Privacy Policy

Last Updated: November 21, 2025

Quick Summary

We care about your privacy. Here's what you need to know:

• What we collect: Name, email, company details, and professional information when you register; usage data when you visit our site

• How we use it: To run the conference, facilitate networking, improve your experience, and send relevant communications

• Who we share it with: Other attendees (for networking), sponsors (with your consent), and service providers

• Your rights: Access, correct, delete your data, or opt out of marketing anytime

• Your control: Choose what information appears in the attendee directory and which sponsors can contact you

Questions? Contact us at team@productlab.app

Who We Are

Data Controller: ProductLab UG Jülicher Str. 13 13357 Berlin, Germany

Contact: Email: team@productlab.app

We organize ProductLab Conference and are committed to protecting your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Information We Collect

Information You Provide to Us

When you register for the conference:

• Name (first and last)

• Email address

• Company name and job title

• Phone number (optional)

• Professional bio (optional)

• LinkedIn profile (optional)

• Dietary restrictions or accessibility needs

• Profile photo (optional)

When you communicate with us:

• Email correspondence

• Support inquiries

• Survey responses

• Feedback

When you make a purchase:

• Billing information (processed securely by our payment provider)

• Transaction details

Information We Collect Automatically

When you visit our website:

• IP address

• Browser type and version

• Operating system

• Pages visited and time spent

• Referring website

• Device information

• Location data (city/country level)

How We Use Your Information

Conference Operations

• Processing your registration and ticket purchase

• Sending event confirmations and updates

• Managing attendee check-in

• Providing customer support

• Accommodating dietary restrictions and accessibility needs

Legal basis: Performance of contract, legitimate interests

Networking & Attendee Directory

• Creating an attendee directory (with your consent)

• Facilitating networking connections

• Enabling meeting scheduling features

• Displaying your profile in our event platform

Legal basis: Consent (you can opt out)

Communications

• Sending conference-related information and updates

• Marketing future events (with your consent)

• Newsletter subscription (with your consent)

• Post-event surveys and feedback requests

Legal basis: Consent (for marketing), legitimate interests (for event updates)

Sponsor Engagement

• Sharing attendee information with sponsors (only with your explicit consent)

• Facilitating connections at sponsor booths

• Enabling sponsor communications

Legal basis: Consent (you control which sponsors can contact you)

Analytics & Improvement

• Analyzing website and app usage

• Improving our services

• Understanding attendee preferences

• Measuring event success

Legal basis: Legitimate interests

Legal Compliance

• Complying with legal obligations

• Protecting our rights and interests

• Preventing fraud and ensuring security

Legal basis: Legal obligation, legitimate interests

Sharing Your Information

With Other Attendees

Attendee Directory: We may include the following information in our attendee directory (you can opt out or customize what's shown):

• Name

• Company and job title

• Professional bio

• LinkedIn profile

• Profile photo

Networking Features: When you use networking features on Luma, other attendees can see your profile information based on your preferences.

With Sponsors & Partners

Event Interactions: If you interact with sponsors at the event or provide your information directly to them, they will receive:

• Name

• Company and job title

• Email address

• Any additional information you choose to share

You control this: You can choose which sponsors can access your information during registration and update your preferences at any time.

Sponsor Communications: Sponsors may contact you for marketing purposes if you:

• Explicitly consent during registration

• Provide your information directly to them at the event

• Attend their sponsored sessions and opt in

You can opt out: Unsubscribe links are included in all sponsor communications.

With Service Providers

We share your data with trusted service providers who help us run the conference:

Event Management: Luma

• Event registration and ticketing

• Attendee networking features

• Event communications

• Privacy Policy: https://lu.ma/privacy

Newsletter & Communications: Substack

• Newsletter delivery

• Subscription management

• Privacy Policy: https://substack.com/privacy

Website Hosting: Framer

• Website hosting and performance

• Site analytics (internal)

• Privacy Policy: https://www.framer.com/privacy

Payment Processing: Stripe

• Secure payment processing

• We never see your full credit card details

• Privacy Policy: https://stripe.com/privacy

Analytics: Google Analytics

• Website traffic analysis (with anonymized IP)

• User behavior insights

• Privacy Policy: https://policies.google.com/privacy

• Opt-out: https://tools.google.com/dlpage/gaoptout

Form Collection: Tally.so

• Contact forms and surveys

• Privacy Policy: https://tally.so/help/privacy-policy

Workflow Automation: Zapier

• Connecting services and automating data flow

• Privacy Policy: https://zapier.com/privacy

Legal Requirements

We may disclose your information if required by law, court order, or government request.

Business Transfers

If our organization is acquired or merged, your data may be transferred to the new entity.

Attendee Networking & Directory

What's Included

Our attendee directory and networking features on Luma help you connect with other professionals. Here's what you can control:

Default Information (visible to other attendees):

• Name

• Company and job title

Optional Information (you choose to share):

• Email address

• LinkedIn profile

• Professional bio

• Areas of interest

• Profile photo

Your Control

During Registration:

• Choose what information to include in the directory

• Opt out of the directory entirely

• Select networking preferences

After Registration:

• Update your profile on Luma anytime

• Remove yourself from the directory

• Adjust visibility settings

Networking Tools

Meeting Scheduler: If you use meeting scheduling features, other attendees can see:

• Your availability

• Your meeting preferences

• Information you choose to share in your profile

Cookies & Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide and improve our services.

Types of Cookies We Use

Essential Cookies (Always Active)

• Enable core website functionality

• Remember your login status

• Maintain security

• Provider: Framer (our website host)

Analytics Cookies (With Your Consent)

• Google Analytics: Understand how visitors use our site (with anonymized IP addresses)

• Framer Analytics: Track site performance and user experience

Marketing Cookies (With Your Consent)

• Track conversion from advertisements

• Measure campaign effectiveness

Managing Cookies

Browser Settings: You can control cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies

• Firefox: Options → Privacy & Security

• Safari: Preferences → Privacy

• Edge: Settings → Privacy, search, and services

Our Cookie Banner: When you first visit our site, you can:

• Accept all cookies

• Reject non-essential cookies

• Customize your preferences

Note: Disabling essential cookies may affect website functionality.

Do Not Track

We currently do not respond to Do Not Track (DNT) signals, but you can control tracking through cookie settings and browser extensions.

Your Privacy Rights

You have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete information.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, except where we must retain it for legal reasons.

Right to Restrict Processing

Limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Withdraw consent at any time (doesn't affect lawfulness of past processing).

Right to Lodge a Complaint

File a complaint with your local data protection authority:

• Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

• EU: https://edpb.europa.eu/about-edpb/about-edpb/members_en

• UK: Information Commissioner's Office (ICO)

• Switzerland: Federal Data Protection and Information Commissioner

How to Exercise Your Rights

Update your information: Log in to your Luma account and edit your profile

Email us: team@productlab.app

Response time: We will respond within 30 days of receiving your request.

Data Security

How We Protect Your Data

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures:

• Encryption in transit (SSL/TLS)

• Encryption at rest for sensitive data

• Secure authentication

• Regular security updates

• Access controls and logging

Organizational Measures:

• Staff training on data protection

• Limited access to personal data (need-to-know basis)

• Data processing agreements with service providers

• Regular security reviews

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours

• Notify affected individuals without undue delay

• Provide information about the breach and our response

Your Responsibility

• Keep your login credentials secure

• Use a strong password

• Log out of shared devices

• Report suspicious activity to us immediately

Data Retention

How Long We Keep Your Data

Active Attendee Data:

• Duration: Until 12 months after the conference

• Purpose: Post-event communications, future event marketing, community access

Newsletter Subscribers:

• Duration: Until you unsubscribe

• Purpose: Sending newsletters and event information

Financial Records:

• Duration: 10 years (as required by German tax and accounting laws)

• Purpose: Legal compliance

Website Analytics:

• Duration: 26 months (Google Analytics default)

• Purpose: Understanding user behavior

After Retention Period

Once the retention period expires, we will:

• Permanently delete your personal data, or

• Anonymize it so it can no longer identify you

Extended Retention

We may retain data longer if:

• Required by law

• Necessary for legal proceedings

• You have explicitly consented to longer retention

International Data Transfers

Where Your Data is Processed

Your data may be transferred to and processed in countries outside the European Union, including:

• United States (service providers: Stripe, Google, Substack, Luma)

• Other countries where our service providers operate

Safeguards for International Transfers

When we transfer data internationally, we ensure appropriate safeguards:

EU to US Transfers:

• Standard Contractual Clauses (SCCs)

• EU-U.S. Data Privacy Framework (where applicable)

• Service providers' privacy certifications

Your Rights

You have the right to:

• Obtain information about international transfers

• Request details about safeguards in place

• Object to transfers in certain circumstances

Children's Privacy

We do not knowingly collect personal data from individuals under 18 years of age. Our conference is intended for adults and business professionals.

If you are under 18, you may only register with explicit parental or guardian consent.

If we discover we have collected data from a minor without proper consent, we will delete it promptly.

Parents or guardians who believe we may have collected information from their child should contact us immediately at team@productlab.app.

Recording and Photography

Event Photography & Videography

By attending the conference, you acknowledge that:

• The event may be photographed and recorded

• You may appear in photos, videos, or live streams

• We may use these materials for promotional purposes

Your Options

If you do not want to be photographed or recorded:

• Inform registration staff to receive a "No Photo" badge

• Avoid areas marked as "Photography in Progress"

• Request removal of photos/videos featuring you by contacting us at team@productlab.app

Session Recordings

Some sessions may be recorded and made available to:

• Registered attendees (for a limited time)

• The public (on our website or social media)

This will be clearly indicated before sessions begin.

Third-Party Links

Our website and communications may contain links to third-party websites, services, or social media platforms.

Important: We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

Social Media: If you interact with our social media pages, the platform's privacy policy applies in addition to this policy.

Newsletter

Substack Newsletter

We use Substack to deliver our newsletter and community updates.

What Substack Processes:

• Email address

• Name

• Subscription preferences

• Email engagement data (opens, clicks)

Your Control:

• Unsubscribe at any time using the link in each email

• Manage your subscription preferences on Substack

• Request deletion of your data

Substack's Privacy Policy: https://substack.com/privacy

Updates to This Policy

Changes

We may update this privacy policy from time to time to reflect:

• Changes in our practices

• Changes in legal requirements

• New features or services

• Feedback from users

Notification

Material Changes:

• We will notify you by email

• We will post a prominent notice on our website

• We will update the "Last Updated" date

Minor Changes:

• We will update the "Last Updated" date

• You can review changes by checking this page periodically

Your Options

If you disagree with changes to this policy:

• You can stop using our services

• You can request deletion of your account

• You can opt out of specific data processing activities

Contact Us

If you have questions about this privacy policy or our data practices:

Email: team@productlab.app

Mail: ProductLab UG Jülicher Str. 13 13357 Berlin Germany

Response Time

We aim to respond to all privacy inquiries within 5 business days, and to formal data subject requests within 30 days as required by law.

Legal Basis for Processing

GDPR Compliance

We process your data based on:

Consent: For marketing communications, networking directory, and optional features (you can withdraw anytime)

Performance of Contract: To provide conference services you've registered for

Legitimate Interests: To improve our services, ensure security, and operate our business effectively

Legal Obligations: To comply with tax, accounting, and other legal requirements

Specific Rights for EEA, UK, and Swiss Residents

Your Enhanced Rights

As a resident of the European Economic Area, United Kingdom, or Switzerland, you have additional protections:

Right to Data Portability: Receive your data in a portable format and transfer it to another service

Right to Object: Object to processing based on legitimate interests at any time

Right to Automated Decision-Making: We do not use automated decision-making or profiling that produces legal effects

Right to Supervisory Authority: Lodge a complaint with your national data protection authority

German Data Protection

For residents of Germany:

• Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin DPA)

• Friedrichstr. 219, 10969 Berlin

• Website: https://www.datenschutz-berlin.de

Withdrawing Consent

If we process your data based on consent, you can withdraw it at any time by:

• Clicking unsubscribe in our emails

• Updating your preferences in your Luma account

• Contacting us at team@productlab.app

Important: Withdrawing consent doesn't affect the lawfulness of processing before withdrawal.

Definitions

Personal Data: Any information relating to an identified or identifiable individual.

Data Controller: The entity that determines the purposes and means of processing personal data (ProductLab UG).

Data Processor: An entity that processes personal data on behalf of the controller (our service providers).

Processing: Any operation performed on personal data, including collection, storage, use, or deletion.

Consent: Freely given, specific, informed, and unambiguous agreement to processing of personal data.

Legitimate Interest: Processing necessary for our legitimate business purposes, balanced against your rights and interests.

Thank you for trusting us with your personal information. We are committed to protecting your privacy and handling your data responsibly.

This privacy policy was last updated on November 21, 2025 and is version 2.0