Data protection
I. Name and address of the data controller
Under the EU’s General Data Protection Regulation (GDPR) and other national data protection regulations and instruments of individual EU Member States, the data controller is:
Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH
Dag-Hammarskjöld-Weg 1-5, 65760 Eschborn, Germany
Friedrich-Ebert-Allee 36 + 40, 53113 Bonn, Germany
T: +49 6196 79-0
E: diaspora@giz.de
I: www.giz.de
II. Name and address of the data protection officer
The data controller’s data protection officer is:
datenschutzbeauftragter@giz.de
III. General information on data processing
1. Scope of processing of personal data
We process our users’ personal data only to the extent required to make a functional website available and to provide content and services. We process our users’ personal data only with their consent. The exception is where objective reasons make it impossible to obtain consent in advance and where processing of data is permitted under statutory provisions.
2. Statutory basis for processing personal data
The statutory basis for obtaining the consent of the data subject to the processing of their personal data is Article 6 paragraph 1 (a) of the EU’s General Data Protection Regulation (GDPR).
The statutory basis for processing personal data for performance of a contract to which the data subject is party is Article 6 paragraph 1 (b) of the GDPR. This applies also to data processing required to take steps prior to entering into a contract.
The statutory basis for processing personal data for the purpose of compliance with a legal obligation to which GIZ is subject is Article 6 paragraph 1 (c) of the GDPR.
The statutory basis for processing personal data to protect the vital interests of the data subject or another natural person is Article 6 paragraph 1 (d) of the GDPR.
The statutory basis for processing personal data to protect the legitimate interests pursued by GIZ or a third party, where the interests or fundamental rights and freedoms of the data subject do not override these legitimate interests, is Article 6 paragraph 1 (f) of the GDPR.
3. Erasure of data and storage periods
The personal data of the data subject will be erased or restricted as soon as the purpose for which they were stored no longer applies. Data may continue to be retained beyond this time when the data controller is required under European or national legislation, regulations or other legal instruments to do so. Data may also be restricted or erased when a storage period set under one of the above named provisions expires, except where further retention of the data is necessary in order to conclude or fulfil a contract.
IV. Provision of the website and creation of log files
4. Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the accessing computer’s system. The following data are gathered:
- Technical details of the browser used
- Device type, model and brand, screen resolution and OS version
- Anonymised IP address
- Continent, country and region of access
- Language code
- Date, time and duration of access
- Page opened/name of the file downloaded
- Quantity of data transferred
- Notification of whether viewing or download was successful
The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.
5. Statutory basis for the processing of data
The statutory basis for temporary storage of data and log files is Article 6 paragraph 1 (f) of the GDPR.
6. Purpose of data processing
Temporary storage by our system of the user’s IP address is required to enable the user’s computer to access the website. This requires the user’s IP address to be stored for the duration of the browsing session.
These data are stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. Data are not evaluated for marketing purposes in this context.
These purposes also account for our legitimate interest in data processing under Article 6 paragraph 1 (f) of the GDPR.
7. Duration of data storage
Data are erased as soon as they are no longer required for the purpose for which they were collected. Where data are collected to make the website available, they are erased once the session has ended.
8. Option to object and to be forgotten
Collection of data to make the website available and storage of data in log files is essential for the functioning of the website. Users therefore have no possibility to object to this use of their data.
V. Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. When users access a website, a cookie may be stored on their operating system. This cookie comprises a distinctive character string that enables the browser to be identified if the user accesses the website again.
We use cookies to make our website more user-friendly. Some elements of our website also require the accessing browser to be identifiable even after the user has switched to a different page.
Cookies therefore store and forward the following data:
(1) Session cookies
b) Statutory basis for data processing
The statutory basis for using cookies to process personal data is Article 6 paragraph 1 (f) of the GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to make it easier for users to make use of websites. Some of our website’s functions are not available without the use of cookies. They also require the browser to be recognised even after the user has switched to a different page.
The user data collected by technically necessary cookies are not used to create user profiles.
Analytical cookies are used for the purpose of improving the quality and content of our website. Analytical cookies enable us to find out how the website is being used and so to optimise our provision on an ongoing basis.
These purposes also account for our legitimate interest in the processing of personal data under Article 6 paragraph 1 (f) of the GDPR.
d) Duration of data storage, option to object and to be forgotten
Cookies are stored on the user’s computer, which sends them to our website. You as a user therefore have complete control over the use of cookies. Adjusting your internet browser settings enables you to deactivate or restrict the transmission of cookies. Previously stored cookies may be deleted at any time. This may also be done automatically. If cookies for our website are deactivated, this may mean that users are unable to make full use of the site’s functions.
VI. Newsletters
9. Description and scope of data processing
Our website provides, or may in future provide, an opportunity to subscribe to a free newsletter. The data entered during the subscription process are sent to us.
The following data are also collected when a user subscribes:
(1) IP address of the accessing computer
(2) Date and time of registration.
Your consent to the processing of your data is obtained as part of the subscription process, when you are made aware of this data protection declaration.
Data collected as a result of data processing for the purpose of sending newsletters are not shared with third parties. Your data are used solely for the purpose of sending newsletters.
10. Statutory basis for the processing of data
The statutory basis for processing of the data following a user’s subscription to a newsletter, subject to the user’s consent being held, is Article 6 paragraph 1 (a) of the GDPR.
11. Purpose of data processing
The user’s email address is collected for the purpose of sending newsletters.
Other personal data are collected as part of the subscription process for the purpose of preventing abuse of services or of the email address used.
12. Duration of data storage
Data are erased as soon as they are no longer required for the purpose for which they were collected. The user’s email address is stored while that user has a live subscription to the newsletter.
13. Option to object and to be forgotten
Users may unsubscribe from the newsletter at any time. Every newsletter includes a link enabling users to unsubscribe.
Users also have the facility to revoke their consent to storage of the personal data collected during the subscription process.
VII. Registration
14. Description and scope of data processing
On our website, we offer users the option of registering by providing personal data. These data are entered into an input screen, sent to us and stored. The data are not forwarded to third parties. The following data are collected as part of the registration process:
The following data are also stored at the time of registration:
- Email address
- Consent to the WIDU data protection provisions
- Consent to the WIDU conditions of participation
- Language selection
The following data may also be provided voluntarily:
- Given name and family name
- Gender
- Date of birth
- Nationality
- Address
- Company address
- Mobile phone number
- Landline number
- Profile photo
- My statement
- Type and number of identity document
- Account number
- Name of bank
- Branch number
- Clé RIB
- Address of bank
- SWIFT/BIC code
- Mobile Money name
- Mobile Money telephone number
- Mobile Money provider
- I own or am setting up a company
- Name of company
- Location of company
- Geodata of company
- Sector of company
- Description of company
- Photos of the company
- Local residents
- Number of employees
- Number of female employees
- Average monthly income
- Project title
- Project description
- Project term
- Investment required
- Planned number of new jobs
- Planned number of new jobs for women
- Amount I am willing to invest in the entrepreneur’s business project in Africa
- Declaration that users will invest the same amount in the project
- Confirmation of money transfer
- Date of confirmation
- Description of confirmation
- Amount transferred
- Invoice
- Invoice date
- Invoice amount
- Indication of what this amount has been spent on
- Duration of project
- Jobs created
- Jobs for women
- Average monthly income since support for diaspora
- Description of the results of the investment
- Description of problems arising during the project
- Description of positive/negative effects
- Formulation of planned expenditure
- Declaration of transfer of the WIDU subsidy
Users’ consent to processing of these data is obtained as part of the registration process.
15. Statutory basis for the processing of data
The statutory basis for processing of the data, subject to the user’s consent being held, is Article 6 paragraph 1 (a) of the GDPR.
16. Purpose of data processing
User registration is required for the provision of certain content and services on our website. These data are used almost exclusively for the purpose of the application procedure for the WIDU subsidy. Where users actively consent, the user’s nickname, the project country, the project title and the project description are published on the WIDU website. If users wish to make active contact with us, we will use these data to establish contact.
17. Duration of data storage
Data are erased as soon as they are no longer required for the purpose for which they were collected.
This is the case for the data collected during the registration process where such registration is cancelled or amended on our website.
18. Option to object and to be forgotten
As a user, you have the possibility to cancel your registration and to change the data provided for your user profile and project profile up to the point at which you submit your application for the WIDU subsidy. Every time they enter data, users are notified if data cannot subsequently be amended.
VIII. Web analysis using Matomo (formerly PIWIK)
19. Scope of processing of personal data
Our website uses the open source software tool Matomo (formerly PIWIK) to analyse users’ browsing behaviour. The software places a cookie on the user’s computer (see above for information on cookies). When individual pages of our website are viewed, the following data are stored:
- Technical details of the browser used
- Device type, model and brand, screen resolution and OS version
- Anonymised IP address
- Continent, country and region of access
- Language code
- Date, time and duration of access
- Page opened/name of the file downloaded
- Quantity of data transferred
- Notification of whether viewing or download was successful
20. Statutory basis for the processing of data
The statutory basis for processing users’ personal data is Article 6 paragraph 1 (f) of the GDPR.
21. Purpose of data processing
Processing users’ personal data enables us to analyse our users’ browsing behaviour. Evaluation of the data collected allows us to compile information about how users make use of the individual components of our website. This helps us improve our website and make it more user-friendly. These purposes also account for our legitimate interest in data processing under Article 6 paragraph 1 (f) of the GDPR. Users’ interest in protection of their personal data is addressed sufficiently by anonymising the IP address.
22. Duration of data storage
These data are erased as soon as they are no longer required for our recording purposes. This is after two years.
23. Option to object and to be forgotten
Cookies are stored on the user’s computer, which sends them to our website. You as a user therefore have complete control over the use of cookies. Adjusting the settings of your internet browser enables you to deactivate or restrict the cookies your computer sends our website. Previously stored cookies may be deleted at any time. This may also be done automatically. If cookies for our website are deactivated, this may mean that users are unable to make full use of the site’s functions. For further information on the Matomo software’s privacy settings, see https://matomo.org/docs/privacy/
Here, you can opt to accept a specific web analysis cookie in your browser, to enable the website operator to collect and analyse a range of statistical data.
Your current visit to this website may be recorded by the Matomo website analytical tool. Click this link to see your status and change your settings.
IX. Involvement of third-party services and content / external links
Within our online provision, and on the basis of our legitimate interests (that is, our interest in analysing, optimising and effectively offering our online provision under Article 6 paragraph 1 (f) of the GDPR), we use the content or service provision of third-party providers, for example to verify the identity of users (referred to below as ‘content’).
The prerequisite for this is that third-party providers of such content are aware of users’ IP addresses, since without the IP address, they cannot send content to users’ browsers. The IP address is therefore necessary for provision of this content. We make every effort to use only content from providers that use users’ IP address solely to deliver content. Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical and marketing purposes. Pixel tags enable information such as visitor traffic on this website’s pages to be evaluated. Pseudonymised information may also be stored in cookies on users’ devices and may contain technical information on the browser and operating system, referring websites, duration of visits and other information on the way our online provision is used. This information may also be combined with similar information from other sources.
24. IDnow and WebID
The online application procedure for the WIDU subsidy requires applicants to use the online ‘PhotoIdent’ services provided by IDnow GmbH (Auenstr. 100, 80469 Munich, registered at Amtsgericht München, HRB 210463) and WebID Solutions GmbH (Friedrichstraße 88, 10117 Berlin registered at Amtsgericht Berlin, HRB 1416331B) to verify their identity. WIDU sends users’ name and date of birth to IDnow or WebID via an API interface. Users then use IDnow’s and WebID's online identification processes, which requires them to forward front and back copies of their ID document and a photograph to IDnow or WebID. IDnow and WebID forward the data collected via API to WIDU, which stores only the data that users have voluntarily provided in advance (see VII.14).
Data protection declaration: https://www.idnow.io/de/regularien/datensicherheit/ and https://webid-solutions.de/privacy-policy/?lang=en
We shall be liable for links on this Website that are beyond our control only insofar as we have knowledge of the content of the relevant content and it would have been reasonable and technically possible for us to forestall the use of any such content that may be illicit. We thus hereby expressly states that at the time any such link was created we had no knowledge that it was associated with any illicit Web content. Inasmuch as we have no control over the current or future design, content or copyright of any linked Web page, we hereby expressly repudiate any content of any linked page that was altered after the link in question was created. This applies to all links and references on this Web site, as well as any third party entry in any guest book, forum, link compendium and/or mailing list. In the event of illicit, erroneous or incomplete content, and in particular in connection with damages arising from the use or non-use of such information, the Web site owner to which the link in question pointed shall assume liability, and not the Web site owner that provided links to such content.
X. Rights of the data subject
You are entitled to object to data processing, to enquire about the personal data held on you and how they are processed, to have the data corrected if necessary, and to request restriction of processing or erasure of the data. Your data will then be erased.
If you have any questions or complaints about this website, please contact the GIZ data protection officer (see contact information under II.). You also have the right to lodge a complaint with the responsible data protection supervisory authority. The responsible supervisory authority is the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).