Nearly sold out. Just a few spaces remain – book now or miss out.
10TH EDITION • MESSE BERLIN
17 FEB 2026: 09:00-18:00 • 18 FEB 2026: 09:00-17:00

PRIVACY POLICY

This Privacy Policy explains how we process personal data in connection with the E-commerce Berlin Expo, including our website, ticketing process, digital event platform, Masterclasses and other event-related services.

Table of Contents

  1. Controller within the meaning of the GDPR
  2. Which personal data are processed?
  3. Cookies
  4. Registration
  5. Networking Platform
  6. Badge Scanning and Data Sharing
  7. Newsletter
  8. Chatbot
  9. Masterclasses
  10. Call for Speakers Contest
  11. Additional processing activities
  12. Your rights as a data subject
  13. Right to lodge a complaint
  14. Changes to this Privacy Statement
  15. International data transfers
  16. Processors and recipients of personal data
  17. Photography and Video Recordings During the Event

1. Who is the Controller?

The Controller for the purposes of GDPR is:

E-Commerce Capitals spółka z ograniczoną odpowiedzialnością sp. k. seated in Poznań (Poland), Matejki st. 6/7, 60-766 Poznań (Poland), entered into the Register of Entrepreneurs under the National Court Register number 0000592712, whose files are kept by the District Court Poznań Nowe Miasto and Wilda in Poznań, 8th Economic Department of the National Court Register, that uses tax identification number (TAXID): PL7792423665 and REGON statistical number: 363746333

Data protection enquiries (including erasure requests, withdrawal of consent, or any matters directed to the Controller) may be sent to: hello@ecommerceberlin.com.

The Controller determines the purposes for which and the means by which personal data is processed.

Legal bases we rely on (overview): We process personal data only where permitted by law, in particular on the following legal grounds:

  • Art. 6(1)(a) GDPR (consent) where required (e.g., analytics/marketing cookies, newsletter, sponsor data sharing),
  • Art. 6(1)(b) GDPR (contract performance or steps prior to entering into a contract),
  • Art. 6(1)(c) GDPR (legal obligations),
  • Art. 6(1)(f) GDPR (legitimate interests, e.g.. security, fraud prevention, service operation and improvement).

Where we transfer data outside the EEA, we use Standard Contractual Clauses (SCCs) and, where appropriate, supplementary measures.

2. Which personal data are processed?

Personal data are any information relating to an identified or identifiable natural person (e.g., name, email, phone, company data) and also information automatically collected when you use our website, ticket shop, and digital event platform ("access data"). In addition to accessing data, we process personal data you provide voluntarily (e.g., registration, contact requests, newsletter subscription, ticket purchase). We process data only as necessary and for the purposes you have approved and/or permitted by law.

Our event and services are intended exclusively for professional attendees; we do not knowingly process data of individuals under 16.

2.1. Collection of access data

For technical reasons, whenever you access our website, your device automatically transmits data. We store the following access data separately from other data you may provide: date, time, and duration of visit, IP address, pages visited, user agent (browser/OS), actions performed on our website, your server, and referring website.

Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in providing a technically flawless, secure, and optimized service)

Recipients (processors): hosting/CDN and security service providers

Retention: We store these data in log files and delete them after 12 months, unless longer storage is required on an individual basis (e.g. suspected abuse or fraud), in which case we retain the respective logs until the facts are clarified and any follow-up measures are completed

2.2. Communication channels

We may contact participants using the contact details provided (email, telephone, and-where a mobile number is supplied-WhatsApp) to fulfil contractual obligations, provide event-related informatio,n and ensure efficient communication.

Legal bases: Art. 6(1)(b) GDPR (where communication is necessary to deliver the services you registered for) and Art. 6(1)(f) GDPR (maintaining effective customer and participant relations beyond what is strictly necessary).

Retention: operational correspondence for the duration of the relationship and generally up to 24 months thereafter; where messages form part of contract performance or compliance evidence, we may retain them up to the applicable limitation/record-keeping periods.

Recipients (processors): email/telephony providers; WhatsApp if used (see international transfers below).

3. Cookies

We use "browser cookies" and similar technologies to collect information about your use of our website. Cookies are small text files stored on your device to save specific settings and data that your browser exchanges with our systems.

We use: (i) necessary cookies (security and core functionality), (ii) functional cookies (e.g., language), (iii) performance/session cookies, and (iv) marketing/targeting cookies.

To ensure transparent and legally compliant use of cookies, we use Cookiebot by Usercentrics as our consent management tool. You can give, refuse, or withdraw consent to different categories at any time via the cookie banner. Please note that rejecting cookies altogether may limit functionality.

Legal basis & EU/DE requirements: For non-essential cookies/technologies, we obtain prior consent under Art. 6(1)(a) GDPR and § 25 TTDSG (Germany). For strictly necessary cookies, processing is based on Art. 6(1)(f) GDPR (our legitimate interest in providing the service).

You can withdraw consent at any time via the cookie banner; withdrawal does not affect prior lawful processing.

Retention: Cookie storage periods depend on the category and purpose (session or persistent). We provide the current list (name, provider, purpose, type, duration) in the cookie banner (Cookiebot scan). As a rule, analytics/marketing cookies are retained for up to 13 months unless you withdraw consent earlier.

3.1. Tools for website analysis, marketing and optimization

We use the following services only on the basis of your consent (Art. 6(1)(a) GDPR; § 25 TTDSG for reading/writing identifiers). You can withdraw consent at any time via the cookie banner. Where providers are outside the EEA (e.g., the United States), transfers are based on SCCs, and we implement appropriate safeguards. Retention of events/identifiers follows the tool settings (generally 14-26 months for analytics; marketing cookies up to 13 months).

3.1.1. Facebook / Meta Marketing services by Meta Platforms Ireland Limited to measure ad effectiveness and show personalised content or ads (may link to your account if logged in). Transfers: Meta Platforms, Inc. (USA) under SCCs. Legal basis: Art. 6(1)(a) GDPR (consent).

3.1.2. Google Analytics (GA4) Web analytics by Google Ireland Limited (IP anonymisation enabled; events and behavioural data incl. approximate location, device type, and on-site interactions). Transfers: Google LLC (USA) under SCCs. Legal basis: Art. 6(1)(a) GDPR (consent). Retention: events typically 14-26 months (as configured).

3.1.3. Google Ads Measuring campaign performance and showing relevant ads. Transfers: Google LLC (USA) under SCCs. Legal basis: Art. 6(1)(a) GDPR (consent).

3.1.4. LinkedIn Measuring campaign success and targeting professional audiences. Transfers: LinkedIn Corporation (USA) under SCCs. Legal basis: consent.

3.1.5. Microsoft Ads Tracking and analysing campaign success; cross-site recognition may occur. Transfers: Microsoft Corporation (USA) under SCCs. Legal basis: consent.

No detriment: Refusing or withdrawing consent to analytics/marketing will not affect your ability to use our website; only non-essential features are limited.

3.2. Processors and disclosures for cookies/analytics

We work with service providers (processors) to operate our website and digital services, including consent management (Cookiebot/Usercentrics), analytics and marketing platforms, mailing service providers, and cloud hosting. We ensure GDPR-compliant processing agreements and, where applicable, SCCs for third-country transfers. An up-to-date list of processor categories is available in this Policy; specific providers are named in the relevant sections and/or via the cookie banner.

4. Registration

4.1. As a visitor

a) If you want to participate in the E-commerce Berlin Expo, you must first fill out our visitor registration form. Our events are reserved for the professional public. To apply for, purchase a ticket, or redeem a voucher code through our ticket shop, we will require various data from you.

The following information is required:

  • Full name
  • E-mail address
  • Company
  • Position in the company
  • Phone number
  • Various statistical information about your company

After receiving a ticket, this data is required to create an account on the digital event platform. We also need this data to check your eligibility as a trade visitor and to put you in touch with relevant exhibitors or contact persons as part of our matchmaking service. Last but not least, we need this data to be able to respond to any queries you may send us.

b) Legal basis, purposes, and retention. We process personal data to be able to provide our ticket shop services and to initiate, execute, and process the ticket purchase and the associated user contract (Art. 6(1)(b) GDPR).

We also process data:

  • for direct advertising of our events and services on the basis of our legitimate interest (art. 6 (1) (f) GDPR, which consists of conducting direct marketing or where required - based on your consent (Art. 6(1)(a) GDPR) (see also Cookies/marketing tools section); Examples: newsletters, event announcements, offers tailored to your interests.
  • for optimization as well as market and opinion research (Art. 6(1)(a) GDPR where based on consent; otherwise only in anonymised/aggregated form) Examples: surveys, platform usage analytics, improving event services.
  • for preventing or identifying abuse and fraud, in particular in the case of vouchers and free tickets (Art. 6(1)(f) GDPR - our legitimate interest in preventing misuse and ensuring event security); Examples: voucher verification, preventing multiple redemptions, securing free-ticket workflows.
  • to comply with legal obligations (e.g., tax and commercial record-keeping) (Art. 6(1)(c) GDPR). Examples: accounting records, retention of invoicing data.

Retention: We store registration and ticketing data for the duration of the contractual relationship and, thereafter, for the applicable limitation and statutory record-keeping periods (in particular for tax/commercial law). Marketing communications based on art. 6 (1)(f) GDPR are sent until you object; communications based on consent are sent until you withdraw consent.

Account/profile data on the digital event platform are retained for as long as the account exists and may be deleted upon your request, unless we must retain certain information to comply with legal obligations or to establish, exercise, or defend legal claims.

Recipients/processors: We use service providers (processors) to operate the ticket shop, email/SMS communications, hosting, and the digital event platform; we ensure appropriate data processing agreements. If a payment provider is used for paid tickets, your payment-related data will be processed by that provider as an independent data controller for the purpose of executing the payment. Where exhibitors or sponsors receive your data (e.g., through explicit interactions in matchmaking tools or separate opt-ins), they act as independent controllers and will provide their own privacy information.

4.2. As a speaker

If you participate as a speaker at one of our events, we also collect the data mentioned in section 4.1 from you. In addition to the purposes mentioned there, we process your data for the following purposes: Speaker-related mailings (such as briefings, VIP events, and VIP services); As well as for the promotion of the presentation:

  • Listing on the website;
  • Listing in the conference agenda;
  • Announcements of speaker slots on social media, newsletters, and other media.

Legal basis: Performance of the speaker agreement, including the use of data for event promotion and agenda organisation (Art. 6(1)(b) GDPR). Where we rely on consent (e.g., for certain promotional activities, where required by law), Art. 6(1)(a) GDPR applies.

Retention: Data are stored for the duration of the speaker agreement and thereafter for the applicable statutory limitation and record-keeping periods (in particular for evidentiary purposes regarding the event programme and for compliance with legal obligations).

4.3. Erasure of your account/user profile

[Section content follows from structure, though text was not explicitly provided under this heading in the source snippet, section heading 4.3 exists in TOC].

5. Networking Platform

We offer our attendees a networking feature that allows them to interact with other users through our Event App. The profile in the app may only be used by the person named on the ticket.

Profiles are visible by default. However, you may deactivate (hide) your profile at any time, and you may also reactivate it afterwards to make it visible again.

The processing of basic profile information (your full name, job position and company name) for the purpose of B2B networking is based on the performance of the event participation contract concluded when you register for the event and receive your admission ticket (Art. 6(1)(b) GDPR).

Once you accept a connection request from another user, the scope of information shared via the app expands to include your phone number and email address. The disclosure of this information is based on the consent you provide during the app registration process (Art. 6(1)(a) GDPR).

Retention: Your networking profile data is stored for the duration of your account and participation in the digital event platform and is deleted upon account deletion unless statutory retention obligations apply or data is required to establish, exercise, or defend legal claims.

6. Badge Scanning and Data Sharing

6.1. At exhibitor booths

Attendees may choose to have their visitor badge scanned at exhibitors' booths. Scanning your badge constitutes a voluntary transfer of your contact details to the respective exhibitor or the co-exhibitor represented at that booth, enabling them to contact you after the event. In this context, the exhibitor becomes an independent data controller, separate from the Controller.

The following personal data are transferred through the badge-scanning process: full name, email address, company name, job position, and phone number.

Your data will not be shared without your consent. If you do not wish exhibitors to receive your data, please refrain from having your badge scanned at their booths.

Legal basis: The processing and transfer of your data takes place on the basis of your explicit consent provided during registration, to the processing of your personal data through the badge-scanning system for the purpose of sharing such data with exhibitors and sub-exhibitors (Art. 6(1)(a) GDPR).

6.2. At the entrance

We also scan visitor badges at the entrance for organisational and statistical purposes, such as analysing visitor flows and ensuring smooth operational management of the event.

Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in efficient event management and security).

Data from entrance scans is not used for marketing purposes nor shared with exhibitors or sponsors.

6.3. Sharing with sponsors

Where you have provided your explicit and voluntary consent during registration, the Organizer may share your personal data with selected main sponsors of the event, as identified during the Event, on the basis of appropriate data processing or data sharing agreements and only to the extent permitted by applicable law.

The data shared includes: full name, email address, company name, job position, and phone number.

The purpose of this data sharing is to enable sponsors to contact you in relation to their participation in the event. Upon receiving the data, sponsors become independent data controllers, processing your personal data for their own purposes connected with marketing communications regarding their involvement in the event. Sponsors are required to fulfil their information obligations under GDPR.

Legal basis: Your explicit consent (Art. 6(1)(a) GDPR).

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

7. Newsletter

You may subscribe to our newsletter free of charge. Subscription can take place in two ways

  • as part of the event participant registration process, or
  • via the newsletter subscription form available on the Controller's website.

If we have received your email address in connection with the purchase or receipt of a ticket, or through your registration as an event participant, we may send you newsletters about our own similar events and services. In all other cases, newsletters are sent only with your explicit consent (Art. 6(1)(a) GDPR).

You may, at any time:

  • withdraw your consent, or
  • object to receiving newsletters sent.

You also have the right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR), in particular with regard to the storage of your email address on a suppression list (blacklist).

Each newsletter contains an unsubscribe link. Withdrawal of consent or objection does not affect the lawfulness of processing carried out before such withdrawal.

We use an external mailing service provider acting as our processor under Art. 28 GDPR for sending newsletters. Where data is transferred outside the EEA, such transfer is based on Standard Contractual Clauses (SCCs) together with appropriate safeguards.

Retention: We store personal data for newsletter delivery for as long as your subscription remains active. After unsubscribing, we may continue to store your email address for a limited period on a suppression list (blacklist) to demonstrate compliance and to ensure no further messages are sent based on our legitimate interest in preventing unwanted communications (Art. 6(1) (f) GDPR).

8. Chatbot

To answer frequently asked questions, we use a chatbot provided by Chatlio (Chatlio LLC, 1329 N 47th St #31231, Seattle, WA 98103, United States, https://chatlio.com/). When using the chatbot, the following categories of data may be processed: technical connection data from server access (IP address, browser and device information, requested page, date and time of access, approximate location), as well as the content of your request, and where voluntarily provided - your name and/or email address.

Legal basis:

  • Art. 6(1)(f) GDPR our legitimate interest in providing efficient, user-friendly communication and support to visitors;
  • where you voluntarily provide contact data for follow-up inquiries directly related to your request (e.g., questions regarding registration, tickets, or participation), Art. 6(1)(b) GDPR applies (performance of pre-contractual measures/handling of direct inquiries);
  • where cookies or similar technologies that are not strictly necessary are used within the chatbot, their storage and access occur only upon your consent pursuant to Art. 6(1)(a) GDPR and § 25 TTDSG (see section on Cookie Tools). Such technologies are activated only after you have provided your consent.

International transfers: Chatlio LLC acts as a processor. Where personal data is transferred to the United States, such transfer takes place on the basis of the EU Standard Contractual Clauses (SCCs) together with supplementary measures where necessary in accordance with Articles 44 et seq. GDPR.

Retention: The data is processed solely for the purpose of answering your request and is not stored in a personally identifiable manner beyond that, unless necessary to handle your inquiry, comply with statutory retention obligations, or establish, exercise, or defend legal claims.

9. Masterclasses

Masterclasses are 35-minute workshops organized by the E-commerce Berlin Expo and conducted by selected exhibitors ("Speakers"). Each participant may apply for up to five (5) Masterclasses in advance via the event website. Applicants are informed about acceptance via email. Participants who are not selected may still join an on-site waiting list during the event and may be admitted subject to availability.

Scope of personal data and access When applying for a Masterclass in advance, the Organizer processes the following personal data: full name, company, position, e-mail address and telephone number.

Before acceptance, Speakers receive access only to limited data of applicants: full name, company and position.

After acceptance, the Organizer shares the participant's contact details (e-mail address and telephone number) with the respective Speaker.

For applicants who are not accepted, any follow-up communication related to the Masterclass is carried out solely by the Organizer on behalf of the Speaker. In such cases, the Speaker does not receive the applicant's contact details.

Participants who join a Masterclass on-site without prior registration (e.g. from a waiting line) acknowledge that their personal data (name, company, position and contact details) will be collected at the event and shared with the respective Speaker in order to manage participation and attendance.

Purpose and legal basis Personal data related to Masterclasses are processed for the purposes of:

  • managing the application and selection process,
  • communicating organizational information,
  • managing attendance (including on-site participation),

Legal basis:

  • Art. 6(1)(b) GDPR (performance of the contractual relationship related to the Masterclass application process).
  • Art. 6(1)(f) GDPR - the Controller's legitimate interest consists in ensuring the efficient and effective organisation of the event.

Sharing data with Speakers Where you have provided your explicit and voluntary consent during registration, the Organizer may share your personal data with Speakers, as identified during the Event, on the basis of appropriate data processing or data sharing agreements and only to the extent permitted by applicable law. The data shared include: (name, company, position and contact details) The purpose of this data sharing is to enable Speakers to contact you in relation to their participation in the event. Upon receiving the data, Speakers become independent data controllers, processing your personal data for their own purposes connected with marketing communications regarding their involvement in the event.

Legal basis: Your explicit consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

Retention The Organizer retains personal data related to Masterclass applications and participation for the duration of the event cycle and the applicable statutory limitation and record-keeping periods. Speakers, acting as independent controllers, determine their own retention periods for the personal data they receive.

10. Call for Speakers Contest

As part of the E-commerce Berlin Expo, we regularly host the "Call for Speakers" contest, where individuals and companies from the e-commerce industry may submit proposals for speaking slots. Participation is voluntary and free of charge.

We process personal data submitted in connection with the Call for Speakers contest for the purpose of reviewing proposals, communicating with applicants, selecting speakers, and where accepted publishing speaker details in the event agenda and related materials (Art. 6(1)(b) GDPR).

A detailed description of the categories of personal data processed, the legal basis for processing, storage periods, as well as the rights of participants under the GDPR can be found in our separate Personal Data Information for the Call for Speakers Contest, available here: https://ecommerceberlin.com/legal/cfp-data.

If speakers or applicants are located outside the European Economic Area, personal data may be transferred to third countries. Where required, such transfers are carried out on the basis of the EU Standard Contractual Clauses (SCCs) together with appropriate supplementary safeguards, where necessary, in accordance with Articles 44 et seq. GDPR.

11. Additional processing activities

The table below outlines additional processing activities, including the categories of personal data involved, the legal basis, the purposes of processing, and the applicable retention periods.

Contact form/general enquiries support

  • Data we collect: Name, email, content of request, phone (if provided)
  • Legal Basis (GDPR): Art. 6(1)(b) GDPR handling direct inquiry; Art. 6(1)(f) GDPR legitimate interest in effective communication
  • Retention period: For handling the request + applicable statutory limitation periods if required for legal defence

Accounting/invoicing administration IT hosting & infrastructure operations

  • Data we collect: Full name, email, phone, position, company, company statistical data; Technical service logs, IP-level diagnostic data, platform operational data
  • Legal Basis (GDPR): Art. 6(1)(b) GDPR contract performance / steps prior; Art. 6(1)(f) GDPR fraud prevention; Art. 6(1)(c) GDPR legal obligations; Art. 6(1)(f) GDPR service operation + security
  • Retention period: Duration of contractual relationship + statutory limitation / record-keeping periods; As per general retention rules in this Privacy Policy

Establishment, exercise & defence of legal claims

  • Data we collect: All data which may be necessary to assert or defend claims
  • Legal Basis (GDPR): Art. 6(1)(f) GDPR legitimate interest in defending or exercising legal claims
  • Retention period: For statutory limitation periods applicable to civil claims and legal evidence obligations

12. Your rights as a data subject

In accordance with the GDPR, Users have the right to decide how their personal data is processed. To exercise any of the rights listed below, simply contact the Controller via email. Please note that some rights apply only in specific situations in certain cases, the GDPR provides exceptions or limitations.

Right of access

  • What it means: You have the right to request information on whether your personal data is being processed and, if so, obtain access to that data.
  • Legal basis: Art. 15 GDPR

Right to receive a copy of your data

  • What it means: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Legal basis: Art. 15(3) GDPR

Right to rectification

  • What it means: You may request the rectification of inaccurate personal data or the completion of incomplete data.
  • Legal basis: Art. 16 GDPR

Right to erasure ("right to be forgotten")

  • What it means: You may request the deletion of your personal data if there is no legal basis for further processing or if the data is no longer necessary for the purposes for which it was collected.
  • Legal basis: Art. 17 GDPR

Right to restriction of processing

  • What it means: You may request restriction of processing, e.g., when you contest the accuracy of the data, when the processing is unlawful, or when you have lodged an objection to processing.
  • Legal basis: Art. 18 GDPR

Right to data portability

  • What it means: You may request that your personal data be transferred to another controller (under certain conditions).
  • Legal basis: Art. 20 GDPR

Right to withdraw consent

  • What it means: You may withdraw your consent to processing at any time and without providing a reason. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Legal basis: Art. 7(3) GDPR

Right to object to processing

  • What it means: You have the right to object to the processing of your personal data in situations where:
    • the data is processed on the basis of the Controller's legitimate interests,
    • the data is processed for the performance of a task carried out in the public interest or under official authority vested in the Controller,
    • the objection is based on your particular situation.
  • Legal basis: Art. 21 GDPR

To exercise any of the above rights, please contact us at hello@ecommerceberlin.com

13. Right to lodge a complaint

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

The competent supervisory authority for the Administrator is: Prezes Urzędu Ochrony Danych Osobowych (PUODO) ul. Stanisława Moniuszki 1A, 00-014 Warsaw, Poland https://uodo.gov.pl/

However, you may also lodge a complaint with any other supervisory authority within the European Union, including the locally competent authority in Germany.

Before doing so, we kindly ask you to contact us first so that we can attempt to resolve your concerns directly.

14. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in legal requirements or in the processing of personal data. The current version of this Privacy Statement is always available under "Privacy Policy".

15. International data transfers

Where we transfer personal data to recipients located outside the European Economic Area (EEA), such transfers only take place where the European Commission has adopted an adequacy decision pursuant to Art. 45 GDPR or, in the absence of such a decision, on the basis of appropriate safeguards within the meaning of Art. 46 et seq. GDPR. These safeguards may include, in particular, the EU Standard Contractual Clauses (SCCs) adopted by the European Commission, together with additional contractual, organisational and/or technical measures where required.

Transfers may occur, for example, in connection with service providers supporting the operation of our ticketing system, networking features, newsletter dispatch, chatbot functionality, Masterclasses, or the Call for Speakers contest. Where recipients outside the EEA act as processors, they are bound by data processing agreements pursuant to Art. 28 GDPR.

In exceptional cases (e.g., where you explicitly request a transfer or it is necessary for the performance of a contract with you), transfers may take place on the basis of Art. 49 GDPR. Such transfers occur only in exceptional and strictly necessary situations, as Art. 49 GDPR must not be relied upon for repetitive or large-scale transfers.

You may contact us at any time to obtain a copy of the safeguards applied for international transfers.

16. Processors and recipients of personal data

We do not share personal data with random or unauthorised entities. Any disclosure of personal data is always based on a valid legal basis and a clearly defined purpose arising from a contract, the performance of requested services, or from applicable law. We only transfer the personal data that is necessary for the relevant processing purpose.

Where we use external service providers who process personal data on our behalf, such providers act as processors and are contractually obliged to protect the data in accordance with Art. 28 GDPR. Personal data may also be shared with other recipients acting as independent controllers, where this is necessary to provide our services, comply with legal obligations, or pursue legitimate interests. These recipients include, in particular, providers of ticketing systems, networking features, newsletter mailing services, hosting providers, event technology services, and other partners involved in organising or supporting the E-commerce Berlin Expo.

Below you will find an overview of the processors we use in connection with the E-commerce Berlin Expo:

Facebook, Instagram

  • Processors within the EEA: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, DO2X525, Ireland

Analytics/measurement providers used based on consent

  • Processors outside the EEA:
    1. Linkedin Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA
    2. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
    3. Google Analytics, e-mail services Google LLC C/O Corporation Service Company, 251 Little Falls Drive, Wilmington, Delaware 19808, USA

Server hosting and infrastructure providers

  • Processors within the EEA: Hetzner Online GmbH (Germany): Industriestr. 25, 91710 Gunzenhausen, Germany.

Networking platform provider (digital event platform)

  • Processors within the EEA: ul. Truskawiecka 13, 60-478 Poznań, Polska

Chatbot service provider

  • Processors outside the EEA: Chatlio LLC, 1329 N 47th St #31231, Seattle, WA 98103, United States

Newsletter and mailing service providers

  • Processors within the EEA: Brevo (France) - 106 bd Haussmann, 75008 Paris, France
  • Processors outside the EEA:
    1. Woodpecker UK Ltd, Reed House, Ferry Road, Barrow Haven, Barrow upon Humber, North Lincolnshire, United Kingdom, DN19 7ET
    2. Mailchimp LLC, USA (np. 675 Ponce de Leon Ave NE, Atlanta, GA 30308, USA)

Cookie/consent management

  • Processors within the EEA: Usercentrics A/S (Cookiebot), Havnegade 39, 1058 Copenhagen K, Denmark

Event organization

  • Processors within the EEA: Fair Relations GmbH, Stadthausbrücke 8, D-20355 Hamburg, Germany (Commercial Register: HR 48218, Registration court: Amtsgericht Köln)

Entities outside the EEA always process data based on appropriate safeguards (primarily Standard Contractual Clauses) and are obliged to ensure GDPR-compliant protection of personal data.

In addition, personal data may be shared with independent controllers where required for the purposes described in this Privacy Policy, such as Masterclass speakers or exhibitors receiving data following badge scans or explicit consents. In those cases, those entities act as independent controllers and are responsible for their own GDPR compliance.

17. Photography and Video Recordings During the Event

During the E-commerce Berlin Expo, photographs and video recordings may be taken in which participants may be identifiable. Such recordings may be used by the Organizer for documentation, editorial, informational, and promotional purposes related to the event. This includes publication online (e.g., on the Organizer's websites and social media channels), in advertising materials, promotional videos, printed materials, press releases, and electronic marketing communications.

Legal basis:

  • Art. 6(1)(f) GDPR our legitimate interest in documenting and promoting the event, particularly where participants are captured as part of larger groups, in situational, non-posed, background or contextual shots that do not specifically highlight the individual.
  • Art. 6(1)(a) GDPR + separate consent to the use of image where recordings depict participants in a clearly identifiable, individualised or posed manner (e.g., portrait photos, close-ups, promotional shots centred on a specific person). In such cases, we obtain separate consent where required under applicable law.

Right to object: Participants may object at any time to the processing of their image for promotional purposes carried out on the basis of our legitimate interests. Upon receiving an objection, we will cease using that participant's image in future promotional materials. This does not affect materials that were lawfully published before the objection was made, nor materials processed on the basis of consent prior to its withdrawal.

Retention: Materials containing the image of participants that are processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) may be retained for documentation, reporting and evidence purposes for the duration of the event cycle and for as long as necessary to establish, exercise or defend legal claims, in accordance with the general data retention principles set out in this Privacy Policy. Materials processed on the basis of consent (Art. 6(1)(a) GDPR) may be stored and used until the consent is withdrawn. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Effective as of: [December 2025]