Privacy Notice – Yemeni Women’s Voices Platform

The Yemeni Women’s Voices Platform is provided by Deutsche Gesellschaft für Internationale Zusammenarbeit (German Federal Enterprise for International Cooperation, (“GIZ”). GIZ is the controller of your personal data processed in connection with your use of this website (“your personal data”).

As GIZ is established in Germany it is subject to the EU General Data Protection Regulation (“GDPR”). According to the latter, GIZ must make information about its processing of personal data available to the data subjects. This information is provided to you in this privacy notice.

1. How to contact GIZ

Postal address:

Friedrich-Ebert-Allee 36 + 40, 53113 Bonn

Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn

Contact:

Info@ywdp.org

GIZ’s data protection officer can be reached at the following e-mail address:

datenschutzbeauftragter@giz.de


 2 Categories of personal data processed

In the following we inform you about personal data that may be automatically processed about you when you use the Yemeni Women’s Voices Platform (“website”).   

    
     2.1 Collection of personal data when visiting our website

When visiting the website, the browser used automatically transmits data that is stored in a log file. GIZ itself only processes the data that is technically necessary to display the website correctly and to ensure stability and security.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Every time a user accesses a page of our website, and every time a file is downloaded, that information is stored in a log file.

Among other things, the following data is stored for each access:

·       Technical details of the browser used

·       The page from which the user was redirected

·       Anonymous IP address of the accessing device

·       Date and time of the access

·       Page opened/name of the file downloaded

·       Quantity of data transferred

·       Notification of whether viewing or download was successful

The stored data is evaluated exclusively for statistical purposes and then deleted. Data will not be passed on to third parties.

Log file fields

Field

Displayed as

Description

Date

Date

The date on which the activity occurred.

Time

Time

The time, in coordinated universal time (UTC), at which the activity occurred.

Method

Cs-method

The requested action, for example, a GET method.

URI Stem

Cs-uri-stem

The target of the action, for example, Default.htm.

HTTP Status

sc-status

The HTTP status code.

User Agent

cs(User-Agent)

The browser type that the client used.

 

The data in the log file is deleted after 14 days.

GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.
Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.

     2.2 Cookies

When visiting the website, small text files, so-called cookies, are stored on the visitor's computer. They serve to make the website more user-friendly and effective. Cookies cannot execute programs or transfer viruses to your computer.

The website uses cookies that are automatically deleted as soon as the browser in which the page is displayed is closed (so-called temporary cookies or session cookies). This type of cookie makes it possible to assign various requests from a browser to a session and makes it possible to recognise the browser when the website is visited again (session ID). After anonymisation, an assignment to the requesting computer or connection is no longer possible according to the current state of technology. These session cookies are used for user analysis. They do not contain any personal data and expire at the end of the session.

 

     2.2.1 Analytics service etracker (user analysis)

The website uses the web analytics service "etracker", which is operated by etracker GmbH from Hamburg, to analyse usage data. The data is stored and analysed completely anonymously.

etracker uses cookies that enable a statistical analysis of the use of the website. etracker cookies do not contain any information that enables the identification of a user. Each time a user accesses the website and each time a file is retrieved, data about this process is temporarily stored and processed in a log file.  Before storage, each data record is anonymised by changing the IP address.

GIZ evaluates usage information for statistical purposes as part of its public relations work and for the provision of demand-oriented information as part of the tasks it is required to perform (basis: Art. 6 para. 1 lit. e GDPR in conjunction with Section 3 BDSG).

The data generated by etracker is processed and stored by etracker on behalf of GIZ exclusively in Germany.

Further information on data protection at etracker can be found here: https://www.etracker.com/datenschutz/. 

 

Notes on objection

Users who do not agree with the completely anonymised storage and evaluation of the data from their visit can object to the storage and use at any time with a mouse click. In order to prevent data collection and storage in the future, you can place an opt-out cookie in your browser at the following link: link will be placed here

 

     2.2 Processing of personal data when contacting us

When users contact us, the data provided is processed in order to be able to deal with the inquiry. The following contact options exist:

- e-mail

- letter


     2.3.1 Contact by e-mail

It is possible to contact GIZ via the e-mail addresses provided. In this case, the user's personal data (e.g. surname, first name) transmitted by e-mail, or at least the e-mail address, as well as the information contained in the e-mail, will be stored exclusively for the purpose of contacting the user and processing the request.

The legal basis for processing the data that is processed in the course of sending an e-mail is Art. 6 para. 1 lit. e GDPR.

     2.3.2 Contact by letter

When contacting us by letter, the transmitted personal data (for example: surname, first name, address) and the information contained in the letter are stored for the purpose of contacting us and processing the request.

The legal basis for the processing of data transmitted in the course of sending a letter is Art. 6 para. 1 lit. e GDPR.

    

    2.4 Processing of personal data when registering via a Registration form

On the website, a form offers the possibility of electronic registration. The purpose of processing your personal data stated in the event registration form is managing your registration and attendance at the event, including sending you notifications about the event. This processing of your personal data is necessary for the conclusion and performance of a contract in view of your registration and attendance at the event. 

We use MTCaptcha that is a captcha service offering an automation bot detection and prevention captcha widget plugin. The captcha service does not collect, track or retain any information that may directly or indirectly identify a you personally. Any data generated by the system that may indirectly identify you such as network IP addresses are anonymized so it can no longer be personally identifiable.

If you would like to attend the event, you need to fill in the registration form with the requested personal data. All fields marked with a star (*) are mandatory. When using the registration form, the surname, first name, the e-mail address, phone number (optional) are processed. The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR and for the purpose of processing your request.

If you consented, we may also process your name, surname, phone number (optional) and email address for the purpose of sending you communications about the event you registered for by email, and/or by phone. The legal basis for processing your personal data for this purpose is your consent.

By activating the checkbox and sending the registration form, the user agrees to the transmission and storage of his/her personal data in our server database. The completion of the registration form can be cancelled at any time. The data is only transmitted when the form is sent. The transmission takes place via an SSL-encrypted connection.

We comply with the principle that the period for which the personal data are stored is limited to a strict minimum and not kept longer than necessary for achieving the above purpose. Your personal data from the registration form and any additional information we may request will be stored for 14 days after the event and then deleted afterwards from our database.

    2.5 Processing of personal data when taking photos and/or videos during the event

We will take photos during the event for the purposes of its journalistic coverage and publicity of the event. The legal basis for the processing of personal data in the context of this public relations work is Article 6(1) lit. e GDPR in conjunction with § 3 BDSG.We will publish photos of you on our website only if you have given your consent for publication of photos of you made during the event. If you have consented for publishing such photos and/or videos and those are published on our website, they will be stored until the withdrawal of your consent for the relevant processing.

    2.6  Processing of personal data in the context of the use of YouTube

Our website has embedded YouTube videos, which are stored on www.YouTube.com  and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. In addition, we have integrated a two-click solution on our site, which informs our users that data may be transmitted when the embedded YouTube video is activated. The videos on our site are only displayed when users have actively given their consent that they agree with YouTube's privacy policy. Before this, no data is transmitted to YouTube. When videos are played on the website, a connection is established to the YouTube servers. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists.

If a YouTube video is started, the provider uses cookies that collect information about user behaviour. Those who have deactivated the saving of cookies for the Google Ads programme will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the saving of cookies in the browser. 

If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. For more information on the purpose and scope of data collection and processing by YouTube, please refer to their privacy policy:

the privacy policy for the social media YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_de_eu.pdf;

Opt-Out: Link


     3. Recipients of personal data

Your personal data is shared with service providers responsible for maintaining the website, a data hosting provider and a web analytics service.

     3.1 Disclosure of your personal data

We may disclose aggregate statistics about visitors to our website in order to describe our services to reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.

     4. Data retention period

Where personal data has been stored about you, it is deleted as soon as it is not needed anymore for the purposes set out above.

     5. Data transfers to a third country or an international organization

Your personal data is stored on secure servers in the EU. It will not be transferred to a non-EU country or an international organization. When using social media, the data protection policies of the respective providers apply.

     6. IT security of user data

The protection of personal data is an important concern for GIZ. Therefore, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation, accidental deletion and unauthorised access. These measures are updated in line with technical developments and constantly updated to match changes occurring in the risk environment.

     7. Data protection rights

You have the following rights with respect to the processing of your personal data:

·     You may at any time request (1) confirmation if and how GIZ processes your personal data and (2) access to your personal data (Article 15 GDPR).

·     You may have the right to receive a copy of your data in a structured, commonly used and machine-readable format so that you can further use it or forward it to other organizations (Article 20 GDPR).

·     If you are of the opinion that your personal data stored by GIZ is incorrect or incomplete, you may request GIZ to rectify or complete such data (Article 16 GDPR).

·     Under certain circumstances, you also have the right to object to the processing of your data (Article 21 GDPR) and you may request GIZ to restrict its processing of your data (Article 18 GDPR) or erase your data (Article 17 GDPR).

·     You may have the right to withdraw your consent, provided that the processing of the data is based on consent (Art. 6 (1) (a) GDPR). The lawfulness of the processing based on the consent given remains unaffected until receipt of the revocation.

There are some exceptions to these rights. For example, it is not possible to erase your data if GIZ has a legal obligation to retain it or if GIZ is unable to identify your personal data. If you have any questions regarding the processing of your personal data by GIZ or would like to express any concerns in this respect, please do not hesitate to contact GIZ’s data protection officer using the e-mail address indicated in section 2 above.

If you are of the opinion that the processing of your personal data constitutes a breach of the GDPR or other applicable EU data protection law, you have the right to lodge a complaint with a data protection authority. The competent data protection authority is the Federal Commissioner for Data Protection and Freedom of Information.

·     postal address: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Graurheindorfer Str. 153 - 53117 Bonn, Germany

·     e-mail address: poststelle@bfdi.bund.de


     8. Automated decision making

  Your personal data will not be used for automated decision making.