Privacy Policy

1. Introduction

As an agency of the Federal Republic of Germany without legal capacity, the Federal Ministry of the Interior, Building and Community (BMI) provides the Federal Portal. The Federal Portal offers a single point of access to digital government services provided by the Federation and the Länder.

When you use the Federal Portal, your personal data are processed (Article 4 no. 1 of the General Data Protection Regulation – GDPR). The information below provides details of the type of personal data processed, the purposes and legal basis of the processing, and your rights.

2. Controller and data protection officer

The Federal Ministry of the Interior, Building and Community is responsible for operating the Federal Portal in accordance with data protection law (Article 4 no. 7 of the GDPR).

Note: When you use an online application form to request or use a government service within the Federal Portal, responsibility under data protection law for processing any data collected within the scope of your request or use lies with the authority providing this online government service. In this context, the Federal Ministry of the Interior, Building and Community processes your data only on behalf of the responsible authority. Additional information and explanations concerning data proessing for each process are available in the Privacy Policy to which each online form has a link.

You can reach us at the following address:

Bundesministerium des Innern, für Bau und Heimat
Alt-Moabit 140
10557 Berlin, Germany
Phone: +49 (0)30 18 681-0
Fax: +49 (0)30 18 681-12926
Email: poststelle@bmi.bund.de
DE-Mail: poststelle@bmi-bund.de-mail.de

Note: End-to-end encryption is not used as standard for the transmission of emails (not DE-Mail), which means that unauthorised persons could potentially access and manipulate the information transmitted. For information that requires protection, we therefore recommend that you contact us as follows:

You can reach the BMI Data Protection Officer at the following address:

Bundesministerium des Innern, für Bau und Heimat
Der/die Datenschutzbeauftragte
Alt-Moabit 140
10557 Berlin, Germany
Phone: +49 (0)30 18 681-0
Email: bds@bmi.bund.de

3. Where is the Federal Portal hosted, and by whom?

The Federal Portal is hosted by the Federal Information Technology Centre (ITZBund). The Federal Information Technology Centre is part of the federal administration. It is the provider of federal IT services. The data centres of the Federal Information Technology Centre are located in Germany. No data processing related to the Federal Portal takes place outside of Germany.

4. Personal data, purposes and legal basis of the processing

4.1. What are personal data?

Personal data means any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, an identification number, location data or an online identifier (Article 4 no. 1 of the GDPR).

4.2. Which data do we collect when you visit the Federal Portal website?

Every time you visit the Federal Portal website, the following data, which are technically necessary to display the website and to ensure the stability and security of this service, are collected on our servers:

  • the date and time of access,
  • the name and URL of the files retrieved,
  • the website from which access was made,
  • the operating system of your computer and the browser you use,
  • your IP address,
  • the name of your internet service provider.

The data are written in what are known as log files (technical log files), where they are stored for a period of 90 days. After that time, the data are automatically deleted. Technical and organisational safeguards have been put in place to ensure that only a defined group of suitably instructed administrators have access. These data are not combined with other data sources.

Processing is carried out in compliance with Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

4.3. What are cookies and which cookies are used?

Cookies are small pieces of data that a website can place locally in the memory of your web browser on your computer. They contain identifiers (randomly generated identification numbers), which the server can use to clearly assign requests coming from your access device. In this way, a request can also be clearly assigned to a specific user.

The Federal Portal website uses cookies

to recognise your browser for the current session in the Federal Portal so that you can use the different functions of the Federal Portal in full;

  • to enable your authentication for your Federal User Account;
  • to authenticate you for a specialised service if necessary (authentication with your Federal User Account); and
  • to run web analytics – with your consent – in order to generate anonymous user statistics, i.e. to store your decision for or against analytics.

The encrypted authentication cookies are deleted immediately after authentication. The cookies used to recognise the browser session are deleted either when the browser session ends or after 30 minutes at the latest.

Cookies used for web analytics expire after one day (visitor cookie to recognise your browser) or five days (cookie indicating whether you accepted or denied web analytics in your browser). You can find more information in section 4.5 below.

Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for processing personal data using cookies.

Note: With any internet browser, you can see when cookies have been set and what they contain. Depending on which browser you use, you can set your browser to accept cookies in general, to accept only certain cookies or to reject all cookies. Your browser will usually also show you which cookies are stored on your access device so that you can delete all or some of them.

4.4. Which data do we process when you sign in to your Federal User Account via the Federal Portal?

Depending on which government service you request or use, you may be required to authenticate yourself. Authentication takes place via your Federal User Account . Following successful authentication, your identity and, if applicable, communication data will be transmitted to a Federal User Account extension. The legal basis for this is your consent in accordance with Article 6 (1) (a) of the GDPR, which you provided when registering your user account. Further details are available in the Privacy Policy for the Federal User Account.

Note: Sole responsibility under data protection law for processing any data collected within the scope of your request for or use of an online government service lies with the authority providing the government service. The Federal Portal only provides the technical platform through which the relevant authorities can offer forms online. Additional information and explanations concerning data processing for each process are available in the Privacy Policy to which each online form has a link.

4.5. Which data do we process when gathering web analytics/user statistics?

If you accepted cookies and similar technologies in the “Web analytics settings” banner, the Federal Portal will analyse usage and visitor information for statistical purposes in order to provide information as needed and improve the functions of the Federal Portal.

We use the web analysis service Matomo to compile the following information into anonymised statistics:

  • the URL of the site you visited,
  • the time you opened the site,
  • the previous Federal Portal page you visited (called “referrer”),
  • how much time you spent on the website you visited,
  • how often you visited the website,
  • the country from which the site was accessed,
  • the type of device you used (PC, mobile phone, tablet).

Using JavaScript (client-side scripting language to modify websites and analyse user interactions on these websites); a cookie; and a web beacon (transparent 1×1 pixel image downloaded by your browser when accessing a Federal Portal website), we collect the following data to compile the statistics:

  • your IP address,
  • the time you opened the site,
  • the operating system of your device and the browsers you use,
  • the language preferences stored in your browser (Accept-Language),
  • the screen resolution of your device.

We do not store your entire IP address; two bytes are masked (e.g. IPv4: 217.110.196.000 instead of 217.110.196.152, IPv6: 2001:db8:0:8d3:0:8a2e:70:7344 becomes 2001:db8:0:8d3:0:0:0:0). The shortened IP address can no longer be traced back to the computer accessing the website.

The website recognises your browser using a “visitor” cookie. The privacy-friendly setting of this cookie is to expire after only one day. This means that after one day, you will count as a new visitor when using this browser.

Web analytics are disabled in the default settings. Use the following link to allow the use of cookies, JavaScript and a web beacon; to allow the Federal Portal to gather and analyse the aforementioned fully anonymised data of your visit for statistical purposes; or to view or change your previous choice.

Click on “Web analytics settings” in the footer to view or change your settings at any time.

If you have enabled “do not track” in your browser, web analytics will be automatically denied.

Your choice on web analytics on the Federal Portal will be stored in a browser cookie for five days. After that period, you will once again be asked to make a choice.

The legal basis for processing personal data is Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act of the BDSG.

4.6. Which data do we process when gathering user statistics (visitor statistics)/feedback on services of the Single Digital Gateway of the European Union?

The Federal Portal is part of the Single Digital Gateway (SDG) of the European Union, which provides cross-border access to online government services.
To improve the functionality of the information and services offered through the Single Digital Gateway and to increase user satisfaction, we gather user statistics and provide a feedback tool for you.

We compile the following information in statistics:

  • the URL of the site you visited within the SDG,
  • the time you opened the site,
  • the country from which the site was accessed,
  • the type of device you used (PC, mobile phone, tablet).

To compile the statistics, we collect the following data:

  • the operating system of your device and the browser you use,

User feedback (if you have provided such feedback):

Questions related to the information and services provided (these are found at the end of the service description under the heading “Give us your opinion”).

  • Did you find what you were looking for (yes/no/partly)?
  • How would you rate this site on a scale of 1 to 5?
  • Free text field: What can we improve?

The answers you submit as user feedback are not linked to your IP address.

Statistics and feedback are collected on a monthly basis and transmitted to the European Union’s shared data repository at the beginning of the following month (content of free text fields is generally not transmitted).

Article 6 (1) (e) of the GDPR in conjunction with Article 24 of Regulation (EU) 1024/2012 on the Single Digital Gateway (SDG) in conjunction with Article 3 (1) of Commission Implementing Regulation (EU) 2020/1121 provides the legal basis for processing your personal data for the purpose of compiling user statistics. Article 6 (1) (e) of the GDPR in conjunction with Article 25 of Regulation (EU) 1024/2012 on the Single Digital Gateway (SDG) in conjunction with Articles 8 and 10 (2) of Commission Implementing Regulation (EU) 2020/1121 provides the basis for processing your feedback (with the exception of content entered into free text fields). Article 6 (1) (e) of the GDPR in conjunction with section 3 of the BDSG provides the legal basis for processing your responses entered into free text fields.

4.7. Which data do we process when you contact us via the support or feedback form?

When you send us a contact request using the support form or the feedback form provided on the Federal Portal (both forms are available via the wide black footer at the bottom of each page), we record the following data:

  • your IP address,
  • the previous Federal Portal page you visited (called “referrer”),
  • the date and time when you sent the message,
  • your name, phone number or email address if you have provided this information,
  • the content of your message.

If you send us a message via one of the two forms including your email address, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us.

The information provided through the forms is transmitted via an encrypted HTTPS connection.

If you do not consent to the processing of your data, you can cancel the process at any time and your message will not be submitted.

Depending on your browser, you may disable referrer tracking.

Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for processing your contact with us.

Your contact with us is processed by the competent service team. Your data will only be stored to respond to your message and in compliance with the legal and contractual requirements. They will be deleted as soon as they are no longer needed as evidence or for revision. If the competent service team is unable to respond, your message will be forwarded to the appropriate division.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Note: If you make contact in connection with a future, ongoing or completed request for or use of an online government service, we may forward your message to the authority responsible for this government service. The authority in question will then process your enquiry directly.

4.8. Which data do we process when you send us a request by email?

If you send an email to the central poststelle@bmi.bund.de address or to poststelle@bmi-bund.de-mail.de, we process:

  • the email address from which you contacted us,
  • the date and time we received your email,
  • the content of your message.

If you contact us by email, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us. In some cases, the BMI may also forward support requests to the ITZBund for processing. The purpose of this is to enable the Federal Information Technology Centre to answer technical support queries which the BMI is unable to answer as these matters do not belong to its sphere of responsibility.

Such data will be processed in line with section 3.1 of the general Privacy Policy of the Federal Ministry of the Interior, Building and Community.

4.9. Which data do we process when you contact the Federal Portal service team by email?

If you send an email to support-bundesportal@bdr.de, we process:

  • the email address from which you contacted us,
  • the date and time we received your email,
  • the content of your message.

If you contact us by email, we will assume that we are authorised to reply by email. If not, please specifically indicate how you wish to communicate with us.
Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act provides the legal basis for processing your contact with us.

Your contact with us is processed by the competent service team. Your data will only be stored to respond to your message and in compliance with the legal and contractual requirements. They will be deleted as soon as they are no longer needed as evidence or for revision. If the competent service team is unable to respond, your message will be forwarded to the appropriate division.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Note: If you make contact in connection with a future, ongoing or completed request for or use of an online government service, we may forward your message to the authority responsible for this government service. The authority in question will then process your enquiry directly.

4.10. Which data do we process when you contact us by post?

If you write us a letter, the data you send (e.g. last name, first name, address) and the information contained in the letter (including, where applicable, personal data communicated by you) will be saved to enable your enquiry to be processed and so that we can contact you. At the BMI, such data will be processed in line with section 3.5 of the general Privacy Policy of the Federal Ministry of the Interior, Building and Community.

4.11. Which data do we process when you contact the BMI’s public enquiry service by telephone?

If you contact the BMI’s public enquiry service using the telephone number +49 (0) 30 16861 0, no personal data will be collected. Personal data will be collected only if you request a written response or ask to be called back.
Such personal data will be processed and stored in line with section 3.4 of the general Privacy Policy of the Federal Ministry of the Interior, Building and Community.

4.12. Which data do we process when you contact the Federal Portal service team by telephone?

If you contact the Federal Portal service team using the telephone number +49 (0) 30 2598 4402, no personal data will be collected. Personal data will be collected only if you request a written response or ask to be called back. In these cases personal data will be processed and stored in line with section 4.7 above.

4.13. Forwarding your data to third parties

We pass on your data to third parties in the following cases:

You request or use a government service using your Federal User Account. In this case, your identity data will be disclosed to the authority responsible for this government service. How many of your identity data will be disclosed depends on the requested service and possibly on your consent to processing.

Your data are transmitted on the basis of your consent in accordance with Article 6 (1) (a) of the GDPR, which you provided when registering your user account. Further details on data transmission and the Federal User Account in general are available in the Privacy Policy for the Federal User Account.

Note: Sole responsibility under data protection law for processing any data collected within the scope of your request for or use of an online government service lies with the authority providing the government service. The Federal Portal only provides the technical platform through which the relevant authorities can offer forms online. Additional information and explanations concerning data processing for each process are available in the Privacy Policy to which each online form has a link.

4.13.1. Other recipients of personal data

The Federal Information Technology Centre (ITZBund), Bonn office, Bernkasteler Str. 8, 53175 Bonn, Germany, and Bundesdruckerei GmbH, Kommandantenstr. 18, 10969 Berlin, Germany, process data on behalf of the Federal Ministry of the Interior, Building and Community. A contract according to Article 28 (3) of the GDPR has been concluded with each of these service providers; the BMI remains responsible for data protection.

5. Your rights as a data subject

5.1. Your rights

You have the following rights vis-à-vis the BMI with regard to personal data concerning you:

  • Right of access (Article 15 of the GDPR)
    This right gives data subjects comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by section 34 of the Federal Data Protection Act.
  • Right to rectification (Article 16 of the GDPR)
    The right to rectification includes the option of having inaccurate personal data concerning the data subject corrected.
  • Right to erasure (Article 17 of the GDPR)
    The right to erasure includes the option of having data concerning the data subject deleted by the controller. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by section 35 of the Federal Data Protection Act.
  • Right to restriction of processing (Article 18 of the GDPR)
    This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights.
  • Right to data portability (Article 20 of the GDPR)
    The right to data portability gives data subjects the option of receiving from the controller the personal data concerning them in a commonly used and machine-readable format in order to have them transmitted to another controller. According to Article 20 (3) sentence 2 of the GDPR, this right does not apply if the data processing is necessary to perform a task carried out in the public interest.
  • Right to object to collection, processing and/or use (Article 21 GDPR)
    The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests. Exceptions to this right are governed by section 36 of the Federal Data Protection Act.
  • Right to withdraw consent (Article 7 (3) of the GDPR)
    If the personal data are processed on the basis of consent, data subjects can withdraw their consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent provided remains unaffected until notification has been received that consent has been withdrawn.

5.2. How to assert your rights

You can also assert your rights in writing or electronically using the contact details provided in section 2 above.

Under Article 77 of the GDPR, you also have the right to lodge a complaint with a data protection supervisory authority. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information .

You may also submit questions and complaints directly to the BMI data protection officer named in section 2 above.

As at: 9 September 2021