Grip and GDPR: Ensuring Data Protection and Matchmaking Success

The General Data Protection Regulation that came into play on the 25th of May 2018 is there to protect the interest of consumers and provide them with a greater choice of the services they use, and how they use them.


We wholeheartedly agree with what GDPR stands for and are proud to see Europe leading the way in protecting the privacy of consumers in the digital age.

In this article, we hope to provide clarity on how we are dealing with the new data protection laws at Grip by adhering to the new standards that will, in fact, make the need for matchmaking at exhibitions even more important.

Germany as a front-runner in events and data protection

Luckily, we also know that the events world does not have to suffer under these new regulations as the German event organizers have already had similar laws for a number of years. At Grip, we already work with event organizers in Germany under these laws and have demonstrated the Grip Matchmaking Solution can be extremely successful under those data protection laws.


Grip Matchmaking Solution & GDPR

Below we will outline the various relevant definitions of GDPR and how Grip is dealing with them to comply with the new regulations.

Data Controller: The natural or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of personal data.

In an event setting, the event organizer is considered the Data Controller.


Data Processor: A natural or legal person, public authority, agency or other bodies which processes personal data on behalf of the controller;

In an event setting, Grip is considered a Data Processor who processes personal data on behalf of the organizer which are covered under the Data Processing Terms the Data Controller (Event Organizer) and the Data Processor (Grip) agree on.


Legitimate Interest: The most flexible lawful basis for processing, but you cannot assume it will always be the most appropriate. It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.


For the Grip Matchmaking Solution, this means that organizers can share the information of all attendees, exhibitors and exhibitor representatives with Grip as there is a legitimate interest that someone that registers for an event will want to have access to the exhibitor list, event program and other information.

It does however not mean that we can display the information of visitors on Grip without them having pro-actively logged into Grip and having consented to our Terms of Use and Privacy Policy. We have therefore made it possible to only display active users across our platform.


Marketing Consent: Whereas “transactional” emails such as sending someone their registration badge falls under Legitimate Interest sending a mass email to promote a particular exhibitor or speaker does not. It is therefore required for organizers to get specific, optional, informed and specific consent for marketing communications.


For the Grip Matchmaking Solution, this means that we offer organizers the possibility of telling us which users they have marketing consent for. We use this information to determine who we send a mass-welcome email to our platform. People that have opted out marketing can still log in, but do not receive a welcome email to our platform.


Third parties: Means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;


For the Grip Matchmaking Solution this mean services such as Mailgun (Email Service Provider) or Mixpanel (Analytics). Both are named in our Privacy Policy and are covered under the EU-US Privacy Shield. Without these services, it would be impossible to provide the Grip service.


Data Processing Terms: Any business that is subject to the EU General Data Protection Regulation (GDPR) as a Controller needs to have in place an appropriate contract with any other Controller that it jointly shares data with if that Controller particularly is outside the EU. More importantly, any Controller that is subject to GDPR needs to have in place an appropriate Data Processing Agreement with any third party that it shares data with where that third party is a Processor. as defined under GDPR.


For the Grip Matchmaking Solution, this means that we have decided to publish our standard Data Processing Agreement on our website. In collaboration with the Event Organizer changes can be made to the Data Processing Agreement for specific events.


Right to object to processing for scientific, historical or statistical purposes: a controller must have a lawful basis for processing personal data. However, where that lawful basis is either "public interest" or "legitimate interests", those lawful bases are not absolute, and data subjects may have a right to object to such processing.

A crucial part of the Grip Matchmaking Solution is the Grip Matchmaking Engine and we rely on Legitimate Interest to process the data of an individual for scientific, historical and statistical purposes.

However, when a user logs into Grip we offer them the option to Opt-In to continued anonymized processing for scientific, historical or statistical purposes. Although many event solutions do not obtain this consent at Grip we have decided that we want to be transparent and provide users with an option to not take part in us using their anonymized usage data to improve the Grip Matchmaking Engine.

GDPR Data Flows

Grip Legal Documents: Privacy Policy: Terms of Use: Acceptable Use Policy: