Privacy Policy

Privacy Policy

1. Introduction

The protection of your personal data is very important to us. We process personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable legal provisions.

In the following, we inform you about the nature, scope, and purpose of the processing of personal data on our website and within the context of our association’s activities.

2. Controller

Förderverein Open Source, Cloud Native und Künstliche Intelligenz Bayern e.V.
Adlzreiterstr. 8
83022 Rosenheim
Germany

Represented by the Board in accordance with § 26 German Civil Code (BGB):

  • Chairman: Max Körbächer
  • Vice Chairman: Nico Meisenzahl
  • Treasurer: Markus Sümmchen

Contact: team@cloudnativesummit.de

3. Data Protection Officer

We have appointed a Data Protection Officer.

Contact: team@cloudnativesummit.de

4. Legal Bases for Processing

The processing of personal data is based in particular on:

  • Art. 6(1)(a) GDPR – Consent
  • Art. 6(1)(b) GDPR – Contract or pre-contractual measures
  • Art. 6(1)(c) GDPR – Legal obligations
  • Art. 6(1)(f) GDPR – Legitimate interests

For special categories of personal data, Art. 9 GDPR applies.

5. Visiting Our Website

Hosting via Vercel

Our website is hosted by:

Vercel Inc.
440 N Barranca Ave #4133
Covina, CA 91723
USA

When you access our website, technically necessary data is automatically processed by Vercel’s servers, including:

  • IP address
  • Date and time of the request
  • Browser type and version
  • Operating system
  • Referrer URL
  • Accessed pages/files

This data is required to:

  • Provide the website
  • Deliver content, for example via Content Delivery Networks
  • Ensure system stability and security

Processing is carried out within server log files and serves exclusively to ensure the secure and stable operation of the website.

Legal Basis

Processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR to provide a secure, high-performance and reliable website.

Data Processing Agreement

Vercel may act as a data processor within the meaning of Art. 28 GDPR. Where required, appropriate contractual agreements have been concluded.

Third Country Transfers

As Vercel is a US-based provider, data processing may take place outside the EU, particularly in the United States.

Data transfers are carried out exclusively on the basis of appropriate safeguards, including:

  • EU Standard Contractual Clauses (SCCs)
  • Other legally permitted transfer mechanisms

Access by US authorities cannot be completely excluded.

Data Retention

Server log data is stored only as long as necessary for secure operation and is then automatically deleted.

Cookies

We do not use cookies.

No Tracking or Analytics Tools

We do not use any tracking or analytics tools, including:

  • Google Analytics
  • Web tracking services
  • User tracking or profiling

No personal data is collected, stored or analysed for marketing or analytical purposes.

Encryption

Our website uses SSL/TLS encryption to protect data transmission.

6. Processing of Personal Data by Data Subject Groups

6.1 Ticket Buyers / Event Participants

6.1.1 Ticket Sales via Fienta

Processed data:

  • Name
  • Email address
  • Phone number
  • Ticket type, price, purchase time
  • Payment status
  • IP address and technical metadata

Purposes:

  • Processing ticket purchases
  • Sending tickets
  • Access control at the event

Fienta acts as a processor pursuant to Art. 28 GDPR.

6.1.2 Payment Processing via Stripe

Stripe processes:

  • Cardholder name
  • Email address
  • Billing address
  • Payment information
  • Transaction data
  • Potential Stripe cookies

Purposes:

  • Payment processing
  • Fraud prevention
  • Compliance requirements

Data may be stored in the USA.

6.1.3 Conference Badges via Fredo (Ticketbutler)

Processed data:

  • Name
  • Company/organization, if provided
  • Ticket category / participant type
  • Badge identifier, for example ticket number

Purposes:

  • Creating and printing badges
  • Managing badge distribution

Fredo (Ticketbutler) acts as a processor pursuant to Art. 28 GDPR.

6.1.4 Newsletter Registration via Mailchimp

Participants may be automatically subscribed to our newsletter.

Processed data:

  • Email address
  • Optional name
  • IP address and registration timestamp
  • Technical usage data

Purposes:

  • Event-related communication
  • Newsletter distribution

Consent can be withdrawn at any time.

6.1.5 Community & Event Communication via Discord

Optional use of Discord.

Processed data:

  • Username
  • Profile information
  • Messages and files
  • IP address and technical data

Purposes:

  • Participant interaction
  • Event communication and support
  • Community building

Use is voluntary. Discord may transfer data to third countries.

6.2 Sponsors

6.2.1 Google Workspace

Processed data:

  • Contact details
  • Contract and sponsorship data
  • Uploaded files
  • Form inputs
  • Technical metadata

Purposes:

  • Sponsor management
  • Document management
  • Internal collaboration

6.2.2 Adobe Acrobat / Adobe Sign

Processed data:

  • Names
  • Email addresses
  • Digital signatures
  • Contract content
  • Technical usage data

Purposes:

  • Contract creation and signing
  • Legal documentation

6.2.3 Mailchimp — Sponsor Communication

Processed data:

  • Email address
  • Name
  • Technical usage data

Purpose:

  • Sending updates and information

6.2.4 sevDesk — Accounting

Processed data:

  • Billing data
  • Payment information
  • Name and address
  • Communication data

Purposes:

  • Accounting
  • Legal obligations
  • Invoice management

No third country transfer.

6.2.5 Communication via Discord

Optional communication channel.

Processed data:

  • Username
  • Profile data
  • Messages
  • IP and technical data

Purposes:

  • Coordination
  • Event organization

Transfers to third countries may occur.

6.3 Speakers

6.3.1 Sessionize

Processed data:

  • Name
  • Email address
  • Biography
  • Session details
  • Profile images
  • Technical metadata

Purposes:

  • Call for Speakers
  • Program planning
  • Communication

6.3.2 Mailchimp — Speaker Communication

Processed data:

  • Name
  • Email address
  • Double opt-in data
  • Interaction data

Purpose:

  • Organizational communication

6.4 Newsletter Subscribers

Processed data:

  • Email address
  • Optional name
  • Technical data
  • Registration timestamps

Purpose:

  • Sending newsletters

6.5 Embedded Content & External Platforms

YouTube

Data such as IP address and device information may be transferred to YouTube/Google.

Google Maps

Google Maps processes IP address and technical data.

Social Media Links

The following social media links may be used:

  • LinkedIn
  • Discord
  • X
  • Bluesky

Responsibility lies with the respective providers.

7. Data Transfers to Third Parties & Third Countries

Data is only transferred when:

  • Required for contract performance
  • Consent is given
  • Legal obligations apply
  • A processing agreement exists

Transfers to third countries are based on:

  • EU-US Data Privacy Framework
  • Standard Contractual Clauses

8. Data Subject Rights

You have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Data portability
  • Withdraw consent
  • Object to processing

9. Right to Lodge a Complaint

Bavarian Data Protection Authority (BayLDA)
Promenade 18
91522 Ansbach
Germany

Email: poststelle@lda.bayern.de
Website: www.lda.bayern.de

10. Validity & Updates

We reserve the right to update this privacy policy.

The current version published on our website always applies.