Data protection information

Part A of this data protection information provides you with information about the processing of your personal data in connection with the use of our website (hereinafter referred to as "website") and the functions provided on it;

In Part B, we inform you about special forms of processing in section I and local data protection requirements in section II.

Part A

I. Name and Address of the Controller

The website is operated by DIHK and DIHK DEinternational GmbH, both located at Breite Straße 29, 10178 Berlin, as joint controllers for specific topics together with

Singaporean-German Chamber of Industry and Commerce (hereinafter referred to as "AHK or SGC") 

25 International Business Park, 

#03-105 

Singapore 609916 

Singapore 

Tel.: +65 6433 5330

We will be happy to provide you with excerpts from the joint controller agreement. Please contact ahk@ahk.de.

Processing operations for which the AHK is solely responsible are described below in Part B

Part B I 1 Special Forms of Processing: Newsletter

Part B I 2 Special Forms of Processing: Membership Inquiry and Application

Part B I 3 Special Forms of Processing: Contact Form and Email

Part B I 4 Special Forms of Processing: Events

Part B I 5 Special Forms of Processing: Job Application

Part B I 6 Special Forms of Processing: Performance of Service

Part B I 7Special Forms of Processing: Supply

Part B I 8Special Forms of Processing: Cookies

Part B I 9 Special Forms of Processing: Social Media Button

Part B II Local Data Protection Requirements

II. EU Representative

As AHK is not based in the EU, it has appointed DIHK, Breite Straße 29, 10178 Berlin, as its EU representative in accordance with Art. 27 of the General Data Protection Regulation ("GDPR").

III. Name and Address of the Data Protection Officer

The data protection officer of the controller is:

Data Protection Officer at Singaporean-German Chamber 
25 International Business Park, #03-105 
Singapore 609916 
Singapore

Tel.: +65 6433 5330 
Email: dataportection@sgc.org.sg

IV. Provision of the Website and Creation of Server Log Files

1. Data Categories and Description of Data Processing

The following data is processed each time our website is accessed:

· IP address;

· Date and time of access;

· Time zone difference to Greenwich Mean Time (GMT);

· Specific website accessed;

· Access status/HTTP status code;

· Amount of data transferred in each case;

· Website from which you came;

· Browser;

· Operating system and its interface;

· Language and version of the browser software;

· Internet service provider (collectively referred to as "server log files").

2. Legal Basis and Purpose of Data Processing

The legal basis for the processing of your personal data when you use our website are the public tasks assigned to us is, Art. 6 (1) (e), (3) GDPR in conjunction with Section 10a IHKG, in particular the representation of the overall interests of associated businesses in the Federal Republic of Germany at national, European, and international level, the promotion of the economy, and the coordination and promotion of the AHK network, including delegate offices as well as representative offices, and the promotion of foreign trade of the Federal Republic of Germany. To promote this purpose, a functional website is provided, and the associated processing of personal data takes place.

3. Data Retention

Server log files are deleted after seven days at the latest.

In the event of an error, logs are also generated, which are then stored for a period of 30 days for error analysis as well as problem tracking and are then deleted.

4. Data Recipients

The server log files are accessible to those employees of the controller who are responsible for maintaining the website. In this context, employees of DIHK DEinternational GmbH may receive access to your personal data. For this reason, AHK, DIHK, and DIHK DEinternational GmbH have concluded a data protection group agreement that regulates the processing and transfer of personal data within the AHK network.

We also use third-party services on our website. For more information about these services and the associated data processing, please visit [ Part B] and the cookie settings.

V. Website Analysis with PIWIK Pro Analytics Suite

1. Data Categories and Description of Data Processing

We use Piwik PRO Analytics Suite as our website analysis software. We collect data about website visitors in the form of server log files and cookies. For an overview of the cookies placed in this context, please refer to the following link: https://help.piwik.pro/support/privacy/cookies-created-for-piwik-pro-users/. For a description of the server log files, please refer to Section IV.1

2. Legal Basis and Purpose of Data Processing

The purpose of using PIWIK PRO Analytics Suite is to track certain usage patterns, such as bounce rate, page views, and session duration, to understand how our website is used. We may also create visitor profiles based on browsing history to analyze visitor behavior, display personalized content, and conduct online campaigns. The legal basis for analytics and conversion tracking is your consent pursuant to Art. 6 (1) (a) GDPR.

3. Data Retention

If you have provided us with your consent for analytics and conversion tracking, we will retain your personal data for a period of 25 months and then delete it thereafter, unless you withdraw your consent; in this case, we will no longer retain any personal data once we have received your withdrawal. Your withdrawal only takes effect for the future and has no effect on the previous processing of your data up to the time of your withdrawal.

4. Recipients

The recipients of your personal data are employees of DIHK DEinternational GmbH and the AHK who are responsible for maintaining the website. In addition, it may happen (e.g., in troubleshooting cases) that employees of PIWIK PRO Analytics Suite, AHK, and DIHK DEInternational GmbH receive access to your personal data. PIWIK PRO Analytics Suite uses third-party providers, some of which are based in the USA, to provide its services, so it is possible that your personal data may be transferred to these third-party providers. For more information, please refer to the PIWIK PRO privacy policy.

VI. Use of cookies

1. Data Categories and Description of Data Processing

We use Piwik PRO to manage consent and collect personal data via cookies for this purpose. We also use cookies to make our website more user-friendly. Cookies are small text files that are placed on your computer. For an overview of the cookies placed in this context, please refer to the following link: https://help.piwik.pro/support/privacy/cookies-created-for-visitors-by-piwik-pro/. Some of the cookies we place are deleted from your device at the end of your browser session ("session cookies"). In addition, we also set permanent cookies that remain on your device to recognize you, for example, when you visit our website again.

If cookies are set, they process certain user information to an individual extent, as described in the link.

You can control the use of cookies at any time through your browser settings, which provide you the option of deleting or blocking cookies. However, this may result in the functionality of our website being restricted. We also use social media buttons on our website; for more information, please refer to Section VIII.

2. Legal Basis and Purpose of Data Processing

The legal basis for the management of consent by PIWIK PRO is our legitimate interest of a legally compliant and usage-specific consent management pursuant to Art. 6 (1) (f) GDPR.

If personal data is processed through individual cookies placed by us, the processing is carried out on the following legal bases:

• Necessary cookies: The processing of personal data through necessary cookies is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR, as these cookies are necessary for the proper functioning of the website. The placing of cookies is also based on Section 25 (2) No. 2 TDDDG, according to which the storage of information on your device or access to information already stored on your device is absolutely necessary for us to provide a digital service that you have expressly requested – our website.
• All other cookies: The placing of these cookies in accordance with Section 25 (1) TDDDG and the processing of personal data is based on your consent in accordance with Art. 6 (1) (a) GDPR. These cookies collect information about your use of our website, which we use to improve its functionality and your user experience.

3. Data Retention

Data for consent management is stored for a period of 25 months.

You can find an overview of the cookies we place and their storage time at the following link: https://help.piwik.pro/support/privacy/cookies-created-for-visitors-by-piwik-pro/.

4. Recipients

Your personal data will be accessed by those employees of the controller who are responsible for maintaining the website. In addition, it may happen (e.g., in troubleshooting cases) that employees of PIWIK PRO receive access to your personal data. Insofar as PIWIK PRO employees receive access to personal data, we implemented necessary arrangements to protect your personal data, in particular by concluding data processing agreements in accordance with Art. 28 GDPR, pursuant to which PIWIK PRO is obligated to maintain confidentiality.

VII. Map Service

1. Data Categories and Description of Data Processing

We have integrated the map service "Google Maps Service (via iframe) (“GMS”) into our website. This is a service provided by the Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA , which is the controller for GMS pursuant to Art. 4 No. 7 GDPR.

The map is displayed only after you have provided your consent.

To display GMS, server log files are transmitted to the Google Map Service. For information on how your personal data is processed by the OpenStreetMap Foundation, please refer to the Google Maps Service‘s privacy policy at https://policies.google.com/privacy.

2. Legal Basis and Purpose of Data Processing

The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) (a) GDPR. The processing of your personal data serves to display a map for the purpose of location display and route planning.

3. Data Retention

For information on processing and storage periods, please refer to: https://policies.google.com/privacy 

4. Recipient

Google Maps Service is the recipient of your personal data.

VIII. Automated Decision-Making and Profiling

Except for the processing described in section V, your personal data will not be processed by us for automated decision-making and/or profiling.

IX. Obligation to Provide Personal Data

You may choose not to provide us with your personal data or provide us with incomplete data. In such cases, for example, if you prevent the placing of cookies, this may mean that you are unable to use all the features of our website. If you wish to become a member and do not provide us with your personal data, we may not be able to process your membership application.

X. Data Subject Rights

You can contact AHK directly either in writing or by email dataprotection@sgc.org.sg to exercise the following rights:

• Information about your data to check and verify it
• Receive a copy of your personal data
• Correction, deletion, or restriction of processing; this also includes the right to complete incomplete or incorrect data by providing additional information,
• Right to object to the processing; please note that Art. 21 GDPR provides you the right to object to the processing of personal data we process on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR. You have the right to object to the processing of your personal data for reasons arising from your particular situation; if the objection is directed against the processing of personal data for direct marketing purposes, you have a general right to object without the need to specify a particular situation.
• You can receive your provided personal data in a structured, commonly used, and machine-readable format and transmit this data to another controller, provided that the processing is based on your consent or on a contract.

If you have provided us with your consent to process your personal data, you can withdraw this consent at any time with effect for the future.

You also have the right to lodge a complaint with a supervisory authority in connection with the processing of your personal data. To exercise this right, you can contact the authority competent for your place of residence or the authority competent for AHK:

The supervisory authority competent for our EU representative is the Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Str. 153, 53117 Bonn.

Part B

Special Forms of Processing and Local Data Protection Requirements

I. Special Forms of Processing

1. Newsletter

1.1. Description and scope of data processing

On our web page, there is the option to subscribe to a free newsletter. Our newsletter may include information on our products and services, current economic topics, promotions and upcoming events, held by SGC and its partners and invitation for participation on business surveys. During the registration for the newsletter, data from the input mask added by iFrame is transmitted to the service provider commissioned by us for email marketing software providers.

The following data is collected: Title, First name(s); Last name; Company; Address; E-Mail; Telephone. Furthermore, the following data is collected upon registration: Date and time of registration.

For the processing of data, in line with the registration process, we obtain your consent and refer to this data privacy information. In connection with the processing of data for the sending of newsletters, except for the provider of email marketing software, data is not forwarded to third parties. Such data is only used for the newsletter to be sent to you.

We may use a double opt-in procedure to subscribe to our newsletter. In these cases, after your registration we will send you an Email to the specified E-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration, your information will be automatically deleted. The purpose of the process is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

1.2. Legal basis for the processing of data

Legal basis for the processing of data after registration for the newsletter by the user is Section 6 Subsection 1 lit. a GDPR. You can withdraw your consent to receive the newsletter at any time. To do so, click on the link at the end of the newsletter or send an email to SGC.Membership@sgc.org.sg.

1.3. Purpose of data processing

Collection of the email address of the user is done to deliver the newsletter.

1.4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. The email address of the user is therefore stored for as long as the newsletter subscription is active.

1.5. Newsletter tracking

To optimize our newsletter offer, we may personalized newsletter tracking. In this context, besides the email address, we also collect activities connected to the newsletters (click behavior including opening rates, click rates and bounce rate at the individual level in order to improve our email campaigns). We engage the services of third party providers to deliver or send our newsletter to you. Additionally, the third-party service providers may process personal data to pursue its legitimate interest, in particular relating to risk management and the evaluation of the mailing lists (e.g. to avoid risks of spam, phishing or fraud) for the purpose of establishing a reliability score.

1.6. Right to withdraw

You can withdraw your consent to receive the newsletter at any time. To do so, click on the link at the end of the newsletter or send an email to SGC.Membership@sgc.org.sg.

2. Membership Inquiry and Membership application form

2.1. Membership Inquiry

2.1.1 Description and scope of data processing

On our website, we give our users the option to inquire about our membership programs (“Membership Inquiry”) while providing personal data. In the process, data is entered into an input mask, transmitted and stored.

The following data is collected in line with the registration and inquiry process:

First name and last name, job title, company name. The collection of your work and mobile phone number may be made optional.

At the time of inquiry, the following data is stored: Date and time of registration; Used browser; Operating system.

For the processing of data in line with the inquiry about our membership, we obtain your consent and refer to this data privacy information.

2.1.2. Legal basis for the processing of data

The legal basis for processing data marked as mandatory fields is Article 6(1)(b) GDPR, i.e. processing is necessary for the implementation of pre-contractual measures, particularly the review of your membership application, which is carried out at your request. The legal basis for processing data that is not marked as mandatory and which you provide voluntarily is your consent in accordance with Art. 6(1)(a) GDPR. This information helps us to gain a more complete picture of your membership.

2.2. Membership application form

2.2.1 Description and scope of data processing

Users have the option to apply to our membership program by filling out a membership application form (“Membership Application”). The Membership Application may be sent to interested parties after you contacted SGC e.g. through the Membership Inquiry form on our website. Different membership categories are available in accordance with our Constitution.

The following data is collected in the membership application form:

first name(s), last names, title, E-mail, telephone number, language skills of the individual member(s) or the member representative(s) as well as the company name, address and company profile. You have the option in the application form to consent and provide us with your photograph and date of birth on a voluntary basis.

2.2.2 Legal basis for the processing of data for membership application

The legal basis for processing data marked as mandatory fields is Article 6(1)(b) GDPR, contract. The legal basis for processing data that is not marked as mandatory and which you provide voluntarily is your consent in accordance with Art. 6(1)(a) GDPR. This information helps us to gain a more complete picture of your membership.

2.2. 3 Purpose of data processing in membership application

The personal data in the membership application form is required for the administration, maintenance, management and termination of a membership contract with the member, or for the execution of pre-contractual measures.

In accordance with the membership benefits under the membership agreement we process the personal data currently for:

(1) inclusion in our SGC membership directory (available in physical and electronic forms through the membership app)

(2) inclusion in our publications including our newsletter, business magazines, marketing material and on SGC’s website and social media platforms such as Facebook and LinkedIn

(3) to send greeting cards (such as birthday and holiday cards), business magazines, surveys and invitations to events organized by SGC and its partners to you.

2.3. Duration of storage

Data is deleted as soon as it is no longer required to fulfil the purpose of its collection. This is the case for data collected during the registration and application process for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfil contractual or statutory requirements.

2.4. Option for objection and removal

As a member, you have at any time the option to terminate your membership in accordance with the membership terms. Your stored personal data can be amended at any time. To amend or delete your data, please contact: SGC.Membership@sgc.org.sg

If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

If information is provided on voluntary basis, you can withdraw your consent at any time by sending an Email to SGC.Membership@sgc.org.sg.

2.5 Recipients

Your personal data will be accessed by those SGC employees who are responsible for processing membership applications. In addition, employees of other German Chambers of Commerce Abroad, employees of the DIHK as well as DIHK DEInternational GmbH (collectively referred to as the "AHK network") may also receive access to your personal data, as the AHK receives support from DIHK DEinternational GmbH and DIHK for central services such as controlling, accounting, office, process and quality management, as well as IT services. We have concluded an internal group data transfer and processing agreement with the AHK network for this purpose.

3. Contact Form and Email Contact

3.1. Description and scope of data processing

On our web page, there is a contact form that can be used to contact us electronically. If a user utilizes this option, data entered into the input mask is transmitted to us and stored.

For the processing of data in line with the sending of the message, we obtain your consent and refer to this data privacy information.

In addition to your personal data described here, we also process server log files (see Part A, IV.1) when you access our contact form.

As an alternative, you may also contact us via the provided email address. In such a case, the personal data of the user transmitted via email is stored. In this context, such data is not forwarded to third parties. Such data is only used for the processing of the conversation.

3.2. Legal basis for the processing of data

Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand. Legal basis for the processing of data transmitted in line with the sending of an email is Section 6 Subsection 1 lit. f GDPR.

If the purpose of the contract via email is entering into a contract, the additional legal basis for processing is Section 6 Subsection 1 lit. b GDPR.

3.3. Purpose of data processing

The processing of personal data from the input mask only helps us to process the contact that was established and the communication that was sent by you. If contact is established via email, our required legitimate interest is also in the processing of such data. Other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

3.4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for personal data from the input mask of the contact form and for data sent via email if the respective conversation with the user is finished. The conversation is finished if it can be deduced from the circumstances that the respective matter is clarified in a concluding fashion.

3.5. Option for objection and removal

The user has the option to revoke his consent for the processing of personal data. If the user contacts us via email, he may object at any time to the storing of his personal data. In such a case, the conversation cannot be continued. You may send your revocation of consent and objection to storage in writing via email to Info@sgc.org.sg. All personal data stored in the process of establishing contact will be deleted in such a case.

3.6 Recipients

Your personal data will be accessed by those employees of SGC who are responsible for responding to inquiries. In addition, employees of DIHK DEinternational GmbH and/or other AHKs may also receive access to your personal data to answer the inquiry. For this purpose, we have concluded an internal data transfer and processing agreement with the AHK network, which incorporates EU standard contractual clauses. You can view the EU standard contractual clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

4. Events- Registration and Conduct

4.1. Description and scope of data processing

Events may include, for example panels, discussions, symposiums, functions, business matchings and delegation trips for different clients and business communities e.g. including Young Professional Network events (“Events”).

4. 1.1 Online form

We may give our users the option to register online for our Events while providing personal data.

In the process, data is entered into an input mask, transmitted and stored.

The following data is collected in line with the registration process:

First name and Last name, Job title, E-Mail address. Providing work and cell phone numbers are optional. In case we organize an event, and a meal is served, we collect your dairy restrictions.

At the time of registration, the following data is stored: Date and time of registration; Used browser; Operating system. In line with the registration process, consent is obtained from the user for processing of such data.

4.1.2 Electronic Form

Alternatively we may give our users the option to register through an electronic form by Email for our Events while providing personal data.

The following data is collected in line with the registration process:

First name and Last name, Job title, E-Mail address. Providing work and cell phone numbers are optional. In case we organize an event and a meal is served we collect your dairy restrictions. In line with the registration process, consent is obtained from the user for processing of such data.

Third party events venues (e.g. ministries, ports, factories) might require identity verification such as visitor passport or ID number, date and place of issuing of the identification document by the venue owner. We may facilitate the collection of the identification documentation and share the information with the venue.

4.2. Legal basis for the processing of data

Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand. If the registration serves the execution of a contract whose contractual party is the user, or the execution of pre-contractual measures, the additional legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR- contract.

4.3. Purpose of data processing

A registration of the user is required for the execution of a contract with the user, or for the execution of pre-contractual measures. Your registration may be an event registration.

4.3.1 Event registration

For administering the online registration process, we may use an online event registration platform. We use Eventbrite to administer the registration of our events. We use the data provided as described above. We have no knowledge of any subsequent potentially collection and use of your data and have no influence on such. For more information read Eventbrite privacy policy: https://www.eventbrite.sg/help/en-sg/articles/460838/eventbrite-privacy-policy.

SGC may organize joint Events in collaboration with third party co-organisator(s) or participate in third party events and project. We may participate in projects of the DIHK, DIHK Service GmbH or DIHK DE International GmbH and this involves the transmission of personal data of project participants to the DIHK, DIHK Service GmbH or DIHK DE International GmbH and German and Singaporean ministries and government agencies. In these cases the personal data provided during the registration process will be shared between SGC and the parties to organize and manage the Event.

4.3.2. Conduct of the Events

4.3.2.1 Physical Events

Registration detail including your name will be used by SGC employees to administer attendance and access to an Event.

Please note that photos will be taken and/or videos filmed at the event for the purpose of documenting the event and as part of our public relation work such as the release, publication and reproduction in SGCs publication (print, online, social media). If you do not wish to be photographed, please avoid the area where photography and filming takes place and / or speak directly to the photographer so that your request can be ta

Legal basis for the processing of data is Section 6 Subsection 1 lit. a GDPR- consent, if the consent of the user is on hand. If the use of photos and / or cinematic images of your person for SGC publications (print media, online, social media) is in our legitimate interest, the legal basis for the processing of data is Section 6 Subsection 1 lit. f GDPR.

4.3.2.2 Online Events

We use Microsoft Teams for online events. In the process, your personal data in the form of video or audio as well as the login data are processed. You can decide for yourself whether the camera and microphone are switched on or off. In addition, you have the option to share content. If you participate in the chat function, we process your personal data contained in the chat texts, and the other participants also have knowledge of this content. As a matter of principle, we do not record online events. If exceptionally a recording is made the participants will be notified of this in advance.

In the case of the use of Microsoft Teams, your personal data will be transferred to the service provider. For details on data processing by Microsoft, please refer to Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement. When using Microsoft services, personal data may also be processed in the USA.

Your data will be processed on the basis of Section 6 Subsection 1 lit. b GDPR– contract.

4.3.2.3 Recording of the online Event

Insofar as a recording is made, we have obtained consent from you in advance. In this regard, the data is processed on the basis of Section 6 Subsection 1 lit. a GDPR – consent.

4.3.2.4 Networking

Where you have given us your consent, we may share your personal data such as your name, your company’s name and Email address with other members, clients and participants and attendees who attend an Event organized by SGC and its partners together with you so that you may continue to communicate with them and vice versa. The legal basis for the processing is Section 6 Subsection 1 lit. a GDPR – consent.

If at any time, you do not wish to have your information shared, you may submit your request by email to the Membership Department at SGC.Membership@sgc.org.sg (if you are a member of SGC) or to the named organizer at the SGC CT or DE International department or at info@sgc.org.sg (if you are a client of SGC) as the case may be.

4.4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for data collected during the registration process for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.

4.5. Option for objection and removal

As user, you have at any time the option to cancel the event registration and to revoke consent for the processing of personal data. In such cases the event participation may not be continued.

Your stored personal data can be amended at any time. To amend or delete your data, please contact the respective department organizing the event (1) the membership department under SGC.Membership@sgc.org.sg for member events of SGC or (2) info@sgc.org.sg for other events.

If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

5. Job Application Process

5.1. Description and scope of data processing

We advertise job openings on our SGC website and selected, external recruitment websites. Applicants can submit their applications to SGC through the Email address specified in the recruitment advertisement.

The following data is collected in the process:

(a) first and last name, gender, date, country and city of birth, nationality;

(b) telephone numbers, email address and other contact details;

(c) employment visa status, if required;

(d) resume, educational qualifications, professional qualifications and certifications and employment references;

(e) employment and training history;

We do not ask you to provide us with special categories of personal data (i.e. information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sexual orientation or your photograph) as part of personal data unless explicitly required or permitted by law in a given case. In case you provide us with these special categories of personal data, you hereby explicitly consent to the processing of these data as described herein.

5.2. Legal basis for the processing of data

Legal basis for the processing of data of data subjects targeted in the EU is Section 6 Subsection 1 lit. a GDPR if the consent of the user is on hand or national laws.

Processing of personal data of data subjects located in Singapore, the legal basis for data processing is consent.

5.3. Purpose of data processing

Data, knowingly and voluntarily provided in connection with a job application will be collected and used by us for the following purposes (a) assessing and evaluating your suitability for employment for the advertised position within SGC and the organizations of our members and clients; and (b) verifying your identity and the accuracy of your personal details and other information provided.

In order to manage the application, the personal data will be shared internally with the person responsible for the recruitment including HR and the hiring manager.

If SGC acts as a licensed recruitment agency for a third party employer, your personal data will also be shared with this named employer.

5.4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection.

We initially store your personal data for the duration of the application process. If we do not fill the vacancy with you, we will delete your data six months after the position is filled, unless you have consented to further storage.

5.5. Option for objection and removal

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. If you are a job applicant, you may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to the Email address of the Deputy General Manager or the Recruiting Manager at the contact details listed on our website. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be able to process your job application (as the case may be).

6. Performance of Service

6.1. Description and scope of data processing

Where you have engaged us to provide our services to you, including recruitment services, business matching services, event organization and trade fair services, we will use your personal data to carry out our obligations arising from any contracts entered into between you and SGC and to provide you with information on the services.

The following data is collected: First name and Last name, Job title, E-Mail address and work and cell phone numbers. If meals are provided as part of the service will also disclose any dietary restrictions that you provided to us to the catering companies to ensure that your dietary restrictions are met.

Part of the service offer includes providing interested companies with market studies or business match making. For contacts we use databases or research in publicly accessible sources. The basis for the data research is the legitimate interest in fostering and improving the economic relationship and exchange between companies from Singapore and Germany.

6.2. Legal basis for the processing of data

The processing serves the execution of a contract or the execution of pre-contractual measures, the legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR- contract. Legal basis for data research is the legitimate interest Section 6 Subsection 1 lit f GDPR of SGC to foster economic relationship and exchange between companies from Singapore and Germany.

6.3. Purpose of data processing

Personal data is required for the execution of a contract, or for the execution of pre-contractual measures.

6.4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for data collected for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.

6.5. Option for objection and removal

As a contracting party, you have at any time the option to terminate the contract in accordance with the respective termination clause. Your stored personal data can be amended any time and in accordance with the contractual terms.

If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

7. Supply of Goods and Services to SGC

7.1. Description and scope of data processing

Where we have engaged you to provide goods and services to us for a fee, we will use your personal data to carry out our obligations arising from any contracts entered into between you and SGC.

The following data is collected: First name and Last name, Job title, E-Mail address and work and cell phone numbers, company name and address as well as bank details and UEA number.

7.2. Legal basis for the processing of data

The processing serves the execution of a contract or the execution of pre-contractual measures, the legal basis for the processing of data is Section 6 Subsection 1 lit. b GDPR- contract.

7.3. Purpose of data processing

Personal data is required for the execution including payment of a contract, or for the execution of pre-contractual measures.

7.4. Duration of storage

Data is deleted as soon as it is no longer required to fulfill the purpose of its collection. This is the case for data collected for the execution of a contract or for the execution of pre-contractual measures if such data is no longer required for the execution of the contract. Even after having entered into a contract, the requirement to store personal data of the contractual partner may remain in existence to fulfill contractual or statutory requirements.

7.5. Option for objection and removal

As a contracting party, you have at any time the option to terminate the contract in accordance with the respective termination clause. Your stored personal data can be amended any time and in accordance with the contractual terms.

If the data is required for the execution of a contract or the execution of pre-contractual measures, a premature deletion of such data is only possible to the extent that contractual or statutory requirements do not preclude deletion.

8. Cookies

In addition to the Piwik cookies described in Part A, the following cookies are also placed by this local website:

Outlook: If you use features on our website that are provided by Microsoft Outlook or Microsoft 365, such as calendar bookings or embedded forms, this service is provided by Microsoft and is embedded in our website. Microsoft sets the following cookies on your device:

The overview indicates that some cookies are deleted from your device at the end of your browser session. Furthermore, certain cookies are classified as "necessary cookies". These cookies are essential for the proper functioning and display of our website.

The legal basis for setting these cookies is your consent, as outlined in Art. 6 (1) (a) GDPR, except for necessary cookies, which may be set pursuant to Art. 6 (1) (f) GDPR based on our legitimate interest, as the functionality of the website is dependent on these cookies. The legal basis for the

setting of the cookie is also outlined in Section 25 (2) No. 2 TDDDG, which stipulates that the storage of information on your device or access to information already stored on your device is essential for us to provide a digital service that you have explicitly requested – namely, our website. For more information on data processing by Microsoft, please refer to the Microsoft Privacy Statement.

YouTube: Our website utilizes "YouTube" videos. This service is provided by Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "YouTube"). When you visit our website, which contains an embedded YouTube video, YouTube will place cookies and similar technologies on your device to collect information about website visitors.

The overview indicates that some cookies are deleted from your device at the end of your browser session; these cookies are known as "session cookies."

The legal basis for setting these cookies is your consent in accordance with Art. 6 (1) (a) GDPR. For more information on YouTube's data processing, please refer to Google's privacy policy: How Google uses cookies – Privacy Policy & Terms of Service – Google

9. Social media buttons

Our website contains social media buttons for the following social networks:

i. LinkedIn

The social media button is operated by LinkedIn Ireland Unlimited Company (hereinafter referred to as "LinkedIn"), located at Wilton Place, Dublin 2, Ireland. When you click on the social media button, your browser connects to LinkedIn's servers. This process involved the transfer of your personal data to LinkedIn. If you are logged into your LinkedIn account while visiting our website, LinkedIn may assign this information to your personal LinkedIn account. Information on the processing of your personal data by LinkedIn can be found in LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy . The legal basis for your use of the social media button is your consent in accordance with Art. 6 (1) (a) GDPR.

ii. YouTube Videos

If we embed YouTube videos on our website, these videos are hosted on servers belonging to Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland. We have embedded the videos using the so-called "advanced privacy settings." This means that your personal data is not transferred directly to YouTube when you visit our website. Only when the video is actively clicked to play will personal data be transferred to YouTube in the form of server log files and cookie IDs. At this point, cookies will also be set by YouTube.

This data is transferred regardless of whether you have a Google user account that you are logged into or not. If you are logged into a Google account while visiting our website, this data will be assigned to your account by Google. To ensure that this data is not assigned to your Google account, it is necessary to log out of your Google account before activating the video. For information on the processing of your personal data by YouTube, please refer to YouTube's privacy policy, which you can access here: Privacy Policy – Privacy Policy & Terms of Service – Google.

iii. Facebook

The social media button is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. If you click on the social media button while you are logged into your Facebook account, Facebook will assign your use to your user account.

For more information about how Facebook handles personal data when you use Facebook, please refer to Facebook's privacy policy at de-de.facebook.com/policy.php.

iv. Instagram

The social media button, which displays a camera icon, is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as "Instagram"). When you click on the social media button, your browser establishes a direct connection to Instagram's servers, and your personal data is transferred. If you are logged into your Instagram account while visiting our website, Instagram will link your visit to our website to your account. Information on data processing by Instagram can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy.

v. X

Twitter International Unlimited Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland (hereinafter referred to as X) is the operator of the social media button X. Clicking on the retweet button will result in the transfer of your personal data to X. If you are logged into your X account while visiting our website, X will assign this information to your X account. For more information on data processing by X, please refer to X's privacy policy.

vi. Xing

The social media button for the social network Xing is operated by New Work SE (hereinafter referred to as "XING"), Am Strandkai 1, 20457 Hamburg, Germany. When you click on the XING social media button, your browser connects to the XING servers. Your personal data is then transferred to Xing. If you are logged into your XING account while visiting our website, XING can assign this information to your personal XING account. Information on the processing of your personal data by XING can be found in Xing's privacy policy at www.xing.com/privacy.

II. Local Data Protection Requirements

SGC respects your privacy and is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 and subsequent amendments (“the PDPA”).

1. Personal Data under PDPA

Personal data is defined by the PDPA as data whether true or not, about an individual who can be identified from that data or from that data and other information to which an organization has or is likely to have access.

Business contact information is not covered under the PDPA or this Data Protection Information Policy. Business contact information refers to an individual’s name, position, title, company name, business telephone number and any similar information about the individual, not provided by the individual solely for their personal purpose (“Personal Data under PDPA’)

What Personal Data under PDPA we collect and how we process it and share with and for what purpose is described in the previous sections of the Policy. If reference is made to the specific sections of the GDPR for the legal basis, the same categories (consent or legitimate interest) apply under PDPA. In case the legal basis is a precontractual relationship, we rely on deemed consent under PDPA.

2. How do we protect your Personal Data under PDPA?

SGC will take reasonable steps to protect your Personal Data under PDPA against unauthorized access and collection, use, disclosure, copying, modification, disposal or similar risks. We implemented a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your Personal Data under PDPA.

3. Rights of the data subjects

Where the GDPR is not applicable to you, you have the following rights under the PDPA, subject to the exceptions under PDPA:

3.1 Right to access and obtain copies of Personal Data under PDPA, that we hold about you;

3.2 Right to correct Personal Data under PDAP that we hold about you that is incorrect;

Please note that under PDPA you may be required to pay a reasonable administration fee (to the extent permitted) for us to process such request.

3.3 The consent that you provide for the collection and processing of your personal data will remain valid until such time that it is being withdrawn by you in writing.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we will seek to process and effect your request within 30 days of the receipt of your request.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to process your job application, register you for an event or provide our services to you. We will, in such circumstances, notify you before completing the processing of your request as outlined above. Should you decide to cancel your withdrawal of consent, please inform us in writing as described above.

Please note that withdrawing consent does not affect our rights to continue to collect and process personal data where such collection and processing without consent is permitted or required under applicable laws.

If you are concerned about the processing of your Personal Data under PDPA, you can make a complaint to the Singapore Personal Data Protection Commission.

4. Update to our privacy statement

We may update or revise this Policy from time to time and where appropriate, we will notify you accordingly with an updated version on our website.

Last updated March 2026