This privacy policy contains the data protection statement for users of the Sustainable Infrastructure Tools Navigator on storage and use of personal data.
Data processing is the responsibility of the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH. The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH attaches great importance to responsible and transparent management of personal data.
Below we provide users with information as to
- who they can contact at GIZ on the subject of data protection
- what data is processed when they visit the website
- what data is processed when users contact us
- how they can opt out of the storage of data
- what rights they have with respect to us
Postal address:
Friedrich-Ebert-Allee 32 + 36, 53113 Bonn
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn
Contact: info@sustainable-infrastructure-tools.org
Contact data protection officer: datenschutzbeauftragter@giz.de
General
The Sustainable Infrastructure Tool Navigator is maintained by the Infrastructure Solutions Incubator, a project hosted by the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH. The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a public-benefit federal enterprise for international cooperation. We work as a federal enterprise under private law. Our aim is to achieve the development-policy objective of improving the living conditions of people worldwide and conserving the natural resources on which livelihoods depend. The Sustainable Infrastructure Tool Navigator was originally developed by Emerging Markets Sustainability Dialogue hosted by GIZ and commissioned by the German Federal Ministry for Economic Cooperation and Development (BMZ) to provide an overview of the most relevant sustainability tools and, thereby, increase the integration of sustainability criteria across the infrastructure lifecycle.
Information on the collection of personal data
GIZ processes personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutz-gesetz, BDSG). Personal data are, for example, name, address, email addresses and user behaviour.
GIZ only processes personal data to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which the data is required.
Cookies
When you visit the Sustainable Infrastructure Tool Navigator website, small text files known as ‘cookies’ are stored on your computer. They are used to make the online presence more user-friendly and effective overall. Cookies cannot run programs or infect your computer with viruses.
This website uses cookies that are automatically deleted as soon as the browser on which the page is displayed is closed (referred to as temporary cookies or session cookies). This type of cookie makes it possible to assign various requests from a browser to a session and to recognize the browser when the website is visited again (session ID).
Matomo analysis service (user analysis)
To analyse usage data on its website, GIZ uses the Matomo web analysis service, where data is stored and evaluated completely anonymously on server space provided by ALL-INKL.COM and leased by GIZ in Frankfurt am Main, Germany.
Matomo uses cookies to enable a statistical analysis of the use of the GIZ website. The collected cookies do not contain any information that permits identification of a user. Every time you visit a page on the GIZ website and every time you download a file, information about the activity is processed and stored in a temporary log file. Before it is stored, each data set is rendered anonymous by masking the last two bytes of the visitor’s IP address meaning that the last components of the IP address are removed to protect the visitor’s privacy.
GIZ evaluates usage information for statistical purposes as part of its public relations work and for the needs-based provision of information within the scope of the tasks it performs (legal basis: Article 6 (1) e GDPR in conjunction with Article 3 BDSG).
The data generated with Matomo is processed and stored by Matomo on behalf of GIZ in Germany only. The collection of this anonymized data requires the active consent of the user, information on opting out is provided further below.
In detail, Matomo stores the following information:
- User IP address (anonymized)
- Date and time of the request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded
- Links to an outside domain that were clicked
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user)
- Approximate location of the user: country, region, city, approximate latitude and longitude
- Main Language of the browser being used (Accept-Language header)
- User Agent of the browser being used (User-Agent header)
Further information on data protection with Matomo can be found here: https://matomo.org/faq/general/faq_18254/
Information on opting out
In order to track user behaviour, users must agree to the necessary tracking cookies. When visiting the website for the first time, users will need to make a decision on which cookies they allow to be stored. Users who do not agree with the completely anonymous storage and evaluation of the data from their visit can opt out of the storage. This choice needs to be made for every device and with every browser that a user visits the website with. Browsers will remember the decision until the stored cookies are deleted.
Processing of personal data when contacting us
When users contact us, the data provided is processed in order to be able to respond to the enquiry. The following contact options are available:
- Submit a tool
- Letter
Submit a tool
When you use the “Submit your Tool” form, we process your first and last names and email address. The processing is based on consent in accordance with Art. 6 paragraph 1 a) of the EU GDPR for the purpose of processing your request.
By activating the checkbox under “Accept Terms” and submitting the submit a tool form, the user agrees to the transmission and storage of their personal data. It is possible to cancel the process of filling out the submit a tool form at any time. Data is only transmitted if the form is sent.
Data is transmitted to GIZ using an SSL-encrypted connection, which makes it significantly more difficult for unauthorized persons to intercept it. The data will be used solely for the purpose of contacting the tool provider in order to keep information on the tool up to date and in case of further questions by GIZ.
A third-party service provider responsible for the technical maintenance of the website as well as our content development partner have access to the mentioned personal data but do not process it. Please see below “Recipients of personal data” for further information. No use will be made of your details for commercial purposes, for advertising or for market research.
Email addresses that you provide when you make an enquiry are used exclusively for correspondence or delivery purposes.
Additionally, in the process of submitting a tool, tool providers can choose to share their names and personal contact details (e. g. email addresses, telephone numbers) to be published on the introduction page of their tool for users of the Sustainable Infrastructure Tool Navigator to contact them directly.
Contact by email
Alternatively, it is possible to contact GIZ via the email address provided. In this case, at least the email address but also any other personal user data transmitted with the email (e.g. family and given name, address) as well as the information contained in the email are stored solely for the purpose of contacting the user and processing the request.
The legal basis for the processing of data in connection with email communication is Article 6 (1) e GDPR.
Contact by letter
When contacting us by letter, the personal data transmitted (e.g. family and given name, address) and the information contained in the letter is stored for the purpose of establishing contact and processing the enquiry.
The legal basis for the processing of data in connection with communication by letter is Article 6 (1) e GDPR.
Transfer of data to countries outside Germany and data disclosure to third parties
In order to offer you our non-commercial services, we may have to disclose your personal data to the following IT service provider and content development partner:
- Digicove Labs (IT service provider, India), technical and operational measures to secure data protection according to GDPR standards are in place.
- United Nations Environment Programme (development partner, Switzerland)
GIZ does not pass on personal data to any other third parties unless it is legally obliged to do so by law.
Duration of data retention
Personal data collected in the process of “Submit a Tool” will not be kept any longer than is necessary for the purpose for which it is processed according to Art. 5 paragraph 1 e) and Art. 17 paragraph 1 a) GDPR. That is, that as long as the Sustainable Infrastructure Tool Navigator features the specific tool submitted by the affected person, the contact details are stored, so that GIZ is able to get in touch about updates on the tool and other queries. The individual has the right to have this data erased at any time (Article 17 GDPR). The section ‘Reference to user rights’ provides more information on this. The data will be deleted automatically when the tool is withdrawn from the Sustainable Infrastructure Tool Navigator database.
IT security of user data
GIZ accords great importance to protecting personal data. For this reason, GIZ and the contracted IT service provider use appropriate technical and organisational security measures to ensure that data is protected against accidental and intentional manipulation and unintended erasure as well as unauthorised access. Access to your personal data is restricted to GIZ staff who need to process it for the above-mentioned purposes, and who will handle the information you provide in a proper and confidential manner. Additionally, the corresponding individuals from the development partner UNEP and IT provider Digicove have access to the data but do not process it.
Reference to user rights
Visitors to the website have the right:
- To obtain information about their data stored by us (Article 15 GDPR)
- To have their data stored by us rectified (Article 16 GDPR)
- To have their data stored by us erased (Article 17 GDPR)
- To obtain restriction of processing of their data stored by us (Article 18 GDPR)
- To object to the storage of their data if personal data are processed on the basis of the first sentence of Article 6 (1) 1 f and e GDPR (Article 21 GDPR)
- To receive their personal data in a commonly used and machine-readable format from the controller such that they can be potentially transmitted to another controller (right to data portability, Article 20 GDPR).
- To withdraw their consent to the extent that the data has been processed on the basis of consent (Article 6 (1) a GDPR). The lawfulness of the processing on the basis of the consent given remains unaffected until receipt of the withdrawal.
Users also have the right in accordance with Article 77 GDPR to lodge a complaint with the competent data protection supervisory authority. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).