I. General

The European Peering Forum is an event organized by the companies AMS-IX, DE-CIX, LINX and Netnod. The hosts are each independent controller within the meaning of the GDPR. For the sake of simplicity, they are all referred to as “EPF hosts” or “we”. The following declaration provides an overview as to how the EPF hosts ensure the protection of your personal data.

II. Name and contact details of the person responsible for processing and the company Data Protection Officer

This Privacy Policy applies to the processing of data by

  • DE-CIX: DE-CIX Management GmbH, Lichtstrasse 43i, 50825 Köln. Our company Data Protection Officer can be contacted via the email address dataprotection@de-cix.net or by post to: DE-CIX Management GmbH, Lichtstrasse 43i, 50825 Cologne, with the keyword “Data Protection”.
  • AMS-IX: Amsterdam Internet Exchange B.V.,Frederiksplein 42, 1017XN Amsterdam, The Netherlands, Email address: info@ams-ix.net, Phone number: +31 20 521 01 89, Chamber of Commerce number: 34128666
  • LINX: London Internet Exchange (LINX), Trinity Court, Trinity Street, Peterborough, PE1 1DA. P: +44 1733 207700 E: Hello@linx.net. Registered in England, Number: 3137929
  • Netnod: Netnod AB Greta Garbos väg 13, 169 40  Solna Sweden, Phone: +46 (0)8 562 860 00Info@netnod.se Registration number: 556534-0014

III. Purpose of data processing

  1. 1. Registration to the EPF

If you register to participate to the European Peering Forum we collect the following personal data from you:

  • First name
  • Last name
  • Company
  • Job title
  • Country
  • When necessary, billing and delivery address
  • When necessary, billing and payment details
  • Email address
  • When necessary, phone number

These details are collected for the purposes of identifying and registering you on the day of the event. The legal basis for this is Article 6, Para 1b) of the GDPR, i.e. you make the data available to us on the basis of the contractual relationship between yourself and us. In addition, regarding the processing of your email address, the German Civil Code requires us by law to send an electronic order confirmation (Article 6, Para. 1c)). We store your data collected for the fulfillment of the contract until the expiration of the legal or possible contractual warrantee and guarantee rights. After expiry, we retain the information regarding the contractual relationship that is required by commercial law and tax law for the legally determined period. For this period of time (generally 10 years from the conclusion of the contract), the data will only be re-processed in the case of an audit by the taxation authorities.

The Registration for our events takes place via the EPF website.

2. Contact form and email contact

On our website, we offer you different options for getting in contact with us. These include via our contact form. The personal data you impart via our contact forms is usually your name, e-mail address and organisation.

We need this in order to be able to respond to your enquiry and get in touch with you. All other requested data is as a general rule provided on a voluntary basis. These data are used to complete your profile and to be able to contact you in another way than by email. The data is deleted as soon as it is no longer required for the purpose of its collection. This is the case when your enquiry has been processed. The legal basis for this is Art. 6 No. 1) f GDPR. The proper processing of your enquiry is to be regarded as a legitimate interest within the meaning of the GDPR. You have the right to object your consent to the processing of personal data imparted to us at any time with effect for the future. To do so, please use the contact information provided under II. From the moment of objection, it will no longer be possible to process your enquiry.

3. Online presence on social media

In addition to this website, we also maintain an online presence on the social media channels Facebook, Linked-in, and X. You can access these by clicking on the corresponding menu items on our website.
We would like to point out that your use of these pages and their functions lies within your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).
When visiting such a page, personal data may be transferred to the provider of the social media channel. The social media provider collects and processes your IP address, the type of processor and browser version used, including plug-ins and, where applicable, other information.

The data collected about you in this context will be processed by the provider of the social media channel and in some instances may be transferred to countries outside of the European Union.

If you are logged in with your personal user account of the respective channel during your visit to such a website, this channel can assign the visit to your account.
If you wish to avoid this, you should log out of the social media channel before visiting our online presence or deactivate the “remain logged in” function, delete the cookies present on your device, and exit and restart your browser. In this way, information which could be used to directly identify you is deleted.

The purpose and scope of the data collection and the further processing and use of the data by the provider of the respective social media channel, as well as your relevant rights and setting options for the protection of your privacy, can be found under the respective privacy policy information of the respective medium:

Facebook: https://de-de.facebook.com/about/privacy/
X: https://twitter.com/de/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy

As the operator of the respective online presence, we do not collect or process any further data from your use of the corresponding social media channel.


IV. Your rights

  1. Overview

Alongside the right to withdraw the consent given to us, you also have the following rights, when the respective legal conditions are extant:

  • Right of information regarding your personal data stored by us in accordance with Article 15 of the GDPR; in particular, you can obtain information about the purpose of processing, the category of personal data, the category of recipient for whom your data is or has been made available, the planned period of retention, the origin of your data, insofar as it was not collected directly from you,
  • Right of rectification of erroneous or to completion of correct data in accordance with Article 16 of the GDPR,
  • Right to deletion of your data stored by us in accordance with Article 17 of the GDPR, insofar as there are no legal or contractual requirements to retain the data, or other legal obligations or rights to the continued retention of the data,
  • Right to limit the processing of your data in accordance with Article 18 of the GDPR, insofar as you dispute the correctness of the data, the processing is illegal, but you oppose the deletion of said data; the data controller no longer requires the data, but you require said data for the assertion, exercise or defense of legal claims, or you have filed an objection to the processing in accordance with Article 21 of the GDPR,
  • Right to data portability in accordance with Article 20 of the GDPR, i.e. the right to receive selected data about you stored by us in a standard, machine-readable format, or to have this transmitted to another data controller,
  • Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your normal place of residence or work, or of our company headquarters to do this.


  1. Right to object

Under the conditions of Article 21, Para 1 of the GDPR, the data processing can be objected to on grounds arising out of the special situation of the person affected.
The above general right to object applies for all purposes of processing described in this Privacy Policy that are processed on the basis of Article 6, Para 1f) of the GDPR. In contrast to the special right to object to data processing for marketing purposes (see Section III.3.3. above), we are, according to the GDPR, only obligated to implement such a general right to object if you can provide grounds of superordinate importance (e.g. a possible risk to life or health).


V. Forwarding to third parties

The data collected by us are not sold. We provide information that we obtain to third parties exclusively to the extent described in the following:

  1. Affiliated companies

Affiliated companies that are under the control of one of the EPF Hosts, if they are either subject to this Privacy Policy or adhere to guidelines that offer at least as much protection as this Privacy Policy.

  1. Service providers

We commission other companies and individuals to fulfill tasks for us. Examples include supporting with the organization of events (e.g. events and congresses), the sending of letters or emails, the maintenance of our contact lists, or the handling of payments (credit cards, bank transfers, and purchase order invoicing). These service providers have access to personal information that is necessary for fulfilling their tasks. However, they are not permitted to use this for other purposes. In addition to this, they are obligated to handle the information in accordance with this Privacy Policy and applicable data protection laws.

  1. Protection

We disclose personal data when we are legally obliged to do so, or when such disclosure is necessary to protect our rights and those of third parties.

  1. Recipients outside of the EU

Your data will generally be processed in Germany and in other European countries. If, in exceptional cases, your data is also processed in countries outside the European Union (i.e. in so-called third countries), this is done insofar as you have expressly consented to this or it is necessary for our provision of services to you, or it is provided for by law (Article 49 GDPR). Furthermore, your data will only be processed in third countries if certain measures ensure that an adequate level of data protection exists (e.g. adequacy decision of the EU Commission; EU standard contractual clauses or so-called suitable guarantees, Article 44 ff. of the GDPR).

For transfers to the United States, the following special rules apply: Due to the EU Commission’s adequacy decision of 10/07/2023 on the EU-US Data Protection Framework (EU-US DPF), data transfers to the United States are based on Article 45 Para 1 of the GDPR. This applies only to those US-based organizations that have been certified by the Data Privacy Framework (DPF) program. This certification confirms that they have reliable mechanisms for transferring personal data to the United States. The DPF program is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce. You can search for the participating organizations and their level of certification on the DPF program website at https://www.dataprivacyframework.gov/s/participant-search.