Privacy Policy

type: Article

Using personal data responsibly has a high priority at the Federal Ministry of the Interior and Community (BMI). We want users to know when the BMI collects and uses which data.

As an agency of the Federal Republic of Germany without legal capacity, the Federal Ministry of the Interior and Community (BMI) operates a website at the domain www.bmi.bund.de where it informs the public of its activities and makes information easily available to the public.

We process personal data only to the extent necessary. Which data are needed and processed for what purposes and on what basis depends on the type of service you choose and for what purpose the data are needed.

We have put technical and organizational safeguards in place to ensure that we and our external service providers comply with data protection law.

The BMI processes personal data in compliance with the EU’s General Data Protection Regulation (2016/679) and the Federal Data Protection Act (BDSG).

1. General Information

1.1 Controller and data protection officer

The controller responsible for processing personal data is the

Bundesministerium des Innern und für Heimat
Alt-Moabit 140
10557 Berlin
Telefon: +49-(0)30 18 681-0
Fax: +49-(0)30 18 681-12926
E-Mail: poststelle@bmi.bund.de
DE-Mail: poststelle@bmi-bund.de-mail.de

If you have specific questions about how your privacy is protected, please contact the BMI data protection officer:

Beauftragter für den Datenschutz im BMI
Bundesministerium des Innern und für Heimat
Bundesallee 216-218
10719 Berlin
Telefon: +49-(0)30 18 681-0
E-Mail: bds@bmi.bund.de

1.2. Personal data

The term "personal data" means all information related to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, identification number, location data or an online reference number.

1.3 Protection of minors

Anyone younger than 16 should not submit personal data to us without the consent of their parents or guardians. If these data are needed in order to visit the BMI, number 5.3 applies. These data are not shared with third parties.

1.4 Legal basis for processing personal data

The BMI processes personal data in carrying out its assigned responsibilities in the public interest. Its public responsibilities include in particular informing the public and thus making information available to the public through its website. The legal basis for processing in this case is Article 6 (1) (e) of the EU’s General Data Protection Regulation in conjunction with the relevant national or European law and with Section 3 of the BDSG. If personal data must be processed in the individual case to meet a legal obligation, Article 6 (1) (c) of the GDPR applies as well, in conjunction with the relevant legal provision on which the legal obligation is based.

If we obtain consent from the data subject to process personal data, Article 6 (1) (a) GDPR serves as the legal basis.

When processing personal data needed to fulfil a contract with the data subject, Article 6 (1) (b) GDPR also serves as the legal basis in the individual case. The same applies to processing needed to carry out pre-contractual measures. The BMI acts as a contracting party under civil law in particular with regard to staff recruitment and procurement.

If vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) (d) GDPR serves as the legal basis.

2. Data processing related to visiting this website

2.1 Data collection

Every time someone accesses our website and retrieves a file, data are temporarily saved in a log file.

Specifically, the following data are stored:

  • date and time of retrieval (time stamp) and the IP address of the device or server requesting access
  • details of the request and destination (log version, HTTP method, referrer, user agent string)
  • name of the file retrieved and amount of data transferred (requested URL and query string, size in bytes)
  • whether the request was successful (HTTP status code)

According to Article 6 (1) (e) GDPR in conjunction with Section 5 of the Act on the Federal Office for Information Security (BSI-Gesetz), we are also required to store data past the time of your visit in order to protect against attacks on the BMI’s Internet infrastructure and federal communications technology. These data are analysed and, in case of attacks on the communications technology, needed to initiate legal and criminal proceedings. These data are deleted as soon as they are no longer needed for official purposes.

Data logged when the BMI website is accessed are shared with third parties only if we are legally obligated to do so, or if needed for legal or criminal proceedings in case of attacks on federal communications technology. Otherwise these data are not shared with third parties. The BMI does not combine these data with other data sources.

Please note that the services Twitter and YouTube, which are also incorporated in the BMI website, do store data of visitors to the BMI website who actively use these services, such as to view videos on the website. Twitter and YouTube store these data in line with their privacy policies and use them for their commercial purposes. The BMI has no influence over how these social networks collect or use data. As a result, the BMI is not aware of how many, where and for how long data are stored, whether the networks comply with their obligations to delete data, how the data are analysed and connected and with whom the data are shared.

2.2 Session cookies

Cookies are used on the web pages for ordering our brochures and where banners are displayed. These cookies are valid for the time you visit our website. They are needed for the shopping cart feature and for displaying the banners. Cookies are used on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG in the context of informing the public in order to provide information on the BMI’s assigned tasks as needed.

Session cookies are small units of information which a website provider saves to the random access memory of the visitor’s computer. A session cookie contains a randomly generated, unique identification number, known as a session ID. A cookie also contains information on its origin and how long it may be saved. These cookies are unable to store any other data. The session ID is used to put the items you wish to order in your shopping cart.

Session cookies are deleted when you end the session, by closing your browser window or leaving the web page without completing your order. In this case, your shopping cart will be reset to zero and your items will not be ordered.

Every Internet browser can show you when cookies have been stored on your computer and what they contain. The websites of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security offer more detailed information.

Some cookies are permanent, in order to remember website visitors returning after a long absence. They are stored as text files on the hard drive of the visitor’s computer. We do not use such cookies on our website.

Most browsers accept cookies by default. However, storage of cookies can be disabled, or the browser can be set up to store cookies only for the duration of the individual Internet connection.

If you reject all cookies,

  • you will not be able to add multiple items to your shopping cart
  • and will have to order each publication individually.

2.3 Web analysis

Based on Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG, the BMI analyses information on website use for statistical purposes in the context of informing the public and in order to provide information on the BMI’s assigned tasks as needed.

It does so using the web analysis service Matomo/PIWIK.

When individual pages of our website are retrieved, the following data are stored:

  • two bytes of the IP address of the user’s retrieving system (anonymous)
  • the web page accessed
  • the website from which the user arrived at the the web page retrieved (referrer)
  • the sub-pages retrieved from the web page retrieved
  • length of time spent on the page
  • how often the web page was retrieved

For our web analysis, no cookies are placed on users’ computers. Nor are the data shared with third parties.

If you do not want these data from your website visit to be stored and analysed, although they are entirely anonymous, you can opt out below with a mouse click.

In this case, an opt-out cookie is saved to your browser, which means that Matomo will not collect any more session data.

Note: If you delete your cookies, this also deletes opt-out cookies, which you will have to re-activate as desired.

3. Processing personal data when you contact us

Personal data are processed differently depending on how you contact us: via e-mail, online form, post or telephone (hotline).

3.1 Contacting the ministry via e-mail

You can contact the BMI using the central e-mail address poststelle@bmi.bund.de, the e-mail address of individual staff members or one of the ministry’s various special mailboxes.

Personal data sent to the central e-mail address and stored by the organizational unit responsible for distributing mail are deleted one year after they are forwarded to the responsible organizational units within the ministry. For more information on contacting the ministry’s public enquiry service, please see number 3.4.

The data you send (such as first and last name, address) and at least your e-mail address and the information contained in your message (including any personal data you provide) will be saved by the relevant organizational unit for the purpose of contact and responding to your message in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

3.2 E-mail addresses of third parties

The BMI website also provides e-mail addresses of third parties regarding specific topics. These addresses do not end in @bmi.bund.de. If you send a message to one of these addresses, the BMI is not responsible for processing the personal data. If you have any questions about how these third parties deal with your personal data, please contact them directly.

3.3. Contacting the ministry using the online form of the Internet editorial team

You may contact the ministry’s Internet editorial team using the online form found on our website.

The information provided through the contact form is transmitted via an encrypted https connection.

If you use this form, you will need to provide your title (Mr, Ms, Dr), first and last name and e-mail address. Without this information, your message cannot be processed. A postal address is optional and enables us to respond by post, if requested. In addition, the date and time your message was sent and your IP address will be transmitted to us.

If you send us a message via e-mail or the online form, we will assume that we are authorized to reply via e-mail. If not, please indicate how you wish to communicate with us.
Please note that the data transmitted with the online form and its content (which may also include personal information you provide) will be processed on the basis of Article 6 (1) (a) GDPR for the purpose of responding to your message.

Information submitted on the online form is transmitted only to the BMI Internet editorial team. The sender’s IP address is collected as well, which is also the case with e-mails sent to internetredaktion@bmi.bund.de. By ticking the box and submitting the form, you agree in accordance with Article 6 (1) (a) GDRP to have your personal data and IP address transmitted and stored. The processing and temporary storage of your personal data serve the purpose of responding to your message in the framework of Article 17 of the Basic Law. The IP address will be used only if needed for law enforcement and threat prevention purposes on the basis of applicable law.

The data are processed by staff of our Internet editorial team, who will store your data only to respond to your message and in compliance with the legal and contractual requirements. Your data will be deleted no more than four weeks after we have responded to your message. If the Internet editorial team is unable to respond to your message, it will be forwarded to the appropriate division or to our public enquiry service.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

If you do not consent to the processing of your data, you can cancel the process at any time, and your message will not be submitted.

3.4 Contacting the ministry using the online form of the public enquiry service

If you use the online form of the public enquiry service to contact the ministry, you will need to provide your title (Mr, Ms, Dr), first and last name and e-mail address. Without this information, your message cannot be processed. A postal address is optional and enables us to respond by post, if requested. In addition, the date and time your message was sent will be transmitted to us.

If you send us a message via e-mail or the online form, we will assume that we are authorized to reply via e-mail. If not, please indicate how you wish to communicate with us.
The information provided through the BMI contact forms is transmitted via an encrypted https connection.

Please note that the data transmitted with the online form and its content (which may also include personal information you provide) will be processed on the basis of Article 6 (1) (a) GDPR for the purpose of responding to your message.

Information submitted on this online form is transmitted only to the BMI public enquiry service. The sender’s IP address is collected as well, which is also the case with e-mails sent to buergerservice@bmi.bund.de. By ticking the box and submitting the form, you agree in accordance with Article 6 (1) (a) GDRP to have your personal data and IP address transmitted and stored. The processing and temporary storage of your personal data serve the purpose of responding to your message in the framework of Article 17 of the Basic Law. The IP address will be used only if needed for law enforcement and threat prevention purposes on the basis of applicable law.

You also agree that your message may be forwarded to third parties if necessary to answer your question.

Your enquiry, which you submitted using the online form, will be processed by the staff of our public enquiry service, who will store your data to respond to your message and in compliance with the legal and contractual requirements. The data will be deleted automatically after three years. If staff of the public enquiry service are unable to respond to your message, it will be forwarded to the appropriate body.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

If you do not consent to the processing of your data, you can cancel the process at any time, and your message will not be submitted.

3.5 Contacting the ministry by post

If you write a letter to the ministry, the data you send (such as first and last name, address) will be stored and the information contained in your letter (including any personal data you provide) will be saved for the purpose of contact and responding to your letter in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

3.6 Contacting the ministry by telephone

If you contact a ministry staff member by telephone, your personal data will be processed as far as necessary respond to your concern.

3.7 Contacting the public enquiry service by telephone

If you contact the ministry’s public enquiry service using the telephone number 0228 99681 0 or 030 16861 0, no personal data will be collected. Personal data will be collected only if you request a written response or ask to be called back. In these cases, the explanation of processing and storage given in number 3.4 applies.

4. Processing personal data when using social networks

The BMI is active in the social networks Twitter and YouTube.

To carry out editorial tasks in these social networks, the BMI processes data of persons who interact with the BMI. This requires a service provider to temporarily store the data. The data are stored on a server located in the European Union. These data include profile and account names, profile photo, content of the request, number of followers and profiles which the profile follows and the latest Tweets. These data are stored for six months.

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

Please note that these services do store data of their users (such as personal information, IP addresses, etc.) in line with their privacy policies and use them for commercial purposes. The BMI has no influence over how these social networks collect or use data. As a result, the BMI is not aware of how many, where and for how long data are stored, whether the networks comply with their obligations to delete data, how the data are analysed and connected and with whom the data are shared.

For information about which data Twitter processes and for which purposes they are used, please see Twitter’s privacy statement.

For information about which data YouTube processes and for which purposes they are used, please see the privacy statement of YouTube or Google.

Because both of these companies are not European service providers and their only European offices are in Ireland, they do not consider themselves bound by German data protection law. This affects your right to information about your personal data, your rights to block or delete these data and the ability to object to your data being used for advertising purposes, for example.

5. Processing personal data in the context of providing information

How personal data are processed depends on the form in which information is provided: in our e-mail newsletters, printed publications or informational visits to the BMI.

5.1 Newsletters

If you sign up for one of the BMI’s e-mail newsletters, we will store on a server your e-mail address, date and time you sign up and which newsletter you selected. Your data will be processed based on your consent pursuant to Article 6 (1) (a) GDPR. We use these data only to send the newsletters and for statistical evaluations in order to analyse system performance. We do not share your data with third parties and do not use them for any other purposes.

After you sign up for a newsletter on our website, you will receive an e-mail with a link to click on to finalize your subscription. This double opt-in system ensures that you have consciously chosen to receive the newsletter.

When you register, your data are stored on our server, and an e-mail confirming registration is sent to the e-mail address you provided; this e-mail contains a link to click on to finalize registration. If you do not click on the link to finalize registration, your data will be deleted after 48 hours.

Only after you click on the link to finalize registration will your data be stored for the purpose of sending you the desired newsletter as long as your subscription continues.

If you no longer wish your data to be stored for this purpose, and thus no longer wish to subscribe to our newsletter, you may unsubscribe at any time, and the data you provided will be deleted. Please use this link to unsubscribe. To do so, you will need the e-mail address you provided when subscribing.

5.2 Ordering printed publications

If you order brochures, flyers or other printed publications from this website, we must process your personal data to carry out pre-contractual measures and the contract (providing publications) according to Article 6 (1) (b) GDPR.

The following personal data are needed to process your order:

  • last name
  • street address
  • postal code and city or town
  • e-mail address

These data are processed to carry out your order. If we are unable to finalize your order, the data you provide will be shared with third parties (shipping company, other government agencies or institutions which send the publications). If you do not provide the necessary data, your order will not be processed. Additional information, such as your title, first name, company and country are not necessary to process your order, although they are helpful.

The data you provide will be made anonymous 90 days after your order has been shipped.

5.3 Visitors to the ministry

The BMI regularly welcomes groups, and individuals as occasion demands, for informational visits. In order for visitors to enter the ministry’s premises, for security reasons they must provide the BMI in advance with their first and last names and date of birth for the ministry to fulfil its tasks (public information and/or specialized tasks) according to Article 6 (1) (e) GDPR in conjunction with Section 3 (BDSG).

Additional information, such as the institution, type of school, class level, club or mobility limitations are optional but help in preparing the visit. These data for the purpose of an informational or subject-specific visit, are processed based on the visitors’ consent pursuant to Article 6 (1) (a) GDPR; they may withdraw this consent at any time. The lawfulness of processing on the basis of the consent provided remains unaffected until the BMI receives notification that consent has been withdrawn.

According to the general assessment of the security authorities, the BMI faces a high level of general threat because of the nature of its tasks and functions. For this reason, all persons at the ministry require a high level of protection. The regular business process requires that the first and last names and birth dates of all visitors are registered in an IT-based system.

Visitors who do not have an employee ID card issued by a federal, state or local authority are required to undergo a security check by the Federal Police within the framework of their authority (Sections 23 (5) and 34 (1) of the Act on the Federal Police) for the purpose of threat prevention.

The data visitors provide (first and last names, date of birth) are deleted in full 30 days after their visit to the ministry along with any additional personal data provided voluntarily.

By providing their personal data, visitors agree to the processing of their data for the purpose mentioned above.

6. Video surveillance

For the purposes of threat prevention and law enforcement and to prevent trespassing, the BMI property surrounding its buildings is monitored by video cameras. Video data are processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 4 BDSG. The cameras are in constant operation (24/7). The video recordings are stored on internal file servers subject to strict access restrictions. When storage capacity is full, the oldest data are recorded over. The recording quality means that storage capacity is usually sufficient to last ten days.

The following data are recorded:

  • video without sound
  • time the recording was made
  • file name
  • file type
  • size and date of recording
  • client/owner

The Federal Police uses the video surveillance system in the framework of its legally assigned tasks pursuant to Section 5 of the Act on the Federal Police (BPOLG) in conjunction with Section 23 (I) no. 4 and Section 27 BPOLG. If data collected are not needed to prevent a present danger or to prosecute a crime or administrative offence, they are subject to the time limits for data retention given in Section 27 BPOLG.

The video surveillance system can be used to manually produce image files as needed. In this case, the following data are stored:

  • visual image file
  • name of image
  • name of camera
  • name of device
  • IP address
  • date and time
  • image resolution

The time limits for data retention apply accordingly.

The data collected are transmitted to law enforcement authorities only as requested as part of a legitimate police measure or by court order for the purposes given above. Transmission is documented with a standard security receipt. Data transmitted to the investigating authority are as a rule transmitted to the Berlin state police on the basis of Section 32 BPOLG in conjunction with Section 33 (II) BPOLG. Data are not transmitted in other cases, nor are they used for automated checks against other sources of police information.

Right to information on one’s personal data: Anyone who claims to have been present in an area subject to video surveillance within a definable period of time can ask to view the video recording as long as it is still available (note usual length of storage period). To do so, contact the BMI using one of the means described above.

7. Registering for an event using the event form

Which data are requested for event registration depends on the particular event. Information submitted using this online form is transmitted to the BMI. The sender’s IP address is not collected.

If you register for an event using our online event form, your personal data are collected, stored and processed by the BMI in order to organize the event in question and to prevent threats; these data are deleted no more than 30 days after the event. By sending the form, you declare your consent with these measures.

The person sending the form must confirm that he or she has informed the person(s) listed under "additional participants" that, for the purpose of organizing the event indicated above and of preventing threats, their personal data will be collected, stored and processed by the BMI in order to organize the event in question and to prevent threats and will be deleted no more than 30 days after this event. The person(s) listed has/have given their consent to the person sending the registration form.

Data collected in the context of registering for an event are collected and processed to organize and carry out the event. Please note that the data transmitted with the online form and its content (which may also include personal information you provide) will be processed on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG for the purpose of processing your request.

The registration data are processed by the responsible BMI staff, who will store your data to respond to your message and in compliance with the legal and contractual requirements. These data will be deleted no more than 30 days after the event.

The information provided through the BMI event form is transmitted via an encrypted https connection.

8. Accreditation for the media

Data collected in the context of accreditation for members of the media are collected and processed for the accreditation procedure. Which data are requested for accreditation depends on the particular event. Information submitted using this online form is transmitted to the BMI. The sender’s IP address is not collected.

Please note that the data transmitted with the online form and its content (which may also include personal information you provide) will be processed on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG for the purpose of processing your request.

The accreditation is processed by the staff of the BMI press relations division, who will store your data to respond to your request and in compliance with the legal and contractual requirements. These data will be deleted after the event.

Information collected for accreditation will be provided to the Federal Criminal Police Office (BKA), for the purpose of security checks. After this check the BKA will delete the data. If you do not consent to the processing of your data, we cannot issue you a press credential.

The information provided through the BMI accreditation form is transmitted via an encrypted https connection.

9. Registering outdoor gatherings and marches within the area in which such events are subject to restrictions

According to the act on the area around federal constitutional bodies within which outdoor gatherings and demonstrations are subject to restrictions (BefBezG), organizers of such events in the areas around the German Bundestag, Bundesrat and Federal Constitutional Court must obtain approval from the BMI. The BMI decides whether to allow such events in agreement with the presidents of these institutions.

According to Article 2 (2) (d) GDPR, processing personal data for the purpose of preventing threats to public security is not covered by that Regulation. It is covered instead by Directive (EU) 2016/680 on data protection in the police and judicial sector, which has been implemented by parts 1 and 3 of the BDSG. Section 3 BDSG is therefore the legal basis for data processing by the BMI within the framework of the BefBezG as law on threat prevention.

9.1 Applying using the online form or e-mail

If you use the online form to apply for approval for outdoor gatherings and marches within the area in which such events are subject to restrictions, you must provide your title (Mr, Ms, Dr), first and last name, e-mail address and telephone number along with information about the planned gathering or march. Without this information, your request cannot be processed. The content of the remaining data fields and the date and time of your request will be transmitted to the BMI. Your IP address will not be collected.

If you send us a request via e-mail or the online form, we will assume that we are authorized to reply via e-mail. If not, please indicate how you wish to communicate with us.
The information provided through the BMI online form is transmitted via an encrypted https connection.

If you do not consent to the processing, temporary storage and transmission of your data, you can cancel the process at any time, Your request will not be processed or sent to the responsible authorities listed above or to the responsible authorities in Berlin or Baden-Württemberg.

Please note that the data transmitted with the online form and its content (which may also include personal information you provide) will be processed on the basis of Section 3 BDSG for the purpose of processing your request. The responsible staff members of the BMI Task Force ÖS II 2 will store the data to process your request in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

By sending your request, you also agree that your information may be sent to the German Bundestag, Bundesrat or Federal Constitutional Court to obtain their agreement pursuant to Section 3 (2) BefBezG and to the responsible authorities in the states of Berlin or Baden-Württemberg if necessary to process your request.

9.2 Applying by fax or post

You may also send your request via fax or post. In this case, the information will be given only to the responsible BMI Task Force AG ÖS II 2, whose staff members will store the data to process your request in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).
By sending your request, you also agree that your information may be sent to the German Bundestag, Bundesrat or Federal Constitutional Court to obtain their agreement pursuant to Section 3 (2) BefBezG and to the responsible authorities in the states of Berlin or Baden-Württemberg if necessary to process your request.

9.3 Rights of applicants

According to Section 57 BDSG, you have the right to information about your data; according to Section 58 BDSG, you have the right to have your data corrected or deleted and to restrict processing under the conditions given there. According to Section 51 BDSG, you also have the right to withdraw your consent.

You may claim these rights by sending e-mail to poststelle@bmi.bund.de or a letter to the BMI’s postal address given at the start of this document.

You also have the right to submit a complaint to the supervisory authority under data protection law (Federal Commissioner for Data Protection and Freedom of Information). You may also submit questions and complaints to the BMI Data Protection Officer at bds@bmi.bund.de.

10. Your rights

You have the following rights vis-à-vis the BMI with regard to personal data concerning you:

  • Right of access, Article 15 GDPR
    This right gives data subjects comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by Section 34 BDSG.
  • Right to rectification, Article 16 GDPR
    This right enables data subjects to have inaccurate personal data concerning them to be corrected.
  • Right to erasure, Article 17 GDPR
    This right enables data subjects to have the controller delete personal data concerning them. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by Section 35 BDSG.
  • Right to restriction of processing, Article 18 GDPR
    This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights.
  • Right to object, Article 21 GDPR
    This right enables data subjects to object in a special situation to further processing of personal data concerning them if such processing is justified by the performance of public tasks or by public or private interests. Exceptions to this right are governed by Section 36 BDSG.
  • Right to data portability, Article 20 GDPR
    This right enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to transmit those data to another controller. According to Article 20 (3), second sentence of the GDPR, this right does not apply if the data processing is necessary for the performance of a task carried out in the public interest.
  • Right to withdraw consent, Articles 13 and 14 GDPR
    If the personal data are processed on the basis of consent, data subjects can withdraw their consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent provided remains unaffected until notification has been received that consent has been withdrawn.