Data Privacy Statement 

Thank you for visiting our website.

 

GACC Midwest (German American Chamber of Commerce of the Midwest, Inc.) takes the protection of your data very seriously. We want you to know in which cases we collect data and how we use them.

 

GACC Midwest is committed to your digital security and privacy and has ensured that we and third parties will follow the data protection regulations (GDPR). Below you may find information on how data collected and used while you are visiting our website.

 

To improve and develop our website and technologies as well as our services to you it is possible that this privacy policy may change. We recommend that you read this data privacy statement carefully from time to time.

1. Name and address of the controller

 

The controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions pertaining to data privacy and protection laws is:

 

German American Chamber of Commerce of the Midwest, Inc. – GACC Midwest

321 North Clark Street, Suite 1425

Chicago, Illinois 60654

USA

Phone: +1 (312) 644-2662

Email: info@gaccmidwest.org

Website: www.gaccmidwest.org

2. Representative in the EU

 

Deutscher Industrie- und Handelskammertag e. V.

Breite Straße 29

10178 Berlin

Germany

Phone: +49 (0)30 20308-0

Email: info@dihk.de

Website: www.dihk.de

3. General information regarding data processing

 

I. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent it is required to provide a functioning website as well as for our content and services. The processing of personal data of our users takes place only to the extent permitted by law - especially if the collection and use of data is necessary for the fulfillment of a contract with the owner of the data or if he or she has consented to the processing.

 

II. Legal basis for the processing of personal data

To the extent that we obtain consent from the data subject for the processing of personal data, Section 6 Subsection 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data. For the processing of personal data required to execute a contract whose contractual party is the data subject, Section 6 Subsection 1 lit. b GDPR serves as legal basis. This also applies to processing that is required for the execution of pre-contractually measures. If such processing is required to maintain a legitimate interest of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest, Section 6 Subsection 1 lit. f GDPR serves as legal basis for such processing.

 

III. Data deletion and duration of storage

Personal data of the data subject will be deleted or blocked as soon as the purpose for storing such data no longer applies. Storage beyond such a period can be affected if such storage is prescribed by the European or national legislative body in provisions pertaining to European Union law or other provisions the data subject is subject to. Blocking or deletion of data is also affected if a storage period expires that is prescribed by the cited standards, unless there is a requirement for further storage of such data to enter into a contract or to execute a contract.

4. Provisioning of website and creation of logfiles

 

I. Description and scope of data processing

Any time our web page is visited, our system collects data and information in an automated fashion from the computer system of the accessing computer. The following data is collected in the process:

(1) Information regarding the browser type and the version used

(2) The operating system of the user

(3) The internet service provider of the user

(4) The IP address of the user

(5) Date and time of access

(6) Websites that are accessed by the system of the user via our website

 

II. Legal basis for the processing of data

Legal basis for the temporary storage of data and the logfiles is Section 6 Subsection 1 lit. f GDPR.

 

III. Purpose of data processing

The temporary storage of the IP address by the system is necessary to facilitate delivery of the website to the computer of the user. To do so, the IP address of the user must remain stored for the duration of the session.

Storing of logfiles is affected to ensure the functionality of the website. In addition, such data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of such data for marketing purposes will not be carried out in this context.

 

IV. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. In the event of collection of data for the provisioning of the website this is the case whenever the respective session ends.

 

V. Option for objection and removal

Collection of data for the provisioning of the website and storing of data in logfiles is required for the operation of the web page. Consequently, the user has no possibility to object.


 

5. Use of cookies

 

I. Description and scope of data processing

Our website is hosted on the Wix.com platform, which uses cookies to make the website more user-friendly. Some elements of our web page require that the accessing browser can also be identified when the user moves from one page to the next. No personal data is collected in the process.

 

To do so, the following files are stored and transmitted in the cookies:

 

(1) Session (Transient) cookies: These cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.

 

(2) Persistent (Permanent or Stored) cookies: These cookies are stored on your hard drive until they expire (i.e. they are based on a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific site.

In addition, we use on our website cookies that enable an analysis of the surfing behavior of users.

 

  • svSession -Life span: Persistent - Purpose: Identifies unique visitors and tracks a visitor’s sessions on a site

  • hs - Life span: Session - Purpose: Security

  • XSRF-TOKEN - Life span: Session- Purpose: Security

  • smSession: Life span: Persistent (Two weeks) - Purpose: Identifies logged in site members

  • TSxxxxxxxx (where x is replaced with a random series of numbers and letters) - Life span: Session- Purpose: Security

  • TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters) - Life span: Session- Purpose: Security

  • RequestID - Life span: Session - Purpose: Track visitor behavior and measure site performance

 

Data of users collected in such a way are pseudonymized by means of technical measures. Therefore, an allocation of data to the accessing user is no longer possible. Such data is not stored together with other personal data of the users.

 

When visiting our website, the users are informed via web banner about the use of cookies for analytical purposes and referred to this data privacy statement. In this context, it is also pointed out how the storing of cookies can be disabled in the browser settings.

 

II. Legal basis for the processing of data

Legal basis for the processing of personal data while using technically required cookies is Section 6 Subsection 1 lit. f GDPR.

Legal basis for the processing of personal data while using cookies for analytical purposes is Section 6 Subsection 1 lit. a GDPR if the respective consent of the user is on hand.

 

III.  Purpose of data processing

The purpose of using technically required cookies is the simplification of use of websites for the users. Some functions or our web page cannot be provided without the use of cookies. For such it is necessary that the browser is also recognized when the user moves from one page to the next.

 

IV. Duration of storage, option for objection and removal

Cookies are stored on the computer of the user and transmitted from such to our website. This is why you as the user have full control of the use of cookies. By changing your browser’s settings, you may disable or limit the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done in an automated fashion. If cookies are disabled for our website, it is possible that not all functions of the website may be used to the full extent.

6. Contact form and Email contact

 

I. Description and scope of data processing

On our web page, there is a contact form that can be used to contact us electronically. If a user utilizes this option, data entered into the input mask is transmitted to us and stored.

At the time the message is sent, also the following data is stored:

  • Date and time of registration

  • Used browser

  • Operating system

 

For the processing of data in line with the sending of the message, we obtain your consent and refer to this data privacy statement.

 

You may contact GACC Midwest via the provided email addresses. In such a case, the personal data of the user transmitted via email is stored.

 

In this context, such data is not forwarded to third parties. Such data is only used for the processing of the conversation.

 

II. Legal basis for the processing of data

Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand.

Legal basis for the processing of data transmitted in line with the sending of an email is Section 6 Subsection 1 lit. f GDPR. If the purpose of the contact via email is the entering into a contract, the additional legal basis for processing is Section 6 Subsection 1 lit. b GDPR.

 

III. Purpose of data processing

The processing of personal data from the input mask only helps us to process the contact that was established and the communication that was sent by you. If contact is established via email, our required legitimate interest is also in the processing of such data. Other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

IV. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for personal data from the input mask of the contact form and for data sent via email if the respective conversation with the user is finished. The conversation is finished if it can be deduced from the circumstances that the respective matter is clarified in a concluding fashion.

 

Other personal data collected during the sending process will be deleted after a period of three months at the latest.

 

V. Option for objection and removal

The user has the option to revoke his consent for the processing of personal data. If the user contacts us via email, he may object at any time to the storing of his personal data. In such a case, the conversation cannot be continued.

 

You may send your revocation of consent and objection to storage in writing via email to unsubscribe@gaccmidwest.org.

 

All personal data stored in the process of establishing contact will be deleted in such a case.

7. Forwarding of personal data to third parties

 

I. Website operators

In line with processing, personal data is forwarded to the agency Wix.com commissioned to run the website as well as to the technical service provider. Such is regulated via a corresponding agreement with the service provider.

II. Event Registration via Constant Contact

 

a) Description and scope of data processing

Our website contains links to other service providers. For event registrations we use the online marketing company Constant Contact, where users have to provide certain personal data to register for our events. During this process, data is entered into an input mask, transmitted to Constant Contact and us, and also stored.  

 

The following data is collected in line with the registration process:

 

  • First Name

  • Last Name

  • Email Address

  • Job Title

  • Company name

 

In the process, your use is also recorded via cookies, to evaluate email marketing campaigns.

 

More information can be found in the data privacy statement of Constant Contact at https://www.constantcontact.com/legal/privacy-statement

 

Regarding the general handling with and the disabling of cookies, please always refer to the description in our data privacy statement.

 

As part of the registration process, consent of the user is obtained to process the aforementioned data.

 

b) Legal basis for the processing of data

Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR.

 

c) Purpose of data processing

A registration of the user is required for the execution of a contract, or for the execution of pre-contractual measures. More information can be found in our information requirements:

 

Information requirements for event registration

 

d) Duration of storage

Data is deleted as soon as it is no longer required to fulfill the previously described purpose.

This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures as long as such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.

 

e) Option for objection and removal

As a user, you have the option to cancel the registration and to amend your stored personal data at any time. To amend or delete your data, please contact unsubscribe@gaccmidwest.org.

 

If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

8. Rights of the data subject

 

You have the following rights according to the EU General Data Protection Regulation: If your personal data is processed, you have to right to obtain information regarding the storage of your personal data (Section 15 GDPR).

 

If incorrect personal data is processed, you have the right to correction of such (Section 16 GDPR).

 

If legal requirements are given, you have the right to request the deletion or limitation of processing, and you have the right to object to such processing (Sections 17, 18 and 21 GDPR).

 

If you have given your consent to data processing or if a contract exists pertaining to data processing and if such data processing is carried out via automated processes, you have a right to data portability where applicable (Section 20 GDPR).

 

Should you exercise your above-mentioned rights, GACC Midwest will review whether statutory requirements are met.

 

For appeals pertaining to data privacy laws, you may contact the respective supervisory authority.

© 2019 German American Chamber of Commerce of the Midwest, Inc.