Data protection information
Part A of this data protection information provides you with information about the processing of your personal data in connection with the use of our website ahk-balt.org (hereinafter referred to as the "website") and the functions provided on it; in Part B, we inform you about local data protection requirements and special forms of processing.
I. Name and address of the responsible parties
The website is operated by DIHK and DIHK DEinternational GmbH, both located at Breite Straße 29, 10178 Berlin, with joint responsibility for specific topics shared with
German-Baltic Chamber of Commerce (hereinafter referred to as "AHK")
Strelnieku iela 1-4
Riga, LV-1010
Latvia
Tel.: 00371 67320718
liva.melbarzde@ahk-balt.org
We will be happy to provide you with excerpts from the joint responsibility agreement. Please contact ahk[at]ahk.de.
Processing operations for which the AHK is solely responsible are described below in Part B.
II. Name and address of the data protection officer
The data protection officer of the controller is:
Strelnieku iela 1-4
Riga, LV-1010
Latvia
Tel.: 00371 67320718
Email: vineta.skerite@ahk-balt.org
Website: ahk-balt.org
III. Provision of the website and creation of server log files
1. Data categories and description of data processing
The following data is processed each time our website is accessed:
· IP address;
· Date and time of access;
· Time zone difference to Greenwich Mean Time (GMT);
· Specific website accessed;
· Access status/HTTP status code;
· Amount of data transferred in each case;
· Website from which you came;
· Browser;
· Operating system and its interface;
· Language and version of the browser software;
· Internet service provider (collectively referred to as "server log files").
2. Legal basis and purpose of data processing
The legal basis for the processing of your data when you use our website is Art. 6(1)(e) para. 3 GDPR in conjunction with Section 10a IHKG, the public tasks assigned to us, in particular the representation of the overall interests of associated businesses in the Federal Republic of Germany at national, European and international level, the promotion of the commercial economy and the coordination and promotion of the AHK network, including delegate offices and representative offices, and the promotion of foreign trade by the Federal Republic of Germany. To promote this purpose, a functional website is provided and the associated processing of personal data takes place.
3. Duration of storage
Server log files are deleted after seven days at the latest.
In the event of an error, logs are also generated, which are then stored for a period of 30 days for error analysis and problem tracking and then deleted.
4. Recipients
The server log files are accessible to those employees of the controller who are responsible for maintaining the website. In this context, employees of DIHK DEinternational GmbH may have access to your personal data. For this reason, the AHK, DIHK and DIHK DEinternational GmbH have concluded a data protection group agreement that regulates the processing and transfer of personal data within the AHK network.
We also use third-party services on our website. Further information on these services and the associated data processing can be found in Part B and the cookie settings.
IV. Website analysis with PIWIK Pro Analytics Suite
1. Data categories and description of data processing
We use Piwik PRO Analytics Suite as our website analysis software. We collect data about website visitors in the form of server log files and on the basis of cookies. For an overview of the cookies set in this context, please refer to the following link: https://help.piwik.pro/support/privacy/cookies-created-for-piwik-pro-users/. For a description of the server log files, please refer to Section IV.1.
2. Legal basis and purpose of data processing
The purpose of using PIWIK PRO Analytics Suite is to track certain usage patterns, such as bounce rate, page views and session duration, in order to understand how our website is used. We may also create visitor profiles based on browsing history to analyse visitor behaviour, display personalised content and run online campaigns. The legal basis for analytics and conversion tracking is your consent in accordance with Art. 6(1)(a) GDPR.
3. Duration of storage
If you give us your consent for analytics and conversion tracking, we will store your personal data for a period of 25 months and then delete it, unless you have revoked your consent in this regard; in this case, we will no longer store any personal data after receiving your revocation. Your revocation only has effect for the future and has no effect on the processing of your data up to the time of your revocation.
4. Recipients
The recipients of your personal data are employees of DIHK DEinternational GmbH and the AHK who are responsible for maintaining the website. In addition, it may happen (e.g. in troubleshooting cases) that employees of PIWIK PRO Analytics Suite, the AHK and DIHK DEInternational GmbH gain access to your personal data. PIWIK PRO Analytics Suite uses third-party providers, some of which are based in the USA, to provide its services, which means that your personal data may be transferred to these third-party providers. Further information can be found in the PIWIK PRO privacy policy.
VI. Use of cookies
1. Data categories and description of data processing
We use Piwik PRO to manage consent and collect personal data via cookies for this purpose. We also use cookies to make our website more user-friendly. Cookies are small text files that are stored on your computer. For an overview of the cookies set in this context, please refer to the following link: https://help.piwik.pro/support/privacy/cookies-created-for-visitors-by-piwik-pro/. Some of the cookies we use are deleted from your hard drive at the end of your browser session ("session"). In addition, we also set permanent cookies that remain on your device in order to recognise you, for example, when you next visit our website.
If cookies are set, they process certain user information to an individual extent, as described in the link.
You can control the use of cookies at any time via your browser settings. There you have the option of deleting or blocking cookies. However, this may result in the functionality of our website being restricted. We also use social media buttons on our website; for more information, please refer to Section VIII.
2. Legal basis and purpose of data processing
The legal basis for the management of consent by PIWIK PRO is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in legally compliant and usage-specific consent management.
If personal data is also processed by individual cookies set by us, the processing is carried out on the following legal bases, depending on the cookie set:
· Necessary cookies: The processing of personal data by necessary cookies is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR, as these cookies are necessary for the proper functioning of the website. The setting of the cookie is also based on Section 25 (2) No. 2 TDDDG, according to which the storage of information on your device or access to information already stored on your device is absolutely necessary in order for us to provide a digital service expressly requested by you – our website.
· All other cookies: The setting of these cookies in accordance with Section 25 (1) TDDDG and the processing of personal data is based on your consent in accordance with Art. 6 (1) (a) GDPR. These cookies collect information about your use of our website, which we use to improve its functionality and your user experience.
3. Duration of storage
Data relating to the management of consent is stored for a period of 25 months.
You can find an overview of the cookies we set and their storage time at the following link: https://help.piwik.pro/support/privacy/cookies-created-for-visitors-by-piwik-pro/.
4. Recipients
Your personal data will be accessed by those employees of the controller who are responsible for maintaining the website. In addition, it may happen (e.g. in troubleshooting cases) that employees of PIWIK PRO gain access to your personal data. Insofar as PIWIK PRO employees have access to personal data, we have made the necessary arrangements to protect your personal data, in particular by concluding data processing agreements in accordance with Art. 28 GDPR, in which PIWIK PRO is obliged to maintain confidentiality.
VII. Map service
i. Data categories and description of data processing
We have integrated the map service "OpenStreetMap" ("OSM") into our website. This is a service provided by the OpenStreetMap Foundation, based at St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, which is responsible for OSM within the meaning of Art. 4 No. 7 GDPR.
The map display will only be shown after you have given your consent.
In order to display OSM, server log files are transmitted to the OpenStreetMap Foundation. For information on how your personal data is processed by the OpenStreetMap Foundation, please refer to the OpenStreetMap Foundation's privacy policy at https://osmfoundation.org/wiki/Privacy_Policy.
ii. Legal basis and purpose of data processing
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) (a) GDPR. The processing of your personal data serves to display a map for the purpose of location display and route planning.
iii. Duration of storage
For information on processing and storage periods, please refer to: https://osmfoundation.org/wiki/Privacy_Policy
iv. Recipients
The OpenStreetMap Foundation is the recipient of your personal data.
VIII. Automated decision-making and profiling
With the exception of the processing described in section V, we will not process your personal data for automated decision-making and/or profiling.
IX. Obligation to provide personal data
You may choose not to provide us with your personal data or provide us with incomplete data. In such cases, for example if you prevent the storage of cookies, you may not be able to use all the features of our website. If you wish to become a member and do not provide us with your personal data, we may not be able to process your membership application.
X. Rights of the data subject
You can contact the AHK directly either in writing or by email at liva.melbarzde@ahk-balt.org to exercise the following rights:
- Information about your data in order to check and verify it
- Receive a copy of your personal data
- Correction, deletion or restriction of processing; this also includes the right to complete incomplete or incorrect data by providing additional information,
- Right to object to processing; please note that, in accordance with Art. 21 GDPR, you have the right to object to the processing of personal data that we process on the basis of legitimate interests in accordance with Art. 6(1)(f) GDPR; a right to object to processing if this is based on reasons arising from your particular situation; if the objection is directed against the processing of personal data for direct marketing purposes, you have a general right to object without the need to specify a particular situation,
- You can receive your provided data in a structured, commonly used and machine-readable format and transmit this data to another controller, provided that you have given your consent to the processing or the processing is based on a contract.
If you have given us your consent to process your personal data, you can revoke this consent at any time with effect for the future.
You also have the right to lodge a complaint with a supervisory authority in relation to the processing of your personal data. To exercise this right, you can contact the authority responsible for your place of residence or the authority responsible for the AHK:
Datu Valsts inspekcija (Latvia)
Valstybinė duomenų apsaugos inspekcija (Lithuania)
Andmekaitse Inspektsioon (Estonia)
Part B
Local data protection requirements and special forms of processing:
I. Special forms of processing:
1. Newsletters
i. Data categories and description of data processing
On our website, you have the option of subscribing to a free newsletter, which we use to inform you about our services, events and current economic topics, for example. If you sign up for our newsletter, we will process the following personal data:
· First name,
· surname,
· Email address
We use the double opt-in procedure for registration for our newsletter. This means that after you register, we will send an email to the email address you provided, asking you to confirm your registration for the newsletter. The purpose of this procedure is to verify your registration and, if necessary, to prevent possible misuse of your personal data.
If you subscribe to our newsletter and have given us your consent, we will also evaluate your user behaviour, in particular to analyse how our newsletters are opened and used. In particular, we track
· whether and when you have opened our newsletter,
· which links are clicked on, and
· analyse how you interact with the content of our newsletter (collectively referred to as "newsletter tracking").
· This is achieved with the help of a small, invisible image file or code that is embedded in our website/email. When you visit our website/open the newsletter, this image file is downloaded from the server and your interaction with our newsletter is recorded. For the evaluation, we link server log files with the web beacon, your email address and add an individual ID.
ii. Legal basis and purpose of data processing
The legal basis for subscribing to our newsletter and its transmission is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent to receive the newsletter at any time. You can revoke your consent by clicking on the link at the end of the newsletter or by sending an email to liva.melbarzde@ahk-balt.org.
Your email address is collected in order to inform you about news from the AHK as requested.
The legal basis for newsletter tracking is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Newsletter tracking helps us to analyse and improve the effectiveness of our content. You can revoke your consent to newsletter tracking at any time by sending an email toliva.melbarzde@ahk-balt.org .
iii. Duration of storage
Your personal data will be processed until you withdraw your consent. As part of regular checks (approx. every 2 years), we will ask you from time to time whether you are still interested in receiving our newsletter. If you do not confirm such interest, we will stop sending you the newsletter. You always have the option to subscribe to our newsletter.
iv. Recipients
In order to send you our newsletter, we use the services of external service providers, some of whom are located outside the EU. In such situations, we conclude processing agreements that include EU standard contractual clauses, unless an adequacy decision exists. You can view the EU standard contractual clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
We use personalised newsletter tracking to optimise our newsletter service. In addition to your email address, we also record activities related to the newsletter dispatch (click behaviour).
v. Right to object and right to erasure
The user concerned can unsubscribe from the newsletter at any time by objecting. For this purpose, there is a corresponding link in every newsletter. Alternatively, you can also send us an email: liva.melbarzde@ahk-balt.org
2. Registration as a member
Data categories and description of data processing
On our website, we offer you the opportunity to apply for membership. For this purpose, we process
· the amount of the membership fee, which is based on the size of the company,
· information about the company, such as company name, street, house number, postcode, town, email address, number of employees,
· contact details such as first name and surname, language skills, telephone number and email address.
The above data are mandatory fields in the form integrated into our website.
You can also voluntarily provide us with the following additional data:
· whether you would like a so-called premium membership,
· the position of the contact person,
· additional contact persons, for example from management, human resources, marketing and finance, in each case specifying in particular
o first name and surname,
o Function,
o language skills,
o telephone number, and email address.
Server log files are also processed at the time of application.
i. Legal basis and purpose of data processing
The legal basis for the processing of data marked as mandatory fields is Art. 6 (1) (b) GDPR, i.e. processing is necessary for the implementation of pre-contractual measures – in particular the review of your membership application – which is carried out at your request.
The legal basis for the processing of data that is not marked as mandatory and that you provide to us voluntarily is your consent in accordance with Art. 6 (1) (a) GDPR. The information you provide voluntarily helps us to obtain a more complete picture of your membership.
ii. Duration of storage
We store the data marked as mandatory fields for as long as you maintain your membership application. You will receive separate data protection information for members.
You can revoke your consent at any time with regard to the data you voluntarily provide to us. You can declare your revocation by emailing liva.melbarzde@ahk-balt.org. We will store your data until we receive a corresponding revocation.
iii. Recipients
Your personal data will be accessed by those AHK employees who are responsible for processing membership applications. In addition, employees of other German Chambers of Commerce Abroad or employees of the DIHK or DIHK DEInternational GmbH (collectively referred to as the "AHK network") may also have access to your personal data, as the AHK receives support from DIHK DEinternational GmbH and DIHK for central services such as controlling, accounting, office, process and quality management, and IT services. We have concluded an internal group data transfer and processing agreement with the AHK network for this purpose.
In this context, we may also use external service providers, some of which are located outside the EU. In such situations, we conclude processing agreements that include EU standard contractual clauses, unless an adequacy decision exists. You can view the EU standard contractual clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
3. Contact form and email contact
i. Data categories and description of data processing
If you use the contact form on our website to contact us, we will process
· your full name,
· your company,
· your email address and
· a message. The data mentioned is marked as a mandatory field.
You can also voluntarily provide us with the following information:
Your telephone number
We also process server log files (see IV.1) in addition to your personal data described here when you access our contact form.
As an alternative to our contact form, you can also contact us via the email address provided.
In this case, the user's personal data transmitted with the email will be processed.
ii. Legal basis and purpose of data processing
The legal basis for the processing of your data marked as mandatory fields is your enquiry to us in accordance with Art. 6 (1) (b) GDPR. The same applies to any contact you make with us by e-mail.
The legal basis for data that is not marked as a mandatory field and that you provide to us voluntarily is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with regard to the data you provide to us voluntarily. You can declare your revocation by emailingliva.melbarzde@ahk-balt.org . We will store your data until we receive a corresponding revocation.
We process your personal data in order to process and respond to your enquiry.
iii. Duration of storage
Your personal data will be deleted as soon as your enquiry has been answered conclusively. If you have given us your consent, we will process your data until you withdraw your consent or your enquiry has been answered conclusively.
iv. Recipients
Your personal data will be accessed by those AHK employees who are responsible for responding to enquiries. In addition, employees of DIHK DEinternational GmbH and/or other AHKs may also have access to your personal data. For this purpose, we have concluded an internal data transfer and processing agreement with the AHK network, which includes the EU standard contractual clauses. You can view the EU standard contractual clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
4. Cookies
In addition to the Piwik cookies described in Part A, the following cookies are also set by this local website:
Outlook: If you use functions on our website that are provided by Microsoft Outlook or Microsoft 365, such as calendar bookings, embedded forms, etc., this is a service provided by Microsoft (hereinafter referred to as "Microsoft") and embedded in our website. Microsoft sets the following cookies on your device:
The overview shows that some cookies are deleted from your device at the end of your browser session. In addition, some cookies are so-called "necessary cookies": these cookies are required for our website to function and display properly.
The legal basis for setting these cookies is your consent in accordance with Art. 6 (1) (a) GDPR, with the exception of necessary cookies, which may be set in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest, as these cookies are necessary for the proper functioning of the website. The setting of cookies is also based on Section 25(2)(2) of the German Telemedia Act (TDDDG), according to which the storage of information on your device or access to information already stored on your device is absolutely necessary in order for us to provide a digital service that you have expressly requested – our website. For more information on data processing by Microsoft, please refer to the Microsoft Privacy Policy.
YouTube: Our website embeds videos hosted on the "YouTube" platform. This is a service provided by Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "YouTube"). When you visit our website, which has a YouTube video embedded in it, YouTube stores cookies and similar technologies on your device to collect website visitor information:
The overview shows that some cookies are deleted from your device at the end of your browser session; these cookies are known as "session cookies".
The legal basis for setting these cookies is your consent in accordance with Art. 6 (1) (a) GDPR. For more information on data processing by YouTube, please refer to Google's privacy policy: How Google uses cookies – Privacy Policy & Terms of Service – Google
5. Social media buttons:
On our website, you will find social media buttons for the following social networks:
i. LinkedIn
The operator of the social media button is LinkedIn Ireland Unlimited Company (hereinafter referred to as "LinkedIn"), Wilton Place, Dublin 2, Ireland. When you click on the social media button, your browser connects to LinkedIn's servers. Your personal data is transmitted to LinkedIn in the process. If you are logged into your LinkedIn account while visiting our website, LinkedIn can assign this information to your personal LinkedIn account. Information on the processing of your personal data by LinkedIn can be found in LinkedIn's privacy policy atwww.linkedin.com/legal/privacy-policy . The legal basis for your use of the social media button is your consent in accordance with Art. 6 (1) (a) GDPR.
ii. YouTube videos
If we embed YouTube videos on our website, these videos are hosted on servers belonging to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "YouTube"). We have integrated the videos using the so-called "advanced privacy settings". This means that your personal data is not transmitted directly to YouTube when you visit our website. Only when you actively click on the video to play it will your personal data – in the form of server log files and cookie IDs – be transmitted to YouTube, and only at this point will cookies be set by YouTube.
This data is transferred regardless of whether you have a Google user account that you are logged into or whether you do not have a user account. If you are logged into a Google account while visiting our website, this data will be assigned to your account by Google. If you do not want this data to be assigned to your Google account, you must log out of your Google account before activating the video. For information on the processing of your personal data by YouTube, please refer to YouTube's privacy policy, which you can access here: Privacy Policy – Privacy Policy & Terms of Service – Google
iii. Facebook
The operator of the social media button is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. If you click on the social media button while you are logged into your Facebook account, Facebook can assign your use to your user account.
For more information about how Facebook handles personal data when you use Facebook, please refer to Facebook's privacy policy atde-de.facebook.com/policy.php .
iv. Instagram
The operator of the social media button, which displays a camera icon, is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as "Instagram"). When you click on the social media button, your browser establishes a direct connection to Instagram's servers and your personal data is transmitted. If you are logged into your Instagram account while visiting our website, Instagram will link your visit to our website to your account. Information on data processing by Instagram can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy.
v. X
The operator of the social media button X is Twitter International Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland (hereinafter referred to as X). If you click on the retweet button, your personal data will be transmitted to X. If you are logged into your X account while visiting our website, X can assign this information to your X account. For more information on data processing by X, please refer to X's privacy policy.
vi. Xing
The operator of the social media button for the social network Xing is New Work SE (hereinafter referred to as "XING"), Am Strandkai 1, 20457 Hamburg, Germany. When you click on the XING social media button, your browser connects to the Xing servers. Your personal data is then transmitted to Xing. If you are logged into your XING account while visiting our website, XING can assign this information to your personal XING account. Information on the processing of your personal data by XING can be found in Xing's privacy policy atwww.xing.com/privacy .
i. Support for expansion abroad – appointment booking option at a local AHK
ii. Data categories and description of data processing
If you have taken advantage of the "Support for expansion abroad" offer on the AHK.de website, entered your personal data there and have now been redirected to our website via the appointment link, we will now process your personal data in order to offer you an appointment with a suitable contact person. For this reason, we process the following data categories:
· Your first and last name,
· Your business email address,
· the general background information you provided, such as region, industry and desired service, and
· the date and time of your chosen appointment.
If you have also entered the following voluntary personal data on the AHK.de website, such as
· your business telephone number,
· company name,
· company size, in particular number of employees, and
· questions and comments that you can enter in a free text field,
then we will also process this data.
iii. Legal basis and purpose of data processing
The legal basis for processing the data originally marked as mandatory fields, along with the date and time of your desired appointment, is your enquiry to us in accordance with Art. 6(1)(b) GDPR.
The legal basis for data that is not marked as a mandatory field and that you provide to us voluntarily is your consent pursuant to Art. 6(1)(a) GDPR. The information you provide voluntarily helps us to obtain a more complete picture of your membership.
iv. Duration of storage
Your personal data will be processed for the duration of the expansion support.
v. Recipients
Your personal data will be accessed by those AHK employees who are responsible for responding to your enquiry. In addition, employees of DIHK DEinternational GmbH and/or other AHKs may also have access to your personal data. For this purpose, we have concluded an internal data transfer and processing agreement with the AHK network, which includes the EU standard contractual clauses. You can view the EU standard contractual clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.