Data privacy information
I. Name and address of the controller
The controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions pertaining to data privacy and protection laws is:
Saksalais-Suomalainen Kauppakamari (Deutsch-Finnische Handelskammer e.V.)
Unioninkatu 32 B
00100 Helsinki Finland
Phone: +358 (0)9 6122 120
Email: info(at)dfhk.fi
Website: www.ahkfinnland.de
II. Name and address of the contact person
The contact person of the controller is:
Tuulia Kolkka
Head of Legal
Saksalais-Suomalainen Kauppakamari
Unioninkatu 32 B
00100 Helsinki
Phone: +358 (0)50 345 5044
Email: tuulia.kolkka@dfhk.fi
Website: www.ahkfinnland.de
III. General information regarding data processing
1. Scope of processing of personal data
In principle, we collect and use personal data of our users only to the extent necessary to provide a functioning website as well as for our content and services. The processing of personal data of our users is carried out generally only after consent is given by our users. An exception applies in cases where prior consent cannot be obtained for practical reasons and where the processing of data is permitted on the basis of statutory provisions.
2. Legal basis for the processing of personal data
To the extent that we obtain consent from the data subject for the processing of personal data, Section 6 Subsection 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data. For the processing of personal data required to execute a contract whose contractual party is the data subject, Section 6 Subsection 1 lit. b GDPR serves as legal basis. This also applies to processing that is required for the execution of pre-contractually measures. If such processing is required to maintain a legitimate interest of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest, Section 6 Subsection 1 lit. f GDPR serves as legal basis for such processing.
3. Data deletion and duration of storage
Personal data of the data subject will be deleted or blocked as soon as the purpose of storing such data no longer applies. Storage beyond such a period can take place if such storage is prescribed by the European or national legislative body in provisions pertaining to European Union law or other provisions the data subject is subject to. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
IV. Provisioning of website and creation of logfiles
1. Description and scope of data processing
Any time our web page is visited, our system collects data and information in an automated fashion from the computer system of the accessing computer. The following data is collected in the process: IP address; date & time of access; time difference to Greenwich Mean Time (GMT); content of access (accessed pages); Access status/HTTP status code; amount of data transferred in each case; website from which the request originates; browser; operating system and its interface; language and version of the browser software; Internet service provider (ISP).
2. Legal basis for the processing of data
Legal basis for the temporary storage of data and the logfiles is Section 6 Subsection 1 lit. f GDPR. Our legitimate interest is to ensure the correct provision, stability and security of our website.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to facilitate provision of the website to the computer of the user. To do so, the IP address of the user must remain stored for the duration of the session.
Storing of logfiles is effected to ensure the functionality of the website. In addition, such data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of such data for marketing purposes will not be carried out in this context.
4. Duration of storage
Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. In the event of collection of data for the provisioning of the website this is the case whenever the respective session ends.
In the event of data storage in logfiles data will be deleted after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that an allocation of the accessing client is no longer possible.
5. Option for objection and removal
Collection of data for the provisioning of the website and storing of data in logfiles is essential for the operation of the web page. Consequently, the user has no possibility to object.
V. Use of cookies
a) Description and scope of data processing
We use cookies to make our website more user-friendly. Some elements of our web page require that the accessing browser can also be identified when the user moves from one page to the next. No personal data is collected, but it may be personally identifiable.
We use cookies to store information about fonts, CSS files and for statistical analysis in order to improve the content and quality of the website.
b) Legal basis for the processing of data
Legal basis for the processing of personal data while using technically required cookies is Section 6 Subsection 1 lit. f GDPR.
Legal basis for the processing of personal data while using cookies for analytical purposes is Section 6 Subsection 1 lit. a GDPR if the respective consent of the user has been given.
c) Purpose of data processing
The purpose of using technically required cookies is the simplification of use of the website for the users. Some functions or our web page cannot be provided without the use of cookies. For such it is necessary that the browser is also recognized when the user moves from one page to the next.
d) Duration of storage, option for objection and removal
Cookies are stored on the computer of the user and transmitted to our website. As a user, you therefore have full control over the use of cookies. By changing your browser’s settings, you may disable or limit the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done in an automated fashion. If cookies are disabled for our website, it is possible that not all functions of the website may be used to their full extent.
VII. Registration
(application for membership, event registration, ordering of publications)
1. Description and scope of data processing
On our web page we give our users the option to register by providing personal data. In the process, data is entered into an input mask, transmitted to us and stored. The data will not be passed on to third parties.
The following data is collected as part of the registration process:
· Company/Organization
· Postal Code, Place, Country
· Mailing Address
· Visitor address (if different from the mailing address)
· Billing address (if different from the mailing address)
· Phone
· Webpage
· VAT ID no.
· Industry sector
· Name of the parent company or name(s) of the subsidiary(ies)
· Annual turnover with Finland or Germany
· Number of employees
· Membership fee per calendar year
· Person of contact
· Position within the company of the person of contact
· Phone of the person of contact
· E-mail of the person of contact
· Additional people that should be added to the mailing list for the newsletter and invitations (name, first name, position and e-mail address)
· Interest in services/networking/participation in events/contacts
· Optional: Information on how you became aware of the membership
· Optional: Permission to publish the contact details of the specified contact person in the member directory (these can ONLY be viewed in the member area).
· Optional: Application for membership of the German-Finnish Chamber of Commerce, recognizing its statutes as binding
At the time of registration, also the following data is stored: Date and time of registration; Used browser; Operating system.
In course of the registration process, the user’s consent to the processing of this data is requested.
2. Legal basis for the processing of data
Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user has been given. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR.
3. Purpose of data processing
A registration of the user is required for the execution of a contract with the user, or for the execution of pre-contractual measures. The reason for registration can be an application for membership, interest in ordering publications or registration for an event.
More information can be found in the following documents:
· Information for membership applications
· Information for event registration
· Information for ordering publications
4. Duration of storage
Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.
5. Option for objection and removal
The users have at any time the option to cancel the registration. The stored personal data can be corrected at any time upon request. To correct or delete your data, please contact datenschutz@dfhk.fi.
If the data is still required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.
VIII. Contact form and email contact
1. Description and scope of data processing
On our web page, there is a contact form that can be used to contact us electronically. If a user makes use of this option, data entered into the input mask is transmitted to us and stored.
At the time the message is sent, also the following data is stored: Date and time of transmission, Used browser, Operating system.
For the processing of data in line with the sending of the message, we request your consent and refer to this data privacy information.
As an alternative, you may also contact us via the provided email address.
In such a case, the personal data of the user transmitted via email is stored. In this context, the data is not forwarded to third parties. The collected data is only used for the conversation.
2. Legal basis for the processing of data
Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user has been given. Legal basis for the processing of data transmitted in line with the sending of an email is Section 6 Subsection 1 lit. f GDPR.
If the purpose of the contact via email is entering into a contract, additional legal basis for processing is Section 6 Subsection 1 lit. b GDPR.
3. Purpose of data processing
The processing of personal data from the input mask only helps us to process the contact that was established and the communication that was sent by you. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data. Other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for personal data from the input mask of the contact form and for data sent via email if the respective conversation with the user is finished. The conversation is finished if it can be deduced from the circumstances that the respective matter is clarified in a concluding fashion. Other personal data collected during the sending process will be deleted after a period of three months at the latest.
5. Option for objection and removal
The user has the option to revoke his consent for the processing of personal data. If the user contacts us via email, he may object at any time to the storing of his personal data. In such a case, the conversation cannot be continued. The revocation of consent and objection to storage can be sent by e-mail to datenschutz@dfhk.fi. All personal data stored in the process of establishing contact will promptly be deleted in such a case.
IX. Map service
1. Description and scope of data processing
We use the OpenStreetMap (OSM) map service via the server of the OpenStreetMap Foundation (OSMF), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The map display is accessed with the user's consent. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation.
The following telemetry data is transmitted to the OSMF. OpenStreetMap may store cookies in your browser or use comparable recognition technologies for this purpose.
Telemetry data: IP address; date and time of the request; time zone difference to Greenwich Mean Time (GMT); content of the request (specific pages called up); access status/HTTP status code; amount of data transferred in each case; website from which the request comes; browser; operating system and its interface; language and version of the browser software, Internet service provider.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
3. Purpose of data processing
The processing serves to display a map for the purpose of location display and route planning.
4. Duration of storage
We have no influence on data processing by OpenStreetMap. We are not responsible for this data processing. All information on the handling of your data can be found in the OSMF data protection information, see here: https://osmfoundation.org/wiki/Privacy_Policy
5. Possibility of objection and removal
The user has the option to withdraw their consent to the processing of personal data at any time by deleting the underlying cookie in the browser or withdrawing it via the consent management.
X. Forwarding of personal data to third parties
1. Website operators / Hosting
As part of order processing, personal data is passed on to the agency commissioned to operate the website and the technical service provider. The order processing is regulated by a corresponding agreement with the service provider.
2. Invoicing system
Member and customer data required for invoicing purposes are transmitted to the companies EmCe and Basware. The order processing is regulated by a corresponding agreement with the service provider.
3. Third-party content
If the user has given their consent to the display of third-party content in the consent management, we will integrate content from other websites and providers on our website, each of which is responsible for the data processing thereby taking place in accordance with Art. 4 No. 7 DSGVO. The user’s end device establishes a direct connection to the server of the respective provider, whereby the provider at least collects and processes the user’s IP address and telemetry data to establish the connection and play out the content. Insofar as this is a process requiring permission under data protection law, the legal basis is the user’s consent to the display of the content. We have no knowledge of whether and, if so, to what extent further processing takes place. The providers may, for example, monitor the users’s behaviour and also create usage profiles, possibly also outside the EEA. The user can decide at any time not to display third-party content in the future ("revocation") by setting the corresponding setting in the consent management.
The possibly integrated content providers are the ones listed below.
4. Social media sharing button
General notice: Social media plugins usually lead to the fact that every visitor to a website is immediately captured by such services by means of his IP address and that his subsequent browser behavior is logged. This can also occur if the user does not press the button. To prevent this, we use the Shariff method. Here, our social media buttons only establish direct contact between the social network and the user only if the user clicks on the respective sharing button. This way, the user may publish our content in social networks without such networks being able to compile complete surfing profiles.
META (Facebook, Instagram)
Our website uses plugins of the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. By using the Shariff method, Facebook only gains knowledge of the user’s IP address and their visit to our website if they click the button. If the user uses the plugin while being logged in on Facebook, Facebook is able to allocate their use to their user account.
We have no knowledge of any subsequent potential collection and use of the user’s data by Facebook and also have no influence on such. More information can be found in the data privacy information of Facebook at de-de.facebook.com/policy.php. Regarding the general handling with and the disabling of cookies, we also refer to our general description in this data privacy information.
Our website uses the LinkedIn share plugin of the social network LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. By clicking the button, the user’s browser connects to LinkedIn to carry out the functions of the plugin. In this context, no personal data is stored by LinkedIn, and the use is also not recorded via a cookie. More information can be found in the data privacy information of LinkedIn at www.linkedin.com/legal/privacy-policy. Regarding the general handling with and the disabling of cookies, we also refer to our general description in this data privacy information.
Google maps
Our website uses the map software Google Maps from Google Inc. By using this website, the user agrees to the collection, processing and use of data that may be automatically collected by Google and its representatives. Further information on the purpose and scope of data collection and its processing by Google is available on this information page: Google Maps/Earth Additional Terms of Service – Google.
3. YouTube videos
In some instances, we have embedded YouTube videos on our website that are stored on the servers of the provider YouTube and that are playable by our website via such embedding. Embedding of the videos is carried out with the activated option for advanced data privacy settings. If these videos are played, YouTube cookies and DoubleClick cookies are stored on the user’s computer, and data is potentially transmitted to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the operator of YouTube.
When playing videos stored by YouTube, according to current information, at the very minimum the following data is transmitted to Google Inc. as operator of YouTube and operator of the DoubleClick network: IP address and cookie ID, the specific address of our accessed page, system date and time of access, browser ID. Transmission of such data is carried out independent of whether a Google user account exists via which the user is logged in or if the user does not have a user account. If the user is logged in, such data is potentially directly allocated to their account by Google. If such allocation to the user’s profile is not wanted, the user has to log out prior to activating the playback button for the video.
YouTube or Google Inc. store such data as usage profiles and, if applicable, use them for purposes of marketing, market research and/or for the demand-driven design of their websites. Such an analysis is carried out in particular (also for users who are not logged in) to provide demand-driven advertising and to inform other users about our user’s activities on our website. The user have the right to object to the creation of such usage profiles; to exercise this right, the user will have to contact Google as the operator of YouTube.
5. Website Analysis with Piwik PRO
We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.
We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.
We host our solution on Microsoft Azure in Germany, and the data is stored for 25 months.
The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 Subsection 1, lit. a) GDPR.
Piwik PRO does not send the data about the users to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.
XI. Rights of the data subject
The persons subject of the processing of personal data have the following rights:
· According to Art. 15 GDPR a right to information about the data processed by us
· According to Art. 16 GDPR a right to rectification if we process incorrect data about
· According to Art. 17 GDPR a right to erasure, unless there are exceptions as to why we still store the data,
e.g. statutory retention obligations or limitation periods
· According to Art. 18 GDPR a right to restriction of processing,
· In accordance with Art. 19 GDPR the right to notification of rectification, erasure or restriction of processing of personal data. Upon request we will inform the data subject about these procedures.
· In accordance with Art. 20 GDPR a right to data portability if we are to transfer the data subject’s data to another controller if this is technically feasible.
· In accordance with Art. 21 GDPR a right to object to processing in the public or legitimate interest, i.e. on the basis of Art. 6 Section 1 Subsection 1, lit. (e) or (f) GDPR. We will no longer process data if we cannot demonstrate compelling legitimate grounds. In the case of direct marketing or profiling, the data subject does not have to justify their objection (Art. 21 Subsection 2 GDPR), otherwise a justification arising from their person is necessary.
· According to Art. 7 para. 3 GDPR the data subject has the right to withdraw their consent at any time without giving reasons and with effect for the future if the data processing is based on consent (Art. 6 para. 1 lit. a GDPR).
For appeals pertaining to data privacy laws, you may contact the respective supervisory authority according to Art. 77 GDPR: Tietosuojavaltuutetun Toimisto, Lintulahdenkuja 4, 00530 Helsinki / PL 800, 00531 Helsinki.