Privacy Policy

1. Introduction

The protection of your personal data is important to us. We process personal data solely in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and any other applicable data protection laws.

This privacy policy provides information on the nature, scope and purposes of the processing of personal data on our website and in connection with our registered association's activities.

2. Data Controller

Förderverein Open Source, Cloud Native and Artificial Intelligence Bavaria e.V. (registered association under German law) Adlzreiterstr. 8 83022 Rosenheim

Represented by the Executive Board within the meaning of Section 26 of the German Civil Code (BGB):

  • First Chair: Max Körbächer
  • Second Chair: Nico Meisenzahl
  • Treasurer: Markus Sümmchen

Contact: team@cloudnativesummit.de

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO).

Contact: team@cloudnativesummit.de

4. Legal Bases for Data Processing

We process personal data, in particular, on the following legal bases:

  • Art. 6(1)(a) GDPR - consent
  • Art. 6(1)(b) GDPR - contract or pre-contractual measures
  • Art. 6(1)(c) GDPR - legal obligations
  • Art. 6(1)(f) GDPR - legitimate interests

Where special categories of personal data within the meaning of Art. 9 GDPR are processed, the additional requirements of Art. 9 GDPR apply.

5. Visiting Our Website

5.1. Automatically Processed Technical Data

When you merely visit our website, the following data is processed:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL

This processing is technically necessary in order to ensure the security and stability of the website.

5.2. Cookies

We do not use cookies.

5.3. Encryption

This website uses SSL/TLS encryption to protect the transmission of data.

6. Processing of Personal Data by Target Group

6.1. Ticket Buyers / Event Participants

6.1.1. Ticket Sales via Fienta

Personal data processed:

  • Name
  • Email address
  • Phone number
  • Ticket type, price, time of purchase
  • Payment status
  • IP address and technical metadata

Purposes of processing:

  • Processing the ticket purchase
  • Sending the tickets
  • Access control for the event

Fienta acts as a processor pursuant to Art. 28 GDPR.

6.1.2. Payment Processing via Stripe

Personal data processed by Stripe may include:

  • Cardholder name
  • Email address
  • Billing address
  • Credit card or bank account details
  • Transaction data
  • Stripe-specific cookies, where applicable

Purposes of processing:

  • Processing the payment
  • Fraud prevention
  • Compliance requirements of the payment service provider

Stripe may process and store certain personal data in the United States, subject to the applicable legal safeguards for third-country transfers.

6.1.3. Conference Badges via Fredo (Ticketbutler)

For the creation and production of conference badges, we use the third-party provider Fredo (Ticketbutler).

Personal data processed:

  • Name
  • Company/organization (if provided)
  • Ticket category / participant type
  • Badge identifier (e.g., order or ticket number)

Purposes of processing:

  • Creating and printing conference badges
  • Organizing badge distribution at the event

Fredo (Ticketbutler) acts as a processor pursuant to Art. 28 GDPR.

6.1.4. Newsletter Subscription via Mailchimp

When purchasing a ticket, participants may be automatically added to our newsletter.

Personal data processed:

  • Email address
  • Name (optional)
  • IP address and time of subscription
  • Technical usage data

Purposes of processing:

  • Sending event-related information
  • Newsletter communication via Mailchimp

You may withdraw your consent at any time with effect for the future.

6.2. Sponsors

6.2.1. Google Workspace (Docs, Sheets, Drive, Forms)

Personal data processed:

  • Contact information
  • Contract and sponsorship data
  • Uploaded files
  • Form entries
  • Technical metadata

Purposes of processing:

  • Managing sponsor relationships
  • Document management
  • Data sharing within the registered association

6.2.2. Adobe Acrobat / Adobe Sign

Personal data processed:

  • Names
  • Email addresses
  • Digital signatures
  • Contract contents
  • Technical usage data

Purposes of processing:

  • Creating and digitally signing sponsorship agreements
  • Legally verifiable electronic signatures

6.2.3. Mailchimp for Sponsor Communication

Personal data processed:

  • Email address
  • Name
  • Technical usage data

Purposes of processing:

  • Sending information, updates, and organizational communications

You may withdraw your consent at any time with effect for the future.

6.2.4. sevDesk for Accounting

Personal data processed:

  • Invoice data
  • Payment information
  • Name, address
  • Communication data

Purposes of processing:

  • Accounting
  • Compliance with statutory retention obligations
  • Creating receipts and statements

No data is transferred to third countries.

6.3. Speakers

6.3.1. Management via Sessionize

Personal data processed:

  • Name
  • Email address
  • Short biography
  • Talk title, descriptions
  • Profile pictures
  • Technical metadata

Purposes of processing:

  • Call for Speakers
  • Program planning
  • Communication and selection processes

6.3.2. Mailchimp for Speaker Communication

Personal data processed:

  • Name
  • Email address
  • Double opt-in data
  • Newsletter interactions

Purposes of processing:

  • Organizational communication
  • Timely information before and during the event

6.4. Newsletter Subscribers (General)

Personal data processed:

  • Email address
  • Name (optional)
  • Technical usage data
  • Confirmation and registration timestamps

Purposes of processing:

  • Sending association information
  • Managing newsletter subscriptions

You may withdraw your consent at any time with effect for the future.

6.5. Embedded Content & External Platforms

6.5.1. YouTube

By embedding videos, when playback starts, data such as your IP address, device information, and (where applicable) location data may be transmitted to YouTube/Google.

Where possible, Enhanced Privacy Mode is used.

6.5.2. Google Maps

Personal data processed:

  • IP address
  • Technical data

Purposes of processing: Providing directions.

6.5.3. Social Media Links

We link to:

  • LinkedIn
  • Discord
  • X (formerly Twitter)
  • Bluesky

When you access these links, the privacy policies of the respective provider apply. We do not process any personal data in this context.

7. Transfers to Third Parties & Third Countries

We disclose personal data to recipients only if:

  • this is necessary for the performance of a contract
  • you have given your consent
  • we are subject to a legal obligation
  • processing is carried out by a processor under a data processing agreement (Art. 28 GDPR)

Where personal data is transferred to recipients in third countries (e.g., the USA), this takes place only if the requirements of Art. 44 et seq. GDPR are met, in particular on the basis of appropriate safeguards such as:

  • EU-US Data Privacy Framework
  • Standard Contractual Clauses

8. Data Subject Rights

You have the following rights under the GDPR at any time:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Withdrawal of consent
  • Right to object to processing

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a competent supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach poststelle@lda.bayern.de www.lda.bayern.de

10. Validity & Changes

We reserve the right to amend this privacy policy as necessary.

The version published on our website at the time of your visit is the applicable version.