The Crate platform represents a virtual meeting point where hotels and other suppliers with meeting facilities (“Providers”) as well as event venues encounter meeting and event organizers, procurement departments, management stakeholders for corporates or meeting and event planners (“Users”).
If you use our software or visit our website, various pieces of personal data may be collected. Personal information is any data with which you could be personally identified.
The party responsible for processing data for the use of Crate software as well as on this website is:
The responsible party is the legal entity who alone or jointly with others decides on the purposes and means of processing personal data.
Data collection on our website
Other data is collected when you provide it to us, such as data you enter in a contact form.
The data collected on Crate’s website (www.cratezone.com) is processed by the website’s hosting operator:
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors.
SSL or TLS encryption
Our website as well as our software uses SSL / TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us or our site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
Browser type and browser version
Operating system used
Host name of the accessing computer
Time of the server request
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfiling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Purpose of data collection
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site or are used for order processing. More details please find below.
Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behaviour. This happens primarily using cookies and analytics. The analysis of your surfing behaviour is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools.
Data collection in/for our software
Registration on this website
You can register on our website in order to access Crate software (e.g. Crate Tender). The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
User business account
If the company you officially work for entertains a licenced business account for Crate software with an unlimited number of personal user logins, your personal data will be stored in connection with the data of your company. In this case, registration will not happen through our website but collectively via the person in your company responsible for the cooperation with Crate (e.g. travel manager, marketing manager or else).
Declaration of agreement from each user with an individual login is in such cases not in Crate’s responsibility but remains within the company cooperating with Crate.
We will continue to store your data collected for the creation of your login as long as you actively work for the same company. As soon as the responsible person within the company asks us to delete your login and your data, we will do so immediately.
In case you require your personal data to be deleted you will need to address the responsible person within your company.
Hotel business account
Crate software sends requests for events, which our users enter, to a selected number of hotels (“providers”) that meet the requirements (e.g. number of sleeping rooms and function space). Providers may reply to these requests by creating a login for the software and entering their offer directly in the software.
Providers have no obligation to reply to these requests. You may either ignore the request or decline it in the software in order to inform Crate that you have taken notice of it.
Crate will retain the data you provide as a hotel until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains. Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
If you do not want to receive any requests for group bookings from Crate, you may inform us about your decision by sending an email to:
Your rights regarding your data
Right on information
You have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at any time and at no charge. You also have the right to request it to be corrected, blocked or deleted. You may contact us at any time if you have further questions about the issue of privacy and data protection or, of course, to file a complaint with the competent regulatory authorities. For any of this, please use the following address:
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. In this case, send us an email to . The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the state in which our company is headquartered.
Right to data portability
You have the right to have data which we process based on your consent or in fulfilment of a contract delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Duration of Data Storage
Every 6 months, Crate sends an email to all inactive Crate Essence users of the software requiring them to confirm the active use of the account. If a user fails to reconfirm his/her login within the given deadline, the account will be deleted and with it all data associated to the account.
Data protection officer
Crate’s appointed data protection officer is:
Phone: +41 44 385 60 00
Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfil the terms of your contract with us, for example, to payment providers entrusted to process your payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
For the fulfilment of the order and/or contract we need the following information:
Title, first name, surname (personal address in the contract fulfilment
Address (offer and billing address)
Electronic communication (e-mail, telephone, fax) for contract fulfilment and subsequent marketing campaigns.
Data transfer to payment solution provider PayPal
On this website, the controller has integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.
If the data subject chooses "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.
The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.
The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
On this website, the controller has integrated components of Stripe. Stripe is an online payment service provider. Stripe is able to process payments through credit cards. Stripe makes it possible to trigger online payments to third parties or to receive payments.
The operating company of Stripe is Stripe Inc.,185 Berry Street, Suite 550, San Francisco, CA 94107, UNITED STATES.
If the data subject chooses "Stripe" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to Stripe. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.
The personal data transmitted to Stripe is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.
The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to Stripe, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between Stripe and the controller for the processing of the data will be transmitted by Stripe to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
Stripe will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from Stripe. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
Our website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set (further details to cookies see above). These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
Crate uses LinkedIn Ads, an online advertising program from LinkedIn Inc., 1000 W Maude Ave, Sunnyvale, CA 94085, United States
If you entertain a personal account in LinkedIn and view or click on an ad displayed on the site or in the app of LinkedIn, Crate will get a signal that someone visited the page that displayed the ad, and we may through the use of mechanisms such as cookies determine the viewer. As an advertising partner we can associate personal data collected by LinkedIn through cookies and similar technologies.
Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.
A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook,e.g. the Facebook blocker of the provider Webgraph, which may be obtained under http://webgraph.com/resources/facebookblocker/. These applications may be used by the data subject to eliminate a data transmission to Facebook.
On this website, the controller has integrated Google Remarketing services. Google Remarketing is a feature of Google AdWords, which allows an enterprise to display advertising to Internet users who have previously resided on the enterprise's Internet site. The integration of Google Remarketing therefore allows an enterprise to create user-based advertising and thus shows relevant advertisements to interested Internet users.
The operating company of the Google Remarketing services is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and matched to the interests of Internet users.
Google Remarketing sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google enables a recognition of the visitor of our website if he calls up consecutive web pages, which are also a member of the Google advertising network. With each call-up to an Internet site on which the service has been integrated by Google Remarketing, the web browser of the data subject identifies automatically with Google. During the course of this technical procedure, Google receives personal information, such as the IP address or the surfing behaviour of the user, which Google uses, inter alia, for the insertion of interest relevant advertising.
The cookie is used to store personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. For this purpose, the data subject must call up the link to www.google.de/settings/ads and make the desired settings on each Internet browser used by the data subject.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
Plugins and tools
Google Web Fonts
For uniform representation of fonts, our website as well as our software use web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font is used by your computer.
Crate software uses the Google Maps service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Crate software allows other event technology (e.g. registration platforms) the exchange of data in order to facilitate a customer’s “one-stop-shop experience” as well as to simplify the capture and further processing of data. If a customer with business account requires Crate software to correspond with such third-party software, a detailed acknowledgement and agreement of data exchange is necessary.
In such cases, the Data Protection Policy of the third-party provider comes into effect.
Crate uses a variety of organizational, technical and administrative measures to protect personal data within the organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with Crate is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us by sending a mail to:
Changes in this Data Protection Policy
Crate will update this Data Protection Policy to reflect changes to our information practices. We encourage you to periodically review this page for the latest information on our privacy practices.