Data Protection

The controller is the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH.

Postal adress:
Friedrich-Ebert-Allee 36 + 40, 53113 Bonn
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn

Project Contact: lukas.hilgers@giz.de

Contact details of the data protection officer: datenschutzbeauftragter@giz.de

Information on the collection of personal data

General

GIZ processes personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Personal data are, for example, name, address, email addresses and user behaviour.

GIZ only processes personal data to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which the data is required.

Collection of personal data when visiting our website

When visiting the GIZ website, the browser used automatically transmits data that is saved in a log file. GIZ itself processes only the data that is technically required in order to display the website correctly and to ensure its stability and security.

Each time the website is accessed, the data stored includes, but is not limited to, the page that is viewed, the IP address of the accessing device, the page from which the user was redirected, as well as the date and time of access. A detailed list of the data stored is shown below.

Log file fields

Field Displayed as Description
Date date The date on which the activity occurred.
Time time The time, in coordinated universal time (UTC), at which the activity occurred.
Server IP address s-ip The IP address of the server on which the log file entry was generated.
Method cs-method The requested action, for example, a GET method.
URI Stem cs-uri-stem The target of the action, for example, Default.htm.
URI query cs-uri-query The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages.
Server port s-port The server port number that is configured for the service.
User name cs-username The name of the authenticated user who accessed your server. Anonymous users are indicated by a hyphen.
Client IP address c-ip The IP address of the client that made the request.
User agent cs(User-Agent) The browser type that the client used.
Referrer cs(Referrer) The site that the user last visited. This site provided a link to the current site.
HTTP status sc-status The HTTP status code.
Protocol substatus sc-substatus The substatus error code.
Win32 status sc-win32-status The Windows status code.
Time taken time-taken The length of time that the action took, in milliseconds.

The data in the log file is deleted after seven days.

GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG)). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.

Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.

Cookies

This website uses cookies (text files containing small amounts of information which are downloaded to your device when you visit a website and enable you to use the site). Without cookies – for example, where cookies have been disabled in the browser – you will not be able to make full use of this website.

  • Temporary cookies: These session cookies are used for user analysis (see above). They do not contain any personal data and expire at the end of the session, or at the end of a user survey, which is generally carried out every two years.

The legal basis for the processing of data in connection with session cookies is Article 6 (1) e GDPR.

Website Analytics

This site uses Matomo to analyse user behaviour. Cookies collect information about user behaviour on the site, including the abbreviated IP address of the device being used, and send it to the server. The server anonymises the information and stores it for the purpose of analysing user behaviour. The state of current technology ensures that once information has been anonymised, it can no longer be traced back to the originating device or connection. Information produced by cookies is shared only with the internally operated server. It is never shared with third parties.

When individual pages of our website are accessed, the following data are saved:

  • Page title
  • Search terms that took the user to the page
  • Search engines
  • Page URL
  • Number of pages visited
  • Location of the user (country)
  • Provider
  • Browser
  • Operating system
  • Screen resolution
  • Browser plug-ins
  • Time of visit
  • Duration of visit
  • Entry pages
  • Exit pages
  • Downloads
  • Referring websites

Data is processed on the basis of Article 6 (1 e) of the GDPR for the purpose of pursuing the controller’s legitimate interests, in this case to improve the website. You may at any time lodge an objection to the storage of your anonymously collected visitor data, so that these will no longer be collected in future. Please click on the link at the bottom of this page to be excluded from counting.

Notes regarding objection

For this purpose, a cookie is stored on the device, preventing user data from being collected when the user visits this website. In order for the objection to take effect, the cookie must be stored on every device used. As the cookie is stored in specific browsers (internet programs), the cookie must be stored in every browser if several browsers are used on one device (e.g. Internet Explorer, Chrome, Mozilla Firefox). Please also note that, if you delete all cookies, the objection cookie will also be deleted and will need to be stored again.

Contact forms

For contact and order forms, your name, email address, and phone number are processed. Under your consent, based on article 6 (1 a) of the GDPR, this data is necessary the purpose of receiving your enquiry entered in the contact form. Your data is never shared with third parties. Your data is transmitted to GIZ using SSL encryption, which makes it very difficult for unauthorised parties to access your data. As with enquiries sent to GIZ via email, enquiries sent via a contact form are deleted after 2 years or once they have been dealt with.

By activating the checkbox and submitting the data, the user agrees to the transmission and storage of his or her personal data.

Social media

Please note that displaying social media content may involve tracking and profiling activities by Instagram and/or Twitter. Please give your consent by checking ‘I agree’. Then, as long as the checkbox is activated, social media content will be displayed. You can revoke your consent at any time by simply removing the check.

Please note that GIZ has no control over the terms of use of the specified services and their providers.

  • You can view the privacy policy for the social network YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, here.
  • You can view the privacy policy for the social network Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, here.
  • You can view the privacy policy for the social network Instagram, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, here.
  • You can view the privacy policy for the social network Twitter, which is operated by Twitter International Company, One Cumberland Place Fenian Street, Dublin 2, Ireland, here.

For our part, we shall also always take due care when handling your data, but cannot accept any liability for the behaviour of the providers or third parties.

We also wish to expressly point out that providers of the social networks we use store data outside Germany permanently and use it for commercial purposes. We have no means of knowing the extent and duration for which the data is stored.

Please consider carefully which personal data you reveal as a social media user. Please check your social network privacy settings regularly.

Disclosure to third parties

GIZ does not pass on personal data to third parties unless it is legally obliged or entitled to do so by law.

Transfer of data to countries outside Germany

GIZ does not transfer personal data to third countries. When using social media, the privacy policies of the respective providers apply.

Duration of data retention

User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law.

IT security of user data

GIZ accords great importance to protecting personal data. For this reason, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation and unintended erasure as well as unauthorised access. These measures are updated accordingly based on technical developments and adapted continuously in line with the risks.

Reference to user rights

Visitors to the GIZ website have the right

  • To obtain information about their data stored by us (Article 15 GDPR)
  • To have their data stored by us rectified (Article 16 GDPR)
  • To have their data stored by us erased (Article 17 GDPR)
  • To obtain restriction of processing of their data stored by us (Article 18 GDPR)
  • To object to the storage of their data if personal data are processed on the basis of the first sentence of Article 6 (1) 1 f and e GDPR (Article 21 GDPR)
  • To receive their personal data in a commonly used and machine-readable format from the controller such that they can be potentially transmitted to another controller (right to data portability, Article 20 GDPR)
  • To withdraw their consent to the extent that the data has been processed on the basis of consent (Article 6 (1) a GDPR). The lawfulness of the processing on the basis of the consent given remains unaffected until receipt of the withdrawal.

Users also have the right in accordance with Article 77 GDPR to lodge a complaint with the competent data protection supervisory authority. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).