Privacy policy for visitors to the website

Thank you for visiting our website. The protection of your personal data is very important to us. Below we inform you about the collection and processing of data when you visit our website and when you contact us. In addition, we will inform you of the data subject rights you can assert.


1. responsible bodies You and data protection officer

The entity responsible for data collection and processing is:

Convento GmbH
Oberstrasse 4
41460 Neuss

Further information can be found in the IMPRINT.

If you have any questions about data processing or your rights, our data protection officer will be happy to assist you. You can reach him at:


2. Visiting our websites

In the following we inform you about

  • what data is collected when you visit our website,
  • the purposes for which it is processed and
  • what options you have to control the collection and processing of data yourself.

I. Cookies

The following cookies are used on this website:

II. Log-Files

1. the following data is automatically transmitted by your browser when you visit our website:

  • Date, time and duration of the page view
  • Name of your internet service provider
  • Website from which you came to us
  • The abbreviated IP address of your end device
  • Your browser type and version
  • The operating system of your device.

2. We use this data to gain statistical insights into how our websites are used. This serves to improve our offer. In addition, the collection of data serves to trace and prevent unauthorized access to the web server and misuse of the websites.

III. Contact form

  1. If you contact us via our website, we will collect and process the data you provide, such as your e-mail address, your name, your address and, if applicable, your described request.
    The fields marked as such are mandatory fields. We need the information you enter there in order to process your request. The other fields are optional.

  2. The data is transmitted to our customer service via an SSL-encrypted e-mail and is not stored on our website.

Our customer service processes the data you provide on the basis of and for processing your respective request, e.g. to provide the requested information about products and conditions or to process your questions and requests for changes to existing contracts.

Privacy policy for event marketing

der Convento GmbH, Neuss


1. Purpose of data processing

We, Convento GmbH in Neuss, have been active in the B2B environment since 1994 and offer software solutions and services for communication professionals in press and public relations and investor relations.

To complement our range of services, we offer our clearly defined target group free events ("PR breakfasts") several times a year at different locations, at which a well-known speaker gives a talk on a topic of interest to the industry. We conduct an online survey of the industry no more than once a year. Invitations to the breakfasts and surveys are usually sent to the recipients' business e-mail addresses. In addition, registrations, cancellations and participation are stored and processed.


2. target group

In order to reach our recipients in a targeted manner and to be relevant and useful with the invitations, we only store and process the business data of natural persons in Germany, Austria and Switzerland with exclusively the following positions:

  • Press spokesperson or media spokesperson
  • Head of or employee in the Corporate Communications, Public Relations or Investor Relations departments
  • Head of or employee in a PR agency


3. type of storage

We only store the following job-related information

  • Name, academic title, job title or position, company, professional e-mail address
  • Date and reason or occasion for the first data collection
  • Previous participation in Convento GmbH webinars, events or surveys.


4. origin of the data

Communications officers and employees from press offices, investor relations departments or PR agencies register for free events or webinars via the Convento website. By registering, they give their consent to receive further invitations and to the storage and processing of their work-related personal data.

Interested parties register for free webinars or download white papers or product information via the Convento website.
In addition, we use publicly accessible personal data from press releases, press sections or media corners on company and agency websites or other publicly accessible portals on which companies publish their announcements and in which contact persons for journalists and media or investors are named in order to update our database.


5. data security

We implement all state-of-the-art technical and organizational measures (TOMs) to ensure the best possible protection of data. Personal data is stored in a TÜV-certified data center in Düsseldorf. We have committed all employees and contract data processors specifically to data protection. Employees via the employment contract, contractors via ADV contracts. Further information can be found on the website (e.g. terms and conditions, privacy policy) or will be made available to you on request.


6 Consent, legitimate interest

We usually store and process data for which we have permission to process ("opt in"). Data subjects can withdraw their permission to receive messages at any time, request a copy of their data record, or ask us to delete or change their data. An unsubscribe button ("opt out") is available in every e-mail to withdraw permission to send e-mail invitations.

In individual cases, it cannot always be ruled out that recipients have not yet given their explicit consent to receive invitations. In this case, we assume our legitimate interest in accordance with Art. 6 (f) GDPR and Recital 47 (7) GDPR. In addition, there is also a legitimate interest on the part of the recipients, as invitations are only sent to free industry events and occasionally to industry-specific surveys. This outweighs the other interests, fundamental freedoms and fundamental rights of the recipients in this case.


7. contact person

The person responsible for data protection at Convento GmbH is

Dipl.-Kfm. Rainer Maassen
Managing Director

Privacy policy for users

of the myconvento PR software


Since May 25, 2018, the rules of the EU General Data Protection Regulation (hereinafter referred to as GDPR) must be observed and implemented in Germany and all other EU member states. In Germany, the new version of the Federal Data Protection Act based on the GDPR (hereinafter BDSG-new) also applies. In Germany, the GDPR and the BDSG-new replace the previous Federal Data Protection Act (BDSG-old), which was still valid until May 25, 2018.

Convento GmbH (hereinafter referred to as "Convento") processes personal data as a commissioned data processor within the meaning of Art. 4 of the GDPR, which its customers make available for use in myconvento as clients and data controllers within the scope of the order placed. Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to the data subject. These characteristics are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. Specifically, these are address and communication data as well as other essential characteristics of journalists, bloggers, other "influencers" of the client and publishers. In particular, Convento respects the rights and property of its customers to their data as well as the data protection and privacy of data subjects and undertakes to do everything necessary to meet this requirement.


1. territorial validity

Customer data is processed exclusively within the territory of the Federal Republic of Germany. Since 2015, Convento has been operating the customer systems in a specialized and ISO 27001-certified data center in D-40472 Düsseldorf at myloc managed IT AG (


2. disclosure of personal information to third parties, subcontracting

Convento does not use personal data that it receives from its customers itself, but only makes this data available for the respective customer on the server farm rented in the data center of myLoc managed IT AG [certified data center according to ISO 27001], Am Gatherhof 44, D-40472 Düsseldorf. There it integrates the data into the customer database, where it is then exclusively available to the customer.

If Convento outsources parts of the orders received to subcontractors - otherwise only with the customer's prior written consent - Convento shall ensure that data protection and data security are guaranteed in the same way as for Convento itself. The customer shall be granted the same rights of inspection and control vis-à-vis the subcontractor as it has vis-à-vis Convento.

The usual general subcontracting services (e.g. telecommunications, maintenance, support, cleaning) are not covered by this regulation. However, Convento has generally concluded corresponding agreements on data protection and data security with such partners.

The collection or transfer of personal data to state institutions and authorities shall only take place within the framework of applicable legal provisions. In such cases, Convento is obliged to notify the customer in writing in good time before disclosure, insofar as this is legally permissible. Convento does not use service providers that are subject to the US Patriots Act and the US Freedom Act.


3. Obligations of the customer

The customer is the "controller" within the meaning of Art. 4 No. 7 GDPR. He is therefore responsible for the permissibility of the tasks assigned to Convento and for safeguarding the rights of the data subjects. The customer shall place or confirm orders and additions in writing. This also applies to changes - to be jointly agreed - to the content, procedures, scope and other parts of the contract. If the customer issues instructions verbally, he shall confirm them immediately in writing.

The customer shall designate a responsible contact person who can issue instructions and make or promptly bring about decisions on all matters relating to the order. This contact person shall ensure that the customer's myconvento users are aware of this declaration and comply with it.

The customer's administrator defines the users in myconvento. Each user receives personal access data (user name and password). Users are instructed not to use passwords that can be spied on and, if possible, not to keep any notes on their passwords.

The customer shall delete access to myconvento ("user account") immediately if it is no longer to be available to a user. If the customer discovers errors in the execution of the order or in the results of the order, he shall inform Convento immediately.


4. Obligations of Convento GmbH

Convento shall process personal data exclusively within the framework of the agreements made and in accordance with the customer's written instructions, and shall not use the data provided for any other purposes. Copies or duplicates will not be made without the customer's knowledge.

Convento does not usually maintain or process data for customers. Convento is therefore not obliged to keep detailed documentation of the data processing, on the basis of which the customer can provide evidence of the proper execution of the data processing. Convento will only process data on special written instructions from the customer. Only and exclusively in these cases shall Convento keep simple documentation of the data processing. An IT log will then document which Convento employee has viewed or processed which customer's data and when. Convento will store this documentation for the long term.

Convento handles personal data in accordance with all applicable provisions of data protection law, the German Telemedia Act (TMG) and the German Telecommunications Act (TKG). Upon request, Convento shall provide the customer with the information pursuant to Art. 30 para. 2 GDPR (list of processing activities carried out on behalf of Convento). In order to protect personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons in the best possible way, Convento uses technical and organizational measures (TOM) in accordance with Art. 32 GDPR. We continuously improve these measures in line with technical developments.

All Convento employees, suppliers and partners are obliged to maintain data secrecy in accordance with § 53 BDSG-new and, if applicable, to maintain special professional secrecy (e.g. banking secrecy).

Convento shall inform the customer immediately if the customer's property is jeopardized by third party measures (e.g. by seizure or confiscation, by insolvency or composition proceedings, etc.) or by other events.


5. Rights of the customer

Convento shall grant the customer or an auditor designated by the customer unhindered access to the customer's business premises as required within the scope of the order inspection in accordance with Section 64 (3) No. 12 BDSG-NEU. Convento thus enables the customer to inspect the data stored for the customer or in connection with the order and to check the program processes used in order to ensure compliance with the technical and organizational measures (TOM) taken.

For this purpose, we offer the auditors access that corresponds to the access rights of the customer concerned. If the customer exceptionally permits the processing of data in private residences, Convento shall ensure that the aforementioned checks can also be carried out in these residences. Convento shall ensure that all residents of these private residences have consented to this arrangement.


6. Rights of data subjects

Persons whose data Convento stores on its systems, regardless of whether they were collected by the customer or by Convento, are entitled to receive information about the data concerning them free of charge.

The groups of persons concerned are usually journalists, bloggers, other "influencers" of the customer and / or other public relations contacts, for example customers, interested parties, employees within the meaning of § 26 BDSG-new, subscribers, suppliers, sales representatives or shareholders.

The data subject has the right to rectification, erasure or blocking of their data stored in myconvento. If Convento has processed data for the customer, it shall forward this data to the customer without delay together with the complaint. Alternatively, the customer can give Convento written consent to process the complaints of the persons concerned.


7. Rights of Convento GmbH

If the customer issues instructions to Convento within the scope of his order that may violate applicable data protection law, Convento shall inform the customer of this and may suspend the execution of the instruction until clarification.

If the customer - himself or through a third party - checks compliance with data protection and data security measures as part of the order control, Convento shall be entitled to charge for any expenses incurred at Convento's usual hourly rates per hour or part thereof. Checks by means of a user account are of course free of charge.


8. technical and organizational measures (TOM) for data protection

Convento has taken appropriate technical and organizational measures (TOM) in accordance with § 64 BDSG-new. In addition, the data protection officer (see below) monitors compliance with all obligations under the applicable data protection law and other statutory provisions. Convento shall ensure that the measures in accordance with § 64 BDSG-new are complied with during operation, documented and made available to the customer on request. This also applies to the measures agreed with the customer for the exchange, provision, processing, storage, output and dispatch of data.

As proof of the technical and organizational measures taken, Convento shall provide the customer with all available suitable documents, logs and reports, including those from independent bodies. Convento reserves the right to implement measures in line with technical and organizational progress that meet at least the same data protection and data security requirements as those specified in the appendix. A precisely defined message chain ensures that the customer is informed immediately in the event of control actions, measures and investigations in accordance with § 40 BDSG-new or Art. 83 GDPR. Convento shall also inform the customer immediately in the event of any breaches of the customer's personal data protection regulations (e.g. in accordance with Art. 33 GDPR) or of the specifications made in the order by the customer or the persons employed by the customer, as well as in the event of serious disruptions to operations. This also applies to the mere suspicion of such incidents.

Convento shall report the following cases immediately, regardless of the reason and even in cases of suspicion:

  • in the event of serious disruptions to operations
  • in the event of significant irregularities in the handling of the customer's personal data
  • in the event of a breach of the protection of personal data pursuant to Art. 33 GDPR
  • if personal data has been transmitted unlawfully
  • if third parties may have unlawfully gained knowledge of personal data

Convento shall take appropriate measures in coordination with the customer to secure the data and to minimize possible adverse consequences for data subjects. If customers, as data controllers, have to fulfill specific reporting obligations in accordance with Art. 33 or 34 GDPR, Convento will support its customers in this regard.

Convento regularly checks all customer orders for execution and fulfillment as part of order control. The regulations and measures for order execution are checked for compliance and adjusted if necessary.


9. type of data, data carrier

The type of data is determined within the scope of the order. These are, for example

  • Personal master data, communication data (e.g. telephone, e-mail), contact history
  • Contract master data (contractual relationship, product or contractual interest)
  • Contract billing and payment data
  • Information data (from third parties, e.g. credit agencies, or from public directories)

Convento identifies data carriers that originate from the customer or are used for the customer by name. Incoming and outgoing data carriers are documented. External data carriers for data backup are also encrypted to ensure security in the event of transportation between different locations.

The handling of disused data carriers is regulated by the internal data backup concept that applies to all employees. The data carriers must always be handed over to the IT department. Optical data carriers are shredded. Defective hard disks, USB and other data storage devices are temporarily stored under lock and key until they are destroyed in accordance with data protection regulations.


10. Liability

In accordance with the statutory provisions, Convento shall be liable to the customer for damage caused by its employees or those commissioned by Convento to perform the contract in the course of providing the service, either intentionally or through gross negligence. The damage must be proven by the customer. Convento and its vicarious agents shall only be liable for property damage and financial loss caused by negligence in the event of a breach of a material contractual obligation, but limited to the amount of damage foreseeable at the time of conclusion of the contract and typical for this type of contract. The actions of a Convento employee can only constitute one case of damage.

The customer shall be primarily liable to the data subject for compensation for damages suffered by the data subject due to unlawful commissioned data processing in accordance with data protection regulations.

Pursuant to Art. 82 para. 2 sentence 2 GDPR, Convento shall only be liable for the damage caused by its commissioned data processing if Convento has failed to comply with its obligations under the GDPR specifically imposed on it as a processor or has acted in disregard of the lawfully issued instructions of the customer responsible for the data processing or against its instructions. The customer as data controller and Convento as data processor may be jointly and severally liable as parties to the same processing for any damage caused to a data subject in accordance with Art. 82 para. 4 GDPR.


11. end of order and contract

At the end of the contractual relationship, Convento shall return all customer documents in its possession and files, data carriers and documents related to the order to the customer or, with the customer's consent, dispose of them in accordance with data protection regulations. Convento shall then confirm the deletion or destruction in accordance with data protection regulations.

Convento shall not store the data provided for data processing for longer than required by law or by the customer. Documents containing personal data that are no longer required will only be destroyed in accordance with data protection regulations following written instructions from the customer. Any test and scrap material is kept under lock and key at Convento until it is either deleted by Convento in accordance with data protection regulations or handed over to the customer. The destruction of the customer's documents by Convento is reported and the handover of documents to the customer is documented.

Convento may continue to store and use data for accounting and billing purposes even after the end of the contractual relationship or after deletion of the personal data.

The customer may terminate the contract at any time without notice if Convento commits a serious breach of data protection regulations or the underlying contract, if Convento is unable or unwilling to carry out a lawful data protection instruction from the customer and informs the customer of this in writing or refuses the customer access in breach of contract.


12. automatic logging of user behavior

myconvento uses "cookies". They help to increase user convenience for the customer. For example, cookies store the login data of website visitors so that they do not have to log in every time they visit a website. Most browsers are set to accept cookies automatically. myconvento also logs the general intensity of a customer's use of myconvento. The information is used exclusively to improve customer service and to monitor and ensure the capacity of the overall system.


13. consent of the client (myconvento user company)

By using myconvento, the user company agrees that Convento may collect information to the extent described above and use it accordingly. The rapid development of the Internet makes it necessary to adapt our privacy policy from time to time. As a customer, you will be notified by e-mail of any changes to the privacy policy. The current version can be viewed at any time on the website

Privacy policy for visitors to the website

Privacy policy for event marketing

Privacy policy for users



If you have any questions, requests or comments on the subject of data protection, please send an e-mail to
At the same time, data protection at Convento is continuously monitored and supported by our external data protection officer:

Attorney Axel Krause
Law firm Geerkens - Frommen - Krause
Drususallee 84
41460 Neuss
Neuss, Germany

All functions for your daily work combined in one tool.

Media monitoring & analysis

Contact- and Relationship-Management

Content creation

Client management



Content distribution

We are also happy to help you with this.


Data import & processing

E-Mail Templates

By users for users.

10 advantages for you

Typical customers

Case Studies