data concerning you which is based, among other things, on Art. 6 (1) (e) or (f) GDPR. We will discontinue the processing of your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
9. Right to lodge a complaint
You also have the right to contact the relevant supervisory authority for data protection in the event of complaints. The supervisory authority with responsibility in the matter is: State Officer for Data Protection and Freedom of Information
P.O. Box 20 04 44
40102 Düsseldorf, Germany
Tel.: +49 (0)211/38424-0
Fax: +49 (0)211/38424-10
10. Changes to this Privacy Statement
The current version of this Privacy Statement is always available under “Security and Data Protection.”
Last revised: August 2021