MCH Group Data Protection Declaration
Status of the Declaration: May 2018
We are delighted that you are interested in our company. MCH Group takes data protection very seriously. MCH Group’s Data Protection Declaration applies to quotations, webpages and data processing operations conducted by all companies belonging to MCH Group Ltd. (you will find more information on this in the following chapter).
MCH Group’s Data Protection Declaration is addressed equally to men and women. To facilitate reading, however, only male pronouns are used.
We reserve the right to modify this Data Protection Declaration at any time, taking effect for the future. An up-to-date version is always available on the MCH Group webpages. Please call up the webpages on a regular basis and find out about the valid data protection provisions.
General notes on data protection
With this Data Protection Declaration, our company wishes to provide the public at large with information on the nature, scope and purpose of the personal data that we collect, use and process. In addition, we also wish to draw your attention to the rights that you have by means of this Data Protection Declaration.
It is fundamentally possible to use MCH Group’s internet pages without specifying any personal data. If an affected person wishes to use specific services offered by our company (especially on-line registration, apps, competitions, ticket purchases, etc.), however, it may be necessary for personal data to be processed. If it is necessary to process personal data and if no legal or contractual basis exists for processing data in this way, we always obtain the consent of the affected person.
The processing of personal data – for example the name, address, e-mail address or telephone number of an affected person – is always conducted in compliance with the national data protection provisions that apply to MCH Group and, in particular, with the General Data Protection Regulation of the EU and the valid Swiss legislation.
As the data controller in charge of processing the data, MCH Group has implemented a large number of technical and organisational measures in order to ensure gap-free protection of the processed personal data as far as possible. Our employees are also obliged to maintain data confidentiality as specified by law. Despite this, security gaps can fundamentally exist in internet-based data transmission, which means that it is impossible to guarantee absolute protection. You thus have the option of sending personal data to us by other means, such as by post or by telephone.
Definitions of terms
MCH Group’s Data Protection Declaration is based on the concepts that have been used by the European issuers of Directives and Regulations in issuing the General Data Protection Regulation (GDPR) and by the Swiss legislator in the Swiss Data Protection Law(DSG). Our Data Protection Declaration is intended to be easy to read and easy to understand for both the public at large and for our customers and business partners. To ensure that this is the case, we would like to start by defining the terms that are used.
In this Data Protection Declaration, we use the following terms, among others:
a. Personal data
Personal data is all the information relating to an identified or identifiable natural person (called the “affected person” in what follows). A natural person is regarded as being identifiable if they can be identified either directly or indirectly through reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b. Affected person
An affected person is any identified or identifiable natural person whose personal data is processed by the data controller in charge of processing the data. We also address you directly in this Data Protection Declaration, however.
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of restricting its processing in future.
Profiling is any type of automated processing of personal data which involves the personal data being used to evaluate specific personal aspects of a natural person.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g. Data controller or person in charge of processing
The data controller or person in charge of processing is the company within MCH Group which, alone or jointly, determines the purposes and means of personal data processing. More detailed information on our companies is given in this chapter.
The processor is a natural or legal person, public authority, agency or another body that processes personal data on behalf of MCH Group.
The recipient is a natural or legal person, public authority, agency or another body to which the personal data is disclosed, irrespective of whether this is a third party or not. Public authorities which may receive personal data in the context of a specific inquiry in accordance with the law do not, however, count as recipients.
j. Third party
A third party is any natural or legal person, public authority, agency or body other than the affected person, the data controller, the processor and those persons who, under the direct authority of the data controller or processor, are authorised to process the personal data.
Consent is the freely given, informed and unambiguous indication of the affected person’s wishes by which they, through a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them in the specific case.
Name and address of the data controller in charge of processing
In legal terms, the companies of MCH Group are independent and legally separate entities.
The data controller as specified in the General Data Protection Regulation, other data protection laws applicable within the member states of the European Union and other provisions governing data protection is thus the MCH company which, alone or jointly with others, determines the purpose and means of the processing of personal data. Or, expressed simply, the MCH Group company to which you transmit data.
You will find an overview of our companies under the following link. On this page, you will find further links to our companies and the exhibitions and events that they hold: https://www.mch-group.com/en-US/mch-group/organisation/companies.aspx
In case of doubt, please contact the Data Protection Officer of MCH Group Ltd.
Data Protection Officer
MCH Group Ltd.
Links to other websites
The MCH Group webpages can contain links to websites of other suppliers. Since we have no control over these websites and have no influence on their contents, we recommend that you take a look at the information on data protection provided on these websites. We are not, under any circumstances, able to guarantee compliance with the statutory data protection requirements by third-party websites.
Routine erasure and blocking of personal data
MCH Group only processes and saves personal data of the affected person for the period necessary to achieve the purpose of storage, or if provision has been made for this by the European issuer of Directives and Regulations, the Swiss legislator or another legislator through laws or regulations to which the data controller in charge of processing the data is subject. Attention is drawn here, in particular, to the retention obligations contained in the Swiss Code of Obligations.
If the purpose of storage no longer applies or if a storage period prescribed by the European issuer of Directives and Regulations, the Swiss legislator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory regulations.
Statutory or contractual regulations concerning the provision of personal data
We would like to inform you that the provision of personal data is prescribed by law in some cases (e.g. taxation regulations) or can also result from contractual arrangements (e.g. details of the contractual partner). It can happen that, in order to conclude a contract, an affected person must provide us with personal data that we subsequently have to process. The affected person is then obliged to provide us with personal data (contractual duty). If this personal data were not made available, it would not be possible to conclude the contract with the affected person.
The affected person can contact our Data Protection Officer beforehand, who will provide information on whether the contract does indeed require the provision of personal data or whether there are statutory requirements making it necessary to provide personal data.
No automated decision-making
MCH Group dispenses with automated decision-making as per Art. 22 of the GDPR.
Transfer of data to third parties
MCH Group can essentially transfer personal data to the following third parties:
- Public bodies where overriding legal requirements exist
- Companies that acquire an event or a holding from MCH Group
- Other companies within MCH Group
- Foreign representations of MCH Group
- Internally, for purposes of internal communication, supervision, administration and for invoicing purposes
- Data processors commissioned by MCH Group
- Service partners for accompanying services, insofar as the affected person enquires about the corresponding services from MCH Group
- Exhibitors, organisers and sponsors who have provided the personal data, admission ticket vouchers or invitations then have the visitor data (name, address, communication data, time at which the event was visited) from the redeemed vouchers, tickets, invitations, etc., sent (back) to them, insofar as this is contractually agreed
Transfer of data abroad/server locations
Personal data is transferred to third countries in the framework of the use we make of our server locations. In so doing, we comply with the requirement of the EU General Data Protection Regulation and the Swiss laws, as well as with other national laws. Further information can be provided if a request is submitted to email@example.com.
Notices concerning special internet applications
Cookies and analysis tools
Many cookies contain a so-called Cookie ID. A Cookie ID is a unique identifier of the cookie. It comprises a sequence of characters by means of which internet pages and servers can be allocated to the specific internet browser in which the cookie has been stored. This makes it possible for the visited internet pages and servers to distinguish the individual browser of the affected person from other internet browsers containing different cookies. A specific internet browser can be recognised and identified through the unique cookie ID.
The affected person can prevent our internet pages from setting cookies at any time through the corresponding setting in the internet browser that they use, and hence permanently object to cookies being set. In addition, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This can be done in all the standard internet browsers. If the affected person deactivates the setting of cookies in the internet browser they are using, they may, under certain circumstances, not be able to use all the functions of our internet page.
When these analysis tools are used, data can be transmitted to servers located in the USA and processed there. Please note the following in this respect: from the standpoint of the European Union, the USA does not offer an “adequate level of protection” corresponding to the EU standards for the protection of personal data. For individual companies, however, this level of protection can be replaced by certification to the so-called "EU-U.S. Privacy Shield".
Collection of general data and information
Each time an affected person or an automated system calls up an MCH Group internet page or app, the internet page or app captures a series of general data and information. This general data and information is stored in the server’s logfiles.
When it uses this general data and information, MCH Group does not draw any conclusions regarding the affected person. This information can be necessary in order (1) to deliver the contents of our internet pages correctly, (2) to optimise the content of our internet pages and the advertising for these, (3) to guarantee the permanent functioning of our information technology systems and the technology of our internet pages and (4) to provide law enforcement authorities with the information required for law enforcement in the event of a cyber attack. This anonymously collected data and information is thus evaluated statistically by MCH Group on the one hand and also evaluated with the aim of increasing data protection and data security within our company so as to ultimately ensure an optimum level of protection for the personal data that we process. The anonymous data in the server logfiles is stored separately from all the personal data supplied by an affected person.
Registration for services
It is necessary to register in order to use certain services. The affected person is able to register online, submitting personal data. The personal data that is transmitted in the process can be seen from the particular input screen used for the registration. The personal data entered by the affected person is collected and stored solely for internal use and for our own purposes. MCH Group may transmit the data to one or more processors who similarly use the personal data solely for an internal purpose attributable to MCH Group.
In registering on an MCH Group internet page, the IP address issued by the Internet Service Provider (ISP) of the affected person, and the date and the time of the registration may be saved. This data is saved since this is the only way in which we can prevent misuse of our services, and, if appropriate, this data will permit any offences that have been committed to be investigated. It is thus necessary to save this data in order to protect MCH Group. This data is not passed on to third parties as a matter of principle, unless there is a statutory duty to pass on the data or it is used for law enforcement.
Registration of the affected person with the voluntary specification of personal data ensures that MCH Group can offer the affected person contents or services which, due to the nature of the matter, can only be offered to registered users. Registered persons have the option at all times to modify the personal data specified at the time of registration or to have it completely deleted from MCH Group’s database and can make use of their right of objection regarding the processing of personal data.
It can occasionally happen that MCH Group obtains personal data from third parties. This includes the transmission of your data through associations, exhibitors, such as galleries, foreign representations, chambers of industry and crafts, or the communication of personal data by commercial address brokers. If you do not want MCH Group to process your personal data that you have not transferred to us directly, please inform us of this at firstname.lastname@example.org.
Use of apps
Through the use of an app, current location data can be transmitted to MCH Group or to third parties if the latter are processing data on behalf of MCH Group. Other data that is stored includes device-specific information, such as the MAC address, cookie information and the pages called up.
MCH Group can use your personal data and information for the following purposes:
- To ensure that the app offers you information that is relevant for you, commensurate with your interests, and which facilitates your use of it.
- To operate the platform, to maintain it and also to achieve qualitative improvements in the app and its services, and to collect general statistics regarding the use of the app.
- In order to deliver products and services, including tours, messages, confirmations, notices, updates, warnings, and support and administrative notices that have been requested.
- To inform you about current products and services, special offers and promotional campaigns, and provide you with current information and other new or updated services from MCH Group or our customers.
WiFi for visitors
Through the use of MCH Group’s free WiFi, the following data can be collected as a function of the location where the event is being held: first name and surname, telephone number, e-mail. This data can be used for customer care purposes and especially for sending the affected person event-specific information by e-mail on the event you are visiting.
In the event of participation in MCH Group’s “Scan to Lead” service, the affected person agrees to MCH Group transmitting their personal data (form of address, title, surname, first name, company, street, postcode, city, e-mail) to the exhibitor concerned. The affected person takes part in lead tracking if they allow their admission ticket to be scanned by an exhibitor during the event. The exhibitor subsequently obtains the personal data of the affected person from MCH Group, which the exhibitor may then use for the purpose agreed on individually with the affected person. Participation in this service is voluntary for the affected person. The affected person can revoke the consent they gave directly to the exhibitor at any time. The visitor can similarly revoke the consent they gave to MCH Group. No further data will then be transmitted to the exhibitors. The data given to the exhibitor is subject to the responsibility and data protection provisions of the exhibitor. MCH Group does not assume any liability for the exhibitor’s processing and storage of the data. Further data collected by the exhibitor on the affected person will also be transmitted to MCH Group.
Accreditation of journalists/press distribution list
MCH Group enables the accreditation of journalists, including the issue of a press ID card and simple online registration for the press, together with the possibility of being included in the press distribution list. For accreditation and to have the press online service activated, journalists must supply reliable identification through the submission of corresponding evidence. Against this background, the following mandatory details must be entered: e-mail address, form of address, first name, surname, postal address, medium/publishing house, and "I work for/as".
The same applies for inclusion in the press distribution list. The following mandatory details must be entered in order to ensure reliable identification: publishing house, name of publication, form of address, first name, surname, postal address, e-mail and telephone.
With their accreditation for an event, journalists, editors, photographers and video producers are entitled to take photographs, make video recordings and shoot films in MCH Group’s halls and rooms during normal opening hours. Close-up photographs and films of people, stands and exhibits require the express consent of the affected exhibitors and visitors. The photographs and films may only be used for editorial contributions in newspapers and magazines or for reproduction on television. In the event of the above provisions being breached, accreditation for all MCH Group events can be withdrawn. If so requested by an exhibitor or a visitor, the bodies of the MCH Group are entitled to check photographs/films that have been taken/shot without consent for their admissibility and, if appropriate, to confiscate these. Further legal action by the affected exhibitor, visitor or the exhibition management is reserved.
Use of social plug-ins
If you do not wish Facebook to be able to allocate your visit to our pages to your Facebook user account, please log out of your Facebook user account.
Functions of the Instagram service are incorporated in our webpages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile. Instagram is then able to allocate your visit of our pages to your user account. We would like to draw attention to the fact that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Instagram.
If you do not wish Instagram to be able to allocate your visit to our pages to your Instagram user account, please log out of your Instagram user account.
On MCH Group’s internet pages, you have the option of subscribing to Newsletters. The personal data that is transmitted to the data controller in charge of processing the data when you order a newsletter can be seen from the input screen used for this purpose.
MCH Group can inform its customers and business partners about company offers at regular intervals by means of newsletters. Our company’s newsletters can fundamentally only be received by the affected person if (1) the affected person has a valid e-mail address and (2) the affected person registers or has already registered for receipt of the newsletter.
The personal data collected when registering for a newsletter is used exclusively for dispatching the newsletter. The subscription to a newsletter can be cancelled at any time by the affected person. The consent to the storage of personal data that the affected person has given us for the dispatch of the newsletter can be revoked at any time. A corresponding link is included in every newsletter for purposes of revoking the consent. In addition, it is also possible to cancel receipt of the newsletter directly on the internet page of the data controller in charge of processing the data, or to inform the data controller by another means.
Contact opportunities via internet pages
MCH Group’s internet pages contain data that permits contact to be made electronically with our company and allows direct communication with us, which similarly includes a general e-mail address. If you contact MCH Group by e-mail or via a contact form, the personal data that is transmitted will be saved automatically. Personal data of this type transmitted on a voluntary basis will be saved for purposes of processing or making contact.
Rights of the affected person
Right to confirmation
Each affected person is entitled to request confirmation from MCH Group as to whether the group processes personal data relating to them. If you wish to make use of this right to confirmation, you may contact the Data Protection Officer on this matter at any time.
Right to information
Any person affected by the processing of personal data is entitled to obtain free-of-charge information from MCH Group on the personal data saved on them and to receive a copy of this information. In addition, information can be provided on the following aspects, where appropriate:
- the purposes of the processing;
- the categories of personal data that are processed;
- the recipients to whom the personal data has been disclosed or is still being disclosed;
- if possible, the planned duration for which the personal data is being stored or, if this is not possible, the criteria for determining this duration;
- the existence of a right to rectification or erasure of the personal data relating to them, or to the restriction of processing by the data controller in charge of processing, or of a right of objection to this processing;
- the existence of a right to complain to a supervisory authority;
- if the personal data have not been collected from the affected person: all the available information on the origin of the data;
- in addition, the affected person is entitled to information on whether personal data has been transmitted to a third country or to an international organisation. If this is the case, the affected person also has the right to obtain information on the appropriate guarantees in conjunction with the transmission.
If you wish to make use of this right to information, you may contact our Data Protection Officer on this matter at any time.
Right to rectification
Any person affected by the processing of personal data is entitled to request the immediate rectification of incorrect personal data that relates to them. In addition, the affected person has the right, with due consideration to the purpose of the data processing, to request the completion of incomplete personal data – including by means of a supplementary declaration.
If you wish to make use of this right to rectification, you may contact the Data Protection Officer on this matter at any time.
Right to erasure (right to be forgotten)
Any person affected by the processing of personal data is entitled to request the data controller in charge of processing to delete the personal data relating to them without delay insofar as one of the following reasons applies, and insofar as the data processing is not necessary:
- The personal data was collected for purposes or processed in other ways for which it is no longer needed.
- The affected person revokes their consent, which provided the basis for the processing, and there is no other legal basis for the processing.
- The affected person, for reasons arising from their particular situation, submits an objection to the processing and there are no overriding legitimate reasons for the processing, or the affected person submits an objection to processing in the case of direct advertising and the profiling associated with this.
- The personal data has been processed unlawfully.
- The erasure of the personal data is necessary in order to fulfil a legal obligation under EU law, or the law of its member states, to which the data controller in charge of processing the data is subject.
- The personal data was collected in relation to information society services that were offered directly to a child.
Insofar as one of the above reasons applies and you would like to have personal data erased that are stored on you at MCH Group, you can contact our Data Protection Officer on this matter at any time. MCH Group’s Data Protection Officer will arrange for the erasure request to be met without delay.
Right to restriction of processing
Any person affected by the processing of personal data has the right to request the data controller in charge of processing the data to restrict the processing of their data if one of the following conditions is fulfilled:
- The correctness of the personal data is disputed by the affected person for a duration which enables the data controller to check the correctness of the personal data.
- The processing is unlawful, the affected person rejects the erasure of the personal data and, instead, requests a restriction on the use of the personal data.
- The data controller no longer requires the personal data for the purpose of the processing but the affected person requires the data for asserting, exercising or defending legal claims.
- The affected person, for reasons arising from their particular situation, has submitted an objection to the processing and it is not yet clear whether the legitimate reasons of the data controller carry more weight than those of the affected person.
If one of the above conditions is fulfilled and you would like to request the restriction of processing of personal data stored at MCH Group, you can contact our Data Protection Officer on this matter at any time. The Data Protection Officer will arrange for the restriction of processing.
Right to data portability
Any person affected by the processing of personal data has the right to receive the personal data relating to them in a structured, commonly used and machine-readable format. The affected person also has the right to have this data transmitted to another data controller providing the statutory requirements are fulfilled.
In addition, the affected person has the right to arrange for the personal data to be transmitted directly from one data controller to another, insofar as this is technically feasible, and insofar as this does not impair the rights and freedoms of other persons.
To exercise your right to data portability, you can contact the Data Protection Officer appointed by MCH Group at any time.
Right to object
Any person affected by the processing of personal data has the right, at any time, to object to the processing of the personal data relating to them for reasons arising from their particular situation.
In the event of an objection, MCH Group will no longer process the personal data, unless we can provide evidence of compelling reasons, worthy of protection, for this data to be processed which override the interests, rights and freedoms of the affected person, or unless the processing serves the assertion, exercise or defence of legal claims.
To exercise your right to object, you can contact MCH Group’s Data Protection Officer at any time.
Right to revoke consent to the processing of data
Any person affected by the processing of personal data is entitled to revoke, at any time, the consent they have given to the processing of personal data.
If you wish to make use of your right to revoke your consent, you can contact our Data Protection Officer on this matter at any time.
Contact, questions and suggestions
If you have any further questions or comments regarding our data protection concerns, our webpages and our security concept, we would ask you to contact us by e-mail at the following address: email@example.com