The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH attaches great importance to responsible and transparent management of personal data.
Below we provide users with information as to
- who they can contact at GIZ on the subject of data protection
- what data is processed when they visit the website
- what data is processed when users contact us, subscribe to newsletters
- how they can opt out of the storage of data
- what rights they have with respect to us
1 Data controller and data protection officer
The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is responsible for processing your personal data collected through the use of the atingi website atingi.org and the atingi platform online.atingi.org.
In the following atingi refers to the atingi website atingi.org.
Friedrich-Ebert-Allee 32 + 36, 53113 Bonn, Germany
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn, Germany
Please contact GIZ’s data protection officer if you have questions specifically about how your data are protected: firstname.lastname@example.org
2 Information on the collection of personal data
atingi processes personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
Personal data are, for example, name, address, email addresses and user behaviour.
atingi only processes personal data to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which the data is required.
2.2 Collection of personal data when visiting our website
While using atingi, we also collect additional data that we analyse anonymously. Anonymous data cannot be tracked down to individual users. We analyse anonymous data to improve the usability of our service, e.g., by analysing the device data or the operating system.
atingi itself processes only the data that is technically required in order to display the website correctly and to ensure its stability and security. Each time the website is accessed, the data stored includes, but is not limited to, the page that is viewed, the IP address of the accessing device, the page from which the user was redirected, as well as the date and time of access. A detailed list of the data stored is shown below.
Log file fields
|Visitor IP address
|The IP address of the server on which the log file entry was generated.
|Time the client spent on the site
|The date on which the activity occurred.
|Last ACtion Date and Time
|The date on which the client performed the last action in seconds
|Referrer Type Name
|The site type that the user last visited. This site provided a link to the current site.
|The site that the user last visited. This site provided a link to the current site.
|The url that the user last visited. This site provided a link to the current site.
|Language with which the site was accessed.
|Device type with which the site was accessed.
|Device brand which the site was accessed.
|Device model with which the site was accessed.
|Resolution of the user device with which the site was accessed.
|Device operating system with which the site was accessed.
|Operating System Version
|Device operating system version with which the site was accessed.
|Device browser with which the site was accessed.
|Browser name with which the site was accessed.
|Browser version with which the site was accessed.
|Continent from where the user visited the site.
|Country from where the user visited the site.
|Region from where the user visited the site.
|City from where the user visited the site.
|Location from where the user visited the site.
|Longitude from where the user visited the site.
|Latitude from where the user visited the site.
|Visit Local Time
|Local time when the site was visited.
|Day Since Last Visit
|Number of days since the user visited the site.
The data in the log file is deleted after five days.
Further information on data storage and transfer
GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.
Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.
Cookies are small text files. Cookies are stored on the device of a user when a certain web page is visited. Cookies allow the unique identification of a browser upon repeated visits to a web page.
2.4 Matomo web analysis service
2.4.1 Scope of processing of personal data
2.4.2 Legal basis for processing personal data
The legal basis for the processing of personal data using cookies is Art. 6(1) lit. f GDPR.
2.4.3 Purpose of data processing
Matomo is used for the purpose of improving the quality of our website and its contents. It tells us how the website is used so that we can constantly optimise our offer.
2.4.4 Duration of storage, right of objection and removal
You can object to the storage and analysis of this data by Matomo at any time.
With Matomo we are tracking the following data for each session:
- The anonymous IP-address (three octets of the user’s ip address e.g. 192.168.0)
- Date and time of the session
- Viewed page(s) or file names
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded
- Links to an outside domain that were clicked
- Pages generation time
- Location of the user: country, region, city, approximate latitude and longitude
- Main Language of the browser being used
- User Agent of the browser being used, which allows conclusions for used browser, operating system, device, brand and model
2.5 Complianz Consent Management Platform
This website uses the cookie consent technology of “Complianz” to obtain your consent to the storage of certain cookies on your device and to document this in accordance with data protection law. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723JG Groningen, Netherlands, Website: https://complianz.io (hereinafter "Complianz").
When you enter our website, the following personal data is transferred to Complianz:
- Your consent(s) or revocation of your consent(s).
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Furthermore, Complianz stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Complianz cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
2.6 Social media plugins - YouTube with enhanced privacy
The atingi website integrates YouTube videos. YouTube operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about the users of this website before they view the video. However, the forwarding of data to YouTube partners is not necessarily prevented by the enhanced privacy mode. YouTube therefore establishes a connection to the Google DoubleClick network irrespective of whether you view a video. Therefore, we made sure that embedded YouTube video are by default additionally deactivated and no connecting to Google Servers will be made when you visit one of our sites where a video is embedded.
That means a connection to YouTube’s servers is only established when you start a YouTube video on this website. This informs the YouTube server about which of our webpages you have visited. If you are logged in to your YouTube account, you allow YouTube to assign your search behaviour directly to your personal profile.
You can prevent this by logging out of your YouTube account. In addition, YouTube can store various cookies on your terminal after starting a video. These cookies allow YouTube to obtain information about visitors to this website. This information is used to prepare video statistics, improve user-friendliness and prevent fraud attempts, among other things. The cookies are stored on your terminal until they are deleted by you.
In some cases, starting a YouTube video may trigger other data processing operations over which we have no influence. YouTube is used in the interest of ensuring an appealing presentation of our online offers.
3 Processing of personal data when contacting us
When users contact us, the data provided is processed in order to be able to respond to the enquiry. The following contact options are available:
3.1 Partner Updates (Newsletter)
Personal data is used for the purpose of processing the subscription to the atingi partner updates (newsletter).
The personal data collected as part of the newsletter mailing list are used for processing purposes only. Your data is not forwarded to third parties. Your data is not processed or used for the purposes of consultation, advertising and market research. If you unsubscribe from the newsletter, all personal data is erased from our database. The partner updates (newsletter) is created by the atingi project which is part of GIZ’s Global Programme Digital Transformation.
After entering the email address, users receive an email containing a link for confirming the authenticity of the address and the subscription (‘double opt-in’). If users do not confirm the registration by clicking on the link contained in the email, the data is deleted.
The legal basis for the processing of data in connection with the dispatch of newsletters is their consent in accordance with Article 6 (1) a GDPR.
The newsletter subscription can be cancelled at any time. If the subscription is cancelled, all personal data is deleted from our database.
4 Processing of personal data in connection with social network use
These online presences are operated in order to interact with the users that are active on these sites and platforms and to inform them about projects and services. By clicking on a social network’s logo, the user is redirected to the atingi presence on the respective network.
When users visit the platforms, personal data is collected, used and stored by the operators of the respective social network, but not by atingi. This is also the case even if the users themselves do not have an account with the respective social network.
The individual data processing operations and their scope differ depending on the operator of the respective social network. atingi has no influence on the collection of data or its further use by the social network operators. We are not fully aware of the extent to which, where and for how long the data is stored; to what extent the networks comply with existing obligations regarding erasure; what analyses are conducted and links established with the data; and to whom the data is disclosed.
atingi on social media
Note on Facebook fan page
When you visit atingi’s Facebook pages, Facebook records your IP address and other information in the form of cookies. This information is used to provide atingi, as the operator of the Facebook page, with statistical information on how the Facebook page is used. atingi can access this statistical data via what are referred to as ‘Insights’ on the Facebook page.
These statistics are solely generated and provided by Facebook. As the site’s controller, atingi has no influence on the generation and presentation of this data. The data is provided automatically and the service cannot be deactivated.
By operating the Facebook page, atingi offers a modern communication and information option. The processing of personal data in connection with the operation of the Facebook page is based on Article 6 (1) e GDPR.
As the operator of the fan page, atingi is jointly responsible with Facebook for the processing. However, primary responsibility for processing Insights data lies with Facebook. Facebook therefore fulfils all obligations under the GDPR with regard to the processing of Insights data (including but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). The rights of the data subject can be asserted either with atingi or Facebook. Should you contact atingi, atingi is obliged to forward all relevant information to Facebook.
The complete Page Insights Addendum regarding responsibilities and the data processed can be found here https://www.facebook.com/legal/terms/page_controller_addendum
5 Disclosure to third parties
atingi does not pass on personal data to third parties unless it is legally obliged or entitled to do so by law.
6 Transfer of data to countries outside Germany
atingi does not transfer personal data to third countries unless otherwise stated in this policy in order to provide the services offered. When using social media, the privacy policies of the respective providers apply.
7 Duration of data retention
User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law.
8 IT security of user data
atingi accords great importance to protecting personal data. For this reason, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation and unintended erasure as well as unauthorised access. These measures are updated accordingly based on technical developments and adapted continuously in line with the risks.
9 Reference to user rights
Visitors to the atingi.org website have the right
- To obtain information about their data stored by us (Article 15 GDPR)
- To have their data stored by us rectified (Article 16 GDPR)
- To have their data stored by us erased (Article 17 GDPR)
- To obtain restriction of processing of their data stored by us (Article 18 GDPR)
- To object to the storage of their data if personal data are processed on the basis of the first sentence of Article 6 (1) 1 f and e GDPR (Article 21 GDPR)
- To receive their personal data in a commonly used and machine-readable format from the controller such that they can be potentially transmitted to another controller (right to data portability, Article 20 GDPR)
- To withdraw their consent to the extent that the data has been processed on the basis of consent (Article 6 (1) a GDPR). The lawfulness of the processing on the basis of the consent given remains unaffected until receipt of the withdrawal.
Users also have the right in accordance with Article 77 GDPR to lodge a complaint with the competent data protection supervisory authority. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
Last updated: April 2023