Privacy Policy

For the purposes of this Privacy Policy and within the meaning of the General Data Protection Regulation (“GDPR”), other data protection laws applicable in Member states of the European Union and other provisions related to data protection, the Controller in relation to the Heroes of Data & Privacy website (“Website”, URL: and to the Heroes of Data & Privacy event (“Event”) is:

JENTIS GmbH Schönbrunner Street 231
1120 Vienna, Austria
Company register: FN 529675i, Commercial Court of Vienna
Contact details of the data protection officer: DataCo GmbH, Dachauer Street 65, 80335 Munich, Germany, +49 89 7400 45840,

This Privacy Policy describes the types of personal data collected, how such data is being used as well as what your rights and choices are in relation to your personal data processed when you visit the Website and interact with it. The Website is not intended for children and we do not knowingly collect data relating to children.

Furthermore, this Privacy Policy covers the scope and nature of the personal data we collect in relation to the event management, photo and videorecording and the streaming of the Heroes of Data & Privacy Event. You will find detailed information on the ways the data, which you provide in the course of registration and attendance of the Event, is being processed, what your rights are and how to exercise them. This Privacy Policy does not apply to any third-party websites, services or applications, even if they may be accessible through this Website.

1. General information on data protection

The term “personal data” is defined by the GDPR as any information relating to an identified or identifiable natural person (“data subject”). Personal data is any data that allows you to be identified or that can be linked to you.

Scope of the processing of personal data

As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is carried out with the consent of the user, unless exceptions provided by the law apply.

Legal basis for the processing of personal data I

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) p. 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) sentence 1 lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) p. 1 lit. f GDPR serves as the legal basis for the processing.

Data erasure and storage period

The personal data of the data subject will be deleted as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this is required by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

2. Use of cookies

We exclusively use our own JENTIS first-party cookies, which allow JENTIS to retain full control over the data collected, processed on the JENTIS server and owned by JENTIS. We may set two types of cookies:

Essential cookies: These are cookies that we set automatically, when you visit our Website. We currently set a cookie as part of our Consent Management Platform (CMP) to ensure that when you return to our Website, we know which cookie option you selected on your previous visit. This enables us to fulfill our legal obligation to document your consent. Furthermore, we use first-party cookies to collect non-personally identifiable aggregate statistics about your visit. By storing a randomly generated Client ID and Session ID on your device, we enable our JENTIS Data Capture Platform (DCP) to capture a limited amount of data strictly necessary to measure the audience, website usage and performance of our Website, modify this data to remove any identifiers and / or pseudonymise it, and only then forward the de-personalised data to a connected analytics tool (Google Analytics, provided by Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA)

In doing so, we receive the following aggregated statistical reports:

This allows us to resolve navigation and performance issues, which is necessary for the proper functioning and day-to-day administration of the Website.

Analytics cookies:

If you consent to our first-party cookies via the CMP banner, we may use these cookies for more detailed personal and non-personal data analysis, e.g. with regard to the effectiveness of marketing campaigns, and track the users’ interaction with the Website to optimise the Website’s content. All personal data is processed on the JENTIS Twin Server (proxy server). You are free to reject our Analytics cookies – either via the CMP banner you will see on the first page you visit or by preventing the setting of cookies by our Website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using a common Internet browser or other software programs. However, if you deactivate the setting of any cookies, it may not be possible to use all the functions of our Website to their full extent. If you do not make a selection in the CMP banner, only essential cookies will be set and the banner will be displayed again each time you visit our Website.

3. Data processing in relation to the Website
3.1 Website hosting

Scope of data processing

The Website is hosted on servers by a service provider commissioned by us. Our service provider is: easyname GmbH, Canettistraße 5/10 , 1100 Vienna, Austria. The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the Website.

The information stored is:

This data is not merged with other data sources.

Legal basis for data processing

The collection of this data is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR in the technically error-free presentation and optimisation of the Website - for this purpose, the server log files must be collected. The location of the Website's server is geographically in the European Union (EU) or the European Economic Area (EEA).

Right to object and erasure

You can object at any time to this processing of this personal data or request its erasure by sending us an informal email here (see 10.). However, this could impede the correct functioning of our Website.

3.2 Website analytics

With respect for the privacy of our Website visitors as well as data protection requirements, we have limited the purpose of data processing via our JENTIS DCP to aggregated audience measurement and statistical analyses by:

For this purpose, we will automatically collect the following personal data about you during your visit to our Website:

Data pseudonymisation

We do not draw any conclusions about individual visitors to the Website. Via the JENTIS DCP, we are able to modify the captured personal data and have full control over the purpose of data processing. We apply a de-identification mechanism on our JENTIS Twin Server that automatically shortens IP addresses, making it impossible to identify a specific European visitor by IP address alone. Furthermore, we pseudonymise all other personal data, so it cannot be attributed to an identified or identifiable individual by the third-party provider of the analytics tool, even if cross-checked with other information. As a result, we are able to apply supplementary measures for the protection of your personal data and minimise the scope of data processing to de-identified strictly necessary data for the proper functioning and day-to-day administration operations of the Website.

Legal basis

Drawing on these safeguards and after careful assessment, we process this data on the basis of our legitimate interest to optimise the Website’s security and usability for our visitors. (Art. 6 (1) (f) GDPR). If you give us your voluntary and explicit consent (Art.6 (1) (a) GDPR) via the CMP banner, your personal data would further be processed for the measurement of our marketing campaigns’ effectiveness, i.e. the total number of users who responded to our advertisement, again without being transferred to the tool provider. All data in the server log files is stored separately from any personal data of the website visitor. As a result, your personal data remains in the EU and is not transferred to any third country.

Right to object, revocation of consent and erasure

You may object to the data processing, based on our legitimate interest, and you may freely revoke consent or request the erasure of your data at any time by simply sending us an email (see 10.).

3.3 Contact possibility via the Website

This Website contains information that enables a quick electronic contact, as well as direct communication with us, which also includes a general email address. If a data subject contacts us via email or a contact form, the personal data transmitted as the result are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data Controller is stored for the purpose of contacting the data subject. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6. (1)(f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (a) GDPR.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Data subjects can communicate their revocation of consent and objection to storage at any time here (see 10.). All personal data stored in the course of contacting us will be deleted in this case.

4. Data processing in relation to the Heroes of Data & Privacy Event

4.1 Event management

We use Eventjet, a service provided by Datascroll Eventsupport GmbH for managing the registrations for the Heroes of Data & Privacy event (“Event”). Contact details of Datascroll Eventsupport GmbH are Eggerthgasse 9 1060 Wien Austria, URL: To register for the Event, you must purchase a ticket or redeem a voucher code via Eventjet. You will be redirected from our Website to the Eventjet plattform. . To execute your order, Eventjet will process various data from you. Detailed information on how Eventjet processes your personal data necessary for the registration process, can be found here:

We may have access to the following personal data:

We need this data to manage Heroes of Data & Privacy, to give you relevant information about the Event and to be able to respond to any queries you may send us as part of the associated user contract as per Art 6 (1)(b) GDPR. Eventjet Website may use cookies. If you want to erase your data, please send us an email here (see 10.). We would be happy to comply with your request, provided it does not involve data we are required to retain under commercial or tax law. In that case, continued storage of your data is based on Art 6 (1)(c) GDPR.

4.2 Photo and video recordings

We will photo, audio and video record the Event and/or broadcast it through web streaming. This is done with the purpose to document the Event and inform the general public about our activities. The publication of the recordings might be on a publicly available website and / or be shared via social media channels. In the course of the Event, automation-supported, personal photographs and video recordings serve this documentation and information purpose. The processing of the photo and video material is based on our legitimate interest within the meaning of Art. 6 (1) (f) GDPR to document its activities and to report on them in a transparent manner. There is neither a contractual nor a legal obligation to process this data; failure to provide the data will have no consequences. We take care to ensure that production of image and video material does not unduly interfere with the rights and freedoms of natural persons.

The wish not to be depicted in photographs or video recordings shall be respected, especially in the case of individual recordings. You have the right to object to this data processing on grounds relating to your person. To exercise this right, please send us your justified objection, if possible mentioning the Event, here (see 10.).

The storage period is limited to its purpose. Image and video material is generally deleted at the end of the second calendar year after it was taken. Deletion on websites or social media platforms shall take place within the scope of technical possibilities.

After careful selection, the image and video material will be transmitted to the following categories of recipients or published in the following media:

4.3 Streaming of the Event

We may stream the Event for the purpose of reaching people who cannot directly attend the Event, especially due to the ongoing COVID-19 pandemic. As part of the live stream of the Event, only the stage area is filmed and the associated videos and sound recordings are processed. The processing of the video material is based on the legitimate interest within the meaning of Art. 6 (1) (f) GDPR of the data Controller to reach a larger group of people via livestreams despite the COVID-19 pandemic. You have the right to object to this data processing on grounds relating to your person. To exercise this right, please send us address your justified objection, if possible mentioning the Event, here (see 10.). The data will only be streamed for the duration of the livestream.

The livestream is provided via common streaming platforms.

4.4 Business (non-personal) data tracking

On this website, data is collected and stored for marketing and market research purposes using the SalesViewer technology of SalesViewer GmbH on the basis of legitimate interests of the website operator pursuant to Art. 6 (1) (f) GDPR. For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage.

The data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website. The data stored as part of SalesViewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. You can object to the collection and storage of data at any time with effect for the future by clicking on this link to prevent the collection by SalesViewer within this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again.

5. Period of retention of personal data

Your personal data will be stored for as long as this is necessary for achieving the defined purposes of processing. After expiration of that period, the corresponding data is routinely erased as long as it is no longer necessary for the initiation or the fulfillment of contractual obligations.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another authorised legislator expires, the personal data are routinely erased in accordance with legal requirements.

6. Third-party disclosure

We use a select number of trusted external service providers for certain technical data analyses, and processing and/or storage offerings (e.g., IT and related services). We may also use the assistance of third parties to improve our Website as well as certain tools for our marketing activities. These third-party service providers are carefully selected and meet high data protection and security standards. We contractually obligate them to keep any information we share with them confidential and to process personal data only according to our instructions. The legal basis for such processing would be legitimate interest pursuant to Art. 6(1)(f) GDPR.

If you give us your consent to do so, we may share your data with our marketing partners or sponsors who may send you information about their services and events. You will see the consent options when you purchase the tickets in the course of the registration process. In addition to service providers, other categories of third parties may include vendors and / or public institutions. To the extent that this is necessary in order to make use of certain services requiring special expertise (such as legal, accounting or auditing services) we may share personal data with vendors of such services or public institutions that offer them.

The legal basis of this data processing is Art. 6(1)(f) GDPR.

7. Data transfer to third countries

Our use of third-party services may result in the transfer of your personal data outside the EU/EEA, including to third-party companies (contracted service providers), insofar as this is expedient for the data processing described in this Privacy Policy. The recipients are obliged to protect your data to the same extent as we do. If the level of data protection in a particular country is lower than in the EU, we will ensure that this is not the case by concluding EU standard contractual clauses for the transfer of personal data to third countries, which ensure that the level of protection for your personal data in the third country is equivalent to that in the EU due to technical and organisational measures.

8. Data security

We are very committed to establishing internal procedures to ensure that your personal information is both accurate and protected from accidental loss, unauthorised access, use, alteration, or disclosure. However, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by post.

9. Rights of the data subject

You may at any time and at no cost request us to provide you with information about your personal data processed by us, correction of any errors in your personal data, termination of processing of your personal data, or erasure of your personal data – subject to mandatory legal provisions or obligations to the contrary.

In particular, if you qualify as the “data subject” under the terms of GDPR,

Exercise of data subject rights

To exercise your rights, please send us your request to, if possible with information about the data processing to which you are referring to. Please include any information that would help us identify you in our database, such as your full name and email address.

10. Exercise of right to object

If you have any questions or concerns about the processing of your personal data or wish to exercise your right to object, you may contact our privacy team by sending an email. Please include in your email the subject of your message and provide any additional information about the data processing to which you are referring. We require your email address to respond to your request and to ensure that we comply with your rights. We will not use your email address or any information provided in the email for any other purpose.

11. Changes to the Privacy Policy

We may need to make changes to this Privacy Policy. The privacy legislation is still evolving and governmental authorities issue guidelines and updates on a regular basis. We may need to change our Privacy Policy to ensure that we implement such recommendations or if we change the way we sell our products or provide our services. We will notify you of any non-trivial changes to this Privacy Policy via email should this option be available to us.

12. Contact details

Please address any questions or requests in connection with this Privacy Policy by contacting us at any time by letter or email at:

JENTIS GmbH ,Schönbrunner Straße 231 1120 Vienna Austria

Phone: +43 1 997 43 54 ,Email:, Website:, Business Register: FN 529675i Commercial Court of Vienna

Status: March 2023