GIZ Data Protection Declaration on GIZ Bangladesh
Service Provider Enlistment Database system
Welcome to our Service Provider Enlistment
system. Protecting your personal data is extremely important to us, so we set
out below the data protection principles to which GIZ is committed and explain
the related processes and provisions.
Responsible
for data processing and contact details
Data processing is the responsibility of Deutsche Gesellschaft für
Internationale Zusammenarbeit (GIZ) GmbH.
Address:
Friedrich-Ebert-Allee 32 + 36, 53113 Bonn, Germany
Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn, Germany
Contact:
info@giz.de
Collecting
your data
By registering on our enlistment portal, you create an account that
forms the basis for processing your data. Specific personal data is required to
create an account and enlistment. This includes
Each time the website is accessed, the data stored includes, but is not limited to, the page that is viewed, filename that is downloaded, the IP address and MAC and Serial-Manufacturer of the client device, Method, URI steam/query, user agent (browser details) as well as the date and time of access.
Further information on data storage and transfer
GIZ is obliged to store the data beyond
the time of the visit in order to ensure protection
against attacks against GIZ’s internet infrastructure and federal
communications technology (legal basis: Article 6 (1) e GDPR in
conjunction with Section 5 of the German Act on the Federal Office for
Information Security (BSIG). In the event of attacks on communications
technology, this data is analysed and used to initiate legal and criminal
action.
Data that is logged when accessing the
GIZ website is only transferred to third parties if there is a legal obligation
to do so or if the transfer is necessary for legal or criminal prosecution in
the event of attacks on federal communications technology. Data will not be
passed on in any other cases. This data is not merged with other data sources
at GIZ.
When you visit the GIZ
website, small text files known as ‘cookies’ are stored on your computer. They
are used to make the online presence more user-friendly and effective overall.
Cookies cannot run programs or infect your computer with viruses.
The GIZ website uses cookies
that are automatically deleted as soon as the browser on which the page is
displayed is closed (referred to as temporary
cookies or session cookies) This type of cookie makes it possible to assign
various requests from a browser to a session and to recognise the browser when
the website is visited again (session ID).
Processing of personal data
when contacting us
When users contact us, the data provided is processed in order to be
able to respond to the enquiry. The following contact options are available:
-
Email
-
Letter
-
Phone
Contact by email
Alternatively, it is possible to contact GIZ via the email addresses
provided. In this case, at least the email address but also any other personal
user data transmitted with the email (e.g., family and given name, address) as
well as the information contained in the email are stored solely for the
purpose of contacting the user and processing the request.
The legal basis for the processing of data in connection with email
communication is Article 6 (1) e GDPR.
Contact by letter
When contacting us by letter, the personal data transmitted (e.g. family
and given name, address) and the information contained in the letter is stored
for the purpose of establishing contact and processing the enquiry.
The legal basis for the processing of data in connection with
communication by letter is Article 6 (1) e GDPR.
When contacting us by phone, personal data will be processed to the
extent necessary in order to handle the enquiry.
The legal basis for the processing of data in connection with
communication by phone is Article 6 (1) e GDPR.
How we use your data
Once your profile is completed, your data and
uploaded documents will be made available to Contract and Procurement Unit of
GIZ Office Dhaka and GIZ supported Projects. We will then decide during the
selection procedure whether you will be considered.
In addition, it is possible that our software
development team/IT Team, which is also responsible for maintaining the
systems, may be granted access to your data if necessary. Apart from the
organizations involved in the selection process, GIZ will not pass your
personal data on to any third parties unless it is compelled by law to do so
(e.g. by law enforcement agencies).
a) For the purpose of performance of a contract or
in order to take steps prior to entering a contract (Article 6 1(b) of the GDPR
or Article 26 of the BDSG 2018)
We process your personal data for the purpose of
establishing a contract of consultancy or within the company.
b) For purposes for which you have consented to
processing of your data (Article 6 1(a) of the GDPR)
Your personal data may also be processed with your
consent for specific purposes (e.g., having your data entered into the GIZ enlistment
system. You may withdraw this consent at any time. Withdrawal of consent
normally applies only to future use and processing. It does not affect any
processing carried out prior to withdrawal of consent, which remains
permissible under the law.
c) For the purpose of compliance with a legal
obligation (Article 6 1(c) of the GDPR) or processing in the public interest
(Article 6 1(e) of the GDPR)
GIZ is bound by statutory requirements that may
require them to share your data. This relates primarily to requirements from
law enforcement bodies but may also relate to requirements from supervisory or
other bodies.
Storage and erasure of your data
Data stored in GIZ’s enlistment system is used to
stay in contact with you and allow you to be considered for future opportunity.
Your personal data will be stored in the enlistment
system remains valid for 2(two) years. Once this period has elapsed, and
following a further email from us, you will have to consent to your data
remaining within the enlistment system. If you withhold this consent or fail to
respond to our email, any documents you have uploaded will automatically be
deleted and your data will be converted into an anonymised data record. The log
files are deleted in every 30 days.
Your personal data will be stored for a longer
period only if you consent to its continued storage in the GIZ talent pool or
if there are statutory requirements to retain it for a longer period.
The IT security of your data
We take protection of your personal data very
seriously. A range of technical and organisational measures are in place to
ensure that your data is protected against accidental or malicious
manipulation, erasure and unauthorised access. These measures are updated in
line with technological advances and adapted to changes in risk on an ongoing
basis.
Your rights
You have the right to view, update or delete your
user account and the information contained within it online at any time. Please
note that any changes you make to your profile may have an impact on all
applications linked to that profile. You can ask GIZ to rectify, delete or
restrict processing of individual personal data at any time. You have the right
to request from GIZ full disclosure of the data it holds on you at any time.
You also have the right to withdraw your consent at
any time and to amend or withdraw any consent already given for the future or
entirely, without specifying reasons. This will result in all documents you
have uploaded being deleted. Your data will then be transferred to an
anonymised dataset. You may notify GIZ of your withdrawal of consent by post
[Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, [PO Box
6061, Gulshan1, Dhaka 1212] by email to it-bangladesh@giz.deThe only cost to
you is the cost of postage or email or fax costs at current prices. If you
believe your personal data has been processed unlawfully, you have the right to
make a complaint to Data Protection Officer by email it-bangladesh@giz.de