Privacy Policy by GCB German Convention Bureau e.V.

Welcome to our website and thank you for your interest in our company. We take the protection of your data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the General Data Protection Regulation (GDPR) and the country-specific laws applicable to us. With the help of this privacy policy, we will inform you how GCB German Convention Bureau e.V. processes your personal data and the rights you have.

Personal data means information that can lead to the identification of an individual and includes name, date of birth, address, phone number, e-mail address and also IP address. Anonymous data exists when no connection can be made to a user.

Responsible authority and data protection officer


GCB German Convention Bureau e. V.
c/o WeWork
Taunusanlage 8
60329 Frankfurt am Main

Contact information
Telephone: (+49) 69 / 24 29 30 - 0

Contact data protection

Mr. Michael Heidrich, Executive Director

Your rights as a data subject

We would first like to inform you of your rights as a data subject as defined in Art. 15 - 22 GDPR These include:

  • The right of access (Art. 15 GDPR),
  • The right to erasure (Art. 17 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • The right to restriction of processing (Art. 18 GDPR),
  • The right to object (Art. 21 GDPR).

To exercise these rights, please contact: Mr. Michael Heidrich, Executive Director, e-mail: The same applies if you have questions about data processing in our company. You also have the right to appeal to the data protection supervisory authority.

Right to object

Please note the following in connection with the right to object:

If we process your personal data for the purpose of direct marketing, you have the right to object at any time without giving reasons. This right also applies to profiling as long as it is connected with direct advertising.

If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes. Objection is free of charge and can be made without the need for filling in a form at:

In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons relating to your particular situation; this also applies to profiling based on these provisions.

We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Purposes and legal bases for data processing

Processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 GDPR.

We use your data for business initiation, fulfilment of contractual and legal obligations, execution of a contractual relationship, offering products and services and for strengthening the customer relationship, which may also include analyses for marketing purposes and direct marketing.

Your consent also constitutes a legal provision under data protection law. Before you grant your consent, we will provide you with details concerning the purpose of data processing and your right of revocation.

Transfer of data to third parties

We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

Within our company, we ensure that only those persons receive your data who need them to fulfil their contractual and legal obligations.

In certain cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers. (e.g. IT service provider)

This website is hosted by an external service provider (host). Personal data collected on this website is stored at the servers of the host. This may include IP-addresses, contact requests, metadata, communication data, contractual data, contact data, names, website access and other data, that is generated through a website.

We employ the following host. We have concluded the necessary data protection contract with this service provider:

Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp

Transfers of personal data to third countries / intention to transfer data to a third country

We may use some tools from companies who have their seats in the USA or another insecure third country concerning data protection law. When these tools are active, your personal data can be transferred to a third country and may be processed there. We would like to point out that in these countries no comparable data protection level to the European data protection level can be guaranteed. For instance, American companies are obliged to hand out personal data to security agencies. In this case, you – as a data subject - may not be entitled to legal recourse. Therefore, it cannot be excluded that American agencies (e.g. secret service) process, analyse and permanently store your data on theses servers in the USA for purposes of surveillance. We do not have any influence on these processing activities.

Period of data storage

We will store your data only for as long as it is needed for the purposes it was collected. Please note that numerous retention periods require that data continue to be (must be) stored. This applies in particular to commercial or tax storage obligations (e.g. German Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use it as evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.

Secure data transfer

In order to protect data from accidental or deliberate manipulation, loss, damage or access by an unauthorised person, we have taken appropriate technical and organisational security measures. To this end, the level of security is continually tested and adjusted to reflect new standards in security, in collaboration with security experts.

Data transferred to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption for contact forms and applications. It is also possible to use alternative communication channels (e.g. by mail).

Obligation to provide data

Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal duties. The same applies to the use of our website and the various functions it provides.

We have summarised the details for you. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.

Data categories, sources and origins

When you visit our website, we collect and process the following data:

  • the browser type and version
  • Connected operating system
  • the referral URL
  • host name of the used computer
  • the server requests including time stamps
  • the IP address
  • For reasons of technical security (in particular to safeguard against attempts to attack of our web server), this data is stored in accordance with Art. 6 Para. 1 S. 1 (f) GDPR. Anonymisation takes place no later than after fourteen days by abbreviating the IP address so that no reference is made to the user.

When you upload own materials via the JotForm we collect and process the following data:

  • Name, surname of the contact
  • Company / organization
  • Telephone number
  • E-mail address
  • Category and text
  • Link
  • Photo file (if applicable)
  • Logo file (if applicable)
  • Videos (if applicable) 

Automated case-by-case decision

We do not use purely automated processing to make decisions.

Cookies (Art. 6 Para. 1 S. 1 (f) GDPR, § 25 Abs. 2 Nr. 2 TTDSG)

Our website uses cookies at various points. Their purpose is to make our site more user friendly, more effective and more secure. Cookies are small files that are saved on your computer and in your browser (locally on your hard drive). Within the scope of our legitimate interest (Art. 6 Para. 1 S. 1(f) GDPR, § 25 Abs. 2 Nr. 2 TTDSG) we utilise cookies that are technically necessary for the running of the website and to secure its functionality. Depending on the purpose, these are permanently stored — even after the session has ended — (persistent cookies, e.g. opt out) or are deleted when the browser closes (so-called session cookies that are only valid for one browser session).

With your consent, we also use other cookies. These cookies help us to see how users use our website, enabling us to design the website content according to the visitor’s needs. The legal basis for this is your consent (Art. 6 Para. 1 S. 1(a) GDPR, § 25 Abs. 1 TTDSG).

If you have given your consent, this can be revoked at any time without providing a reason via the cookie settings at the end of the page.

Most web browsers automatically accept cookies as default. Of course, cookies can also be manually deactivated, restricted or deleted on your end device via your browser settings or via software-support. Please note: If you deactivate cookies, not all functions of our website may be fully usable under certain circumstances.

Cookies which are not purely functional (Art. 6 Para. 1 S. 1(a) GDPR, § 25 Abs. 1 TTDSG)

Matomo (formerly Piwik)

In cases you have given your consent (Art. 6 Para. 1 S. 1 (a) EU GDPR) we use the service “Matomo” (formerly “Piwik”), an OpenSource web analysis service of the InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on our website. Matomo stores cookies on your end device that allow an analysis of how you use our website. By using Matomo, we can analyse how our website and its individual features and offers are used so that the user experience can be improved continuously. For data protection reasons, all data we collect will be stored locally only:

  • two bytes of the IP address of the user accessing the system
  • the accessed website
  • the website referring the user to the accessed website (referrer)
  • the subpages accessed from the accessed website
  • time spent on the website
  • number of times the website is accessed

We use Matomo with the setting “Anonymize Visitors’ IP addresses”. This means that IP addresses will be processed in a shortened form, making it impossible to link them to a particular individual. The software is configured to only save partial IP addresses by masking 2 bytes of the IP address. This makes it impossible to trace the shortened IP address to the accessing computer. The IP address transferred by your browser via Matomo will not be combined with other data we collect.

You may withdraw your consent to the use of Matomo at any time through the cookie settings at the end of the page.

YouTube (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Abs. 1 TTDSG)

On this website, we have embedded YouTube videos of the Provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) which are hosted on and can be directly played on our website. All videos are embedded in the “advanced data protection mode”. This mode ensures any data collection will only start once the video is actually played. We do not have any influence on this transfer of data. Through embedding the videos in the advanced data protection mode no cookies are activated that will analyse the user’s behaviour to personalize the playback of the video. However, the advanced data protection mode only refers to user’s behaviour neither to the provision of announces, nor to further reloaded contents of third parties, nor to the transfer of fonts or possible connections to a user account from YouTube. When you start playing the video this causes further data processing proceedings, on which we do not have any influence. The legal basis is your consent (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Abs. 1 TTDSG).

You may revoke your consent anytime in our cookie settings at the end of the page.

This service may transfer the captured data to another country. Please be aware that this service may transfer data into a third country outside of the European Union and the European Economic Ares that does not provide an appropriate data protection level. In this occasion there’s a risk, that your data is processed by American authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.

By visiting our website YouTube obtains the information that you have accessed the relevant subpage of our website. Data transfers occur independently of being logged into a YouTube user’s account or not. When you are logged in at Google, your data is directly allocated to your account. If an allocation with the YouTube account is not desired, please log out before activating the button. YouTube stores data as user profiles and uses them for purposes of advertisement, market research and/or design of the website. This analysis (even for users not logged in) serves the purpose of enabling advertisement and informing other users of the social network about your activities. You have the right to contradict the formation of user profiles, but you have to contact YouTube for this.

Further information concerning data protection is available at:

Vimeo (Art 6 Para. 1 S. 1 (a) GDPR, § 25 Abs. 1 TTDSG)

In addition to YouTube embeds, some parts of our website also include videos of the platform Vimeo. The provider is the Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. Again, data will be transferred to the Vimeo server. Such processing is based on your consent (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Abs. 1 TTDSG) that you may withdraw at any time in the cookie settings at the end of the page.

Please note that your IP address will be transmitted to Vimeo (Vimeo, LLC555 West 18th Street New York, NY 10011, United States) and that the provider will place cookies in your browser. In addition to that it is communicated to the Vimeo server which of our websites you have accessed.

This service may transfer the captured data to another country. Please be aware that this service may transfer data into a third country outside of the European Union and the European Economic Ares that does not provide an appropriate data protection level. In this occasion there’s a risk that your data is processed by American authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.

All Vimeo embeds are deactivated by default. A direct connection to the servers of Vimeo is only made when you have agreed to the use of Vimeo in the cookie settings or activate it yourself by clicking.

Further information about how Vimeo handles user data you will find in Vimeo’s privacy policy form:

On our website, you can find links to the social media services of Xing, Facebook, Instagram, LinkedIn, YouTube, and Twitter. You can recognise links to social media websites by the respective company logo. If you follow these links, you will be redirected to our company page of GCB German Convention Bureau e.V. with the social media in question. When clicking a social media link, a connection to the servers of that service will be established. This alerts the servers of the social media provider that you have visited our website. Other data are transmitted to the service provider as well. This includes, for example:

  • Address of the website on which the activated link can be found
  • Date and time the website was accessed, and the link activated
  • Information about the browser and operating system used
  • IP address

Should you already be logged into the social media service at the time of activating the link, the social media service provider can use the transferred data to find your user name and possibly your real name and can combine this information with your personal user account with the social media service. You can prevent such connection to your personal user account by logging out of your user account first.

The servers of the social media service are located in the USA and other countries outside of the European Union. This means that the social media service provider can also process data in countries outside of the European Union. Please bear in mind that companies in these countries are subject to data protection legislation that does not guarantee the same level of data protection as the laws in the Member States of the European Union.

Please be aware that we have no influence over the scope, type and purpose of the data processed by the social media service providers. More detailed information concerning the use of your data by social media services integrated into our website can be found in the privacy policy of the respective social media service provider. 

Jot Form (Art. 6 Para. 1 S. 1 (b) GDPR)

In times of high information requirements of potential customers in the business trip chain (Delegate Journey) you have the possibility to present your partner profile and your hygiene concepts on our website. For this you can fill in our JotForm form. We then maintain your information and materials on our site.

When you have sent us the information, we process your data given within the form for treatment.

In doing so, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your e-mail address, your name and surname and your organization as well as the category, the message field itself and the link.

Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary and can be filled in optionally.

In order to protect the security and confidentiality of your data we implement adequate security measures. Your request is transmitted encrypted.

Advertising to existing customers (Art. 6 Para. 1 (f) GDPR)

The GCB German Convention Bureau e.V. would like to maintain a relationship to its customers and send information and offers on products and services. We therefore use your data to email you relevant information and offers.

If you would prefer us not to do so, you can object at any time to the use of your personal data for direct marketing purposes. This right also applies to profiling as long as it is connected with direct advertising. As soon as we receive your objection, your data will no longer be processed for this purpose.

An objection is free of charge and can be made without the need for filling in a form by calling (+49) 69 / 24 29 30 - 0, by e-mail to or by post to GCB German Convention Bureau e.V., c/o WeWork, Taunusanlage 8, 60329 Frankfurt am Main.

Online offers for children

Individuals under the age of 16 may not submit personal data to us or give a declaration of consent without the authorisation of their legal guardian. We encourage parents and guardians to actively participate in the online activities and interests of their children.

Links to other providers

Our website also contains links to the online presences of other companies. These are clearly labelled. Where we provide links to websites of other providers, we have no influence on their content. Therefore, we can not assume any guarantee or liability for such content. It is always the respective provider or operator of the website who is responsible for their content.

The linked websites were checked for potential and obvious violations of the law at the time we included the link. At the time we included the link, there was no unlawful content. However, without concrete evidence of legal violations, we cannot be reasonably expected to check content on a permanent basis. Should we become aware of legal violations, such links will be removed immediately.

Path to page

SafeBusinessTrips Privacy Policy

GCB in English

Unfortunately, this page is only available in German at the moment. You can find information about GCB in English at the english gcb site.