Data protection statement for TheIntegrityApp (TIA) users on storage and use of personal data by GIZ in TIA

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH attaches great importance to responsible and transparent management of personal data.

Below we provide users with information as to 

• who they can contact at GIZ on the subject of data protection 
• what data is processed when they visit the website
• what rights they have with respect to us

GIZ takes the protection of personal data very seriously. This declaration explains what personal data is stored and what it is used for when you operate TheIntegrityApp.

• Data Controllers Responsible for data processing

Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH

Registered Offices

Friedrich-Ebert-Allee 32 + 36, 53113 Bonn, Germany

Dag-Hammarskjöld-Weg 1-5, 65760 Eschborn, Germany

E theintegrityapp@giz.de

I www.giz.de

Contact data processing officer: datenschutzbeauftragter@giz.de

General

GIZ processes personal data exclusively in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Personal data are, for example, name, address, email addresses and user behaviour.

GIZ only processes personal data to the extent necessary. Which data is required and processed for which purpose and on what basis is largely determined by the type of service you use or the purpose for which the data is required.

• The data will be used solely for the purpose of:
•  to enable the access to and functionality of the web version, correct any disturbances you might face, 
• We process aggregated usage data to optimize and inform the development of the TIA website, and use the statistics to understand the use of compliance management system, the need of improvement to decide on future support to be provided on the topic and plan further actions/projects

Personal and specific data are not shared on to third parties and as a general principle; data will not be transmitted to third parties. Any other use of the data will always be subject to further consent. The data will not be used for advertising purposes. 

How we collect your data

The IntegrityApp: is a website for the self-assessment of integrity programmes. Based on the results, the user gets access to information on how to establish a policy to promote integrity in his business.

When you register a profile and use TheIntegrityApp, you directly provide us with the following data: 

• Registration data:
• Name;
• Gender;
• Email address and username;
• Password;
• Industry sector; 
• Country;
• Company´s name; 
• Number of employees; 
• Position.

As part of the registration process, the user's consent to the processing of this data is obtained. 

The processing is based on consent in accordance with Article 6 (1) a GDPR and for the purpose of processing your request. 

TheIntegrityApp will not collect information on impressions, messages, criticisms, and suggestions from the registered person, chat messages and other interactions in TIA.

The data that you enter is your own data that you think is right, and you are fully responsible for the correctness of all data that you enter into our TIA Website.

TheIntegrityApp does not use any analytical cookie and the technical cookies used are deleted in 14 days.

The data entered for registration will be stored on Netclusive server based in Germany.

Cookie:

When you use our website for informational purposes only, i.e., when you do not send us any other information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the data that is technically necessary for us to display our website and to ensure its stability and security.

In detail, the following data is temporarily stored in a log file for each access/retrieval: 

• Technical details of the browser used
• Anonymous IP address
• Date and time
• Page opened/name of the file downloaded
• Quantity of data transferred
• Notification of whether viewing or download was successful

The GIZ is additionally obliged on the basis of Art. 6 para. 1 lit. e GDPR in conjunction with § 5 BSI-Law to store data to protect against attacks on the internet infrastructure of the GIZ’s project and the communication technology of the Federal Government beyond the time of your visit. This data is analysed and, in the event of attacks on communications technology, is required to initiate legal and criminal prosecution. The data will be deleted as soon as they are no longer required for the fulfilment of the task.

Data that is logged when you access the website is only transferred to third parties if we are legally obliged to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on the communication technology of the German Federal Government. We do not pass on information in other cases. A consolidation of this data with other data sources does not take place either.

Follow up and redirects

1. The user can opt for a follow up notice. It is voluntary source. The user who decides to have it will receive an invitation to self-assess TIA quarterly to self-measure the improvement. Additionally, if the user starts to answer the questionaries and don´t finalise it in three days, the user will be invited to finish it. The same resource is available for the risk assessment feature.

• When calling up further content information, it may be forwarded to external websites. As soon as you click on these functions or links, you leave the TIA and enter the website of the respective operator. The responsible body for the collection of personal data on these websites or social networks are exclusively from the respective operators of the respective websites. Accordingly, only their data protection provisions apply to the collection and processing of personal data provided by the user.

• Processing of personal data in connection with social network use 

On its website, Alliance for Integrity provides links to some open resource materials on you tube with content for self-improvement. By clicking on link for youtube the user is redirected to the author of the respective content and their presence on the youtube.

When users visit the platforms, personal data is collected, used and stored by the operators of the respective social network, but not by GIZ. This is also the case even if the users themselves do not have an account with the respective social network. 

The individual data processing operations and their scope differ depending on the operator of the respective social network. GIZ has no influence on the collection of data or its further use by the social network operators. We are not fully aware of the extent to which, where and for how long the data is stored; to what extent the networks comply with existing obligations regarding erasure; what analyses are conducted and links established with the data; and to whom the data is disclosed.

Access to these social media sites is subject to the terms of use and privacy policies of the respective operators. Click here for the contact details and links to the data privacy policies of the social media on which GIZ maintains a presence. 

GIZ on social media

• The privacy policy for the social network YouTube, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be found at https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_en_eu.pdf .

Storage and deletion of your data

The data will be processed till November 2024. You can withdraw your consent for future processing by contacting us as described in this data protection statement or consent declaration.

In case you withdraw your consent, or we no longer need the data to deliver and are not required by law to keep the data, we will erase the data. If your data has been anonymized and can no longer be attributed to you, we can continue to use such data.

By voluntary entering optional information, you declare your consent to its processing

Data security

We use and instruct and require our contractors to use appropriate technical and organisational measures to secure data against unintentional or intentional falsification, destruction, loss or access by unauthorised persons. Access to the personal data is restricted to authorised personnel who need to process it for the above-mentioned purpose(s), and who will handle the information provided in a proper and confidential manner.

Child’s privacy

TIA website is not meant for children under the age of 16.

We do not always know that users of our website are under 16 years old. If we learn that the data that we have collected is data from children under the age of 16 and without verification from their parents, we will take steps to delete the data from our system.

Rights of the data subject

You have the following rights: 

• To obtain information about your data stored by us (Article 15 GDPR)
• To have your data stored by us rectified (Article 16 GDPR)
• To have your data stored by us erased (Article 17 GDPR)
• To obtain restriction of processing of your data stored by us (Article 18 GDPR) 
• To object to the processing of your data if personal data are processed on the basis of the first sentence of Article 6 (1) 1 f and e GDPR (Article 21 GDPR) 
• To receive your personal data in a commonly used and machine-readable format from the controller so that they can be potentially transmitted to another controller subject to the conditions in Article 20 GDPR.
• To withdraw their consent to the extent that the data has been processed on the basis of consent (Article 6 (1) a GDPR). The lawfulness of the processing based on the consent given remains unaffected until receipt of the withdrawal.

Please send your revocation by email to: theintegrityapp@giz.de. The data will be deleted accordingly. In the case of consent revocation, it might be not possible to use the website or its certain functions, such as when you revoke certain website authorizations for media access.

If you have any questions or complaints about this website, you can contact the data protection officer. You also have the right to lodge a complaint with the relevant data protection supervisory authority. The responsible authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Changes to this Policy

We can update this Privacy Policy from time after time. 

You are advised to review this Policy periodically for each change. 

Last updated: 10 February 2023