Privacy policy
In the following, we inform you about the type, scope and purpose of processing your personal data in accordance with the General Data Protection Regulation (GDPR) when using our website "Ahk-App.org" and the associated AHK App.
Name and address of personal data operator
Responsible within the meaning of the GDPR and other national data protection laws of the Member States and other provisions of data protection law is:
Deutsch-Baltische Handelskammer in Estland, Lettland, Litauen e.V. (AHK Baltic States)
Breite Str. 29
10178 Berlin
Germany
Website: www.ahk-balt.org
Responsible for data protection issues: Joachim Veh
E-mail: [email protected]
General information on data processing
1. Scope of processing of personal data
As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and app, content and services. Processing our users' personal data is only done with their consent. The only exception is when it is not possible to gather prior consent for practical reasons and when processing data is permitted by law. An exception is made in cases where the processing of data is permitted by legal regulations.
2. Legal basis for the processing of personal data
In case we obtain the consent of the data subject for the processing of personal data, Article 6 (1) a GDPR serves as the legal basis for the processing of personal data. Article 6 (1) b GDPR serves as the legal basis for processing of personal data which is necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations which are necessary to carry out pre-contractual measures. Article 6 (1) f GDPR serves as the legal basis for the processing if it is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.
3. Data erasure and storage period
Data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Data may be stored if this is provided for in Union regulations by European or national legislators, laws or other legislation with which the data controller must comply. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
4. Data processors
As technical service providers for the operation of the website and app on the internet, we contracted Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, and KIT United SAS, 8 Rue de la Grande Chaumière, 75008 Paris, France, as data processors according to Article 28 GDPR.
Visiting the website
1. Scope of processing of personal data
Every time our website is viewed, our system automatically gathers data and information from the accessing computer’s system. This includes the following data:
(1) The type and version of the browser used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system reaches our website
This data is also stored in our system’s log files. This does not include the user’s IP address or other data that would enable data to be matched to a user. This and other personal data relating to the user is not stored.
2. Legal basis for the processing of personal data
The legal basis for the temporary storage of data is Article 6(1) f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary in order for the user’s computer to access the website. For this purpose, the user's IP address must remain stored for the duration of the session.
It is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems.
4. Data erasure and storage period
Data will be deleted at the end of the session if it is no longer necessary to set up the website.
Log file data is usually deleted after seven days at the latest. A storage of log file data for a longer period due to technical requirements or security aspects is possible. In this case users’ IP addresses are deleted or modified to prevent their identification.
5. Possibility of objection and removal
The collection and storage of data for the provision of the website and the storage of the data in log files is essential and cannot be objected to by the user.
Transfer of personal data to third parties
1. Cookies
Our website uses cookies. A cookie is a message that, subject to the user settings, is sent to its device when the user navigates on a website. The aim is to collect data regarding the internet navigation of the user to send tailor-made services to its device (computer, mobile phone or tablet).
The User’s consent is requested through a banner at the bottom of the Platform homepage. In case of consent, the User’s internet navigator shall automatically transmit to the Company the data collected and detailed under Article III.
KIT United SAS, as well as its subcontractors, uses a tracking technology on its terminal such as cookies whenever the user navigates on the Platform.
The cookies that are sent to the user's device and the respective purpose of processing are listed below
|
Service |
Cookies name |
Purpose |
Retention period |
|
Add to calendar |
addevent_track_cookie |
For the button “Add to calendar” an event |
NA |
|
Hivebrite |
remember_user_token |
Allows to keep the user session active and not ask the user to connect again |
1 year |
|
user_ID |
In order to identify the connected user |
1 session |
|
|
first_user_experience |
To identify if it is the first connexion of the user |
1 session |
|
|
cookie_eu_consent |
To know if the user accepted the Cookies policies |
1 year |
|
|
search_path |
Used for the user search |
1 session |
|
|
admin_id |
To identify which admin he/she is |
1 session |
|
|
Stripe |
__stripe_sid, |
For the online payments if Stripe is used |
1 year |
|
__stripe_mid, |
2 years |
||
|
__stripe_orig_props |
NA |
||
|
Paypal |
cookie_check, rmuc, ts, tsrce, ui_experience, x-pp-s, PYPF, enforce_policy, id_token, login_email |
For the online payments if Stripe is used |
NA |
|
|
last_linkedin_sync |
Last LinkedIn synchronization date, to ask the user to synchronize his/her Linkedin profile |
2 months |
|
Google analytics |
_ga |
For tracking the traffic |
2 years |
|
_gid |
1 year |
||
|
_gat |
1 min |
||
|
_gat_hivebriteTracker |
1 min |
The User may at all times configure its navigator in order to prevent the creation of cookie files.
However, certain functionalities of the services proposed by the Platform may not function properly without cookies. In addition, even if most navigators are configured by default and accept the creation of cookie files, the User has the possibility to choose to accept the creation of all cookies other than the functional cookies or to systematically decline them or to choose the cookies it accepts depending on the issuer by configuring the following settings:
Internet Explorer
Click on the settings menu, followed by “Internet Options”;
Under the “General” tab on the upper-left hand side, scroll down to “Browsing history”;
Check the "Temporary Internet files and website files," "Cookies and website data," "History," and "Download History" boxes;
Click on “Delete”;
Close out of Internet Explorer and reopen it for changes to take effect.
Firefox
Click on your Tools bar;
Click on “Preferences”;
On the menu to the right, select "Privacy";
Under the “history option”, there is a shortcut titled "clear your recent history", click on that;
Select only the top four options and hit clear now.
Safari
Click on “Safari” in the top left corner of the finer bar;
Click on “Preferences”;
Click on the “Privacy” tab;
Click on “Manage Website Data”;
Click on “Remove All”;
Click “Remove Now”.
Google Chrome
Click the Tools menu;
Click on “More tools”;
Clear browsing data;
At the top, choose a time range.
To delete everything, select “All time”;
Next to "Cookies and other site data" and "Cached images and files", check the boxes;
Click on “Clear data”.
2. Social media sharing button
There are Social Media Share Buttons on our website to post e.g. events in the corresponding networks. These buttons are not plug-ins, which normally lead to the fact that every visitor to the site is immediately recorded by these services with its IP address and its further browsing behaviour is logged. The social media buttons on our website are just links that lead to the registration pages of the respective networks.
For the use of the data that may be collected by the services when you log in or register there, we refer to the respective data protection declarations of the services:
Facebook: facebook.com/policy.php
Twitter: twitter.com/en/privacy
Xing privacy.xing.com/en
LinkedIn linkedin.com/legal/privacy-policy
3. YouTube Videos
There are occasionally YouTube videos embedded on our website, which are stored on the servers of the provider YouTube and can be played from our website via embedding. The embedding of the videos is done with the option for advanced privacy settings activated. When playing these videos, YouTube cookies and DoubleClick cookies are stored on your computer and may transfer data to Google Inc, Amphitheater Parkway, Mountain View, CA 94043, USA, as YouTube operator.
When playing videos stored on YouTube, at least the following data is currently transmitted to Google Inc. as YouTube operator and operator of the DoubleClick network: IP address and cookie ID, the specific address of the page we have called up, system date and time of the call, identification of your browser. This data is transmitted regardless of whether you have a Google user account through which you are logged in or whether you do not have a user account. If you are so logged in, Google may associate this information directly with your account. If you don't want this association to your profile, you'll need to log out before activating the play button for the video.
YouTube and Google Inc. store this data as user profiles and may use it for advertising, market research and/or the design of their websites to meet your needs. Such evaluation is carried out in particular (also for non-registered users) to provide advertising tailored to your needs and to inform other users about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google as the operator of YouTube to exercise this right.
4. Google Analytics
This website uses the "Google Analytics" service, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the use of the website by users. The service uses "cookies" - text files which are stored on your end device as described above. The information collected by the cookies is usually sent to a Google server in the USA and stored there.
You have the option of preventing the cookie from being stored on your device by making appropriate settings in your browser. If your browser does not allow cookies, there is no guarantee that you will be able to access all functions of this website without restrictions.
Furthermore, you can use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Here you will find further information on data use by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=en
5. MailChimp
For sending mass e-mail and newsletters, the AHK Baltic States uses the dispatch service provider MailChimp of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
MailChimp stores first and last name, company and e-mail address on the servers of MailChimp in the USA for the purpose of shipping on our behalf. MailChimp may use this information to optimize or improve its services, but MailChimp does not share this information with third parties or use it to send its own emails.
MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and is committed to comply with EU data protection regulations. We have concluded a data processing agreement with MailChimp, by which MailChimp commits itself to protect the data of our users, to process them according to the data protection regulations of MailChimp on our behalf and not to pass them on to third parties. The privacy policy of MailChimp can be found here: https://mailchimp.com/legal/privacy/.
E-mail and newsletters sent by the AHK Baltic States via MailChimp contain a so-called web beacon, which is retrieved by the MailChimp server when opening the mail or newsletter. Technical information, such as IP address and information about the browser, operating system and time of access are collected. MailChimp uses this information for technical improvement of its services. By means of the web beacon it can also be determined whether the mail/newsletter was opened by the recipient, when this happened and which links were clicked. This information can be assigned to individual recipients. This information is used by us to identify the reading habits of the recipients and to adapt the contents accordingly.
Data users provide to us
A) Registration
1. Scope of processing of personal data
When registering on the platform, the user is requested to provide is mandatory and optional personal data.
The User commits to only provide accurate, exhaustive, and regularly updated data regarding its identity, its content and any information in general. Under no circumstances shall the AHK Baltic States be liable for any data that is illegal contrary to public order provisions.
The data entered is collected by us and can be synchronized with the internal CRM of the respective Foreign Chamber of Commerce (AHK) where the user is registered as a member or member representative.
In the event the User does not consent to the collection of the above-mentioned date, it shall be informed that it cannot have access to the Platform.
2. Legal basis for the processing of personal data
In case we obtain the consent of the data subject for the processing of personal data, Article 6 (1) a GDPR serves as the legal basis for the processing of personal data. Article 6 (1) b GDPR serves as additional legal basis for the processing of data if purpose of the registration is the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures.
3. Purpose of data processing
Data is collected to identify the user as a representative of an AHK member company, to communicate with the user, to invite the user to AHK events, to conduct surveys and to offer, provide and invoice other services of the website and app.
4. Data erasure and storage period
Data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data are no longer required for the execution of the contract. After conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Data in the Hivebrite data backup is automatically deleted after 3 months. This data backup is necessary to ensure the technical stability of the platform.
5. Data processors
As technical service providers for the operation of the internal CRM of the AHK Baltic States we contracted Scoro Software OÜ, Reg.Nr. 10806081, Endla 15, 10122 Tallinn, Republic of Estonia as data processors according to Article 28 GDPR.
B) Posting, uploading and other data provided by the user
1. Scope of processing of personal data
Data and content provided by users is subject to the Terms of Use and is collected and shared with other users within the platform according to the services, e.g. Live Feed, Comments, Media Center, Private Messaging, Posts, Trip, Check-in, Surveys or Group, by means of which the data and content is provided.
Users are not required to post or upload personal information in the services described above, but the ability to expand the users’ network and connect with users’ network through our services is limited in this case.
2. Legal basis for the processing of personal data
In case we obtain the consent of the data subject for the processing of personal data, Article 6 (1) a GDPR serves as the legal basis for the processing of personal data. Article 6 (1) b GDPR serves as additional legal basis for the processing of data if purpose of the registration is the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures.
3. Purpose of data processing
The data provided by the users is collected in order to make it available to other users in the sense of the services used, thus enabling the users to get in contact with the other users.
The data is also used for internal anonymized statistical evaluation in order to improve the user experience of the platform.
4. Data erasure and storage period
Content and data provided by the user, e.g. via the functions Live Feed, Comments, Media Center, Private Messaging, Post, Trip, Check-in or Group can be deleted by the user himself at any time and cannot be viewed by other users immediately after deletion. After data and contents have been deleted, it remains stored in the data backup and will automatically deleted after 3 months. The data backup is necessary to ensure the technical stability of the platform.
5. Data processors
As technical service providers for the operation of the website and app on the internet, we contracted Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, and KIT UNITED for its HIVEBRITE solution, a French société par actions simplifiée with a capital of 284.280,00 Euros, registered with the Paris Companies register under the number 75339171300017, having its registered office at 8, rue de la Grande Chaumière, 75008 – Paris, as data processors according to Article 28 GDPR.
Rights of the data subject
According to the EU basic data protection regulation, you have the following rights:
Delete data: You can ask us to erase or delete all or some of your personal data (e.g., if you’re no longer representative of an AHK member).
Change or correct data: you can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s not correct.
Object to, or limit or restrict, use of data: you can ask us to stop using all or some of your personal data or to limit our use of it.
Right to access and/or take your data: you can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
Should you make use of your above-mentioned rights, we will check whether the legal requirements for this are fulfilled.
If you have any complaints regarding data protection, you can contact the responsible supervisory authority:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30,
D-53117 Bonn
Germany
Phone: +49 228 997799 - 0
Fax: +49 228 997799 - 550
E-mail: [email protected]
Internet: http://www.datenschutz.bund.de
Riga/Berlin, 05.05.2020