Privacy Policy of meplan GmbH

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by meplan GmbH and your rights.

Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data means, that no personal reference to the individual/user can be made.

Responsible body and data protection officer

Company address
meplan GmbH
Am Messesee 2
81829 München

Company’s contact information
E-Mail :
Phone : +49 89 540267980

Contact info of the data protection officer

Your rights as a data subject

We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 – 22 GDPR, and include:

• The right of access (Art. 15 GDPR),
• The right to rectification (Art. 16 GDPR),
• The right to data portability (Art. 20 GDPR),
• The right to object to data processing (Art. 21 GDPR),
• The right to erasure / right to be forgotten (Art. 17 GDPR),
• The right to restriction of data processing (Art. 18 GDPR).

To exercise these rights, please contact: The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.

Right to object

Please note the following with respect to your right to object:

If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.

If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to:

Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.

We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

Purposes and legal bases of data processing

The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.

Your consent also constitutes a legal basis for data processing. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.

Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.

Data transfers / Disclosure to third parties

We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

In our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
To the extent permitted by law (as described above), we pass on personal data to our group companies for the performance of the contract and for reporting purposes.

In certain cases, service providers support our specialist departments in the fulfilment of their tasks and may receive data. The necessary data protection contracts have been concluded with all service providers.

The following organisations may receive your data:

• IT services such as external data centres, support/maintenance of IT applications, logistics, courier services, printing services, archiving, document processing, data destruction, purchasing/procurement, customer administration, letter shops, marketing, telephony, website management, tax consultancy, auditing services, credit institutions,
• Bodies and institutions based on our legitimate interest or the legitimate interest of the third party (e.g. authorities, credit agencies, debt collection agencies, lawyers, courts, experts and supervisory bodies),
• Other bodies for which you have given us your consent to transfer data,
• Meta Platforms inc.
• Subcontractors (e.g. configure booth)
• Messe München GmbH

Data may be transferred to certain public authorities, e.g. tax authorities and possibly also law enforcement or customs authorities, in cases provided for by law.

Transfers of personal data to third countries

A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law, if necessary for the conclusion or performance of a contract concluded or if you have provided your consent for such a transfer.

We transfer your personal data to service providers or group companies outside the European Economic Area. In such cases, compliance with the level of data protection is ensured by: EU Standard Contractual Clauses.

Period of data storage

We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.

We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is three years.

Secure transfer of data

We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.

The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website, and always use the current encryption protocols. It is also possible to use alternative communication channels (e.g. surface mail).

Obligation to provide data

A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide.

We have summarised the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.

Data categories, sources and origin of data

The data we process is defined by the relevant context: it depends on whether, for example, you place an order online, enter a request on our contact form or if you want to send us an application or submit a complaint.

Please note that we may also provide information at specific points for specific processing situations separately where appropriate, e.g. when uploading application documents or when making a contact request.

We collect and process the following data when you visit our website:

• Access to website: date, time, frequency
• How you reached the website (previous page, hyperlink, etc.)
• Amount of data sent
• Which browser and which version of it you are using
• (Your) IP address used

For reasons of technical security (in particular to safeguard against attempts to attack of our web server), this data is stored on our server in accordance with Article 6 (1) lit f GDPR.

A log file analysis is performed to improve our offer. The server log files may only be stored for longer, disclosed or subsequently accessed and checked if this is permitted within the legal framework (e.g. in the event of suspected illegal activities).

Anonymisation takes place no later than seven days by abbreviating of the IP address so that no reference is possible to the user.

Contact form / Contact via e-mail (Article 6 (1) lit a, b GDPR)

A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.

In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your e-mail address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).
In order to protect the security and confidentiality of your data in the best way possible, we implement appropriate security measures. Your enquiry will be transmitted to us in encrypted form.

If you contact us by e-mail, we will process the personal information provided in the e-mail solely for the purpose of processing your request. If you do not contact us using the forms provided, no additional data will be collected.

Budget Planner

If you request a quote via our Budget Planner, we will use the personal data you provide to send you a quote for your exhibition stand. The legal basis for this is Article 6 (1) lit b GDPR (measures preliminary to entering into a contract). The Budget Planner is provided by Spleen Advertising GmbH, Nordendstraße 43 Rgb, 80801 München.

Service providers for the provision of this offer are usually processors within the meaning of Art. 4 No. 8 GDPR, with whom an agreement on order processing pursuant to Art. 28 GDPR has been concluded. If service providers are used who are not processors, they are also contractually obliged to keep your data confidential. Processing of your data for purposes other than those mentioned above is therefore excluded.

If you give us your consent in accordance with Art. 6 (1) lit. a GDPR, we will also transmit your data to the M or the organiser of the respective event in order to provide you with further offers for your possible trade fair appearance. You can revoke this consent for the future at any time by e-mail to without affecting the legality of the processing carried out on the basis of the consent until revocation.

We will store your data until the end of the registration period for the subsequent event for which you have expressed interest and will contact you in advance of this event for advertising purposes in accordance with § 7 UWG and Art. 6 (1) lit f GDPR. In our opinion, the legitimate interest of meplan GmbH an in a promotional approach outweighs the restriction of your rights and freedoms.

You can object to the processing of your personal data for advertising purposes at any time by sending an e-mail to

Newsletter (Art. 6 (1) lit a GDPR)

You can subscribe to a free newsletter on our website. The e-mail address and name you provided when you subscribed to the newsletter will be used to send the personalised newsletter.

For the technical delivery of the newsletter, we use our service provider Brevo from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, which provides a SaaS solution for e-mail marketing. Brevo can be used to plan, organise and analyse newsletter distribution. Your data is stored and processed on servers in Germany. We have concluded the necessary contractual agreements with Brevo, in which we oblige Brevo to protect our customers’ data.

The principle of data minimisation and data avoidance is observed here, as only the e-mail address (where appropriate the name in the case of a personalised newsletter) is mandatory. Your IP address will also be processed when you subscribe to the newsletter for technical reasons and legal protection.

We use the so-called double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have previously expressly confirmed that we should activate the newsletter service. We do this by sending you a notification e-mail and asking you to confirm that you wish to receive our newsletter at this e-mail address by clicking on a link contained in this e-mail.

You can of course terminate the subscription at any time via the opt-out option provided in the newsletter and therefore withdraw your consent. You can also unsubscribe from the newsletter via our website.

Marketing purposes (Art. 6 (1) lit f GDPR)

Meplan GmbH is keen to nurture the customer relationship with you and to send you information and offers about our product / services for marketing purposes. We therefore process your data to send you the relevant information and offers via e-mail.

You may object to the use of your personal data for the purpose of direct marketing at any time; this also applies to profiling insofar as it is associated with direct marketing. If you object, we will cease processing your personal information for this purpose.

You can withdraw your consent at any time free of charge and informally without stating the reasons for such and should be addressed to +49 89 540267980, sent via e-mail to or via surface mail to meplan GmbH
Am Messesee 2, 81829 München.

Automated decisions in individual cases

We do not use purely automated processing to make decisions.

Cookies (Art. 6 (1) lit. a, f GDPR, § 25 (1, 2) TTDSG

On our website, we are using so-called cookies. Cookies use to make our content more user-friendly, effective and secure. Cookies are small text-files which are stored (locally) in your devices´ browser. Cookies are containing pseudonymous data only, in most cases even only anonymous data. Some cookies are persisting for a single browsing session (so-called session-cookies), others are active for a longer period of time (so-called persistent cookies, such as e.g. the ones used to save consent-settings). The latter kind of cookies is subject to auto-deletion after its pre-set expiration. Besides our own cookies, we are also making use of cookies controlled by third parties. These may use the information contained in the cookies to, e.g. show you content or to track the sites you have visited.

Based on our legitimate interest (Art. 6 (1), lit a GDPR), we are using technically required cookies, which are mandatory to operate the website as such and to operate it technically perfect. Additionally, and again without your consent, we use cookies which´s sole purpose is to store or access information for transmitting messages or to offer services you expressly request, § 25 II TTDSG.

With your consent, further cookies may be used, which enable us respectively third parties to analyze how our services are used. So, we can design our content according to our users´ preferences. Additionally, we may measure a single ad´s effectiveness and to place it according to the users´ interest in certain themes. The legal basis, here, is your express consent (Art. 6 (1) lit a GDPR, § 25 (1) TTDSG).

You may revoke your consent anytime and with effect for the future, as well as you may change your cookie-settings via our consent-banner. Please remember, that all changes must be made per device.

Should you have accounts with the third party providers of ours and be logged into these while sufing our website, your data may be linked to your respective account. Such linking may be prevented by refusing to consent into the use of the respective cookies, to withdraw such consent if previously declared or by logging off the respective accounts before surfing our website.

Most browsers accept cookies automatically. However, you may deactivate, restrict or delete cookies manually by your browsers´ settings or software-based. Should cookies be deactivated, our website may eventually not be used anymore or to a limited extent, only.

Please check also our information on cookies located in our privacy statements´ respective part on the single service using cookies.

Google Analytics

Our website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), on the basis of your consent (Art. 6 (1) lit. a GDPR, as well as § 25 (1) TTDSG). Google Analytics uses so-called “cookies”. These are text files that are stored on your end device and enable your use of the website to be analysed. The information stored in this way is usually transferred to a Google server in the USA and stored there. If IP anonymisation is activated, your IP address will be shortened before the data transfer and within the European Union or contracting states of the European Economic Area. An unabridged transmission of the full IP address to Google only takes place in exceptional cases.
On behalf of the operator of this website, Google will process this information on our behalf to analyse your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Sessions and campaigns are ended after a certain period of time. By default, sessions are terminated after 30 minutes of inactivity and campaigns after six months. Users’ personal data is deleted or anonymised after 14 months.
Google processes and stores your data in the USA. Appropriate contractual provisions and guarantees ensure compliance with the European level of data protection for data transfer and processing in third countries. Data processing or storage in third countries may also take place on the basis of your consent (Art. 49 (1),1 lit. a GDPR); in this case, you will be informed separately when your consent is obtained, as well as the possibility of revocation.
Further information on terms of use and data protection can be found at and

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:
You can revoke your consent at any time with effect for the future. To do so, simply call up our consent banner and deselect the corresponding consent. Please note that the change in the consent banner settings must be made individually for each end device.

This website uses the IP anonymisation function of Google Analytics. Furthermore, a contract for commissioned data processing has been concluded with Google. You also have the option of deactivating Google Analytics using a browser add-on.

You can find more information on this at
(general information on Google Analytics and data protection).

We use the services of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to display the cookies and tools used via a consent banner directly on our website, via which you visit our online offer, as well as the extended setting options that can be accessed via this banner. The processing of data in connection with Cookiebot is based on our legitimate interest for the purpose of user-friendly consent management. The legal basis for data processing is Art. 6 (1) lit. f GDPR, § 25 (2) no. 2 TTDSG. The necessary contract for data processing by Usercentrics A/S has been concluded, we have contractually integrated Cookiebot as a processor in accordance with data protection regulations.
Cookiebot is used after a comprehensive weighing of interests. The focus is on the interest in the simplest possible and centralised consent control, which records all data connections from third parties as well as tools requiring consent and offers you, among other things, a simple revocation option. The settings are stored on your end device using cookies. You can also delete these manually at any time, so that our interest in using Cookiebot ultimately outweighs any conflicting interests of users.
If you activate or prevent the use of certain offers via our consent banner, we store this via a consent cookie on your end device. This storage is necessary for the technical implementation of consent management and serves us for verification purposes. We also analyse usage in order to be able to measure how consent collection works.
You can change your settings and the settings made via Cookiebot in our consent banner at any time with effect for the future. To do this, simply call up our consent banner.
You can object to data processing at any time. Please note that it will then not be possible to use our website. To exercise your objection, delete the cookies set in your browser. You are also welcome to contact us, we will be happy to assist you in exercising your objection.
Further information on data processing can be found in the privacy policy of Usercentrics A/S at:

We use the web design tool Unbounce on our website. This is provided by the Canadian company Unbounce Marketing Solutions Inc, 500-401 West Georgia St. Vancouver, BC, V6B 5A1, Canada.
The processed data may also be transferred to servers in Canada (third country outside the EU/EEA). For Canada, the European Commission has issued an adequacy decision ( in accordance with Art. 45 (2) GDPR, which means that data transfer to this country is generally permitted.
Unbounce is a cloud-based marketing platform for the creation of customised landing pages and for analyses of user behaviour via A/B testing. This allows us to show you our website with slightly different content depending on the profile assignment. This enables us to analyse and regularly improve our offer and make it more interesting for you as a user. Cookies are stored on your computer for this analysis. Individual subpages of our website are hosted by Unbounce. When you access these pages, your IP address is transmitted to Unbounce and cookies may be set. All information that you enter on these pages is also stored by Unbounce. We are then provided with an anonymous analysis of the activities. Further information can be found at

You can prevent the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we would like to point out that you may not be able to use our website to its full extent. You can prevent the storage of cookies by changing the settings in your browser. The IP addresses are further processed in abbreviated form before being analysed, so that they cannot be directly linked to a specific person. The IP address transmitted by your browser is not merged with other data collected by us. The legal basis for the processing is your consent in accordance with Art. 6 (1) lit. a GDPR, as well as § 25 (1,2) TTDSG.

Application portal (Art. 6 (1) lit a, b GDPR)

Thank you for your interest in the activities of our meplan GmbH. We are aware of the importance of your data and process the personal data you provide on the application form solely for the purposes of the effective and correct execution of the application process and for contacting you during the application process. We shall not disclose data to third parties without your consent.

As part of the application form you will be asked to provide personal information. In doing so, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to carry out a review of your application documents, e.g.: your curriculum vitae or if we are legally obliged to collect such information. The mandatory fields are marked with a (*). Your IP address will also be processed for technical reasons and for legal protection.

We cannot review your application documents without this data, so in this case our application system will not allow to upload the application documents. You can, of course, submit voluntary information on the application form.

We implement the appropriate security measures to ensure the optimum protection of your data. Your application documents will be encrypted and transmitted to us through our application system.

We store your data for the above purpose until the application process has been completed and the relevant deadlines have expired, which will be no later than six months after the receipt of a decision. However, you may allow us to store your application documents for a longer period to review them for other vacancies that match your profile.

We require your consent for this, which you can provide by clicking the checkbox prior to uploading your application documents. In this case, we will store your data for twelve months. You can withdraw your consent at any time without stating the reasons for such with effect for the future by phone: +49 89 540267980, via e-mail to or via surface mail to meplan GmbH, Am Messesee 2, 81829 München, Germany.

Links to other providers

Our website also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.

The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.
Social media links

On our website you will find links to our social media platforms on LinkedIn, Meta / Facebook, Instagram and YouTube. You can recognise links to the websites of the social media platforms by the respective company logo. If you follow these links, you will reach meplan GmbH corporate presence on the respective social media platform. When you click on a link to a social media platform, a connection is established to the servers of the social media platform. This informs the social media platform’s servers that you have visited our website. In addition, further data is transmitted to the provider of the social media platform. These are, for example:

• Address of the website on which the activated link is located
• Date and time of accessing the website or activating the link
• Information about the browser and operating system used
• IP address

If you are already logged in to the corresponding social media platform at the time the link is activated, the provider of the social media platform may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media platform. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media platforms are located in countries outside the European Union. The data may therefore also be processed by the provider of the social media platform in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as is the case in the member states of the European Union.

Please note that we have no influence on the scope, type and purpose of data processing by the provider of the social media platform. For more information on the use of your data by the social media services integrated on our website, please refer to the privacy policy of the respective social media platform.

Information on data protection in social media

We maintain social media presences, in this case on Facebook, Instagram, LinkedIn, Xing and YouTube. Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information on data protection law in relation to our websites.

Name and address of the person responsible for operations
In addition to us, the controller for the company websites within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is

(LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
(New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)
(Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)

However, you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
We would also like to point out that your data may be processed outside the European Union. With regard to the US providers, we would like to point out that these providers are obliged by corresponding contractual regulations to comply with the data protection standards of the EU.

Purpose and legal basis
We maintain the fan pages ourselves in order to communicate with visitors to these pages and to inform them about our offers in this way.
In addition, your personal data is processed by the social media providers for market research and advertising purposes. For example, it is possible that user profiles are created based on your usage behaviour and the resulting interests. This allows, among other things, adverts to be placed within and outside the platforms that correspond to your interests. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not collected directly on your end devices may also be stored in your user profiles. Data is also stored and analysed across devices; this applies in particular, but not exclusively, if you are registered as a member and have logged in to the respective platforms are logged in. We do not collect or process any other personal data.
The processing of your personal data by us is based on our legitimate interests in effective information and communication in accordance with Art. 6 (1) lit. f. GDPR.
If you are asked to consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis for processing is Art. 6 (1) lit. a., Art. 7 GDPR.

Your rights / possibility to object
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must

• log out of the respective network before visiting our fan page,
• delete the cookies on your device and
• close and restart your browser.

However, after logging in again, you will be recognisable to the network as a specific user.

For a detailed description of the respective processing, please refer to the information linked below:

Privacy policy:
Privacy policy:
Privacy policy:
Privacy policy:
Privacy policy:

Overall, you have the following rights regarding the processing of your personal data:
Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint about unlawful processing of your personal data with the competent data protection authority.

However, as we do not have full access to your personal data, you should contact the social media providers directly when asserting your rights, as they have access to the personal data of their users and can take appropriate measures and provide information.
Should you nevertheless require assistance, we will of course endeavour to support you. Please contact

We use the HootSuite platform on our website, which is provided by HootSuite Media Inc, 5 East 8th Avenue, Vancouver, V5T 1R6, Canada.
With the help of HootSuite, content can be generated and posted for our social media platforms. In addition, analyses and data evaluations of our social media platforms can be created. It allows us to centrally manage our social media accounts and manage our marketing and advertising campaigns as well as interact with our customers and analyse these activities.

The processed data can also be transferred to servers in Canada (third country outside the EU/EEA). For Canada, the European Commission has issued an adequacy decision ( in accordance with Art. 45 (2) GDPR, which means that data transfer to this country is generally permitted. The legal basis for this processing is Art. 6 (1) lit. a GDPR.
HootSuite is used to process personal data when you contact us via our social media platforms. Here, the IP address, as well as log and usage data are recorded for statistical purposes. Other personal data is also collected if you share or upload it via our social media platforms. More detailed information on the processing of data by HootSuite can be found at

The current version is dated (February 2024).

This site is registered on as a development site. Switch to a production site key to remove this banner.