New terms and conditions & privacy policy valid from 01.07.2026

General Terms and Conditions for Event Organizers

As of April 16, 2026 - Valid from July 1, 2026

1. PREAMBLE

1. doo GmbH, Hultschiner Straße 8, 81677 Munich, Germany (hereinafter "doo") provides a platform for event management (hereinafter "Platform"). These General Terms and Conditions for Event Organizers (hereinafter "GTC for Event Organizers") apply to the use of the Platform by an event organizer and the provision of supplementary services. Any individual agreement between the parties takes precedence over these GTC.
   
   
2. The services are exclusively aimed at businesses (entrepreneurs as defined in § 14 of the German Civil Code), legal entities under public law, or special funds under public law. Contracts with consumers are not concluded.

2. USING THE PLATFORM

1. doo provides the organizer with the platform for use via the internet as SaaS (Software as a Service). For the duration of the contract, doo grants the organizer the worldwide, non-exclusive, non-transferable, and non-sublicensable right to use the platform as intended. The organizer may only use the platform within the scope of the contractual provisions. The platform is not transferred to the organizer. The organizer receives no rights to the software's source code.
   
   
2. Unless otherwise agreed, the organizer may only use the platform for its own purposes, specifically for managing its own events. This does not include using the platform for third parties, such as acting as a service provider or otherwise transferring or brokering its use to third parties. With the express consent of doo, the organizer may use the platform for a third party (e.g., affiliated companies). The organizer is entitled to allow its own employees or a commissioned third party (e.g., an agency) to use the platform. If the platform is used by a third party, that third party must be bound by the provisions of this agreement.
   
   
3. Unless otherwise agreed or required by mandatory law or applicable open-source software terms of use, the organizer is not authorized to modify, reverse engineer, decompile, disassemble, or otherwise attempt to decode the platform's object or source code. Reproduction beyond what is necessary for use is prohibited.
   
   
4. doo is entitled, but not obligated, to continuously develop the platform and will provide the organizer with the platform exclusively in its current version. This applies only if the change is reasonable for the organizer. The right to use the platform also extends to fixes, patches, developments, and updates. The right to use such updates granted to the organizer does not include a right to use new/additional products and functionalities that are provided as a separate product/module.
   
   
5. doo provides the platform and comprehensive documentation in electronic form in German and English. The platform is optimized for use on the current (manufacturer-supported) versions of the popular web browsers Edge, Safari, Chrome, and Firefox.
   
   
6. The platform may contain open-source software components. The use of these components is governed exclusively by the respective terms of use of the open-source software components, which are transmitted and/or referenced within the open-source software components. No provision of this agreement affects the rights or obligations of the organizer arising from the respective terms of use of the open-source software components. In the event of any conflict or discrepancies between the license terms of the open-source software and the provisions of this agreement, the license terms of the open-source software shall prevail.
   
   
7. The organizer is obligated to keep their password confidential. doo will not disclose the password to third parties and will never ask the organizer for their password. In case of misuse or suspected misuse of the customer account, the organizer is obligated to inform doo immediately. Furthermore, the organizer warrants that the information provided during registration is truthful, current, and complete, that this information will remain complete and up-to-date at all times, that they are always reachable at the provided contact details for both doo and participants, and that they will respond to inquiries promptly, generally within one business day.
   
   
8. The platform can be used to promote events by sending emails. doo places great importance on legally compliant email marketing. The email policy governs the legally compliant use of the email communication functionality provided by doo. The email policy is expressly incorporated as part of the contract.

 3. EVENTS

1. doo is not itself the organizer of the events offered. These are always offered and conducted by the organizer. The contract for participation in an event concluded via the platform is exclusively between the organizer and the participants in the event or the purchasers of tickets for the event (hereinafter referred to collectively as "participants"). It must always be clear to the participants with which organizer they are entering into a contract. Therefore, when offering tickets for their events, the organizer must always state their exact name (full company name including legal form and address for service of process) and provide participants with contact details through which they can contact the organizer directly. The organizer is obligated to answer inquiries from participants without delay.
   
   
2. The platform may only be used to promote your own events and offer tickets for your own events. Promoting and/or reselling tickets for third-party events and carrying out other activities, such as advertising other goods or services, organizing sales promotions for other goods and services, and conducting prize draws, etc., are prohibited.
   
   
3. It is the organizer's responsibility to inform participants of any changes to the event offering (e.g., change of location or date) or cancellation of an event, as well as the procedure for any refunds. Furthermore, the organizer is obligated to update the offering immediately.
   
   

4. RESPONSIBILITY FOR CONTENT

1. All information provided by the organizer regarding the event must be accurate and not misleading. The organizer is responsible for the offering of the respective event and, in particular, for ensuring that the content provided by them on the website where the event is offered on the platform does not violate any legal regulations or the rights of third parties. The organizer is specifically obligated not to (i) offer any events and/or provide, transmit, store, link to, or otherwise refer to content that is pornographic or violates youth protection laws, is implicitly or explicitly sexually suggestive, glorifies violence, infringes personal rights, is threatening, insulting, harassing, defamatory, fraudulent, vulgar, obscene, hateful, left-wing or right-wing extremist in nature, or that incites or encourages violations of laws; (ii) offer any events and/or provide, transmit, store, link to, or otherwise refer to content that infringes the rights of third parties, in particular personal rights, trademarks, design rights, copyrights, patents, registered designs, utility models, and trade secrets; and (iii) provide any harmful programs (such as viruses). to transmit, store, link or otherwise indicate harmful programs.
   
   
2. If doo provides intermediary services (in particular hosting services within the meaning of the Digital Services Act), doo stores or transmits the information provided by the organizer only on their behalf. doo is not obligated to proactively monitor the transmitted or stored information or to actively investigate circumstances that might indicate illegal activity.
   
   
3. doo provides an easily accessible electronic procedure through which individuals or organizations can report the presence of potentially illegal content. doo will review such reports promptly. Additionally, doo may use automated filtering tools to block obviously illegal content during uploads, but doo is not obligated to do so.
   
   
4. If doo becomes aware of potentially unlawful content or content that violates these Terms and Conditions, doo is entitled to take appropriate measures. This includes, in particular: a) restricting the visibility or deleting the content in question, b) temporarily or permanently suspending (blocking) the organizer's access to the platform, especially in cases of frequent and obvious violations.
   
   
5. If doo takes action in accordance with the preceding paragraph, the organizer will be informed immediately, stating the reasons, unless legal or regulatory requirements prevent this. The organizer has the right to appeal decisions regarding the restriction or deletion of their content free of charge within six months of notification of the decision via doo's internal complaint management system.
   
   
6. The central contact point for authorities of the Member States, the European Commission and the European Digital Services Body (Art. 11 DSA) as well as for the organizer (Art. 12 DSA) can be reached at doo@compliance.one. Communication can take place in German or English.

 5. Terms and Conditions and Information Obligations for Events

1. As part of the event listing, doo's current Terms and Conditions for Participants are displayed by default. When creating an event, the organizer has the option to upload or link their own booking conditions/Terms and Conditions for Participants. These will then be displayed to participants when tickets are offered. In their own booking conditions/Terms and Conditions for Participants, the organizer can, for example, specify details regarding cancellations and refunds. The organizer is obligated to check whether doo's Terms and Conditions for Participants are suitable and sufficient for the respective event, or whether they wish to supplement them with their own booking conditions/Terms and Conditions for Participants. If the organizer uses their own booking conditions/Terms and Conditions for Participants instead of doo's Terms and Conditions for Participants, they must ensure that the regulations governing the relationship between participants and doo remain essentially unchanged. doo's Terms and Conditions for Participants represent a non-binding suggestion for wording, are not to be understood as legal advice for individual cases, and are not intended to replace legal advice in individual cases. doo cannot guarantee that the terms and conditions for participants of doo are always comprehensively suitable for every event and for every use case of the platform and assumes no liability for legal compliance.
   
   
2. The organizer is responsible for fulfilling all legal information obligations, including, where applicable, providing information about the right of withdrawal. In particular, the organizer is also responsible for maintaining a legally compliant imprint on the websites through which they offer tickets for their events via the platform and where they are the service provider and data controller.
   
   
3. The organizer may, at their sole discretion, activate or deactivate the booking portal, through which participants can access their booking data via a link. The organizer is responsible for assessing whether the booking portal, considering the specific event, the participant data requested during registration and accessible through the portal, etc., provides a level of security commensurate with the risk.
   
   
4. The organizer is obligated to inform participants about the processing of their personal data by the organizer as the data controller during the booking and participation process for the event. The organizer is responsible for fulfilling all applicable legal information obligations regarding the personal data of participants collected on their behalf. The organizer must provide participants with all information necessary to fulfill these obligations and/or obtain any required consent. As part of the event listing, doo's data protection information for participants is displayed by default. This information includes, among other things, examples of how the organizer processes and protects participants' data during booking and participation in an event. The organizer is obligated to verify whether doo's data protection information for participants is appropriate and sufficient for the specific event, or whether they wish to supplement or replace it with their own data protection information. The data protection information for participants provided by doo constitutes a non-binding suggestion regarding the processing and protection of participants' data by the organizer during booking and participation in an event. It is not intended as legal advice for individual cases and does not replace such advice. doo cannot guarantee that the data protection information for participants is always comprehensively applicable to every event and every use case of the platform and assumes no liability whatsoever for its legal compliance.

6. EVENTS WITH A CHARGE

1. The organizer can offer free and paid events. The organizer defines the ticket price when creating an event. The organizer has the option to define different ticket categories with different ticket prices.
   
   
2. doo generates invoices for participants on behalf of the event organizer. Unless explicitly agreed otherwise in writing, these invoices are provided electronically to the participants. When invoicing participants, doo includes the VAT payable by the organizer, provided the organizer is subject to VAT. The organizer must provide this information when creating the event listing. The organizer is responsible for the accuracy of this information.
   
   
3. Participants in paid events can choose from various payment options offered during the booking process. Depending on the contractual agreement and the scope of services booked, payments from participants to the organizer are processed either (a) by the organizer themselves or via a licensed payment service provider based on a separate payment services agreement, or (b) under a separately granted power of attorney via an escrow account held in doo's name. doo manages the incoming funds in trust for the organizer and disburses them accordingly. If option (a) applies, doo is not involved in the payment processing and is not a party to the payment services agreement.
   
   
4. Unless expressly agreed otherwise, doo does not handle refunds of ticket prices paid by participants. This applies in particular to the cancellation of an event or changes to the venue, date, or content by the organizer, even if the organizer is not responsible for the reasons for these changes. This also applies to any type of cancellation, withdrawal, or modification of orders by participants. The organizer is responsible for processing refunds of paid ticket prices. Any costs incurred by doo in the event of a successful refund claim by participants through the respective payment service provider (fees of the respective payment service provider and/or administrative costs at doo) are borne by the organizer and will be invoiced by doo.
   
   
5. For paid events, doo may send regular payment reminders to participants who have not yet paid. Details are outlined in the documentation in the platform's help center. doo does not offer dunning or debt collection services unless the event organizer has explicitly commissioned doo to provide these additional services (e.g., a dunning module).
   
   

7. SERVICE LEVEL AGREEMENT (AVAILABILITY, SUPPORT)

1. doo guarantees 99% platform availability on an annual average. This excludes periods when the platform is unavailable due to technical or other problems beyond doo's control (in particular, force majeure or third-party fault). Also excluded are pre-announced maintenance and maintenance work (e.g., software updates) that takes place outside of support hours (Monday to Friday, excluding holidays at doo's headquarters, between 9:00 a.m. and 6:00 p.m.).
   
   
2. System availability disruptions must be reported by the organizer immediately upon discovery. doo will endeavor to ensure a response time of four hours (during support hours) for troubleshooting reports of system availability disruptions that result in a total platform outage and are received within support hours. For minor errors that do not result in a total platform outage and occur during normal operation, doo will endeavor to respond no later than one business day after receiving the disruption report. For disruption reports received outside of support hours, troubleshooting will begin on the following business day. Delays in troubleshooting attributable to the customer (e.g., unavailability of a contact person on the customer side or late reporting of the disruption) will not be included in the troubleshooting time.

8. ACCESSIBILITY OF SERVICES (BFSG)

1. doo provides the standard templates and basic interfaces for event registration and ticketing in such a way that, when used as intended, they support the essential technical requirements for accessibility in accordance with the Accessibility Strengthening Act (BFSG) in its currently valid version.
   
   
2. As a provider of electronic commerce, the organizer is solely responsible to its participants/end users for complying with legal accessibility requirements. This applies in particular to the creation, editorial maintenance, and accessibility of the content it uploads (e.g., providing alt text for images, making documents and videos accessible, and adhering to contrast specifications for individual text formatting).
   
   
3. If the event organizer makes individual adjustments to the frontend beyond the standard configuration (especially through custom CSS, HTML modifications or the adjustment of color schemes) or integrates third-party components (e.g. external iframes, tracking tools, chatbots), doo assumes no warranty or liability for the accessibility of the resulting event page.
4. It is solely the customer's responsibility to provide a legally complete and accurate accessibility statement and the necessary information for consumers in accordance with the BFSG on their event page.
   
   

 9. USE OF ARTIFICIAL INTELLIGENCE (AI ACT)

Insofar as doo provides or integrates AI systems (e.g., for anomaly detection in security services, automation, or data analysis) within the scope of the contractual services, the following provisions apply:

1. If the organizer determines the input data and the specific purpose of the AI system through the use of the service, the organizer acts as the operator ("deployer") within the meaning of the AI Act. doo generally acts as the provider or importer/distributor of the corresponding third-party AI technology.
   
   
2. The organizer undertakes to use the provided AI functions exclusively in accordance with the AI Act. This includes, in particular: a) ensuring human oversight in decisions that have legal or similarly significant effects on natural persons, b) complying with transparency obligations towards participants (e.g., labeling AI-generated content or interactions with AI systems), c) ensuring that input data (prompts, training data) does not infringe copyrights and is free from impermissible bias that could lead to discrimination.
   
   
3. The organizer acknowledges that AI systems are based on probabilistic models. doo assumes no liability for the absolute accuracy, completeness, or freedom from bias of the outputs generated by the AI system. Outputs are intended to support decision-making and must be independently reviewed by the organizer before any further business or legal use.
   
   

 10. CHANGING PROVIDERS AND DATA PORTABILITY

If the EU Data Act is applicable to the contractual use of doo's services by the organizer, the following regulations apply:

1. The organizer may terminate this contract at any time before the end of any agreed minimum term by giving a maximum of two months' notice in writing, in order to switch to another data processing service (cloud/SaaS provider) or to transfer their data to their own IT infrastructure. The termination will take effect upon completion of the transfer process. If the organizer chooses to delete their data instead of switching providers, the contract will end after the two-month notice period has expired.
   
   
2. Following termination of this agreement, doo will support the organizer during a transition period of up to 30 calendar days in transferring data to the new service or its own infrastructure. doo's support obligations and measures are limited to providing reasonable assistance within doo's capacities and in proportion to its respective obligations, insofar as this is necessary to enable a successful, effective, and secure transition. doo will continue to provide the contractual services without interruption during this period and ensure the security of data transmission. doo will inform the organizer of any known continuity risks and will collaborate with third-party providers authorized by the organizer to ensure a seamless transition.
   
   
3. The organizer undertakes to provide all necessary information (in particular, the new service provider and all technical and organizational information required for the transition and data transfer) in a timely manner and to undertake all necessary measures, cooperation, and support to ensure an effective transition process and timely data transfer and to maintain the continuity of services. The organizer guarantees that the successor provider and all involved third parties will, at the organizer's own expense, enter into written confidentiality agreements prior to the requested commencement of the transition process and the transition phase, agreements that meet the requirements of these Terms and Conditions to an equal degree.
   
   
4. If doo is unable to complete the switching process and/or data transfer due to the fault of the organizer or a third party commissioned by the organizer, or if completion is delayed or requires increased effort, but the organizer must continue to maintain its resources, the organizer must reimburse doo for the additional expenses in accordance with doo's usual fees (in particular, standard daily rates for Professional Services). The organizer's failure to fulfill its obligations to cooperate and provide necessary resources does not release doo from its obligation to maintain service continuity.
   
   
5. The switching process is considered successfully completed when the exportable data and digital content/assets generated by the organizer have demonstrably been transferred to the target provider and the organizer/target provider has not reported any errors, failures, etc. within a reasonable period of no more than 3 days.
   
   
6. If doo requires more time for technical reasons, it can extend the transition period once, up to a maximum of 7 months, by notifying the organizer of the extension, with justification, within 14 business days of receiving the notice of termination. The organizer is entitled to request a longer transition period if they can demonstrate that this is necessary for a smooth transition and request the extension in writing or text form no later than one month before the end of the originally planned transition period. During the transition period, the contract remains in effect under the existing terms and conditions.
   
   
7. doo provides the event organizer with all exportable data and digital content/assets generated by the organizer in a common format (e.g., CSV). Upon request, doo will provide the organizer with a list of all data categories that can be transferred as part of the migration (including all exportable data provided by the organizer or generated through their use). doo will also disclose categories of data that cannot be ported because they are used exclusively for the internal function of doo's services and, if disclosed, would infringe intellectual property rights or trade secrets, or concern third-party assets or data, or are related to the integrity and security of the service, and their disclosure would expose doo, doo's services, or other event organizers to security risks.
   
   
8. These exceptions must not unreasonably delay or hinder the transition. After termination of the contract (or after the end of the transition period), the organizer has at least 30 calendar days to retrieve their exportable data from doo's system or request its release. After this period – or any mutually agreed-upon extension – doo will permanently delete all of the organizer's exportable data and digital content created by the organizer, provided the transition has been successfully completed. Statutory retention obligations remain unaffected.
   
   
9. If the organizer terminates the contract pursuant to paragraph 1 of this clause before the end of an agreed minimum term, the payment obligation for the remaining contract term remains in effect. doo is entitled to continue demanding the agreed fees until the originally scheduled end of the contract or to invoice the organizer for proportionate compensation for the early termination. This compensation may not exceed the sum of the remaining contract fees, may be reduced by any expenses saved, and does not constitute an impermissible switching fee.

 11. FEES AND BILLING

1. The service fees charged by doo for the use of the platform and other services are specified in the offer or order.
   
   
2. Unless otherwise agreed, the organizer will be charged a service fee of €0.99 per ticket, and for paid events, €0.49 + 5.9% of the ticket price (plus VAT). In this case, invoicing will occur monthly in arrears.
   
   
3. doo will provide the organizer with the invoices for the service fees in electronic form via email to the email address stored as the contact in the account.
   
   
4. Invoices are payable within 14 days of the invoice date without discount or other deductions. Unless otherwise agreed, the inclusion of a Purchase Order number on the invoice is not a prerequisite for payment. In case of late payment, default interest at the statutory rate will be charged. If payment is not received within one calendar week of the due date, doo is entitled to block the organizer's access to the platform and deactivate any ongoing event listings. doo will notify the organizer of the impending block in advance, giving a further one calendar week's notice. In this case, the organizer remains obligated to continue paying any outstanding service fees plus any applicable default interest.
   
   
5. The prices quoted do not include VAT or other taxes. These will be invoiced separately to the organizer, if applicable.
   
   
6. If the organizer of a paid event is required to pay doo a partial or percentage service fee, the organizer instructs the payment service provider to collect the total booking price from the participants and to hold the ticket price paid by the participants in escrow for the organizer. The organizer further instructs the payment service provider to pay the organizer the payments received from the participants, less the service fee payable to doo, and to pay the service fee to doo. These instructions to the payment service provider are issued via the platform.
   
   
7. Proportional or percentage service fees for tickets sold via the platform also apply if a booking is reversed, provided that doo is not responsible for the reasons for this.
   
   
8. If payment service providers or acquirers charge doo additional fees, such as surcharges for processing credit card payments with business or international credit cards, fees for international transfers, or currency conversion fees, these fees will be passed on to the organizer. This also applies to all costs and expenses incurred due to payment reversals by participants, in particular chargebacks, credit card chargebacks, or buyer protection claims with PayPal, as well as costs and expenses incurred due to incorrect payments by participants, such as late payments, incorrect payment references and the resulting manual allocation, overpayment or underpayment, or erroneously transferred amounts.
   
   
9. doo is entitled to appropriately increase the agreed prices for the services covered by the contract to compensate for increases in personnel and other costs (in particular for hosting, IT infrastructure, and third-party licenses). doo will notify the organizer of the price increase in writing at least six weeks before its planned effective date. If the price increase exceeds 5% of the previous prices within a calendar year, the organizer is entitled to terminate the contract with respect to the affected services by giving two weeks' notice in writing, effective from the date the price increase takes effect. If the organizer does not exercise this right of termination, the price increase will be deemed accepted. doo will expressly inform the organizer of this right of termination and the legal consequences of failing to terminate the contract in the notification.
   
   
10. The organizer may only offset claims by doo with undisputed or legally established counterclaims. The organizer may only assert a right of retention insofar as it is based on the same contractual relationship.

 12. DATA PROTECTION

1. When an event organizer creates an account to use the platform, doo, as the data controller, collects and processes the personal data of the organizer's employees provided during registration. doo collects and processes this data to enable the organizer and/or their employees to use the platform. Details regarding data collection and processing can be found in doo's privacy policy.
   
   
2. doo is entitled to use anonymized data related to the use of the platform for internal business and/or operational purposes, in particular to analyze platform usage and improve doo's services. The organizer will issue corresponding instructions for anonymizing any personal data that may be required for this purpose.
   
   
3. doo processes the data of event participants who register for an event via the platform or whose data is processed in other ways using the platform (for example, data collected "onsite" at an event), and the data of marketing campaign recipients, such as email marketing campaign mailing lists sent by an organizer via the platform, and other data that an organizer stores on the platform for processing. This data processing is governed by the Data Processing Agreement, which is an integral part of the contract between the organizer and doo. All provisions of these Terms and Conditions, in particular the limitation of liability, also apply to the Data Processing Agreement, which is expressly incorporated into the contract by the parties.
   
   

 13. CONFIDENTIALITY

1. Each party undertakes to use, treat confidentially, and protect from unauthorized access to all information received in the course of this contractual cooperation that (a) is marked as "confidential" or "secret" or with an equivalent designation, or is orally designated as confidential; (b) is to be considered confidential due to its content; or (c) is derived from confidential information that has been provided; exclusively for the purposes of this contractual cooperation. This confidentiality obligation shall be imposed on all persons entrusted with the performance of this contract.
   
   
2. The confidentiality obligation does not apply to information that (a) is publicly available or subsequently becomes publicly available or was already known to the other party at the time of the conclusion of the contract; (b) was independently and autonomously developed by the other party; (c) was disclosed to the other party by a third party who is not subject to any confidentiality obligation; or (d) must be disclosed due to legal provisions or official or judicial orders (in which case the affected party must be informed immediately).

 14. WARRANTY, LIMITATION OF LIABILITY, INDEMNIFICATION

1. doo performs the contractual services professionally and in accordance with industry standards. Claims for defects are initially limited to subsequent performance.
   
   
2. doo is liable for simple negligence, both for its own and for its own actions, only if essential contractual obligations (cardinal obligations) are breached. In this case, liability is limited to the typical and foreseeable damage. Essential contractual obligations are those obligations whose breach jeopardizes the achievement of the purpose of the contract, whose fulfillment is essential for the proper execution of the contract, and on whose compliance the organizer regularly relies.
   
   
3. For the aforementioned cases of limited liability, this is additionally limited in amount for each claim to the amount of the annual remuneration payable by the organizer (the remuneration paid or to be paid by the client in the last 12 months before the occurrence of the damage, or, if the contract had not yet run for 12 months at the time of the occurrence of the damage, the average of the previous remuneration per month x12) and to twice the annual remuneration payable by the client for all claims occurring in a contract year, but at least to an amount of 25,000 euros per claim.
   
   
4. doo is only liable for indirect and consequential damages, lost profits, additional personnel costs, wasted expenses and missed savings, etc., in cases of intent and gross negligence.
   
   
5. The limitations of liability do not apply to claims based on intent and gross negligence, personal injury, fraudulent misrepresentation, insofar as the Product Liability Act applies, or to damages that fall within the scope of protection of an independent guarantee, quality or durability guarantee given by doo, unless otherwise stipulated in the respective guarantee agreement.
   
   
6. If the organizer violates their duty to properly back up data, doo shall be liable for data loss in accordance with the above provisions, limited to the amount of damages that would have occurred even with proper and regular data backup by the organizer.
   
   
7. The foregoing limitations of liability also apply to claims against executive employees, staff, other agents or subcontractors of doo.
   
   
8. The general limitation period for all claims of the organizer is one year from the statutory commencement of the limitation period. Excluded from this reduction are claims by the organizer arising from injury to life, body, or health, as well as claims for compensation for other damages based on an intentional or grossly negligent breach of duty by doo and/or its legal representatives or agents. Mandatory statutory limitation periods (e.g., under the Product Liability Act), claims based on the fraudulent concealment of a defect, and claims arising from an assumed warranty of quality or durability remain unaffected.
   
   
9. The organizer shall indemnify doo against all claims, including claims for damages, asserted against doo by other users or other third parties due to an infringement of their rights by content posted on the platform by the organizer. The organizer shall further indemnify doo against all claims, including claims for damages, asserted against doo by other users or other third parties due to an infringement of their rights by the organizer's use of the platform's services. The organizer shall bear all reasonable costs incurred as a result of an infringement of third-party rights, including reasonable legal defense costs. All further rights and claims for damages by doo remain unaffected. The organizer's aforementioned obligations shall not apply to the extent that the organizer is not responsible for the relevant infringement.

 15. Force Majeure

1. Neither party shall be liable for delays or failure to perform its contractual obligations if and to the extent that these are due to force majeure. Force majeure shall be defined as unforeseeable, external events that cannot be prevented even with the utmost care that can reasonably be expected. These include, in particular, natural disasters, war, terrorism, pandemics, labor disputes (strikes and lockouts), government orders, failures of telecommunications networks and internet exchange points of third parties, as well as unavoidable, unforeseeable cyberattacks (e.g., DDoS attacks), provided that these were not facilitated by inadequate security measures on the part of the affected party.
   
   
2. The obligations of both parties are suspended for the duration of the force majeure event plus a reasonable start-up period. The affected party will inform the other party immediately of the occurrence and expected duration of the event. If the event continues uninterrupted for more than four weeks, either party is entitled to terminate the contract with immediate effect by giving written notice. Any advance payments made for periods after termination will be refunded by doo.

 16. RUNNING TIME

1. The contract term for the use of the platform is specified in the respective offer or order. The right to extraordinary termination for good cause remains unaffected.
   
   
2. Unless a fixed term has been agreed upon, either party may terminate the platform usage agreement at any time without giving reasons. Any claims for service fees already accrued at the time of termination remain unaffected.
   
   
3. In the event of violations of these Terms and Conditions and other contractual obligations, or in the case of a justified suspicion thereof, doo may temporarily suspend an organizer's account and/or certain event listings. The suspension will be lifted once the violation has been rectified or the suspicion has been dispelled.

 17. FINAL PROVISIONS

1. doo reserves the right to amend these Terms and Conditions for Event Organizers at any time or to supplement them with regulations for the use of any newly introduced additional services or features of the platform. Changes and additions to the Terms and Conditions for Event Organizers will be announced to the event organizer no later than four weeks before their planned effective date via email to the email address they have registered as their contact in their account. The event organizer's consent to the amendment of the Terms and Conditions for Event Organizers is deemed given if the event organizer does not object to the amendment in writing (e.g., letter, fax, email) within a period of four weeks, beginning on the day following the announcement of the amendment. doo will inform the event organizer in the announcement of the amendment about the possibility of objecting, the deadline for objecting, the requirement of written form, and the significance and consequences of failing to object.
   
   
2. doo is entitled to name the event organizer as a reference unless the organizer has expressly objected to such mention in writing. This entitlement applies to marketing materials, doo's website, and other online and offline publications, and also includes the use of the organizer's logo, trademarks, and company name.
   
   
3. The contract and any amendments thereto must be in writing. No side agreements exist. Unless otherwise agreed, the organizer may send all declarations to doo by email or by letter. doo may send declarations to the organizer by email to the email address the organizer has listed as their current email address in their organizer profile. The organizer's email address and other information can be updated at any time in their doo account.
   
   
4. The place of performance is the registered office of doo. The place of jurisdiction is, to the extent legally permissible, the registered office of doo. German law applies, excluding international private law and the UN Convention on Contracts for the International Sale of Goods (CISG).
   
   
5. Should any provision of these General Terms and Conditions for Event Organizers be or become invalid, the validity of the remaining provisions shall not be affected. The contracting parties undertake to replace any invalid provision with a valid provision that most closely approximates the intended economic purpose of the invalid provision. This shall apply mutatis mutandis to any gaps in the contract.
   

Privacy policy doo website

Status: 06.05.2026 - Valid from 01.07.2026. doo GmbH (hereinafter "doo") provides a platform for the management of events, which enables the organizers of events to organize events, sell tickets for their events and carry out the associated communication and administration.

 

At doo, we take the protection of your personal data very seriously. We always handle your personal data in accordance with the statutory data protection regulations and this privacy policy.

With this privacy policy, we would like to inform you about which personal data is collected and processed via our website and our event management platform, and for what purposes.

We distinguish between the following areas:

1. VISIT OUR WEBSITE
2. Using the DOO EVENT MANAGEMENT PLATFORM
3. REGISTRATION CUSTOMER SERVICE
4. CONTACT AND CONTACT DATABASE (CRM)
5. USE OF ARTIFICIAL INTELLIGENCE (AI) IN COMMUNICATION
6. Newsletter 
7. Blog 
8. TRADE FAIR CONTACTS AND PHOTOGRAPHS AT TRADE FAIRS
9. VIDEO CONFERENCES AND WEBINARS
10. JOB OFFERS AND APPLICATIONS
11. MERGERS UND ACQUISITIONS (M&A) 
12. AGE RESTRICTION
13. RECIPIENTS OF DATA
14. RIGHTS OF SUBJECTS
15. MANDATORY INFORMATION AND PROFILING
16. STORAGE/RETAINING AND DELETION
17. INFORMATION SECURITY
18. CHANGE TO THE PRIVACY POLICY



 RESPONSIBLE PARTY

The responsible party is doo GmbH, Hultschiner Straße 8, 81677 Munich, Germany, Telephone:  49 (0)89 2488 153-0, E-Mail: kontakt@doo.net.

 

 DATA PROTECTION OFFICER

Our data protection officer is attorney Christian Schmoll, email: doo@compliance.one. For questions and suggestions regarding data protection, please contact our data protection officer directly.

 

1. VISIT OUR WEBSITE

1.1 LOG FILES

Each time you access our website, our system automatically collects data and information from the computer system of the accessing device. In order for the pages to be displayed in your browser, the IP address of your device must be processed. Additional information about your device's browser is also collected. We are legally obligated to ensure the confidentiality and integrity of the personal data processed by our IT systems. For this purpose, the following data is logged:

• IP address of the requesting computer
• Operating system of the calling computer
• Browser version of the requesting computer
• Name of the retrieved file
• Date and time of retrieval
• Amount of data transferred
• Referring URL

The data is also used to correct errors on the website. Our website is hosted by a service provider within the European Economic Area. A data processing agreement in accordance with Article 28 GDPR is in place. The legal basis for this data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR. Our legitimate interest is the operation of this website and the implementation of the data protection objectives of confidentiality, integrity, and availability.

1.2 COOKIES

This website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to the browser of website visitors and stored there for later retrieval. Cookies can be small files or other types of data storage. Information stored in cookies relates to the specific device used. Cookies contain a characteristic string that allows for the unique identification of the browser when the website is visited again. A cookie also contains information about its origin and storage period. However, this does not mean that a cookie can be used to directly identify website visitors.

 

When you visit this website, cookies are set that are essential for its operation. These essential cookies may include, for example, cookies required for displaying the website using a content management system, cookies that recognize language preferences, or cookies that document whether you have consented to or declined the setting of further (optional) cookies. The essential cookies, including their purpose and storage duration or deletion period, are explained below and also in the cookie banner that appears when you access the website.

 

Optional cookies are also used, for example to collect additional information about the interests of website visitors or their usage behavior, in order to analyze and optimize the website and customer interactions in general.

 

Optional cookies, including their purpose and storage duration or deletion period, are explained below and also in the banner displayed when you visit the website. Optional cookies are only set if you have explicitly consented to their use.

 

Where we use cookies or similar technologies to store information on your device or to read information stored there, the legal basis for this is your explicit consent. This excludes technologies that are technically essential for providing our explicitly requested services. The legal basis for this data processing is the explicit consent of website visitors, which can be withdrawn at any time.

1.3 CONSENT MANAGEMENT (PIWIK PRO)

The website uses the Piwik PRO Consent Manager consent management platform (“CMP”) from the provider Piwik PRO SA in Poland. The provider acts as a data processor based on a data processing agreement.

 

Piwik PRO Consent Manager is used to inform website visitors about the cookies and tracking technologies used and to request and, if necessary, document their consent to the use of optional cookies. A persistent cookie is stored in the browser to save this consent.

 

The following data is automatically logged: IP address in anonymized form (if enabled), date and time of consent, user agent (information about the end device), URL on which consent was obtained, and the status of consent (which categories of cookies were consented to).

 

The legal basis for this data processing is initially the legitimate interest of the data controller in obtaining the consent of website visitors to the storage of optional cookies in connection with providing the website. If such consent has been given, the legal basis for processing the data relating to this consent is the fulfillment of the legal obligation to obtain and document such consent.

1.4 RETARGETING-/REMARKETING-SERVICES 

These marketing services allow us to display targeted advertisements for and on our website, ensuring you only see ads that potentially match your interests. A cookie is used in your browser to record which websites using these marketing services you have visited and which content you viewed there. Additional information, such as your IP address, browser type, operating system, timestamp, and referring website, is also collected. When you subsequently visit other websites using these marketing services, you may be shown advertisements tailored to your interests.

 

The legal basis for the processing of personal data in connection with the use of retargeting/remarketing services is your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

 

1.4.1 LINKEDIN ADS 

We use the LinkedIn Ads retargeting service provided by LinkedIn Ireland Unlimited Company in Ireland. LinkedIn uses cookies for this purpose.

 

Further information on data protection at LinkedIn can be found in the LinkedIn Privacy Policy here:

https://www.linkedin.com/legal/privacy-policy 

 

You can prevent cookies from being stored by adjusting your browser settings accordingly. You can object to LinkedIn analyzing your usage behavior and displaying interest-based recommendations here:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

 

This may involve the transfer of personal data to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards pursuant to Article 46 GDPR are in place to guarantee an adequate level of data protection. The controller will provide proof of these appropriate safeguards upon request.

 

The legal basis for this data processing, including the transfer of data to LinkedIn, is the explicit and revocable consent of the website visitors in accordance with Art. 6 para. 1 lit. a) GDPR.

1.4.2 FACEBOOK CUSTOM AUDIENCES 

We also use the retargeting service Facebook Custom Audiences from Facebook, Inc., in the USA. Facebook Custom Audiences uses a so-called tracking pixel. This pixel is retrieved from a Facebook URL containing specific parameters when our website is accessed, and transmits information to Facebook, which Facebook uses to display targeted advertising. However, no individual persons are targeted, but only groups of users who exhibit similar behavior. Facebook uses a so-called hashing process for this purpose, in which personal data is encrypted in such a way that Facebook can no longer associate it with individual users.

 

Further information can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy

When using Facebook Custom Audiences, personal data may be transferred to third countries that do not offer an adequate level of data protection. In this case, appropriate safeguards pursuant to Article 46 GDPR are in place to ensure an adequate level of data protection. The data controller will provide proof of these safeguards upon request.

 

The legal basis for this data processing, including the transfer of data to LinkedIn, is the explicit and revocable consent of the website visitors in accordance with Art. 6 para. 1 lit. a) GDPR.

1.4.3 GOOGLE-MARKETING-SERVICES 

We also use marketing services from Google Ireland Limited, e.g. AdWords, Conversion Tracking, AdSense and Google Marketing Platform; Google uses cookies and so-called web beacons for this purpose.

You can prevent the storage of cookies by adjusting your browser settings accordingly. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences

Further information on Google's data usage, settings and opt-out options can be found here:

 

• Google's privacy policy: https://www.google.com/policies/privacy
• Data usage by Google when using websites or apps that use Google services: https://www.google.com/intl/de/policies/privacy/partners
• Data usage for advertising purposes: http://www.google.com/policies/technologies/ads
• Managing information that Google uses to display personalized ads: http://www.google.de/settings/ads

When using Google Marketing Services, personal data may be transferred to third countries that do not offer an adequate level of data protection. In this case, appropriate safeguards pursuant to Article 46 GDPR are in place to ensure an adequate level of data protection. The data controller will provide proof of these safeguards upon request.

 

The legal basis for this data processing, including the transfer of data to LinkedIn, is the explicit and revocable consent of the website visitors in accordance with Art. 6 para. 1 lit. a) GDPR.

1.5 WEBANALYTICS 

We use web analytics services on our website or parts of the website to record how our website is used by its visitors and to optimize the website as a whole and its presentation.

 

The legal basis for this data processing when using web analytics is your explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

1.5.1 GOOGLE ANALYTICS 

We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited. Google Analytics uses cookies.

 

As part of IP anonymization, Google shortens the IP addresses of users within the European Economic Area before transmitting them to the USA. Only in exceptional cases is the full IP address transmitted to Google in the USA and shortened there. The transmitted IP addresses are not combined with other Google data.

You can prevent the storage of cookies by adjusting your browser settings accordingly. Furthermore, you can prevent Google from collecting and processing data generated by the cookie and related to your use of the website by downloading and installing the browser plugin available at the following link. This plugin uses JavaScript to inform Google Analytics that no data or information about website visits may be transmitted to Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de

 

This may involve the transfer of personal data to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards are in place for such a transfer in accordance with Article 46 GDPR to guarantee an adequate level of data protection. The controller will provide proof of these appropriate safeguards upon request.

 

The legal basis for this data processing is the explicit and revocable consent of the website visitors in accordance with Art. 6 para. 1 lit. a) GDPR.

 

1.5.2 LINKEDIN ANALYTICS 

We also use the web analytics service LinkedIn Analytics from LinkedIn Ireland Unlimited Company in Ireland. LinkedIn Analytics uses cookies.

 

Further information on data protection at LinkedIn can be found in the LinkedIn Privacy Policy at https://www.linkedin.com/legal/privacy-policy. This policy also describes how you can object to the collection and storage of data for web analytics purposes by LinkedIn at any time with effect for the future. You can also prevent the storage of cookies by adjusting your browser settings accordingly.

 

This may involve the transfer of personal data to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards are in place for such transfers in accordance with Article 46 GDPR to guarantee an adequate level of data protection. The controller will provide proof of these appropriate safeguards upon request.

 

The legal basis for this data processing is the explicit and revocable consent of the website visitors in accordance with Art. 6 para. 1 lit. a) GDPR.

 

1.6 SOCIAL MEDIA-BUTTONS 

Our website includes social media buttons from the social media networks Facebook, X, LinkedIn and Xing.

 

Clicking one of these social media buttons will redirect you to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click a social media button and are either logged in to the respective social media network or log in on the respective social media network's page, the transmitted information can be associated with your account on the social media network.

 

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, contact options and your rights and settings options regarding data protection, please refer to the respective data protection information of the providers of the social media networks.

 

The legal basis for the integration and use of social media buttons is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.

1.7 SOCIAL MEDIA-PAGES 

We maintain a publicly accessible profile on the social media networks Facebook, X, LinkedIn and Xing (“Social Media Pages”).

 

When you visit one of our social media pages and are logged into the respective social media network, the provider of that network can analyze your usage behavior and associate the collected information with your account on that network, enriching it there. Even if you are not logged in or if you do not have an account with the respective social media network, data about you can be collected by the provider of that network, such as your IP address or data collected via a cookie.

The operators of social media networks can create user profiles based on this data. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.

 

When you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information about the collection and processing of your personal data that takes place there, please refer to the privacy policy of the respective social media network.

 

You can assert your data subject rights (right to information, rectification, erasure, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages to the extent of the options made available to us by the respective provider.

 

The legal basis for our use of social media pages is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the internet.

1.8 SOCIAL SHARING 

Social sharing buttons allow you to share a link to specific content from our website, such as an article on our blog, directly on your social media profile (Facebook, X, LinkedIn, Xing). These social sharing buttons are provided by the respective social media network. Each time you visit a page containing such a button, the button is downloaded from the provider of the social media network. By integrating these plugins, the providers receive information that your browser has accessed the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider.

 

If you click a social sharing button and are either logged into the respective social media network or log in in the window that opens, the transmitted information can be associated with your account on the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, contact options, and your rights and settings regarding data protection, please refer to the data protection information of the social media network providers:

 

• Facebook: http://www.facebook.com/policy.php 
• X: https://x.com/de/privacy 
• LinkedIn: https://www.linkedin.com/legal/privacy-policy 
• Xing: https://www.xing.com/privacy 

 

The legal basis for this data processing when integrating and using social sharing buttons is Article 6(1)(f) GDPR. Our legitimate interest is the marketing of our offers and our website.

1.9 FONTS

To ensure that the content of our website is displayed correctly and attractively across different browsers, we use font and script libraries, such as the font library from MyFonts, Inc. Accessing these font and script libraries automatically establishes a connection to the operator of the respective library. In this process, it is possible that your personal data, in particular your IP address, will be collected.

 

You can prevent the use of such libraries and the associated data transmission by installing a JavaScript blocker (e.g., www.noscript.net).

Due to the licensing terms of MyFonts, Inc., we use MyFonts Counter, a web analytics service that performs page-view tracking, counting the number of visits to the website for statistical purposes and transmitting this data to MyFonts. Further information about MyFonts Counter can be found in MyFonts' privacy policy: http://www.myfonts.com/info/terms-and-conditions/#Privacy.

 

The legal basis for this data processing when using such libraries is Article 6(1)(f) GDPR. Our legitimate interest is the analysis, optimization, and economic operation of our website and our customer interactions.

1.10 RECAP

This website uses the reCAPTCHA tool provided by Google Ireland Limited in Ireland. Google acts as a data processor under a data processing agreement.

 

reCAPTCHA determines whether a person or a computer is entering a specific information into a form. Google uses the following data to verify this: the IP address of the device being used, the website being visited where the CAPTCHA is embedded, the date and duration of the visit, information about the browser and operating system used, the Google account if the user is logged in, mouse movements on the reCAPTCHA areas, and tasks involving image identification.

 

The use of the reCAPTCHA tool is necessary to ensure the secure provision of the website. The legal basis for the described data processing is the legitimate interest of the data controller in the security of the website and, in particular, protection against automated input and attacks. If consent has been obtained, the explicit and revocable consent constitutes the legal basis.

 

When using reCAPTCHA, personal data may be transferred to third countries that do not offer an adequate level of data protection. In this case, appropriate safeguards are in place in accordance with Article 46 of the GDPR to ensure an adequate level of data protection. The data controller will provide proof of these safeguards upon request.

1.11 VIDEO (VIMEO) 

Videos are embedded on this website. This functionality is provided via a plugin from Vimeo, LLC, in the USA. Vimeo acts as a data processor based on a data processing agreement.

 

When a website containing a Vimeo plugin is accessed, a connection to Vimeo is established, and the visitor's IP address is transmitted to Vimeo. This information is also transmitted to Vimeo when a video is started by clicking on it. If a user is logged into Vimeo, the transmitted information may be linked to their Vimeo account.

 

Further information on the scope and purpose of data processing at Vimeo, the processing and use of personal data by Vimeo, and the related privacy settings can be found in Vimeo's Privacy Policy at https://vimeo.com/privacy. Additional information on Vimeo's use of cookies can be found in the Vimeo Cookie Policy at https://vimeo.com/cookie_policy.

 

This may involve the transfer of personal data to third countries that do not offer an adequate level of data protection. In this case, it will be ensured that appropriate safeguards are in place to guarantee an adequate level of data protection. The data controller will provide proof of these appropriate safeguards upon request.

 

The legal basis for this data processing is the legitimate interest of the controller in integrating videos and the associated optimization of website interactivity and customer interactions. If consent has been obtained, the explicit and revocable consent constitutes the legal basis.

2. USING THE DOO EVENT MANAGEMENT PLATFORM

Below we inform you about which personal data is collected and processed when using the doo event management platform to create events as an organizer ("Organizer").

2.1 ACCOUNT 

When you create an account to use the doo event management platform as an event organizer, we collect and process your personal data as the data controller. We do not collect and process this data on your behalf or at your instruction, but rather to enable you to use the doo event management platform.

In addition to the data categories described in section 1, we collect and process the data you provided during registration (surname, first name, email address, telephone number). This information is mandatory, as we require it to fulfill the contract.

 

You can delete your customer account at any time. Please contact us using the contact details provided for the responsible department.

2.2 PAYMENT INFORMATION

If you use paid services, the data required for payment processing (e.g. name, contact details, payment and transaction information) will be processed for the performance of the contract in accordance with Art. 6 para. 1 lit. b) GDPR.

 

The payment service provider NovalNet AG, Germany, is used for payment processing. The data required for payment is transmitted to NovalNet AG, which processes it under its own data protection responsibility.

If the organizer has outsourced payment processing to doo, the processing takes place with the involvement of the payment service provider used and other bodies involved in the payment processing.

 

Further information on data processing by NovalNet AG can be found at: https://www.novalnet.de/datenschutz.

2.3 PARTICIPANT AND INVITEE DATA

doo processes the data of participants in your events who register for your event via the doo event management platform or whose data is processed in other forms using the doo event management platform (for example, data collected "onsite" at an event), and the data of the recipients of your marketing campaigns, for example, the list of recipients of your email marketing campaigns that you send via the doo event management platform, and other data that you store for processing in the doo event management platform ("invitee data"), as a data processor on your behalf and according to your instructions.

 

This data processing is governed by our Data Processing Agreement (DPA), which you can access here.

3. CUSTOMER SERVICE REGISTRATION

You can register on our customer service portal. You can then access your customer service requests and check their status at any time. The data you provide during registration will be used for the purpose of using the customer service portal. The mandatory fields requested during registration must be completed in full; all other information in your profile, such as uploading a profile picture, is optional. Your email address provided during registration will be verified by sending you a confirmation email in which you must click a link to confirm your email address.

 

The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest in this case is the maintenance of our customer relationships. If the contact is aimed at concluding a contract or takes place within the framework of an existing contractual relationship, the additional legal basis for the processing is the necessity of the processing for the performance of a contract pursuant to Art. 6 para. 1 lit. b) GDPR.

 

You can have the data you provided when registering for the customer service portal deleted at any time. If you delete your registration, the data associated with your account will be deleted, unless its retention is necessary for commercial or tax reasons. Please contact us using the contact details provided for the responsible party to delete your account.

4. CONTACT AND CONTACT DATABASE (CRM)

4.1 CONTACTING US AND REQUESTING INFORMATION AND OFFERS

When you contact us via email, contact forms, or our live chat to request information, a quote, or for any other inquiries related to the doo event management platform, the information you provide will be stored for the purpose of processing your request. We require the information requested in the contact form on the website to process your request, address you correctly, and send you a response.

 

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is communication with customers and prospective customers.

If the contact is aimed at concluding a contract, the additional legal basis for the processing is the necessity of the processing for the performance of a contract pursuant to Art. 6 para. 1 lit. b) GDPR.

 

For our contact form and chat function on the website, we use an external service provider as a data processor based on a data processing agreement pursuant to Article 28 GDPR. This may involve the transfer of personal data to third countries that do not offer an adequate level of data protection. In this case, we ensure that appropriate safeguards pursuant to Article 46 GDPR are in place to guarantee an adequate level of data protection. The data controller will provide proof of these safeguards upon request.

4.2 CUSTOMER DATABASE AND DIRECT MARKETING

Inquiries and orders are generally stored in our CRM system. We may use this data for direct marketing purposes. You can object to such use for direct marketing at any time. Details regarding your right to object can be found below under "Your Rights".

 

The CRM system is regularly reviewed to determine whether data can be deleted. If data is no longer required within the context of a customer or prospect relationship, or if a customer's overriding interest exists, we will delete the relevant data, provided that no legal retention obligations prevent us from doing so.

 

The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in maintaining our customer relationships and carrying out direct marketing measures.

4.3 SHARING YOUR DATA WITH SPONSORS

As part of our own doo event, we transmit the following personal data of all registered participants to our event sponsors: first and last name, company/organization, position, and contact details. This data is shared so that sponsors can contact participants for advertising purposes and to present products and services related to the event.

 

The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, in order to offer you a free or low-cost event and to finance our event through sponsorship contributions. You have the right to object to the transfer of your data to the sponsors at any time ("opt-out"). Such an objection can be made by sending an informal notification via email to marketing@doo.net or directly during your online registration. If you object, your data will not be transferred to the sponsors.

A revocation after the transfer has taken place will result in your data being deleted by the sponsors.

5. USE OF ARTIFICIAL INTELLIGENCE (AI) IN COMMUNICATION

To support employees in their daily work and improve the quality and consistency of communication, the manager uses AI applications, including ChatGPT from OpenAI, Microsoft Copilot, Google Gemini for Workspace, and Claude from Anthropic. These applications are particularly helpful in composing and summarizing emails and documents.

 

The use of AI is strictly limited to internal productivity purposes, such as supporting employees in preparing responses or extracting relevant content from previous communications. The AI applications used only have access to content that employees themselves can access. Decisions are never made solely by AI; all results and suggestions are always reviewed by employees before being shared externally.

 

Through contractual agreements with AI providers and technical configurations (e.g., using enterprise versions or closed API interfaces), we ensure that the personal data entered into the AI systems is not used by the providers to train or improve their own base models. Data sovereignty remains entirely with us.

 

The use of AI is based on the legitimate interest of the data controller, as this support enables employees to respond to inquiries and communications more efficiently and effectively. It has been carefully examined to ensure that the interests and fundamental rights of the data subjects are not infringed upon by this use. This is ensured in particular by the fact that the use of AI is clearly defined, strictly limited, and always subject to human oversight. Furthermore, the data controller implements comprehensive internal security measures, including a clear internal policy on the use of AI, regular employee training, and appropriate data protection audits. This ensures that the processing is fair, proportionate, and respectful of privacy.

 

6. NEWSLETTER 

6.1 REGISTRATION FOR THE NEWSLETTER

On our website, you can register to receive our newsletter via email. During registration, the data from the input form, the IP address of the accessing computer, and the date and time of registration are transmitted to us. Your consent for the processing of this data is obtained during registration, and you are referred to this privacy policy.

 

To verify that a newsletter registration is made by the actual owner of an email address, we use the so-called "double opt-in" procedure. After an email address is registered, a confirmation email is sent to that address. The newsletter registration is only completed once a confirmation link in the confirmation email is activated. In this process, the IP address of the requesting computer and the date and time of activation of the confirmation link are also transmitted to us.

 

You can unsubscribe from the newsletter at any time by using the unsubscribe link included in every newsletter or by contacting us using the contact details provided for the responsible party.

 

The legal basis for processing the data after registration for the newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

6.2 Email newsletters within the framework of an existing customer relationship

If you register as a user of the doo event management platform and provide your email address, we may subsequently use it to send you an email newsletter, unless you have objected to such use. In this case, the email newsletter will only contain direct advertising for our own similar goods or services. You can object to the use of your email address at any time, without incurring any costs other than the transmission costs at basic rates, by using the unsubscribe link included in every newsletter or by contacting us using the contact details provided for the responsible party.

 

The legal basis for sending the newsletter following the sale of goods or services is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR (in Germany in conjunction with § 7 para. 3 UWG).

6.3 NEWSLETTER-ANALYSE 

Our newsletters may be subject to statistical analysis of usage data. For this purpose, we may record both email opens and internal clicks. This information is used to measure and optimize the success of our newsletter campaigns by making the newsletter content more relevant to our target audience.

 

The legal basis for this analysis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is the evaluation and optimization of communication with customers and prospective customers.

6.4 NEWSLETTER SERVICE PROVIDERS

We use an external service provider as a data processor for sending and analyzing our newsletter, based on a data processing agreement in accordance with Art. 28 GDPR.

 

This may involve the transfer of personal data to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards are in place for such transfers in accordance with Article 46 GDPR to guarantee an adequate level of data protection. The controller will provide proof of these appropriate safeguards upon request.

7. BLOG 

You can comment on articles in our blog. We use the commenting system of the external provider DISQUS, Inc., USA.

 

This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. Appropriate safeguards for this data transfer exist in accordance with Article 46 of the GDPR. We will gladly provide you with proof of these safeguards (standard contractual clauses or standard data protection clauses) upon request. Please contact us using the contact details provided above.

To comment on a blog post, you need to log in. DISQUS allows you to log in either via a DISQUS account or via an account with Facebook, Twitter, or Google Plus (“social media networks”). If you log in to the comment function with your account on a social media network, that social media network will also collect and process information about your use of the DISQUS function. For detailed information about this data collection and processing, please refer to the privacy policies of the respective social media network.

 

When you register for the Disqus comment function, we receive your email address and the IP address used when you submit a comment. We require and process this information solely for the purpose of contacting you regarding your use of Disqus, for example, if we have questions about your comment, and for security reasons in the event that a comment infringes the rights of third parties or contains illegal content.

 

When you comment on an article in our blog, information about the time of commenting and, if applicable, your chosen username (pseudonym) will be stored and published along with your comment.

 

The legal basis for data collection within the context of the comment function is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is, on the one hand, the evaluation and optimization of communication with customers and prospective customers within the framework of the blog, and on the other hand, the protection of our rights and the enabling of our legal defense in the event of misuse or unlawful use of the comment function.

8. TRADE FAIR CONTACTS AND RECORDINGS AT TRADE FAIRS

Information provided to us during a trade fair visit or other event (e.g., from contact tracing, meeting notes, business cards, etc.) is processed solely for the purpose of addressing the matter discussed or mentioned during that specific contact. We will contact you by mail, telephone, or email.

 

For processing trade fair contacts, we use a service provider as a data processor on the basis of a data processing agreement.

 

Furthermore, we take photos and videos of our trade fair presence and, under certain circumstances, also of visitors at our booth or in other contexts related to our participation in the respective event (hereinafter referred to as "recordings"). When creating recordings, metadata such as the date, time, and location of the recording are also regularly collected.

 

We process the recorded images for the following purposes:

 

• Public relations and presentation of our trade fair presence: This includes publishing the photos on our website, in social media, in print media, or in press releases to report on our activities at the trade fair and to promote our company. Although the primary focus of the photos taken for this purpose is the event itself, trade fair visitors may also be depicted in these photos. The legal basis for this data processing is our legitimate interest in appropriate reporting on the event or our participation in it. When using the photos, we take great care to ensure that we do not infringe upon the legitimate interests of the individuals depicted (e.g., we do not publish unflattering photos).
• Internal documentation and archiving: The recordings may also serve for internal documentation of the event and long-term archiving (company history). While the recordings created for this purpose primarily focus on the respective event or trade fair appearance itself, they may also include images of trade fair visitors. The legal basis for this data processing is our legitimate interest in documenting our events and our participation in events.
• Individual photographs: If we wish to create specific portrait photographs or interviews of individuals, we will obtain their explicit consent beforehand. In such cases, the individual will be informed in advance and can freely decide whether to consent. The resulting photographs will then be used exclusively for the agreed purposes (e.g., a planned social media post or follow-up reporting).

 

We only store recordings for as long as necessary for the respective purposes. Recordings used for public relations are kept as long as they are needed for reporting and marketing purposes. We reserve the right to archive recordings for longer periods for documentation purposes (historical archiving of our trade fair appearances). Portrait and individual photos taken with consent are generally only stored until the consent is withdrawn or the purpose of the recording no longer applies.

9. VIDEO CONFERENCES AND WEBINARS

When you participate in a video conference, webinar or online meeting etc. organized by us (hereinafter referred to as "video conferences"), we process your personal data in connection with your participation.

 

When participating in a video conference, various categories of data are processed. The scope of the data also depends on what information you provide before or during your participation in the video conference.

 

When you participate in a video conference hosted by us, you will generally need to provide at least a name during registration. You can also use a pseudonym. Your IP address will also be processed to enable your participation, and login and device/hardware information will be stored. If provided, your email address and profile picture will also be processed. If you dial in by phone, your phone number and, if applicable, your IP address will be processed.

To enable participation in the video conference, data from your device's microphone, any webcam, and, if you are sharing your screen, information from that screen share will be processed. You can disable or mute your camera or microphone at any time. You always decide whether and which parts of your screen are shared.

 

Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio, and presentation recordings will be processed. Participants will always be notified if a recording is taking place, and their explicit consent will always be obtained where necessary.

You may have the option to use the chat, question, or survey functions during a video conference. In this case, the text you enter will be processed to display it in the video conference and, if necessary, to record it.

 

Insofar as personal data of our employees is processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for the data processing, provided that German law is applicable to the processing of employee data.

 

If German law is not applicable to the processing of employee data, or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, execution, or termination of the employment relationship, but is nevertheless an essential component of participation in a video conference, then our overriding legitimate interest pursuant to Article 6(1)(f) GDPR is the legal basis for the data processing. In these cases, our legitimate interest lies in the effective conduct of video conferences.

 

Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships or with a view to initiating a contractual relationship (for example, in video conferences with our clients in the context of carrying out a project or when participating in a webinar).

 

Furthermore, the legal basis for data processing in connection with your participation in a video conference organized by us is our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. In these cases, our legitimate interest lies in the effective conduct of video conferences.

 

We use one or more service providers as data processors for conducting video conferences on the basis of a data processing agreement in accordance with Art. 28 GDPR.

 

This may involve the transfer of personal data to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards are in place for such a transfer in accordance with Article 46 GDPR to guarantee an adequate level of data protection. The controller will provide proof of these appropriate safeguards upon request.

10. JOB OFFERS AND APPLICATIONS

 10.1 ACTIVE SOURCING  

We conduct so-called active sourcing measures to identify promising potential employees on the external job market and to actively contact potential applicants and employees. The purpose of data processing is recruitment, for example, by individually informing promising candidates about job openings in our company.

 

In our active sourcing activities, we collect the following data categories: name, first name, gender, contact details, education, professional experience, qualifications, salary data, application data, extracurricular experiences and interests, and other information obtained from public profiles on social networks, in particular LinkedIn and Xing, and/or from other publicly accessible sources on the internet.

 

All personal data processed within the scope of Active Sourcing is collected from generally/publicly accessible sources on the Internet, in particular from social networks such as LinkedIn and Xing.

 

The legal basis for the collection and processing of publicly accessible data within the framework of active sourcing is the legitimate interest of the controller in identifying, contacting and hiring the best possible employees for the company.

 10.2 APPLICATION PROCESS

We collect and process personal data from applicants for the purpose of carrying out the application process.

 

If we conclude an employment contract with an applicant, the submitted data will be processed for the purpose of carrying out the employment relationship in accordance with legal regulations. If no employment contract is concluded, the application documents will be deleted immediately, at the latest 6 months after the end of the application process, unless an overriding legitimate interest, such as the defense against claims or the preservation of evidence under equal treatment and anti-discrimination laws, precludes deletion.

 

The legal basis for this storage and processing is the performance of pre-contractual measures (decision on the establishment of an employment relationship). Should the data be required for legal defense or prosecution after the application process has been completed, data processing may be carried out to protect legitimate interests. In this case, our legitimate interests consist of defending against legal claims or asserting legal claims.

10.3 Internet research as part of the application process

As part of the application process, publicly available information about applicants may be viewed online. This includes, in particular, professional profiles on social networks (e.g., LinkedIn), potentially publicly accessible profiles on other social media, and information from generally accessible sources (e.g., press articles, blogs, websites, search engine results).

 

Only publicly available information about the applicant will be processed. No systematic or automated decision-making or profiling will take place.

 

Internet research serves to supplement application documents, enabling a better assessment of applicants' professional suitability, career history, qualifications, and public professional conduct. This creates a sound basis for selecting suitable candidates.

The legal basis for this processing is the legitimate interest of the potential future employer in a comprehensive and well-founded assessment of the suitability of applicants for the advertised position.

10.4 BACKGROUND CHECKS 

As part of the application process, it may be necessary – particularly for security-relevant positions, management roles, positions with financial responsibility, or access to confidential company information – to conduct additional background checks. These checks serve to verify the information provided during the application process and to assess the applicant's professional integrity, reliability, and suitability for the respective position.

 

As part of such background checks, depending on the nature of the advertised position and its necessity, information on education, professional experience, qualifications, references, and, where applicable, creditworthiness information or information from public registers may be collected and processed. If the advertised position requires it or legal regulations demand it (e.g., for positions in sensitive compliance, finance, or IT areas), the submission of an official certificate of good conduct may also be required in individual cases. In this case, processing is based solely on the documents voluntarily submitted by the applicant; we do not conduct any automated inquiries.

 

To conduct background checks, external service providers may be commissioned as data processors, if necessary, to assist us in verifying qualifications or obtaining references. In addition, in individual cases, we may contact previous employers, references, or educational institutions, provided the applicant has given their explicit prior consent.

 

The legal basis for processing personal data within the scope of background checks is primarily the performance of pre-contractual measures (decision on establishing an employment relationship), insofar as the check is necessary for the decision on establishing an employment relationship. The legal basis for these checks is the necessity for the employment relationship in conjunction with any applicable legal requirements. Any checks that go beyond this (e.g., reference inquiries with former employers) are carried out exclusively on the basis of your explicit consent.

 

Before a background check is conducted, the applicant is always informed transparently about the type, scope, and purpose of the planned check. If consent is required for certain checks, this will be obtained separately in advance. Personal data will not be processed or shared beyond the stated purpose.

10.4 USE OF AUTOMATED (AI) METHODS

As part of our application process, we use partially automated procedures for pre-selecting applications. The submitted application documents (e.g., CV, qualifications, professional experience) are analyzed using an AI-supported system according to specific, predefined criteria. The goal is to identify applications that are a particularly good match for the requirements of the advertised position.

 

The automated evaluation serves solely to support our HR staff. A final decision regarding the continuation of the application process is not automated, but is always made by a human being.

 

The system evaluates application documents based on predefined criteria (e.g., education, professional experience, language skills, qualifications). A preliminary classification or weighting is then made, serving as a guide for the subsequent manual review.

 

This evaluation has no legal effect and does not cause any comparable significant impairment.

 

Every applicant has the right to request a human review of the automated pre-selection, to present their point of view and to contest the decision.

 10.5 COMPLIANCE/SANCTIONS LIST SCREENING

Applicants who are shortlisted during the application process may undergo an initial compliance check. This check involves comparing the applicant's name and address with relevant sanctions lists, particularly those based on EU anti-terrorism regulations.

 

For the performance of the compliance/sanctions list screening, we use an external service provider as a data processor on the basis of a data processing agreement.

 

The legal basis for this storage and processing is, if there is a legal obligation to conduct a compliance/sanctions list screening, the fulfillment of that legal obligation. In individual cases, depending on a balancing of interests, a compliance/sanctions list screening may also be carried out even if there is no mandatory legal obligation. In this case, the legal basis is our legitimate interest in avoiding potential sanctions by foreign authorities.

10.6 TALENT POOL 

If an applicant submits an unsolicited application without reference to a specific job posting, expressing a general interest in future employment in the event that potentially relevant/interesting positions arise for them, or if an applicant has consented to the longer-term storage of their data in our talent pool as part of an application process for a specific position, we will store the data submitted as part of the application in our talent pool for two years after receipt of the unsolicited application or after the conclusion of the application process. This allows us to identify future positions that may be of interest to the applicant and, if necessary, to contact them regarding these opportunities. After this period, the data will be deleted.

 

You can withdraw your consent to the storage of your application data in our applicant pool at any time for the future. Please send us an email to the contact details provided above.

 

The legal basis for storing application documents in our talent pool is, where applicable, the express consent of the applicant, which can be revoked at any time.

10.7 STATISTICAL EVALUATIONS

We process anonymized or aggregated application data to analyze and improve our recruiting process (e.g., to evaluate application numbers, sources, or success rates). These evaluations are based on anonymized/aggregated data without any personal reference.

11. MERGERS UND ACQUISITIONS (M&A) 

If we are involved in a restructuring, acquisition, sale of assets, merger, financing, transfer of services to another provider, due diligence, insolvency or receivership, your personal data may be transferred to third parties to the extent legally permissible, in compliance with the fundamental principles of data protection, and as necessary in connection with and as part of the relevant legal process.

12. AGE RESTRICTION

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about individuals under the age of 16.

13. RECIPIENTS OF DATA

Within the organization of the controller, those internal departments or organizational units that need access to data to fulfill their tasks, possibly to fulfill contracts, to process data based on the consent of the data subject, or to safeguard overriding legitimate interests, will receive access to data.

 

Data is only transferred to third parties within the framework of legal requirements. Personal data is only disclosed to third parties if this is necessary for contractual purposes or to protect our overriding legitimate interest in the effective operation of our business.

 

If we use service providers or third-party providers in connection with the provision of the website or other services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure adequate protection of personal data.

 

Data transfers to third countries: If we transfer personal data to third countries outside the European Economic Area (EEA), in particular to the USA, this is primarily done on the basis of adequacy decisions by the EU Commission. For the USA, we rely on the EU-US Data Privacy Framework (DPF), provided the respective provider is certified under it. If no adequacy decision exists for the respective country or provider, the transfer takes place on the basis of suitable safeguards, in particular through the conclusion of EU Standard Contractual Clauses (SCCs), accompanied by additional technical and organizational safeguards.

14. RIGHTS OF DATA SUBJECTS

14.1 Right to information

Under the legal conditions, data subjects have the right to request information about the personal data processed concerning them.

14.2 Right to rectification

Data subjects have the right to request the rectification of inaccurate personal data concerning them. They also have the right to request the completion of incomplete personal data.

14.3 Right to erasure

Data subjects have the right, within the framework of the legal requirements, to request the deletion of personal data concerning them.

14.4 Right to restriction of processing

Data subjects have the right, within the framework of the legal requirements, to request a restriction of the processing of personal data concerning them.

14.5 Right to object to processing

Data subjects have the right, within the framework of the legal requirements, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out for the performance of a task carried out in the public interest or in the exercise of official authority, or which is based on legitimate interests. In this case, the data will no longer be processed unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims. Furthermore, data subjects have the right to object at any time to the processing of personal data concerning them for direct marketing purposes; this also applies to any profiling related to such direct marketing.

14.6 Right to withdraw consent

If data subjects have given their consent to processing, they have the right to withdraw their consent within the framework of the legal requirements.

14.7 Right to data portability

Data subjects have the right, within the framework of the legal requirements, to receive the personal data concerning them that they have provided to a controller in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit this data to another controller.

14.8 Exercise of rights

Data subjects can assert their rights by contacting the controller or, where applicable, the data protection officer using the contact details provided above.

 

If data subjects believe that the processing of their personal data violates data protection law, they have the right to lodge a complaint with a data protection supervisory authority.

15. MANDATORY INFORMATION AND PROFILING

The provision of personal data is neither legally nor contractually required. There is no obligation to provide personal data; however, providing personal information is necessary for entering into a contract insofar as certain details are mandatory to conclude (and perform) the contract. No automated decision-making, including profiling, takes place.

16. STORAGE/RETAINING AND DELETION

We adhere to the principles of data avoidance and data minimization and only store your personal data for as long as is necessary to achieve the respective purpose of data processing or as required by statutory retention periods. If the purpose of storage ceases to apply or a statutory retention period expires, the personal data is routinely anonymized or deleted in accordance with legal requirements.

17. INFORMATION SECURITY

We take appropriate technical and organizational measures in accordance with the state of the art to ensure a level of protection appropriate to the risk of the respective processing for the personal data we process and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

 

For security reasons and to protect the transmission of confidential information, such as orders, inquiries, or payment details sent to us, our website uses SSL encryption. Our employees receive regular training in data protection and information security and are bound by confidentiality and data protection obligations.

 

Within the framework of a restrictive rights and roles concept based on "need to know", it is ensured that employees only have access to the personal data that they absolutely need to perform their tasks.

18. CHANGE TO THE PRIVACY POLICY

We reserve the right to amend this privacy policy from time to time to ensure it always complies with current legal requirements and/or to reflect changes to our services, such as the introduction of new services. The current privacy policy always applies to visits to the website and the use of our services.