I. Name and address of the person responsible
The person responsible according to the Basic Data Protection Regulation and other national data protection laws of the Member States as well as other provisions of data protection law is the:

German-Baltic Chamber of Commerce in Estonia, Latvia, Lithuania
Breite Str. 29
D-10178 Berlin
Germany
Phone: 00371 6732 0718
Email: info@ahk-balt.org
Website: www.ahk-balt.org

II. General information on data processing

1. Scope of processing of personal data
We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Basic Regulation (DSGVO) serves as the legal basis for the processing of personal data. Art. 6 para. 1 lit. b DSGVO serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.

3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU ordinances, laws or other regulations to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

III. Provision of the website and creation of log files

1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The user’s Internet Service Provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites accessed by the user’s system through our website

2. Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

3. Purposes of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files in order to ensure the functionality of the website. Moreover, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

4. Storage duration
The data are deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the session in question has ended.
If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Possibility of opposition and removal
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

IV. Use of Cookies

a. Description and scope of data processing
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. In this process no personal data is collected.

The following data is stored and transmitted in the cookies:

(1) fonts = Standard Cookie Variable which is used by us to reload the fonts into the browser when updating.
(2) fullcss = Standard Cookie Variable which is used by us to reload the CSS file in the browser during an update.

Maximum lifetime of cookies: 730 days

We also use cookies on our website, which enable us to analyse the surfing behaviour of our users.

In this way, the following data can be transmitted:

_ga = Unique identifier of Google Analytics to identify a user (composed of client_ID + time stamp) | Standard expiration time 2 years
_gat = Parameter which causes Google Analytics to reduce the query rate
_gid = Unique identifier from Google Analytics for identifying a user (composed of client_ID + time stamp) | Standard expiration time 24 hours.

The user data collected in this way is pseudonymised by technical precautions.

Therefore, it is no longer possible to assign the data to the calling user. The data are not stored together with other personal data of the users.
When calling up our website, users are informed by an information banner about the use of cookies for analysis purposes and it is referred to this data protection declaration. In this context, there is also an indication as to how the storage of cookies in the browser settings can be prevented.
If you do not want tracking, you can deactivate it in the Google Analytics section of this privacy statement.

b) Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Abs. 1 lit. f DSGVO.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 Abs. 1 lit. a DSGVO if the user has given his consent.

c) Purposes of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognised also after a page change.

We require cookies for the following applications:

(1) fonts = Standard Cookie Variable which is used by us to reload the fonts into the browser when updating.
(2) fullcss = Standard Cookie Variable which is used by us to reload the CSS file in the browser during an update.

Maximum lifetime of cookies: 730 days

The user data collected by technically necessary cookies are not used to create user profiles.

The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies tell us how the website is used and enable us to continually optimise our services.

In this way, the following data can be transmitted:

_ga = Unique identifier of Google Analytics to identify a user (composed of client_ID + time stamp) | Standard expiration time 2 years
_gat = Parameter which causes Google Analytics to reduce the query rate
_gid = Unique identifier from Google Analytics for identifying a user (composed of client_ID + time stamp) | Standard expiration time 24 hours.

e) Storage duration, possibility of opposition and removal
Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

V. Disclosure of personal data to third parties

1. Website operators
Within the framework of order processing, personal data is passed on to the agency commissioned to operate the website and the technical service provider. The order agreement is regulated by a corresponding agreement with the service provider.

2. Social Media Sharing Button
General note: Social media plugins normally lead to every visitor of a page being immediately recorded by these services with his IP address and his further browser behaviour being logged. This can happen even if you do not press the button. To prevent this, we use the Shariff method. Our social media buttons only establish direct contact between the social network and you when you click on the respective share button. If you are already registered with a social network, in the cases of Facebook and Google+ this happens without another window. On Twitter, a pop-up window appears in which you can edit the text of the tweet. You can use it to publish our content in social networks without them being able to create complete surf profiles.

Facebook

Our site uses plugins from the social network of Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. However, through the Shariff method, Facebook only learns about your IP address and your visit to our website after you have clicked the button. If you activate the plugin while logged into Facebook at the same time, Facebook can assign your use to your user account.
We have no knowledge of and no influence on the possible collection and use of your data by Facebook after that. You can find more detailed information in Facebook’s privacy statement at de-de.facebook.com/policy.php. In addition, we refer you to our general presentation in this privacy statement for the general handling and deactivation of cookies.

3. YouTube videos
We have occasionally included YouTube videos on our website, which are stored on the servers of the provider YouTube and can be played from our website via an embedding. The embedding of the videos takes place with the option for extended data protection settings activated. When you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer and may transfer data to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, as the YouTube operator.
When playing videos stored on YouTube, at least the following data is transmitted to Google Inc. as YouTube operator and operator of the DoubleClick network: IP address and cookie ID, the specific address of the page called up by us, system date and time of call, identification of your browser. This information is transmitted regardless of whether you have a Google Account that you are logged in to or whether you do not have a User Account. If you are so signed in, Google may associate this information directly with your account. If you do not want to be associated with your profile, you must log out before activating the video play button.
YouTube or Google Inc. store this data as usage profiles and use it, if necessary, for the purposes of advertising, market research and/or the demand-oriented design of their websites. Such evaluation is carried out in particular (also for non-registered users) to provide demand-oriented advertising and to inform other users about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google as the operator of YouTube to exercise this right.

4. Google Maps
This website uses Google Maps map software from Google Inc. By using this website, you consent to the collection, processing and use by Google and its agents of any data that may be collected automatically. Terms of use of Google Maps. Further information on the purpose and scope of data collection and processing by Google can be found on this information page.

VI. Rights of the data subject
According to the basic EU data protection regulation, you have the following rights: If your personal data are processed, you have the right to obtain information about the data stored about your person (Art. 15 GDPR).

Should incorrect personal data be processed, you have the right for correction (Art. 16 GDPR).

If the legal requirements are met, you can request the deletion or restriction of the processing and lodge an objection against the processing (Art. 17, 18 and 21 GDPR).

If you have consented to data processing or a data processing agreement exists, and data processing is carried out using automated procedures, you may be entitled to data transferability (Art. 20 GDPR).

If you make use of the rights mentioned above, the AHK Baltic States will check whether the legal requirements for this have been fulfilled.
In the case of complaints regarding data protection, you can contact the responsible supervisory authority:

Germany:
The Federal Commissioner for Data Protection and Freedom of Information
Husarenstraße 30, D-53117 Bonn
Phone: 0228 997799 – 0
Fax: 0228 997799 – 550
Email: poststelle(at)bfdi.bund.de
Internet: http://www.datenschutz.bund.de

Estland:
Andmekaitse Inspektsioon Väike-Ameerika
19 10129 Tallinn
Phone: +372 5620 2341
Email: info(at)aki.ee
Internet: http://www.aki.ee/en

Facebook