Skip to main content

Data Protection

Preamble

The Federal Ministry of Health takes the protection of your personal data very seriously. That’s why we have taken steps to ensure that the data protection provisions are respected both by us and our external service providers.

Personal data refers to any information relating to an identified or identifiable natural person. A natural person is considered identifiable, if they can be identified directly or indirectly, particularly through attribution to an identifier, such as a name, an ID number, location data or an online name.

More detailed information on what data was collected for which purpose and on what basis, on how to contact the competent authority and/or Data Protection Officer and on what rights you have with regard to the processing of personal data can be found in this privacy policy.

In the course of further developing our online presence and the technologies we use, additional amendments to this privacy policy may become necessary. We therefore recommend you reread the privacy policy every so often.

Responsible for the processing of personal data is :

Bundesministerium für Gesundheit (Federal Ministry of Health)
53123 Bonn
Phone: +49 (0)228 99441-0
email: poststelle(at)bmg.bund.de
German email: poststelle(at)bundesgesundheitsministerium.de-mail.de

The Federal Ministry of Health’s Data Protection Officer is also available to provide answers to specific questions about the protection of your data as well as any additional information regarding how personal data is handled at the Federal Ministry of Health.

Bundesministerium für Gesundheit
- Datenschutzbeauftragte -
11055 Berlin
DSB(at)bmg.bund.de

Any access to the Federal Ministry of Health’s online presence as well as any file access is stored and processed in a protocol file over a limited period of time for the exclusive purpose of protection and tracking security-related access.

The protocol file contains details regarding:

We are obligated under Article 6 (1) letter e) of the EU’s General Data Protection Regulation (GDPR) in conjunction with section 5 of the Act on the Federal Office for Information Security (BSI) to store data beyond the duration of your visit. This is intended to protect against attacks on the BMG’s internet infrastructure/the Federal Government’s communications technology. This data is analysed and needed to initiate legal action or criminal prosecution in case of attacks on our communications technology.

This data is stored in form of log files beyond the duration of your visit not only with us, but also on external servers, our service providers “Mittwald CM Service GmbH & Co. KG” and the “Hundertserver GmbH”.

Data logged during access to the BMG’s online presence will only be shared with third parties to the extent we are legally obliged to do so or if passing on the data is necessary for legal action or criminal prosecution in the case of attacks on the Federal Government’s communications technology. Otherwise, it will not be passed on. The Federal Ministry of Health does not combine this data with other data sources. To ensure a needs-based design and further develop its online presence, the BMG statistically analyses user information. Detailed information can be found in the web tracking/web analysis section of this privacy policy.

Contact by email

Contact by letter

Postal address:

Bonn Office: Bundesministerium für Gesundheit, 53107 Bonn

Berlin Office: Bundesministerium für Gesundheit, 11055 Berlin

Contact by phone or fax

Federal Ministry of Health
Phone.: +49(0)228/99441-0 or. +49(0)30/18441-0
Fax: +49(0)228/99441-4900 or +49(0)30/18441-4900

Should you contact the Federal Ministry of Health in writing by way of one of the aforementioned channels, then your transmitted data (e.g. surname, first name, address and/or email address) as well as the information contained within the message itself (such as personal data you might share) will be stored for the purposes of contacting you and processing your request in accordance with the statutory periods for retaining written records as set by the Registry Directive, which complements the Joint Rules of Procedure of the Federal Ministries (GGO).

Should you contact us by telephone, generally no personal data is recorded, unless this is needed in order to process your request (call back, written message).

The data is processed on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the German Federal Data Protection Act (BDSG) and is required to fulfil the tasks.

Please note that your data will be processed on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the BDSG to carry out the BMG’s responsibilities. To process your request, it is necessary for us to process the personal data you have transmitted to us.

If you use this contact form for communication, you need to provide your surname and first name, your post code and your email address. Without this data, we cannot process the request you sent us via the contact form. Providing additional address information is optional and enables us to process, if you so wish, your request by post.

Optional information will be processed on the basis of your consent pursuant to Article 6 (1) letter a) of the GDPR.

You can withdraw your consent at any time. The lawfulness of processing based on your consent remains unaffected until such time as a withdrawal of your consent is received.

In order to respond to telephone, electronic or written requests from the public, the Federal Ministry of Health has engaged the services of the Telemark Rostock Kommunikations- und Marketinggesellschaft mbH (Telemark Rostock), a multimedia communications centre. Telemark Rostock collects, processes and uses personal data exclusively within the limits prescribed in the GDPR and the Federal Data Protection Act (BDSG). It has taken a range of technical and organisational measures to ensure compliance with the legal regulations.

This equally applies to the service providers engaged in the context of processing (more information available under the “Processors” section).

We utilise external service providers (processors) e.g. to send out publications and the newsletter. Separate agreements on order processing have been concluded with the service providers so as to ensure the protection of your personal data.

We collaborate with the following service providers:

  • Hetzner Online GmbH
  • büro für gestaltung dedering

Some sections of the BMG’s online presence enable you to provide voluntary personal data. The (personal) data transmitted is stored and used exclusively for the purpose you intended when providing them. It will not be passed on to third parties.

Automatically stored logging data (see access to the online presence) is deleted after a limited period of time.

 

Cookies are small text files, which are stored when calling up particular sites or functions on your computer.

A prerequisite for storage is that you have cookies activated in your browser settings (e.g. Microsoft Edge, Internet Explorer, Mozilla Firefox, Opera, Apple Safari).

The BMG’s online presence is largely usable without activating cookies in your browser settings. Cookies only need to be activated in your browser when using the shopping basket to order information material. In this connection, a cookie referred to as a “session cookie” is set, which is automatically deleted from your computer once the browser session is closed. This is carried out on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the BDSG to provide needs-based online information on the tasks conferred to the Federal Ministry of Health.

Additionally, when calling up the website of the Federal Ministry of Health, solely the essential cookies are stored/accessed on your end device. Furthermore, the session cookies used on this page do not contain any personal data.

To ensure a needs-based design and for optimisation purposes, the Federal Ministry of Health analyses the usage of this website on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the German Federal Data Protection Act (BDSG) using the open-source web-analytics platform Matomo. Here the information from the log files is used and anonymised, before the information is used for usage analysis.

To embed videos, the site uses external services that are outside the BMG’s control. When watching a video, these services autonomously store and process their users’ personal data (e.g. IP addresses). Data may also be stored on your end device or data stored there accessed.

We embed these videos using a two-click solution. A direct connection between the service and the user is only established when the user actively clicks on the video to start it, thus giving consent (Article 6 (1) letter a) of the GDPR). User data is not automatically transmitted to the operators of these platforms. Personal data concerning your visit is processed by the operators when you watch the video. Fundamentally, it is the same as following a link to their services. Further information can be found in the service providers’ data privacy policies.

We work with the following providers:

  • YouTube by Google Ireland Ltd.; Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland; Privacy policy: https://policies.google.com/privacy?hl=de The headquarters of YouTube’s operator, Google Ireland Ltd., are located in the EU; however, it cannot be excluded that it also processes data in countries outside of the EU, above all in the US, where the level of data protection is not comparable to that of the European data protection standards. It can therefore, for instance, not be excluded that state-run bodies are given access to personal data or transmit the data to third parties, with whom you have no rights as a data subject.
  • German Bundestag, German Bundestag, constitutional body of the Federal Republic of Germany, Platz der Republik 1, D - 11011 Berlin Privacy policy: https://www.bundestag.de/datenschutz

The social media internet platforms provide a federal authority with excellent opportunities to communicate, network and actively engage with citizens. The Federal Ministry of Health has therefore decided to set up its own online presences on Facebook, Instagram, Twitter, LinkedIn and YouTube. To provide information about the coronavirus, the Federal Ministry of Health is additionally also represented on TikTok and Telegram. Feel free to also inform yourself on our work and exchange ideas with us there.

At this juncture, please note that the terms of use of the listed services and their operators do not fall under the Federal Ministry of Health’s control. On our part, we will always strive to handle your data with care in this context as well, but will not be liable for the actions of the operators or third parties.

In addition, we expressly note that the operators of the social networks that we use for communication permanently store data outside of Germany and for commercial purposes. The extent and duration to which the data is stored cannot be ascertained by us.

The Federal Ministry of Health takes the discussion around data privacy in social networks very seriously. We are following the debate and the investigations by the competent authorities and examine on an ongoing basis ourselves whether we can continue to run our social media presences under the prevailing conditions relating to data privacy.

Until further notice, we would ask you to carefully check what specific personal data you are revealing as a social media user. Please also regularly check the settings in your social media to protect your privacy.

For the information service provided here, the Federal Ministry of Health utilises the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

Please note that you are using this Facebook page and its features under your own responsibility. This applies especially to the use of interactive features (e.g. commenting, sharing, liking). Alternatively, you can also call up the information we have available about this site at our website.

When visiting our Facebook page, Facebook collects information such as your IP address as well as additional information on your computer in form of cookies. This information is used to provide us as the operator of these Facebook pages with statistical data concerning the use of the Facebook page. Additional relevant information is provided by Facebook via this link.

The data collected on you in this connection is processed by Facebook Ltd. and where relevant transmitted to countries outside of the European Union. What information Facebook collects and how it employs this is explained by Facebook in a general manner in its data usage policies. There you will also find information on how to contact Facebook as well as settings on advertising. The data usage policies can be found here.

Facebook’s full data policies can be found here.

How Facebook uses the data collected when visiting Facebook pages for its own purposes, to what extent activities on the Facebook page are traced to individual users, how long Facebook stores this data and whether data from visiting a Facebook page is relayed on to third parties is not conclusively or clearly indicated or known to us.

When accessing a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to information provided by Facebook, this IP address is anonymised (in case of “German” IP addresses) and deleted after 90 days. Furthermore, Facebook stores information about the users’ end devices (e.g. as part of the “login notification” feature) and may thereby potentially be able to trace IP addresses back to individual users.

When you, as a user, log in on Facebook, a cookie is placed on your end device with your Facebook name. This enables Facebook to reconstruct your visit to this page and how you have used it. This applies to all other Facebook pages. It is possible for Facebook to track your visits to these websites and trace them back to your user profile using Facebook buttons that are integrated in these websites. This data enables content and ads to be tailored to you.

If you wish to avoid this, you should log out of Facebook and/or deactivate the feature “remain logged on”, delete the cookies stored on your device and then close down and restart your browser. This deletes Facebook data through which you can be identified directly. This allows you to use our Facebook page without revealing your Facebook name. When you access interactive features of this page (liking, commenting, sharing, messaging etc.), a Facebook log-in page will appear. After a log-in, you will once more be visible as a distinct user to Facebook.

Information on how to manage or delete the information concerning you can be found on these Facebook support pages.

As providers of this information service, we do not collect or process additional data on your usage of our service.

This privacy policy can be found in its latest applicable version here. The link to this page can also be found on our Facebook page. Additional information on Facebook and other social networks as well as how you can protect your data can also be found at youngdata.de.

Information on the data protection risks of social media services from a legal perspective

Social media services are often multilevel service provider relationships, wherein the respective information or communication service is offered on a platform, provided by third parties and where the users' data is processed in the context of the platform operators' own business purposes. This makes social media services non-transparent from a user perspective and often problematic from a legal perspective, specifically with regard to existing responsibilities. Particularly in the case of platform operators/providers from outside Europe, from a data protection perspective, social media services often do not adhere to the General Data Protection Regulation.

In particular, it requires that users be provided with sufficient information and requires their consent before personal data is processed.

Public authorities that operate a social media presence to perform their tasks share the responsibility under data protection law for processing the data of the users visiting their social media presence with the operators of the social media platform.

The platform operator’s data protection provisions can be found on the following page:

Facebook’s data usage policies:
de-de.facebook.com/about/privacy

Facebook’s full data policies:
de-de.facebook.com/full_data_use_policy

Information on ways to limit the respective platform operator’s processing of your data can be found here:
www.datenschutz.rlp.de/fileadmin/lfdi/Dokumente/Orientierungshilfen/oh-Selbst_DS_soziale_Netze.pdf.

If you have questions regarding our information offering, you can reach us using the following contact details:

Bundesministerium für Gesundheit
- Datenschutzbeauftragte -
11055 Berlin
DSB@bmg.bund(dot)de

  • You can view the data that is automatically transmitted to our server from your browser.
  • You can use any internet browser to display whether cookies are set and what these contain.

Detailed information is provided on the websites of the Federal Commissioner for Data Protection and the Federal Office for Information Securit

With respect to personal data concerning you, you have the following rights vis-a-vis the controller:

The aforementioned rights can be asserted by contacting poststelle(at)bmg.bund.de or poststelle(at)bundesgesundheitsministerium.de-mail.de.

Right to lodge a complaint with a supervisory authority, Article 77 of the GDPR

Furthermore, you have the right to submit a complaint to the supervisory authority for data protection law (the Federal Commissioner for Data Protection and Freedom of Information) at:

Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit,
Graurheindorfer Straße, 153 53117 Bonn,
Email: poststelle(at)bfdi.bund.de

  • Right of access, Article 15 of the GDPR

    The right of access entitles the data subject to access the personal data concerning them. The exceptions to this right provided under section 34 of the Federal Data Protection Act (BDSG) apply.

  • Right to rectification, Article 16 of the GDPR

    The data subject can demand that inaccurate personal data concerning them be rectified.

  • Right to erasure, Article 17 of the GDPR

    The right to erasure means the data subject can demand the controller erase data. However, this is only possible if the personal data concerning them is no longer required, is being processed illegitimately, the relevant consent has been withdrawn and none of the statutory reasons for exemption apply, cf. Article 17 (3) of the GDPR, section 35 of the BDSG.

  • Right to restriction of processing, Article 18 of the GDPR

    The right to restriction of processing entails the possibility of the data subject to prevent further processing of personal data for the time being. Such restrictions mainly occur during the examination period of other rights being exercised by the data subject.

  • Right to data portability, Article 20 of the GDPR

    The right to data portability affords the data subject the possibility to receive their personal data in a commonly used, machine-readable format in order to potentially pass these on to other controllers. Pursuant, for instance, to the exemptions set out under Article 20 (3) of the GDPR, this right does not apply when the processing of data serves the performance of a task carried out in the public interest. The sole instance where this is not the case at the Federal Ministry of Health is when data processing is carried out for taxation purposes.

  • Right to object against data collection, processing and/or use, Article 21 of the GDPR

    The right to object entails the right in a specific situation to object against further processing of personal data. Pursuant, for instance, to section 36 of the BDSG, this right does not apply if a public authority is required to process the data by law.

  • Right to withdraw consent

    Where processing is carried out in accordance with Article 6 (1) letter a) of the GDPR on the basis of your consent, you can always withdraw your consent for that purpose. The lawfulness of processing remains unaffected until a withdrawal of consent is received.

People under the age of 16 should not transmit personal data to the Federal Ministry of Health without the consent of a legal guardian. No personal data is knowingly processed or passed on from this group to third parties without parental consent.