The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH attaches great importance to responsible and transparent management of personal data.
Below you will find information about,
- who you can contact at GIZ on the subject of data protection.
- what data is processed when you visit the website.
- what data is processed when you contact us, subscribe to newsletters or press releases or use other GIZ online services.
- what possibilities there are to object to the storage of the data.
- what rights you have with respect to us.
1. Controller and Data Protection Officer
The responsible body for data processing is the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH.
Address:
Friedrich-Ebert-Allee 32 + 36, 53113 Bonn
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn
Contact: info [at] globalndcconference.org
If you have specific questions about the protection of your data, please contact GIZ’s data protection officer: datenschutzbeauftragter [at] giz.de
2. Information on the collection of personal data
2.1 General
GIZ processes personal data exclusively in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
Personal data are, for example, name, address, e-mail addresses and user behavior.
Personal data will only be processed by GIZ to the extent necessary. Which data is required and processed for what purpose and on what basis depends largely on the type of service you use, or on the purpose for which the data is required.
2.2 Collection of personal data when visiting our website
When visiting the Global NDC Conference website, the browser used automatically transmits data that is stored in a log file. GIZ itself only processes the data that is technically required to display the website correctly and to ensure its stability and security.
Among other things, it is stored for each access the page viewed, the IP address of the accessing device, the page from which the user was redirected, as well as the date and time of the access. A detailed list of stored data can be found here.
Log file fields
Field | Displayed as | Description |
---|---|---|
Date | date | The date on which the activity occurred. |
Time | time | The time, in coordinated universal time (UTC), at which the activity occurred. |
URI Stem | cs-uri-stem | The target of the action, for example, Default.htm. |
URI query | cs-uri-query | The query, if any, that the client was trying to perform. A Universal Resource Identifier (URI) query is necessary only for dynamic pages. |
Server port | s-port | The server port number that is configured for the service. |
Client IP address | c-ip | The anonymized IP address of the client that made the request. |
User agent | cs(User-Agent) | The browser type that the client used. |
Referrer | cs(Referrer) | The site that the user last visited. This site provided a link to the current site. |
HTTP status | sc-status | The HTTP status code. |
Protocol substatus | sc-substatus | The substatus error code. |
Win32 status | sc-win32-status | The Windows status code. |
Time taken | time-taken | The length of time that the action took, in milliseconds. |
The data in the log file is deleted after five days.
GIZ is obliged to store data beyond the time of the visit in order to ensure protection against attacks on the GIZ’s internet infrastructure and the communications technology of the Federal Government (legal basis: Art. 6 (1) (e) GDPR in conjunction with Section 5 BSI Act). In the event of attacks on communications technology, this data is analyzed and used to initiate legal and criminal prosecution.
Data logged when accessing the GIZ’s website is only transmitted to third parties if there is a legal obligation to do so or if the transmission is necessary for legal or criminal prosecution in the event of attacks on the Federal Government’s communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.
2.3 Cookies
When you visit the Global NDC Conference website, no cookies are stored in your computer, beyond the strictly necessary cookies (e.g., for ensuring the technically correct operation of the website).
2.4 Matomo analysis service (user analysis)
To analyze usage data on its website, GIZ uses the Matomo web analysis service operated by InnoCraft Ltd, Wellington, New Zealand. Data is stored and evaluated completely anonymously.
The data generated with Matomo is stored by Talleux & Zöllner on behalf of GIZ in Germany only.
Further information on data protection at Matomo can be found here Matomo Cloud Privacy Policy – Matomo Analytics.
Matomo uses cookies to enable a statistical analysis of the use of the GIZ website. Matomo cookies do not contain any information that permits identification of a user. Every time you visit a page on the GIZ website and every time you download a file, information about the activity is processed and stored in a temporary log file. Before it is stored, each data set is rendered anonymous by altering the IP address.
GIZ evaluates usage information for statistical purposes as part of its public relations work and for the needs-based provision of information within the scope of the tasks it performs (legal basis: Article 6 (1) e GDPR in conjunction with Article 3 BDSG).
3. Processing of personal data when contacting us
When users contact us, the data provided will be processed in order to be able to respond to the enquiry. The following contact options are available:
- Letter
3.1 Contact by email
It is possible to contact GIZ via the e-mail addresses provided. In this case, at least the email address but also any other personal user data transmitted with the email (e.g. family and given name, address) as well as the information contained in the email are stored solely for the purpose of contacting the user and processing the request.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) e GDPR.
When contacting us by letter, the personal data transmitted (e.g. surname, first name, address) and the information contained in the letter will be stored for the purpose of contacting you and processing the request.
The legal basis for the processing of data transmitted in the course of sending a letter is Art. 6 (1) e GDPR.
4. Processing of personal data for the registration form
4.1 Registration form
Invited participants will receive a link for the registration form, where personal data is collected for the purpose of doing the registrations for the conference. The registration form will include information on (family and given name, gender, position, organisation, country, e-mail address, phone number and food preferences).
The processing of your personal data is necessary for the performance of an activity carried out in the public interest. The legal basis for this is Art. 6 para. 1 e) GDPR. The processing is fulfilled for the purpose of carrying out the registration for the event.
As a user, you have the option to withdraw your consent at any time (see chapter “Reference to user rights”). In this case, however, it is not possible to participate in the event.
4.2 Transfer of data for participant confirmations and optional flight and hotel bookings
For sponsored participants, the registration form contains an optional section that will collect data to be shared among the Global NDC Conference organising partners: GIZ GmbH, NDC Partnership and the United Nations Development Programme (UNDP) for booking hotels and flights.
The travel form will include information on (family and given name, date of birth, place of birth, nationality, gender, passport number, passport type, passport issuing date, passport expiration date, and if participants require a Schengen visa), which will be used for booking transportation and accommodation. For the participants requiring a visa letter, the collected data (family and given name, date of birth, nationality, passport information, information on requiring a Schengen visa) will be used to issue an official invitation to be presented as proof for the visa process.
The NDC Partnership, which is also part of the Global NDC Conference organising team, will be responsible within the conference to make the hotel bookings for sponsored participants. Therefore, the NDC Partnership will receive personal data on family and given name, date of birth, nationality, date of arrival and date of departure.
UNDP will be responsible for booking the travel arrangements for sponsored participants. Therefore, the following data will be transferred: family and given name, date of birth, nationality, and passport information. Further direct contact between the participant and UNDP may take place for the purpose of finalizing travel arrangements.
The Federal Ministry for Economic Affairs and Climate Action of Germany (BMWK), the International Climate Initiative (IKI), and project partners and contributors of the Global NDC Conference may receive data related to participant confirmations (such as family and given name, position, organisation, country, email) for the purpose of breakout session organisation and attendance tracking.
The legal basis for the processing of data in connection the registration form is your prior consent according to Article 6 (1) a GDPR.
For the country to which the data are transmitted, there is currently neither an adequacy decision within the meaning of Art. 45 para. 1, 3 GDPR, nor suitable guarantees pursuant to Art. 46 para. 2, 3 GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection of the country corresponds to the data protection level of the European Union. Likewise, for the transfer to the third country or to the international organisation(s), there are no so-called standard contractual clauses as “appropriate guarantees” according to Art. 46 para. 2, 3 GDPR.
Possible risks that cannot currently be ruled out in connection with the aforementioned transmission are in particular:
- You may not be able to assert or enforce your rights as a data subject against the data recipient in a sustained manner.
- It cannot be completely ruled out that incorrect data processing may occur, as the technical and organisational measures of the data recipient for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.
- In particular, as the data recipient is located in the USA, there is a risk that the state (US) authorities will address requests for information against this company as the data recipient and thus the state (US) authorities may see your personal data. In principle, this also corresponds to European legal regulations, for example for the purpose of averting danger. However, the admissibility threshold for such data processing is higher in the EU than in the country concerned of the data recipient. In this context, possible legal protection for Europeans would also be practically impossible.
- Your personal data could possibly be passed on to other third parties by the data recipient beyond the actual purpose of fulfilling the order.
5. Disclosure to third parties
GIZ will only pass on your data to the Global NDC Conference partners mentioned under “4.2 Transfer of data for participant confirmations and optional flight and hotel bookings” if you previously consented to the data transfer. Otherwise GIZ does not pass on personal data to third parties unless it is otherwise legally obliged or entitled to do so by law.
6. Transfer of data to third countries
GIZ does not transfer personal data to third countries without your prior consent. In case you consented to the data transfer to GIZ partners mentioned under “4.2 Transfer of data for participant confirmations and optional flight and hotel bookings”, your data will be transfers to countries outside Germany.
With your prior consent that the Global NDC Conference will take care as a sponsored participant for your flight, the personal data stated under “4.2 Transfer of data for participant confirmations and optional flight and hotel bookings” will be transferred to the United States. From there, UNDP takes full responsibility to protect your personal data, store it properly and delete it after the Global NDC Conference.
7. Duration of data retention
User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law.
8. IT security of user data
The protection of personal data is an important concern for GIZ. Therefore, technical and organizational security measures ensure that the data is protected against accidental and intentional manipulation, unintended erasure and unauthorized access. These measures are updated according with the technical developments and are constantly adapted in line with the risks.
9. Reference to user rights
Visitors to the Global NDC Conference website have the right to
- Access to information about your data stored by us (Art. 15 GDPR),
- Rectification of your data stored by us (Art. 16 GDPR),
- Erasure of your data stored by us (Art. 17 GDPR),
- Restriction of the processing of your data stored by us (Art. 18 GDPR),
- Object to the storage of your data, provided that this data is processed based on Art. 6 Para. 1 S. 1 lit. f) and e) GDPR (Art. 21 GDPR),
- receive the data concerning you in a commonly used and machine-readable format from the controller in order to have it transmitted to another controller if necessary (right to data portability, Art. 20 GDPR),
- withdraw your consent, provided that the processing of the data has been carried out on the basis of consent (Art. 6 para. 1 a) GDPR). The lawfulness of the processing based on the consent given remains unaffected until the reception of the withdrawal.
- In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent data protection supervisory authority. The competent authority for GIZ is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
If you have any questions about the processing of your personal data, you can contact GIZ’s data protection officer at datenschutzbeauftragter [at] giz.de.
Last updated: 13.02.2025