Privacy Notice for the Elvaston Academy and the Community Platform
The following privacy notice provides an overview of the collection and processing of your personal data by Elvaston in connection with your participation in events organized by the “Elvaston Academy” and your use of the “Community Platform.”
The data controller responsible for data processing is Elvaston Academy GmbH, Kurfürstendamm 214, 10719 Berlin, Germany.
Email: [email protected]
You can contact our Data Protection Officer at: [email protected].
I. Data Processing in Connection with Participation in In-Person and Online Events
1. General Information
We process and store your contact details (name, company, position within the company, address, telephone number, and email address) and also record your attendance at the respective booked event. In some cases, we may also enter into a confidentiality agreement and an agreement regarding the granting of rights to materials you share.
If you are our contractual partner, the legal basis for data processing is Article 6(1)(b) of the GDPR. If your employer is our contractual partner, the legal basis is our legitimate interest in conducting the event for you and your employer pursuant to Article 6(1)(f) of the GDPR.
We also process the data on the basis of Article 6(1)(f) of the GDPR to safeguard our legitimate interests for the purposes of quality control, improvement, and further development of our services; in the case of paid services, also for billing purposes.
Data required under commercial and tax law will be retained for the legally mandated periods (generally ten years from the end of the fiscal year in which the invoice was issued) and then deleted. These retention obligations typically apply to billing-related data, such as your participation in an event and the associated master data. Agreements on confidentiality and the granting of rights are retained for 10 years. All other data will be deleted no later than three years after the event has concluded.
2. Participants Lists
We may make participant lists available to other attendees of the respective event, showing the names and companies of all participants. The legal basis for this is our legitimate interest in facilitating personal contact and networking among participants, pursuant to Article 6(1)(f) of the GDPR.
You may object to the inclusion of your name on a participant list—for example, during registration or by sending an email to [email protected].
3. Additional Data Processing in Connection with Online Events
To conduct online events, we use video conferencing services provided by the following providers:
· Microsoft Teams – provided by Microsoft Ireland Operations Ltd., used for video conferencing and digital meetings.
· Microsoft Forms – provided by Microsoft Ireland Operations Ltd., used for the creation and processing of questionnaires, surveys, and event-related registration forms.
We have concluded data processing agreements with these providers in accordance with Article 28 of the GDPR.
The extent of additional data processing in the context of online events depends on the information you provide before or during your participation in the online event. As a rule, you will be required to provide your name during the online event, which will then be visible to the other participants.
You may have the option to use chat, question, or survey functions and provide materials (e.g., presentations, texts, documents, reports, forecasts, summaries, images, files) to us and the other participants—such as by sharing your screen or using upload functions (“Sharing Materials”).
To enable video display and audio playback, data from the microphone of your device and any video camera on your device will be processed during the event. Additionally, your IP address will be processed to establish and maintain a connection to the video conferencing system.
The data processing is carried out for the purposes mentioned above in Section 2, based on the legal grounds specified there.
4. Recording of Online Events and Provision on the Community Platform
We may create audio or video recordings of online events and make them available on the Community Platform to other event participants and members of the Community Platform.
If this is the case, you will be informed in advance and will have the opportunity to disable your camera and microphone. If you choose to activate your camera or microphone, and if your personal data becomes part of the recording (e.g., in the form of your spoken contributions or materials you share), the data processing will be carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest in documenting the event and promoting the exchange of information and knowledge between the participants of the event and the members of the Community Platform. The recordings will be deleted when there is no longer any interest in making them available on the Community Platform.
5. Photo and Video Recordings at In-Person Events
We may take photos and videos at in-person events. In such cases, there will be a separate notice regarding the photo and video recordings at the respective events (e.g., through signs in the entrance/registration area). We use these recordings for our public relations and event documentation in both analog and digital form, particularly by publishing them on the Community Platform. The legal basis for this is our legitimate interest in public relations and event documentation according to Article 6(1)(f) of the GDPR. Photos and videos will generally be deleted one year after the event concludes, unless they are used for public relations and documentation purposes (e.g., in printed brochures or on the Community Platform).
II. Data Processing in Connection with the Community Platform
1. User Accounts
If you wish to participate in the Community Platform, you must create a user account. At a minimum, a username, password, and your email address are required for a user account. You can add additional information to your user profile, such as your name, company, location, contact details, a profile picture, etc. You can change your user profile at any time.
As a registered user, you can participate in the Community and, for example, exchange personal messages with other community members, post contributions, and upload and share documents with other users. Please note that your user profile data, as well as your contributions and activities, may be visible to other members of the Community:
- Your user profile page is visible to all community members.
- Your posts, documents, etc., depending on the features used, may only be visible to a restricted group of members (e.g., posts in groups are only visible to members of that group).
The legal basis for data processing is Article 6(1)(f) of the GDPR, as it is in both your and our legitimate interest to process the data in order to operate the Community and provide its functionality. We also process the data in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interests for the purposes of quality control and to improve and further develop the Community Platform.
We may enter into a confidentiality agreement and an agreement regarding the granting of rights to materials you share. In this regard: if you are our contractual partner, the legal basis for data processing is Article 6(1)(b) of the GDPR. If your employer is our contractual partner, the legal basis is our legitimate interest, as well as that of you and your employer, pursuant to Article 6(1)(f) of the GDPR, in the conclusion of the contract and, in particular, in sharing materials on the Community Platform.
You can delete your user profile at any time, for example, by contacting us at [email protected]. Upon request, we will also delete individual posts or all of your contributions.
2. Data Processing by Hivebrite
We use Hivebrite, a service provided by Kit United SAS, 6 rue Auber in Paris (75009), France ("Hivebrite"), for the technical operation of the Community Platform. We have entered into a data processing agreement with Hivebrite in accordance with Article 28 of the GDPR. Hivebrite is specifically obligated to treat the contents of the Community Platform, including user profiles, confidentially and not use them for its own purposes.
In the course of the technical provision of the Community Platform, Hivebrite collects data that is automatically transmitted by your browser to Hivebrite's web server during internet usage, such as your IP address, the URLs of websites from which you accessed the Community Platform, the browser used, browser language, the operating system and interface used, the access device used to utilize the services, the date and time of access, the pages viewed on the Community Platform, and the time you spend on the Community Platform. The processing of this data is carried out by Hivebrite under its own responsibility. The legal basis for the processing of this data by Hivebrite is, pursuant to Article 6(1)(f) of the GDPR, the legitimate interest of you, us, and Hivebrite in providing the Community Platform.
Hivebrite conducts statistical analyses and measurements of target groups, visits, and usage of the Hivebrite services, but only after anonymizing the personal visitor data. These statistical analyses, as well as the measurements of target groups, visits, and usage of the Hivebrite services, are intended solely for Hivebrite and are excluded from access by any third parties, exclusively for the purpose of optimizing and improving the functionalities of the Hivebrite services. This data processing is also carried out by Hivebrite under its own responsibility. To the extent Hivebrite uses cookies for this purpose, the data processing is based on your consent via the cookie banner in accordance with Section 25 of the TTDSG and Article 6(1)(a) of the GDPR. You can withdraw your consent at any time by revisiting the cookie banner (link in the footer of the pages).
We use cookies that are necessary for the operation of the Community Platform based on your and our legitimate interest pursuant to Article 6(1)(f) of the GDPR for the operation of the website and in accordance with Section 25(2)(2) of the TTDSG. A list of the cookies can be found in the cookie banner.
For more information on data processing by Hivebrite, please visit https://hivebrite.io/privacy-policy.
III. Miscellaneous
1. Data Recipients
In addition to the service providers mentioned above, we may also use other external service providers and, if necessary, provide them with access to personal data to fulfill their tasks. We, of course, comply with all data protection regulations and require our service providers to do the same, as far as necessary. The service providers are only allowed to process the personal data on our behalf and not for their own purposes and must treat the data confidentially. To this end, we have entered into data processing agreements in accordance with Article 28 of the GDPR.
To the extent that we use services whose providers are located in third countries outside the European Economic Area or process personal data there, and the European Commission has not issued an adequacy decision for these countries under Article 45 of the GDPR, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These include, among other things, the European Union's Standard Contractual Clauses or binding internal data protection rules. Where this is not possible, we base the data transfer on your explicit consent.
2. Data Subject Rights, Right to Lodge a Complaint, Right to Object
In addition to the right to withdraw any consent you have given to us, you also have, provided the respective legal conditions are met, the right to access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR, and the right to data portability under Article 20 of the GDPR.
|
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(f) of the GDPR (Article 21(1) of the GDPR). If we process your personal data for the purpose of direct marketing pursuant to Article 6(1)(f) of the GDPR, you have the right to object at any time, without the need to provide any reasons (Article 21(2) of the GDPR). |
In addition, there is a right to lodge a complaint with the data protection supervisory authorities pursuant to Article 77 of the GDPR.
As of: 4/2025