The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH attaches great importance to responsible and transparent management of personal data.

Below we provide users with information as to

• who they can contact at GIZ on the subject of data protection.
• what data is processed when they visit the website.
• what data is processed when users contact us or use other GIZ online services.
• how they can opt out of the storage of data.
• what rights they have with respect to us.

Data Controller and Data Protection Officer

Data processing is the responsibility of
Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH
Friedrich-Ebert-Allee 32+36, 53113 Bonn, Germany
Dag-Hammarskjöld-Weg 1-5, 65760 Eschborn, Germany
eMail: info@giz.de

Office Sustainability Code:
Rat für Nachhaltige Entwicklung (RNE)
Geschäftsstelle c/o GIZ GmbH, Potsdamer Platz 10, 10785 Berlin
eMail: team@deutscher-nachhaltigkeitskodex.de

Please contact GIZ’s data protection officer if you have questions specifically about how your data are protected: datenschutzbeauftragter@giz.de

Information on the Collection of Personal Data

GIZ processes personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Personal data are, for example, name, address, email addresses and user behaviour.

GIZ only processes personal data to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which the data is required.

Collection of personal Data collection when visiting our website
To maintain secure server operation, information is automatically collected and stored in so-called log files.

Server LogFiles
To maintain secure server operation, information is automatically collected and stored in so-called LogFiles. Your browser transmits this information automatically. These are:

• Date and time at the time of access
• IP address used
• Browser used
• Operating system used
• Amount of data sent in bytes

This data is not merged with other data sources. The collected data will not be used for the purpose of drawing conclusions about your person. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be recorded.

Further Information on Data Storage and Transfer

GIZ is obliged to store the data beyond the time of the visit in order to ensure protection against attacks against GIZ’s internet infrastructure and federal communications technology (legal basis: Article 6 (1) e GDPR in conjunction with Section 5 of the German Act on the Federal Office for Information Security (BSIG). In the event of attacks on communications technology, this data is analysed and used to initiate legal and criminal action.

Data that is logged when accessing the GIZ website is only transferred to third parties if there is a legal obligation to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Data will not be passed on in any other cases. This data is not merged with other data sources at GIZ.

Onlineservices and Cookies

Cookies
When you visit the DNK website, small text files known as ‘cookies’ are stored on your computer. They are used to make the online presence more user-friendly and effective overall. Cookies cannot run programs or infect your computer with viruses.

The DNK website uses cookies that are automatically deleted as soon as the browser on which the page is displayed is closed (referred to as temporary cookies or session cookies) This type of cookie makes it possible to assign various requests from a browser to a session and to recognise the browser when the website is visited again (session ID).

Consent-Management-Tool: consentmanager
This website uses the consent management tool "consentmanager" by consentmanager AB, Håltgelvågen 1b, 72348 Västerås, Sweden.

This website uses "consentmanager" to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of the website. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of the website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made:
Consent to Cookies & Data

By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed by consentmanager. In addition, the processed information may also be stored on your device.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence).

Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active. After two years after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.

You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to info@consentmanager.net.

Website Analysedienst: PiwikPro Analytics
This website uses the Piwik PRO Analytics web analytics service provided by Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Cologne, Germany.

Piwik PRO Analytics uses "cookies". These are text files that are stored on your
computer and enable an analysis of your use of the website. For this purpose, the information generated by the cookies, such as time, place and frequency of your visit to our website, as well as your IP address about the use of this website are stored on the server of Piwik PRO Analytics. The information generated by the cookies about the use of this website will not be disclosed to third parties.

The processing of the data is based on Art. 6 para. 1 lit. e) DSGVO with the legitimate interest of usage analysis to improve the web offer. If a corresponding consent was requested, the processing of the data is based on Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

IP anonymization: We use IP anonymization for the analysis with Piwik PRO Analytics. In this case, your IP address is shortened before the analysis, so that it is no longer clearly attributable to you.

Cookies are only set on our website on the basis of your consent. In addition, you can permanently prevent the storage of cookies by configuring your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

For more information about Piwik PRO, please see the Privacy Policy:
https://piwik.pro/privacy-policy

Online Map Service: Google Maps
This website uses "Google Maps", an online mapping service provided by Google LLC ("Google"). Website: https://cloud.google.com/maps-platform

If you agree to the use of Google Maps (purpose: External Content), you thereby give your consent to your personal data being transmitted to the USA when it is used. The USA is an insecure third country where there is no level of data protection comparable to EU standards. In the case of certain providers, such as Google, no other guarantees are offered to compensate for this deficit. There is therefore a risk that government agencies may access your personal data as a result of the transfer, without you having any effective legal protection options in this regard. In order to use Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to the browser, which then integrates it into the website. The data storage happens on the web servers of Google Maps. We can only inform you about this, but have no influence.

We have no knowledge of the extent of the data collected by Google in this way. The processed data may include in particular the IP addresses and other metadata, including on the browser, the terminal device and also the date and time of the visit to our website, as well as the input data in the search query for the map. Location data, however, cannot be collected without consent (usually through the settings on the end device).

The purpose and scope of the data collection, the further processing and use of the data by Google, as well as your rights in this regard and settings options for protecting your privacy can be found in Google's privacy policy:  https://policies.google.com/privacy?hl=en

Processing of Personal Data when Contacting Us

Contact by email
It is possible to contact GIZ or the Office Sustainability Code via the email addresses provided. In this case, at least the email address but also any other personal user data transmitted with the email (e.g. family and given name, address) as well as the information contained in the email are stored solely for the purpose of contacting the user and processing the request.

The legal basis for the processing of data in connection with email communication is Article 6 (1) e GDPR.

Contact by phone
When contacting us by phone, personal data will be processed to the extent necessary in order to handle the enquiry.

The legal basis for the processing of data in connection with communication by phone is Article 6 (1) e GDPR.

Contact by letter
When contacting us by letter, the personal data transmitted (e.g. family and given name, address) and the information contained in the letter is stored for the purpose of establishing contact and processing the enquiry.

The legal basis for the processing of data in connection with communication by letter is Article 6 (1) e GDPR.

Provision of Information

On this website a free newsletter subscription is offered.

Subscription to newsletter
Personal data is used for the purpose of processing the subscription to each respective newsletter. The data is processed and used exclusively for sending the newsletter. 

After entering the email address, users receive an email containing a link for confirming the authenticity of the address and the subscription (‘double opt-in’). If users do not confirm the registration by clicking on the link contained in the email, the data is deleted immediately.

The legal basis for the processing of data in connection with the dispatch of newsletters is their consent in accordance with Article 6 (1) a GDPR.

The newsletter subscription can be cancelled at any time, for example via the "unsubscribe" link in each newsletter. If the subscription is cancelled, all personal data is deleted from our database.

E-Mail Marketing Online Service: Brevo
This website uses the Brevo online service of Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany for e-mail marketing.

Brevo is a service with which we organize and analyze the registration process and newsletter distribution. The data you enter for the purpose of registration is stored on Brevo's servers. Brevo is prohibited from selling your data and using it for purposes other than sending newsletters.

Brevo products are DSGVO-compliant and certified. Your data is hosted on ISO-certified servers in Germany. For more information for newsletter recipients, click here:
https://www.brevo.com/information-for-email-recipients

With the help of Brevo, it is possible for us to analyze the newsletter campaigns. Here it can be analyzed how many recipients have opened the newsletter and how often which link in the newsletter was clicked. All links in the e-mail are so-called tracking links, with which your clicks can be counted.

The data you provide to us for the purpose of the registration process and newsletter dispatch will be stored until you revoke it and then deleted. The other personal data collected during the registration process is usually deleted after a period of seven days.

For more information, see Brevo's privacy policy at:
https://www.brevo.com/legal/privacypolicy

Secure captcha by email marketing online service Brevo:
Google reCAPTCHA
The email marketing online service Brevo uses “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) as part of the registration process on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified in accordance with the DPF undertakes to comply with these data protection standards.

Inlineframe (iFrame)
On this website, external content is integrated and displayed via iFrame in defined areas on the website. External content from third-party providers will not be loaded without your prior consent. The settings you have made can also be changed by you afterwards: Consent to cookies & data

External content from the following third-party providers is embedded on this website:

• YouTube - Video portal

Video portal: YouTube (with extended data protection)
This website uses the YouTube video portal of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (a subsidiary of Google LLC and Alphabet Inc.).

YouTube is used on this website in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. Further information about data protection at YouTube can be found in their privacy policy at https://policies.google.com/privacy?hl=de. 

In case that personal data is transferred to the USA, YouTube is certified in accordance with the EU-US Data Privacy Framework. You can find further information here: https://www.dataprivacyframework.gov/ 

Processing of personal data in the context of the DNK database

The following data is collected during the registration process via the double opt-in procedure for the purpose of registration, authentication and user administration for access (login) to the system and for contacting and communicating with the DNK:
User account: User name, e-mail address and password

It is possible to use a functional address to register on the DNK database; the use of personal data is optional.

The data is stored on the basis of the contract (Art. 6 para. 1 lit. b) with you, which comes about through the registration. And to safeguard legitimate interests. The legitimate interest (Art. 6 (1) (f)) lies in the need to ensure that only designated users can use the DNK database.

All personal data collected in the process of preparing the declaration of conformity with the Code has already been published elsewhere in one form or another. Companies and organizations that use the Code are registered in the commercial register or in the register of associations, public corporations are registered with their data per se and information about them is publicly accessible.

In addition to the company data topic fields, the person entered in the company account under “General information” / “Contact” as the company's contact person is also published on the website in the company account.

Consent to the presentation/publication of personal data of the company's contact person is obtained during the registration process via a consent checkbox (Art. 6 para. 1 lit. a). The following data can be provided for a contact person of the company: Title, contact person, address, telephone, fax, e-mail address

You have the right to receive information about your stored personal data free of charge at any time. Please send any requests for changes to your data, your revocation or requests regarding your rights in writing to
support@deutscher-nachhaltigkeitskodex.de

Company profiles will be deleted within ten working days following a request from the companies that have created the corresponding user profiles. All incomplete and closed company accounts will be left on the server and deleted on a regular basis after consultation with the registered contact persons of the companies.

Processing of Personal Data in Connection with Social Network Use

On its DNK website, GIZ invites users to visit its company presence on social networking sites and platforms including, but not limited to, X (former Twitter), LinkedIn, YouTube and Facebook.

These online presences are operated in order to interact with the users that are active on these sites and platforms and to inform them about projects and services. By clicking on a social network’s logo, the user is redirected to the DNK presence on the respective network.

When users visit the platforms, personal data is collected, used and stored by the operators of the respective social network, but not by GIZ. This is also the case even if the users themselves do not have an account with the respective social network.

The individual data processing operations and their scope differ depending on the operator of the respective social network. GIZ has no influence on the collection of data or its further use by the social network operators. We are not fully aware of the extent to which, where and for how long the data is stored; to what extent the networks comply with existing obligations regarding erasure; what analyses are conducted and links established with the data; and to whom the data is disclosed.

Access to GIZ social media sites is subject to the terms of use and privacy policies of the respective operators. Click here for the contact details and links to the data privacy policies of the social media on which GIZ maintains a presence.

Social media on DNK website
The privacy policy for the social network X (former Twitter), operated by X Corp. (former Twitter Inc.), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be found at https://twitter.com/en/privacy.

The privacy policy for the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, can be found at https://www.linkedin.com/legal/privacy-policy?.

The privacy policy for the social network YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_en_eu.pdf.

Disclosure to Third Parties

GIZ does not pass on personal data to third parties unless it is legally obliged or entitled to do so by law.

Data Transfer to Countries outside of Germany

GIZ does not transfer personal data to third countries. When using social media, the privacy policies of the respective providers apply.

Duration of Data Retention

User data will not be kept any longer than is necessary for the purpose for which it is processed or as required by law.

IT Security of User Data

GIZ accords great importance to protecting personal data. For this reason, technical and organisational security measures ensure that data is protected against accidental and intentional manipulation and unintended erasure as well as unauthorised access. These measures are updated accordingly based on technical developments and adapted continuously in line with the risks.

Reference to User Rights

Visitors to the DNK website have the right

• To obtain information about their data stored by us (Article 15 GDPR)
• To have their data stored by us rectified (Article 16 GDPR)
• To have their data stored by us erased (Article 17 GDPR)
• To obtain restriction of processing of their data stored by us (Article 18 GDPR)
• To object to the storage of their data if personal data are processed on the basis of the first sentence of Article 6 (1) 1 f and e GDPR (Article 21 GDPR)
• To receive their personal data in a commonly used and machine-readable format from the controller such that they can be potentially transmitted to another controller (right to data portability, Article 20 GDPR)
• To withdraw their consent to the extent that the data has been processed on the basis of consent (Article 6 (1) a GDPR). The lawfulness of the processing on the basis of the consent given remains unaffected until receipt of the withdrawal.

Users also have the right in accordance with Article 77 GDPR to lodge a complaint with the competent data protection supervisory authority. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI). (https://www.bfdi.bund.de/EN/)

Hosting: Service Providers and Order Processing

This website is hosted by an external service provider:
com&on GmbH, Leisewitzstr. 47, 30175 Hanover, Germany

The personal data collected on this website may be stored on the servers of the service provider. Our service provider will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions in relation to such data.

The service provider is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Order processing
The service provider collects and processes your personal data on our behalf. We have concluded an data processing agreement (DPA) with the above-mentioned provider.

Protection of Data on this Website

The service provider uses technical and organizational security measures in order to protect the personal data you have made available to us from manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously improved and adapted according to state-of-the-art technology.

SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Status Privacy Policy

This privacy policy has the processing status of February 3, 2025.