Privacy Policy

Note:
This privacy policy was translated from German into English with Google Translate. Therefore, mistakes might occur in the following translation. We are working on an adequate transferring of our privacy policy into English.

The protection of your personal data is of particular concern to the Federal Office for Civil Protection, which is why we only process personal data to the necessary extent. Which data is required and processed for what purpose and on what basis depends largely on the type of service that you use or on the task for which we need it.

You can find more detailed information on which data is collected for what purpose and on what basis, how you can contact the responsible body and the person responsible for data protection and what rights you have in relation to the processing of personal data in this data protection declaration.

The processing of personal data in the BBK takes place in accordance with the European General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act (BDSG).

1. Basics

1.1 In charge and data protection officer

In charge for the processing of personal data is the

Federal Office for Civil Protection

Provinzialstr. 93

53127 Bonn

Germany

Phone: +49 22899 550-0

Fax: +49 22899 550-1620

Email: poststelle@bbk.bund.de

If you have specific questions about the protection of your data, please contact the person responsible for data protection at the BBK:

Person responsible for data protection at the BBK

Federal Office for Civil Protection

Provinzialstr. 93

53127 Bonn

Germany

Phone: +49 22899 550 0

Email: datenschutz@bbk.bund.de

1.2 Personal Data

Personal data is any information relating to an identified or identifiable natural person. A natural person is considered to be identifiable if they can be identified directly or indirectly - in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier.

1.3 Protection of minors

Persons under the age of 16 should not transmit any personal data to us without the consent of their parents or guardians. We do not request any personal data from children and young people. We do not knowingly collect such data and do not pass it on to third parties.

1.4 Legal basis for processing personal data

The BBK processes personal data when performing the tasks incumbent on it that are in the public interest. The public tasks of the BBK include, in particular, public relations and, among other things, the provision of information for the public on this website. The legal basis for processing is Article 6 paragraph 1 lit. e of the EU General Data Protection Regulation (GDPR) in conjunction with the relevant national or European task standard or in conjunction with Section 3 BDSG. Insofar as processing of personal data should be necessary in individual cases to fulfill a legal obligation, Article 6 (1) (c) GDPR in conjunction with the relevant legal provision from which the legal obligation arises also serves as the legal basis.

When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR also serves as the legal basis in individual cases. This also applies to processing operations that are necessary to carry out pre-contractual measures. As a contracting party under civil law, the BBK is particularly active in the area of personnel recruitment and procurement. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 lit. d GDPR is the legal basis.

On the basis of Article 6 paragraph 1 lit. e GDPR in conjunction with Section 5 of the Act on the Federal Office for Information Security (BSI Act) we are authorized to store data to protect against attacks on the Internet infrastructure of the BBK and the Federal communications technology beyond the time of your visit. This data is analyzed and used in the event of attacks on the communication technology to initiate legal and criminal prosecution. The data will be deleted as soon as they are no longer required to fulfill the task. Data logged when accessing the BBK's website will only be transmitted to third parties if we are legally obliged to do so or if disclosure is necessary for legal or criminal prosecution in the event of attacks on federal communications technology. Disclosure in other cases does not take place. The BBK does not merge this data with other data sources, for example to create user profiles.

2 Data processing by visiting this website

2.1 Access to www.bbk.bund.de

Every time you visit a website, data is collected and exchanged that is required to provide the website www.bbk.bund.de. These are:

  • IP address of the internet service provider,
  • type and version of your Internet browser,
  • operating system used,
  • the previously visited page (referrer URL),
  • date and time,
  • the specific destination address,
  • called page/name of called file,
  • amount of data transferred,
  • message whether the access/retrieval was successful.

When using the website www.bbk.bund.de, this data is also stored in log files beyond the time of the visit on ITZBund servers. We are on the basis of Article 6 paragraph 1 lit. e EU General Data Protection Regulation (GDPR) in conjunction with § 5 and § 4 paragraph 2 sentence 1 number 4 of the Civil Protection and Disaster Assistance Act (ZSKG) within the framework of the statutory task " Self-protection and information of the population" authorized to process this data beyond the time of your visit. This data is analyzed and required for statistical and backup purposes and for optimization. Data logged when accessing the website www.bbk.bund.de will only be transmitted to third parties if we are legally obliged to do so. A transfer in other cases does not take place. The BBK does not merge this data with other data sources.

For the highest possible data security, your personal data will be protected by us with the greatest care and with technological procedures such as SSL encryption. SSL stands for "Secure Sockets Layer" and is an encryption method that is used successfully throughout the world wide web.

2.2 Access to the BBK website - data processing by visiting this website

2.2.1 Log files

Every time an affected person or an automated system accesses the website of the Federal Office for Civil Protection and Disaster Assistance, a series of general data and information is recorded by the system. This general data and information is stored in the log files of the server.

The following data is stored in the log files for 30 days:

  • date and time of retrieval (time stamp),
  • request details and destination address (protocol version, HTTP method, referrer, UserAgenString),
  • name of the retrieved file and amount of data transferred (requested URL including query string, size in bytes),
  • notification of whether the retrieval was successful (HTTP status code)

When using these general data and information, the BBK does not draw any conclusions about the data subject. There is no personal evaluation or an evaluation of the data for marketing purposes or profiling. The IP address of visitors to the website is not saved in this context.
The legal basis for the temporary storage of the data is Article 6 (1) (f) GDPR. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the secure operation of the website. Consequently, there is no possibility of objection on the part of the user.

2.2.2 Cookies

So-called cookies are used on the BBK website. Cookies are small text files that are exchanged between the web browser and the hosting server. Cookies are stored on the user's computer and transmitted to our site. In the web browser used in each case, users can restrict or generally prevent the use of cookies by making a corresponding setting. Cookies that have already been saved can be deleted at any time. If cookies are deactivated for our website, this can mean that the website cannot be displayed or used in its entirety.

The legal basis for the processing of personal data using cookies is Article 6 paragraph 1 lit. f GDPR.

On the one hand, cookies are used to record statistical values, such as access numbers to websites. Since the BBK does not use any web analysis services or tracking tools on its websites, this type of cookie is not used.

On the other hand, cookies are necessary to technically guarantee the safe and correct provision of websites. This type of cookie is used on the websites to increase the security and functionality of the web applications offered.

This includes server load balancing cookies, such as the JSESSIONID cookie, and application server session management.

The cookies do not contain any personal data. No IP address or other information is recorded that would enable the actual user to be traced back. The validity of all cookies used ends when the current session expires or when the respective website is closed. As part of certain functions on the website, additional cookies are used in order to be able to technically implement the offers. This is necessary, among other things, for the ordering service for brochures by the shopping cart function. The cookies are also only valid for the time of the visit to the website.

2.2.3 Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer.

In doing so, we or our processor process inventory data, contact data, content data, contract data, usage data, meta and communication data from users of this online offer on the basis of our legitimate interests in making this online offer available efficiently and securely in accordance with Article 6 (1) (f) GDPR in connection with Article . 28 GDPR (conclusion of a contract for order processing).

2.2.4 Web analytics

On the basis of Article 6 paragraph 1 lit. e GDPR in conjunction with Section 3 of the Federal Data Protection Act, the BBK evaluates usage information for statistical purposes as part of public relations work and for the needs-based provision of information on the tasks to be performed by the BBK.

This is done with the web analysis service Matomo.

If individual pages of our website are called up, the following data is stored:

  • two bytes of the IP address of the calling system of the user (anonymous)
  • the website accessed
  • the website from which the user accessed the accessed website (referrer)
  • the sub-pages that are accessed from the accessed website
  • the length of stay on the website
  • the frequency of visits to the website
  • as part of our web analysis, no cookies are set on the user's computer. The data will not be passed on to third parties either.

If you do not agree to a completely anonymous storage and evaluation of this data from your visit, you can object to the storage and use at any time with a mouse click.

In this case, an opt-out cookie is stored in your browser, which means that Matomo no longer collects any session data.

Here you can decide whether a unique web analysis cookie may be stored in your browser to enable the operator of the website to collect and analyze various statistical data. If you wish to opt out, please select the appropriate option to store the Matomo deactivation cookie in your browser.

Here you can decide whether a unique web analysis cookie may be stored in your browser to enable the operator of the website to collect and analyze various statistical data. If you wish to opt out, please select the appropriate option to store the Matomo deactivation cookie in your browser.

3 Collection of personal data in the context of establishing contact

Employees of the Federal Office for Civil Protection can be addressed by email, contact form, letter or telephone (hotline). The BBK stores your data only for the purpose of contacting you and processing your request. Processing of the personal data you have transmitted is necessary for the purpose of processing your request.

If you contact us by contact options described above, the processing of transmitted (personal) data and the content (which may also contain personal data transmitted by you) is based on Article 6 Paragraph 1 lit. e GDPR in connection with § 3 BDSG for the purpose of processing your request. The storage takes place in accordance with the applicable deadlines of the registration guideline, which supplements the joint rules of procedure of the federal ministries (GGO).

The processing of personal data takes place as described below depending on the contact route.

3.1 Email contact

The Federal Office for Civil Protection can be contacted by email:

info@bbk.bund.de

If you email us, the data you have transmitted (e.g. surname, first name, address), but at least the email address and the information contained in the email (possibly personal data transmitted by you Data) stored and processed for the purpose of contacting and processing your request.

3.2 Email addresses without BBK reference

Email addresses of third parties on specialist topics are also provided on the BBK website. If these addresses are not located on the "@bbk.bund.de" domain, the processing of personal data is not the responsibility of the BBK. If you have any questions regarding the handling of your personal data by third parties, please contact them.

3.3 Contact by letter

The Federal Office for Civil Protection can be contacted by the following postal address:

Federal Office for Civil Protection

Provincialstr. 93

53127 Bonn

Getrmany

If you use the contact route via the postal route, the data you transmit (e.g. surname, first name, address, telephone, subject, e-mail address) and the information contained in the letter (possibly personal data transmitted by you ) stored and processed for the purpose of contacting and processing your request.

3.4 Contact by phone (hotline)

The Federal Office for Civil Protection can be contacted by the following hotline number:

+49 22899 550-0

If you use the contact channel via the hotline, the data you transmit (e.g. surname, first name, address, telephone, subject, e-mail address) and the information provided in the telephone call (possibly personal data transmitted by you) stored and processed for the purpose of contacting and processing your request.

3.5 Contact by contact form

If you use the contact form for communication, it is necessary to provide your surname and first name as well as your e-mail address. Without this data, your request sent via the contact form cannot be processed. Providing your address is optional and allows us, if you wish, to process your request by maiö.

The system also collects the following data:

  • IP address of the calling computer
  • Date and time of registration

We would like to point out that the processing of the data transmitted with the contact form and the content, which may also contain personal data transmitted by you, is based on Article 6 Paragraph 1 lit. e or f GDPR in conjunction with Section 3 BDSG for the purpose of processing your request.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified and storage for any queries by the person concerned is no longer necessary. The storage of the data is based on the deadlines applicable to the storage of written material in the registration guideline, which supplements the joint rules of procedure of the federal ministries (GGO).

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

4 Processing of personal data when using social media

The BBK maintains an online presence within social networks in order to inform the users active there about the services and information offered by the BBK and, if interested, to communicate directly via the platforms. The BBK's social media channels thus supplement the BBK's own websites (www.bbk.bund.de, www.kritis.bund.de, www.max-und-flocke-helferland.de) and offer citizens who prefer this type of information, an alternative way of communication. The BBK is currently represented in the following networks with its own online profiles:

BBK on Twitter

BBK on YouTube

BBK on Instagram

All social media channels of the BBK can only be accessed by visitors to the website via an external link. The BBK does not use any plugins or other interfaces on this website that the respective networks offer for embedding the offers on websites.

You can get an overview of the social media presence of the BBK on the homepage of www.bbk.bund.de in the top header. There you can see that all offers on the website can be reached via an external link. You can find more information on this under the point "Linking" of this data protection declaration. We left out german-related social media channels in this privacy policy.

As soon as visitors access the respective social media profiles in the respective network, the terms and conditions and data processing guidelines of the respective operator apply there.

The BBK has no influence on the data collection and its further use by the social networks. There is no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on.

The BBK therefore expressly draws attention to the fact that user data (e.g. personal information, IP address) is stored by the network operators in accordance with their data usage guidelines and used for business purposes.

The BBK has no influence on the data processing and terms of use by the third-party providers of the social networks. The BBK is not responsible for the data processing of these companies based in the United States of America.

The BBK processes the data of the users in the social media presence of the BBK insofar as this is via, for example, contact and communicate directly with the BBK via comments or direct messages.

Recipients of the personal data

The recipient of the personal data of the comment or the direct message is the respective social media platform.

The BBK uses a social media management tool for Twitter, Facebook, LinkedIn, YouTube and Instagram to fulfill editorial tasks (recording and answering inquiries from citizens, reacting to posts, direct messages and comments, publishing contributions). When using the tool, temporary data storage is performed by the licensing service provider, Facelift brand building technologies GmbH, Gerhofstraße 19, 20354 Hamburg (www.facelift-bbt.com).

This is a contract processor of the BBK, Art. 28 paragraph 1 GDPR. Storage takes place on a server located in the European Union and includes: profile and account name and profile picture, content of the request, number of followers and profiles followed by the profile, and latest news. The data is stored by the service provider for a period of six months and then deleted. Processing of the personal data you have transmitted is necessary for the purpose of processing your request.

Transmission to a third country

When using Twitter, Facebook, Instagram, LinkedIn and Google (YouTube), personal data is transmitted to the United States of America. This transmission takes place on the basis of Article 49 Paragraph 1 Clause 1 Letter d GDPR in conjunction with Section 3a Paragraph 1, Section 3 Paragraph 1 Clause 2 No. 14 BSIG.
storage duration.

Comments that you make under BBK posts in the social networks or that address the BBK are stored by the respective network until you delete them yourself.

Your data that is recorded in the Facelift Cloud social media management tool will be automatically deleted there after six months.

4.1 Twitter

No functions and content of the Twitter service offered by Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107 or 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, are integrated into the online offer of the BBK . The Twitter channels are only accessible via an external link.
If the visitors to the website are members of the Twitter platform, Twitter can assign the access to the social media channel to the profile of the user if the user visits the BBK Twitter profile while logged in. Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.

We would like to point out that we have no influence on the content, scope of use and the data collected by Twitter Inc. For further information in this regard, we refer to the pages of Twitter Inc. at:

https://twitter.com/privacy

We would also like to point out that you can make appropriate changes to your Twitter account to protect your privacy.

4.2 YouTube

You can access the data protection declaration by linking to the "YouTube" platform of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA:

://www.google.com/policies/privacy

All functions in the social media network are offered by YouTube. If you are logged into YouTube with your own profile and call up the BBK social media channel, YouTube can assign your visit to your logged-in profile.

We would like to point out that we have no influence on the content, scope of use and the data collected by YouTube.

4.3 Instagram

We would like to point out that you use the Instagram pages and their functions at your own risk.

When you visit the site, Instagram records, among other things, your IP address and other information that is available on your PC in the form of cookies.

Instagram Inc. may use analysis tools such as Instagram or Google Analytics for evaluation. The BBK has no influence on the use of such tools by Instagram Inc. and was not informed of such a potential use.

The data collected about you in this context will be processed by Instagram Inc. and, if necessary, transferred to countries outside the European Union. Instagram describes what information Instagram receives and how it is used in general terms in its privacy policy. There you will also find information about contact options for Instagram and the setting options for advertisements. The privacy policy is available at the following link:

https://help.instagram.com/519522125107875

How Instagram uses the data from visiting Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties are passed on, is not named conclusively and clearly by Instagram and is not known to us.

We therefore expressly point out at this point that the terms of use of the services mentioned and their operators are not subject to the control of the BBK.

In the meantime, we ask you to carefully check which personal data you disclose as a user of social media. Please also regularly check the settings to protect your privacy in the social networks.

Visit the Instagram Help Center for information on how to manage or delete information held about you.

To process the data, Instagram. cookies may also be set.

Instagram buttons or widgets integrated into websites and the use of cookies enable Instagram to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising tailored to you can be offered.

More information on the processing activities, their prevention and the deletion of the data processed by Instagram can be found in Instagram's data policy:

https://help.instagram.com/519522125107875

In addition, we refer to our explanations in point 4.

5 Processing of personal data in the context of providing information

The processing of personal data depends on the type of information provided. Here we differentiate between the provision of our newsletter or printed matter and informational visits to the BBK.

5.1 Ordering of printed matter

If you order brochures, leaflets and other printed matter via this website, it is necessary to process your personal data in order to carry out pre-contractual measures and to fulfill the contract (provision of the products) in accordance with Article 6 Paragraph 1 lit. b GDPR.

In order to process the order, the following personal data must be provided:

  • Name
  • Street, house number
  • Postal code and location
  • Email

This data is processed as part of the order. If the order cannot be finally processed by us, the data you provide will be passed on to third parties (shipping company, possibly other authorities or institutions if they send the ordered material). If the aforementioned data is not available, the order cannot be processed. The additional information such as title, first name, company and country are not required for processing, but serve to improve the processing of the order.

5.2 Visitors

The BBK regularly receives groups for an informational visit as well as individual visitors on a case-by-case basis. In order to be able to grant this access to the premises of the BBK, the BBK must, for security reasons, provide the first and last name as well as the date of birth of the participants for the fulfillment of the task (public or specialist work) in accordance with Art. 6 paragraph 1 lit. e GDPR in connection with § 3 BDSG.

Other data such as institution, type of school, class level, club or mobility restrictions serve to better prepare the visit to the BBK and are optional. The processing of this data for the purpose of the specialist or informational visit is based on your consent in accordance with Article 6 (1) (a) GDPR. You can revoke this at any time. The legality of the processing based on your consent remains unaffected until receipt of your revocation.

According to the assessment of the security authorities, the BBK is generally exposed to a high abstract risk due to its tasks and functions. Therefore, there is a correspondingly high need for protection for all persons who are in the Federal Office. The last name, first name and date of birth of the visitors are stored in an IT (information technology)-supported system for reasons of business processes. Visitors who do not have an official pass from a federal, state or local authority will be checked by the Federal Police within the scope of their powers (§§ 23 paragraph 5 and § 34 paragraph 1 Federal Police Act BPOLG) for the purpose of averting danger. By providing the personal data, visitors consent to the processing for the above-mentioned purpose.

6 Video surveillance

The properties of the BBK are monitored with a video surveillance system in the outside area to protect domiciliary rights and for the purpose of averting danger and criminal prosecution. The processing takes place on the basis of Art. 6 Para. 1 lit. e GDPR in connection with § 4 BDSG. The image recording is always automated (24/7). The video stream is stored on internal file servers with dedicated access restrictions until storage capacity is reached; the oldest data is then overwritten. Due to the recording quality, this cycle starts again after an average of 10 days.

Special features of the video surveillance of the "Barbarastollen" property:
The recordings are also sent to the alarm center of Siba security service GmbH, Kronenstraße 28, 79100 Freiburg, Phone: +49 761 7052-712, siba-freiburg@siba-security.de. They are stored there for a maximum of 48 hours.

The following data is saved:

  • video image without sound
  • recording time
  • file label
  • file type
  • size and creation date
  • client/owner

Appropriate information signs ensure that video surveillance is identified inside and outside the BBK's properties.

Right of providing information

Anyone who claims to have stayed within a monitored area for a determinable period of time can request access to the recording, provided it is still available (observe the deletion cycle). To do this, you can refer to the above Contact the BBK for details.

7 Your rights

You have the following rights with respect to the BBK and the website www.bbk.bund.de operated by the BBK with regard to your personal data:

  • Right to information, article 15 GDPR

With the right to information, the person concerned receives a comprehensive insight into the data concerning him and some other important criteria such as the processing purposes or the duration of storage. The exceptions to this right regulated in § 34 BDSG apply.

  • Right to rectification, article 16 GDPR

The right to correction includes the possibility for the data subject to have incorrect personal data concerning him/her corrected.

  • Right to erasure, article 17 GDPR

The right to erasure includes the possibility for the data subject to have data erased by the person responsible. However, this is only possible if the personal data concerning him are no longer necessary, are being processed unlawfully or consent to this has been revoked. The exceptions to this right regulated in § 35 BDSG apply.

  • Right to restriction of processing, article 18 GDPR

The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data concerning him for the time being. A restriction occurs above all in the examination phase of other rights exercised by the data subject.

  • Right to object to the collection, processing and/or use, article 21 GDPR

The right to object includes the possibility for data subjects to object to the further processing of their personal data in a special situation, insofar as this is justified by the performance of public tasks or public and private interests. The exceptions to this right regulated in § 36 BDSG apply.

  • Right to data portability, article 20 GDPR

The right to data transferability includes the possibility for the person concerned to receive the personal data concerning him/her in a common, machine-readable format from the person responsible in order to have it forwarded to another person responsible, if necessary. According to Art. 20 Para. 3 Sentence 2 GDPR, however, this right is not available if the data processing serves to perform public tasks.

  • Right to withdraw consent, article 13 and 14 GDPR

If the processing of personal data is based on consent, the person concerned can revoke this at any time for the corresponding purpose. The legality of the processing based on the consent given remains unaffected until receipt of the revocation.
You can assert the aforementioned rights in writing at the contacts listed under point 1.
In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the data protection supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information.

8 Change to the privacy policy

In the course of further development and the implementation of new technologies, changes to this data protection declaration may become necessary. We therefore recommend that you read this data protection declaration regularly.