The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH attaches great importance to responsible and transparent management of personal data.

Below we provide users with information as to

• who they can contact at GIZ on the subject of data protection.
• what data is processed when they visit the website.
• what data is processed when users contact us or use other GIZ online services.
• how they can opt out of the storage of data.
• what rights they have with respect to us.

Data Controller and Data Protection Officer

Data processing is the responsibility of
Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH
Friedrich-Ebert-Allee 32+36, 53113 Bonn, Germany
Dag-Hammarskjöld-Weg 1-5, 65760 Eschborn, Germany
eMail: info@giz.de

Office Sustainability Code:
Rat für Nachhaltige Entwicklung (RNE)
Geschäftsstelle c/o GIZ GmbH, Potsdamer Platz 10, 10785 Berlin
eMail: team@deutscher-nachhaltigkeitskodex.de

Please contact GIZ’s data protection officer if you have questions specifically about how your data are protected: datenschutzbeauftragter@giz.de

Information on the Collection of Personal Data

GIZ processes personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Personal data are, for example, name, address, email addresses and user behaviour.
GIZ only processes personal data to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which the data is required.

Collection of personal Data collection when visiting our website
To maintain secure server operation, information is automatically collected and stored in so-called log files. When visiting the DNK website, no personal data is collected via log files.

Further Information on Data Storage and Transfer

GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.

Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.

Onlineservices and Cookies

Cookies
When you visit the DNK website, small text files known as ‘cookies’ are stored on your computer. They are used to make the online presence more user-friendly and effective overall. Cookies cannot run programs or infect your computer with viruses.

The DNK website uses cookies that are automatically deleted as soon as the browser on which the page is displayed is closed (referred to as temporary cookies or session cookies) This type of cookie makes it possible to assign various requests from a browser to a session and to recognise the browser when the website is visited again (session ID).

Consent-Management-Tool: consentmanager
This website uses the consent management tool "consentmanager" by consentmanager AB, Håltgelvågen 1b, 72348 Västerås, Sweden.

This website uses "consentmanager" to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of the website. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of the website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made:
Consent to Cookies & Data

By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed by consentmanager. In addition, the processed information may also be stored on your device.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence).

Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active. After two years after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.

You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to info@consentmanager.net.

Website Analysedienst: PiwikPro Analytics
This website uses the Piwik PRO Analytics web analytics service provided by Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Cologne, Germany.

Piwik PRO Analytics uses "cookies". These are text files that are stored on your
computer and enable an analysis of your use of the website. For this purpose, the information generated by the cookies, such as time, place and frequency of your visit to our website, as well as your IP address about the use of this website are stored on the server of Piwik PRO Analytics. The information generated by the cookies about the use of this website will not be disclosed to third parties.

The processing of the data is based on Art. 6 para. 1 lit. e) DSGVO with the legitimate interest of usage analysis to improve the web offer. If a corresponding consent was requested, the processing of the data is based on Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

IP anonymization: We use IP anonymization for the analysis with Piwik PRO Analytics. In this case, your IP address is shortened before the analysis, so that it is no longer clearly attributable to you.

Cookies are only set on our website on the basis of your consent. In addition, you can permanently prevent the storage of cookies by configuring your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Online Map Service: Google Maps
This website uses "Google Maps", an online mapping service provided by Google LLC ("Google"). Website: https://cloud.google.com/maps-platform

If you agree to the use of Google Maps (purpose: External Content), you thereby give your consent to your personal data being transmitted to the USA when it is used. The USA is an insecure third country where there is no level of data protection comparable to EU standards. In the case of certain providers, such as Google, no other guarantees are offered to compensate for this deficit. There is therefore a risk that government agencies may access your personal data as a result of the transfer, without you having any effective legal protection options in this regard. In order to use Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to the browser, which then integrates it into the website. The data storage happens on the web servers of Google Maps. We can only inform you about this, but have no influence.

We have no knowledge of the extent of the data collected by Google in this way. The processed data may include in particular the IP addresses and other metadata, including on the browser, the terminal device and also the date and time of the visit to our website, as well as the input data in the search query for the map. Location data, however, cannot be collected without consent (usually through the settings on the end device).

The purpose and scope of the data collection, the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy can be found in Google's privacy policy:  https://policies.google.com/privacy?hl=en

Processing of Personal Data when Contacting Us

Contact by email
It is possible to contact GIZ or the Office Sustainability Code via the email addresses provided. In this case, at least the email address but also any other personal user data transmitted with the email (e.g. family and given name, address) as well as the information contained in the email are stored solely for the purpose of contacting the user and processing the request.

The legal basis for the processing of data in connection with email communication is Article 6 (1) e GDPR.

Contact by phone
When contacting us by phone, personal data will be processed to the extent necessary in order to handle the enquiry.

The legal basis for the processing of data in connection with communication by phone is Article 6 (1) e GDPR.

Contact by letter
When contacting us by letter, the personal data transmitted (e.g. family and given name, address) and the information contained in the letter is stored for the purpose of establishing contact and processing the enquiry.

The legal basis for the processing of data in connection with communication by letter is Article 6 (1) e GDPR.

Provision of Information

On the DNK website it is possible to subscribe to a newsletter and to order DNK materials. Personal data is processed depending on the way in which information is provided.

Subscription to newsletter
Personal data is used for the purpose of processing the subscription to each respective newsletter. The data is processed and used exclusively for sending the newsletter. 

After entering the email address, users receive an email containing a link for confirming the authenticity of the address and the subscription (‘double opt-in’). If users do not confirm the registration by clicking on the link contained in the email, the data is deleted immediately.

The legal basis for the processing of data in connection with the dispatch of newsletters is their consent in accordance with Article 6 (1) a GDPR.

The newsletter subscription can be cancelled at any time, for example via the "unsubscribe" link in each newsletter. If the subscription is cancelled, all personal data is deleted from our database.

DNK Materials Order
For the purpose of processing the DNK material order via online form, personal data (first name, last name, organization, street, zip code, city, country, email address) are collected.

The legal basis for the processing of the data processed in the course of ordering the DNK materials is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO.

The personal data collected in the course of the ordering process will be used for the purpose of processing the material shipment. After processing of the material shipment, all personal data will be deleted.

Processing of Personal Data in Connection with Social Network Use

On its DNK website, GIZ invites users to visit its company presence on social networking sites and platforms including, but not limited to, X (former Twitter), LinkedIn, YouTube and Facebook.

These online presences are operated in order to interact with the users that are active on these sites and platforms and to inform them about projects and services. By clicking on a social network’s logo, the user is redirected to the DNK presence on the respective network.

When users visit the platforms, personal data is collected, used and stored by the operators of the respective social network, but not by GIZ. This is also the case even if the users themselves do not have an account with the respective social network.

The individual data processing operations and their scope differ depending on the operator of the respective social network. GIZ has no influence on the collection of data or its further use by the social network operators. We are not fully aware of the extent to which, where and for how long the data is stored; to what extent the networks comply with existing obligations regarding erasure; what analyses are conducted and links established with the data; and to whom the data is disclosed.

Access to GIZ social media sites is subject to the terms of use and privacy policies of the respective operators. Click here for the contact details and links to the data privacy policies of the social media on which GIZ maintains a presence.

Social media on DNK website
The privacy policy for the social network X (former Twitter), operated by X Corp. (former Twitter Inc.), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be found at https://twitter.com/en/privacy.

The privacy policy for the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, can be found at https://www.linkedin.com/legal/privacy-policy?.

The privacy policy for the social network YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_en_eu.pdf.

Disclosure to Third Parties

GIZ does not pass on personal data to third parties unless it is legally obliged or entitled to do so by law.

Data Transfer to Countries outside of Germany

GIZ does not transfer personal data to third countries. When using social media, the privacy policies of the respective providers apply.

Duration of Data Retention

User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law.

IT Security of User Data

GIZ accords great importance to protecting personal data. For this reason, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation and unintended erasure as well as unauthorised access. These measures are updated accordingly based on technical developments and adapted continuously in line with the risks.

Reference to User Rights

Visitors to the DNK website have the right

• To obtain information about their data stored by us (Article 15 GDPR)
• To have their data stored by us rectified (Article 16 GDPR)
• To have their data stored by us erased (Article 17 GDPR)
• To obtain restriction of processing of their data stored by us (Article 18 GDPR)
• To object to the storage of their data if personal data are processed on the basis of the first sentence of Article 6 (1) 1 f and e GDPR (Article 21 GDPR)
• To receive their personal data in a commonly used and machine-readable format from the controller such that they can be potentially transmitted to another controller (right to data portability, Article 20 GDPR)
• To withdraw their consent to the extent that the data has been processed on the basis of consent (Article 6 (1) a GDPR). The lawfulness of the processing on the basis of the consent given remains unaffected until receipt of the withdrawal.

Users also have the right in accordance with Article 77 GDPR to lodge a complaint with the competent data protection supervisory authority. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI). (https://www.bfdi.bund.de/EN/)

Hosting: Service Providers and Order Processing

This website is hosted by an external service provider:
com&on GmbH, Leisewitzstr. 47, 30175 Hanover, Germany

The personal data collected on this website may be stored on the servers of the service provider. Our service provider will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions in relation to such data.

The service provider is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Order processing
The service provider collects and processes your personal data on our behalf. We have concluded an data processing agreement (DPA) with the above-mentioned provider.

Protection of Data on this Website

The service provider uses technical and organizational security measures in order to protect the personal data you have made available to us from manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously improved and adapted according to state-of-the-art technology.

SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Status Privacy Policy

This privacy policy has the processing status of July 1, 2022.