Data Protection Information
Below you will find an overview of where we collect and process your personal data and your rights under the GDPR.
Controller
The controller within the meaning of the GDPR is Messe Frankfurt Exhibition GmbH (hereinafter referred to as Messe Frankfurt), which can be contacted at Ludwig-Erhard-Anlage 1, 60327 Frankfurt am Main, Germany, telephone: +49 69 75 75 0, email: info@messefrankfurt.com
If you have any questions or suggestions regarding data protection, please contact our data protection officer at Messe Frankfurt GmbH / Data Protection Officer, Ludwig-Erhard-Anlage 1, 60327 Frankfurt am Main, Germany, telephone: +49 69 75 75 53 35, email:privacy@messefrankfurt.com.
Purposes for which personal data is processed and their legal basis
Cookies and Co.
When using our websites and applications, cookies and similar technologies are used.
Technically necessary cookies are essential for the provision and proper functioning of our websites. In particular, they enable the maintenance of your login (session management), security features and the prevention of misuse, as well as ensuring system stability and availability. The legal basis for storing and accessing these cookies is Section 25 (2) of the German Telecommunications-Telemedia Data Protection Act (TTDSG). To the extent that personal data are processed in this context, such processing is carried out on the basis of Article 6 (1) (f) GDPR. Our legitimate interest lies in the secure and proper operation of our websites.
Cookies and similar technologies that are not technically necessary are used exclusively on the basis of your consent in accordance with Section 25 (1) sentence 1 TTDSG. Insofar as personal data are processed, such processing is carried out on the basis of Article 6 (1) (a) GDPR.
To obtain, manage and document your consents, we use the consent management platform Usercentrics. For these purposes, the following data in particular are processed: log file data, user agent information and consent data (granting or refusal of consent, timestamp, scope of consent, data attributes, controller ID, processor ID, consent ID).
Processing takes place within the European Union. The data will be deleted as soon as they are no longer required to provide evidence of the consents given and no statutory retention obligations prevent deletion.
You may withdraw or modify your consent at any time with effect for the future. Further information on the categories of data processed, the purposes of processing and the respective retention periods can be found in the cookie settings at the following link:
You can manage your cookie settings here.
You can adjust your cookie settings here.
Log files
When you visit our websites, Messe Frankfurt stores the IP address, the time of access, the URL requested, and the browser used. Messe Frankfurt uses this data to detect errors in the execution of the pages and to ensure the IT security of websites and applications as well as their availability. The data is deleted after 90 days. The legal basis for this is point (f) of Article 6 (1) GDPR.
User Account
The Messe Frankfurt Group offers a wide range of digital services. Access to these services is provided via a personal User Account, which is a single sign-on system. To open a User Account, you must provide your title, name, email address, and country. Depending on the services used, further information may be required. User Accounts are administered by all companies of the Messe Frankfurt Group as joint controllers within the meaning of Art. 26 GDPR. The legal basis for the processing of data for the User Account is Article 6 (1) (b) GDPR. You can delete your User Account at any time, but you will then no longer be able to use the digital services.
Consent
With your consent to be contacted for advertising purposes, we will pass on your data within the Messe Frankfurt Group and to the Messe Frankfurt Sales Partner responsible for your home country. A list of the Messe Frankfurt Group companies and sales partners can be foundhere. (link auf die englische Seite setzen Global network (messefrankfurt.com)) If they are located outside the EU, we have taken appropriate measures in accordance with Art. 46 GDPR to ensure compliance with data protection. The legal basis is point (a) of Article 6 (1) GDPR.
Processing for Exhibitor Services Shop Orders
Personal data collected through the User Account and the Exhibitor Services Shop will be processed to the extent necessary for the handling and fulfillment of your orders. Where Messe Frankfurt Venue GmbH is not the contractual partner for a particular order, the personal data required for contract performance will be transferred to the respective contractual partner. Information regarding the relevant contractual partner can be found in the order details and in the applicable Terms and Conditions governing the respective service. Following completion of the contractual relationship, personal data will only be retained for as long as necessary to comply with statutory retention obligations. Retention periods under commercial and tax laws may require the storage of personal data for up to ten years.
The legal basis for the processing is point (b) of Article 6(1) GDPR (processing necessary for the performance of a contract or in order to take steps prior to entering into a contract). To the extent that personal data is retained to comply with legal retention obligations, the processing is based on point (c) of Article 6(1) GDPR.
Duration of Data Storage
Data will only be stored beyond the retention periods specified above where and to the extent that there is a legal basis for doing so. This may be the case in particular where statutory retention obligations apply or where further storage is necessary to safeguard legitimate interests. Statutory obligations may arise, in particular, from commercial or tax law provisions (e.g. under the German Commercial Code (Handelsgesetzbuch – HGB) or the German Fiscal Code (Abgabenordnung – AO)). In such cases, the relevant data will be retained for the duration of the legally prescribed retention periods, which are generally six or ten years.
In addition, in individual cases data may be stored beyond the aforementioned periods where this is necessary for the establishment, exercise or defence of legal claims. In such cases, the data will be retained for the duration of the applicable statutory limitation periods.
After expiry of the statutory retention periods or as soon as the respective purpose of processing no longer applies and there are no legitimate grounds for further storage, the relevant data will be deleted.
Recipients of personal data
Only those recipients that have a compelling need to access your data in accordance with the above-mentioned purposes will be granted access to it. In this context, order processors and other service providers used by us may also receive data. These are companies in the category of IT services, call centre services and telecommunications.
We have concluded the legally required contractual regulations with our processors in accordance with Article 28 GDPR, on purpose limitation, confidentiality and, where necessary, secrecy. Beyond this, we only pass on data if regulations permit or require this or you have consented to this.
Transfer to third country
Depending on your consent to be contacted for advertising purposes and your use of the user account, data may be transferred to recipients in third countries. However, as mentioned above, we will inform you of this in advance. In the context of remote maintenance of standard IT components, it cannot be ruled out in individual cases that an IT service provider from a third country may, in rare cases and to a limited extent, gain access to personal data for troubleshooting purposes. However, data will only be transferred if the third country has been confirmed by the EU Commission as having an adequate level of data protection or has concluded EU standard contractual clauses.
Automated decision-making & Profiling
We do not use automated decision-making or profiling in connection with the processing activities described above.
Your rights under GDPR
With regard to the personal data concerning you, you have the following rights under the GDPR.
You have the right to obtain confirmation as to whether or not your data is being processed and about how we collect, process and store this data, Article 15 GDPR.
You can demand the rectification of inaccurate data or completion of incorrect or incomplete data, Article 16 GDPR.
According to Article 17 of the GDPR, you have the right to demand the erasure of data, e.g. if the data is no longer required or is being processed unlawfully, if you have withdrawn your consent or declared an objection to the processing. Under certain circumstances, erasure can only take place when there are no longer any legal obligations to archive data.
You can also request the restriction of data processing under the conditions of Article 18 GDPR.
In certain cases, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. At the same time, you have the right to transfer this data to another controller or, if technically feasible, to have it transferred by us, Article 20 GDPR.
Pursuant to Article 7 (3) GDPR, you may revoke your consent to the processing of your personal data at any time with effect for the future.
Pursuant to Article 21 GDPR, you have the right to object to the processing of your personal data to protect the legitimate interests of us or a third party (point (f) of Article 6 (1) GDPR), unless we can prove compelling reasons for the processing that merit protection.
In addition, pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data does not comply with data protection regulations. You may exercise this right with a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.
(Version 1/2026)