Privacy policy in accordance with the General Data Protection Regulation (GDPR)
I. Name and address of the data controller
Under the EU’s General Data Protection Regulation (GDPR) and other national data protection regulations and instruments of individual EU Member States, the data controller is:
Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH
Dag-Hammarskjöld-Weg 1-5,
65760 Eschborn, Germany
Friedrich-Ebert-Allee 36 + 40,
53113 Bonn, Germany
Tel.: +49 6196 79-0
Email: info@giz.de
Website: www.giz.de
II. Name and address of the data protection officer
The data controller’s data protection officer is:
datenschutzbeauftragter@giz.de.
III. General information on data processing
Scope of processing of personal data: We process our users’ personal data only to the extent required to make a functional website available and to provide content and services. We process our users’ personal data only with their consent. The exception is where objective reasons make it impossible to obtain consent in advance and where processing of data is permitted under statutory provisions.
Statutory basis for the processing of personal data: The statutory basis for obtaining the consent of the data subject to the processing of their personal data is Article 6 paragraph 1 (a) of the EU’s General Data Protection Regulation (GDPR). The statutory basis for processing personal data for performance of a contract to which the data subject is party is Article 6 paragraph 1 (b) of the GDPR. This applies also to data processing required to take steps prior to entering into a contract. The statutory basis for processing personal data for the purpose of compliance with a legal obligation to which GIZ is subject is Article 6 paragraph 1 (c) of the GDPR. The statutory basis for processing personal data to protect the vital interests of the data subject or another natural person is Article 6 paragraph 1 (d) of the GDPR. Processing is necessary pursuant to Article 6 (1) lit. e GDPR for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Erasure of data and storage periods: The personal data of the data subject will be automatically deleted after ten years if a contract has been initiated or if there is an existing contractual relationship. Data may continue to be retained beyond this time when the data controller is required under European or national legislation, regulations or other legal instruments to do so. Data may also be restricted or erased when a storage period set under one of the above named provisions expires, except where further retention of the data is necessary in order to conclude or fulfil a contract.
IV. Provision of the website and creation of log files
Description and scope of data processing: Each time our website is accessed, our system automatically records data and information from the accessing computer’s system.
The following data are gathered:
- Technical details of the browser used
- Device type, model and brand, screen resolution and OS version
- Anonymised IP address
- Continent, country and region of access
- Language code
- Date, time and duration of access
- Page opened/name of the file downloaded
- Quantity of data transferred
- Notification of whether viewing or download was successful.
The data are also stored in our system’s log files.
These data are not stored together with other personal data of the user.
Statutory basis for the processing of data: The statutory basis for temporary storage of data and log files is Article 6 paragraph 1 (f) of the GDPR.
Purpose of data processing: Temporary storage by our system of the user’s IP address is required to enable the user’s computer to access the website. This requires the user’s IP address to be stored for the duration of the browsing session.
These data are stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. Data are not evaluated for marketing purposes in this context. These purposes also account for our legitimate interest in data processing under Article 6 paragraph 1 (f) of the GDPR.
Duration of data storage: Data are erased as soon as they are no longer required for the purpose for which they were collected. Where data are collected to make the website available, they are erased once the session has ended.
Option to object and to be forgotten: Collection of data to make the website available and storage of data in log files is essential for the functioning of the website. Users therefore have no possibility to object to this use of their data.
V. Use of cookies
Description and scope of data processing: Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. When users access a website, a cookie may be stored on their operating system. This cookie comprises a distinctive character string that enables the browser to be identified if the user accesses the website again. We use cookies to make our website more user-friendly. Some elements of our website also require the accessing browser to be identifiable even after the user has switched to a different page.
Cookies therefore store and forward the following data:
1. Session cookies
Statutory basis for the processing of data: The statutory basis for using cookies to process personal data is Article 6 paragraph 1 (f) of the GDPR.
Purpose of data processing: The purpose of using technically necessary cookies is to make it easier for users to make use of websites. Some of our website’s functions are not available without the use of cookies. They also require the browser to be recognised even after the user has switched to a different page. The user data collected by technically necessary cookies are not used to create user profiles. Analytical cookies are used for the purpose of improving the quality and content of our website. Analytical cookies enable us to find out how the website is being used and so to optimise our provision on an ongoing basis. These purposes also account for our legitimate interest in the processing of personal data under Article 6 paragraph 1 (f) of the GDPR.
Duration of data storage, option to object and to be forgotten: Cookies are stored on the user’s computer, which sends them to our website. You as a user therefore have complete control over the use of cookies. Adjusting the settings of your internet browser enables you to deactivate or restrict the cookies your computer sends our website. Previously stored cookies may be deleted at any time. This may also be done automatically. If cookies for our website are deactivated, this may mean that users are unable to make full use of the site’s functions.
VI. Newsletter
Description and scope of data processing: Our website provides the opportunity to subscribe to a free newsletter, as part of the registration process.
Your consent to the processing of your data is obtained as part of the subscription process, when you are made aware of this data privacy policy. Data collected as a result of data processing for the purpose of sending newsletters are not shared with third parties.
Statutory basis for the processing of data: The statutory basis for processing of the data following a user’s subscription to a newsletter, subject to the user’s consent being held, is Article 6 paragraph 1 (a) of the GDPR.
Purpose of data processing: The user’s email address is collected for the purpose of sending newsletters. Other personal data are collected as part of the subscription process for the purpose of preventing abuse of services or of the email address used.
Duration of data storage: Data are erased as soon as they are no longer required for the purpose for which they were collected. The user’s email address is stored while that user has a live subscription to the newsletter.
Option to object and to be forgotten: Users may unsubscribe from the newsletter at any time. Every newsletter includes a link enabling users to unsubscribe. Users also have the facility to revoke their consent to storage of the personal data collected during the subscription process.
VII. Registration
Description and scope of data processing: On our website, we offer users the option of registering by providing personal data. These data are entered into an input screen, sent to us and stored. The data provided will not be passed on to third parties without prior consent being obtained.
The following data are also stored at the time of registration:
- Email address
- Consent to WIDU’s data protection regulations in accordance with GDPR
- Consent to the WIDU contract and WIDU’s terms and conditions of use
- Language selection.
The following data must also be provided for use of the WIDU platform:
- Given name and family name
- Gender
- Date of birth
- Nationality
- Level of education
- Address
- Company address
- Mobile phone number
- Profile photo
- Type and number of identity document
- Account number
- Name of bank
- Branch number
- Clé RIB
- Address of bank
- SWIFT/BIC code
- Mobile Money name
- Mobile Money telephone number
- Mobile Money provider
- I own or am setting up a company
- Name of company (possibly identical to name of entrepreneur)
- Location of company
- Geodata of company
- Sector of company
- Description of company
- Photos of the company
- Number of (female) employees
- Average monthly income
- Project name
- Project description
- Project duration
- Investment required
- Planned number of new jobs (for women)
- Planned investment by diaspora donor and entrepreneur
- Confirmation of money transfer with date, description and amount transferred
- Invoices with dates and amounts
- Optionally rental contracts or sales contract as proof of payment
- Indication of what this amount has been spent on
- Duration of project
- Jobs created (for women)
- Average monthly income since start of diaspora support
- Description of the results of the investment
- Description of problems arising during the project
- Description of positive/negative effects
- Formulation of planned expenditure
- Declaration of transfer of the WIDU grant
Statutory basis for the processing of data: The statutory basis for processing of the data, subject to the user’s consent being held, is Article 6 paragraph 1 (a) of the GDPR.
Purpose of data processing: User registration is required for the provision of certain content and services on our website. These data are used almost exclusively for the purpose of the application procedure for the WIDU grant.
Duration of data storage: The personal data of the data subject will be automatically deleted after ten years if a contract is initiated or if there is an existing contractual relationship.
Option to object and to be forgotten: As a user, you have the possibility to cancel your registration and to change the data provided for your user profile and project profile up to the point at which you submit your application for the WIDU grant. Every time they enter data, users are notified if data cannot subsequently be amended.
VIII. General communication
- General communication using the contact form or by email
- Processing of other enquiries or queries in the application process
We process your data when responding to customer information and support queries. In the context of a general enquiry, the legal basis for the processing of the data is the existence of the user's consent Art. 6 para. 1 lit. a GDPR.
As part of the application process or provision of grants to companies, GIZ may contact users by email and/or telephone in order to respond to project-specific queries.
You can object to this type of processing at any time. Your data will not be used or passed on for any other purpose.
Processing is necessary pursuant to Article 6 (1) lit. e GDPR for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
IX. Web analysis using Matomo (formerly PIWIK)
Scope of processing of personal data: Our website uses the open source software tool Matomo (formerly PIWIK) to analyse users’ browsing behaviour. The software places a cookie on the user’s computer (see above for information on cookies). When individual pages of our website are viewed, the following data are stored:
Technical details of the browser used
Device type, model and brand, screen resolution and OS version
Anonymised IP address
Continent, country and region of access
Language code
Date, time and duration of access
Page opened/name of the file downloaded
Quantity of data transferred
Notification of whether viewing or download was successful.
Statutory basis for the processing of personal data: The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
Purpose of data processing: Processing users’ personal data enables us to analyse our users’ browsing behaviour. Evaluation of the data collected allows us to compile information about how users make use of the individual components of our website. This helps us improve our website and make it more user-friendly.
Duration of data storage: These data are erased as soon as they are no longer required for our recording purposes. This is after three years.
Option to object and to be forgotten: Cookies are stored on the user’s computer, which sends them to our website. As a user, you therefore have complete control over the use of cookies. By adjusting the settings of your internet browser you can deactivate or restrict the cookies your computer sends to our website. Previously stored cookies may be deleted at any time. This may also be done automatically. If cookies for our website are deactivated, this may mean that users are unable to make full use of the site’s functions. For further information on the Matomo software’s privacy settings, see https://matomo.org/docs/privacy/. Here, you can opt to accept a specific web analysis cookie in your browser, which enables the website operator to collect and analyse a range of statistical data.
X. Involvement of third-party services and content/external links
Within our online provision, we use the content or service provision of third-party providers, for example to verify the identity of users (referred to below as ‘content’).
The prerequisite for this is that third-party providers of such content are aware of users’ IP addresses, since without the IP address, they cannot send content to users’ browsers. The IP address is therefore necessary for provision of this content. We make every effort to use only content from providers that use users’ IP address solely to deliver content. Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical and marketing purposes. Pixel tags enable information such as visitor traffic on this website’s pages to be evaluated. Pseudonymised information may also be stored in cookies on users’ devices and may contain technical information on the browser and operating system, referring websites, duration of visits and other information on the way our online provision is used. This information may also be combined with similar information from other sources.
IDnow and WebID: The online application procedure for the WIDU grant requires applicants to use the online ‘PhotoIdent’ services provided by IDnow GmbH (Auenstr. 100, 80469 Munich, Germany registered at Amtsgericht München, HRB 210463) and WebID Solutions GmbH (Friedrichstraße 88, 10117 Berlin, Germany registered at Amtsgericht Berlin HRB 146331B) to verify their identity. WIDU sends users’ name and date of birth to IDnow/WebID via an API interface. Users then use IDnow/WebID’s online identification process, which requires them to forward copies of the front and back of their ID document and a photograph to IDnow/WebID. IDnow/WebID forwards the data collected via API to WIDU, which stores only the data that users have voluntarily provided in advance.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Data privacy policy: https://www.idnow.io/regulation/data-security/ and https://webid-solutions.de/datenschutzbestimmungen/
In the case of direct or indirect references (‘links’) to external websites that lie outside our area of responsibility, liability on our part would only arise if we were aware of the content and if it were technically possible and reasonable for us to prevent the use of any illegal content. We therefore expressly declare that we had no knowledge of any illegal content on linked pages at the time the links were created. We have no influence whatsoever on the current or future design, content or copyrights of such linked pages. We therefore hereby expressly distance ourselves from all content on any linked pages that were changed following creation of the link. This statement applies to all links and references that appear on our own Internet pages and to external entries in guest books, discussion forums, link directories and mailing lists. Only the provider of the page to which reference is made is liable for illegal, incorrect or incomplete content – and in particular for any damages resulting from the use or non-use of such information – and not the organisation/entity that uses links to merely refer to the publication in question.
XI. Chatbot and transition to live chat
A chatbot function is available on this website. The data from the input screen is transmitted to the chatbot, which provides automated answers on specific topics. It is not possible to answer any questions above and beyond those provided. The chatbot function is currently a beta test version. The responses provided are merely designed to provide initial information and are therefore not legally binding. They are not intended to replace advice by a WIDU staff member.
The chat logs are recorded and saved to improve quality and usability. Only the text is saved during use and no other personal data. It is therefore not possible to identify the user. If personal data is nevertheless entered by the user, it is subsequently deleted.
If you are in the registered area on the platform, you have the option of using a live chat and will be forwarded to a WIDU employee. You can enter personal data such as your name, address or WIDU project number in the live chat so that your individual project-related question can be answered. When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. The entire chat history with the data contained therein is stored by WIDU and automatically deleted after ten years if a contract is initiated or a contractual relationship exists. Personal data is not transferred to a country outside the EU or the European Economic Area.
XII. Rights of the data subject
You have the right:
⦁ to withdraw your consent at any time. This does not affect the lawfulness of the processing up to the point of withdrawal of consent.
⦁ to request a copy of your personal data and/or notification of whether and how GIZ is processing your personal data
⦁ to request the rectification or completion of incorrect or incomplete personal data
⦁ to request the erasure of your personal data
⦁ object to the processing of your personal data under certain circumstances
⦁ to request the restriction of the processing of your personal data
If you have any questions or complaints about this website, please contact the GIZ data protection officer (see contact information provided under II.).
You also have the right to lodge a complaint with the comptetent data protection supervisory authority.
The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
We reserve the right to change this privacy policy at any time. Any changes will be made public by publishing the amended privacy policy on our website. Any changes shall take effect immediately, unless otherwise stated. Please therefore check this privacy policy regularly to ensure that you are accessing the most recent version.
Last updated – March 2025