Privacy Notice – ICPM 2026 Hackathon

Last updated: 30 January 2026

Event: ICPM 2026 Hackathon (the “Event”)

Organizer/Controller: PI360 – The Process Intelligence Network gUG (haftungsbeschränkt), a German nonprofit company (“PI360,” “we,” “us,” or “our”)

Venue: Karlsruhe, Germany

Dates: February 2nd – March 11th 2026

This Privacy Notice explains how PI360 processes personal data in connection with the sale of tickets and the organization of the Event, and describes your rights under the EU General Data Protection Regulation (GDPR) and German law.

1) Scope of this Notice

1.1 Ticket buyers, registered attendees, sponsors, exhibitors, and other participants of the Event.

1.2 Individuals who interact with us before, during, and after the event (e.g., inquiries, support, feedback, marketing preferences).

1.3 Website users of event pages we operate (including third-party ticketing pages, event management, as well as payment processing pages) and on-site interactions at the venue.

2) Categories of Personal Data We Process

We may collect and process the following data (depending on your role and interactions):

2.1 Identification & contact: Name, company/organization, email.

2.2 Ticketing & attendance: Ticket type, ticket ID/QR code, check-in status, session registrations/preference lists.

2.3 Communication & preferences: Language preference, dietary choices, accessibility needs, session interests.

2.4 Media: Photography, video, and audio recordings captured at the event (which may include your image/likeness and voice).

2.5 Technical & usage (online): Device/browser information, IP address, timestamps, referral URLs, basic analytics/cookies from ticketing platforms and event pages.

3) Sources of Personal Data

3.1 Directly from you during registration, purchase, communication, or onsite participation.

3.2 From your organization (e.g., if a company purchases tickets and assigns attendees).

3.3 From service providers (e.g., ticketing/payment platforms) for operational purposes.

3.4 From public professional sources (limited, e.g., speaker bios or company details you publish).

4) Purposes of Processing

4.1 Ticketing & registration: issue tickets, verify identity, manage badges, seating/session capacity.

4.2 Event operations: schedule management, remote session delivery, software provisioning & software platform operations (opt-in).

4.3 Communications: confirmations, updates, logistics, program changes, support.

4.4 Marketing: event updates and future events; unsubscribe anytime.

4.5 Photography/recordings: documentation, marketing, press, archival and educational uses.

4.6 Security & compliance: access control, incident handling, legal requests.

4.7 Analytics: improve event quality and user experience (aggregate insights).

5) Legal Bases (GDPR Art. 6)

5.1 Contractual necessity (Art. 6(1)(b)) – to sell and deliver tickets, and run the event you registered for.

5.2 Legal obligations (Art. 6(1)(c)) – tax, accounting, and mandatory reporting.

5.3 Legitimate interests (Art. 6(1)(f)) – event security, fraud prevention, operational analytics, basic photography/recording for documentation/marketing (balanced against your rights), software provisioning (based on optional, opt-in license allocation for the Event).

5.4 Consent (Art. 6(1)(a)) – where required (e.g., marketing emails, certain cookies/analytics, processing of special categories of data like accessibility/dietary needs). You can withdraw consent at any time without affecting prior lawful processing.

6) Recipients & Categories of Third Parties

6.1 Ticketing & registration providers (e.g., pretix).

6.2 Venue & operations partners (venue management, security, catering, AV/recording providers).

6.3 IT & hosting providers (email, CRM, analytics, web hosting).

6.4 Sponsors/exhibitors (email, affiliation - you can withdraw your consent at any time).

6.5 Public authorities where required by law (e.g., safety incidents, tax audits).

6.6 Other registered attendees/participants where unavoidable (i.e. within optionally provisioned software, in case it is not possible to restrict the visibility of names and email addresses in such platforms).

7) International Data Transfers

If data is transferred outside the EU/EEA, we use appropriate safeguards such as:

7.1 Adequacy decisions by the European Commission (where applicable).

7.2 Standard Contractual Clauses (SCCs) combined with supplementary measures.

7.3 Data Processing Agreements and risk assessments with vendors.

You may request information about specific transfer mechanisms used for your data.

8) Retention Periods

8.1 Ticketing & attendance records: generally up to 24 months after the event to handle support queries and planning, unless a longer period is required for legitimate interests or legal defense.

8.2 Invoices & financial records: typically 10 years under German tax/accounting laws.

8.3 Marketing preferences & contact data: until you withdraw consent or object, and for a reasonable period thereafter to maintain suppression lists.

8.4 Photography/recordings: retained for documentation and marketing archives for a reasonable period consistent with industry practice and your rights.

9) Your Rights (GDPR)

Subject to legal conditions/exceptions, you have the right to:

9.1 Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Data portability (Art. 20), and Object (Art. 21, including to processing based on legitimate interests and to direct marketing).

9.2 Withdraw consent at any time (Art. 7).

9.3 Lodge a complaint with your local supervisory authority or the authority where we are based. In Baden‑Württemberg, Germany: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden‑Württemberg (LfDI BW) • https://www.baden-wuerttemberg.datenschutz.de/

To exercise your rights, contact us at info@pi360.org. We may need to verify your identity.

10) Cookies, Online Tracking & Analytics

Our ticketing and event pages may use cookies and similar technologies for:

10.1 Essential functions (login/session, security, ticket cart).

10.2 Preferences (language, layout).

10.3 Limited analytics (aggregate usage) and fraud prevention.

Where required, we will request your consent via a banner or settings. You can manage cookies through your browser and platform controls; disabling essential cookies may affect functionality.

11) Photography, Audio & Video at the Event

We and our contractors may capture images and recordings at the Conference:

11.1 Uses: documentation, internal records, promotional materials, press, website/social media, future event marketing, and post-event educational resources.

11.2 Your options: If you have concerns, notify staff onsite; we will use reasonable efforts to accommodate, such as seating preferences or avoiding close-up shots, where feasible.

11.3 Speakers & panelists: Session recording/streaming may be part of the program; specific consent terms may apply.

12) Security Measures

We implement technical and organizational measures appropriate to risk, including: Access controls, encryption in transit, role‑based permissions, logging/monitoring, vendor due diligence, staff training, and data minimization. No system can be 100% secure, but we aim to mitigate risks and promptly address incidents.

13) Children & Minors

The Conference is intended for adults aged 18 and above. Admission of minors (if any) requires prior arrangement and supervision. If we learn we inadvertently processed a minor’s data without proper basis, we will take steps to delete it.

14) Changes to this Notice

We may update this Notice from time to time. The latest version will be available at the privacy policy URL provided above. Material changes will be communicated where reasonably feasible.

15) Contact

PI360 – The Process Intelligence Network gUG (haftungsbeschränkt)

Alte Ziegelei 24

67346 Speyer

Germany

—

info@pi360.org

https://icpmconference.org/industry2026/hackathon/

—

Supervisory authority (Germany – Baden‑Württemberg): https://www.baden-wuerttemberg.datenschutz.de/