Privacy Policy

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is Detroit Regional Chamber.

Address: One Kennedy Square, 777 Woodward Ave Suite 800, Detroit, MI 48226

Phone: 313.596.0431

E-mail: tvernier@detroitchamber.com

We have taken technical and organizational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers who work for us.

If we work with other companies, such as email and server providers, to provide our services, this is only done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in connection with technical and organizational skills in data protection. This selection process is documented in writing and a contract in accordance with Art. 28 para. 3

GDPR on the processing of personal data on behalf (DP contract) is only concluded if it meets the requirements of Art. 28 GDPR.

Your data is stored on specially protected servers. Access to it is only possible for a few specially authorized persons.

Our service is SSL/TLS encrypted, which you can recognize by the “”https://”” at the beginning of the URL. If personal data is involved in email communication, emails are sent from our app in encrypted form. We also use the integrated SSL certificate for this.

We only process personal data for as long as is necessary. As soon as the purpose of the data processing has been fulfilled, the data is blocked and erased in accordance with the standards of the erasure concept here, unless statutory provisions prevent erasure.

The technical functions of the app are provided by EventMobi GmbH. The data processing to provide the functionality of the app is carried out by EventMobi GmbH, Warschauer Platz 11-13, Germany; telephone: 030 / 5557 343 0, e-mail address: info@eventmobi.de

The app uses cookies to allow the functionality of push notifications, to organize events, to enable contributions, registration and “following” of events, to provide “real-time” updates, to reflect the period of app usage and to ensure the correct display of the app.

Depending on the type of cookie, the storage time is between 70 and 730 days.

The collection of some data via cookies is absolutely necessary for the use and operation of the app. This data processing is carried out on the basis of the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR to ensure the functioning of the app.

If you have any questions about data protection at EventMobi, please contact EventMobi’s data protection officer: https://webersohnundscholtz.de/ Kemal Webersohn from WS Datenschutz GmbH by e-mail to: eventmobi@ws- datenschutz.de or by post to:

WS Datenschutz GmbH

– Data protection – Dircksenstraße 51 D-10178 Berlin

For more information on data processing, visit: https://www.eventmobi.com/de/datenschutzbestimmungen/

When you visit our service, our web servers temporarily store every access in a log file. The following personal data is recorded and stored until it is automatically deleted:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Amount of data transferred
• Message as to whether the retrieval was successful
• Recognition data of the browser and operating system used
• App from which the access is made
• Name of your Internet access provider
• Name
• E-mail address
• Photo
• Biographical data

Our app offering uses the services of the hosting provider AWS. The data processing is carried out by: Amazon.com Inc, 410 Terry Avenue North, Seattle WA 98109, USA.

The hosting services of AWS are used to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

Further information on the service provider’s data protection can be found here: https://aws.amazon.com/de/privacy/

This data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest is based on making our service accessible to you.

Data processing is carried out for the purpose of enabling the use of the service (connection establishment). It is used for system security, technical administration of the network infrastructure and optimization of the website. The IP address is only analyzed in the event of attacks on our network infrastructure or the network infrastructure of our Internet provider.

The personal data will be deleted as soon as it is no longer required for the above- mentioned purposes. This is the case when you close the service. Our hosting provider may use the data for statistical surveys. However, the data is anonymized for this purpose. The data is deleted by our hosting provider after 12 months.

The collection of data for the provision of the app and the storage of data in log files is absolutely necessary for the operation of the service. Consequently, the user has no option to object.

Our service uses cookies. These are stored on your computer or mobile device when you use our service. Cookies are small text files that provide us or the body that sets the cookie with certain information. Cookies cannot execute programs or transmit viruses to your device. They are used by us to enable you to log in and to analyze the use of our service in anonymized or pseudonymized form and to present you with interesting offers on this app. Various data may be transmitted in this way:

• Frequency of app visits
• Which functions of the service are used by you
• Search terms used
• Your cookie setting
• Your language setting

The legal basis for the processing of data by cookies that do not solely serve the functionality of our service is Art. 6 para. 1 sentence 1 lit. a) GDPR.

The legal basis for data processing for cookies, which are used solely for the functionality of this service, is Art. 6 para. 1 sentence 1 lit. f) GDPR.

Our legitimate interest arises from ensuring a smooth connection setup and convenient use of our service as well as for reasons of evaluating system security and stability. Data processing also takes place in order to enable a statistical evaluation of app usage.

There are two types of cookies. Both are used on this service:

• Transient cookies (see a)
• Persistent cookies (see b)

1. a) Transient cookies, which are automatically deleted when you close the These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our service. The session cookies are deleted when you log out or close the browser.

2. b) Persistent cookies, these are automatically deleted after a specified period, which may vary depending on the

You have the option at any time to withdraw your consent to data processing by cookies that do not solely serve the functionality of the service. In addition, we only set cookies after you have consented to the setting of cookies when you access the app. In this way, you can prevent data processing via cookies in our service.

You can also delete the cookies in the security settings of your browser at any time. We would like to point out that you may not be able to use all the functions of this service. You can also prevent the setting of cookies at any time by making the appropriate settings in your Internet browser.

It is possible to contact us via our service using a contact form or by e-mail. For this purpose, various data is required to answer the request, which is automatically stored for processing. The following data is collected as a minimum (marked as a mandatory field) as part of the contact form:

• First name
• Last name
• E-mail address

The data will not be passed on to third parties.

The legal basis used here is Art. 6 para. 1 sentence 1 lit. b) GDPR.

We process your data exclusively in order to process your contact request.

Your data will be deleted by us as soon as the purpose of the data processing has been fulfilled, usually immediately after the request has been answered. In rare cases, however, we may store your data for a longer period of time. This may result from legal, official or contractual obligations.

You can contact us at any time and object to further processing of your data. In this case, we will unfortunately not be able to continue communicating with you. All personal data processed by us in the course of contacting you will be deleted in this case, unless there are legal obligations to retain your data that prevent deletion.

5.1.1   Description and scope of data processing

We have integrated the services of the provider Tinybird into our app. Tinybird is an event streaming platform that enables us to analyze our event streams. The data processing is carried out by: Tinybird, Calle del Dr. Fourquet, 27, 28012 Madrid

Tinybird uses cookies, which process the following personal data, among others:

• IP address
• Time, place and frequency of visits to our streams

Tinybird uses this data for the evaluation of our events.

Further information on data protection at Tinybird can be found at the following link: https://www.tinybird.co/privacy

5.1.2   Legal basis for data processing

The data processing is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

5.1.3   Purpose of data processing

The purpose of data processing is to analyze and evaluate our events. This enables us to constantly improve our services.

5.1.4   Duration of data storage

The data will be deleted as soon as the purpose of the data processing has been achieved and no legal, contractual or official regulations prevent deletion.

5.1.5   Possibility of removal by the data subject

You have the option to withdraw your consent at any time. To do so, please contact us using the contact details above. You can also contact Tinybird directly at the following e-mail address: privacy@tinybird.co

5.2.1   Description and scope of data processing

New Relic, a web analysis service, is used on this app. The data processing is carried out by: New Relic Inc, 101 Second Street, 15th Floor, San Francisco, CA 94105, USA.

This service enables statistical evaluations of the speed at which our app is accessed. Through the plugin, New Relic receives the information that you have accessed the corresponding page of our website. If you are logged in to New Relic as a user, New Relic can assign the visit to your account there. If you are not a member of New Relic, it is still possible for New Relic to find out and store your IP address. You can find more information here: https://newrelic.com/privacy

5.2.2   Legal basis for data processing

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

5.2.3   Purpose of data processing

It is in our interest to monitor and ensure that our app can be accessed quickly.

5.2.4   Duration of data storage

The data will be deleted as soon as the purpose of the data processing has been achieved and no statutory, contractual or official retention periods prevent deletion.

5.2.5   Possibility of removal by the data subject

You have the option to withdraw your consent at any time. If you are a member of New Relic and do not want New Relic to collect data about you on our app in order to link it to your membership data stored with New Relic, you must log out of New Relic before giving your consent to data processing.

5.3.1   Description and scope of data processing

Retool is a developer of a collaborative analytics platform that is used to make data- based decisions. The data processing is carried out by: Retool, Inc. 1550 Bryant St. San Francisco, CA 94103.

Additional information on data security at the service provider can be found here: Security). The service provider’s privacy policy can be accessed via the following link: https://docs.retool.com/legal/privacy-policy

5.3.2   Legal basis for data processing

The data processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

5.3.3   Purpose of data processing

The service is used to evaluate user behavior and thus draw conclusions about how we can improve our services.

5.3.4   Duration of data storage

Data is deleted as soon as the purpose of the data processing has been achieved and no statutory, contractual or official retention periods prevent deletion.

5.3.5   Possibility of removal by the data subject

You have the option to withdraw your consent to data processing at any time. To do so, please contact us please .[1] [2] [3]

6.1.1        Description and scope of data processing

This service uses the Google Maps product from Google LLC. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you open the app, your browser loads the required geo-information into your browser cache in order to display the map correctly. For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that our service was used via your IP address and which map was displayed. You can find the terms of use for Google Maps at https://www.google.com/intl/de_de/help/terms_maps.html

6.1.2        Legal basis for data processing

The legal basis is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.

6.1.3        Purpose of data processing

The use of Google Maps makes it easier for you to find our location and to interact with it in various ways, e.g. through route planning.

6.1.4        Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose of data processing, unless legal, official or contractual regulations prevent deletion.

6.1.5        Possibility of removal by the data subject

You have the option to withdraw your consent to data processing at any time. If you do not wish to use Google Maps, parts of our service cannot be used.

6.2.1       Description and scope of data processing

For sending emails (e.g. confirmation emails when booking an event), we use the sending service provider Sendgrid. The data processing is carried out by: Twilio Inc, 101 Spear Street, 1st Floor, San Francisco, CA 94105, USA.

The following personal data is processed when e-mails are sent to you by Sendgrid:

• Name
• E-mail address
• Content of the e-mail

Further information on data protection at Twilio, Inc. can be found at the following link: https://www.twilio.com/legal/privacy.

6.2.2        Legal basis for data processing

Data processing by Sendgrid is based on our legitimate interest in the effective and secure transmission of important emails to you, in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

6.2.3        Purpose of data processing

The purpose of data processing is the reliable delivery of e-mails.

6.2.4        Duration of data storage

The personal data will be stored by Twilio for as long as it is necessary to provide us with the service and to conduct our business. All data will be deleted or otherwise destroyed no later than 60 days after the user account with Twilio is closed.

6.2.5        Possibility of removal by the data subject

You have the option of exercising your rights against us at any time. To do so, please contact us using the contact details provided. You can also contact Twilio directly at the following e-mail address: support@twilio.com.

6.3.1        Description and scope of data processing

Eventmobi uses the services of the error management tool Sentry for our app. This offers us the possibility of real-time error tracking for our app in order to reproduce or rectify crashes. This helps us to improve the technical stability of our software. The data processing is carried out by: Functional Software, Inc. dba Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

With the help of Sentry’s services, we are able to respond to errors in our app without the user having to report them. In the event of errors, we log the IP address, the operating system used and the time of the error. Sentry evaluates this data for the purpose of troubleshooting. Processing for other purposes does not take place.

Further information on data protection at Sentry can be found at: https://sentry.io/privacy/.

6.3.2        Legal basis for data processing

The legal basis for processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in the error-free operation and user-friendly provision of our app

6.3.3        Purpose of data processing

The purpose of data processing is to track errors and monitor the performance of the app. This helps us to constantly optimize our app and our services for you.

6.3.4        Duration of data storage

Sentry may retain your personal data for as long as necessary to fulfill the purposes described.

6.3.5        Possibility of removal by the data subject

You have the option of exercising your rights against us at any time. To do so, please contact us using the contact details provided.

To enable us to provide our services, we use the support of service providers from the European area as well as from third countries. In order to ensure the protection of your personal data even in the event of data transfer to a third country, we conclude special order processing contracts with each of the carefully selected service providers. All of the service providers we use have sufficient evidence that they ensure data security through suitable technical and organizational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognized by the EU Commission (Art. 45 GDPR) or have provided suitable guarantees (Art. 46 GDPR).

Adequate level of protection: The provider comes from a country whose adequate level of data protection has been recognized by the EU Commission. You can find more information at: https://ec.europa.eu/info/law/law-topic/data-protection/data- transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

EU standard contractual clauses: Our provider has submitted to the EU standard contractual clauses in order to guarantee secure data transfer. You can find more information on this at: https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules: Art. 47 of the GDPR provides for the possibility of ensuring data protection when transferring data to a third country by means of binding internal data protection rules. These are reviewed and approved by the competent supervisory authorities as part of the consistency procedure in accordance with Art. 63 GDPR.

Consent: In addition, data will only be transferred to a third country without an adequate level of protection if you have given us your consent to do so in accordance with Art. 49 (1) (a) GDPR or if another exception under Art. 49 GDPR applies to the transfer of data.

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a revocation affects the permissibility of the processing of your personal data for the future after you have given it to us. It can be made verbally (by telephone) or in writing by post or e-mail to us.

In the event of a request for information, you must provide sufficient information about your identity and provide proof that the information is yours. The information concerns the following information:

• the purposes for which the personal data are processed;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
• the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
• the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• all available information about the origin of the data if the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have a right to rectification and/or completion vis-à-vis us as the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

In addition, you may request the deletion of personal data concerning you if one of the following reasons applies to you:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
• The personal data concerning you has been processed
• The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If we have made the personal data concerning you public and we are obliged to delete it in accordance with Art. 17 para. 1 GDPR, we will take all reasonable measures to inform other data controllers that you have requested the deletion of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not exist if the processing is necessary:

• to exercise the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health in accordance with 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical

research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the assertion, exercise or defense of legal

Under the following conditions, you can request that we restrict the processing of your personal data:

• if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
• if you have objected to the processing pursuant to 21 (1) GDPR and it is not yet certain whether our legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

If you have asserted your right to rectification, erasure or restriction of data processing against us, we are obliged to notify all recipients of your personal data of the rectification, erasure or restriction of data processing. This only applies insofar as this notification does not prove to be impossible or would involve a disproportionate effort.

You have the right to know which recipients have received your data.

You have the right to receive your personal data from us in a commonly used, machine-readable format in order to have it transmitted to another controller, provided that

• the processing is based on consent pursuant to 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR and
• the processing is carried out using automated

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

If we base the processing of your personal data on a legitimate interest (pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR) on our part, you can object to the processing. The same applies if we base the data processing on Art. 6 para. 1 sentence 1 lit. e) GDPR.

When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been submitted will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

To exercise these rights, please contact:

Address: One Kennedy Square, 777 Woodward Ave Suite 800, Detroit, MI 48226

Phone: 313.964.4000

E-mail: members@detroitchamber.com

We reserve the right to amend this privacy policy in compliance with the statutory provisions.