Still Working! The action takes longer this time...
The K-Box is currently in readonly mode.
For maintenance reasons you cannot change or upload content.

Information on the processing of personal data

The Privacy Notice provided below describes, as required by the EU Regulation 2016/679, the processing operations performed on the personal data of the users of the Services.

Using these Services may result into processing data relating to identified or identifiable natural persons.

Data controller and data protection officer

Data Controller: Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH, Friedrich-Ebert-Allee 36 + 40, 53113 Bonn, Dag-Hammarskjöld-Weg 1–5, 65760 Eschborn. Email:

Data Controller’s Data Protection Officer (DPO):

Categories of personal data

When you use our Services we process and collect these categories of personal data:

  1. Registration information. When you register for our Services, you submit some identification and contact data (such as your e-mail address, surname, name, affiliated organization). The data that we request at the time of registration is necessary to provide the Services.
  2. Account information. When you use our Services, you also give us access to certain information (such as the name, the download/upload files history and the queries on the internal search engine) that is necessary for the provision and maintenance of your user account. In order to create a new account for a new user, we store and access certain personal data (such as the email addresses and name).
  3. Logs. When you use our Services, we process certain information and store it in log files. This information includes internet protocol (IP) addresses as well as: number of document in the K-box, number of upload and download, search queries, time of access, publication and action on data and error logs.
  4. Browsing data. The information systems and software procedures relied upon to operate these Services - based on website - acquire personal data as part of their standard functioning. The transmission of such data (technical data) is an inherent feature of Internet communication protocols. This data category includes the IP addresses and/or the domain names of the computers and terminal equipment used by any user, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the referring web page, the time of such requests, the method used for submitting a given request to the server, search queries, a numerical code relating to server response status (successfully performed, error, etc.). We use only “session cookies” (no persistent) that are automatically deleted after two hours. Session cookies are used exclusively to the extent this is necessary to enable secure, efficient browsing.
  5. Content uploaded. You and other users may upload content that includes information about you (as meta data or part of documents, articles, paper, videos) on our Services.
  6. Content downloaded. When you download shared contents, we automatically collect information such as the search queries and referrer page to reach the content.
  7. Other Personal Data. When you contact us for our technical support, help or otherwise communicate with us you may decide to share further information with us. In order to guarantee technical support in the future, these data are retained by us until your account is in existence.

Legal basis for processing data

Data Controller is a public-benefit federal enterprise for international cooperation so the personal data mentioned on this page are processed by the Data Controller in discharging its tasks that serve the public interest or are related to the exercise of its institutional functions. This includes the planning, the implementation and the execution of the Project. Personal Data are processed on the basis of Article 6, 1 lit. f) of the GDPR for the purpose of pursuing the controller’s legitimate interests, in this case to provide and improve the Services.

Purposes for processing personal data

We may use the information collected for the limited purpose of providing the Services and related functionality. These limited purposes include circumstances where it is necessary to provide or fulfill Services requested by you or in your interest. The information is used to perform a variety of purposes, including to:

  • provide, operate, maintain and improve the Services;
  • enable you to access and use the Services, including uploading, downloading, collaborating on and sharing contents;
  • enable you to communicate, collaborate, and share files with specific users;
  • send you technical notices, updates and support and administrative messages;
  • reply to your questions and requests and provide user support;
  • investigate and prevent copyright infringement and unauthorized, fraudulent or illegal use of the Services.

We use your data to produce and share aggregated insights that do not identify you. For example, we may use your data to generate aggregated statistics about your Team or its members to track their activity.

Data recipients

Staff: The personal data collected as above are also processed by the staff from the Data Controller, acting on specific instructions concerning purposes and arrangements of such processing. Data processors: The following entities are recipients of the data collected when you are using our Services. They have been appointed as data processors by the Data Controller pursuant to Article 28 of the Regulation:

  • Oneoff-Tech UG (Haftungsbeschränkt) or its subcontractors.

Other third-parties: The personal data are not passed on to/ shared with third parties, except the Data Processor and its subcontractors, as above specified.

Transfer of personal data to an extra-eu country

The Data Controller does not transfer your data to an extra-EU third country.

Duration of data retention

We retain your personal data until your account is in existence. Therefore personal data are deleted when:

  • your account is deleted for any reason.

Data subject’s rights

You (formally the “Data Subject”) have the right to obtain from the Data Controller, where appropriate, access to your personal data as well as rectification or erasure of such data or the restriction of the processing concerning you, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). In particular, at any time you may exercise your rights:

  • to obtain confirmation of the data processing performed by the Data Controller,
  • to access to personal data,
  • to obtain correction or deletion of the data or limitation of the processing that are the same,
  • to object to processing (unless there is a legitimate reason prevailing compared to the one that gave rise to his request);
  • to receive the personal data concerning you (data portability)

Please contact the Data Controller's DPO to lodge all requests to exercise these rights.

Data security

Protecting your personal data is especially important to us. We use technical and organizational security measures to ensure that your data is protected against intentional and unintentional manipulation, deletion and unauthorized access. These measures are updated in line with technological developments and adjusted on an ongoing basis to account for risks. The servers containing your data are stored and managed in data centers in Germany. Our Services are based on web technology relying on Transport Layer Security (TLS) cryptographic protocol for the protection of the transmission of your content.

Law enforcement

The data controller believes that law enforcement should be able to conduct effective and efficient investigations, but not at the expense of the users' rights. The data controller will review and respond to properly served requests for user information in accordance with its privacy policy, terms of service, and applicable law. The data controller reserves the right to object to requests that are improperly served, overly broad, or vague. The data controller will notify its users of requests for their information unless legally prohibited.

Changes to this Privacy Policy

We reserve the right to make changes to this privacy policy at any time by giving notice to its users on this page. All users will be notified email. Still, it is strongly recommended to check this page often, referring to the date of the last modification stated at the bottom of the homepage. An updated version can always be viewed and printed at the URL /privacy/legal