At the Federal Ministry of Labour and Social Affairs (BMAS), personal data is only processed to the extent necessary. The data that is collected, the purposes for which it is collected and the basis on which it is required and processed is explained below. You will receive information about how you can contact the controller and the data protection officer at the BMAS and what rights you have with respect to the processing of your personal data.
Personal data describes all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
1. Controller and data protection officer
The controller responsible for processing personal data is the
Federal Ministry of Labour and Social Affairs
Wilhelmstraße 49
10117 Berlin
Germany
Phone: Berlin Office 030 18 527-0 / Bonn Office 0228 99 527-0
E-mail: poststelle[at]bmas.bund.de
DE-Mail: poststelle@bmas.de-mail.de
If you have specific questions about the protection of your data, please contact the data protection officer:
Data Protection Officer of the Federal Ministry of Labour and Social Affairs, 53107 Bonn
Phone: 0228 99 527-0
E-mail: bds[at]bmas.bund.de
The following declaration provides you with an overview of how we ensure the protection of your data and what type of data is collected, for which purpose and on what basis.
2. Data processing related to visiting this website
During every visit to the BMAS website, the data required to provide this service is processed. This data includes:
- Type and version of your Internet browser
- Operating system used
- IP address of the user
- IP address and name of the server
- Date and time of the server request
- HTTP protocol and status
- File path
This data is also stored in log files, beyond the time of your visit to the website, by our web provider Digitas Pixelpark GmbH. This is carried out in accordance with Article 6 (1) e) EU General Data Protection Regulation (GDPR) in combination with § 5 Act to Strengthen the Security of Federal Information Technology (BSI) in order to protect the Internet infrastructure of the BMAS against attacks beyond the time of your visit. This data is analysed and is required to initiate legal proceedings and criminal prosecutions in the event of an attack on the communication technology.
Data that is logged about access to the BMAS website is only transferred to third parties if we have a legal obligation to do so or if it is required to initiate legal proceedings and criminal prosecutions in the event of an attack on the communication technology of the German government. It will not be passed on in other cases.
a. Web analysis
Based on Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG, Digitas Pixelpark GmbH analyses information on the use of the website for statistical purposes on behalf of the BMAS in the context of informing the public and in order to provide information on the BMAS’s assigned tasks as needed.
This is carried out using the web analysis service etracker.
The software stores cookies on the visitor's computer. When individual pages of our website are accessed, the following data are stored:
- two bytes of the IP address of the user’s retrieving system (the last 6 characters are anonymised)
- the web page accessed
- the website from which the user arrived at the web page retrieved (referrer)
- recognition of returning visitors and the visitor history
- the sub-pages retrieved from the web page retrieved
- length of time spent on the web page and
- how often the web page was accessed
Your IP address is immediately anonymised during this process so that you remain anonymous as a user. The software runs exclusively on the servers operated by the service provider etracker on behalf of the BMAS. This user information is only stored there. The data will not be forwarded to any third parties.
The software is configured so that the IP addresses are not fully saved but rather 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). This ensures that it is not possible to assign the shortened IP address to the computer accessing the website.
The use of the website is only recorded by Etracker Analytics if users give their informed consent in advance. This is done through the selection that users make in the cookie notice dialog at the beginning of their visit. If the users want to change the selection or the approval or rejection later, they can do so by clicking on the link below. The cookie notice dialog then opens again and the settings can be changed accordingly.
To the cookie notification dialogue
In order to be able to offer users the option of consent or rejection, a so-called consent management system is used on this website. This ensures the technical implementation of the possibility of being able to give consent or objection to Etracker Analytics.
Handling cookies
Cookies can be managed by all Internet browsers. Most browsers are configured in such a way that all cookies are accepted without asking the user. By changing the settings on your Internet browser, you can deactivate or limit the transfer of cookies. Any already saved cookies can be deleted at any time. This can also be carried out automatically.
Checking your data
You can check the data that is automatically transferred by your browser to our server by viewing the page information on your browser.
It is possible on all browsers to display when cookies have been stored and what they contain. Detailed information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security.
3. Collection of personal data when you contact us
Personal data are processed differently depending on how you contact us.
Please note that the data is processed based on Article 6 (1) e) GDPR in combination with § 3 BDSG. The processing of the personal data you have sent to us is necessary for processing your request.
- Information on contacting us via info@denkfabrik-bmas.de:
If you send an enquiry to us via the e-mail address info@denkfabrik-bmas.de, it is processed by employees of the BMAS. This data is stored in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO). - Information on contacting us via info.gehoerlos@bmas.bund.de:
If you send an enquiry to us via the e-mail address info.gehoerlos@bmas.bund.de, it is processed by employees of the BMAS and employees of the service provider Telemark Rostock Kommunikations- und Marketinggesellschaft mbH on behalf of the BMAS. Telemark Rostock only saves your data for the purpose of processing your request and in accordance with the legal requirements and contractual specifications. If your request cannot be processed by the employees of Telemark Rostock, it is transferred to the BMAS. If the data is transferred to the BMAS, it is stored in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).
4. Processing personal data when providing you with information
Other personal data is processed depending on the manner in which the information is provided.
Data for delivering the newsletter
If you have subscribed to one of the newsletter mailing lists from the BMAS, your e-mail address and also optionally your title, surname and first name is stored by us on a server. The data is processed based on your consent pursuant to Article 6 (1) (a) GDPR. Management of the newsletter subscriptions is handled by our service provider Digitas Pixelpark GmbH. We use these data only to send the newsletters and for statistical evaluations in order to analyse system performance. We do not share your data with third parties and do not use them for any other purposes of our own.
The subscription system and the additional confirmation message that contains a link for the final registration (double opt-in) ensures that the newsletter has been explicitly requested by you.
Your data is saved on our server during the subscription process and a confirmation message with a link for the final registration is sent to the entered e-mail address. If your subscription is not confirmed via the link in this e-mail, the data is deleted after 24 hours.
It is only after confirming your subscription using the link in this e-mail that your data for the delivery of the newsletter will be saved for the duration of your use of our newsletter service.
If you no longer consent to the saving of your data for this purpose and thus no longer wish to use our service, you can unsubscribe from our newsletters at any time. The data you have provided to us will be deleted as a result.
5. Social networks
The BMAS is active on the social networks Facebook, Twitter and YouTube. In performing its tasks, the editorial team processes the data of those people who interact with the BMAS on these social networks, for example by posting comments or messages. The data is temporarily saved by a service provider on a server located in Amsterdam/ Dublin. The saved information includes: Profile information (such as name and profile image), comments, page entries, evaluations, instant messages and tweets. The data is saved for the relevant contractual periods. Associated backup files are irreversibly deleted after a further 180 days.
The data is processed based on Article 6 (1) e) GDPR in combination with § 3 BDSG. The processing of the personal data you have sent to us is necessary for processing your request.
We would also like to expressly point out that the social networks also save and process data about their users. The BMAS has no knowledge of the storage location, the length of time that the data is stored or details about how the data is processed. The BMAS has no direct influence on the collection of data and its subsequent use. Please refer directly to Facebook, Twitter and YouTube for more information on the processing of your data.
6. Your rights
You have the following rights vis-à-vis the controller with regard to personal data concerning you:
- Right of access, Article 15 GDPR
This right enables data subjects to obtain comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by Section 34 BDSG. - Right to rectification, Article 16 GDPR
This right enables data subjects to have inaccurate personal data concerning them to be corrected. - Right to erasure, Article 17 GDPR
This right enables data subjects to have the controller delete personal data concerning them. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by Section 35 BDSG. - Right to restriction of processing, Article 18 GDPR
This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights. - Right to data portability, Article 20 GDPR
This right enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to transmit those data to another controller. According to Article 20 (3), Sentence 2 of the GDPR, this right does not apply if the data processing is necessary for the performance of a task carried out in the public interest. - Right to object, Article 21 GDPR
This right enables data subjects to object in a special situation to further processing of personal data concerning them if such processing is justified by the performance of public tasks or by public or private interests. According to Section 36 BDSG, this right does not apply if a public body is obligated to process the data due to legal regulations. - If the personal data are processed on the basis of your consent (Article 6 (1) a) General Data Protection Regulation), you can withdraw your consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent provided remains unaffected until notification has been received that consent has been withdrawn.