Using personal data responsibly has a high priority at the Federal Ministry of the Interior and Community (BMI). We want users to know when the BMI collects and uses which data.
As an agency of the Federal Republic of Germany without legal capacity, the BMI operates a website (“the website”) at the domain sicherheit.bund.de where it informs the public about the campaign “Police and emergency services – Keeping Germany safe”.
The BMI interacts with the public via the website This privacy notice describes how the BMI collects, uses and discloses information collected from visitors to the website.
In its role as data controller, the BMI will process information about you. This information is called “personal data”. These personal data are collected either directly from you, internally or, in certain cases, by third parties.
We process personal data only to the extent necessary. Which data are processed for what purposes and on what basis depends on the type of service you use and for what purpose the personal data are needed.
We have put technical and organizational safeguards in place to ensure that we and our external service providers comply with data protection law.
The BMI processes personal data in compliance with the EU’s General Data Protection Regulation (2016/679) (GDPR) and the Federal Data Protection Act (BDSG).
1. Controller and data protection officer
The controller responsible for processing personal data is the
Federal Ministry of the Interior and Community
Telephone: +49-(0)30 18 681-0
Fax: +49-(0)30 18 681-12926
If you have specific questions about how your privacy is protected, please contact the BMI data protection officer:
Data Protection OfficerFederal Ministry of the Interior and Community
Telephone: +49-(0)30 18 681-0
It is also possible to contact the BMI via e-mail using the ministry’s central e-mail address: firstname.lastname@example.org. Personal data sent to the central e-mail address and stored by the organizational unit responsible for distributing mail are deleted one year after being forwarded to the responsible organizational units within the ministry. You may contact our public enquiry service using the address email@example.com.
2. Types of personal data we process
The term “personal data” means all information related to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, identification number, location data or an online reference number.
The BMI processes the following categories of personal data:
- Personal information. Your first and last name (for example in case of contact via e-mail, letter or telephone).
- Contact information. Street address, postal address, telephone number, e-mail address (for example in case of contact via e-mail, letter or telephone).
- Information on website use. Every time someone accesses the website, the following information is collected: two bytes of the IP address of the user’s retrieving system (anonymous); the web page accessed; the website from which the user arrived at the web page retrieved (referrer); the sub-pages retrieved from the web page retrieved; the length of time spent on the page and how often the web page was retrieved.
- Data collected automatically. Every time someone accesses the website and retrieves a file, data are temporarily saved in a log file. Specifically, the following data are stored: date and time of retrieval (time stamp) and the IP address of the device or server requesting access; details of the request and destination (log version, HTTP method, referrer, user agent string); name of the file retrieved and amount of data transferred (requested URL and query string, size in bytes); and whether the request was successful (HTTP status code).
3. 3. Sources of the personal data we process
The BMI collects your personal data from various sources, including:
- Data you provide directly. We collect the personal data you provide us (electronically, in writing or verbally). We may also ask you for information (such as your name and contact information) when you contact us.
4. Legal basis for processing personal data, and purposes of such processing
The BMI processes personal data in carrying out its assigned tasks in the public interest. These tasks include in particular informing the public, which includes making information available to the public through this website.
The legal basis for processing in this case is Article 6 (1) (e) of the GDPR in conjunction with the relevant national or European law and with Section 3 of the BDSG.
If personal data must be processed in the individual case to meet a legal obligation, Article 6 (1) (c) of the GDPR applies as well, in conjunction with the relevant legal provision on which the legal obligation is based.
If we obtain your consent to process your personal data, Article 6 (1) (a) GDPR serves as the legal basis. You can revoke your consent at any time with effect for the future.
The purposes for which personal data are processed when visiting the website include the following:
- Protection against attacks on the BMI’s Internet infrastructure and federal communications technology. According to Article 6 (1) (e) GDPR in conjunction with Section 5 of the Act to Enhance the Security of Federal Information Systems (BSI-Gesetz), we are also required to store data past the time of your visit in order to protect against attacks on the BMI’s Internet infrastructure and federal communications technology. These data are analysed and, in case of attacks on the communications technology, needed to initiate legal and criminal proceedings. These data are deleted as soon as they are no longer needed for official purposes. Data logged when the BMI website is accessed are shared with third parties only if we are legally obligated to do so, or if needed for legal or criminal proceedings in case of attacks on federal communications technology. Otherwise these data are not shared with third parties. The BMI does not combine these data with other data sources.
- Contacting the ministry via e-mail. If you contact us via e-mail, your e-mail message will first be forwarded to the responsible organizational unit at the BMI. The data you send (such as first and last name, address) and at least your e-mail address and the information contained in your message (including any personal data you provide) will be saved by the relevant organizational unit for the purpose of contacting you and responding to your message in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO). Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. For us to respond to your message, we must process the personal data you provide.
- Contacting the ministry by post. If you write a letter to the BMI, the data you send (such as first and last name, address) will be stored and the information contained in your letter (including any personal data you provide) will be saved for the purpose of contacting you and responding to your letter in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO). Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.
- Contacting the ministry by telephone. If you contact the BMI’s public enquiry service using the telephone number 0228 99681 0 or 030 16861 0, no personal data will be collected. Personal data will be collected only if you request a written response or ask to be called back. In this case, the personal data will be saved in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).
On the website, the BMI uses two kinds of cookies to provide important user functions and to collect anonymized statistical data for the purpose of web analysis. This is done on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG in the context of informing the public in order to provide information on the BMI’s assigned tasks as needed.
When you visit the website, a cookie stores information as to whether you looked at the privacy notice.
For web analysis, another cookie serves to collect anonymized use data which are processed in cooperation with the web analysis service Matomo/PIWIK. The data collected are forwarded to the third party Matomo/PIWIK in this context. If you do not want these data from your website visit to be stored and analysed, although they are entirely anonymous, you can opt out at any time with a mouse click. In this case, an opt-out cookie is saved to your browser, which means that Matomo/PIWIK will not collect any more session data. Please note that if you delete cookies in your browser, this also deletes opt-out cookies, which you will have to re-activate as desired.
Every Internet browser can show you when cookies have been stored on your computer and which data they process. The websites of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security offer more detailed information about cookies.
Most browsers accept cookies by default. However, storage of cookies can be disabled, or the browser can be set up to store cookies only for the duration of the individual Internet connection.
6. Protection of minors
Anyone younger than 16 should not submit personal data to us without the consent of their parents or guardians.
7. External services incorporated in the website
Please note that the services Twitter and YouTube, which are incorporated by the BMI in the website, do store data of visitors to the website who actively use these services, such as to view videos on the website. Twitter and YouTube store data of visitors to the website (such as personal information, IP addresses, etc.) in line with their privacy policies and use them for their commercial purposes.
The BMI has no influence over how these social networks collect or use data. As a result, the BMI is not aware of how many, where or for how long data are stored, whether the networks comply with their obligations to delete data, how the data are analysed and connected or with whom the data are shared.
Because both of these companies are not European service providers and their only European offices are in Ireland, they do not consider themselves bound by German data protection law. This affects your right to information about your personal data, your rights to block or delete these data and the ability to object to your data being used for advertising purposes, for example.
8. Your rights as a data subject
You have the following rights vis-à-vis the BMI with regard to personal data concerning you:
- Right of access according to Article 15 GDPR. This right gives data subjects comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by Section 34 BDSG.
- Right to rectification according to Article 16 GDPR. This right enables data subjects to have inaccurate personal data concerning them corrected.
- Right to erasure according to Article 17 GDPR. This right enables data subjects to have the controller delete personal data concerning them. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by Section 35 BDSG.
- Right to restriction of processing according to Article 18 GDPR. This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights.
- Right to object to the collection, processing and/or use of personal data according to Article 21 GDPR. The right to object enables data subjects to object to further processing of personal data concerning them. Exceptions to this right are governed by Section 36 BDSG.
- Right to data portability according to Article 20 GDPR. The right to data portability enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to transmit those data to another controller. According to Article 20 (3), second sentence of the GDPR, this right does not apply if the data processing is necessary to perform a task carried out in the public interest.
- Right to withdraw consent, Articles 13 and 14 GDPR. If the personal data are processed on the basis of consent, data subjects can withdraw their consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent provided remains unaffected until notification has been received that consent has been withdrawn.
You can claim these rights in writing from the data controller (see item 1 of this privacy notice). You also have the right according to Article 77 GDPR to submit a complaint to the supervisory authority under data protection law: the Federal Commissioner for Data Protection and Freedom of Information.
You may also submit questions and complaints directly to the BMI or its data protection officer.