Privacy and Data Protection

1. Purpose

Informing members and visitors of inclusivebusiness.net on the storage and use of data by the Inclusive Business Action Network (iBAN) within GIZ.

2. General

Data processing is the responsibility of the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH.

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a public-benefit federal enterprise for international cooperation. We work as a federal enterprise under private law. Our aim is to achieve the development-policy objective of improving the living conditions of people worldwide and conserving the natural resources on which livelihoods depend.

Postal adress:

Friedrich-Ebert-Allee 32 + 36, 53113 Bonn

Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn

Contact details of the data protection officer: datenschutzbeauftragter@giz.de

3. Information on how collected data will be processed

This declaration explains how iBAN, represented by GIZ will process user data of inclusivebusiness.net.

iBAN is collecting, processing and storing data in order to:

  • provide users the opportunity to create a profile that enables users to leave comments, post blogs and communicate with other users,
  • provide users the opportunity to create and use a personalised dashboard that can only be accessed by the user himself/herself,
  • receive mailings and updates
  • ask users to take part in regular surveys - voluntary and anonymous
  • process and answer user requests,
  • provide users access to an online learning environment.

3.1 Tracking of user data on website and cookies

For statistical purposes and to improve service, this website uses technology provided by Matomo, which evaluates and then deletes data. Data is stored and evaluated completely anonymously. No other use is made of the data, and the data is not passed on to third parties. Cookies are used to collect information on the usage behaviour of this website, including the IP address of the requesting computer, which is stored in abbreviated form, and transmit this information to the server. The data is made anonymous there and stored for the purpose of usage analysis. After the anonymization, an assignment to the inquiring computer or connection is no longer possible according to the current state of technology. The information generated by the cookie is only passed on to the internally operated server. It will not be passed on to third parties. The processing of the data is based on Art. 6 para. 1 lit. a) GDPR, consent of the data subjects.

Anonymized visits logs will be deleted automatically after two years. Aggregated data on average user behaviour will be stored to document the long-term development of the platform. 

When you access the website for the first time, you are asked for your consent to the processing of user data for the analysis of user behavior. Under the link below you can change your preferences at any time.

Page access and file download activities are anonymised, processed and stored in a temporary protocol file. The anonymization process is conducted through an IP address altering software.

The following information is stored for each page viewed and each file download: 

  • Technical details of the browser used 
  • Anonymous IP address 
  • Date and time 
  • Page opened/name of the file downloaded 
  • Quantity of data transferred 
  • Notification of whether viewing or download was successful 

Temporary session cookies are used each time an individual page is viewed, to make navigation easier. Cookies are small text files that are stored locally in the users browser cache. Session cookies do not include any personal data and expire at the end of each session, or after the completion of a user survey, which is conducted as a rule every two years. This website does not use methods such as Java applets or ActiveX controls that make it possible to track browsing behaviour.

Any personal details collected as part of the personal profile will only be used for the purpose of dealing with enquiries and to provide relevant content on the users dashboard. Any personal information collected apart from the IP address is used to pinpoint and deliver topics relevant to the users dashboard. Personal details will not be passed onto third parties. 

Email addresses provided during an enquiry or registration on the website are used exclusively for correspondence and, if interest in newsletters has been indicated, for the delivery of mailings.

All personal details will be deleted from the database after cancellation of subscription.

 

3.2 User profiles (only applicable to registered users)

Profile

When signing up to the platform, users are asked to submit account details and data for a user profile. It is mandatory to enter an e-mail address, a user name and to choose a password when signing up to the website. Entering further information is optional. Processing of personal data in the user profiles is based on on Art. 6 para. 1 lit. a) GDPR, consent of the data subjects.

Signing up to the platform will enable users to publish blog posts and comments on the online platform. Blog posts and comments are publicly visible. Furthermore, it enables users to subscribe to iBAN’s mailing lists for updates and newsletters. Optional profile information will be used for internal monitoring and evaluation of the platform (e.g. if users are interested in information from a specific sector or region). Personal user data will be anonymized before assessments.

You can delete your profile at any time. After deleting the profiles all personal data of the user will be anonymised. The content the user provided to the platform will remain published on the website unless deletion was explicitly requested.

The profiles and all corresponding personal data are automatically deleted if the website is permanently taken offline.

Dashboard

Users will be able to create a personalized area for subscribers offering selected content according the users interests.

Once logged in, users can select filters on the dashboard page and will be offered new content according to these categories. All functions will be unified on an individual dashboard, where users will be additionally informed on new content. Users can mark preferred content and will have access to within a „favorites“-section.

Administrators will be able to assess what interests/content filters members select over time and in which region and country members are located. This information will only be used for statistical reasons in order to improve the website and after data has been anonymized.

You can change or delete your preferences at any time. The profiles and all corresponding personal data are automatically deleted if the website is permanently taken offline.

3.3 Newsletters and mailings

iBAN is using Mailingwork to send out newsletters and updates. Any personal details collected as part of the mailing list subscription will only be used for the purpose of processing the subscription. Mailingwork is implemented via a central service run by GIZ. As a result, you will get redirected to webpages of the GIZ website during the subscription process (opt-in).

Personal details will not be passed onto third parties. No use will be made of users details for consulting purposes, for advertising or for market research. All personal details will be deleted from the database after cancellation of the subscription.

After entering the receiving e-mail address, the users will receive an email containing a confirmation link. Clicking on this link confirms that the email address and subscription request are genuine. The subscription can be cancelled at any time.

If the website is permanently taken offline and the newsletter service is permanently canceled, all personal data of subscribers will be deleted.

The processing of the data for sending out newsletters is based on Art. 6 para. 1 lit. a) GDPR, consent of the data subjects.

3.4 Processing user requests

For contact and feedback forms, name and email address of users are processed. Under Article 6 para. 1 lit. e) of the GDPR, data processing is permitted if the processing is necessary for the performance of a task carried out in the public interest. Personal information is never shared with third parties if this is not explicitly requested by the subject. Enquiries are deleted on a regular basis (every two years) or once they have been dealt with.

3.5 Online learning environment (only applicable to registered users)

The platform will link to an external learning space. Users will be able to register for online courses and closed discussion groups on this platform. The terms and regulations will be specified in the data protection of the online learning space.

4. Protection of minors

Persons under the age of 16 may not transfer any personal data to iBAN without the consent of a parent or legal guardians.

5. Reference to user rights

The person agreeing to this declaration is entitled to:

  • object to data processing,
  • enquire about personal data and its processing
  • to have this corrected if necessary, or to request restriction of processing or the erasure of the data

The data will then be erased. To revoke consent, please send an email to susann.tischendorf@giz.de

If you have any questions or complaints about this website, please contact the GIZ data protection officer (see contact information provided above). You also have the right to lodge a complaint with the responsible data protection supervisory authority. The responsible authority in this case is the German Federal Commissioner for Data Protection and Freedom of Information (BfDI).

6. Closing remark

GIZ uses appropriate technical and organizational measures to secure personal data against unintentional or intentional falsification, destruction, loss or access by unauthorised persons. Access to personal data is restricted to GIZ staff from the Inclusive Business Action Network who need to process the data for the above-mentioned purpose, and who will handle the information provided in a proper and confidential manner.

The data will be used exclusively for the declared purposes. Any other use will always be dependent on consent being obtained again.

GIZ does not pass on personal data to third parties unless it is legally obliged or entitled to do so by law. 

GIZ does not transfer personal data to third countries. When using social media, the privacy policies of the respective providers apply. 

User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law.