Privacy Policy

Find detailed information about our data privacy policy below.

I. Name and address of the controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions pertaining to data privacy and protection laws is:

Delegation of German Industry and Commerce in Sri Lanka (AHK Sri Lanka)

127 W A D Ramanayake Mawatha, 15th floor,

Colombo 2, Sri Lanka.

Telephone: +94 11 2314364

E-Mail: info@srilanka.ahk.de

Website: www.srilanka.ahk.de

II. Name and address of the data protection officer

The data protection officer of the controller is:

Harsha Dinesh

Delegation of German Industry and Commerce in Sri Lanka (AHK Sri Lanka)

127 W A D Ramanayake Mawatha, 15th floor,

Colombo 2, Sri Lanka.

Telephone: +94 11 2314364

E-Mail: accountant@srilanka.ahk.de

III. General information regarding data processing

1. Scope of processing of personal data

In principle, we collect and use personal data of our users only to the extent it is required to provide a functioning website as well as for our content and services. The processing of personal data of our users is carried out regularly only after consent is given by our users. An exception applies in cases in which a previous obtaining of a consent is not possible for actual reasons and where the processing of data is permitted on the basis of statutory provisions.

2. Legal basis for the processing of personal data

To the extent that we obtain consent from the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as legal basis for the processing of personal data. For the processing of personal data required to execute a contract whose contractual party is the data subject, Art. 6 para. 1 lit. b GDPR serves as legal basis. This also applies to processing that is required for the execution of pre-contractually measures. If such processing is required to maintain a legitimate interest of our company or a third party, and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as legal basis for such processing.

3. Data deletion and duration of storage

Personal data of the data subject will be deleted or blocked as soon as the purpose for storing such data no longer applies. Storage beyond such a period can be affected if such storage is prescribed by the European or national legislative body in provisions pertaining to European Union law or other provisions the data subject is subject to. Blocking or deletion of data is also affected if a storage period expires that is prescribed by the cited standards, unless there is a requirement for further storage of such data to enter into a contract or to execute a contract.

IV. Provisioning of website and creation of logfiles

1. Description and scope of data processing

Any time our web page is visited, our system collects data and information in an automated fashion from the computer system of the accessing computer. The following data is collected in the process:

IP address
date & time of access
time difference to Greenwich Mean Time (GMT)
content of access (accessed pages)
Access status/HTTP status code
amount of data transferred in each case
website from which the request originates
browser
operating system and its interface
language and version of the browser software
Internet service provider (ISP).

2. Legal basis for the processing of data

Legal basis for the temporary storage of data and the logfiles is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to ensure the correct delivery, stability and security of our website.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to facilitate delivery of the website to the computer of the user. To do so, the IP address of the user must remain stored for the duration of the session.

Storing of logfiles is effected to ensure the functionality of the website. In addition, such data helps us to optimize the website and to ensure the security of our information technology systems. An analysis of such data for marketing purposes will not be carried out in this context.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. In the event of collection of data for the provisioning of the website this is the case whenever the respective session ends.

In the event of storing of data in logfiles this is after seven days the case at the latest. Storage to exceed such a period is not possible. In such a case, the IP addresses of the users are deleted or redacted so that an allocation of the accessing client is no longer possible.

5. Option for objection and removal

Collection of data for the provisioning of the website and storing of data in logfiles is required for the operation of the web page. Consequently, the user has no possibility to object.

V. Use of cookies

1. Description and scope of data processing

We use cookies on our website. Cookies are small text files that are stored on your end device via your browser and contain information relating to the device used.

We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool.

See an overview of the scope of data collected and possible cookies used in this context by Piwik PRO, under the following link: https://help.piwik.pro/support/privacy/cookies-created-for-piwik-pro-users/. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information.

We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.

a) Essential Cookies

Some functions or our web page cannot be provided without the use of cookies. These cookies are required for the proper functioning of our website (e.g. for displaying the website, selecting the language, and managing your cookie consent settings). For such it is necessary that the browser is also recognized when the user moves from one page to the next.

b) Optional Cookies (Statistics)

In addition, we use cookies for statistical purposes only with your prior consent. This includes in particular: Statistical cookies for measuring reach and analysing the use of our website. We use cookies to store information about fonts, CSS files and for statistical analysis in order to improve the content and quality of the website.

No personal data is collected, but it may be personally identifiable.

2. Legal basis for the processing of data

Where personal data is processed in connection with a registration, the legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effectively handling and responding to the registration. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data established via registration form, helps us to process the contact that was established and the communication that was sent by you and to establish further communication. A registration of the user is required for the execution of a contract with the user, or for the execution of pre-contractual measures. Other personal data processed during the sending process only serve to prevent misuse of the registration forms and to ensure the security of our information technology systems.

4. Duration of storage, option for objection and removal

Data for the management of consents are retained for a period of 25 months.

Cookies are stored on the computer of the user and transmitted from such to our website. This is why you as the user have full control of the use of cookies. By changing your browser’s settings, you may disable or limit the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done in an automated fashion. If cookies are disabled for our website, it is possible that not all functions of the website may be used to the full extent.

You may withdraw your consent or change your selection at any time with effect for the future by accessing the cookie settings via the corresponding link in the footer of our website and adjusting your preferences accordingly.

5. Third Parties

Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read the Piwik PRO’s privacy policy. Your personal data will be accessed by those employees of the data controller who are responsible for maintaining the website. In addition, it may occur (e.g. in troubleshooting cases) that PIWIK PRO employees gain access to your personal data. Insofar as PIWIK PRO employees have access to personal data, we have entered into the necessary agreements to protect your personal data, in particular, data processing agreements in accordance with Art. 28 GDPR, in which PIWIK PRO is obliged to maintain confidentiality.

VI. Newsletter

1. Description and scope of data processing

On our web page, there is the option to subscribe to a free newsletter. During the registration for the newsletter, data from the input mask added by iFrame is transmitted to the service provider commissioned by us for E-Mail marketing software providers.

The following data is collected and stored in a CRM database:

Title
First name(s)
Last name(s)
E-Mail address.

Furthermore, the following data is collected upon registration: Date and time of registration.For the processing of data, in line with the registration process, we obtain your consent and refer to this data privacy information. In connection with the processing of data for the sending of newsletters, except for the provider of E-Mail marketing software, data is not forwarded to third parties. Such data is only used for the newsletter to be sent to you.

2. Legal basis for the processing of data

Legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para.1 lit. a GDPR if collected consent of the user.

To the extent this pertains to the sending of a newsletter in line with membership to registered data of our database, legal basis is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

Collection of the E-Mail address of the user is done to deliver the newsletter.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. The E-Mail address of the user is therefore stored for as long as the newsletter subscription is active.

5. Newsletter tracking

To optimize our newsletter offer, we use personalized newsletter tracking. In this context, besides the E-Mail address, we also collect activities connected to the newsletters (click behavior).

6. Option for objection and removal

A newsletter subscription may be cancelled by the respective user at any time. Personal data processed in connection with the newsletter subscription will be deleted without undue delay following the cancellation of the subscription, unless relating contractual or statutory retention obligations require otherwise. A special link is provided in every newsletter for this purpose. Alternatively, you may also send an E-Mail to: communication@srilanka.ahk.de.

VII. Registration

1. Description and scope of data processing

On our web page we give our users the option to register for different purposes while providing personal data. In the process, data is entered into an input mask, transmitted to us and stored. Personal data may be transferred to third parties only where this is necessary for the fulfilment of a specific purpose or task for which the data was collected. Such third parties may include affiliated organisations, in particular our parent organisations DIHK (Deutscher Industrie- und Handelskammer) and DEinternational and other partners, insofar as their involvement is required for the proper performance, coordination, or completion of the registered service.

The following data is collected in line with the registration process:

Name
Company name
Designation
E-Mail address
Telephone number

At the time of registration, also the following data is stored:

Date and time of registration
Used browser
Operating system.

In line with the registration process, consent is obtained from the user for processing of such data.

2. Legal basis for the processing of data

Legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the consent of the user is on hand. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for the processing of data is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

A registration of the user is required for the execution of a contract with the user, or for the execution of pre-contractual measures.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.

5. Option for objection and removal

As user, you have the option to cancel the registration at any time. Your stored personal data can be amended at any time. To amend or delete your data, please contact communication@srilanka.ahk.de.

Your personal data will be deleted without undue delay once it is no longer necessary for the fulfilment of the purposes for which it was collected. If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

VIII. Contact form and email contact

1. Description and scope of data processing

On our web page, there are contact forms that can be used to contact us electronically. If a user utilizes this option, data entered into the input mask is transmitted to us and stored. At the time the message is sent, also the following data is stored:

Date and time of inquiry
Used browser
Operating system

For the processing of data in line with the sending of the message, the personal data the user transmitted is processed and stored:

Program of interest
Name
E-Mail address
Telephone number

An optionally:

Company Name
Designation
Further Requirements given by interested Party

As an alternative, you may contact us via the provided E-Mail address. At the time the E-Mail is received, the personal data of the user transmitted via E-Mail is processed and stored. This includes the E-Mail address the E-Mail was sent from, and any further information transmitted by the interested Party.

Such data is used for the processing of the conversation, for enabling to respond to the message, and when necessary for the fulfilment of the requested task.

Where necessary for the performance of the requested task, the data may be disclosed to third parties. Such third parties may include affiliated organisations, in particular our parent organisations DIHK (Deutscher Industrie- und Handelskammer) and DEinternational and other partners, insofar as their involvement is required for the proper performance, coordination, or completion of the registered service.

2. Legal basis for the processing of data

Where personal data is processed in connection with an inquiry via contact form or E-Mail, the legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effectively handling and responding to inquiries. If the purpose of the contact via E-Mail is entering into a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask only helps us to process the contact that was established and the communication that was sent by you.

The processing of personal data established via E-Mail or contact form, helps us to process the contact that was established and the communication that was sent by you and to establish a contact and further communication. Processing the contact of the user is required for a possible execution of a contract with the user, or for the execution of pre-contractual measures. Other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for personal data sent via E-Mail if the respective conversation with the user is finished. The conversation is finished if it can be deduced from the circumstances that the respective matter is clarified in a concluding fashion. Other personal data collected during the sending process will be deleted after a period of three months at the latest, unless relating contractual or statutory retention obligations require otherwise.

Insofar as the retention of personal data is necessary for the fulfilment of our organisational tasks and obligations, in particular for reporting, documentation, and performance-related requirements, such data may be stored for a longer period. This includes the need to determine whether an organisation has previously contacted us, in order to fulfil reporting and key performance indicator obligations within our institutional framework. In such cases, personal data is retained only for as long as required to fulfil these tasks and duties and is subsequently deleted in accordance with applicable retention requirements.

5. Option for objection and removal

The user has the option to revoke his consent for the processing and storing of personal data at any time. In such a case, the conversation and the inquiry cannot be continued. You may send your revocation of consent and objection to storage in writing via E-Mail to communication@srilanka.ahk.de. All personal data stored in the process of establishing contact will be deleted in such a case, unless relating contractual or statutory retention obligations require otherwise.

IX. Telephone

1. Description and scope of data processing

You may contact us via telephone using the contact details provided.

In the course of the telephone conversation, transmitted personal data communicated by the caller is collected by our employees and recorded in our internal data pools and systems, where necessary.

Such personal data is processed solely for the purpose of handling the communication, enabling a response to the inquiry, and facilitating the fulfilment of the requested task. Where necessary for the performance of the requested task, the data may be disclosed to third parties. Such third parties may include affiliated organisations, in particular our parent organisations DIHK (Deutscher Industrie- und Handelskammer) and DEinternational and other partners, insofar as their involvement is required for the proper performance, coordination, or completion of the registered service.

2. Legal basis for data processing

Where personal data is processed in connection with a telephone inquiry, the legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effectively handling and responding to inquiries. If the purpose of the telephone contact is the initiation or performance of a contractual relationship, the legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of personal data collected during the telephone conversation serves exclusively to process the contact initiated by the caller and to manage the related communication.

Our legitimate interest lies in ensuring efficient communication handling, proper documentation of inquiries, and the fulfilment of requested services. Any additional personal data processed serves solely to ensure operational security and prevent misuse.

4. Duration of storage

Data may be retained for a longer period where contractual or statutory retention obligations apply.

5. Right to Objection and Erasure

The data subject has the right to revoke consent to the processing of personal data at any time. In such cases, the conversation and the inquiry cannot be continued. You may send your revocation of consent and objection to storage in writing via E-Mail to communication@srilanka.ahk.de. All personal data stored in the process of establishing contact will be deleted in such a case, unless relating contractual or statutory retention obligations require otherwise.

X. Sector Committee Membership

1. Description and Scope of Data Processing

You may contact us regarding participation in a sector committee via the provided E-Mail address.

At the time the E-Mail is received, the personal data transmitted by you via E-Mail is stored. Such data is used exclusively for processing the communication, enabling us to respond to your inquiry, and, where necessary, for the fulfilment of the requested task.

If, following the initial contact, you apply to become a sector committee member, additional personal and company-related data will be collected and processed upon receipt of the completed Sector Committee Member Application Form. This data is provided by you voluntarily and may include, in particular:

Company name
Company address
Telephone number
E-Mail address
Fax number
Website
Management details, including the managing director
Committee representative
Designation
E-Mail address
Telephone number
Business-related information, such as a brief company description
Number of employees
Business category
Business sector
Country of ownership.

The processing activities may include the collection, structuring, storage, and use of the data.

The same applies for any further data that may be given by the party in further communication surrounding the Sector Committee involvement, such as event attendances and further insights into company and designation.

Company Data File

To get a further insight into the company, you may provide us further data. This data is provided by you voluntarily and may additionally include, in particular:

Company name of a german Headquarter
The legal entity (Branch, Subsidiary, Representative Office, Distributor, other)
Year of establishment in Sri Lanka
If differing: Registered address
If differing: Operational address
Local contact person
Parent company name
Parent Headquarter location
Industry sector
Main products/services in Sri Lanka
Target market (B2B, B2C, Both, other)
Business model (Direct Sales, Agent/Distributor, Franchise, Joint Venture, other)
Key clients/industries served
Scale of operations (small, medium, large)
Number of employees
Investment volume/capital in Sri Lanka
Number of local employees
Annual turnover
Exports/imports (relevant for trade data)
Production/Assembly in Sri Lanka (yes/no)
Office/factory locations
Interest in future AHK initiatives

The processing activities may include the collection, structuring, storage, and use of the data.

Where required for the performance of the requested and for committees ordinary task, personal data may be disclosed to third parties. Such third parties may include affiliated organisations, in particular our parent organisations DIHK (Deutscher Industrie- und Handelskammer) and DEinternational, as well as other partners, insofar as their involvement is required for the proper performance, coordination, or completion of the registered service.

2. Legal Basis for the Processing of Data

The legal basis for processing personal data transmitted in the course of E-Mail communication is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in processing and responding to inquiries.

The processing of personal data is required to execute a contract whose contractual party is the data subject. Therefore Art. 6 para. 1 lit. b GDPR serves as the legal basis for processing. This also applies to processing that is required for the execution of pre-contractual measures.

Any data processing that is not strictly necessary for the performance of contract, such as data for the Company Data File as well as Photos, Voice and Video Recordings, is based on consent by the data subject pursuant to Section 6 Subsection 1 lit. a GDPR to the extent that we obtain consent from the data subject for the processing of personal data. In this case we will get your consent, that you explicitly consent to the processing of personal data that you shared with us for this purpose, even if it is not strictly necessary for performance of the contract.

For further data storage and processing after the end of the Sector Committee Membership, Section 6 Subsection 1 lit. f GDPR serves as the legal basis, to maintain a legitimate interest of our company (e.g. invitations to meetings, inquiries for input, post-discussions, feedback, assistance in developing business relationships), if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest.

3. Purpose of Data Processing

The processing of personal data transmitted via E-Mail serves to handle the contact initiated by you and the related communication. Our legitimate interest lies in processing inquiries efficiently and appropriately.

Once the Sector Committee Member Application Form has been submitted, AHK Sri Lanka collects and processes personal information of participants for the purpose of: assessing eligibility and compliance for participation in a sector committee, assigning applicants to an appropriate sector committee, documenting relevant business activities of the company and the designated representative, maintaining official records, and contacting applicants in connection with committee activities, events, and further collaborative purposes.

4. Duration of Storage

Personal data is deleted without undue delay once it is no longer required for the purposes for which it was collected. This is generally the case once the respective communication has been conclusively completed. Data submitted as part of a sector committee application may be stored for the duration of the committee membership and as long as necessary to fulfill any contractual or statutory requirements.

5. Right to Objection and Erasure

You have the right to revoke your consent to the processing and storage of your personal data at any time. In such cases, further processing of the inquiry or application may no longer be possible.

Your revocation of consent or objection to processing may be submitted in writing via E-Mail to communication@srilanka.ahk.de. Upon receipt, all personal data processed in connection with the contact or application will be deleted, unless statutory or contractual retention obligations require continued storage.

XI. Trade Fairs

1. Description and Scope of Data Processing

In principle, we collect and use personal data of our users only to the extent it is required for the registration and Implementation of the specific trade fair. The personal data collected via registration form and in in-person interviews includes:

Personal identification data such as full first and last name(s)
Date of birth
Employment
Passport number
Contact details, such as address
Telephone number
E-Mail address
Travel information data
Biometric data as shown in your passport
Potential ethnic data
Financial and potentially banking information

As well as any other types of personal data found within the documentation you have provided to us. These information might include

Company name
Company address
Telephone number
E-Mail address
Fax number
Website
Management details, including the managing director
Committee representative
Representatives' designation
E-Mail address
Telephone number
Business-related information, such as a brief company description
Number of employees
Business category
Business sector
Country of ownership.

We do not collect personal data from any third party other than yourself or your employer.

The processing activities may include the collection, structuring, storage, and use of the data.

2. Legal Basis for the Processing of Data

Any data processing that is not strictly necessary for the performance of the contract is based on consent by the data subject pursuant to Act. 6 para. 1 lit. a GDPR to the extent that we obtain consent from the data subject for the processing of personal data.

For further data storage and processing for preparation and after the conclusion of the trade fair, Art. 6 para. 1 lit. f GDPR serves as the legal basis, to maintain a legitimate interest of our company (Ex. Post-discussions, feedback, invitations to further trade fairs, assistance in developing business relationships), if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the former interest.

In this case we will get your consent, that you explicitly consent to the processing of personal data that you shared with us for this purpose, even if it is not strictly necessary for performance of the contract.

We will further get your expressive consent to the processing special categories of personal data, especially categorized as sensitive, including biometric data, in accordance with Section 9 Subsection 1 and 2 lit. a GDPR in conjunction with Section 6 Subsection 1 lit. a GDPR, insofar as such collection and processing is necessary for the stated purposes, even if it is not strictly necessary for performance of the contract.

3. Purpose of Data Processing

AHK Sri Lanka collects personal information of participants for the purpose of:

Screening participants to ensure eligibility and compliance for participation in the trade fair
Creation of a confirmation letter to assist in the visa application process,
Preparing various Visa supporting Documents and providing related information to the German Embassy or other German authorities,
Facilitation of the trade fair (e.g. hotel bookings, transportation, event registrations),
Documentation purposes (to maintain official records related to the delegation),
Further cooperation and assistance after attendance of the trade fair, if so requested by the participant.

4. Duration of Storage

The personal data collected will be securely stored by AHK Sri Lanka. AHK Sri Lanka will take all reasonable technical and organizational measures to protect the data against unauthorized access, alteration, disclosure, or loss. The data will not be shared with external parties under any circumstances, unless required by law or explicitly consented to by the participant. The participant explicitly consents to the sharing of his personal data with third parties, where required for the purposes and the proper performance, coordination, or completion of the delegation trip to the specific trade fair (for example sharing data with the Hotel, Airline, Embassy or Trade Fair organizer).

The data will be stored and processed in Sri Lanka and the European Union, with the exception of sharing data with Embassies or consular offices located outside the EU or Sri Lanka as well as sharing data with travel service providers (e.g., hotels, airlines) located in third countries. Such transfers are made in accordance with Art. 49 para. 1 lit. a of the GDPR, based on the explicit consent of the data subject as well as the necessity to the performance of a contract in accordance with Art. 49 para. 1 lit. b and lit. c of the GDPR. While every effort is made to ensure data protection, the destination country or service provider may not offer an equivalent level of protection. The applicant acknowledges the possibility of lack of appropriate safeguards and limited enforcement of data protection rights in the destination country.

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. We reserve the right to store personal data for the purpose of easing future participation of the participant in future trade fairs, and further business cooperation of facilitation. If the participant does not wish this, they may object at any time by contacting the data controller or data protection officer mentioned above under section I and section II. All personal data will be deleted no later than 3 years after the end of the collaboration/ end of business relationship between the participant and the AHK Sri Lanka.

5. Right to Objection and Erasure

You have the right to revoke or restrict your consent to the processing and storage of your personal data at any time. In such cases, further processing of any activities regarding the trade fair may no longer be possible.

Your revocation of consent or objection to processing may be submitted in writing via E-Mail to communication@srilanka.ahk.de. Upon receipt, all personal data processed in connection with the contact or application will be deleted, unless statutory or contractual retention obligations require continued storage.

XII. Events

1. Description and Scope of Data Processing

In principle, we collect and use personal data of our users only to the extent it is required for the registration and implementation of the specific event. You may contact us regarding participation in an event via the registration form or by email.

The personal data collected via registration form and written communication includes:

company name;
name of the participant;
designation or position;
telephone number;
email address;
number of tickets required;
names of accompanying guests;
payment-related information.

Upon receipt of the registration form or email, the personal data transmitted by you is stored. Such data is processed exclusively for the purpose of handling the communication, responding to your inquiry, and, where necessary, facilitating your participation in the event.

Personal data is collected and processed upon receipt of the completed registration form. The provision of this data is voluntary and may include, in particular:

The processing activities may include the collection, structuring, storage, and use of the data.

The same applies to any additional personal data provided by you in the course of further communication related to the event, such as confirmations of attendance, changes to participation, or supplementary payment information.

Personal data will not be disclosed to external third parties unless such disclosure is necessary for the stated purposes, required by law, or based on your explicit consent. In this case, we obtain your explicit consent to the disclosure of your personal data to third parties insofar as this is necessary for the organization and implementation of events as well as activities.

2. Purpose of Data Processing

AHK Sri Lanka processes personal data of event participants for the purpose of carrying out its ordinary organisational and event-related tasks, in particular:

to organise, coordinate, and administer events and related activities;
to communicate with participants regarding events, agendas, and logistical arrangements;
to identify participants and manage registrations and attendance;
to maintain internal records and documentation relating to events;
to plan, organise, and follow up on events;
to publish selected insights from events for informational and outreach purposes;
to comply with internal governance requirements and applicable statutory or regulatory obligations.

3. Legal Basis for the Processing of Personal Data

The processing of personal data is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject. The legal basis for such processing is Section 6 Subsection 1 lit. b GDPR.

Any processing of personal data that is not strictly necessary for the performance of the contract—such as the processing of photographs, video recordings, or audio recordings—is carried out on the basis of your consent pursuant to Section 6 Subsection 1 lit. a GDPR, where such consent has been obtained. Any data processing that is not strictly necessary for the performance of contract, such as Photos, Voice and Video Recordings, is based on consent by the data subject pursuant to Section 6 Subsection 1 lit. a GDPR to the extent that we obtain consent from the data subject for the processing of personal data. In this case we will get your consent, that you explicitly consent to the processing of such personal data, even if it is not strictly necessary for performance of the contract.

Where personal data is stored or processed beyond the end of the event, the legal basis is Section 6 Subsection 1 lit. f GDPR, based on our legitimate interest in maintaining professional contact, including invitations to future events, follow-up communication, feedback requests, and support in fostering professional or business-related relationships, provided that your interests, fundamental rights, and freedoms do not override these interests.

4. Data Storage

The personal data collected will be securely stored by AHK Sri Lanka. Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, alteration, disclosure, or loss.

Personal data will not be disclosed to external parties unless such disclosure is necessary for the stated purposes, required by law, or based on your explicit consent. By signing this form, you expressly consent to the disclosure of your personal data to third parties where required for the purposes of organising and conducting events and event-related activities.

5. Right to Objection and Erasure

Your revocation of consent or objection to processing may be submitted in writing via E-Mail to communication@srilanka.ahk.de. Upon receipt, all personal data processed in connection with the contact or registration will be deleted, unless statutory or contractual retention obligations require continued storage.

XIII. Pictures

In the context of various events and related to our work, photographs, voice and video recordings may be taken for documentation, public relations, and communication purposes. The processing of personal data in the form of image, voice and video material is carried out only where this is necessary for the performance of the contractual relationship or where the data subject has given explicit consent.

Where photographs or recordings are used for public relations or marketing purposes, such as publication on our website, social media channels, newsletters, or other communication materials, the processing is based on your consent pursuant to Section 6 Subsection 1 lit. a GDPR. In this case we will get your consent to the taking, storing and publishing such images and recordings, even if it is not strictly necessary for performance of the contract.

You may withdraw your consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. Upon withdrawal, the affected image or video material will no longer be used for the specified purposes and will be removed where reasonably possible, unless statutory retention obligations or overriding legitimate interests require continued storage. If photographs or video recordings are taken solely for internal documentation or organisational purposes, processing may be based on our legitimate interests pursuant to Section 6 Subsection 1 lit. f GDPR, taking into account your rights and freedoms.

XIV. Map service

1. Description and scope of data processing

We use the OpenStreetMap (OSM) map service via the server of the OpenStreetMap Foundation (OSMF), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The map display is accessed with the user's consent. When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation.

The following telemetry data is transmitted to the OSMF:

Telemetry data (IP address; date and time of the request; time zone difference to Greenwich Mean Time (GMT)
on tent of the request (specific pages called up)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software
Internet service provider
Geographic data contributed (points lines, and areas with associated attributes and GPS trace data).

OMS may store cookies in your browser or use comparable recognition technologies for this purpose.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. The processor OMS may process personal data on behalf of the controller in accordance with Art. 4 no. 8 GDPR. Pursuant to Art. 29 GDPR, the processor shall process personal data solely on documented instructions from the controller, unless the processor is required to do so under Union or Member State law (e.g. statutory reporting obligations).

3. Purpose of the data processing

The processing serves to display a map for the purpose of location display and route planning.

4. Duration of storage

Personal data is deleted without undue delay once it is no longer necessary for the purposes for which it was collected. This is generally the case when the respective inquiry has been conclusively resolved. Data may be retained for a longer period where contractual or statutory retention obligations apply.

OMS processes personal data exclusively as a processor on our behalf and in accordance with our instructions pursuant to Art. 28 GDPR.

While OMS carries out the technical processing operations, we ensure compliance with all applicable data protection requirements. In particular, we select processors that provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures, and we continuously monitor and verify compliance with these measures. This includes documented assessments, ongoing oversight, and, where appropriate, audits or inspections in accordance with Art. 28 para. 3 lit. h GDPR.

Further information on the processing of personal data by OMS is available in the data protection information provided by OMS at: https://osmfoundation.org/wiki/Privacy_Policy

5. Possibility of objection and removal

The user has the option to withdraw their consent to the processing of personal data at any time by deleting the underlying cookie in the browser or withdrawing it via the consent management.

XV. Forwarding of personal data to third parties

1. Website operators / Hosting

In line with processing, personal data is forwarded to the agency commissioned to run the website as well as to the technical service provider, Ibexa GmbH. Such is regulated via a corresponding agreement with the service provider. We ensure that the website host works in a manner that complies with data protection requirements. More information can be found in the data privacy information Ibexa at https://www.ibexa.co/de/about-ibexa/datenschutz.

Recipients of your personal data may also include employees of the DIHK and DIHK DEinternational GmbH who are responsible for the maintenance of the website.

2. Website Analysis with Piwik PRO

We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies.

See an overview of the scope of data collected and possible cookies used in this connect by Piwik PRO, under the following link: https://help.piwik.pro/support/privacy/cookies-created-for-piwik-pro-users/.

The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information.

We host our solution on Microsoft Azure in Germany, and the data is stored for 25 months.

The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 para. 1 lit. a GDPR.

Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read the Piwik PRO’s privacy policy.

3. Working with Microsoft Azure and Microsoft MS Dynamics

We host our solution on Microsoft Azure in Germany.

All personal data is collected either directly from the data subject or entered by authorised staff members in the course of business operations and processed within our office programm Microsoft Dynamics 365.

Microsoft Dynamics 365 processes personal data exclusively as a processor on our behalf and in accordance with our instructions pursuant to Art. 28 GDPR. Microsoft Dynamics 365 takes extensive security measures within its online services to protect against data breaches. These measures include both physical and logical security controls, as well as automated security processes, comprehensive information security and privacy policies, and security and privacy training for all personnel. For further information refer to: https://learn.microsoft.com/en-us/compliance/regulatory/gdpr-breach-azure-dynamics?source=recommendations.

While Microsoft Dynamics 365 carries out the technical processing operations, we ensure compliance with all applicable data protection requirements. In particular, we select processors that provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures, and we continuously monitor and verify compliance with these measures. This includes documented assessments, ongoing oversight, and, where appropriate, audits or inspections in accordance with Art. 28 para. 3 lit. h GDPR.

Further information on the processing of personal data by Microsoft Dynamics 365 is available in the data protection information provided by Microsoft Dynamics 365 at: https://learn.microsoft.com/en-us/compliance/regulatory/gdpr.

For personal data from the European Economic Area, Switzerland, and the United Kingdom, Microsoft Dynamics 365 ensures that transfers of personal data to a third country/region or an international organization are subject to appropriate safeguards as described in Art. 46 GDPR. In addition to Microsoft's commitments under the Standard Contractual Clauses for processors and other model contracts, Microsoft continues to abide by the terms of the Privacy Shield framework, but will no longer rely on it as a basis for the transfer of personal data from the EU/EEA to the United States.

4. Third-party content

If you have given your consent to the display of third-party content in the consent management, we will integrate content from other websites and providers on our website, each of which is responsible for the data processing thereby taking place in accordance with Art. 4 no. 7 GDPR. Your end device establishes a direct connection to the server of the respective provider. From that point onwards, the processing of personal data is carried out solely under the responsibility of the respective third-party provider. The third-party provider collects and processes your IP address to establish the connection and play out the content. Insofar as this is a process requiring permission under data protection law, the legal basis is your consent to the display of the content. We ensure that third-party content is integrated in a manner that complies with data protection requirements, in particular by preventing the automatic transmission of personal data without user interaction and by providing transparent information prior to redirection. Any data transfer to third-party providers takes place only upon your voluntary action. You can decide at any time not to display third-party content in the future ("revocation") by setting the corresponding setting in the consent management.

5. Social media sharing button

General notice: Social media plugins usually lead to the fact that every visitor to a website is immediately captured by such services by means of his IP address and that his subsequent browser behavior is logged. This can also occur if you do not press the button. To prevent this, we use the Shariff method. Here, our social media buttons only establish direct contact between the social network and you only if you click on the respective sharing button. This way, you may publish our content in social networks without such networks being able to compile complete surfing profiles.

Facebook

Our website uses plugins of the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. By using the Shariff method, Facebook only gains knowledge of your IP address and your visit to our website if you click the button. If you use the plugin while being logged in on Facebook, Facebook is able to allocate your use to your user account.

The processing of personal data is carried out solely under the responsibility of the respective third-party provider. The third-party provider collects and processes your IP address to establish the connection and play out the content. We ensure that third-party content is integrated in a manner that complies with data protection requirements, in particular by preventing the automatic transmission of personal data without user interaction and by providing transparent information prior to redirection. More information can be found in the data privacy information of Facebook at de-de.facebook.com/policy.php. Regarding the general handling with and the disabling of cookies, we also always refer to our general description in this privacy policy.

Instagram

Our website uses plugins of the social network Instagram 1 Hacker Way, Menlo Park, CA 94025, USA. By using the Shariff method, Instagram only gains knowledge of your IP address and your visit to our website if you click the button. If you use the plugin while being logged in on Instagram, Instagram is able to allocate your use to your user account.

The processing of personal data is carried out solely under the responsibility of the respective third-party provider. The third-party provider collects and processes your IP address to establish the connection and play out the content. We ensure that third-party content is integrated in a manner that complies with data protection requirements, in particular by preventing the automatic transmission of personal data without user interaction and by providing transparent information prior to redirection. More information can be found in the data privacy information of Instagram at: https://mbasic.facebook.com/privacy/policy/printable/version/25862970456621906/. Regarding the general handling with and the disabling of cookies, we also always refer to our general description in this privacy policy.

Our website uses plugins of the social network X (formerly Twitter), operated by Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. By using the Shariff method, X only becomes aware of your IP address and your visit to our website once you click the Repost (Re-Tweet) button.

We have no knowledge of, nor any influence over, the subsequent collection and use of your data by X. Further information may be found in X’s privacy policy. For general information on the handling and deactivation of cookies, we also refer to the relevant sections of this privacy policy.

Xing

Our website uses the Xing Share plugin of the social network Xing, operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. When you click this button, your browser connects to Xing to execute the functions of the plugin. In doing so, no personal data is stored by Xing, nor is your usage recorded via cookies.

Further information can be found in Xing’s privacy policy at www.xing.com/privacy. For general information on the handling and deactivation of cookies, we also refer to the relevant sections of this privacy policy.

LinkedIn

Our website uses the LinkedIn share plugin of the social network LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. By clicking the button, your browser connects to LinkedIn to carry out the functions of the plugin. In this context, no personal data is stored by LinkedIn, and your use is also not recorded via a cookie. More information can be found in the data privacy information of LinkedIn at www.linkedin.com/legal/privacy-policy. Regarding the general handling with and the disabling of cookies, we also always refer to our general description in this data privacy information.

YouTube Videos

We have embedded individual YouTube videos on our website. These videos are stored on the servers of the provider YouTube and can be played directly from our website via an embedded player. The videos are embedded with the enhanced privacy mode enabled. When you play these videos, YouTube cookies and DoubleClick cookies are stored on your device, and data may be transmitted to Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA, as the operator of YouTube.

When playing videos hosted on YouTube, at least the following data is transmitted to Google Inc., as the operator of YouTube and the DoubleClick network, according to the current state of knowledge: IP address and cookie ID, the specific address of the page accessed on our website, system date and time of access, and the identifier of your browser. This data is transmitted regardless of whether you have a Google user account and are logged into it, or whether you do not have a user account. If you are logged in to a Google account, this data may be directly associated with your account by Google. If you do not wish this data to be associated with your profile, you must log out of your Google account before activating the video playback button.

YouTube and/or Google Inc. store this data as usage profiles and may use it for the purposes of advertising, market research, and/or tailoring their websites to meet user needs. Such analysis is carried out in particular (including for users who are not logged in) to provide targeted advertising and to inform other users about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Google as the operator of YouTube.

6. DIHK and DEinternational

Access to your personal data is granted to those employees of AHK who are responsible for handling your inquiry.

In addition, employees of DIHK DEinternational GmbH and/or other AHKs may also be granted access to your personal data where this is necessary for the fulfilment of the respective purpose.

For this purpose, we have concluded an intra-group data transfer and processing agreement within the AHK network, which incorporates the EU Standard Contractual Clauses. The EU Standard Contractual Clauses can be accessed at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

XVI. Rights of the data subject

As a subject of the processing of personal data, you have the following rights. You are entitled to:

According to Art. 13 and 14 GDPR, you have the right to be informed about the processing of your personal data.

According to Art. 15 GDPR, a right to information about the data processed by us.

According to Art. 16 GDPR, a right to rectification if we process incorrect data about you.

According to Art. 17 GDPR, a right to erasure, unless there are exceptions as to why we still store the data, due to statutory retention obligations or other legal bases require continued storage, e.g. retention obligations or limitation periods.

According to Art. 18 GDPR, a right to restriction of processing,

In accordance with Art. 19 GDPR, the right to notification of rectification, erasure or restriction of processing of your personal data. We will inform you as the data subject if you request this.

In accordance with Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to have it transmitted to another controller and this is technically feasible.

In accordance with Art. 21 GDPR, a right to object to processing in the public or legitimate interest, i.e. on the basis of Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. We will no longer process your data if we cannot demonstrate compelling legitimate grounds. In the case of direct marketing or profiling, you do not have to justify your objection (Art. 21 para. 2 GDPR), otherwise a justification arising from your person is necessary.

According to Art. 22 GDPR, you have the right not to be subject to automated individual decision-making, including profiling.

According to Art. 7 para. 3 GDPR, you have the right to withdraw your consent at any time without giving reasons and with effect for the future if the data processing is based on consent (Art. 6 para. 1 lit. a GDPR). You can send us a message of revocation of consent by any communication form listed under section 1. In this case, all personal data will immediately be removed. Please note that this does not include data which is necessary for the performance of a contract pursuant to Section 6 S. 1 lit. b GDPR. You may also object to your data being used on the basis of a legitimate purpose as per Section 6 Subsection 1 lit. f GDPR.

And according to Art. 77 GDPR, you may contact the supervisory authority pursuant if you find that we are not processing your data properly.

For appeals pertaining to data privacy laws, you may contact the competent supervisory authority.

Privacy settings

Here you can manage your data privacy and consent settings for this website. We request certain data to continually improve your experience on our website. We will only collect and use data for specific uses you have consented to. See the settings page for more details.