Privacy Notice – Yemeni Women’s Voices Platform
The Yemeni Women’s Voices Platform is provided by Deutsche Gesellschaft für Internationale Zusammenarbeit (German Federal Enterprise for International Cooperation, (“GIZ”). GIZ is the controller of your personal data processed in connection with your use of this website (“your personal data”).
As GIZ is established in Germany it is subject to the EU General Data Protection Regulation (“GDPR”). According to the latter, GIZ must make information about its processing of personal data available to the data subjects. This information is provided to you in this privacy notice.
1. How to contact GIZ
Friedrich-Ebert-Allee 36 + 40, 53113 Bonn
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn
GIZ’s data protection officer can be reached at the following e-mail address:
2 Categories of personal data processed
In the following we inform you about personal data that may be automatically processed about you when you use the Yemeni Women’s Voices Platform (“website”).
2.1 Collection of personal data when visiting our website
When visiting the website, the browser used automatically transmits data that is stored in a log file. GIZ itself only processes the data that is technically necessary to display the website correctly and to ensure stability and security.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Every time a user accesses a page of our website, and every time a file is downloaded, that information is stored in a log file.
Among other things, the following data is stored for each access:
· Technical details of the browser used
· The page from which the user was redirected
· Anonymous IP address of the accessing device
· Date and time of the access
· Page opened/name of the file downloaded
· Quantity of data transferred
· Notification of whether viewing or download was successful
The stored data is evaluated exclusively for statistical purposes and then deleted. Data will not be passed on to third parties.
Log file fields
The date on which the activity occurred.
The time, in coordinated universal time (UTC), at which the activity occurred.
The requested action, for example, a GET method.
The target of the action, for example, Default.htm.
The HTTP status code.
The browser type that the client used.
The data in the log file is deleted after 14 days.
GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.
Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.
When visiting the website, small text files, so-called cookies, are stored on the visitor's computer. They serve to make the website more user-friendly and effective. Cookies cannot execute programs or transfer viruses to your computer.
2.2.1 Analytics service etracker (user analysis)
The website uses the web analytics service "etracker", which is operated by etracker GmbH from Hamburg, to analyse usage data. The data is stored and analysed completely anonymously.
GIZ evaluates usage information for statistical purposes as part of its public relations work and for the provision of demand-oriented information as part of the tasks it is required to perform (basis: Art. 6 para. 1 lit. e GDPR in conjunction with Section 3 BDSG).
The data generated by etracker is processed and stored by etracker on behalf of GIZ exclusively in Germany.
Further information on data protection at etracker can be found here: https://www.etracker.com/datenschutz/.
Notes on objection
Users who do not agree with the completely anonymised storage and evaluation of the data from their visit can object to the storage and use at any time with a mouse click. In order to prevent data collection and storage in the future, you can place an opt-out cookie in your browser at the following link: link will be placed here
2.2 Processing of personal data when contacting us
When users contact us, the data provided is processed in order to be able to deal with the inquiry. The following contact options exist:
2.3.1 Contact by e-mailIt is possible to contact GIZ via the e-mail addresses provided. In this case, the user's personal data (e.g. surname, first name) transmitted by e-mail, or at least the e-mail address, as well as the information contained in the e-mail, will be stored exclusively for the purpose of contacting the user and processing the request.
The legal basis for processing the data that is processed in the course of sending an e-mail is Art. 6 para. 1 lit. e GDPR.
2.3.2 Contact by letterWhen contacting us by letter, the transmitted personal data (for example: surname, first name, address) and the information contained in the letter are stored for the purpose of contacting us and processing the request.
The legal basis for the processing of data transmitted in the course of sending a letter is Art. 6 para. 1 lit. e GDPR.
2.4 Processing of personal data when registering via a Registration form
On the website, a form offers the possibility of electronic registration. The purpose of processing your personal data stated in the event registration form is managing your registration and attendance at the event, including sending you notifications about the event. This processing of your personal data is necessary for the conclusion and performance of a contract in view of your registration and attendance at the event.
We use MTCaptcha that is a captcha service offering an automation bot detection and prevention captcha widget plugin. The captcha service does not collect, track or retain any information that may directly or indirectly identify a you personally. Any data generated by the system that may indirectly identify you such as network IP addresses are anonymized so it can no longer be personally identifiable.
If you would like to attend the event, you need to fill in the registration form with the requested personal data. All fields marked with a star (*) are mandatory. When using the registration form, the surname, first name, the e-mail address, phone number (optional) are processed. The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR and for the purpose of processing your request.
If you consented, we may also process your name, surname, phone number (optional) and email address for the purpose of sending you communications about the event you registered for by email, and/or by phone. The legal basis for processing your personal data for this purpose is your consent.By activating the checkbox and sending the registration form, the user agrees to the transmission and storage of his/her personal data in our server database. The completion of the registration form can be cancelled at any time. The data is only transmitted when the form is sent. The transmission takes place via an SSL-encrypted connection.
We comply with the principle that the period for which the personal data are stored is limited to a strict minimum and not kept longer than necessary for achieving the above purpose. Your personal data from the registration form and any additional information we may request will be stored for 14 days after the event and then deleted afterwards from our database.
2.5 Processing of personal data when taking photos and/or videos during the event
We will take photos during the event for the purposes of its journalistic coverage and publicity of the event. The legal basis for the processing of personal data in the context of this public relations work is Article 6(1) lit. e GDPR in conjunction with § 3 BDSG.We will publish photos of you on our website only if you have given your consent for publication of photos of you made during the event. If you have consented for publishing such photos and/or videos and those are published on our website, they will be stored until the withdrawal of your consent for the relevant processing.
2.6 Processing of personal data in the context of the use of YouTube
3. Recipients of personal data
Your personal data is shared with service providers responsible for maintaining the website, a data hosting provider and a web analytics service.
3.1 Disclosure of your personal data
We may disclose aggregate statistics about visitors to our website in order to describe our services to reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
4. Data retention period
Where personal data has been stored about you, it is deleted as soon as it is not needed anymore for the purposes set out above.
5. Data transfers to a third country or an international organization
Your personal data is stored on secure servers in the EU. It will not be transferred to a non-EU country or an international organization. When using social media, the data protection policies of the respective providers apply.
6. IT security of user data
The protection of personal data is an important concern for GIZ. Therefore, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation, accidental deletion and unauthorised access. These measures are updated in line with technical developments and constantly updated to match changes occurring in the risk environment.
7. Data protection rights
You have the following rights with respect to the processing of your personal data:
· You may at any time request (1) confirmation if and how GIZ processes your personal data and (2) access to your personal data (Article 15 GDPR).
· You may have the right to receive a copy of your data in a structured, commonly used and machine-readable format so that you can further use it or forward it to other organizations (Article 20 GDPR).
· If you are of the opinion that your personal data stored by GIZ is incorrect or incomplete, you may request GIZ to rectify or complete such data (Article 16 GDPR).
· Under certain circumstances, you also have the right to object to the processing of your data (Article 21 GDPR) and you may request GIZ to restrict its processing of your data (Article 18 GDPR) or erase your data (Article 17 GDPR).
· You may have the right to withdraw your consent, provided that the processing of the data is based on consent (Art. 6 (1) (a) GDPR). The lawfulness of the processing based on the consent given remains unaffected until receipt of the revocation.There are some exceptions to these rights. For example, it is not possible to erase your data if GIZ has a legal obligation to retain it or if GIZ is unable to identify your personal data. If you have any questions regarding the processing of your personal data by GIZ or would like to express any concerns in this respect, please do not hesitate to contact GIZ’s data protection officer using the e-mail address indicated in section 2 above.
If you are of the opinion that the processing of your personal data constitutes a breach of the GDPR or other applicable EU data protection law, you have the right to lodge a complaint with a data protection authority. The competent data protection authority is the Federal Commissioner for Data Protection and Freedom of Information.
· postal address: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Graurheindorfer Str. 153 - 53117 Bonn, Germany
· e-mail address: firstname.lastname@example.org
8. Automated decision making
Your personal data will not be used for automated decision making.