Privacy Policy
Last Updated: June 20, 2026 — Version 4.0
Quick Summary
We care about your privacy. Here's what you need to know:
What we collect: name, email, company and job title, LinkedIn URL and other professional information you give us when you register; technical/usage data when you visit our site.
How we use it: to run the conference, support you, facilitate networking and send communications you have asked for.
Who we share it with: Other attendees (for networking), sponsors and partners (with your consent), and service providers.
Your rights: access, rectify, erase, restrict, port, object, and withdraw consent at any time.
Your control: You must acknowledge this policy during registration, and you can withdraw consent at any time.
Questions? Contact us at team@productlab.app
1. Data Controller and Data Protection Officer
Data Controller: Productlab UG (haftungsbeschränkt), Jülicher Str. 13, 13357 Berlin, Germany. Commercial register (Handelsregister): HRB 265003 B. VAT ID (USt-IdNr.): DE368880905. Represented by Daniele Ronca, Founder.
Contact for data protection matters: team@productlab.app.
Data Protection Officer (DPO): Based on the nature, scope and purposes of our processing, Productlab UG is not required to appoint a Data Protection Officer under Art. 37 GDPR or § 38 BDSG. For all privacy enquiries please use the contact above. If a DPO is appointed, their details will be inserted here.
2. The Personal Data we process
We process the categories of data set out below. Unless stated otherwise, we obtain the data directly from you; from the party that purchases your ticket on your behalf (e.g. your employer); automatically from your use of our website; and from the service providers listed in Section 5.
a. Name, contact details and other Personal Data
First and last name, email address, company name and job title, LinkedIn profile URL;
Phone number (optional), professional bio (optional), profile photo (optional);
Billing information for purchases (payments are processed by Stripe; we never see your full card details) and transaction details;
Email correspondence, support enquiries, survey responses and feedback.
b. Special categories of Personal Data
If you choose to tell us about dietary restrictions or accessibility requirements, that information may reveal data concerning your health or religious beliefs (Art. 9 GDPR). We process it solely to accommodate you at the event, on the basis of your explicit consent (Art. 9(2)(a) GDPR). Providing it is entirely optional and we do not share it with sponsors or partners.
c. Data voluntarily provided by the Data Subject
Optional profile fields, your networking-directory profile, optional photo, bio, areas of interest, and any other content you choose to submit to us. You decide what to provide and can edit or remove it.
d. Data automatically collected when sending e-mails or communications
When we send communications through our email providers (KIT for conference emails; providers like Substack for the newsletter), technical data such as delivery status, opens and clicks may be collected to measure and improve those communications.
e. Browsing data
When you visit our website we collect your IP address, browser type and device information, the pages you visit and time spent, and approximate (city/country-level) location. Provider: Framer (hosting and analytics).
f. Cookies
Essential cookies (always active): core functionality, login status and security. Provider: Framer.
Analytics cookies (Framer Analytics): set only after your prior consent given via our cookie banner.
You can manage cookies via the banner shown on your first visit or through your browser settings.
3. Purpose of processing
We process your Personal Data for the following purposes:
Conference operations and performance of the contract: processing your registration, ticketing, check-in, coordinating catering and logistics, accommodating dietary/accessibility needs, and providing customer support and the services you registered for.
Networking and attendee directory: creating an attendee directory and facilitating connections, displaying the profile information you choose on Luma.
Conference communications: sending event-related updates (e.g. agenda, logistics) to registered attendees.
Marketing communications: sending our newsletter and information about future editions, to which you have subscribed or are otherwise lawfully contactable.
Sponsor and partner engagement: sharing your contact details with the individual sponsors and partners you have specifically selected, so they can follow up after the event (see Sections 4 and 5).
Recording and photography: documenting and promoting the event through photos, video and live streams (talks may be published on YouTube and social media). You can request a “No Photo” badge at registration and ask us to remove specific content.
Analytics and improvement: analysing website usage and measuring event success to improve our services.
Security, fraud prevention and legal: protecting our website and event, preventing fraud, complying with legal and tax obligations, and establishing or defending legal claims.
4. Lawful basis for processing Your Data
For each category of processing, the lawful basis under Article 6 (and, where relevant, Article 9) GDPR.
Registration and provision of conference services (name, email, company, job title, and other registration data). Lawful basis: performance of a contract to which you are party, or steps taken at your request prior to entering into it (Art. 6(1)(b) GDPR). You can choose not to share this data with us, but this may affect our capacity to register you or provide the services.
Dietary and accessibility requirements (special categories of data, Art. 9 GDPR). Lawful basis: your explicit consent (Art. 9(2)(a) GDPR). Providing this data is optional; we process it solely to accommodate you.
Attendee directory and networking. Through the attendee directory, you can connect with other participants. A minimal professional profile — your name, company, and job title — may be shown to other attendees by default; the lawful basis is our legitimate interest in enabling professional networking at the event (Art. 6(1)(f) GDPR), and you can opt out of the directory entirely at any time. Any additional fields you actively choose to display — such as your email address, LinkedIn URL, professional bio, areas of interest or photo — are shown on the basis of your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time. In all cases, inclusion is optional and you can edit your visibility or leave the directory via your attendee directory profile.
Conference (event) communications (email). Lawful basis: our obligation to keep registered attendees informed about the event they signed up for. These messages are tied to your registration for a specific event. You can unsubscribe anytime from such communications, but this may affect our ability to perform our obligations under the contract for the specific event.
Newsletter and marketing communications for other or future events and ProductLab activities when You are not a past attendee (email). Lawful basis: your consent (Art. 6(1)(a) GDPR; § 7(2) UWG). Subscribing is optional, and you can unsubscribe at any time.
Information about our own future editions, sent to past attendees (email). Lawful basis: our legitimate interest in marketing our own similar events under the soft opt-in (Art. 6(1)(f) GDPR and § 7(3) UWG. This is optional, and you can object at any time, free of charge.
Sharing with sponsors and partners (name, company, job title, email, LinkedIn URL). Lawful basis: your per-sponsor consent (Art. 6(1)(a) GDPR). This is optional: you may select each sponsor individually or all together, leaving the boxes unticked does not affect your registration or access to the event, and you can withdraw at any time, for all sponsors or for any individual sponsor by contacting them directly.
Photography and recording. General documentation of the event (atmosphere, audience, networking and stage) — lawful basis: our legitimate interest in documenting and promoting the event (Art. 6(1)(f) GDPR), subject to the safeguards described in the "Recording and photography" section.
Analytics and website measurement (browsing data and analytics cookies). Lawful basis: your consent for non-essential cookies (§ 25 TDDDG) and our legitimate interest in aggregate analysis (Art. 6(1)(f) GDPR). Analytics cookies are optional and are set only after you consent.
Security and fraud prevention (technical and usage data). Lawful basis: our legitimate interest in protecting our website, our event and our attendees (Art. 6(1)(f) GDPR).
Tax, accounting and other legal obligations (billing and transaction data). Lawful basis: compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR). Retention of this data is mandatory by law.
Where we rely on your consent, you may withdraw it at any time with effect for the future, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR). Where we rely on our legitimate interests, you may object at any time on grounds relating to your particular situation, and at any time without reason in the case of direct marketing (Art. 21 GDPR).
5. Recipients of Personal Data
Your Personal Data may be shared with the categories of recipients below (the "Recipients"). Depending on the case, they act as our data processors (Art. 28 GDPR) or as independent data controllers (Art. 4(7) GDPR):
providers that assist us in running the conference and operating our website — for example ticketing and registration, event-management and networking platforms, payment processing, email and newsletter delivery, internal database and document tools, and website hosting and analytics — acting as our processors under data processing agreements;
persons authorized by us to process the data for activities strictly related to the Services, bound by confidentiality obligations (e.g. our staff);
professional advisers providing accounting, administrative, tax, legal or financial assistance in connection with the Services;
social media and advertising platforms that provide us with services for our promotional campaigns;
sponsors and partners — and only those you have specifically selected — who receive your data as independent controllers, on the basis of your separate, per-sponsor consent and subject to the contractual safeguards described in Section 4 (this sharing is optional and is not a condition of registration);
other attendees, through the attendee directory, limited to the fields described in Section 4;
public authorities and other parties to whom disclosure is mandatory for legal compliance or fraud prevention, or where required by law or by order of a competent authority.
A current list of the service providers we use is available on request at team@productlab.app.
With Service Providers
Service providers. We rely on the providers below, acting as processors or independent controllers as applicable:
Service | Purpose | Privacy Policy |
|---|---|---|
Tito | Conference ticketing and registration / communication | |
Luma | Event management and networking | |
Stripe | Secure payment processing | |
KIT | Conference email communications | |
Substack | Newsletter delivery | |
Notion | Internal attendee database | |
Framer | Website hosting and analytics | |
YouTube | Video hosting of recorded talks | |
Advertising | ||
Promotional content | ||
Claude by Anthropic | Internal operational support |
6. Transfers of Personal Data
Some of our service providers are located outside the European Economic Area, including in the United States (e.g. Stripe, Substack, Luma, Google/YouTube, LinkedIn, Meta/Instagram, Anthropic). Where data is transferred outside the EEA, we ensure an appropriate transfer mechanism under Chapter V GDPR — Standard Contractual Clauses (SCCs) and/or, where the provider is certified, the EU-U.S. Data Privacy Framework.
7. Storage of Personal Data
Data type | Retention period | Purpose |
|---|---|---|
Active attendee data | 18 months after the conference | Post-event communications, community access |
Newsletter subscribers | Until you unsubscribe | Newsletter and event information |
Financial records | 10 years | Applicable tax and accounting law. |
Website analytics (Framer) | In accordance with the | |
Understanding visitor trends |
8. Rights of the Data Subject
Subject to the conditions in the GDPR, you have the right to:
Access — obtain a copy of the data we hold about you (Art. 15);
Rectification — correct inaccurate or incomplete data (Art. 16);
Erasure — request deletion, except where we must retain data for legal reasons (Art. 17);
Restriction — limit how we use your data (Art. 18);
Data portability — receive your data in a structured, machine-readable format (Art. 20);
Object — object to processing based on legitimate interests or to direct marketing (Art. 21);
Withdraw consent — at any time, without affecting prior lawful processing (Art. 7(3)).
How to exercise your rights: email team@productlab.app. We respond within 30 days for formal data-subject requests.
Right to lodge a complaint: you may complain to a supervisory authority, in particular the Berliner Beauftragte für Datenschutz und Informationsfreiheit (datenschutz-berlin.de), or to the authority in your EU country of residence.
Residents of other jurisdictions
This Privacy Policy is based on the GDPR. If you are located outside the EEA, equivalent or additional rights may apply to you under your local law, and you can exercise them using the contact details above.
United Kingdom: if you are in the UK, the UK GDPR and the Data Protection Act 2018 apply to the processing of your data on an equivalent basis, and you may lodge a complaint with the Information Commissioner's Office (ICO), ico.org.uk.
United States: if you are a resident of a US state with a comprehensive privacy law (such as California), you may have the right to access, correct, delete and obtain a copy of your personal information, and to opt out of its "sale" or "sharing." We do not sell your personal data for monetary consideration, and we share data with sponsors only with your prior, specific consent, which you can withdraw at any time.
Regardless of where you are located, you can exercise your rights by contacting us at team@productlab.app.
9. Amendments
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website.
10. Data Security
We implement appropriate technical and organisational measures including encryption in transit (SSL/TLS), access controls, staff training, and data processing agreements with all service providers.
Data Breach Notification: We will notify the relevant supervisory authority within 72 hours of becoming aware of a breach and inform affected individuals without undue delay.
11. Children's Privacy
Productlab Conference is intended for adults and business professionals. We do not knowingly collect data from individuals under 18. Contact team@productlab.app if you have concerns.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="M 0 17.25 L 8.941 23 L 8.941 0 L 0 5.75 Z" fill="rgba(255, 255, 255, 0.65)" height="23px" id="E3vXMlFqc" transform="translate(3 1)" width="8.9412px"/><path d="M 9.5 11.5 L 19 5.75 L 9.5 0 L 0 5.75 Z" fill="rgba(255, 255, 255, 0.65)" height="11.5px" id="ubKUIjrpD" transform="translate(3 12.5)" width="19px"/></svg>)
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><g d="M 0 24 L 0 0 L 24 0 L 24 24 Z M 4 2 L 21 2 L 21 4.456 L 4 4.456 Z M 4 10.958 L 21 10.958 L 21 22 L 12.498 17.086 L 4 22 Z M 4 6.479 L 21 6.479 L 21 8.935 L 4 8.935 Z" fill="transparent" height="24px" id="kThX1iq6q" width="24px"><path d="M 0 24 L 0 0 L 24 0 L 24 24 Z" fill="transparent" height="24px" id="GNyBoqnEA" width="24px"/><path d="M 0 0 L 17 0 L 17 2.456 L 0 2.456 Z M 0 8.958 L 17 8.958 L 17 20 L 8.498 15.086 L 0 20 Z M 0 4.479 L 17 4.479 L 17 6.935 L 0 6.935 Z" fill="rgb(255, 255, 255)" height="20px" id="eMN6AGLsh" transform="translate(4 2)" width="17px"/></g></svg>)
