Data Protection

1. Introduction

As an agency of the Federal Republic of Germany without legal capacity, the Federal Ministry of the Interior, Building and Community (BMI) provides the Federal Portal. The Federal Portal offers a single point of access to digital government services provided by the Federation and the Länder.

When you use the Federal Portal, your personal data are processed (Article 4 no. 1 of the General Data Protection Regulation – GDPR). Which data are processed for what purposes and on what basis depends on the type of service you use. The information below provides details of the type of personal data processed as well as the purposes and legal basis of the processing.

2. Controller and Data Protection Officer

The Federal Ministry of the Interior, Building and Community is responsible for operation of the Federal Portal in accordance with data protection law (Article 4 no. 7 of the GDPR).

Note: When you use an online application form to request an administrative service within the Federal Portal, the authority responsible for processing your request has responsibility under data protection law for processing any data collected within the scope of your request for the purpose of processing your request. In this context, the Federal Ministry of the Interior, Building and Community processes your data only on behalf of the responsible authority. Additional information and explanations concerning data processing for each online request process are available in the Privacy Policy to which each online application form has a link.

You can reach us at the following address:

Federal Ministry of the Interior, Building and Community
Alt-Moabit 140
10557 Berlin
Phone: +49-(0)30 18 681-0
Fax: +49-(0)30 18 681-12926
E-Mail: poststelle@bmi.bund.de
DE-Mail: poststelle@bmi-bund.de-mail.de

 

Note: Please note that end-to-end encryption is not used as standard for the transmission of emails (not DE-Mail), which means that unauthorised persons could potentially access and manipulate the information transmitted. For information that requires protection, we therefore recommend that you contact us as follows:

  • DE-Mail
  • E-Mail with PGP-encryption
  • Contact form

You can reach the BMI Data Protection Officer at the following address:

Federal Ministry of the Interior, Building and Community
Alt-Moabit 140
10557 Berlin
Phone: +49-(0)30 18 681-0
E-Mail: bds@bmi.bund.de

 

3. Where does the technical operation of the Federal Portal take place and by whom is it operated?

The Federal Portal is operated in the Federal Information Technology Centre (ITZBund). The Federal Information Technology Centre is part of the federal administration. It is the provider of federal IT services. The data centres of the Federal Information Technology Centre are located in Germany. No data processing related to the Federal Portal takes place outside of Germany.

4. Personal data, purposes and legal basis of the processing

4.1. What are personal data?

Personal data means any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, an identification number, location data or an online identifier (Article 4 no. 1 of the GDPR).

4.2. Which data do we collect when you visit the Federal Portal website?

Every time you visit the Federal Portal website, the following data, which are technically necessary to display the website and to ensure the stability and security of this service, are collected on our servers:

  • the date and time of access,
  • the name and URL of the files retrieved,
  • the website from which access was made,
  • the operating system of your computer and the browser you use,
  • your IP address,
  • the name of your internet service provider.

The data are written to what are known as log files (technical log files), where they are stored for a period of 90 days. After that time, the data are automatically deleted. Technical and organisational safeguards have been put in place to ensure that only a defined group of suitably instructed administrators have access. These data are not combined with other data sources.

Processing is carried out in compliance with Article 6 (1) letter (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).

4.3. What are cookies and which cookies are used?

Cookies are small pieces of data that a website can place locally in the memory of your web browser on your computer. They contain identifiers (randomly generated identification numbers), which the server can use to clearly assign requests coming from your access device. In this way, a request can also be clearly assigned to a specific user.

The Federal Portal website uses cookies solely for technical purposes and to ensure its optimum function. We use cookies

  • to recognise your browser for the current session in the Federal Portal so that you can use the different functions of the Federal Portal in full
  • to enable your authentication for your Federal User Account and
  • to authenticate you for a specialised procedure if necessary (authentication with your user account).

The encrypted authentication cookies are deleted immediately after authentication. The cookies used to recognise the browser session or user inactivity are deleted either when the browser session ends or after 30 minutes at the latest.

Article 6 (1) letter (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for the processing of personal data using cookies.

Note: Any internet browser can show you when cookies have been stored on your computer and what they contain. Depending on which browser you use, you can set your browser to accept cookies in general, to accept only certain cookies or to reject all cookies. Your browser will usually also show you which cookies are stored on your access device so that you can delete all or some of them.

4.4. Which data do we process to authenticate you for an online administrative service?

Depending on which administrative service you want to use, you may be required to authenticate yourself first. Authentication takes place via your user account. Following successful authentication, the information required for authentication is transferred to an extension of the user account in the Federal Portal.

The legal basis for this is your consent in accordance with Article 6 (1) letter (a) of the GDPR, which you provided when registering your user account. Further details are available in the Privacy Policy of the Federal User Account.

Note: Please note that the authority responsible for processing any data collected within the scope of your application for an administrative service has sole responsibility under data protection law for any data processing necessary to process your application. The Federal Portal only provides the technical platform through which the relevant authorities can offer application forms. Further details are available in the Privacy Policy of the authority responsible for processing your application. This will be linked from the page with the application form.

4.5 What data do we process in connection with European Union usage statistics and usage feedback?

The Federal Portal is part of the Single Digital Gateway (SDG) of the European Union (EU, which provides cross-border access to online administrative functions.

To improve the functionality of the information and services offered through the SDG and to boost your satisfaction with them, we gather user statistics and provide a feedback tool for you.

We compile the following information into statistics:

  • the URL of the site you visited
  • the country from which the site was accessed
  • the type of device you used (PC, mobile phone, tablet)

To compile the statistics, we collect the following data:

  • the operating system of your device and the browser you use,
  • your IP address

Your IP address is anonymised at the conclusion of the statistical collection.

User feedback (if you have provided such feedback):

Questions related to the information and services provided (these are found at the end of the service description under the heading “Tell us what you think”).

  • Have you found what you were looking for (yes/no/partially)?
  • How would you rate this site on a scale of 1 to 5 where 1 is worst and 5 is best?
  • Free text field: What can we improve?

The answers you submit as user feedback are not linked to your IP address.

Statistics and feedback are collected on a monthly basis and transmitted to the EU’s common data repository at the beginning of the following month (content of free text fields is generally not transmitted). Article 6 1) letter (e) of the GDPR in conjunction with Article 24 of Regulation (EU) 1024/2012 on the SDG in conjunction with Article 3 (1) of Commission Implementing Regulation (EU) 2020/1121 provides the legal basis for the processing of your personal data for the purpose of compiling user statistics. Article 6 (1) letter (e) of the GDPR in conjunction with Article 25 of Regulation (EU) 1024/2012 on the SDG in conjunction with Articles 8 and 10 (2) of Commission Implementing Regulation (EU) 2020/1121 provides the basis for the processing of your feedback (with the exception of content entered into free text fields). Article 6 (1) letter (e) of the GDPR in conjunction with section 3 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) provides the legal basis for the processing of your responses entered into free text fields.

4.6. Which data do we process when you send us an enquiry using the support form or the feedback form?

When you send us a contact request using the support form or the feedback form provided on the Federal Portal (both forms are available via the wide black footer at the bottom of each page), we record the following data:

  • your IP adress,
  • the date and time at which you sent the message,
  • your name, phone number or email address if you have provided this information,
  • the content of your message.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

If you send us a message via the support form or the feedback form including your email address, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us.

The information provided through the support form or the feedback form is transmitted via an encrypted https connection.

The information provided through the support form or the feedback form is transmitted via an encrypted https connection.

Article 6 (1) letter (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for the processing of your contact with us.

Your contact with us is processed by staff of the organisational unit responsible, who will store your data only to respond to your message and in compliance with the legal and contractual requirements. Your data will be deleted no more than three months after we have responded to your message, or after one year at the latest. If the organisational unit responsible is unable to respond to your message, it will be forwarded to the appropriate division.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Note: Note: If you make contact in connection with a future, ongoing or completed application, we will forward your contact request to the authority responsible for processing this application. The authority in question will then process your enquiry directly.

4.7. Which data do we process when you send us a request by email?

If you send an email to the central address poststelle@bmi.bund.de or to poststelle@bmi-bund.de-mail.de we process:

  • the email address from which you contacted us
  • the date and time we received your email
  • the content of your message.

If you contact us by email, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us. In some cases, the BMI may also forward support requests to the Federal Information Technology Centre (ITZBund) for processing. The purpose of this is to enable the Federal Information Technology Centre to answer technical support queries which the BMI is unable to answer as these matters do not belong to its sphere of responsibility.

Such data will be processed in line with the provisions in section 3.4 of the BMI Privacy Policy.

4.8. Which data do we process when you contact us by post?

If you write a letter to us, the data you send (e.g. last name, first name, address) and the information contained in the letter (including, where applicable, personal data communicated by you) will be saved to enable your enquiry to be processed and so that we can contact you. Such data will be processed by the BMI in line with the provisions in section 3.5 of the BMI Privacy Policy.

4.9. Which data do we process when you contact us by phone?

If you contact the BMI’s public enquiry service using the phone number +49 (0) 30 16861 0, no personal data will be collected. Personal data will be collected only if you request a written response or ask to be called back. Such personal data will be processed and saved in accordance with the provisions in number 3.4 of the BMI Privacy Policy.

4.10. Forwarding of your data to third parties

We only pass on your data to third parties in the following cases:

If you request an administrative service via your user account; in this case, your identity data will be disclosed to the authority responsible for processing your request in order to identify you; for details see 4.10.1.

Note: Please note that the authority responsible for processing your application has sole responsi-bility under data protection law for any data processing necessary to process your application. The Federal Portal only provides the technical platform for receiving and transmitting your application. Further details are available in the Privacy Policy of the authority responsible for processing your application. This will be linked from the page with the application form.

4.10.1. Data we transmit when you request an administrative service

If you request a digital administrative service from a public authority, the following personal data may be transmitted to that authority for identification purposes. The scope of the data transmitted depends on the specific legislation governing the service requested and, under certain circumstances, whether you consent to the processing of your data by the authority.

  • Identity data: Your name, academic degree (if applicable), date of birth, birth name (if applicable), place of birth, address
  • Communication data: Your email address
  • Technical specifications: email handle, assurance level of your identification (values: low, high) and a randomly generated identifier for the user logged in.

If you submit an application via a company account, the following data will be transmitted:

  • company data (company name and legal form, address and contact details)
  • your company’s communication data (email address)
  • identity data for the company’s legal representative (name, date of birth, place of birth, birth name)
  • technical data (email handle of the company account, assurance level and a randomly generated identifier for the user logged in).

For purposes of identification, your data are transmitted on the basis of your consent in accordance with Article 6 (1) letter (a) of the GDPR, which you provided when registering your private or company account. Further details are available in the Privacy Policy of the Federal User Account.

4.10.2. Other recipients of personal data

The BMI uses the Federal Information Technology Centre (ITZBund), Bonn office, Bernkasteler Str. 8, 53175 Bonn, Germany, and Bundesdruckerei GmbH, Kommandantenstr. 18, 10969 Berlin, Germany, as service providers for commissioned data processing. A contract according to Article 28 (3) of the GDPR has been concluded with each of these service providers; the BMI remains responsible for data protection.

5. Your rights as a data subject

5.1. Your rights

You have the following rights vis-à-vis the BMI with regard to personal data concerning you:

  • Right of access, Article 15 of the GDPR

This right gives data subjects comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by section 34 of the Federal Data Protection Act.

  • Right to rectification, Article 16 of the GDPR

The right to rectification includes the option of having inaccurate personal data concerning the data subject rectified.

  • Right to erasure, Article 17 of the GDPR

The right to erasure includes the option of having data concerning the data subject deleted by the controller. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by section 35 of the Federal Data Protection Act.

  • Right to restriction of processing, Article 18 of the GDPR

This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights.

  • Right to data portability, Article 20 of the GDPR

The right to data portability gives data subjects the option of receiving from the controller the personal data concerning them in a commonly used and machine-readable format in order to have them transmitted to another controller. According to Article 20 (3) sentence 2 of the GDPR, this right does not apply if the data processing is necessary to perform a task carried out in the public interest.

  • Right to object to collection, processing and/or use, Article 21 of the GDPR

The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests. Exceptions to this right are governed by section 36 of the Federal Data Protection Act.

  • Right to withdraw consent, Article 7 (3) of the GDPR

If the personal data are processed on the basis of consent, data subjects can withdraw their consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent provided remains unaffected until notification has been received that consent has been withdrawn.

5.2. How to assert your rights

You can also assert your rights in writing or electronically using the contact details provided in section 2 above.

Under Article 77 of the GDPR, you also have the right to lodge a complaint with a data protection supervisory authority; this is the Federal Commissioner for Data Protection and Freedom of Information.

You may also submit questions and complaints directly to the BMI data protection officer named in (2).

As at: 4 December 2020