Data Protection
1. Responsibilities and Data Protection Officer
Data processing is the responsibility of the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH
Postal adress:
Friedrich-Ebert-Allee 32 + 36, 53113 Bonn
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn
Contact:
Contact details of the data protection officer:
datenschutzbeauftragter@giz.de
2. Information on the collection of personal Data
2.1. General
The processing of personal data by WIGH is in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Personal data is only processed by us to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which it is required.
Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses and user behavior.
In the following we inform you about the collection of personal data when using our website.
2.2. Collection of personal data when visiting our website
When you use our website for informational purposes only, i.e. when you do not send us any other information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the data that is technically necessary for us to display our website and to ensure its stability and security.
In detail, the following data is temporarily stored in a log file for each access/retrieval:
Technical details of the browser used
Anonymous IP address
Date and time
Page opened/name of the file downloaded
Quantity of data transferred
Notification of whether viewing or download was successful
WIGH is additionally obliged on the basis of Art. 6 para. 1 lit. e GDPR in conjunction with § 5 BSI-Law to store data to protect against attacks on the internet infrastructure of WIGH and the communication technology of the Federal Government beyond the time of your visit. This data is analysed and, in the event of attacks on communications technology, is required to initiate legal and criminal prosecution. The data will be deleted as soon as they are no longer required for the fulfilment of the task.
Data that is logged when you access the WIGH website is only transferred to third parties if we are legally obliged to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on the communication technology of the German Federal Government. We do not pass on information in other cases. A consolidation of this data with other data sources does not take place either.
2.3. Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored by the Internet browser on the user’s terminal device.
Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective. Without cookies, for example if they have been deactivated in the browser, it is not possible to use our website in its entirety.
Temporary cookies (matomo): These so-called session cookies are used for user analysis (see point 2.4). They do not contain any personal data and expire after the end of the session or after the end of a user survey, which is usually conducted every two years.
2.4. matomo analysis service (user analysis)
On its website, WIGH uses the web analysis service “matomo” (matomo.org) to analyse usage data.
matomo uses cookies to enable a statistical analysis of the use of WIGH’s website by its visitors. matomo cookies do not contain any information that would enable a user to be identified. Each time a user accesses the WIGH website and each time a file is downloaded, data on this process is temporarily stored for up to one month and processed in a log file. Prior to storage, each data record is made anonymous by changing the IP address.
On the basis of Art. 6 para. 1 lit. e GDPR in accordance with § 3 BDSG, WIGH evaluates usage information for statistical purposes as part of its public relations work and for the demand-oriented provision of information on the tasks to be performed by WIGH if users have consented prior.
The data generated with matomo is processed and stored by ourselves directly on the webhost of this website exclusively in Germany.
Therefore no data is exchanged with matomo.org or any other third party websites or services.
Further information on data protection at matomo can be found here: https://matomo.org/privacy-policy/.
Notes on opposition
If you do not agree to a completely anonymous storage and evaluation of this data from your visit, you can object to the storage and use of this data at any time by clicking on the mouse.
For this purpose, a so-called opt-out cookie is stored on the end device, which prevents the collection of user data when visiting this website. In order for the opt-out to be effective, the cookie must be stored on every terminal device used. Since the cookie is stored in the respective browser (Internet program), the cookie must be stored in each browser if several browsers are used on one end device (e.g. Internet Explorer, Chrome, Mozilla Firefox).
It should also be noted that if all cookies are deleted, the objection cookie is also deleted and must then be stored again.
3. Processing of personal data in the context of contacting us
It is possible to contact us via the e-mail addresses we provide. In this case, the user’s personal data transmitted with the e-mail (e.g.: name, first name, address), at least however the e-mail address, as well as the information contained in the e-mail (any personal data you may have transmitted) will be stored exclusively for the purpose of contacting and processing your request.
The legal basis for the processing of the data processed in the course of sending an e-mail is Art. 6 para. 1 lit. b GDPR.
4. Processing of personal data in the context of the provision of information
The processing of personal data depends on the way information is provided. You have the possibility to subscribe to our newsletter or to register for the database.
4.1. Newsletter
You can subscribe to a free newsletter on our website. When you sign up for the newsletter, your email address is collected and stored and forwarded to the project staff to manage email marketing subscriber lists and send emails to our subscribers.
In addition, the following information is collected during registration:
- Date and time of registration and last mailing
For the processing of the data, your consent will be obtained during the registration process and reference will be made to this data protection declaration.
After entering your e-mail address you will receive an e-mail with a confirmation link to confirm the authenticity of the address and your order (“double-opt-in”).
If you do not confirm the registration by using the link in this e-mail within two days, the data will be deleted immediately.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The order for the newsletter can be revoked at any time with the instructions given at the end of each newsletter. If the subscription is cancelled, all personal data will be deleted from our database.
4.2. Data base registration
You can register on our website to create your own profile for our expert data base. When you enter your email address and choose a password, your data are stored for the purpose of allocating the data and enabling the login.
For the processing of the data, your consent will be obtained during the registration process and reference will be made to this data protection declaration.
After entering your e-mail address you will receive an e-mail with a confirmation link to confirm the authenticity of the address and your order (“double-opt-in”).
If you do not confirm the registration by using the link in this e-mail within two days, the data will be deleted immediately.
The legal basis for the processing of the data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The data base registration can be revoked at any time. For that purpose you need to write us an e-mail from the e-mail address you used upon registration. We will then delete your account and all personal data will be deleted from our database.
4.3. Profile creation
When using the form for creating a profile for the expert data base, submitted data like surname, first name, e-mail address, company, position, a short quote, a short career overview, focus topics, industry, city, country, languages, social media, website/blog and different samples of work are processed.
For the processing of the data, your consent will be obtained during the registration process and reference will be made to this data protection declaration. By activating the checkbox and submitting your profile you agree to the transmission, storage and publication of your personal data within this website.
The legal basis for the processing of the data after registration for the data base by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The profile creation can be revoked at any time. If the subscription is cancelled, all personal data will be deleted from our database.
5. Processing of personal data in the context of using social networks
On our website, we offer you the opportunity to visit our presence in social networks and platforms such as LinkedIn.
We use this online presence in order to communicate with the users active there and to inform them about our projects and related services. If you click on the respective logo, a link will take you to the LinkedIn page.
When you visit our platform, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on LinkedIn.
The individual data processing procedures and their scope differ depending on the operator of the respective social network and these are not necessarily comprehensible to us. WIGH has no influence on the collection of data and its further use by the social networks. To what extent, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on, is not comprehensively apparent to us.
When calling up one of our appearances in social media, the terms of use and the data protection declarations of the respective operators apply.
The privacy policy for the social network LinkedIn, operated by LikedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, can be found at https://www.linkedin.com/legal/privacy-poicy?trk=homepage-basic_footer-privacy-policy
6. Transfer of your data to third parties
WIGH will not pass on your personal data to third parties unless we are legally obliged to do so by law.
7. Data transmissions abroad
WIGH does not transfer personal data to third countries. If you use third-party social media, the data protection regulations of the respective providers apply.
8. Duration of data storage
Your data will not be stored for longer than is necessary for the purpose for which it is processed or as required by law.
9. IT security of your data
The protection of your personal data is an important concern for us. Therefore, technical and organizational security measures ensure that your data is protected against accidental and intentional manipulation, deletion and unauthorized access. These measures are updated in line with technical developments and constantly adjusted to the risks.
10. Reference to users’ rights
You have the right,
- to receive information about your data stored by us (Art. 15 GDPR)
- to request correction of your data stored with us (Art. 16 GDPR),
- to request deletion of your data stored with us (Art. 17 GDPR).
- to request restriction of the processing of your data stored with us (Art. 18 GDPR),
- to object to the storage of your data if your personal data are processed on the basis of Art. 6 para. 1 sentence 1 lit. f and e GDPR (Art. 21 GDPR)
- to receive the data concerning you in a common, machine-readable format from the person in charge, in order to have them forwarded to another person in charge, if necessary (Right to data transferability, Art. 20 GDPR).
You also have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Art. 19 GDPR. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
If you have any questions or complaints about this website, you can contact the Data Protection Commissioner at the contact address given above.
Status: 28.09.2020