Name and address of the controller
The controller in terms of the GDPR and the new Federal Data Protection Act (BDSG) is the
Press and Information Office of the Federal Government
State Secretary Stefan Kornelius
Dorotheenstraße 84
10117 Berlin
Telephone: 030 18 272-0
Fax: 030 18-272-2555
internetpost@bundesregierung.de
Technical implementation
]init[ - Aktiengesellschaft für digitale Kommunikation
Köpenicker Straße 9
10997 Berlin
Internet: www.init.de
I. Contact details of the data privacy officer
Pressand Information Office of the Federal Government - dataprivacyofficer -
Dorotheenstraße 84
10117 Berlin
Telephone: +49 (0)30 18 272-0
Fax: +49 (0)30 18-272-2555
datenschutzbeauftragte@bpa.bund.de
II. General information on data processing
1. Scope of processing personal data
We processpersonaldata of ourusersonly to theextentnecessaryforthepresentationandoptimisation of a functionalwebsite as well as ourcontentandservices.
Theprocessing of personaldata of ourusersregularlyonlytakesplacewiththeirconsent . An exceptionapplies in thosecaseswherethedataprocessing is permitted by law.
2. Legal basis for processing personal data
This website presented by the Press and Information Office of the Federal Government (Federal Press Office) and its individual components are part of the public relations work of the Federal Press Office. The legal basis for processing personal data within the framework of this public relations work is Article 6 (1) point (e) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 3 of the BDSG. Where we obtain consent to process personal data, the legal basis is provided by Article 6 (1) point (a) of the GDPR.
The legal basis for processing personal data which is required for the performance of a contract to which you are a party (e.g. ordering publications and newsletters) is Article 6 (1) point (b) of the GDPR. This also applies to pre-contractual measures.
3. Data erasure and storage duration
Yourpersonaldata will be erased or blocked, as soon as thepurposeforwhich it was stored no longerapplies .
III. Provision of the website and creation of log files
1. Description and scope of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. We log the following data:
- Information regarding the browser type and version used
- The user’s operating system
- The user’s IP address
- on the delivery servers for 90 days. This serves to ensure the website’s functioning and protect against attacks (e.g. DDoS).
- Date and time of access including URL accessed, HTTP method used and status code returned, as well as the volume of data transmitted
- HTTP Request Header Origin transmitted by the client
- Websites from which the user’s system accesses our website
- are saved as the referrer
2. Legal basis for data processing
The legal basis for the temporary storage of data and the log files is Article 6 para. 1 lit. e GDPR in conjunction with § 3 BDSG-new.
3. Purpose of the data processing
The system needs to store the user’s IP address temporarily in order to enable delivery of the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
The IP is stored on the delivery servers for 90 days. This serves to ensure the website’s functioning and protect against attacks (e.g. DDoS).
4. Storage duration
The log files are stored centrally and deleted after 90 days.
5. Options for objecting to the collection of your data and requesting its deletion
Collecting data in order to provide the website and storing data in log files is absolutely necessary for the website to function. Consequently, the user has no opportunity to object.
IV. Use of cookies
a) Description and scope of data processing
Some cookies are required to provide you with the basic functions of the website and, therefore, cannot be deactivated.
In detail, these cookies are as follows:
CM_SESSIONID – CoreMedia Sessioncookie: This cookie is a session identifier and allows the server to allocate the right session to the user on reloading the website. Even if the website is opened in a new tab, the server can allocate the session number. This is a standard cookie of the product CoreMedia.
cookie-allow-necessary – A cookie to save the setting “Only necessary cookies”. Standard setting on visiting the website.
cookie-banner – Cookie to hide the cookie banner. Prevents the banner being shown again after loading the website.
cookie-allow-tracking – Cookie stores the user’s interaction with the banner.
mtm_consent_removed – The cookie “mtm consent removed” is activated when the page is first accessed since the user has not agreed to tracking by the statistics tool Matomo when calling up the website. The cookie contains the information that tracking has not been agreed to.
mtm_consent – If the checkbox “statistics” in the cookie banner is selected, the cookie “mtm_consent_removed” is removed and replaced by the cookie “mtm_consent”. This cookie contains the information that the user has agreed to tracking. As soon as users deselect the cookie, the cookie “mtm_consent” is replaced again by “mtm_consent_removed”.
INGRESSCOOKIE – Cookie for storing information in forms, for example in the contact form or when changes are made to the shopping cart.
enodia – Cookie used to prevent DDoS and thus ensure the security of the website.
SERVERID – Cookie which enables the website to load faster.
b) Legal basis for data processing
The legal basis for processing personal data using cookies is Article 6 (1) point (e) of the GDPR in conjunction with Section 3 of the new BDSG and/or Article 6 (1) point (a) of the GDPR for cookies which require consent.
c) Purpose of data processing
The purpose of using the technically necessary cookies is to enable the shopping basket function to work properly.
The user data collected by technically necessary cookies will not be used to create user profiles.
d) Duration of storage and rights to objection and deletion
Cookies are stored on the user's computer and transmitted to our site from there. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Previously stored cookies can be deleted at any time. This can also be done automatically. Matomo is deactivated when you visit our website. Only after you have actively allowed it will your user behaviour be recorded anonymously.
V. Web analytics by Matomo
1. Scope of processing personal data
On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. This is an open source web analysis tool. Matomo does not transfer any data to servers outside the control of the Federal Press Office. Matomo does not record any session data without your consent.
Matomo uses cookies. These text files are saved on your computer and enable the Federal Press Office to analyse how its website is used. The information on usage collected by the cookie is transferred to the Federal Press Office server and saved there so that we can analyse user behaviour. For us, your IP address is an anonymous code. This means we have no technical means of identifying you as a registered user. You will remain anonymous as a user.
The Federal Press Office regards this analysis as an integral part of its online service. Its aim is to consistently improve the website and align it more closely with user needs.
If you consent to web analytics by Matomo, the following data is stored when individual pages of our website are accessed:
(1) 2 Bytes of the IP address of theuser’saccessingsystem
(2) thewebsiteaccessed
(3) thewebsitefromwhichtheuserreachedthewebsiteaccessedhere (referrer)
(4) theotherwebpagesvisitedfromthemainwebsiteaccessed
(5) thetimespentlooking at thewebsite
(6) thefrequencywithwhichthewebsite is accessed.
The analysis software runs exclusively on the servers of our website. Storage of the user’s personal data only takes place there. The data is not passed on to third parties.
You can decide here whether or not to allow a web analysis cookie to be stored in your browser to enable the Federal Press Office to gather and analyse statistical data.
If youdecideagainstthis , click on the link below to storetheMatomodeactivationcookie in yourbrowser .
You can decide here whether or not to allow a web analysis cookie to be stored in your browser to enable the website operator to gather and analyse statistical data. If you decide against this, remove the tick from the box below to store the Matomo deactivation cookie in your browser.
Currently your visit to this website is being recorded by Matomo web analysis. If you do not wish your visit to be recorded in future, click here.
2. Legal basis for processing personal data
The legal basis for processing personal data of users is Article 6 (1) point (a) of the GDPR.
3. Purpose of data processing
The processing of personal data of users enables us to analyse the surfing behaviour of our users. By evaluating the collected data, we are able to generate information about the use of the individual components of our website. This helps us to continually improve our website and its user-friendliness. By anonymising the IP address, the interests of the users regarding protection of personal data are sufficiently taken into account.
4. Duration of storage
The data is deleted as soon as it is no longer needed for our record-keeping purposes. The generated statistics and underlying data are not deleted.
5. Right to objection and deletion
Cookies are stored on the user's computer and transmitted to our site from there. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Previously stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you might not be able to fully use all of the website’s functions.
Please see the following link for more information about the privacy settings of the Matomo software: https://matomo.org/docs/privacy/.
You are hereby reminded of your rights to correction, erasure and objection in terms of Articles 16, 17 and 21 GDPR; see Chapter XI for more details.
VI. Newsletter
1. Description and scope of data processing
You have the opportunity to subscribe to free newsletters on our website. When you register to receive a newsletter, the data from the input form is sent to us. This is your e-mail address, together with your choice of the desired format.
In addition, the following data is recorded when you subscribe:
(1) the IP address of theaccessingcomputer
(2) thedateandtime of registration.
During the newsletter registration process, your consent is obtained for processing the data for this purpose, and you are referred to this privacy policy.
There is no disclosure of data to third parties during the data processing required for dispatching newsletters. The data is used solely for sending the newsletter.
2. Legal basis for data processing
The legal basis for processing data after registration for the newsletter by the user, once their consent has been obtained, is Article 6 (1) point (a) of the GDPR. In addition, the newsletter subscription is based on a contractual relationship, so Article 6 (1) point (b) of the GDPR also applies.
3. Purpose of data processing
The collection of the user’s e-mail address is for the purpose of delivering the newsletter.
The collection of other personal data in the context of the registration process is to prevent abuse of the services or the e-mail address.
4. Duration of storage
The data is deleted as soon as the purpose for which it was stored no longer applies. The e-mail address of the user is therefore stored as long as the newsletter subscription is active.
The newsletter is delivered based on registration by the user at the website.
Theotherpersonaldatacollected as part of theregistrationprocessareusuallydeletedafter a period of sevendays .
5. Right to objection and deletion
Theusercancancelthesubscription to thenewsletter at anytime . There is a corresponding link in every newsletterforthispurpose .
This also enables a withdrawal of theconsent to thestorage of personaldatacollectedduringtheregistrationprocess .
Youcanhavethedatastoredaboutyoumodified at anytime .
VII. Contact form, e-mail contact and postal contact
1. Description and scope of data processing
There is a contact form on our website which can be used for contacting us online. If you make use of this opportunity, the data entered in the input form is sent to us and stored. This data is:
subject
yourmessage
title, firstnameandsurname , e-mailaddress , streetandhousenumber , postalcode , city.
At the time of sending the message, the following additional data is stored:
(1) the IP address of theuser
(2) thedateandtime of registration.
During the sending process, your consent is obtained for processing the data for this purpose, and you are referred to this privacy policy statement.
Alternatively, you can contact us via the e-mail address provided, or by post. In this case, the user's personal data transmitted together with the e-mail or letter is stored.
In this regard, there is no disclosure of data to third parties. The data is used solely for processing the conversation.
2. Legal basis for data processing
The legal basis for processing data in the course of sending an e-mail is Article 6 (1) point (e) of the GDPR. If the aim of the e-mail contact is the conclusion of a contractual relationship, then Article 6 (1) point (b) of the GDPR also applies to the data processing.
3. Purpose of data processing
The processing of personal data from the input form is used solely for us to handle the contact request. The other personal data processed during the sending process is intended to prevent misuse of the contact form, and to ensure the security of our information technology systems.
4. Duration of storage
The data is deleted as soon as the purpose for which it was stored no longer applies. There is a retention period of up to three years for the personal data entered into the contact form, and the data sent by e-mail or post.
The other personal data collected as part of the sending process is deleted after a maximum period of seven days.
5. Right to objection and deletion
The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us by e-mail, among other options, they can object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.
In this event, all personal data that has been stored in the course of the contact will be deleted.
VIII. Publications portal of the Federal Government
1. Description and scope of data processing
On our website you have access to the publications portal of the Federal Government, through which you can order publications. If you make use of this opportunity, the data entered in the input form is sent to the service provider tasked by us to process orders and stored in encrypted format. This data is:
title, firstnameandsurname , company
streetandhousenumber , postalcode , city, country
e-mail.
At the time of sending the message, the following additional data is stored:
(1) the IP address of theuser
(2) thedateandtime of registration.
The service providers tasked with order processing are:
IBRoVersandserviceGmbH
Kastanienweg 1
18184 Roggentin
GVPGemeinnützigeWerkstätten Bonn GmbH
Pfaffenweg 27
53227 Bonn
During the sending process, your consent is obtained for processing the data for this purpose, and you are referred to this privacy policy statement.
Alternatively, youcancontactthepublicationsdispatchservice via the e-mailaddressprovided , by fax, by post or by telephone. In thiscase , theuser'spersonaldatatransmittedtogetherwiththe e-mail, fax, post or telephonecallarestored .
In thisregard , there is no furtherdisclosure of data to otherthirdparties . Thedataareusedsolelyfortheorderinganddispatchingprocess .
2. Legal basis for data processing
The legal basisforprocessingdata in thecourse of sending an e-mail is Article 6 (1) point (b) of theGDPR .
3. Purpose of data processing
Theprocessing of personaldatafromtheinputform is usedsolelyforperformingtheorderinganddispatchingprocess . Theotherpersonaldataprocessedduringthesendingprocessareintended to preventmisuse of theinputform , and to ensurethesecurity of ourinformationtechnologysystems .
4. Duration of storage
Thedataaredeleted as soon as thepurposeforwhichtheywerestored no longerapplies . Theretentionperiodforthepersonaldataenteredintotheorderform , andthedatatransmitted by e-mail, fax, post or telephone, is threemonthsfromthedate of thecompletedispatch of theorder .
Theotherpersonaldatacollected as part of thesendingprocessaredeletedafter a maximumperiod of sevendays .
5. Right to objection and deletion
Theuserhastheright to withdrawconsent to theprocessing of personaldata at anytime . If theusercontacts us by e-mail, amongotheroptions , he or shecanobject to thestorage of personaldata at anytime . In such cases, it mightnot be possible to completetheorderinganddispatchingprocess .
In thisevent , all personaldatathathasbeenstored in thecourse of theorderingprocess will be deleted.
IX. Playing videos
To provide you with video material we use the LongTail Ad Solutions, Inc. (d/b/a JW Player, 2 Park Avenue, 10th Floor, New York, NY 10016, USA) plugin JWPlayer.
You can read the company’s data privacy statement at https://www.jwplayer.com/privacy. This website provides more information on the use of the JWPlayer plugin and the information collected. LongTail Ad Solutions has agreed to comply with the Privacy Shield Agreement with respect to the use of personal data and has been certified accordingly. LongTail Ad Solutions states that the IP address of the user and a unique identifier will be collected and stored when you use the plugin.
X. Federal Government app
The Federal Governmentappuses push servicesprovided by themanufacturer of theoperatingsystem . These areshortmessagesthatcan be shown on thedisplay of theuser’sdevice to alert theuser to warnings.
Shouldthe push services be used, an Apple devicetoken or a Googleregistration ID is allocated. This is only an encrypted, anonymousdevice ID. Itsonlypurpose is to allowthedelivery of push services. It is notpossible to identifytheindividualuser . If necessarythe push servicecan be modifiedwithintheappsettings . Youcan also usetheoperatingsystem of yoursmartphone to disablethereceipt of push notifications.
TheopensourcesoftwaretoolMatomo is usedfortheapp (seeSection V).
In addition, theinformationprovided in Section VI (Newsletter), SectionVII (Contactform , e-mailcontactandpostalcontact ) andSectionVIII (Publicationsportal of the Federal Government) also applyfortheapp .
XI. Information on your rights
If yourpersonaldataareprocessed , youare a datasubjectundertheprovisions of theGDPRandhavethefollowingrightsthatyoucandemandfromyourcontroller :
1. Right of access by thedatasubject – Art. 15 GDPR
Thedatasubjectshallhavetheright to obtainfromthecontrollerconfirmation as to whether or notpersonaldataconcerninghim or her arebeingprocessed .
Wherethis is thecasethedatasubject is entitled to obtainthefollowinginformationfromthecontroller :
(1) thepurposes of theprocessing of personaldata ;
(2) thecategories of personaldataconcerned ;
(3) therecipients or categories of recipient to whomthepersonaldatahavebeen or will be disclosed;
(4) theenvisagedperiodforwhichthepersonaldata will be stored, or, if no specificinformationcan be given, thecriteriaused to determinethatperiod ;
(5) theexistence of theright to requestfromthecontrollerrectification or erasure of personaldata or restriction of processing of personaldataconcerningthedatasubject or to object to such processing;
(6) theright to lodge a complaintwith a supervisoryauthority ;
(7) wherethepersonaldataarenotcollectedfromthedatasubject , anyavailableinformation as to theirsource ;
(8) theexistence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPRand , at least in thosecases , meaningful informationaboutthe logic involved, as well as the significance andtheenvisaged consequences of such processingforthedatasubject .
Thedatasubject is entitled to information on whether pertinent personaldataaretransferred to a thirdcountry or international organisation. Wherethis is thecase , thedatasubjectshallhavetheright to be informed of the appropriate safeguards pursuant to Article 46 GDPRrelating to thetransfer . Please also seetheRight to data portability, pursuant to Article 20 GDPR.
2. Right to rectification – Art. 16 GDPR
Thedatasubjectshallhavetheright to obtainfromthecontrollertherectificationand /or completion of incorrect or incomplete personaldataconcerninghim or her. Thecontrollershallmakethe corrections without undue delay.
3. Right to restriction of processing – Art. 18 GDPR
Thedatasubjectshallhavetheright to obtainfromthecontrollerrestriction of processingwhere one of thefollowingapplies :
(1) the accuracy of thepersonaldata is contested by thedatasubject , for a period enabling thecontroller to verify the accuracy of thepersonaldata ;
(2) theprocessing is unlawful andthedatasubject opposes theerasure of thepersonaldataand requests therestriction of theiruse instead;
(3) thecontroller no longerneedsthepersonaldataforthepurposes of theprocessing , but theyarerequired by thedatasubjectforthe establishment, exercise or defence of legal claims;
(4) thedatasubjecthas objected to processing pursuant to Article 21 (1) GDPR pending the verification whetherthe legitimate grounds of thecontroller override those of thedatasubject .
Whereprocessinghasbeen restricted, such personaldatashall , withtheexception of storage, only be processedwiththedata subject’s consent or forthe establishment, exercise or defence of legal claims or fortheprotection of therights of another natural or legal person or forreasons of important public interest of the Union or of a Member State.
A datasubject who hasobtainedrestriction of processing on thebasis of the above preconditions shall be informed by thecontrollerbeforetherestriction of processing is lifted.
4. Right to erasure – Art. 17 GDPR
a) Right to be forgotten
Thedatasubjectshallhavetheright to obtainfromthecontrollertheerasure of personaldataconcerninghim or her without undue delay andthecontrollershallhavethe obligation to erase personaldata without undue delay where one of thefollowing grounds applies:
(1) thepersonaldataare no longernecessary in relation to thepurposesforwhichtheywerecollected or otherwise processed;
(2) thedatasubject withdraws theconsent on whichtheprocessing is basedaccording to point (a) of Article 6 (1), or point (a) of Article 9 (2) GDPR, andwherethere is no other legal ground fortheprocessing ;
(3) thedatasubject objects to theprocessing pursuant to Article 21 (1) GDPRandthereare no overriding legitimate grounds fortheprocessing , or thedatasubject objects to theprocessing pursuant to Article 21 (2) GDPR;
(4) thepersonaldatahavebeen unlawfully processed;
(5) thepersonaldatahave to be erasedfor compliance with a legal obligation in Union or Member Statelaw to whichthecontroller is subject;
(6) thepersonaldatahavebeencollected in relation to theoffer of information society servicesreferred to in Article 8 (1) GDPR.
b) Information to third parties
Wherethecontrollerhas made thepersonaldatapublicand is obliged pursuant to Article 17 (1) GDPR to erase thepersonaldata , thecontroller , taking account of availabletechnologyandthe cost of implementation, shall take reasonable steps, including technicalmeasures , to inform controllers processingthepersonaldatathatthedatasubjecthas requested theerasure by such controllers of any links to, or copy or replication of, thosepersonaldata .
c) Exceptions
Theright to be forgotten shallnotapply to theextentthatprocessing is necessary:
(1) for exercising theright of freedom of expression andinformation ;
(2) for compliance with a legal obligation whichrequiresprocessing by Union or Member Statelaw to whichthecontroller is subject or fortheperformance of a task carried out in thepublic interest or in the exercise of official authority vested in thecontroller ;
(3) forreasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) GDPR;
(4) for archiving purposes in thepublic interest, scientific or historical research purposes or statisticalpurposes in accordance withArticle 89 (1) GDPR in so far as therightreferred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of thatprocessing ; or
(5) forthe establishment, exercise or defence of legal claims.
5. Notification obligation – Art. 19 GDPR
Should the data subject have made use of the right to rectification or erasure of data or restriction of processing vis à vis the controller, the latter is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
Thedatasubject is entitled to be informed by thecontrolleraboutthoserecipients .
Theright to data portability doesnotapply to processingpersonaldatawhich is requiredforperformance of a task carried out in thepublic interest or in the exercise of official authority vested in thecontroller .
6. Right to data portability – Art. 20 GDPR
Thedatasubjectshallhavetheright to receivethepersonaldataconcerninghim or her, which he or shehasprovided to a controller, in a structured, commonly usedand machine-readable formatandhavetheright to haven thedatatransmitted to anothercontroller , where:
- theprocessing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR; and
- theprocessing is carried out by automated means.
In exercising his or her right to data portability pursuant to paragraph 1, thedatasubject
shallhavetheright to havethepersonaldatatransmitted directly from one controller to another, wheretechnically feasible.
7. Right to object – Art. 21 GDPR
Thedatasubjectshallhavetheright to object, on grounds relating to his or her particular situation, at anytime to processing of personaldataconcerninghim or her which is based on point (e) of Article 6 (1).
Thecontrollershall no longerprocessthepersonaldata unless thecontroller demonstrates compelling legitimate grounds fortheprocessingwhich override theinterests , rightsand freedoms of thedatasubject or forthe establishment, exercise or defence of legal claims.
8. Right to withdraw consent – Art. 7 (3) GDPR
Thedatasubjectshallhavetheright to withdraw his or her consent at anytime . Thewithdrawal of consentshallnot affect the lawfulness of processingbased on consentbeforeitswithdrawal .
9. Right to lodge a complaint with a supervisory authority – Art. 77 GDPR
Without prejudice to anyother administrative or judicial remedy, every datasubjectshallhavetheright to lodge a complaintwith a supervisoryauthority , if thedatasubject considers thattheprocessing of personaldatarelating to him or her infringes theprovisions of GDPR.
Thesupervisoryauthoritywithwhichthecomplainthasbeen lodged shallinformthe complainant on the progress andthe outcome of thecomplaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Responsible supervisoryauthority :
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Telephone: +49 (0)228-997799-0
Fax: +49 (0)228-997799-5550
E-Mail: poststelle@bfdi.bund.de
Version: May 2025