1. Name and address of the controller
The controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions pertaining to data privacy and protection laws is:
German American Chamber of Commerce of the Midwest, Inc
150 N Michigan Ave, 35th Floor
Chicago, IL 60601
Phone: +1 (312) 644 2662
Email: info(at)gaccmidwest.org
Website: www.gaccmidwest.org
2. Name and Address of the representative in the EU
The representative of the controller in the sense of the General Data Protection Regulation in the EU is:
German Chamber of Commerce and Industry (DIHK)
Breite Straße 29
10178 Berlin
Germany
Tel.: +49 (0)30 20308-0
Email: info(at)dihk.de
Website: www.dihk.de
3. General information regarding data processing
I. Scope of processing of personal data
In principle, we collect and use personal data of our users only to the extent it is required to provide a functioning website as well as for our content and services. The processing of personal data of our users is carried out regularly only after consent is given by our users. An exception applies in cases in which a previous obtaining of a consent is not possible for actual reasons and where the processing of data is permitted on the basis of statutory provisions.
II. Legal basis for the processing of personal data
To the extent that we obtain consent from the data subject for the processing of personal data, Section 6 Subsection 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data. For the processing of personal data required to execute a contract whose contractual party is the data subject, Section 6 Subsection 1 lit. b GDPR serves as legal basis. This also applies to processing that is required for the execution of pre-contractually measures. If such processing is required to maintain a legitimate interest of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest, Section 6 Subsection 1 lit. f GDPR serves as legal basis for such processing.
III. Data deletion and duration of storage
Personal data of the data subject will be deleted or blocked as soon as the purpose for storing such data no longer applies. Storage beyond such a period can be effected if such storage is prescribed by the European or national legislative body in provisions pertaining to European Union law or other provisions the data subject is subject to. Blocking or deletion of data is also effected if a storage period expires that is prescribed by the cited standards, unless there is a requirement for further storage of such data to enter into a contract or to execute a contract.
4. Provisioning of website and creation of logfiles
I. Description and scope of data processing
Any time our web page is visited, our system collects data and information in an automated fashion from the computer system of the accessing computer. The following data is collected in the process:
(1) Information regarding the browser type and the version used
(2) The operating system of the user
(3) The internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites that are accessed by the system of the user via our website
II. Legal basis for the processing of data
Legal basis for the temporary storage of data and the logfiles is Section 6 Subsection 1 lit. f GDPR.
III. Purpose of data processing
The temporary storage of the IP address by the system is necessary to facilitate delivery of the website to the computer of the user. To do so, the IP address of the user must remain stored for the duration of the session.
Storing of logfiles is effected to ensure the functionality of the website. In addition, such data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of such data for marketing purposes will not be carried out in this context.
Our legitimate interest in data processing pursuant to Section 6 Subsection 1 lit. f GDPR also rests on these purposes.
IV. Duration of storage
Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. In the event of collection of data for the provisioning of the website this is the case whenever the respective session ends.
In the event of storing of data in logfiles this is after seven days the case at the latest. Storage to exceed such a period is not possible. In such a case, the IP addresses of the users are deleted or redacted so that an allocation of the accessing client is no longer possible.
V. Option for objection and removal
Collection of data for the provisioning of the website and storing of data in logfiles is required for the operation of the web page. Consequently, the user has no possibility to object.
5. Use of cookies
I. Description and scope of data processing
We use cookies to make our website more user-friendly. Some elements of our web page require that the accessing browser can also be identified when the user moves from one page to the next. No personal data is collected in the process.
To do so, the following files are stored and transmitted in the cookies:
(1) fonts = standard cookie variable used by us to reload the fonts in the browser after a page refresh.
(2) fullcss = standard cookie variable used by us to reload the CSS file in the browser after a page refresh.
Maximum cookie lifetime: 730 days
In addition, we use on our website cookies that enable an analysis of the surfing behavior of users.
When visiting our website, the users are informed via web banner about the use of cookies for analytical purposes and referred to this data privacy statement. In this context, it is also pointed out how the storing of cookies can be disabled in the browser settings. This service is provided via the Consent Manager of the Piwik PRO Analytics Suite.
Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
We use cookies of the Piwik PRO Analytics:
_pk_id = Used to recognize visitors and hold their various properties. Expires after: 13 months if user consents; expires after 30 minutes if user does not consent
_ppms_privacy = Stores visitor’s consent to data collection and usage. Expires after: 365 days
_pk_ses = Shows an active session of the visitor. Expires after: 30 minutes
II. Legal basis for the processing of data
Legal basis for the processing of personal data while using technically required cookies is Section 6 Subsection 1 lit. f GDPR. Legal basis for the processing of personal data while using cookies for analytical purposes is Section 6 Subsection 1 lit. a GDPR if the respective consent of the user is on hand.
III. Purpose of data processing
The purpose of using technically required cookies is the simplification of use of websites for the users. Some functions or our web page cannot be provided without the use of cookies. For such it is necessary that the browser is also recognized when the user moves from one page to the next. We need cookies for the following applications:
(1) fonts = standard cookie variable used by us to reload the fonts in the browser after a page refresh.
(2) fullcss = standard cookie variable used by us to reload the CSS file in the browser after a page refresh.
Maximum cookie lifetime: 730 days
User data collected via technically required cookies is not used to create user profiles. The use of analytical cookies also serves to improve the quality of our website and its content. From analytical cookies we gain knowledge of how the website is used; we are then able to constantly optimize our services.
We use cookies of the Piwik PRO Analytics:
_pk_id = Used to recognize visitors and hold their various properties. Expires after: 13 months if user consents; expires after 30 minutes if user does not consent
_ppms_privacy = Stores visitor’s consent to data collection and usage. Expires after: 365 days
_pk_ses = Shows an active session of the visitor. Expires after: 30 minutes
IV. Duration of storage, option for objection and removal
Cookies are stored on the computer of the user and transmitted from such to our website. This is why you as the user have full control of the use of cookies. By changing your browser’s settings, you may disable or limit the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done in an automated fashion. If cookies are disabled for our website, it is possible that not all functions of the website may be used to the full extent.
6. Newsletter
I. Description and scope of data processing
On our web page, there is the option to subscribe to a free newsletter. During the registration for the newsletter, data from the input mask added by iFrame is transmitted to the service provider Constant Contact commissioned by us for email marketing software providers. The following data is collected: - Email address - First name - Last name - Company - State Furthermore, the following data is collected upon registration: - Date and time of registration As part of the registration process, consent of the user is obtained to process the aforementioned data. We also refer to this data privacy statement. In connection with the processing of data for the sending of newsletters, with the exception of the provider of email marketing software, data is not forwarded to third parties. Such data is only used for the newsletter to be sent to you.
II. Legal basis for the processing of data
Legal basis for the processing of data after registration for the newsletter by the user is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand. To the extent this pertains to the sending of a newsletter in line with membership to registered data of our database, legal basis is Section 6 Subsection 1 lit. b GDPR.
III. Purpose of data processing
If contact is established via email, our required legitimate interest is also in the processing of such data. Other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
IV. Duration of storage
Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. The email address of the user is therefore stored for as long as the newsletter subscription is active.
V. Newsletter tracking
To optimize our newsletter offer, we use personalized newsletter tracking. In this context, besides the email address, our service provider Constant Contact also collects activities connected to the newsletters (click behavior).
VI. Option for objection and removal
A newsletter subscription may be cancelled by the respective user at any time. A special link is provided in every newsletter for this purpose.
Alternatively, you may also send an email to unsubscribe(at)gaccmidwest.org.
7. E-Mail contact
I.Description and scope of data processing
You may contact GACC Midwest via the provided email addresses. In such a case, the personal data of the user transmitted via email is stored. In this context, such data is not forwarded to third parties. Such data is only used for the processing of the conversation.
II. Legal basis for the processing of data
Legal basis for the processing of data transmitted in line with the sending of an email is Section 6 Subsection 1 lit. f GDPR. If the purpose of the contact via email is the entering into a contract, the additional legal basis for processing is Section 6 Subsection 1 lit. b GDPR.
III. Purpose of data processing
If contact is established via email, our required legitimate interest is also in the processing of such data. Other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
IV. Duration of storage
If contact is established via email, our required legitimate interest is also in the processing of such data. Other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems. Data involved in further correspondence is stored and deleted according to our data retention policy.
V. Option for objection and removal
The user has the option to revoke their consent for the processing of personal data. If the user contacts us via email, they may object at any time to the storing of their personal data. In such a case, the conversation cannot be continued.
You may send your revocation of consent and objection to storage in writing via email to unsubscribe(at)gaccmidwest.org.
All personal data stored in the process of establishing contact will be deleted in such a case.
8. Forwarding of personal data to third parties
I. Website operators
In line with processing, personal data is forwarded to the agency commissioned to run the website as well as to the technical service provider. Such is regulated via a corresponding agreement with the service provider.
II. Website Analysis with Piwik PRO
We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.
We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.
We host our solution on Microsoft Azure in Germany, and the data is stored for 25 months.
The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.
Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.
III. Social Media Sharing Button
General note: Normally, social media plugins mean that the IP address and additional browsing behaviour of all website visitors will be tracked. This can be the case even if you have not clicked on the button. To avoid visitors being tracked, we are using the Shariff Method. This means that a connection between the visitor and the social media network is only established once the respective share button has been clicked. If you are already logged-in to a social media network, there will not be a separate window for Google+ and Facebook. With Twitter, there will be a pop-up window giving you the opportunity to edit your tweet. Thus, you can share our content in social media networks without giving these networks the opportunity to create a complete tracking profile.
X (formely known as Twitter)
Our website uses plugins of the social media network X, Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, United States of America. Because we use the Shariff Method, they will only learn about your IP-address and your visit on their website, once you have clicked on the sharing button.
We have no knowledge of or influence on any possible further collection and use of your personal data by Twitter. You can find more information on Twitter’s privacy policy on: https://twitter.com/en/privacy . Please also see above in this privacy policy for our general information about the use and deactivation of cookies.
Our website uses plugins of the social media network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, United States of America. Because we use the Shariff Method, Facebook will only learn about your IP-address and your visit on their website, once you have clicked the sharing button. Should you click on the button whilst being logged into Facebook, Facebook will be able to connect this visit to your user account.
We have no knowledge of or influence on any possible further collection and use of your personal data by Facebook. You can find more information in Facebook’s privacy policy on: https://www.facebook.com/privacy/policy . Please also see above in this privacy policy for our general information about the use and deactivation of cookies.
Our website uses the LinkedIn share plugin from the social media network LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you click on this button, your browser will connect with LinkedIn in order to use the functions of the plugin. In this process, LinkedIn will store none of your personal data and your usage will not be tracked via a cookie. You can find more information on LinkedIn’s privacy policy on: www.linkedin.com/legal/privacy-policy . Please also see above in this privacy policy for our general information about the use and deactivation of cookies.
Our website uses the Xing Share Plugin from the social media network Xing, XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. When you click on this button, your browser will connect with Xing to enable the operation of this plugin. Xing will not store any of your personal data and your usage will not be tracked via a cookie. You can find more information on Xing’s privacy policy on: www.xing.com/privacy. Please also see above in this privacy policy for our general information about the use and deactivation of cookies.
IV. YouTube videos
In some instances, we have embedded YouTube videos on our website that are stored on the servers of the provider YouTube and that are playable by our website via such embedding. Embedding of the videos is carried out with the activated option for advanced data privacy settings. If you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer, and data is potentially transmitted to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as the operator of YouTube. When playing videos stored by YouTube, according to current information, at the very minimum the following data is transmitted to Google Inc. as operator of YouTube and operator of the DoubleClick network: IP address and cookie ID, the specific address of our accessed page, system date and time of access, your browser ID. Transmission of such data is carried out independent of whether you have a Google user account via which you are logged in or you do not have a user account. If you are logged in, such data is potentially directly allocated to your account by Google. If you do not want such allocation to your profile, you have to log out prior to activating the playback button for the video. YouTube or Google Inc. store such data as usage profiles and, if applicable, use such for purposes of marketing, market research and/or for the demand-driven design of their websites. Such an analysis is carried out in particular (also for users who are not logged in) to provide demand-driven advertising and to inform other users about your activities on our website. You have the right to object to the creation of such usage profiles; to exercise your right, you will have to contact Google as the operator of YouTube.
V. Google Maps
This website uses the web mapping service Google Maps of Google Inc. By using this website you give your consent to the collection, processing and exploitation of data potentially collected in an automated fashion by Google and its representatives. Terms of use of Google Maps Further information pertaining to the purpose and scope of data collection and processing by Google can be found on this information page.
VI. Event Registration via Constant Contact
a) Description and scope of data processing Our website contains links to other service providers. For event registrations we use the online marketing company Constant Contact, where users have to provide certain personal data to register for our events. During this process, data is entered into an input mask, transmitted to Constant Contact and us, and also stored. The following data is collected in line with the registration process: - First Name - Last Name - Email Address - Job Title - Company name - State - Member – yes/no - Dietary Restrictions In the process, your use is also recorded via cookies, to evaluate email marketing campaigns. More information can be found in the data privacy statement of Constant Contact at www.constantcontact.com/legal/privacy-statement Regarding the general handling with and the disabling of cookies, please always refer to the description in our data privacy statement. As part of the registration process, consent of the user is obtained to process the aforementioned data.
b) Legal basis for the processing of data Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR.
c) Purpose of data processing A registration of the user is required for the execution of a contract, or for the execution of pre-contractual measures. More information can be found in our information requirements: Information requirements for event registration
d) Duration of storage Data is deleted as soon as it is no longer required to fulfill the previously described purpose. This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures as long as such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.
e) Option for objection and removal As a user, you have the option to cancel the registration and to amend your stored personal data at any time. To amend or delete your data, please contact unsubscribe(at)gaccmidwest.org. If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.
VI. Applicant Management via BreezyHR
a) Description and scope of data processing Our website contains links to other service providers. To fill open positions within our company we use the online HR software BreezyHR provided by Learning Technologies Group Plc., where users can fill out a job application (and fill in certain personal data). During this process, data is entered into an input mask, transmitted to Breezy and us, and also stored. The following data is collected in line with the registration process: - First Name - Last Name - Email Address - Phone - Cover Letter - Resume - Desired Pay In the process, your use is also recorded via cookies. More information can be found in the data privacy statement of Breezy at https://breezy.hr/policies/privacy Regarding the general handling with and the disabling of cookies, we also always refer to the description in our data privacy statement. In line with the registration process, consent is obtained from the user for processing of such data.
b) Legal basis for the processing of data Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR.
c) Purpose of data processing A registration of the user is required for the execution of a contract with the user, or for the execution of pre-contractual measures. Your registration is a job application. More information can be found in our information requirements: Information requirements for job applications
d) Duration of storage Data is deleted as soon as it is no longer required to fulfill the previously described purpose. This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures as long as such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.
e) Option for objection and removal As user, you have at any time the option to cancel the registration. Your stored personal data can be amended at any time. To amend or delete your data, please contact unsubscribe(at)gaccmidwest.org. If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.
9. Rights of the data subject
You have the following rights according to the EU General Data Protection Regulation:
If your personal data is processed, you have to right to obtain information regarding the storage of your personal data (Section 15 GDPR).
If incorrect personal data is processed, you have the right to correction of such (Section 16 GDPR).
If legal requirements are given, you have the right to request the deletion or limitation of processing, and you have the right to object to such processing (Sections 17, 18 and 21 GDPR).
If you have given your consent to data processing or if a contract exists pertaining to data processing and if such data processing is carried out via automated processes, you have a right to data portability where applicable (Section 20 GDPR). Contact unsubscribe(at)gaccmidwest.org.
Should you exercise your above-mentioned rights, GACC Midwest will review whether statutory requirements are met. For appeals pertaining to data privacy laws, you may contact the respective supervisory authority.