Current topics of Federal Ministry of the Interior and Community

Privacy Policy

type: Article

Using personal data responsibly has a high priority at the Federal Ministry of the Interior and Community (BMI). We want users to know when the BMI collects and uses which data.

As an agency of the Federal Republic of Germany without legal capacity, the Federal Ministry of the Interior and Community (BMI) operates a website at the domain www.personalausweisportal.de where it informs the public about the German National Identity Card and the eID function and the activities of the BMI in this context and makes information easily avail-able to the public.

We process personal data only to the extent necessary. Which data are needed and processed for what purposes and on what basis depends on the type of service you choose and for what purpose the data are needed.

We have put technical and organizational safeguards in place to ensure that we and our external service providers comply with data protection law.

The BMI processes personal data in compliance with the EU’s General Data Protection Regulation (2016/679) and the Federal Data Protection Act (BDSG).

1. General Information

1.1 Controller and data protection officer

The controller responsible for processing personal data is the

Bundesministerium des Innern und für Heimat
Alt-Moabit 140
10557 Berlin
Telefon: +49-(0)30 18 681-0
Fax: +49-(0)30 18 681-12926
E-Mail: poststelle@bmi.bund.de
De-Mail: poststelle@bmi-bund.de-mail.de


If you have specific questions about how your privacy is protected, please contact the BMI data protection officer:

Beauftragte für den Datenschutz im BMI
Bundesministerium des Innern und für Heimat
Alt-Moabit 140
10557 Berlin
Telefon: +49-(0)30 18 681-0
E-Mail: bds@bmi.bund.de

1.2. Personal data

The term "personal data" means all information related to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, identification number, location data or an online reference number.

1.3 Protection of minors

Anyone younger than 16 should not submit personal data to us without the consent of their parents or guardians.

1.4 Legal basis for processing personal data

The BMI processes personal data in carrying out its assigned responsibilities in the public interest. Its public responsibilities include in particular informing the public and thus making information available to the public through its website. The legal basis for processing in this case is Article 6 (1) (e) of the EU’s General Data Protection Regulation in conjunction with the relevant national or European law and with Section 3 of the BDSG. If personal data must be processed in the individual case to meet a legal obligation, Article 6 (1) (c) of the GDPR applies as well, in conjunction with the relevant legal provision on which the legal obligation is based.

If we obtain consent from the data subject to process personal data, Article 6 (1) (a) GDPR serves as the legal basis.

If vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) (d) GDPR serves as the legal basis.

2. Data processing related to visiting this website

2.1 Data collection

Every time someone accesses our website and retrieves a file, data are temporarily saved in a log file.

Specifically, the following data are stored:

  • date and time of retrieval (time stamp) and the IP address of the device or server requesting access
  • details of the request and destination (log version, HTTP method, referer, user agent string)
  • name of the file retrieved and amount of data transferred (requested URL and query string, size in bytes)
  • whether the request was successful (HTTP status code)

According to Article 6 (1) (e) GDPR in conjunction with Section 5 of the Act on the Federal Office for Information Security (BSI-Gesetz), we are also required to store data past the time of your visit in order to protect against attacks on the BMI’s Internet infrastructure and federal communications technology. These data are analysed and, in case of attacks on the communications technology, needed to initiate legal and criminal proceedings. These data are deleted as soon as they are no longer needed for official purposes.

Data logged when the BMI website is accessed are shared with third parties only if we are legally obligated to do so, or if needed for legal or criminal proceedings in case of attacks on federal com-munications technology. Otherwise these data are not shared with third parties. The BMI does not combine these data with other data sources.

Please note that the services Twitter and YouTube, which are also incorporated in the BMI website, do store data of visitors to the BMI website who actively use these services, such as to view videos on the website. Twitter and YouTube store these data in line with their privacy policies and use them for their commercial purposes. The BMI has no influence over how these social networks collect or use data. As a result, the BMI is not aware of how many, where and for how long data are stored, whether the networks comply with their obligations to delete data, how the data are analysed and connected and with whom the data are shared.

2.2 Session cookies

Cookies are used on the web pages for the search function. These cookies are valid for the time you visit our website. For technical reasons, this is necessary for the function of the area mentioned. Cookies are used on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG in the context of informing the public in order to provide information on the BMI’s assigned tasks as needed.

Session cookies are small units of information which a website provider saves to the random access memory of the visitor’s computer. A session cookie contains a randomly generated, unique identifi-cation number, known as a session ID. A cookie also contains information on its origin and how long it may be saved. These cookies are unable to store any other data.

Session cookies are deleted when you end the session.

Every Internet browser can show you when cookies have been stored on your computer and what they contain. The websites of the Federal Commissioner for Data Protection and Freedom of Infor-mation and the Federal Office for Information Security offer more detailed information.

Some cookies are permanent, in order to remember website visitors returning after a long absence. They are stored as text files on the hard drive of the visitor’s computer. We do not use such cookies on our website.

Most browsers accept cookies by default. However, storage of cookies can be disabled, or the browser can be set up to store cookies only for the duration of the individual Internet connection.

2.3 Web analysis

Based on Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG, the BMI analyses information on website use for statistical purposes in the context of informing the public and in order to provide information on the BMI’s assigned tasks as needed

It does so using the web analysis service Matomo/PIWIK.

When individual pages of our website are retrieved, the following data are stored:

  • two bytes of the IP address of the user’s retrieving system (anonymous)
  • the web page accessed
  • the website from which the user arrived at the web page retrieved (referer)
  • the sub-pages retrieved from the web page retrieved
  • length of time spent on the page
  • how often the web page was retrieved

For our web analysis, no cookies are placed on users’ computers. Nor are the data shared with third parties.

If you do not want these data from your website visit to be stored and analysed, although they are entirely anonymous, you can opt out below the privacy policy with a mouse click.

In this case, an opt-out cookie is saved to your browser, which means that Matomo will not collect any more session data.

Note: If you delete your cookies, this also deletes opt-out cookies, which you will have to re-activate as desired.

3. Processing personal data when you contact us

Personal data are processed differently depending on how you contact us: via e-mail, online form, post or telephone (hotline).

3.1 Contacting the ministry via e-mail

You can contact the BMI using the central e-mail address poststelle@bmi.bund.de, the e-mail address of individual staff members or one of the ministry’s various special mailboxes.

Personal data sent to the central e-mail address and stored by the organizational unit responsible for distributing mail are deleted one year after they are forwarded to the responsible organizational units within the ministry. For more information on contacting the ministry’s public enquiry service, please see number 3.3.

The data you send (such as first and last name, address) and at least your e-mail address and the information contained in your message (including any personal data you provide) will be saved by the relevant organizational unit for the purpose of contact and responding to your message in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

3.2 E-mail addresses of third parties

The BMI website also provides e-mail addresses of third parties regarding specific topics. These ad-dresses do not end in @bmi.bund.de. If you send a message to one of these addresses, the BMI is not responsible for processing the personal data. If you have any questions about how these third parties deal with your personal data, please contact them directly.

3.3 Contacting the ministry using the online form of the public enquiry service (only available on the German site)

If you use the online form of the public enquiry service to contact, you will need to provide your title (Mr, Ms, Dr), first and last name and e-mail address. Without this information, your message cannot be processed. A postal address is optional and enables us to respond by post, if requested. In addition, the date and time your message was sent will be transmitted to us.

If you send us a message via e-mail or the online form, we will assume that we are authorized to reply via e-mail. If not, please indicate how you wish to communicate with us.

The information provided through the BMI contact forms is transmitted via an encrypted https connection.

Please note that the data transmitted with the online form and its content (which may also include personal information you provide) will be processed on the basis of Article 6 (1) (a) GDPR for the purpose of responding to your message.

Information submitted on this online form is transmitted only to the BMI public enquiry service. The sender’s IP address is collected as well, which is also the case with e-mails sent to eID_buergerservice@bmi.bund.de. By ticking the box and submitting the form, you agree in accordance with Article 6 (1) (a) GDRP to have your personal data and IP address transmitted and stored. The processing and temporary storage of your personal data serve the purpose of respond-ing to your message in the framework of Article 17 of the Basic Law. The IP address will be used only if needed for law enforcement and threat prevention purposes on the basis of applicable law.

You also agree that your message may be forwarded to third parties if necessary to answer your question.

Your enquiry, which you submitted using the online form, will be processed by the staff of our public enquiry service, who will store your data to respond to your message and in compliance with the legal and contractual requirements. The data will be deleted automatically after three years. If staff of the public enquiry service are unable to respond to your message, it will be forwarded to the appropriate body.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

If you do not consent to the processing of your data, you can cancel the process at any time, and your message will not be submitted.

3.4 Contacting by post

If you write a letter to the ministry, the data you send (such as first and last name, address) will be stored and the information contained in your letter (including any personal data you provide) will be saved for the purpose of contact and responding to your letter in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

3.5 Contacting by telephone

If you contact a ministry staff member by telephone, your personal data will be processed as far as necessary respond to your concern.

3.6 Contacting the public enquiry service by telephone

If you contact the public enquiry service using the telephone number 0180-1-33 33 33, no personal data will be collected. Personal data will be collected only if you request a written response or ask to be called back. In these cases, the explanation of processing and storage given in number 3.3 applies.

4. Processing personal data when using social networks

The BMI is active in the social networks Twitter and YouTube.

To carry out editorial tasks in these social networks, the BMI processes data of persons who interact with the BMI. This requires a service provider to temporarily store the data. The data are stored on a server located in the European Union. These data include profile and account names, profile photo, content of the request, number of followers and profiles which the profile follows and the latest Tweets. These data are stored for six months.

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

Please note that these services do store data of their users (such as personal information, IP addresses, etc.) in line with their privacy policies and use them for commercial purposes. The BMI has no influence over how these social networks collect or use data. As a result, the BMI is not aware of how many, where and for how long data are stored, whether the networks comply with their obligations to delete data, how the data are analysed and connected and with whom the data are shared.

For information about which data Twitter processes and for which purposes they are used, please see Twitter’s privacy statement.

For information about which data YouTube processes and for which purposes they are used, please see the privacy statement of YouTube or Google.

Because both of these companies are not European service providers and their only European offices are in Ireland, they do not consider themselves bound by German data protection law. This affects your right to information about your personal data, your rights to block or delete these data and the ability to object to your data being used for advertising purposes, for example.

5. Your rights

You have the following rights vis-à-vis the BMI with regard to personal data concerning you:

  • Right of access, Article 15 GDPR

    This right gives data subjects comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by Section 34 BDSG.

  • Right to rectification, Article 16 GDPR

    This right enables data subjects to have inaccurate personal data concerning them to be corrected.

  • Right to erasure, Article 17 GDPR
    This right enables data subjects to have the controller delete personal data concerning them. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by Section 35 BDSG.
  • Right to restriction of processing, Article 18 GDPR
    This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights.
  • Right to object, Article 21 GDPR
    This right enables data subjects to object in a special situation to further processing of per-sonal data concerning them if such processing is justified by the performance of public tasks or by public or private interests. Exceptions to this right are governed by Section 36 BDSG.
  • Right to data portability, Article 20 GDPR
    This right enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to transmit those data to another controller. According to Article 20 (3), second sentence of the GDPR, this right does not apply if the data processing is necessary for the performance of a task carried out in the public interest.
  • Right to withdraw consent, Articles 13 and 14 GDPR
    If the personal data are processed on the basis of consent, data subjects can withdraw their consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent provided remains unaffected until notification has been received that consent has been withdrawn.