CompanyData Protection

Data Privacy Policy

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH attaches great importance to responsible and transparent management of personal data.

Below we provide users with information as to

  • who they can contact at GIZ on the subject of data protection
  • what data is processed when they visit the website
  • what data is processed when users contact us, subscribe to newsletters
  • how they can opt out of the storage of data
  • what rights they have with respect to us

1 Data controller and data protection officer

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is responsible for processing your personal data collected through the use of the atingi website atingi.org and the atingi platform online.atingi.org.

The atingi website collects, stores and uses your data to offer its services. Any data that can be directly or indirectly linked to your person is treated as personal data. This data privacy policy outlines how the atingi website uses your personal data.

This privacy policy is specifically for the website atingi.org. For the privacy policy of the atingi platform, please refer to this document: Policies and agreements atingi platform (online.atingi.org)

In the following atingi refers to the atingi website atingi.org.

Address:
Friedrich-Ebert-Allee 32 + 36, 53113 Bonn, Germany
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn, Germany

Contact:
help@atingi.org

Please contact GIZ’s data protection officer if you have questions specifically about how your data are protected: datenschutzbeauftragter@giz.de

2 Information on the collection of personal data

2.1 General

atingi processes personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Personal data are, for example, name, address, email addresses and user behaviour.

atingi only processes personal data to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which the data is required.

2.2 Collection of personal data when visiting our website

While using atingi, we also collect additional data that we analyse anonymously. Anonymous data cannot be tracked down to individual users. We analyse anonymous data to improve the usability of our service, e.g., by analysing the device data or the operating system.

atingi itself processes only the data that is technically required in order to display the website correctly and to ensure its stability and security. Each time the website is accessed, the data stored includes, but is not limited to, the page that is viewed, the IP address of the accessing device, the page from which the user was redirected, as well as the date and time of access. A detailed list of the data stored is shown below.

Log file fields

Field Displayed as Description
Visitor IP address visitIp The IP address of the server on which the log file entry was generated.
Time Spent timeSpentPretty Time the client spent on the site
Date serverDate The date on which the activity occurred.
Last ACtion Date and Time lastActionDateTime The date on which the client performed the last action in seconds
Referrer Type Name referrerTypeName The site type that the user last visited. This site provided a link to the current site.
Referrer Name referrerName The site that the user last visited. This site provided a link to the current site.
Referrer URL referrerUrl The url that the user last visited. This site provided a link to the current site.
Language language Language with which the site was accessed.
Device Type deviceType Device type with which the site was accessed.
Device Brand deviceBrand Device brand which the site was accessed.
Device Model deviceModel Device model with which the site was accessed.
Device Resolution resolution Resolution of the user device with which the site was accessed.
Operating System operatingSystem Device operating system with which the site was accessed.
Operating System Version operatingSystemVersion Device operating system version with which the site was accessed.
Browser browser Device browser with which the site was accessed.
Browser Name browserName Browser name with which the site was accessed.
Browser Version browserVersion Browser version with which the site was accessed.
Continent continent Continent from where the user visited the site.
Country country Country from where the user visited the site.
Region region Region from where the user visited the site.
City city City from where the user visited the site.
Location location Location from where the user visited the site.
Latitude latitude Longitude from where the user visited the site.
Longitude longitude Latitude from where the user visited the site.
Visit Local Time visitLocalTime Local time when the site was visited.
Day Since Last Visit daysSinceLastVisit Number of days since the user visited the site.

The data in the log file is deleted after five days.

Further information on data storage and transfer

GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.

Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.

2.3 Cookies

Cookies are small text files. Cookies are stored on the device of a user when a certain web page is visited. Cookies allow the unique identification of a browser upon repeated visits to a web page.

The atingi website uses cookies that are automatically deleted as soon as the browser on which the page is displayed is closed (referred to as temporary cookies or session cookies). This type of cookie makes it possible to assign various requests from a browser to a session and to recognise the browser when the website is visited again (session ID).

Additionally, we use cookies for the log-in to the atingi platform. Certain elements of our atingi website require the unique identification of a browser across various web pages. If cookies are disabled, the log-in to platform might not work. Other functions of the platform might also not work to the full extent. Additionally, we use cookies to optimise the usability of the platform.

2.4 Matomo web analysis service

2.4.1 Scope of processing of personal data

Our website and platform use Matamo, an open-source software for the statistical analysis of visitor access. Matomo uses cookies that are stored on your computer and which enable an anonymous analysis of your use of the website. This information cannot be used to identify a specific person, as your IP address is anonymised immediately after processing and storage.

2.4.2 Legal basis for processing personal data

The legal basis for the processing of personal data using cookies is Art. 6(1) lit. f GDPR.

2.4.3 Purpose of data processing

Matomo is used for the purpose of improving the quality of our website and its contents. It tells us how the website is used so that we can constantly optimise our offer.

2.4.4 Duration of storage, right of objection and removal

The cookies used by Matomo are stored on the user’s computer, from which they are transmitted to our website. This means that you, the user, have full control over the use of cookies. Cookies that have already been stored can be erased at any time. This can also take place automatically.

You can object to the storage and analysis of this data by Matomo at any time.

With Matomo we are tracking the following data for each session:

  • The anonymous IP-address (three octets of the user’s ip address e.g. 192.168.0)
  • Date and time of the session
  • Viewed page(s) or file names
  • Screen resolution being used
  • Time in local user’s timezone
  • Files that were clicked and downloaded
  • Links to an outside domain that were clicked
  • Pages generation time
  • Location of the user: country, region, city, approximate latitude and longitude
  • Main Language of the browser being used
  • User Agent of the browser being used, which allows conclusions for used browser, operating system, device, brand and model

2.5 Complianz Consent Management Platform

This website uses the cookie consent technology of “Complianz” to obtain your consent to the storage of certain cookies on your device and to document this in accordance with data protection law. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723JG Groningen, Netherlands, Website: https://complianz.io (hereinafter "Complianz").

When you enter our website, the following personal data is transferred to Complianz:

  • Your consent(s) or revocation of your consent(s).
  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of your visit to the website

Furthermore, Complianz stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Complianz cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Complianz is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO in connection with §25 Abs. 2 Nr. 2 TTDSG.

2.6 Social media plugins - YouTube with enhanced privacy

The atingi website integrates YouTube videos. YouTube operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about the users of this website before they view the video. However, the forwarding of data to YouTube partners is not necessarily prevented by the enhanced privacy mode. YouTube therefore establishes a connection to the Google DoubleClick network irrespective of whether you view a video. Therefore, we made sure that embedded YouTube video are by default additionally deactivated and no connecting to Google Servers will be made when you visit one of our sites where a video is embedded.

That means a connection to YouTube’s servers is only established when you start a YouTube video on this website. This informs the YouTube server about which of our webpages you have visited. If you are logged in to your YouTube account, you allow YouTube to assign your search behaviour directly to your personal profile.

You can prevent this by logging out of your YouTube account. In addition, YouTube can store various cookies on your terminal after starting a video. These cookies allow YouTube to obtain information about visitors to this website. This information is used to prepare video statistics, improve user-friendliness and prevent fraud attempts, among other things. The cookies are stored on your terminal until they are deleted by you.

In some cases, starting a YouTube video may trigger other data processing operations over which we have no influence. YouTube is used in the interest of ensuring an appealing presentation of our online offers.

The transfer of data is only carried out, after you have given us your consent to the transfer in accordance with Art. 6 (1) a GDPR. By clicking on the video and therefore activating the video, you give your consent to the data transfer. Before that no data is being transferred to YouTube. The consent can be revoked at any time. You can find more information on privacy at YouTube in its privacy policy at: https://policies.google.com/privacy?hl=de.

 

3 Processing of personal data when contacting us

When users contact us, the data provided is processed in order to be able to respond to the enquiry. The following contact options are available:

3.1 Partner Updates (Newsletter)

Personal data is used for the purpose of processing the subscription to the atingi partner updates (newsletter).

The personal data collected as part of the newsletter mailing list are used for processing purposes only. Your data is not forwarded to third parties. Your data is not processed or used for the purposes of consultation, advertising and market research. If you unsubscribe from the newsletter, all personal data is erased from our database. The partner updates (newsletter) is created by the atingi project which is part of GIZ’s Global Programme Digital Transformation.

After entering the email address, users receive an email containing a link for confirming the authenticity of the address and the subscription (‘double opt-in’). If users do not confirm the registration by clicking on the link contained in the email, the data is deleted.

The legal basis for the processing of data in connection with the dispatch of newsletters is their consent in accordance with Article 6 (1) a GDPR.

The newsletter subscription can be cancelled at any time. If the subscription is cancelled, all personal data is deleted from our database.

 

4 Processing of personal data in connection with social network use

On its website, atingi invites users to visit its company presence on social networking sites and platforms including, but not limited to, Twitter, LinkedIn, YouTube and Facebook.

These online presences are operated in order to interact with the users that are active on these sites and platforms and to inform them about projects and services. By clicking on a social network’s logo, the user is redirected to the atingi presence on the respective network.

When users visit the platforms, personal data is collected, used and stored by the operators of the respective social network, but not by atingi. This is also the case even if the users themselves do not have an account with the respective social network.

The individual data processing operations and their scope differ depending on the operator of the respective social network. atingi has no influence on the collection of data or its further use by the social network operators. We are not fully aware of the extent to which, where and for how long the data is stored; to what extent the networks comply with existing obligations regarding erasure; what analyses are conducted and links established with the data; and to whom the data is disclosed.

Access to atingi social media sites is subject to the terms of use and privacy policies of the respective operators.

atingi on social media

 

Note on Facebook fan page

 

When you visit atingi’s Facebook pages, Facebook records your IP address and other information in the form of cookies. This information is used to provide atingi, as the operator of the Facebook page, with statistical information on how the Facebook page is used. atingi can access this statistical data via what are referred to as ‘Insights’ on the Facebook page.

 

These statistics are solely generated and provided by Facebook. As the site’s controller, atingi has no influence on the generation and presentation of this data. The data is provided automatically and the service cannot be deactivated.

 

By operating the Facebook page, atingi offers a modern communication and information option. The processing of personal data in connection with the operation of the Facebook page is based on Article 6 (1) e GDPR.

As the operator of the fan page, atingi is jointly responsible with Facebook for the processing. However, primary responsibility for processing Insights data lies with Facebook. Facebook therefore fulfils all obligations under the GDPR with regard to the processing of Insights data (including but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). The rights of the data subject can be asserted either with atingi or Facebook. Should you contact atingi, atingi is obliged to forward all relevant information to Facebook.

 

The complete Page Insights Addendum regarding responsibilities and the data processed can be found here https://www.facebook.com/legal/terms/page_controller_addendum

5 Disclosure to third parties

atingi does not pass on personal data to third parties unless it is legally obliged or entitled to do so by law.

6 Transfer of data to countries outside Germany

atingi does not transfer personal data to third countries unless otherwise stated in this policy in order to provide the services offered. When using social media, the privacy policies of the respective providers apply.

 

7 Duration of data retention

User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law.

 

8 IT security of user data

atingi accords great importance to protecting personal data. For this reason, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation and unintended erasure as well as unauthorised access. These measures are updated accordingly based on technical developments and adapted continuously in line with the risks.

 

9 Reference to user rights

Visitors to the atingi.org website have the right

  • To obtain information about their data stored by us (Article 15 GDPR)
  • To have their data stored by us rectified (Article 16 GDPR)
  • To have their data stored by us erased (Article 17 GDPR)
  • To obtain restriction of processing of their data stored by us (Article 18 GDPR)
  • To object to the storage of their data if personal data are processed on the basis of the first sentence of Article 6 (1) 1 f and e GDPR (Article 21 GDPR)
  • To receive their personal data in a commonly used and machine-readable format from the controller such that they can be potentially transmitted to another controller (right to data portability, Article 20 GDPR)
  • To withdraw their consent to the extent that the data has been processed on the basis of consent (Article 6 (1) a GDPR). The lawfulness of the processing on the basis of the consent given remains unaffected until receipt of the withdrawal.

 

Users also have the right in accordance with Article 77 GDPR to lodge a complaint with the competent data protection supervisory authority. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Last updated: April 2023