PRIVACY POLICY

The protection of your data is very important to us. That is why we handle all the information you entrust to us carefully and responsibly. In this privacy policy, you can find out what data we collect, what we use it for and what rights you have.

With this data protection declaration, Be Brave gUG (haftungsbeschränkt) (hereinafter: we, us or ChefTreff) informs you about the processing of your personal data (hereinafter also just data) when you visit our website https://chef-treff.de and use our services.

You will also receive information about the rights to which you are entitled. Data protection is very important to us and we naturally comply with the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (TDDDG).

If you have any questions about data protection, please contact us using the contact details below.

Responsible for data processing:

Be Brave gUG (haftungsbeschränkt)c/o Factory Hammerbrooklyn
Stadtdeich 2-4, 20097 Hamburg
Managing Director: Jan Henri Kalinowski
E-mail: info@chef-treff.de

Data Protection Officer:

If you have any questions about data protection, please contact: datenschutz@chef-treff.de

________________________________________________________________________________

I. Data processing in the context of your visit to our website

We process your personal data in connection with your visit to our website. This is done for the purposes and to the extent described below.

1. provision of our website and services

When you visit our website, we automatically collect and process data from you in order to provide our website and the services provided via it.

We collect and process the following data from you to provide our website:

● the date and time of your access
● the address of the website from which you came to us
● the websites you visit on our site
● information about your internet browser (browser type and version)
● the operating system of the device you use to access our website
● your internet service provider
● your IP address (anonymized)

This information is stored by us in log files for security reasons and deleted after 30 days. The data in the log files is stored separately from your other data.

Longer storage only takes place in individual cases (e.g. suspected misuse or fraud). In these cases, the respective log files are stored until the matter has been clarified.

Hosting: We use the services of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, to host the website. Data processing takes place exclusively in Germany.

Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR or § 25 para. 2 no. 2 TDDDG. We have a legitimate interest in processing your data so that we can offer you our website in a technically flawless, secure and optimized manner.

2. cookies and similar technologies

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your end device. We distinguish between:

Technically necessary cookies: These are required for the basic functions of the website. Legal basis: § 25 para. 2 no. 2 TDDDG

Marketing and analytics cookies: These are used to measure the reach and improve our website and for marketing purposes. Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR or § 25 para. 1 TDDDG (consent)

You can adjust your cookie settings at any time via our cookie banner or configure them in your browser.

3. web analytics and marketing tools

3.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics uses cookies and similar technologies to analyze the use of our website. The information collected is usually transferred to a Google server and stored there.

We have activated IP anonymization so that your IP address is truncated within the EU/EEA. Only in exceptional cases will the full IP address be transmitted to a Google server and truncated there.

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 26 months Objection: You can object to the collection by Google Analytics by installing the browser add-on to deactivate Google Analytics or by adjusting our cookie settings.

3.2 Facebook Pixel

We use the Facebook pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The Facebook pixel enables us to measure the effectiveness of our Facebook ads and to place targeted advertising.

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 180 days

3.3 LinkedIn Pixel

We use the LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 180 days

3.4 TikTok Pixel

We use the TikTok Pixel from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

The TikTok Pixel enables us to measure the effectiveness of our TikTok advertisements and to place targeted advertisements for our young target group.

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 13 months

3.5 Google Ads conversion tracking

We use Google Ads Conversion Tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This tool enables us to measure and optimize the effectiveness of our Google ads.

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 90 days

3.6 Microsoft Advertising Pixel (Bing)

We use the Microsoft Advertising Pixel from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 180 days

3.7 Hotjar

We use Hotjar from Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.

Hotjar enables us to analyze user behavior on our website through heatmaps, session recordings and feedback tools and to improve the user experience.

Processed data:

● Mouse movements and clicks
● Scrolling behavior
● Screen resolution
● Device information
● Anonymized IP address

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 365 days

4. social media plugins

Our website contains plugins from the social networks Facebook, LinkedIn and Instagram. These are only loaded with your consent.

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent)

5. chat support (Chatbase)

We use Chatbase as a chat support tool. Your chat messages and, if applicable, your e-mail address are processed in order to provide you with support.

Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest in customer service) Storage period: 12 months

6. image and video material

6.1 Creation of image and video material

During our events, we take professional photos and videos for documentation, marketing and reporting purposes.

Authorized service provider: Penno Agency, Jonas Penno, Warnstedtstraße 59d, 22525 Hamburg, Germany

Processed data:

● Image recordings of participants, speakers and partners
● Video recordings of presentations and networking situations
● Name and function of the persons depicted (where relevant)

Intended use:

● Marketing and advertising for future events
● Social media posts and website content
● Documentation for partners and sponsors
● Reporting and PR activities
● Creation of highlight videos and aftermovies

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent through event participation) and Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest in event marketing)

Consent: By purchasing a ticket and participating in the event, you agree that recordings in which you appear may be used for the aforementioned purposes.

Right to object: You can object to the use of your recordings at any time. To do so, please contact datenschutz@chef-treff.de. However, recordings that have already been published cannot be removed retroactively.

Storage period: 5 years from creation of the recordings

6.2 Use of participant-generated content

If you publish content (photos, videos, posts) on social media with our event hashtags (#ChefTreff) or tag us, we can use this content for our marketing and PR activities.

Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest in event marketing)

Right to object: You can object to the use of your content at any time.

7. contact

When you contact us by e-mail or via contact forms, the data you provide (e-mail address, name, telephone number) will be stored by us in order to process your inquiries.

Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest in customer relationship) or Art. 6 para. 1 sentence 1 lit. b) GDPR (performance of contract) Storage period: Until your request has been fully processed, but at least 3 years

________________________________________________________________________________

II Event registration and ticketing

1. ticketing via Vivenu

For ticket sales we use the platform of vivenu GmbH, Völklinger Straße 33, 40221 Düsseldorf, Germany. At the event, payments will be processed by Global Event Technologies GmbH & Co KG, Neualmerstraße 37, 5400 Hallein, Austria.

The following data is collected when you book a ticket:

● Surname, first name
● Email address
● Company, position
● Ticket category
● Payment information (processed by the payment service providers)

Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR (contract performance) Storage period: 10 years (retention obligations under tax law)

2. event app (swap card)

For our events, we use the event app of SWAPCARD CORPORATION SAS, 17-21 Rue Saint Fiacre, 75002 Paris, France.

The app enables:

● Networking between participants
● Matchmaking based on interests
● Badge scanning for lead generation
● Access to event information

Processed data:

● Profile data (name, company, position, photo)
● Networking preferences
● Chat messages
● Scanned contacts

Legal basis: Art. 6 para. 1 sentence 1 lit. b) GDPR (contract performance) and Art. 6 para. 1 sentence 1 lit. a) GDPR (consent for extended functions) Storage period: During event participation and 12 months thereafter

________________________________________________________________________________

III Partner and exhibitor services

1. data transfer to partners and exhibitors

As part of our events, we pass on participant data to our partners and exhibitors in order to facilitate networking and business contacts.

Data passed on:

● Surname, first name
● E-mail address
● Company, position
● Professional interests
● Contact preferences

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Note: You can object to the transfer of data when registering or restrict it to certain partners.

2. masterclass registrations

For masterclass registrations, we use Typeform as the front end and AirTable as the database. The data collected is shared with the organizing companies for participant selection.

Tools used:

● Typeform (Typeform Inc., Barcelona, Spain)
● AirTable (Airtable Inc., San Francisco, USA)

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: 24 months

________________________________________________________________________________

IV. Newsletter and marketing

ActiveCampaign

We use ActiveCampaign (ActiveCampaign LLC, Chicago, USA) for our newsletter.

Processed data:

● Email address
● Name
● Opening and click behavior
● Interests and preferences

Legal basis: Art. 6 para. 1 sentence 1 lit. a) GDPR (consent) Storage period: Until you unsubscribe from the newsletter Unsubscribe: Possible at any time via the unsubscribe link in every e-mail

________________________________________________________________________________

V. External service providers and order processing

We work with the following processors:

1. cloud services

● Google Workspace (Google Ireland Limited): Email, cloud storage
● HubSpot (HubSpot Inc., Cambridge, USA): CRM system

2. accounting

● SevDesk (Sevenit GmbH, Offenburg): Invoicing
● DATEV (DATEV eG, Nuremberg): Tax consulting

3. photo/video production

● Penno Agency (Jonas Penno, Warnstedtstraße 59d, 22525 Hamburg): Event documentation

Legal basis: Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest in efficient business processing)

All processors are contractually obliged to process your data only on our behalf and in accordance with our instructions.

________________________________________________________________________________

VI International data transfers

Some of our service providers (ActiveCampaign, HubSpot, AirTable) are based in the USA. The data transfer takes place on the basis of:

● EU-US Data Privacy Framework (adequacy decision pursuant to Art. 45 GDPR)
● Standard contractual clauses of the EU Commission
● Your express consent (Art. 49 para. 1 lit. a GDPR)

________________________________________________________________________________

VII Storage period and deletion

Participant data: 3 years after the last event (with the option of early deletion on request) Partner/exhibitor data: For the duration of the business relationship plus 3 years Newsletter data: Until unsubscription Accounting data: 10 years (statutory retention obligation) Website log files: 30 days Marketing cookies: 26 months (Google Analytics), 180 days (Social Media Pixel)

Important note: You can request the deletion of your data at any time, provided there are no legal obligations to retain it.

________________________________________________________________________________

VIII. Your rights

You have the following rights regarding your personal data:

1. right to information (Art. 15 GDPR)

You can request information about the data processed by us.

2. right of rectification (Art. 16 GDPR)

You can request the correction of incorrect data.

3. right to erasure (Art. 17 GDPR)

You can request the deletion of your data, insofar as there are no statutory retention obligations.

4. restriction of processing (Art. 18 GDPR)

You can request the restriction of processing.

5. data portability (Art. 20 GDPR)

You can request the transfer of your data to another provider.

6. right to object (Art. 21 GDPR)

You can object to the processing of your data on the grounds of legitimate interest.

7. revocation of consent (Art. 7 para. 3 GDPR)

You can revoke your consent at any time for the future.

8. right of appeal

You have the right to lodge a complaint with a data protection supervisory authority.

Responsible supervisory authority: The Hamburg Commissioner for Data Protection and Freedom of Information Kurt-Schumacher-Allee 4, 20097 Hamburg E-Mail: mailbox@datenschutz.hamburg.de

________________________________________________________________________________

IX. Contact

For questions about data protection or to exercise your rights, please contact:

Be Brave gUG (haftungsbeschränkt)
c/o Factory HammerbrooklynStadtdeich 2-4, 20097 Hamburg
E-mail: datenschutz@chef-treff.de

________________________________________________________________________________

Status: September 2025

Note: This privacy policy may be adapted in the event of changes to our data processing or changes to the legal situation. You will always find the current version on our website.

Relevant legal texts

You can access the provisions of the GDPR here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679

You can access the provisions of the other laws mentioned in this data protection notice here: https://www.gesetze-im-internet.de/aktuell.html