I.Name and Address of the Data Controller:
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection regulations, is:
AHK Iraq
Baghdad, Iraq
AL-Mansour Melya Hotel, Floor 1L
Hay Al-Salheya, Haifa Street
Baghdad, Iraq
Erbil, Iraq
World Trade Center (Gulan Tower), Gulan Street
7th Floor, Office No. 03
Erbil, Kurdistan Region of Iraq (KRG)
II. Name and Address of the Data Protection Officer
AHK Iraq has not appointed a Data Protection Officer. However, you can contact us regarding data protection-related inquiries via the contact details provided above.
III. General Information on Data Processing
1. Scope of the Processing of Personal Data
We process personal data of our users only to the extent necessary to provide a functional website, as well as our content and services. The processing of personal data of our users is generally carried out only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons, and the processing of data is permitted by legal regulations.
2. Legal Basis for Processing Personal Data
- When we obtain consent from the data subject for processing operations, Article 6(1)(a) of the GDPR serves as the legal basis.
- If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for pre-contractual measures.
- If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and these interests are not overridden by the data subject’s interests, fundamental rights, or freedoms, Article 6(1)(f) of the GDPR serves as the legal basis.
3. Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to exist. Data may be stored beyond this period if required by European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. Data will also be deleted or blocked once a storage period prescribed by these norms expires, unless further storage of the data is required for the conclusion or performance of a contract.
IV. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the accessing computer system. The following data is collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
- Websites accessed by the user’s system via our website
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.
3. Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. Additionally, the data is used to optimize the website and ensure the security of our information technology systems. Data is not analyzed for marketing purposes in this context.
4. Storage Duration
Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.
- In the case of data collection for providing the website, this occurs when the respective session ends.
- In the case of log file storage, data is deleted after no more than seven days. Extended storage is possible if the IP addresses of users are deleted or anonymized, preventing any association with the accessing client.
5. Objection and Removal Options
The collection of data for providing the website and the storage of data in log files is essential for operating the website. Therefore, the user has no option to object in this regard.
II. Use of Cookies
a) Description and Scope of Data Processing
We use cookies to make our website more user-friendly. Certain elements of our website require that the calling browser can be identified even after navigating to a different page. No personal data is collected in the process.
The following data is stored and transmitted via cookies:
- fonts: A standard cookie variable used by us to reload fonts in the browser after updates.
- fullcss: A standard cookie variable used by us to reload the CSS file in the browser after updates.
Maximum cookie lifespan: 730 days
We also use cookies on our website that enable the analysis of users' browsing behavior.
The following data can be transmitted in this way:
When visiting our website, users are informed about the use of cookies for analysis purposes via an information banner and are referred to this privacy policy. Additionally, users are informed about how to disable cookie storage in their browser settings. This service is provided via the consent manager of the Piwik PRO Analytics Suite.
The use of analysis cookies is intended to improve the quality of our website and its content. Analysis cookies help us understand how the website is used, enabling us to continually optimize our offerings.
We use the following cookies from the Piwik PRO Analytics Suite:
- _pk_id: Collects statistics on user visits to the website, such as the number of visits, average time spent on the website, and pages read. Standard expiration: 1 year.
- _pk_ref: Used by the Piwik PRO Analytics Suite to identify the referring website that directed the user to our website. Standard expiration: 6 months.
- _pk_ses: Used by the Piwik PRO Analytics Suite to track page views during the user session. Standard expiration: 24 hours.
b) Legal Basis for Data Processing
The legal basis for processing personal data using technically necessary cookies is Article 6(1)(f) GDPR.
The legal basis for processing personal data using cookies for analysis purposes is the user's consent in accordance with Article 6(1)(a) GDPR.
c) Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some website functions cannot be provided without the use of cookies. For these functions, it is necessary to recognize the browser even after switching pages.
We require cookies for the following applications:
- fonts: A standard cookie variable used to reload fonts in the browser after updates.
- fullcss: A standard cookie variable used to reload the CSS file in the browser after updates.
Maximum cookie lifespan: 730 days
The user data collected through technically necessary cookies is not used to create user profiles.
e) Duration of Storage, Objection, and Removal Options
Cookies are stored on the user's device and transmitted to our website. Therefore, as a user, you have full control over the use of cookies. By adjusting your browser settings, you can disable or restrict the transfer of cookies. Cookies that have already been saved can be deleted at any time, including automatically. If cookies are disabled for our website, some functionalities of the website may not work fully.
III. Newsletter
1. Description and Scope of Data Processing
Our website provides the option to subscribe to a free newsletter. When signing up for the newsletter, the data entered in an input form embedded via iFrame is transmitted to the email marketing software provider we have engaged.
The following data is collected:
- Title
- First name
- Last name
- Email address
Additionally, the following data is collected at the time of registration:
- Date and time of registration
As part of the registration process, your consent is obtained for data processing, and reference is made to this privacy policy. Except for the email marketing software provider, no data is shared with third parties in connection with newsletter data processing. The data is used exclusively for sending the newsletter.
2. Legal Basis for Data Processing
The legal basis for processing data after the user has subscribed to the newsletter is the user's consent, in accordance with Article 6(1)(a) GDPR.
For newsletters sent as part of a membership using data registered in our database, the legal basis is Article 6(1)(b) GDPR.
3. Purpose of Data Processing
The purpose of collecting the user's email address is to deliver the newsletter.
4. Duration of Storage
The data is deleted once it is no longer necessary for the purpose for which it was collected. The user's email address is therefore stored as long as the newsletter subscription is active.
5. Newsletter Tracking
To optimize our newsletter offerings, we use personalized newsletter tracking. In addition to the email address, we record activities related to newsletter delivery (e.g., click behavior).
6. Objection and Removal Options
The user may cancel the newsletter subscription at any time. Each newsletter contains a corresponding unsubscribe link for this purpose.
Alternatively, you can also send an email to [ info@irak.ahk.de ].
IV. Registration
(Membership Application, Event Registration, Publication Order)
1. Description and Scope of Data Processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input form and transmitted and stored by us. There is no transfer of the data to third parties.
The following data is collected during the registration process:
(List of relevant data to be inserted here)
At the time of registration, the following data is also stored:
- Date and time of registration
- Used browser
- Operating system
As part of the registration process, the user's consent for the processing of this data is obtained.
2. Legal Basis for Data Processing
The legal basis for processing the data is the user's consent, in accordance with Article 6(1)(a) GDPR. If the registration serves the performance of a contract in which the user is a party or the implementation of pre-contractual measures, the additional legal basis for processing the data is Article 6(1)(b) GDPR.
3. Purpose of Data Processing
User registration is required to fulfill a contract with the user or to carry out pre-contractual measures. Your registration may be an application for membership or an event registration.
- For more information, refer to our information obligations:
- Information obligation for Partnership applications (info@irak.ahk.de)
- Information obligation for event registration (info@irak.ahk.de)
4. Duration of Storage
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case for data collected during the registration process for the fulfillment of a contract or the performance of pre-contractual measures once the data is no longer necessary for the execution of the contract. Even after the completion of the contract, there may still be a need to store personal data of the contracting party in order to fulfill contractual or legal obligations.
Note for AHK: Ongoing contractual relationships require the storage of personal data during the contract term. Additionally, warranty periods must be observed, and data must be stored for tax purposes. The retention periods to be followed cannot be determined generally but must be individually assessed for each contract and party.
5. Objection and Removal Options
As a user, you have the right to cancel your registration at any time. You can request to change or delete your stored data at any time. Please contact us via [ info@irak.ahk.de ] for changes or deletions of your data.
If the data is necessary for the fulfillment of a contract or for the performance of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations that would prevent deletion.
V. Contact Form and Email Contact
1. Description and Scope of Data Processing
Our website features a contact form that can be used for electronic communication. If a user takes advantage of this option, the data entered in the input form is transmitted to and stored by us.
At the time of submitting the message, the following data is also stored:
- Date and time of submission
- Used browser
- Operating system
For processing the data, the user’s consent is obtained as part of the submission process, and reference is made to this privacy policy.
Alternatively, it is also possible to contact us via the provided email address. In this case, the personal data transmitted via email will be stored. No data is transferred to third parties in this context. The data will be used solely for processing the conversation.
2. Legal Basis for Data Processing
The legal basis for processing the data is the user's consent in accordance with Article 6(1)(a) GDPR. The legal basis for processing the data transmitted by email is Article 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for processing the data is Article 6(1)(b) GDPR.
3. Purpose of Data Processing
The processing of the personal data from the input form serves solely to process the contact request. In the case of email contact, there is also a legitimate interest in processing the data. The additional personal data processed during the submission process serves to prevent misuse of the contact form and ensure the security of our information technology systems.
4. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input form of the contact form and those transmitted via email, this will be the case once the respective conversation with the user is concluded. A conversation is considered concluded when it is apparent from the circumstances that the matter in question has been resolved. The additional personal data collected during the submission process will be deleted at the latest after three months.
5. Right to Object and Removal
The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. You can inform us of your withdrawal of consent and your objection to the storage via email at [info@irak.ahk.de]. All personal data stored during the contact process will be deleted in this case.
VI. Disclosure of Personal Data to Third Parties
Website Operator
As part of commissioned data processing, personal data may be shared with the agency responsible for operating the website and the technical service provider. The contractual arrangement is governed by an agreement with the service provider.
Social Media Sharing Buttons
General note: Social media plugins typically lead to each visitor of a page being immediately tracked by these services via their IP address and their subsequent browsing behavior. This can happen even if the user does not click on the button. To prevent this, we use the Shariff method. With this method, a direct connection between the social network and you is only established once you click on the respective share button. If you are already logged into a social network, the action will happen automatically without an additional window on Facebook and Google+. For Twitter, a pop-up window will appear allowing you to edit the tweet text. This allows you to share our content in social networks without these networks being able to create complete browsing profiles.
Our site uses plugins from the social network Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. However, with the Shariff method, Facebook only learns of your IP address and your visit to our website once you click the button. If you click the plugin while logged into Facebook, Facebook may associate your use with your user account. We have no knowledge of and no control over the collection and use of your data by Facebook. More information can be found in Facebook’s privacy policy at Facebook Privacy Policy.
Google+
Our site uses plugins from the social network Google+ by Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland. With the Shariff method, Google only learns of your IP address and your visit to our website once you click the button. If you click the plugin while logged into Google+, Google may associate your use with your user account. We have no knowledge of and no control over the collection and use of your data by Google+. For more information, you can refer to Google’s privacy policy at Google Privacy Policy.
Our site uses plugins from the social network Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. With the Shariff method, Twitter only learns of your IP address and your visit to our website once you click the retweet button. We have no knowledge of and no control over the collection and use of your data by Twitter. You can find more information in Twitter’s privacy policy at Twitter Privacy Policy.
Our site uses the Xing Share Plugin from the social network Xing, XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. Clicking on this button will connect your browser to Xing’s servers, but no personal data is stored by Xing, nor is your usage recorded via a cookie. More information can be found in Xing’s privacy policy at Xing Privacy Policy.
Our site uses the LinkedIn Share Plugin from the social network LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Clicking on this button will connect your browser to LinkedIn’s servers, but no personal data is stored by LinkedIn, nor is your usage recorded via a cookie. You can find more information in LinkedIn’s privacy policy at LinkedIn Privacy Policy.
YouTube Videos
We occasionally embed YouTube videos on our website, which are hosted on YouTube’s servers and can be played via embedding. The videos are embedded with enhanced privacy settings enabled. When you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer, and data may be transmitted to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, as the operator of YouTube.
Website Analysis with PiwikPro
We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include the visitor’s IP address, operating system, browser ID, browsing activity, and other information. More details can be found in Piwik PRO’s privacy policy.
VII. Rights of the Data Subject
Under the EU General Data Protection Regulation (GDPR), you have the following rights:
If your personal data is processed, you have the right to obtain information about the data stored about you (Art. 15 GDPR).
If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).
If the legal requirements are met, you may request the deletion or restriction of the processing of your data and object to the processing (Art. 17, 18, and 21 GDPR).
If you have given consent for data processing or there is a contract for data processing, and the processing is carried out using automated procedures, you may have the right to data portability (Art. 20 GDPR).
In case of data protection complaints, you can contact the competent supervisory authority:
Notes: The following additions must be made if your location uses additional external services. After the list, a note about the requirements of the elements to be added follows. Please remember to conclude a data processing agreement with external providers if they process personal data from your website. It is also necessary to include a relevant section on how the data is protected during transfer and by the service provider.
Blog: AHKs using an external blog must also display a privacy policy on it and point out the comment function in the blog.
Plugins, Widgets, etc.: If your AHK uses plugins, iFrames, or widgets, this must be noted in your privacy policy.
In this context: Disclosure of personal data to third parties Here, the AHK must provide information on the nature, scope, purpose, and duration of the processing of personal data by third parties. This applies to cases like event management, job portals, or external directories. As part of data processing agreements, personal data may also be shared with the agency operating the website. This is regulated by a corresponding agreement. If advertising is necessary for the financing of the website, a justification under Art. 6 Abs. 1 lit. f GDPR may be applicable.
Payment Function: If your AHK works with a payment service provider (such as PayPal), an appropriate passage must be included in the privacy policy. If the processing of data is necessary for the conclusion of the contract, Art. 6 Abs. 1 lit. b GDPR serves as the legal basis for the data processing.
Advertising and Marketing Services: If your AHK uses third-party services such as Google AdSense or AdWords, you must add an appropriate section under the "Disclosure of Personal Data to Third Parties" section.
Requirements for Adding Additional Elements: The addition of elements to the sample privacy policy must state the type, scope, purpose, duration, and revocation options for the specific data processing.
The structure could be as follows:
Scope of Personal Data Processing: Here, it should be described in detail which personal data is processed on the website by whom and in what manner.
Legal Basis for Personal Data Processing: Here, the legal basis for the processing of personal data is mentioned. In most cases, this will come from the catalog of Art. 6 Abs. 1 GDPR.
Purpose of Data Processing: Here, the purposes of processing personal data by the website operator should be described in detail. If the processing is based on Art. 6 Abs. 1 lit. f GDPR, the legitimate interest in the processing should typically also be included here. However, it is always necessary to check whether there are less intrusive means available to achieve the purpose, which would less significantly affect the interests of the users in protecting their personal data.
Duration of Storage: As a general rule, data is deleted once the purpose of its collection has been fulfilled. However, it should be specified in individual cases when this is the case. If no exact details can be provided, at least criteria should be named that make it easier for the user to determine the deletion time.
Possibility of Objection and Deletion: For each data processing, users must be informed about how to prevent the processing of their data or how already processed data can be deleted prematurely. If the user has given consent to the processing, they must be able to withdraw this consent at any time. The withdrawal should not be more difficult than the initial consent.