Privacy Notice – Arabia Felix Website
The Arabia Felix website is provided by Deutsche Gesellschaft für Internationale Zusammenarbeit (German Federal Enterprise for International Cooperation, “GIZ”). GIZ is the controller of your personal data processed in connection with your use of this website (“your personal data”).
As GIZ is established in Germany it is subject to the EU General Data Protection Regulation (“GDPR”). According to the latter, GIZ must make information about its processing of personal data available to the data subjects. This information is provided to you in this privacy notice.
1. How to contact GIZ
Friedrich-Ebert-Allee 36 + 40, 53113 Bonn
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn
GIZ’s data protection officer can be reached at the following e-mail address:
2. Categories of personal data processed
In the following we inform you about personal data that may be automatically processed about you when you visit the Arabia Felix Website (“website”).
2.1. Collection of personal data when visiting our website
When visiting the website, the browser used automatically transmits data that is stored in a log file. GIZ itself only processes the data that is technically necessary to display the website correctly and to ensure stability and security.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Every time a user accesses a page of our website, and every time a file is downloaded, that information is stored in a log file.
Among other things, the following data is stored for each access:
• Technical details of the browser used
• The page from which the user was redirected
• Anonymous IP address of the accessing device
• Date and time of the access
• Page opened/name of the file downloaded
• Device ID details
• Quantity of data transferred
• Notification of whether viewing or download was successful
The stored data is evaluated exclusively for statistical purposes and then deleted. Data will not be passed on to third parties. The data in the log file is deleted automatically within 24 hours.
GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.
Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.
When visiting the website, small text files, so-called cookies, are stored on the visitor’s computer. They serve to make the website more user-friendly and effective. Cookies cannot execute programs or transfer viruses to your computer.
2.2.1 Analytics service etracker (user analysis)
The website uses the web analytics service “etracker”, which is operated by etracker GmbH from Hamburg, to analyse usage data. The data is stored and analysed completely anonymously.
GIZ evaluates usage information for statistical purposes as part of its public relations work and for the provision of demand-oriented information as part of the tasks it is required to perform (basis: Art. 6 para. 1 lit. e GDPR in conjunction with Section 3 BDSG).
The data generated by etracker is processed and stored by etracker on behalf of GIZ exclusively in Germany.
Further information on data protection at etracker can be found here: https://www.etracker.com/datenschutz/.
Notes on objection
Users who do not agree with the completely anonymised storage and evaluation of the data from their visit can object to the storage and use at any time with a mouse click. In order to prevent data collection and storage in the future, you can place an opt-out cookie in your browser at the following link: link will be placed here
2.3 Processing of personal data when contacting us
When users contact us, the data provided is processed in order to be able to deal with the enquiry. The following contact option exists:
– Contact form
2.3.1 Contact by e-mail
It is possible to contact GIZ via the e-mail addresses provided. In this case, the user’s personal data (e.g. surname, first name) transmitted by e-mail, or at least the e-mail address, as well as the information contained in the e-mail, will be stored exclusively for the purpose of contacting the user and processing the request.
The legal basis for processing the data that is processed in the course of sending an e-mail is Art. 6 para. 1 lit. e GDPR.
By activating the checkbox and sending the contact form, the user agrees to the transmission and storage of his/her personal data in our server database. The data is only transmitted when the form is sent. The transmission takes place via an SSL-encrypted connection.
We comply with the principle that the period for which the personal data are stored is limited to a strict minimum and not kept longer than necessary for achieving the above purpose. Your personal data from the contact form and any additional information we may request will be stored for 14 days and then erased from our database.
2.3.2 Contact form
When you contact us, your details (name, email address and possibly also your telephone) and the information provided (including personal data) are processed for the purpose of contacting you and handling your inquiry. In addition, our system collects the IP address of the computer you use to submit the form as well as the date and time the form is submitted. The information contained in the contact form will be stored exclusively for the purpose of contacting the user and processing the request. The processing is based on consent pursuant to Art. 6 (1) lit. a GDPR and for the purpose of processing your request.
2.3.3 Contact by letter
When contacting us by letter, the transmitted personal data (for example: surname, first name, address) and the information contained in the letter are stored for the purpose of contacting us and processing the request.
The legal basis for the processing of data transmitted in the course of sending a letter is Art. 6 para. 1 lit. e GDPR.
2.4 Processing of personal data in the context of the use of social media
The website offers the possibility to use links to visit its online presences in its social media platforms (Facebook, Instagram, Twitter, YouTube and Google Play). In order to guarantee data protection our website, we do not use any social media sharing buttons on our website.
The individual data processing operations and their scope differ depending on the operator of the respective social media channel. GIZ has no influence on the collection of data and its further use by the operators of the social media when you visit our social media channels. The extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on is not comprehensively discernible to us.
Social media in which the website has presences
the data protection declaration for the social media Twitter, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be viewed at https://twitter.com/de/privacy;
2.4.1 Note on the “Facebook Fanpage
When you visit the Facebook page of the website, Facebook collects, among other things, your IP address and other information in the form of cookies. This information is used to provide GIZ, as the operator of the Facebook page, with statistical information on the use of the Facebook page. This statistical data can be accessed by GIZ via the so-called “Insights” of the facebook page.
These statistics are generated and provided solely by Facebook. As the operator of the page, GIZ has no influence on the generation and presentation of this data. The data is provided automatically and cannot be switched off.
By operating the Facebook page, the website offers a contemporary opportunity for communication and information. The processing of personal data associated with the operation of the Facebook page is carried out on the basis of Art. 6 para. 1 lit. e GDPR.
As the operator of the fan page, GIZ is jointly responsible with Facebook for the processing. However, the primary responsibility for the processing of insights data lies with Facebook. Facebook therefore fulfils all obligations under the GDPR with regard to the processing of insights data (including, among others, Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). Data subject rights can be asserted either with GIZ or with Facebook. In the event that contact is made with GIZ, there is an obligation to forward all relevant information in this regard to Facebook.
You can find the complete Page Insights supplement regarding the responsibilities and the processing data here: https://de-de.facebook.com/legal/terms/page_controller_addendum
2.4.2 Processing of personal data in the context of the use of YouTube
3. Recipients of personal data
Your personal data is shared with service providers responsible for maintaining the website, a data hosting provider and a web analytics service.
3.1. Disclosure of your personal data
We may disclose aggregate statistics about visitors to our website in order to describe our services to reputable third parties and for other lawful purposes, but these statistics will include no personally identifiable information.
4. Data retention period
Where personal data has been stored about you, it is deleted as soon as it is not needed anymore for the purposes set out above.
5. Data transfers to a third country or an international organization
Your personal data is stored on secure servers in the EU. It will not be transferred to a non-EU country or an international organization. When using social media, the data protection policies of the respective providers apply.
6. IT security of user data
The protection of personal data is an important concern for GIZ. Therefore, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation, accidental deletion and unauthorised access. These measures are updated in line with technical developments and constantly updated to match changes occurring in the risk environment.
7. Data protection rights
You have the following rights with respect to the processing of your personal data:
• You may at any time request (1) confirmation if and how GIZ processes your personal data and (2) access to your personal data (Article 15 GDPR).
• You may have the right to receive a copy of your data in a structured, commonly used and machine-readable format so that you can further use it or forward it to other organizations (Article 20 GDPR).
• If you are of the opinion that your personal data stored by GIZ is incorrect or incomplete, you may request GIZ to rectify or complete such data (Article 16 GDPR).
• Under certain circumstances, you also have the right to object to the processing of your data (Article 21 GDPR) and you may request GIZ to restrict its processing of your data (Article 18 GDPR) or erase your data (Article 17 GDPR).
• You may have the right to withdraw your consent, provided that the processing of the data is based on consent (Art. 6 (1) (a) GDPR). The lawfulness of the processing based on the consent given remains unaffected until receipt of the revocation.
There are some exceptions to these rights. For example, it is not possible to erase your data if GIZ has a legal obligation to retain it or if GIZ is unable to identify your personal data. If you have any questions regarding the processing of your personal data by GIZ or would like to express any concerns in this respect, please do not hesitate to contact GIZ’s data protection officer using the e-mail address indicated in section 2 above.
If you are of the opinion that the processing of your personal data constitutes a breach of the GDPR or other applicable EU data protection law, you have the right to lodge a complaint with a data protection authority. The competent data protection authority is the Federal Commissioner for Data Protection and Freedom of Information.
• postal address: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Graurheindorfer Str. 153 – 53117 Bonn, Germany
• e-mail address: email@example.com
8. Automated decision making
Your personal data will not be used for automated decision making.