Privacy Policy

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations, in particular the European Data Protection Regulation (GDPR).

This privacy policy informs you about the type, scope and purpose of the processing of personal data within our website (hereinafter "Website"). The privacy polcy applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data within the meaning of the GDPR are all data that can be personally related to you, e.g. name, address, email addresses, user behaviour. Which data is processed in detail and how it is used depends largely on the services used on our Website.

1. Who is responsible for data processing and whom can I contact?

The controller in the sense of the General Data Protection Regulation (“GDPR”) and other national data protection laws of the Member States as well as the Personal Data Protection Act 2010 of Malaysia (“PDPA”) is:

Malaysian-German Chamber of Commerce and Industry (“MGCC”)
Lot 20-01 Menara Hap Seng 2 No. 1 Jalan P. Ramlee
50250 Kuala Lumpur Malaysia
Phone: +603-9235 1800
Email: info@malaysia.ahk.de
Website: www.malaysia.ahk.de

The data protection officer of MGCC is: 

Yanick Röhricht
mip Consult GmbH
Wilhelm-Kabus-Str. 9
10829 Berlin Deutschland
Tel.: +49 30-20 88 999 0
E-Mail: pdpa@malaysia.ahk.de
Website: www.sofortdatenschutz.de

The representative of the controller according to Section 27 GDPR is:

Deutscher Industrie- und Handelskammertag
Breite Str. 29
10178 Berlin Deutschland
Phone: +49 30-20 308-0
Email: ahk-vertreter@dihk.de
Website: https://www.dihk.de/en

2. What sources and data do we use?

We process personal data that we receive from you during the course of using our website and, if applicable, our business relationship.

In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, first and last name, , e-mail, telephone number and, if applicable, the data that you send us as a message (hereinafter referred to as "Contact Data").

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in compliance with the regulations of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act ”Bundesdatenschutzgesetz” (BDSG) as well as the Malaysian Personal Data Protection Act 2010 (PDPA) especially on the basis of the following statutory grounds:

4. Who gets my data?

Within our company, access to your data is granted to those departments that require it in order to fulfill our contractual and legal obligations.

Service providers employed by us, e.g. in the categories of IT services and software suppliers, may also be given access to our data in order to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, ensure an appropriate level of data protection and are carefully monitored by us.

Data is only passed on to third parties within the framework of legal requirements. We only disclose users' data to third parties if this is necessary, for example, on the basis of Section 6 Subsection 1 Sentence 1 lit. b) GDPR or Section 6 Subsection 2 lit. a PDPA for contractual purposes or on the basis of legitimate interests pursuant to Section 6 Subsection 1 Sentence 1 lit. f) GDPR or Section 6 Subsection 2 lit. f PDPA in the economic and effective operation of our business operations, or if you have consented to the transfer of data. In the case of purely informational use of the website, we generally do not pass on any data to third parties.

5. How long will my data be stored?

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European, national or Malaysian legislator in Union regulations, laws or other provisions to which the controller is subject.

For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.

Insofar as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.

Applicant data is deleted after 6 months in the event of a rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.

According to German and Malaysian law, a statutory retention period of ten years applies to collected personal data. This requirement results from the accounting and record-keeping obligations under commercial and tax law. Data storage in connection with federally funded projects between DIHK and MGCC is exceptionally required for a period of seven years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

If you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to Section 31 Subsection 2 No. 1 OWiG, Section 41 Subsection 1 BDSG, Section 83 (5) lit b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).

6. Is data transferred to a third country or to an international organization?

The data provided will be processed within the European Union as well as Malaysia and the USA. For countries without an adequacy decision by the Commission under Section 45 GDPR, as is the case with the USA, we generally agree on EU standard data protection clauses with the recipients of your data or obtain your consent for the data transfer.

Note: The European Commission has not issued an adequacy decision under Section 45 Subsection 3 GDPR for Malaysia and the USA. The protection of personal data in these countries does not meet the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government authorities. Thus, there is a risk that these governmental bodies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

7. Rights of the data subject

Every data subject has

• the right to information according to Section 15 GDPR and Section 7 PDPA (this means you have the right to request information about your personal data stored by us at any time),
• the right to rectification according to Section 16 GDPR and Section 12 PDPA (this means in the event that your personal data are inaccurate or incomplete, you may request that they be corrected),
• the right to deletion and the right to restriction of processing according to Section 17 GDPR resp. Section 18 GDPR and Section 10 PDPA (this means you may have the right to request the deletion or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal storage obligations do not require the continued storage),
• the right to data portability according to Section 20 GDPR (this means you may have the right to receive the personal data of you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller without hindrance).

Furthermore, you can generally revoke consents with effect for the future.

In addition, you have the right to contact the supervisory authority pursuant to Section 77 GDPR if you find that we are not processing your data properly. The Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information (https://www.datenschutz-berlin.de/) is responsible for us.

(Explanation: If specific legal provisions exclude the cited rights of the data subject, wording is to be adjusted accordingly. Example: no right to correction pursuant to Section 16 GDPR for the processing for archiving purposes.).

In the event of data protection complaints that concern Malaysian data protection law, you can contact the competent supervisory authority: Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi). For data protection complaints that do not concern Malaysian data protection law, please contact the supervisory authority responsible for you.

In addition, we would like to draw your attention to your right to object according to Section 21 GDPR and Section 10 PDPA:

8. To what extent is there automated decision-making in individual cases, including profiling?

In the context of accessing our website or in the context of contacting us via form or email, we generally do not use fully automated automatic decision-making pursuant to Section 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately, if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Is there an obligation for me to provide data?

On our website, you must provide the personal data that is required for the use of the website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise, we will not be able to process the request.

10. Cookies

a) Description and scope of data processing

We use cookies to make our website more user-friendly. Cookies are small text files, that generally consist of letters and numbers and are stored on the user's computer when visiting certain websites.

Some elements of our web page require that the accessing browser can also be identified when the user moves from one page to the next. Essential cookies (“essential cookies”) enable the core functionality of our website. Without these essential cookies, our website cannot be displayed correctly, respectively certain parts of the website do not work correctly. Essential cookies can only be disabled in your internet browser settings. No personal data is collected in the process.

In addition, we use cookies on our website that enable an analysis of the surfing behavior of users (“non-essential cookies”).

When visiting our website, the users are informed via web banner about the use of non-essential cookies and referred to this data privacy statement. In this context, it is also pointed out how the storing of non-essential cookies can be disabled in the browser settings. This service is provided via the Consent Manager of the Piwik PRO Analytics Suite.

Non-essential cookies are used to improve the quality of our website and its content. Through the non-essential cookies, we learn how the website is used and can thus constantly optimize our offer.

We use cookies of the Piwik PRO Analytics:

_pk_id = Used to recognize visitors and hold their various properties. Expires after: 13 months if user consents; expires after 30 minutes if user does not consent
_ppms_privacy = Stores visitor’s consent to data collection and usage. Expires after: 365 days
_pk_ses = Shows an active session of the visitor. Expires after: 30 minutes

For further information about the cookies we use, please see 'Privacy settings' at the top of this page.

Alternatively, you can prohibit the storage of cookies in each case individually via the settings of your browser (with the “help”-setting of your browser, you will learn about how to change your cookie-settings).

You can find help on cookie management in the most popular browsers at the following addresses:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Google Chrome: https://support.google.com/accounts/answer/32050
Opera: www.opera.com/de/help
Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE

b) Legal basis for the processing of data

Legal basis for the processing of personal data while using essential cookies are Section 6 Subsection 1 Sentence 1 lit. f GDPR and Section 6 Subsection 2 lit. f PDPA.

Legal bases for the processing of personal data while using cookies for analytical purposes (“non-essential cookies”) are Section 6 Subsection 1 Sentence 1 lit. a GDPR and Section 6 Subsection 2 lit. a PDPA if the respective consent of the user is given.

Legal bases for the processing of personal data while using cookies for analytical purposes (“non-essential cookies”) are Section 6 Subsection 1 Sentence 1 lit. a GDPR and Section 6 Subsection 2 lit. a PDPA if the respective consent of the user is given.

c) Purpose of data processing

The purpose of using essential cookies is the simplification of use of websites for the users. Some functions or our web page cannot be provided without the use of essential cookies. For such it is necessary that the browser is also recognized when the user moves from one page to the next.

We need essential cookies for the following applications:

1. fonts = standard cookie variable used by us to reload the fonts in the browser after a page refresh.
2. fullcss = standard cookie variable used by us to reload the CSS file in the browser after a page refresh.

Maximum cookie lifetime: 730 days

User data collected via essential cookies is not used to create user profiles.

The use of non-essential cookies also serves to improve the quality of our website and its content. From non-essential cookies we gain knowledge of how the website is used; we are then able to constantly optimize our services.

We use cookies of the Piwik PRO Analytics:

_pk_id = Used to recognize visitors and hold their various properties. Expires after: 13 months if user consents; expires after 30 minutes if user does not consent
_ppms_privacy = Stores visitor’s consent to data collection and usage. Expires after: 365 days
_pk_ses = Shows an active session of the visitor. Expires after: 30 minutes

11. Processing of personal data during the use of external online services

11.1 Google Maps

On this website, we use the services of Google Maps der Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States. Legal basis for the use of Google Maps is your consent according to Section 6 Subsection 1 Sentence 1 lit. a) and Section 49 Subsection 1 Sentence 1 lit. a) GDPR as well as Section 6 Subsection 1 lit. a) PDPA.

This way we can show you interactive maps directly on our website and enable a comfortable use of the map function.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website as well as the date and time of the visit to the website in question and IP address. This takes place regardless of whether you are logged in to Google. If you are logged in, however, your data will be assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating a map.

If you are logged in to Google, Google may store your data as usage profiles and use it for purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. This data processing is then governed by the usage agreement concluded between you and Google under your Google account.

The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transmitted to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Section 49 Subsection 1 Sentence 1 lit. a) GDPR.

For more information about the purpose and scope of data collection and their processing by the plug-in provider, please see the Google privacy information. There you will also find further information on your rights in this regard and setting options for protecting your privacy: policies.google.com/technologies/partner-sites and an opt-out from personalized advertising is possible at https://www.google.com/settings/ads/.

11.2 Use of Piwik Pro

We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.

We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.

We host our solution on Microsoft Azure in Germany, and the data is stored for 25 months.

The purpose of data processing: analytics and conversion tracking based on consent. The Legal basis for the use of Piwik Pro is your consent according to Section 6 Subsection 1 Sentence 1 lit. a) GDPR as well as Section 6 Subsection 1 lit. a) PDPA.

Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.

11.3 Integration of YouTube videos

We have integrated Youtube videos on our website, which are saved on www.YouTube.com of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and can be directly played on our website. Legal basis for the use of Youtube is your consent according to Section 6 Subsection 1 Sentence 1 lit. a) and Section 49 Subsection 1 Sentence 1 lit. a) GDPR.

The videos are embedded in such a way that data about you as a user is only transmitted to YouTube when you play the videos. We have no influence on the data transmission to Google that then takes place.

By visiting the website, YouTube receives the information that you have called up the corresponding subpage of our website and data on location (GPS data), IP address and devices used, including information on objects in the vicinity of your device, such as wifi access points, radio masts and Bluetooth-enabled devices, as well as sensor data from your device (see YouTube privacy information of the provider). This is done regardless of whether you are logged in to Google or YouTube. If you are logged in, however, your data may be assigned to your account. If you do not want the assignment with your profile on YouTube, you must log out before activating a video. YouTube stores your data in case you are logged in as user profiles and uses them for purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise it.

The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transferred to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Section 49 Subsection 1 Sentence 1 lit. a) GDPR.

For more information on the purpose and scope of data collection and its processing by YouTube, please see the privacy information. There you will also find further information on your rights and setting options to protect your privacy:

You can find the YouTube privacy information at policies.google.com/privacy and opt-out from personalized advertising is possible at https://adssettings.google.com/authenticated.

11.4 Newsletter

With the following description, we inform you about our newsletter as well as the registration, dispatch and evaluation procedure and inform you about your rights of objection. If you subscribe to our newsletter, you agree to receive the newsletter and the described procedures.

Newsletter content: We use free newsletter, Emails and other electronic notifications with advertising information (hereinafter “Newsletter”) only on the ground of the consent of the user or statutory permission. If we specifically describe individual newsletters as part of the registration process, this description is crucial for the consent of a Newsletter subscriber. If there is no separate description, you will receive information about our products, offers and promotions as well as information about our company in our Newsletters.

Double-Opt-In: The registration to our Newsletter is carried out in the so called double-opt-in-procedure. This means, that after registration to our Newsletter, we send you an E-mail, in which we ask you to confirm your registration. This confirmation serves to make sure that only users register to our Newsletter, that also have access to the respective Email address. We will save the registration to our Newsletter to prove the registration according to statutory provisions. This includes the time of registration and confirmation as well as the IP-address. Also, any changes of your data made at the Newsletter-service-provider will be saved.

The Newsletter will be sent through „MailChimp“ by the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can find their Privacy-Policy at: mailchimp.com/legal/privacy/

To sign up to the newsletter it is sufficient to provide your email address, first and last name. Optionally, we ask you to provide information about your organization and position in the company.

The Newsletters contain a so called Web-Beacon. This is a pixel-sized file that is retrieved from the server of the newsletter service provider when the Newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and your reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content.

The dispatch of the newsletter and the measurement of success take place on the basis of Section 6 Subsection 1 lit. a, Section 7 GDPR in conjunction with Section 7 Subsection 2 No. 3 UWG (Act Against Unfair Competition) and Section 6 Subsection 1 lit. a PDPA, respectively on the basis of statutory permission according to Section 7 Subsection 3 UWG.

The recording of the registration process is based on our legitimate interests according to Section 6 Subsection 1 Sentence 1 lit. f) GDPR and serves as proof of consent to receive the newsletter.

A newsletter subscription may be cancelled by the respective user at any time. A special link is provided in every newsletter for this purpose. Alternatively, you may also send an email to pdpa@malaysia.ahk.de. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted within four weeks.

11.5 Google Fonts (Online)

Google-Fonts, i.e. external fonts of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, https://www.google.com/fonts. The integration of Google Fonts is carried out locally from our server. A transfer of the IP-Address to Google does not take place.

You can find Google's data protection information at policies.google.com/privacy and an opt-out is possible at https://adssettings.google.com/authenticated.

11.6 Font Awesome

On our website we use “Font Awesome”, external fonts from Fonctions, Inc, Bentonville, AR, United States, fontawesome.com.

The integration of Font Awesome is carried out locally from our server. A transfer oft he IP-Address to Google does not take place.

You can find more information about Font Awesome at fontawesome.com/help and in the privacy policy of Fonticons, Inc.: https://fontawesome.com/privacy.

12. Our social media presence

You will find us with presences within social networks and platforms so that we can also communicate with you there and inform you about our services on them.

We would like to point out that your data may be processed outside the European Union and that the data is usually processed for market research and advertising purposes. Usage profiles can be created from the usage behaviour and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the users' computers, in which the users' usage behaviour and interests are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.

We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at that time with your username and password, the information that you have visited our company profile on the respective social network from our website will be transmitted and the respective provider can store this information in your user account.

In principle, we have no significant influence on the data processing of the social networks. However, we receive statistics from the providers about the use of and visits to our company profiles on the social networks (e.g., information about the number of views, interactions such as likes and comments, and aggregate demographic and other information or statistics). For more information on the data used by the providers, please refer to the privacy notices of the providers linked below.

Insofar as we receive your personal data in the context of our social media presences (e.g. in the context of a communication), you are entitled to the rights mentioned in this data protection information above in this regard. You can address your inquiries with regard to data processing within the scope of our company profiles to us via the contact data mentioned above.

If, in addition, you wish to assert rights against the provider of the social network, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in each case in the data protection information linked below. We will also be happy to support you in asserting your rights, insofar as this is possible for us.

The processing of personal data of the users is generally based on your consent according to Section 6 Subsection 1 Sentence 1 lit. a) GDPR and Section 6 Subsection 1 lit. a) PDPA. Legal basis is Section 6 Subsection 1 Sentence 1 lit. b) GDPR and Section 6 Subsection 2 lit. a PDPA, if we receive and process your data in the context of a contract-relate inquiry via our social media presence. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Section 6 Subsection 1 Sentence 1 lit. f) GDPR and Section 6 Subsection 2 lit. f) PDPA based on our legitimate interest in our company communication in the respective social networks.

For information on the respective processing and the respective objection options, we refer to the data protection information of the providers linked below:

• Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), we operate our Facebook-Page on the basis of an agreement on joint processing of personal data with Facebook – Privacy information: www.facebook.com/about/privacy/, Opt-Out: www.facebook.com/settings and www.youronlinechoices.com.
• Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), online photo and video sharing service, privacy information https://help.instagram.com/519522125107875/?helpref=hc_fnav
• LinkedIn LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts - privacy information https://www.linkedin.com/legal/privacy-policy , opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland), Mikroblogging-Service – privacy information: twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
• Google YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), video portal – privacy information: policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticate. 
• Flickr (Flickr Inc., 67 E Evelyn Ave #200, Mountain View, CA 94041, USA), Privacy-Policy: https://www.flickr.com/help/privacy

13. Social-Media buttons used by us

To share content from our website on social networks, we have integrated social media buttons into our website.

Since the buttons offered by the social networks already transmit personal data such as the IP address or set cookies when loading the website on which they are integrated, they pass on information about your surfing behavior. To do this, you do not have to be logged in or a member of the respective network. Under data protection law, this is only permissible with the consent of the respective user. We have therefore integrated social media buttons in such a way that they are only activated when they are explicitly activated by clicking on them. As soon as you click on the social buttons yourself, you agree that your data will be transferred to the respective services, Section 6 Subsection 1 lit. a GDPR.

13.1 Facebook

We use a plugin from Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website. You can recognize this by the Facebook logo or the "Like" button ("Like"). An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/.

For users from the Europe region, the social plugins "Like" and "Comment" are only supported if users are logged in to their Facebook account on the one hand and have given their consent to cookies for apps and websites on the other. Data is thus processed exclusively on the basis of your consent.

The collected data is also transferred by Facebook to the USA and other third countries. Please note that the protection of personal data in the USA and third countries does not correspond to the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government authorities. Thus, there is a risk that these government agencies may be able to access the personal data without the data transmitter or the recipient being able to effectively prevent this. If you do not want Facebook to be able to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.

The processing of the data is the joint responsibility of Facebook and us in accordance with Section 26 GDPR. The primary responsibility for the processing of personal data in the context of the plugins lies with Facebook and all obligations under the GDPR with regard to the processing of personal data are fulfilled by Facebook (in particular, the information obligations under Section 12 et seq. GDPR, ensuring data subject rights pursuant to Article 15 et seq. GDPR, notification of data breaches pursuant to Sections 33, 34 GDPR).

Facebook's data protection information can be found at www.facebook.com/about/privacy/.

Adjustments to the processing of personal data and opt-outs can be made at the following link: www.facebook.com/settings and http://www.youronlinechoices.com.

13.2 Twitter

Plugins of the short message network Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND (Twitter) are integrated into our website. You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found here (https://about.twitter.com/resources/buttons). As additional content, individual tweets in particular can be integrated into the website.

When you call up a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server and a cookie is set. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter "tweet button" while logged into your Twitter account, you can link the content of our pages on your Twitter profile. This allows Twitter to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.

The collected data is also transmitted to the USA. Please note that the protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government authorities. Thus, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account.

You can find more information on this in Twitter's data protection information at https://twitter.com/privacy.

14. Forwarding of personal data to third party

Third-party content

If you have given your consent to the display of third-party content in the consent management, we will integrate content from other websites and providers on our website, each of which is responsible for the data processing thereby taking place in accordance with Section 4 Subsection 7 GDPR and Section 6 Subsection 1 lit. a) PDPA. Your end device establishes a direct connection to the server of the respective provider, whereby the provider at least collects and processes your IP address to establish the connection and play out the content. Insofar as this is a process requiring permission under data protection law, the legal basis is your consent to the display of the content. We have no knowledge of whether and, if so, to what extent further processing takes place. The providers may, for example, monitor your behaviour and also create usage profiles, possibly also outside the EEA. You can decide at any time not to display third-party content in the future ("revocation") by setting the corresponding setting in the consent management.

The possibly integrated content providers are: YouTube, Flickr, MailChimp, LinkedIn, Facebook.

15. MGCC-App

In addition to our online offer, we provide you with a mobile app that you can download to your mobile device. In the following, we inform you about the processing of personal data when using our mobile app.

When you download the mobile app, the required information is transferred to the App Store or Google Play Store, i.e. in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device identification number. In addition, the respective store independently collects various data and provides you with analysis results. We have no influence on this data processing and are not responsible for it. We only process the data insofar as it is necessary for downloading the mobile app to your mobile device. You can also download this mobile app free of charge directly to your mobile device via our website.

When you use the mobile app, we process the personal data described below to enable you to use the functions conveniently. If you wish to use our mobile app, we process the following data, which are technically necessary for us to offer you the functions of our mobile app and to ensure stability and security, so that they must be processed by us. The legal basis is Section 6 para. 1 p. 1 lit. f DSGVO or Section 6 para. 2 lit. f PDPA:

• IP address
• Date and time of the request
• Access status/HTTP status code
• Operation system

Furthermore, in order to provide the services of the app, we require [your device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile end device, e-mail address].

Mandatory functions that are technically necessary for the mobile app to function: The technical structure Mandatory functions that are technically necessary for the mobile app to function: The technical structure of the mobile app requires us to use techniques, in particular cookies. Without these techniques, our app cannot be used (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted after the end of the usage process, at the latest after 30 days. You cannot deselect these cookies if you wish to use our app. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f DS-GVO or Art. 6 para. 2 lit. f PDPA.

The mobile app will include functions to collect images but the collection of images shall not be compulsory to continue using the services of the mobile app. The images shall be collected through the mobile app upon upload and shall be used as your profile picture. The profile picture uploaded shall be displayed next to your name upon registration for any MGCC events on our mobile app. The images will not be shared with any other user and cannot be downloaded by any other user of the mobile app. The image shall be retained on the mobile app until you decide to remove the image itself. Any image upload is fully controlled by you and will not be used on any other platform.