Data privacy policy XFAIR.check-in

General
We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations. This privacy policy applies to our mobile iPhone and Android apps (hereinafter “APP”).
For security reasons and to protect the transmission of data, this APP uses an HTTPS connection. This connection encrypts the communication to the web service and protects your data.
We point out that data transmission on the Internet can have security gaps.

Responsible entity
The responsible party for data processing within the scope of this APP is:
XFAIR GmbH
Ohmstrasse 1
85716 Unterschleissheim
Phone: +49 (0)89 3090968-0
Email: [email protected]
Website: www.xfair.com

Data Protection Officer
You can reach our data protection officer at:
Markus Scheid
Ohmstrasse 1
85716 Unterschleissheim
Email: [email protected]

Purposes of the processing and nature of the data
With our APP XFAIR.check-in, you can check in and out during a trade fair or event, indicating your attendance status. The respective status is displayed in real time in our web-based software EMS (Event Management System). When using the app, you can set your status and specify a reason and return time if you are absent. The integrated push notification functionality offers the possibility to send messages from EMS directly to the app user.
• Email and password: this information is required to authenticate you as an EMS user and app user
• App ID/UUID: the ID is automatically generated and sent to our server when the app is installed and is required for unique identification of the mobile device
• Event ID: this information is required to access the corresponding event
• Person ID: this information is required for user recognition
• Status ID: this information is required for the transmission of the reason for absence
• Date and time: this information is required to record the check-in/check-out time and the return time
• Message ID: this information is required for sending the message to the user
• PIN: this information is required for the registration of the app
• Token for push notifications: this token is necessary so that the correct receiving device is addressed when a push notification is sent.
• Messages: Check-in messages sent to the app user in EMS are stored in the “Message History” in EMS. Messages are sent to the app user as push notifications and are not stored in the app.
• Reply Text: Reply message that the user sends back to EMS. The reply text is stored in EMS
• First and Last Name: This information is required for displaying the logged in user within the app menu as well as for displaying the logged in user on the Check-In/Check-Out screen.
• Picture of the app user: This information is required for displaying the user’s photo within the app menu. If no photo is stored in EMS, the user’s initials will be displayed.
• Information such as device type, operating system version, model number, as well as the extended unique app name and app version, help us provide comprehensive support in case of problems.

Legal basis for the storage of personal data
The processing of personal data is done for the purpose of fulfilling the contract according to Art. 6 para. 1 lit. b GDPR.

General storage period of personal data
The storage period of the personal data depends on the duration of the main contract concluded with the responsible party.

What data protection rights do you have?
You have the following data protection rights when your personal data is processed:
According to Art. 15 GDPR right of information of the data subject
To request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us
According to Art. 16 GDPR right to rectification
Immediately request the correction of inaccurate or incomplete personal data stored by us
According to Art. 17 GDPR right to erasure (“right to be forgotten”)
To request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
According to Art. 18 DGDPR right to restriction of processing
To request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Article 21 GDPR
According to Art. 20 GDPR Right to data portability
To receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller
According to Art. 21 DSGVO right of objection
to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
According to Art. 7 (3) DSGVO Revocation of consent
You may revoke your consent, once given, at any time vis-à-vis us. This has the consequence that we may no longer continue the data processing based on this consent for the future
Pursuant to Art. 77 DSGVO right to complain to a supervisory authority
To complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose

Amendment of this privacy policy
We reserve the right to adjust these data protection provisions at any time in compliance with legal requirements.