Privacy Notice – Arabia Felix Website
The Arabia Felix website is provided by Deutsche Gesellschaft für Internationale Zusammenarbeit (German Federal Enterprise for International Cooperation, “GIZ”). GIZ is the controller of your personal data processed in connection with your use of this website (“your personal data”).
As GIZ is established in Germany it is subject to the EU General Data Protection Regulation (“GDPR”). According to the latter, GIZ must make information about its processing of personal data available to the data subjects. This information is provided to you in this privacy notice.
1. How to contact GIZ
Postal address:
Friedrich-Ebert-Allee 36 + 40, 53113 Bonn
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn
Contact:
info@arabiafelix.social
GIZ’s data protection officer can be reached at the following e-mail address:
datenschutzbeauftragter@giz.de
2. Categories of personal data processed
In the following we inform you about personal data that may be automatically processed about you when you visit the Arabia Felix Website (“website”).
2.1. Collection of personal data when visiting our website
When visiting the website, the browser used automatically transmits data that is stored in a log file. GIZ itself only processes the data that is technically necessary to display the website correctly and to ensure stability and security.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Every time a user accesses a page of our website, and every time a file is downloaded, that information is stored in a log file.
Among other things, the following data is stored for each access:
• Technical details of the browser used
• The page from which the user was redirected
• Anonymous IP address of the accessing device
• Date and time of the access
• Page opened/name of the file downloaded
• Device ID details
• Quantity of data transferred
• Notification of whether viewing or download was successful
The stored data is evaluated exclusively for statistical purposes and then deleted. Data will not be passed on to third parties. The data in the log file is deleted automatically within 24 hours.
GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.
Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.
2.2 Cookies
When visiting the website, small text files, so-called cookies, are stored on the visitor’s computer. They serve to make the website more user-friendly and effective. Cookies cannot execute programs or transfer viruses to your computer.
The website uses cookies that are automatically deleted as soon as the browser in which the page is displayed is closed (so-called temporary cookies or session cookies). This type of cookie makes it possible to assign various requests from a browser to a session and makes it possible to recognise the browser when the website is visited again (session ID). After anonymisation, an assignment to the requesting computer or connection is no longer possible according to the current state of technology. These session cookies are used for user analysis. They do not contain any personal data and expire at the end of the session.
2.2.1 Analytics service etracker (user analysis)
The website uses the web analytics service “etracker”, which is operated by etracker GmbH from Hamburg, to analyse usage data. The data is stored and analysed completely anonymously.
etracker uses cookies that enable a statistical analysis of the use of the website. etracker cookies do not contain any information that enables the identification of a user. Each time a user accesses the website and each time a file is retrieved, data about this process is temporarily stored and processed in a log file. Before storage, each data record is anonymised by changing the IP address.
GIZ evaluates usage information for statistical purposes as part of its public relations work and for the provision of demand-oriented information as part of the tasks it is required to perform (basis: Art. 6 para. 1 lit. e GDPR in conjunction with Section 3 BDSG).
The data generated by etracker is processed and stored by etracker on behalf of GIZ exclusively in Germany.
Further information on data protection at etracker can be found here: https://www.etracker.com/datenschutz/.
Notes on objection
Users who do not agree with the completely anonymised storage and evaluation of the data from their visit can object to the storage and use at any time with a mouse click. In order to prevent data collection and storage in the future, you can place an opt-out cookie in your browser at the following link: link will be placed here
2.3 Processing of personal data when contacting us
When users contact us, the data provided is processed in order to be able to deal with the enquiry. The following contact option exists:
– E-mail
– Contact form
– Letter
2.3.1 Contact by e-mail
It is possible to contact GIZ via the e-mail addresses provided. In this case, the user’s personal data (e.g. surname, first name) transmitted by e-mail, or at least the e-mail address, as well as the information contained in the e-mail, will be stored exclusively for the purpose of contacting the user and processing the request.
The legal basis for processing the data that is processed in the course of sending an e-mail is Art. 6 para. 1 lit. e GDPR.
By activating the checkbox and sending the contact form, the user agrees to the transmission and storage of his/her personal data in our server database. The data is only transmitted when the form is sent. The transmission takes place via an SSL-encrypted connection.
We comply with the principle that the period for which the personal data are stored is limited to a strict minimum and not kept longer than necessary for achieving the above purpose. Your personal data from the contact form and any additional information we may request will be stored for 14 days and then erased from our database.
2.3.2 Contact form
When you contact us, your details (name, email address and possibly also your telephone) and the information provided (including personal data) are processed for the purpose of contacting you and handling your inquiry. In addition, our system collects the IP address of the computer you use to submit the form as well as the date and time the form is submitted. The information contained in the contact form will be stored exclusively for the purpose of contacting the user and processing the request. The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR and for the purpose of processing your request.
2.3.3 Contact by letter
When contacting us by letter, the transmitted personal data (for example: surname, first name, address) and the information contained in the letter are stored for the purpose of contacting us and processing the request.
The legal basis for the processing of data transmitted in the course of sending a letter is Art. 6 para. 1 lit. e GDPR.
2.4 Processing of personal data in the context of the use of social media
The website offers the possibility to use links to visit its online presences in its social media platforms (Facebook, Instagram, Twitter, YouTube and Google Play). In order to guarantee data protection our website, we do not use any social media sharing buttons on our website.
The individual data processing operations and their scope differ depending on the operator of the respective social media channel. GIZ has no influence on the collection of data and its further use by the operators of the social media when you visit our social media channels. The extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on is not comprehensively discernible to us.
When accessing a social media channel, the terms of use and the data protection declarations of the respective operators apply. You can find more detailed information on the scope and purpose of collection and use of the data, your associated rights and options for protecting your privacy in the provider’s privacy policy via the link.
Social media in which the website has presences
the data protection declaration for the social media Twitter, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be viewed at https://twitter.com/de/privacy;
the privacy policy for the social media Instagram, operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, US, can be viewed at https://help.instagram.com/155833707900388
the privacy policy for the social media YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://policies.google.com/privacy?hl=en-GB
the privacy policy for the social media Facebook, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be viewed at https://www.facebook.com/about/privacy/update?ref=old_policy;
the privacy policy for Google+, operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California, 94043 USA, can be viewed at https://www.google.com/+/policy/+1button.html
2.4.1 Note on the “Facebook Fanpage
When you visit the Facebook page of the website, Facebook collects, among other things, your IP address and other information in the form of cookies. This information is used to provide GIZ, as the operator of the Facebook page, with statistical information on the use of the Facebook page. This statistical data can be accessed by GIZ via the so-called “Insights” of the facebook page.
These statistics are generated and provided solely by Facebook. As the operator of the page, GIZ has no influence on the generation and presentation of this data. The data is provided automatically and cannot be switched off.
By operating the Facebook page, the website offers a contemporary opportunity for communication and information. The processing of personal data associated with the operation of the Facebook page is carried out on the basis of Art. 6 para. 1 lit. e GDPR.
As the operator of the fan page, GIZ is jointly responsible with Facebook for the processing. However, the primary responsibility for the processing of insights data lies with Facebook. Facebook therefore fulfils all obligations under the GDPR with regard to the processing of insights data (including, among others, Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). Data subject rights can be asserted either with GIZ or with Facebook. In the event that contact is made with GIZ, there is an obligation to forward all relevant information in this regard to Facebook.
You can find the complete Page Insights supplement regarding the responsibilities and the processing data here: https://de-de.facebook.com/legal/terms/page_controller_addendum
2.4.2 Processing of personal data in the context of the use of YouTube
Our website has embedded YouTube videos, which are stored on www.YouTube.com and can be played directly from our website. These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. In addition, we have integrated a two-click solution on our site, which informs our users that data may be transmitted when the embedded YouTube video is activated. The videos on our site are only displayed when users have actively given their consent that they agree with YouTube’s privacy policy. Before this, no data is transmitted to YouTube. When videos are played on the website, a connection is established to the YouTube servers. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists.
If a YouTube video is started, the provider uses cookies that collect information about user behaviour. Those who have deactivated the saving of cookies for the Google Ads programme will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the saving of cookies in the browser.
If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. For more information on the purpose and scope of data collection and processing by YouTube, please refer to their privacy policy:
the privacy policy for the social media YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://policies.google.com/privacy?hl=en-GB
3. Recipients of personal data
Your personal data is shared with service providers responsible for maintaining the website, a data hosting provider and a web analytics service.
3.1. Disclosure of your personal data
We may disclose aggregate statistics about visitors to our website in order to describe our services to reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
4. Data retention period
Where personal data has been stored about you, it is deleted as soon as it is not needed anymore for the purposes set out above.
5. Data transfers to a third country or an international organization
Your personal data is stored on secure servers in the EU. It will not be transferred to a non-EU country or an international organization. When using social media, the data protection policies of the respective providers apply.
6. IT security of user data
The protection of personal data is an important concern for GIZ. Therefore, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation, accidental deletion and unauthorised access. These measures are updated in line with technical developments and constantly updated to match changes occurring in the risk environment.
7. Data protection rights
You have the following rights with respect to the processing of your personal data:
• You may at any time request (1) confirmation if and how GIZ processes your personal data and (2) access to your personal data (Article 15 GDPR).
• You may have the right to receive a copy of your data in a structured, commonly used and machine-readable format so that you can further use it or forward it to other organizations (Article 20 GDPR).
• If you are of the opinion that your personal data stored by GIZ is incorrect or incomplete, you may request GIZ to rectify or complete such data (Article 16 GDPR).
• Under certain circumstances, you also have the right to object to the processing of your data (Article 21 GDPR) and you may request GIZ to restrict its processing of your data (Article 18 GDPR) or erase your data (Article 17 GDPR).
• You may have the right to withdraw your consent, provided that the processing of the data is based on consent (Art. 6 (1) (a) GDPR). The lawfulness of the processing based on the consent given remains unaffected until receipt of the revocation.
There are some exceptions to these rights. For example, it is not possible to erase your data if GIZ has a legal obligation to retain it or if GIZ is unable to identify your personal data. If you have any questions regarding the processing of your personal data by GIZ or would like to express any concerns in this respect, please do not hesitate to contact GIZ’s data protection officer using the e-mail address indicated in section 2 above.
If you are of the opinion that the processing of your personal data constitutes a breach of the GDPR or other applicable EU data protection law, you have the right to lodge a complaint with a data protection authority. The competent data protection authority is the Federal Commissioner for Data Protection and Freedom of Information.
• postal address: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Graurheindorfer Str. 153 – 53117 Bonn, Germany
• e-mail address: poststelle@bfdi.bund.de
8. Automated decision making
Your personal data will not be used for automated decision making.