Privacy Policy

1. What is personal data? How does Sweap use the data of website visitors or users of the Sweap website or APP offer? What are the legal bases for processing the data?

Personal data and consent
Personal data is any information relating to an identified or identifiable natural person (i.e. "data subject"); a natural person is deemed to be identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data includes, for example, name, e-mail address or telephone number. But also data about hobbies, memberships or which websites have been viewed by someone are considered personal data.

Personal data is only collected, used and passed on by us if this is permitted by law or if the users agree to the collection of data.

Consent is any voluntary, informed and unequivocal expression of will in the specific case, in the form of a statement or other unambiguous affirmative act by which the data subject indicates his or her consent to the processing of personal data relating to him or her.

Visit the Sweap website
We (or the web space provider) collect data about every visit to the Sweap website (so-called server log files) ("access data"). These access data include:

Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider and additionally when using a mobile device:

Country code, language, device name, name of operating system and version.

We only use this access data for statistical evaluations for the purpose of operating, security and optimising our services on the Sweap website. However, we reserve the right to check this access data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. The storage of this data is then carried out against the background that only in this way can the misuse of our offer be prevented and, if necessary, this data can be used to clarify crimes committed. To this extent, the storage of this data is necessary to protect the person responsible for us as the data controller. As a matter of principle, this data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on of the data serves criminal prosecution.

Data when registering and using our services on the Sweap website or APP If the user registers on the Sweap website and creates a customer account, the following personal data is collected and stored by the user ("registration data")

First name and surname, e-mail address, telephone number, mobile number if applicable.

The user can manage this data at any time under 'Settings' in the menu.

The registration data entered as part of the registration process and any further profile data provided will be used via the Sweap website and with our support only to the extent that this processing is necessary for the fulfilment of a contract with us or for the implementation of pre-contractual measures, i.e. use of the Sweap website, and for the execution and processing of the user's enquiries.

Creation of individual user accounts on the Sweap website or APP

If a user has successfully purchased a software package from us as a "Customer", the Customer can "activate" individual persons as users when using the Sweap website or APP associated services. This means that the Customer wishes to grant access authorisations to individual persons, which the activated user can then carry out online or by using the APP ("activation").

In order to activate persons, the Customer shall provide the data (such as the e-mail address) of the individual persons, whereby the Customer assures us that the respective express consent of the person concerned has been obtained with regard to the transmission of the data to us for the purpose of activation.

The data collected in the course of activation will be used via the Sweap website or APP and with our support for the purposes of using the service.

Contact
When contacting us (for example by email), the user's details are stored for the purpose of processing the enquiry and in the event that follow-up questions arise.

Newsletter
With the newsletter we inform the user about us and our offers.

For the registration to the newsletter only the email address is needed. If the user registers for the newsletter, his email address is transferred to us or to the mail provider we have to name and stored there. After registration, the user will receive an email to confirm the registration ("double optin").

When registering for the newsletter, the IP address, the device name, the mail provider and the date of registration with us or with our mail provider Mailjet SAS, up to rue de l'Aubrac, 75012 Paris, France, is also stored. This storage serves only as proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the entitled person.

On our behalf, the mail provider receives and processes the data required for the order, i.e. the following data: Email address, IP address(es), domain name and connection and navigation data. These data are processed on servers of OVH SAS, 2 rue Kellermann, 59100 Roubaix, France. You can access the mail provider's privacy policy by clicking on the following link: https://www.mailjet.de/privacy-policy/

The user can revoke his consent to the storage of data, the email address and its use for sending the newsletter at any time. The revocation can be made free of charge (except for the transmission costs) via a link in the newsletter itself or by informing us or, if applicable, the mail provider directly via the above contact options.

Legal bases of the processing of data
The processing of data when using our offer is generally based on the legal basis of Art. 6 (1) b. DSGVO, i.e. the data are processed because they are necessary for the fulfilment of the contract between you and us or for the implementation of pre-contractual measures which are carried out at your request.

Furthermore, data processing by us, for example in the case of newsletters, can be based on Art. 6 (1) a. DSGVO if you have given your consent to the processing of personal data relating to you for specific purposes.

Furthermore, in special cases we may process your data on the basis of Art. 6 (1) c. DSGVO if processing is necessary to fulfil a legal obligation to which we or other responsible parties are subject or on the basis of Art. 6 (1) e. DSGVO if processing is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to us or the responsible party.

In addition, the legal basis from Art. 6 (1) f. DSGVO - for example in the case of the collection of data when you visit the Sweap website or the transmission of data to our shareholders and service providers - is relevant if the processing is necessary to protect our legitimate interests or those of a third party and your interests or fundamental rights and freedoms that require the protection of personal data do not outweigh the processing. A legitimate interest exists, for example, if there is a relevant and appropriate relationship between you (or the data subject) and us (or the person responsible), for example if the data subject is our customer or user of a service or is in his services.

We further refer to the respective explanations in the description of the processing operations in this data protection policy.

No profiling and automated decision making
When using our offer, no "profiling" or automated decision making by us takes place; however, in individual cases such profiling may be carried out by third party providers used by us, whereby we refer to this in this data protection guideline as far as possible.

2. Will data be passed on to third parties?

As a matter of principle, we only transfer personal data to third parties if this is necessary to carry out the offer and as described in this privacy policy.

Data will only be transferred if we are legally authorised or obliged to do so, the person concerned has effectively given his or her consent and has not revoked it, or if this is necessary to enforce our rights.

3. Access to and storage of information in terminal equipment

By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) sentence 1, (2) no. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent in accordance with Art. 6 para. 1 lit. a DSGVO. The consent can be revoked at any time for the future. The provisions of the DSGVO and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

For further information on the processing of your personal data and the relevant legal bases in this context, please refer to the following sections on the specific processing activities on our website.

4. Which third party services and offers and cookies are used?

Integration of third-party services and content

It is possible that third-party content, such as videos from YouTube and Vimeo, map material from Google Maps, RSS feeds or graphics from other websites may be integrated within the offer. This always presupposes that the providers of these contents (hereinafter referred to as "third-party providers") are aware of the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore necessary for the display of these contents. As far as possible, we will only use such content whose respective third-party providers use the IP address only to deliver the content and point this out accordingly. However, we have no influence on whether the third-party providers store the IP address for statistical purposes, for example. As far as we are aware of this, the users will be informed about it.

Cookies

Cookies are small files that enable specific information relating to the device to be stored on the user's access device (PC, smartphone or similar). On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they are used to record statistical data on website usage and to be able to analyse it for the purpose of improving the Sweap website. Users can influence the use of cookies. Most browsers have an option to restrict or completely prevent the storage of cookies. However, it should be noted that the use and in particular the comfort of use are restricted without cookies.

When the user visits the Sweap website, so-called session cookies are used, which are automatically deleted from the user's hard drive as soon as the user closes the browser window. The session cookies are required to assign successive page impressions to the respective users who access the platform at the same time.

Users can use many online advertisement cookies from companies via the US American site http://www.aboutads.info/choices/ or the EU side http://www.youronlinechoices.com/uk/your-ad-choices/.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc, Mountain View, CA, USA ("Google"). Google Analytics uses so-called "cookies", text files which are stored on the user's end device and which enable an analysis of their use of the offer. The information generated by the cookie about the use of the website by the user, such as browser type/version; operating system used; referrer URL (the previously visited page); host name of the accessing computer (IP address); time of the server enquiry when using the website is generally transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on the Sweap website or APP, the IP address of Google users within member states of the European Union or in other states which are party to the Agreement on the European Economic Area is shortened beforehand. The full IP address is therefore not transmitted to a Google server in the USA and is shortened there. IP anonymisation is active on the Sweap website or APP. On our behalf, Google will use this information to evaluate the use of the Sweap website or APP by users, to compile reports on website activities and to provide us with further services associated with the use of the offer and the Internet. The IP address transmitted by the user's browser within the framework of Google Analytics is not combined with other Google data. Users can prevent the storage of cookies by adjusting the settings of their browser software accordingly; however, users are advised that in this case they may not be able to use all the functions of the Sweap website or APP to their full extent. Users can also prevent the collection of data generated by the cookie and relating to their use of our website (including the IP address) from being sent to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout?hl=de. Nähere Informationen finden sich außerdem in den Bestimmungen zum Datenschutz von Google: http://www.google.de/policies/privacy

Fathom Analytics

This website uses the web analytics service Fathom. Fathom does not use "cookies" and does not store any personal information about you.

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both his web offer and his advertising. Fathom Privacy Policy: https://usefathom.com/privacy

Microsoft Clarity

On our websites, we integrate the "Microsoft Clarity" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Description of data processing and purpose

We use the service to better understand, analyse and evaluate the origin and nature of our website visitors and their interaction with our websites.

The service provides statistical evaluations of certain individual values (e.g. pages visited per session, scroll depth, length of stay of visitors, origin, type of terminal device used), heat maps (graphical highlighting of users' clicks on individual web pages) and session recordings (playable recordings of individual users' interaction with our web pages during a visit).

Cookies and similar technologies, in particular JavaScript, are used to store and read data on your terminal device. Details of the cookies and similar techniques used can be found above under "Access to and storage of information in terminal equipment" and "Cookies".

On the basis of the results obtained, we try to

• to trace the origin of visitors to our website,

• to identify errors in the structure and design of the web pages or insufficient compatibility with certain terminal devices, browsers or operating systems,

• understand barriers to visitors using our websites; and

• identify the effectiveness of online advertising campaigns.

In this way, we are able to understand how to adapt and optimise our websites to meet existing demand and manage our online advertising campaigns more effectively.

For these purposes, the service collects various information on the visit of the websites, the end devices used and the interactions of a user with our websites on the basis of a pseudonym.

In particular, the following types of data are processed by the service:

• User pseudonym (Clarity User ID).

• Website visit data

  • IP address of the requesting end device

  • Time of the request

  • Number of visits

  • length of stay

  • referring third party websites

  • Web pages accessed

  • country of origin of the user

• Data on end devices

  • Type of device (PC, tablet, mobile device, other)

  • Screen resolution

  • Operating system

  • Web browser

• Interactions with the website

  • Mouse pointer movements

  • Clicking behaviour

  • Scrolling behaviour

  • Typed text

  • Selected text

  • Clicked text

• User-defined interactions and events, if applicable

• Recording of the entire website visit (session recording)

Legal basis for data processing

The legal basis for the integration and use of the service is your consent, provided that you have given this via our consent management platform "CONSENT MANAGEMENT SYSTEM ".

The use of cookies and similar technologies is based on § 25 para. 1 TTDSG. The subsequent data processing is based on Art. 6 para. 1 p. 1 lit a DSGVO.

Your consent is voluntary and can be freely revoked at any time with effect for the future. To exercise your revocation, please use the link "Cookie settings" at the bottom of the website to call up our consent management platform "CONSENT MANAGEMENT SYSTEM " again and change your settings.

Data processing in third countries

When using the service, your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries without an adequate level of data protection, in particular in the USA.

If your data is transferred to third countries, there is a risk that authorities there will access your data for security and monitoring purposes without you being informed or being able to appeal.

To ensure an adequate level of data protection when transferring your data to the third country, standard data protection clauses are concluded by the European Commission in accordance with Art. 46 Para. 2 lit. c DSGVO. They oblige the recipient of the data to process it in accordance with the European level of protection.

If the standard data protection clauses are not sufficient to ensure the level of protection, additional technical, contractual or organisational measures are taken to safeguard the transfer of data. Furthermore, it is regularly reviewed and assessed whether these additional measures continue to ensure a sufficient level of data protection or whether further supplementary measures should be taken if necessary.

Recipients

In the course of using the service, the data collected via our websites will be transmitted to the following recipients:

• Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,

• Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

In principle, we have no influence on any further data processing by the third-party provider.

Further information on the handling of personal data by the provider of the service can be found at https://privacy.microsoft.com/de-de/privacystatement.

Storage period

Through the integration of the service on our websites, data is transmitted to the above-mentioned recipients and stored there for a period of 13 months. Playable recordings of sessions are deleted after 30 days. Any further storage of the data processed by the service and made available to us in our own systems does not take place.

Social Plugins

We are connected via "social plugins" to various social networks, namely Facebook, Twitter and Instagram.

These social plugins are deactivated without user intervention and therefore no data is transmitted. For example, if a user wishes to share content, he or she must first click on the relevant button on the Sweap website or APP. If the user is logged into the relevant social network in his user profile, once the button has been activated the user will not be able to link the visit to the Sweap website or APP until he clicks on the button again, e.g. using the 'Share' function. The user can of course deactivate this function at any time and manage it within the Sweap website or APP under 'Settings'.

If the user does not wish the social networks to collect data about the Sweap website or APP, he should log out of the Sweap website or APP before visiting it. However, if the relevant button is activated by clicking it, cookies with an identifier will still be set each time the Sweap website or APP is accessed. This function may therefore be used to collect data and to create a profile that may be attributable to a single person (in the sense of "profiling"). If the user does not wish to do this, he can deactivate the corresponding link on the Sweap website or APP by clicking on it. The user can also set his or her browser so that the acceptance of cookies is generally excluded; however, we would like to point out that in this case the functionality of the Sweap website or APP may be restricted.

Facebook

The offer uses the social plugin for the social network facebook at facebook.com from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The privacy policy of Facebook is available at https://dede.facebook.com/about/privacy/.

Facebook Pixel

We use "Facebook Pixel" on our website, a service of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: "Facebook").

Provided you have given us your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, we use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting advertisements on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying advertisements.

Facebook Pixel enables Facebook to display our ads on Facebook, so-called "Facebook Ads" only to those Facebook users who were visitors to our website, in particular those who showed interest in our online offer. In this case, Facebook Pixel also enables us to check whether a user was redirected to our website after clicking on our Facebook Ads. Among other things, Facebook Pixel uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into Facebook with your user account, the visit to our online offer will be noted in your user account. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, this data can be linked by Facebook with your user account there. If you have a user account on Facebook and are registered, Facebook can assign the visit to your user account.

As a transfer of personal data to the USA takes place, further protective mechanisms are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

Further information on data protection from the third party provider can be found on the following Facebook website: https://www.facebook.com/about/privacy.

Information on Facebook Pixel can be found on the following Facebook website:
https://www.facebook.com/business/help/65129470501...

You can make the relevant settings for which types of advertisements are displayed to you within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads.

We would like to point out that this setting is deleted when you delete your cookies. In addition, you can deactivate cookies that are used to measure reach and advertising purposes via the following websites:
http://optout.networkadvertising.org/
http://www.aboutads.info/choices
http://www.youronlinechoices.com/uk/your-ad-choice...
Please note that this setting is also deleted when you delete your cookies.

Twitter

The offering uses the social plugin for the Twitter social network at twitter.com of Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter"). The privacy policy of Twitter is available at https://twitter.com/privacy .

Instagram

The Offer uses the Social Plug-in for Instagram LLC, 181 South Park Street Suite 2, San Francisco, CA 94107, USA ("Instagram"). The Instagram Privacy Policy is available at https://www.instagram.com or https://help.instagram.com/155833707900388.

Crashlytics

In order to be informed immediately if there are problems or crashes with one of our services or offers, we use the tool Crashlytics as an offer from Google Inc, Mountain View, CA, USA ("Crashlytics"). No personal data is transmitted. Only real-time crash reports with exact details of code locations and device information are sent. You can find more information on data protection at Crashlytics here: https://try.crashlytics.com/terms/privacy-policy.pdf

Cookie Consent with Usercentrics

This website uses Usercentrics' cookie-content technology to obtain your consent to the storage of certain cookies on your terminal device and to document this in a manner consistent with data protection. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, Website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

• Your consent(s) or the revocation of your consent(s)

• Your IP address

• Information about your browser

• Information about your end device

• Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the consents granted or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie itself or the purpose for which the data is stored no longer applies. Mandatory statutory storage obligations shall remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c DSGVO.

YouTube with enhanced data protection

This website incorporates videos from YouTube. The operator of the site is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the enhanced privacy mode does not necessarily exclude the sharing of information with YouTube partners. For example, YouTube connects to the Google DoubleClick network whether or not you are watching a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your surfing habits directly with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your terminal device until you delete them.

Once a YouTube video has started, it may trigger further data processing operations over which we have no control.

YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Further information on data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our sites equipped with a Vimeo plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA. If you are logged in to your Vimeo account, you allow Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. Vimeo is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO. If the appropriate consent has been requested (e.g. consent to the storage of cookies), processing will be carried out exclusively on the basis of Art. 6 para. 1 letter a DSGVO; consent may be revoked at any time. Further information on the handling of user data can be found in the Vimeo privacy policy at: https://vimeo.com/privacy.

Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes. In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally. The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

Typeform

This is a service for online form creation and online surveys.

• processing undertakings: TYPEFORM SL, C/Bac de Roda, 163, 08018 Barcelona, Spain

• Data processing purposes: surveys

• Used technologies: Accept cookies

• Data collected: This list contains all (personal) data collected by or through the use of this service: IP address, e-mail address, date and time of visit, duration of visit

• Legal basis: The legal basis for the processing of personal data required under Article 6 I 1 of the DSGVO is set out below: Art. 6 para. 1 s. 1 lit. a DS-GVO.

• Place of processing: European Union

• Retention period: The data are deleted as soon as they are no longer needed for the processing purposes.

• Data receiver: TYPEFORM SL

• Data protection officer of the processing company: Below you will find the e-mail address of the data protection officer of the processing company: gdpr@typeform.com.

• Further information and opt-out: click here to read the data processor's privacy policy https://admin.typeform.com/to/dwk6gt/

Implementation of online surveys

• 1. Participation in surveys
  We conduct online surveys on viral events and other relevant topics from the event industry to collect data for e.g. reports. If you participate in one of our online surveys, we process personal data of the participants and their answers. The legal basis for the processing of your personal data within the scope of the survey is your given consent according to Art. 6 para. 1 sentence 1 DSGVO. You can revoke your given consent at any time with effect for the future by e-mail to privacy@mateforevents.com.

• 2. Sending the results of our survey and newsletter
  After completing the survey, you will have the opportunity to enter an e-mail address to be informed about the results of the survey and to receive further information about our offers and products. We use the so-called double opt-in procedure to send the results of the survey and our newsletter. This means that we will only send you the results of the survey and our newsletter by e-mail if you have expressly confirmed to us that you agree to the dispatch. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive the results of the survey and future newsletters. With the confirmation, you give us your consent in accordance with Art. 6 Par. 1 S. 1 lit. a DSGVO that we may use your personal data for the purpose of the desired newsletter dispatch. You can revoke any such consent granted at any time with effect for the future by sending an e-mail to privacy@mateforevents.com.

5. Your rights: information, correction, deletion, restriction of processing, revocation, data transferability, right of complaint

Right of access to information
Every user has the right to receive information about the personal data stored about him/her at any time and free of charge. For this information the user can contact privacy@mateforevents.com.

This right of access includes confirmation of whether personal data relating to the data subject is being processed and, if so, the following information:

The purposes of the processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations; if possible, the envisaged duration for which the personal data will be kept or, if that is not possible, the criteria for determining that duration DSGVO) and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing on the data subject.

In particular, the right to information does not exist if the data is stored only because it may not be deleted due to legal or statutory storage regulations, or if it is used exclusively for the purposes of data security or data protection control and the provision of information would require a disproportionate effort, and if processing for other purposes by appropriate technical and organisational measures is excluded.

Revocation

Every user has the right to revoke his or her consent to the use, processing or transmission of his or her data to us at any time in writing or by email. For this purpose the user can contact privacy@mateforevents.com.

In the event of revocation, we will no longer process the user's stored data and will delete it immediately. This does not apply if compelling reasons for processing worthy of protection can be proven, if the interests, rights and freedoms of the users outweigh the data or if the processing serves to assert, exercise or defend legal claims.

We will therefore continue to use this data, for example, if it is still necessary for the processing of the contractual relationship.

Correction and completion of data

The user or person concerned has the right to ask us to rectify any incorrect personal data relating to him/her without delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. For this purpose, you can contact privacy@mateforevents.com.

Deletion ("right to be forgotten")

The user has the right to have personal data stored by us deleted immediately. For this purpose the user can contact privacy@mateforevents.com.

Immediate deletion takes place in the following cases:

• The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

• The data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing;

• The data subject objects to the processing and there are no overriding legitimate reasons for processing; the personal data have been processed unlawfully

• The deletion of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject;

• The personal data were collected directly from a child under the age of 16 or without parental responsibility consent in relation to Information Society services provided.

Upon termination of the user relationship, the user's data in the internal database is regularly deleted. Data is excluded from deletion if, for example, processing of the data is necessary for the assertion, exercise or defence of legal claims; for example, the processing of the contract with Sweap (see also point V. below) or if deletion is prevented by legal retention periods.

Furthermore, the data will not be deleted if this is necessary (i) to fulfil a legal obligation which requires processing under the applicable law or to perform a task in the public interest or in the exercise of official authority vested in the controller; (ii) to exercise the right to freedom of expression and information; (iii) for reasons of public interest in the field of public health; or (iv) for archiving, scientific or historical research or statistical purposes in the public interest where the right of deletion is likely to make the attainment of the objectives of such processing impossible or to seriously prejudice it.

Similarly, in the case of non-automated data processing, erasure need not take place if, owing to the particular nature of the storage, it would not be possible or would involve a disproportionate effort and the data subject's interest in obtaining erasure is considered to be minimal. Deletion is then replaced by the restriction of processing.

Furthermore, we restrict processing and do not delete the data for as long as we have reason to believe that deletion would adversely affect your interests or those of the data subject worthy of protection. We will inform you or the data subject about the restriction of processing unless the information proves impossible or would require a disproportionate effort.

See also the following point "Restriction of processing" and point 5. below.

Restriction of processing
You also have the right to request that the processing be restricted. For this purpose you can contact privacy@mateforevents.com. You can only successfully enforce the right to restrict processing if one of the following conditions is met:

• the accuracy of the personal data is contested by the data subject, for a period of time which allows the controller to verify the accuracy of the personal data

• the processing is unlawful and the data subject requests their erasure

• who rejects personal data and instead demands the restriction of the use of personal data;

• the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or

• the data subject has lodged an objection to the processing as long as it has not been established that the controller's legitimate reasons outweigh those of the data subject

In the event that you have obtained a restriction on processing, you will be notified by us accordingly before the restriction is lifted.

A restriction of processing can also be applied in certain cases instead of deleting the data. See in particular the above point "Deletion ("right to be forgotten")".

Right to data transferability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. For this purpose you can contact privacy@mateforevents.com.

You also have the right to have these data communicated to another controller without hindrance by the controller to whom the personal data have been made available, provided that the processing is based on consent or on a contract to which the data subject is a party and that the processing is carried out using automated procedures.

In exercising your right to data transfer, you have the right to obtain that personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.

This right does not apply to the extent that the rights and freedoms of other persons are prejudiced or to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of appeal
Every user has a right of appeal to a supervisory authority of his choice. The supervisory authorities in Germany are the competent (data protection) authorities under the respective laws of the Länder.

6. Duration of storage of personal data; deletion periods

As a rule, we only store your personal data for as long as it is necessary to implement the contract or the respective purpose and limit the storage period to an absolutely necessary minimum.

In the case of longer-term contractual relationships, such as when using our services, these storage periods may vary, but are generally limited to the duration of the contractual relationship or, with regard to inventory data, to the statutory storage periods (including those in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO)).

Criteria for the storage period include whether the data is still up-to-date, the contractual relationship with us still exists or whether an enquiry has already been processed or a process has been completed or not and whether legal retention periods for the personal data concerned are relevant or not.

7. Data security, scope of application

For the best possible protection of the user's data, the SweapWebsite or APP is offered via a secure SSL connection between the user's server and the browser, i.e. the data is transmitted in encrypted form.

Data when using our offer is stored on servers within the European Union (EU), subject to other information being sent to the user. We use the server provider IBM Deutschland GmbH, IBM-Allee 1, 71139 Ehningen, Germany with the service IBM Cloud in the data centre in Frankfurt (Germany) and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany with data centre locations in: Nurnberg, Falkenstein (Germany) ̈ who process the data on our behalf.

We expressly draw the user's attention to the fact that data protection and data security for data transmissions in open networks such as the Internet cannot be fully guaranteed under the current state of technology. The user is aware that the provider may, from a technical point of view, view the website stored on the web server and possibly also other user data stored there at any time. The user himself is fully responsible for the security and protection of the data transmitted by him to the Internet and stored on web servers. We cannot accept any liability for the disclosure of data due to errors or unauthorised access by third parties.

Availability and validity of the privacy policy; changes

This Privacy Policy can be viewed, downloaded and printed out at any time on the website at https://sweap.io/privacy.

We may amend this Privacy Policy in accordance with applicable regulations.

8. Person responsible and contact person for data protection

Controller as the natural or legal person, authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data, who is the Sweap website or APP

Sweap Development GmbH
Rankestraße 9
10789 Berlin

Company headquarters: Berlin
Register court: Local court Berlin - Charlottenburg
Registration number: HRB 174234 B

Represented by the managing directors:
Florian Kühne
Matthias Heicke
Sven Frauen

Email: privacy@mateforevents.com

If you have any questions regarding the collection, processing or use of personal data, or if you wish to exercise your rights (e.g. information, correction, deletion of data and revocation of consents granted), please contact us using the contact details given above.

9. Contact details of the data protection officer

Proliance GmbH / www.datenschutzexperte.de

Data protection officer
Leopoldstr. 21
80802 Munich

datenschutzbeauftragter@datenschutzexperte.de

If you have any questions regarding the collection, processing or use of personal data, or if you wish to exercise your rights (e.g. information, correction, deletion of data and revocation of consents granted), please contact us using the contact details given above.