Data Protection Policy

DATA PROTECTION POLICY

1. General

The EU India Business Support is implemented on behalf of the European Union by a consortium led by the GFA with the European Business and Technology Centre (EBTC) and EUROCHAMBERS. For the purpose of carrying out the implementation, the project frequently needs to collect, process, and retain personal data, such as names, office addresses, phone numbers, or other data, including more sensitive information. The EU General Data Protection Regulation (GDPR) will be followed.

2. Extent of personal data processing

We process our users’ personal data only to the extent required for providing a functional website and supplying our content and services. We process our users’ personal data regularly only if the respective users have given their consent. The only exception to this is where it is actually impossible for us to obtain prior consent and processing of the data is legally allowed.

3. Data collected

We collect user’s data – personal or otherwise – for various reasons which are provided in this document. It includes the following data:

  • user’s identifying information (surname, first name, e-mail address, delivery address and country);
  • the type of domain with which user connects to the Internet;
  • the IP address assigned to the user;
  • the date and time of user’s access to our website;
  • the pages viewed on our website;
  • the type of browser, platform and/or operating system user is using;
  • the search engine and the keywords used to find the website;
  • information provided by user by filling forms on the website including information provided at the time of subscribing to our newsletter, registering for an event or requesting further services;
  • if user contacts us, we may keep a record of that correspondence for the time necessary to answer the request.

4. Legal basis for processing personal data

Where we obtain the corresponding users’ consent for processing their personal data, Article 6 paragraph 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

Where we need to process personal data for the purposes of fulfilling a contract and the user is party to the contract, Article 6 paragraph 1 (b) of the GDPR serves as the legal basis. This also applies to processing necessary to accommodate preparations for entering into a contract.

Where processing of personal data is necessary for us to fulfill a legal obligation, Article 6 paragraph 1 (c) of the GDPR serves as the legal basis.

Where processing of personal data is necessary for protecting the vital interests of the user, or those of another individual, Article 6 paragraph 1 (d) of the GDPR serves as the legal basis.

Where processing is necessary to protect our or a third party’s legitimate interests, and such interests are not overridden by the interests, fundamental rights and freedoms of the user, Article 6 paragraph 1 (f) of the GDPR serves as the legal basis.

5. Details and extent of data processing

Any time our website is accessed, our system automatically records data and information concerning the accessing computer.

The following data is recorded:

  • Information on the browser type and version used
  • The user’s operating system
  • The user’s Internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user’s system reaches our website
  • Websites the user’s system accesses from our website

This data is also recorded in our system’s log files. This data is not stored together with any of the user’s other personal data.

6. Purpose of data processing

Our system needs to temporarily record the IP address in order to provide the website to the user’s computer. This also requires that the user’s IP address remains logged throughout the session.

Recording the data in log files is necessary to ensure that the website operates correctly. The data further helps us optimise the website and ensure that our computer systems remain secure. No data is processed for marketing purposes in this context.

The above purposes also constitute our legitimate interests in data processing under Article 6 paragraph 1 of GDPR.

7. Website Analytics

The EU India Business Support draws on the services of google analytics to analyse usage data. No other use is made of the data, and the data are not passed on to third parties. The following information is stored for each page you view and each file you download:

  • Technical details of the browser used
  • Anonymous IP address
  • Date and time
  • Page opened/name of the file downloaded
  • Quantity of data transferred
  • Notification of whether viewing or download was successful
  • Number of hits
  • Country location
  • Notification whether viewing or download was successful

Temporary session cookies are used each time you view an individual page, to make navigation easier. Cookies are small text files that are stored locally in your browser cache. Session cookies do not include any personal data and expire at the end of each session. We do not use methods such as Java applets or ActiveX controls that make it possible to track your browsing behaviour.

Data is processed based on Article 6 paragraph 1 (f)of the GDPR with the legitimate interest of analysing usage to improve the company’s website.

8. Registration

Any personal details collected through the form in Upcoming Event registration page is solely for the purpose of the particular event, and would not be used for any other purpose. Your personal details will not be shared with any third party. We do not share personal information with companies, organizations and individuals outside the EU India Business Support Project.

The Contact Us section of this website includes interactive maps from Google Maps that can be activated with a double click. If you do this, information concerning your use of the website (including your IP address) may be transferred and saved to a Google server. Google will pass this information on to third parties if required to do so for legal reasons or if third parties process this data on behalf of Google. Please note that we as the provider of our sites are not informed of the data transmitted or of how Google uses the data.

9. Newsletter

8.1 Details and extent of data processing

Our website offers you the option of subscribing to our free newsletter or similar subscriptions. When you register a subscription, the data you enter in the input screen is sent to us:

  • Email address
  • Company/organisation
  • Salutation
  • First name
  • Surname
  • Country
  • Selected interests

We also record the following data as part of registration:

  • The IP address of the computer accessing our website
  • Date and time of registration

During the registration process, we will ask you to give your consent to our processing the data and will point you towards this data policy. – Applicable only for EBTC

No data will be forwarded to third parties as part of data processing when supplying the newsletter. The data will be used solely for supplying the newsletter.

8.2 Legal basis for data processing

The legal basis for processing data after newsletter subscription and with the user’s consent is Article 6 paragraph 1 (a)of GDPR.

8.3 Purpose of data processing

We record the user’s email address to allow us to send out the newsletter.

We collect the other data as part of subscription registration to prevent our services from being used inappropriately and to prevent the email address from being fraudulently used. The data also helps us provide tailored information.

8.4 Data storage period

The data is deleted as soon as it is no longer required for achieving the purpose for which it was recorded. We therefore keep the user’s email address on record for as long as the user remains subscribed to the newsletter.

The other personal data collected during registration will also be deleted when the user unsubscribes from the newsletter.

8.5 Right to object and options for avoidance

Users can unsubscribe from the newsletter at any time. The newsletter itself includes a corresponding link.

This also allows users to withdraw their consent regarding our storing of the personal data collected during registration.

10. Cookies

Cookies are small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user’s previous browsing activity.

We do not use any methods to track your browsing behaviour such as Java applets or ActiveX controls. Temporary etracker cookies: These session cookies are used for user analysis. They do not contain any personal data and expire at the end of the session, or at the end of a user survey, which is generally carried out every two years.

11. Contact forms

When you use the contact form, we process your title, first and last names, email address and, where appropriate, your postal address. If you contact us through email, we will store the personal user data included in the email.

The data is processed based on Article 6 paragraph 1 (b)of the GDPR for the purpose of receiving the query formulated in the contact form. The legal basis for processing data received as part of email communication is Article 6 paragraph 1 (f)of GDPR. If email communication pursues conclusion of a contract, the legal basis shall further be Article 6 paragraph 1 (b)of GDPR.

We process the personal data obtained from the input screen solely for the purposes of handling contact. Where users contact us via email, this also constitutes the legitimate interest in processing the data. The other personal data processed during transmission serve to prevent abuse of the contact form and to ensure that our computer systems remain secure.

Data is transmitted to us using an SSL-encrypted connection, which makes it significantly more difficult for unauthorized persons to intercept it. Similarly, to queries sent to us by email, queries transmitted using the contact form are deleted following a 12-month retention period.

12. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy and compliances of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

13. Other web pages

This website uses cookies, i.e. small files containing short texts for technical processing. Without cookies – in other words, for example, when cookies have been deactivated in the browser – full use of this website is not possible.

14. Social Media Plug-ins

We maintain an online presence in social media and platforms to communicate with the prospects and users active there and to keep them up-to-date on our project. When accessing social media networks and platforms, the respective operators’ terms and conditions and data policies will apply.

Unless noted otherwise in our data policy, we process the data of users who communicate with us through social media networks or platforms, e.g. by leaving comments on our websites or sending us messages.

Our start section includes social media plugins of Twitter and LinkedIn that can be activated with a double click. If you do this, information concerning your use of the website (including your IP address) may be transferred, saved and used by Twitter or LinkedIn. The mentioned companies will pass this information on to third parties if required to do so for legal reasons or if third parties process this data on their behalf.Please note that we as the provider of our sites are not informed of the data transmitted or of how Twitter or LinkedIn uses the data.

15. Recipients of personal data

  • Data is not shared with third parties.
  • As a general principle, data will not be transmitted to third states.

16. Duration of data retention

The user’s personal data will be deleted as soon as the purpose for which it has been collected has been fulfilled. Data may remain on record beyond this period if such is specified in European or national legislation from European Union Regulations, laws or other provisions to which the controller is subject. Data will also be deleted if a storage period specified in the above standards expires unless conclusion or fulfillment of a contract requires the data to remain on record further.

17. Personal data are regularly deleted when

  • the individuals concerned have not given any separate authorization;
  • they are no longer needed for contractual purposes (e.g. for employment, top-ups, rental, sale or service contracts);
  • statutory data storage obligations and periods have expired.

18. Your rights

18.1 Right of access

You are entitled to request information from the controller on whether we are processing any personal data related to yourself.

If we do, you can further request information from the controller on the following:

  • the purposes to which the personal data is being processed;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data relating to yourself is or will be disclosed;
  • the period for which the personal data relating to yourself is intended to remain on record or, if this cannot be specified, the criteria for defining the storage period;
  • whether you are entitled to demand correction or deletion of the personal data relating to yourself, to demand limitation of processing by the controller or to object to processing;
  • whether you are entitled to file a complaint with a supervisory authority;
  • everything available on the data’s source if the entity you are enquiring with did not obtain it themselves;

You are entitled to request information on whether the personal data relating to yourself will be transmitted to a non-EU member state or international organisation. You are entitled in this context to request information on suitable safeguards according to Article 46 of GDPR related to the transmission.

18.2 Right to rectification

You are entitled to request that the controller corrects and/or completes the personal data relating to yourself if this data is incorrect or incomplete. The controller is obliged to do so without delay.

18.3 Right to restriction of processing

You can request limits to the processing of personal data relating to yourself if the following applies:

  • If you contest the correctness of the personal data relating to yourself for a period that allows the controller to check the data’s correctness;
  • Processing of the data is illegal and you object to deletion of the data in favour of restricting the personal data’s use;
  • The controller no longer requires the personal data for the purposes of processing, but you need them to legitimise, exercise or defend a legal claim;
  • You have objected to processing in accordance with Article 21 paragraph 1 of GDPR and it has not yet been established whether the controller’s legitimate interests outweigh your own.

If processing the personal data relating to yourself has been limited, the data can without your consent be used neither to assert, exercise or defend legal claims nor to enforce protection of another individual’s or legal entity’s rights nor can it be processed in the public interest of the European Union or one of its member states. This does not apply to the storing of the data.

If processing has been restricted in accordance with the above conditions, you will be notified by the controller before any restrictions are lifted.

18.4 Right to erasure

a) Obligation to delete

You can request that the controller delete the personal data relating to yourself immediately; the controller is then obliged to delete the data immediately, provided one of the following conditions applies:

  • The personal data relating to yourself is no longer required to achieve the purposes for which it was collected or otherwise processed.
  • You withdraw your consent, under which processing became legitimate as per Article 6 paragraph 1 (a) or Article 9 paragraph 2 (a) of GDPR, and there is no other legal basis for processing.
  • You object to processing as per Article 21 paragraph 1 of GDPR and your objection is not overridden by legitimate reasons for processing, or you object to processing as per Article 21 paragraph 2 of GDPR.
  • The personal data relating to yourself have been processed unlawfully.
  • Deletion of the personal relating to yourself is necessary for the controller to fulfill a legal obligation imposed upon them by European Union law or the national laws of European Union member states.
  • The personal data relating to yourself has been collected in connection with the offer of information society services as per Article paragraph 1 of GDPR.

If the controller has published personal data relating to yourself and has become obliged to delete it as per Article 17 paragraph 1 of GDPR, the controller will take action, including technical measures, using the available technology and at appropriate expense with the aim of notifying any controllers processing your personal data that you as the user have requested deletion of all links to said personal data or to copies or reproductions thereof.

c) Exceptions

The right to erasure becomes void if processing is necessary:

  • to exercise of the right to free expression and information;
  • to fulfill a legal obligation requiring the controller to process the data imposed upon them by European Union law or the national laws of a European Union member state, or to complete a duty in the public interest or to perform executive duties appointed to the controller;
  • in the interests of public health and safety as per Article 9 paragraph 2 (h), (i) and Article 9 paragraph 3 of GDPR;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes as per Article 89 paragraph 1 of GDPR, provided that the right described in section (a) can be reasonably assumed to prevent or seriously impede achievement of the processing purposes;
  • to assert, exercise or defend legal claims.

18.5 Notification obligation

If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is under obligation to notify all recipients to whom the personal data relating to yourself has been disclosed of the corresponding rectification or erasure of data or of the restriction of their processing. The controller is exempted from this obligation where such notification proves impossible or unreasonable.

You have the right to be informed of who these recipients are.

18.6 Right to object

You are entitled to object for reasons arising from your own personal situation at any time against processing of personal data relating to yourself where processing is legitimised by Article 6 paragraph 1 (e) or (f) of GDPR; this applies in equal measure to profiling legitimised by these provisions.

The controller will cease to process your personal data unless they can prove compelling legitimate reasons for processing that override your interests, rights and liberties or processing pursues the assertion, exercise or defence of legal claims.

18.7 Right to Data Portability

You have the right to ask for any data supplied directly to the controller, to be provided in a structured, commonly used, and machine-readable format.

18.8 Rights in relation to Automated Decision Making and Profiling;

You have the right not to be subject to a decision based solely on automated processing.

18.9 Right to withdraw your consent under data protection law

You are entitled to withdraw your consent under data protection law at any time. Your withdrawing consent does not affect legitimacy of any processing that has occurred with your consent prior to withdrawal.

18.10 Right to complain with a supervisory authority

If you believe that processing of personal data relating to yourself is in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state you, your place of work or the locale of the alleged infringement are in. This does not affect your recourse to other administrative or judicial remedies.

The supervisory authority receiving the complaint will keep the appellant up to date on status and results of the complaint, including on recourse to judicial remedies as per Article 78 of GDPR.

19. Changes to our data policy

We reserve the right to amend this data policy to keep it in line with the latest legal requirements or to adjust it to reflect changes to our services, e.g. if we introduce new services. The latest version of our data policy will apply to any further visits.

Data Protection: Data processing is the responsibility of the consortium members under EU India Business Support Project

Postal address:

EBTC New Delhi – Head Office
DLTA Complex, South Block, 1st Floor 1,
Africa Avenue New Delhi 110 029, INDIA

Contact details of the data protection officer: dpo@ebtc.eu

If you have any questions or complaints about this website, please contact the data protection officer (see contact information provided above).

Get Involved

Get In Touch

Others?

If you want to be updated on the Indian market and policies in key sectors, activities, events, or business opportunities that might be of interest for you, please sign up.