Privacy Policy for the Federal Portal

1. Preliminary remarks

The Federal Portal is provided by the Federal Ministry of the Interior and Community (BMI). It offers a single point of access to digital government services provided by the Federation and the Länder.

When you use the Federal Portal, your personal data are processed (Article 4 no. 1 of the General Data Protection Regulation (GDPR)). The information below provides details of the type of personal data processed, the purposes and legal basis of the processing, and your rights.

2. Controller and data protection officer

The Federal Ministry of the Interior and Community is responsible for operating the Federal Portal in accordance with data protection law (Article 4 no. 7 of the GDPR).

Note: When you use an online application form to request or use a government service within the Federal Portal, responsibility under data protection law for processing any data collected within the scope of your request or use lies with the authority providing this online government service. In this context, the Federal Ministry of the Interior and Community processes your data only on behalf of the responsible authority. Additional information and explanations concerning data processing for each process are available in the Privacy Policy to which each online form has a link.

You can reach us at the following address:

Federal Ministry of the Interior and Community
Alt-Moabit 140
10557 Berlin, Germany
Phone: +49 (0)30 18 681-0
Fax: +49 (0)30 18 681-12926
Email: poststelle@bmi.bund.de
DE-Mail: poststelle@bmi-bund.de-mail.de

You can reach the Data Protection Officer at the Federal Ministry of the Interior and Community at the following address:

Federal Ministry of the Interior and Community
Der/die Datenschutzbeauftragte
Alt-Moabit 140
10557 Berlin, Germany
Phone: +49 (0)30 18 681-0
Email: bds@bmi.bund.de

Note: End-to-end encryption is not used as standard for the transmission of emails (not De-Mail), which means that unauthorised persons could potentially access and manipulate the information transmitted. For information that requires protection, we therefore recommend that you contact us using one of the following methods:

3. Where is the Federal Portal hosted, and by whom?

The Federal Portal is hosted by the Federal Information Technology Centre (ITZBund). The Federal Information Technology Centre is part of the federal administration. It is the provider of federal IT services. The data centres of the Federal Information Technology Centre are located in Germany. No data processing related to the Federal Portal takes place outside of Germany.

4. What are personal data?

Personal data means any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, an identification number, location data or an online identifier (Article 4 no. 1 of the GDPR).

5. Data processing when you visit the Federal Portal website

5.1. Which data do we collect when you visit the Federal Portal website?

Every time you visit the Federal Portal website, the following data, which are technically necessary to display the website and its functions and to ensure the stability and security of this service, are collected on our servers:

  • the date and time of access,
  • the name and URL of the files retrieved,
  • the website from which access was made (referrer),
  • the operating system of your computer and the browser you use,
  • the preferred language of your browser (accept language),
  • your IP address,
  • the name of your internet service provider

The data are automatically written in what are known as log files (technical log files), where they are stored for a period of 90 days. After that time, the data are automatically deleted. Technical and organisational safeguards ensure that only a defined group of suitably instructed administrators have access to these data. These data are not combined with other data sources.

Data traffic between your web browser and the Federal Portal servers is going through an encrypted HTTPS connection. HTTPS is a secure version of the HTTP communication protocol which is used for exchanging data (such as Federal Portal websites, your form input data) via the internet between the web browser and server, preventing unauthorised persons from accessing the information transmitted.

Processing is carried out in compliance with Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act (BDSG) and section 5 of the Act on the Federal Office for Information Security (BSIG).

To improve the terms suggested by the Federal Portal’s search function (autosuggest), we process the search terms entered by you in anonymous statistics if your search was successful. A search is considered successful if the user views a description of services within the Federal Portal immediately after the search. For this purpose, we analyse the referrer transmitted by your browser to the Federal Portal server. We will not create user profiles, i.e. we will not link the results of this analysis with other data sources (such as the optional web analysis / user statistics referred to under 5.4).

The legal basis for processing personal data to improve the Federal Portal’s search function is Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act.

5.2. What are cookies and similar technologies?

Cookies are small pieces of data that a website can place locally in the memory of your web browser on your computer. They contain identifiers (randomly generated identification numbers), which the server can use to clearly identify requests coming from your device. In this way, a request can also be clearly attributed to a specific user.

JavaScript is a script language for implementing dynamic content on websites and is executed in your browser. This makes it possible to interpret user actions, and to create, update or adapt content on an ad-hoc basis.

The local storage is a file database of your browser which stores data and settings beyond a browser session.

The session storage is a file database of your browser which stores data and settings as long as your browser tab is open.

5.3. Which cookies and similar technologies do we use?

The Federal Portal website uses cookies and similar technologies as follows:

Technically necessary:

  • Session cookie: AL_SESS-S
    Purpose / application: Session cookies are set when you open the Federal Portal website. They ensure that all queries from a given terminal device are routed to the same webserver.
    Validity: 24 hours
  • Session storage object: flashMessage
    Purpose / application: Session storage objects are created when the Federal Portal website is called up. They ensure that when switching to the website’s English version, you will see the notice regarding the limited scope of the English language version only until you close it or for as long as you navigate in the same browser tab.
    Validity: Until you leave the browser tab in which you opened the website.

The session cookie and session storage object are considered technically necessary in accordance with section 25 (2) (2) of the Act regulating Data and Privacy Protection in Telecommunications and Telemedia (TTDSG). For this reason, they may be stored on your device without your consent, and the information they hold may also be accessed without your consent. Data collected by technically necessary cookies or storage objects are not used to create user profiles.

Web analytics / user statistics:

  • Visitor cookie: _pk_id
    Purpose / application: Visitor cookies serve to identify the user by means of a unique visitor ID.
    Validity: 24 hours
  • Referral cookie: _pk_ref
    Purpose / application: Storing the referrer (the external website you used to access the current Federal Portal website).
    Validity: 24 hours
  • Session cookie: _pk_ses
    Purpose / application: Session cookies serve to clearly assign the user (tracking ID) to the current session (by means of ID).
    Validity: 30 minutes; the validity is extended by another 30 minutes if a Federal Portal website / function is called up.
  • JavaScript
    Purpose / application: JavaScript serves to read and analyse client data (such as: type of device, IP address, URL; for a list of all analysed parameters cf. section 5.4).
    Validity: Newly delivered with each site.
  • Local storage object: cookieConsent
    Purpose / application: Local storage objects serve to avoid repeated consent requests.
    Validity: 5 days (120 hours)

In accordance with section 25 (1) of the Act regulating Data and Privacy Protection in Telecommunications and Telemedia, the cookies and similar technologies used for web analytics / user statistics purposes will be stored on your device only with your consent, and the information stored in those objects will be accessed only with your consent. If you reject this use of cookies and similar technologies, your decision will be stored for a period of 5 days in your local storage.

Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for processing personal data using cookies.

Note: With any internet browser, you can see when cookies have been set and what they contain. Depending on which browser you use, you can set your browser to accept cookies in general, to accept only certain cookies or to reject all cookies. Your browser will usually also show you which cookies are stored on your device so that you can delete all or some of them.

Using your browser’s developer tools (DevTools/console) you can also view, manage or delete the local storage entries for the Federal Portal.

5.4. Which data do we process when gathering web analytics/user statistics?

If you accepted cookies and similar technologies in the “Web analytics settings” banner, the Federal Portal will analyse usage and visitor information for statistical purposes in order to provide information as needed and improve the functions of the Federal Portal (for more details on the cookies and similar technologies used see section 5.3).

When you open the individual pages of the Federal Portal website, the cookies mentioned above and JavaScript will be used to collect the following data:

  • IP address of the system you used to access the website,
  • the time you opened the page,
  • the web page accessed,
  • the website from which you accessed the web page (referrer),
  • the sub-pages that you opened from the web page accessed,
  • the length of time you spent on the page,
  • how often you accessed the web page,
  • the country from which you accessed the site,
  • the type of terminal device you used (PC, mobile phone, tablet),
  • the operating system of your terminal device and the browser you used,
  • the page you access upon leaving the Federal Portal and
  • the language preferences stored in your browser.

We do not store your entire IP address; two bytes are masked (e.g. IPv4: 217.110.0.0 instead of 217.110.196.152, IPv6: 2001:db8:0:8d3:0:0:0:0 instead of 2001:db8:0:8d3:0:8a2e:70:7344) so that the IP address cannot be traced back to the computer accessing the website.

The website recognises your browser using cookies and similar technologies (see section 5.3). Due to the privacy-friendly setting of these cookies, after one day you will count as a new visitor when using this browser.

Web analytics are disabled in the default settings. Use the following link to enable cookies and similar technologies (JavaScript, local storage objects) to allow the Federal Portal to gather and analyse the aforementioned fully anonymised data of your visit for statistical purposes; or to view or change your previous choice.

View or change web analytics settings.

Click on “Web analytics settings” in the footer to view or change your settings at any time.

If you have enabled “do not track” in your browser, web analytics will be automatically denied.

Your choice on web analytics on the Federal Portal will be stored in a browser cookie for five days. After that period, you will once again be asked to make a choice.

The legal basis for processing personal data is Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act of the BDSG.

5.5 Which data do we process when gathering user statistics (visitor statistics)/feedback on services of the Single Digital Gateway of the European Union?

The Federal Portal is part of the Single Digital Gateway (SDG) of the European Union, which provides cross-border access to online government services.

To improve the website and to increase your satisfaction with the information and services offered through the Single Digital Gateway, we gather user statistics and provide a feedback tool for you.

We compile the following information in statistics:

  • the URL of the site you visited within the SDG,
  • the time you opened the site,
  • the country from which you accessed the site,
  • the type of device you used (PC, mobile phone, tablet).

To compile the statistics, we collect the following data:

  • the operating system of your device and the browsers you use.

User feedback (if you have provided such feedback):

Questions related to the information and services provided (these are found at the end of the service description under the heading “TELL US YOUR OPINION!”).

  • Found what you were looking for (Yes/No/Partly)?
  • How do you rate this information (on a scale of 1 to 5)?

The answers you submit as user feedback are not linked to your IP address.

Statistics are collected on a monthly basis and transmitted to the EU. Your feedback is also transmitted on a monthly basis to the EU via the national feedback component (NFC).

Article 6 (1) (e) of the GDPR in conjunction with Article 24 of Regulation (EU) 1024/2012 on the Single Digital Gateway (SDG) in conjunction with Article 3 (1) of Commission Implementing Regulation (EU) 2020/1121 provides the legal basis for processing your personal data for the purpose of compiling user statistics. Article 6 (1) (e) of the GDPR in conjunction with Article 25 of Regulation (EU) 1024/2012 on the Single Digital Gateway (SDG) in conjunction with Articles 8 and 10 (2) of Commission Implementing Regulation (EU) 2020/1121 provides the basis for processing your feedback.

6. Data processing when you contact us

6.1. Which data do we process when you contact us via the support or feedback form?

When you send us a contact request using the support form or the feedback form provided on the Federal Portal (both forms are available via the wide black footer at the bottom of each page), we record the following data:

  • the previous Federal Portal page you visited (referrer),
  • the date and time you sent the message,
  • your name, phone number or email address if you have provided this information,
  • the content of your message.

If you send us a message via one of the two forms including your email address, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us.

The information provided through the forms is transmitted via an encrypted HTTPS connection.

If you do not consent to the processing of your data, you can cancel the process at any time and your message will not be submitted.
Depending on your browser, you may disable referrer tracking.

Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for processing your contact with us.

Your contact with us is processed by the competent service team. Your data will only be stored to respond to your message and in compliance with the legal and contractual requirements. They will be deleted as soon as they are no longer needed as evidence or for revision. If the service team is unable to respond, your message will be forwarded to the appropriate division of the Federal Ministry of the Interior and Community.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

6.2. Which data do we process when you send us a request by email?

If you send an email to the central poststelle@bmi.bund.de address or to poststelle@bmi-bund.de-mail.de, we process:

  • the email address from which you contacted us,
  • the date and time we received your email,
  • the content of your message.

If you contact us by email, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us. In some cases, the Federal Ministry of the Interior and Community may also forward support requests to the Federal Information Technology Centre for processing. The purpose of this is to enable the Federal Information Technology Centre to answer technical support queries which the Federal Ministry of the Interior and Community is unable to answer as these matters do not belong to its sphere of responsibility.

Such data will be processed in line with section 3.1 of the general Privacy Policy of the Federal Ministry of the Interior and Community.

6.3. Which data do we process when you contact the Federal Portal service team by email?

If you send an email to support-bundesportal@bdr.de, we process:

  • the email address from which you contacted us,
  • the date and time we received your email,
  • the content of your message.

If you contact us by email, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us.

Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for processing your contact with us.

Your request will be processed by the service team. Your data will only be stored to respond to your message and in compliance with the legal and contractual requirements. They will be deleted as soon as they are no longer needed as evidence or for revision. If the competent service team is unable to respond, your message will be forwarded to the appropriate division of the Federal Ministry of the Interior and Community.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

6.4. Which data do we process when you contact the Federal Ministry of the Interior and Community by post?

If you write us a letter, the data you send (e.g. last name, first name, address) and the information contained in the letter (including, where applicable, personal data communicated by you) will be saved to enable your enquiry to be processed and so that we can contact you. At the Federal Ministry of the Interior and Community, such data will be processed in line with section 3.5 of the general Privacy Policy of the Federal Ministry of the Interior and Community.

6.5. Which data do we process when you contact the public enquiry service at the Federal Ministry of the Interior and Community by telephone?

If you contact the public enquiry service using the telephone number +49 (0) 30 16861 0, no personal data will be collected. Personal data will be collected only if you request a written response or ask to be called back.

Such personal data will be processed and stored in line with section 3.4 of the general Privacy Policy of the Federal Ministry of the Interior and Community.

6.6. Which data do we process when you contact the Federal Portal service team by telephone?

If you contact the Federal Portal service team using the telephone number +49 (0) 30 2598 4402, no personal data will be collected.

Personal data will be collected only if you request a written response or ask to be called back. In these cases personal data will be processed and stored in line with section 6.1 above.

7. Forwarding your data to third parties

The Federal Information Technology Centre (ITZBund), Bonn office, Bernkasteler Str. 8, 53175 Bonn, Germany and Bundesdruckerei GmbH, Kommandantenstr. 18, 10969 Berlin, Germany, process data on behalf of the Federal Ministry of the Interior and Community.

A contract according to Article 28 (3) of the GDPR has been concluded with each of these service providers; the Federal Ministry of the Interior and Community remains responsible for data protection.

8. Your rights as a data subject

You have the following rights vis-à-vis the Federal Ministry of the Interior and Community with regard to personal data concerning you:

  • Right of access (Article 15 of the GDPR)
    This right gives data subjects comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by section 34 of the Federal Data Protection Act (Bundesdatenschutzgesetz).
  • Right to rectification (Article 16 of the GDPR)
    The right to rectification includes the option of having inaccurate personal data concerning the data subject corrected.
  • Right to erasure (Article 17 of the GDPR)
    The right to erasure includes the option of having data concerning the data subject deleted by the controller. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by section 35 of the Federal Data Protection Act (Bundesdatenschutzgesetz).
  • Right to restriction of processing (Article 18 of the GDPR)
    This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights.
  • Right to data portability (Article 20 of the GDPR)
    The right to data portability gives data subjects the option of receiving from the controller the personal data concerning them in a commonly used and machine-readable format in order to have them transmitted to another controller. According to Article 20 (3) sentence 2 of the GDPR, this right does not apply if the data processing is necessary to perform a task carried out in the public interest.
  • Right to object to collection, processing and/or use (Article 21 GDPR)
    The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests. Exceptions to this right are governed by section 36 of the Federal Data Protection Act (Bundesdatenschutzgesetz).
  • Right to withdraw consent (Article 7 (3) of the GDPR)
    If the personal data are processed on the basis of consent, data subjects can withdraw their consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent remains unaffected until notification has been received that consent has been withdrawn.

8.2. How to assert your rights

You can also assert your rights in writing or electronically using the contact details provided in section 2 above.

Under Article 77 of the GDPR, you also have the right to lodge a complaint with a data protection supervisory authority. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information.

You may also submit questions and complaints directly to the data protection officer at the Federal Ministry of the Interior and Community mentioned in section 2 above.