Skip to content
Sign language Easy Read
DE EN

Data protection

The Federal Ministry of Education and Research (BMFTR) takes the protection of your personal data very seriously which is why personal data is only processed by us as necessary. What data is needed and processed for what purpose and on what basis depends on the type of service that you use and on what task we need it for.

The term ‘personal data’ refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

This statement on data protection provides you with detailed information on what data is collected for what purpose and on what basis, how you can contact the ‘data controller’ (the responsible entity) and the Data Protection Officer, and what rights you have concerning the processing of personal data.

Data controller and data protection officer

The entity controlling the processing of personal data (the ‘controller’) is the

Federal Ministry of Education and Research (BMFTR)
53170 Bonn, Germany
Phone: +49 (0)228 9957-0
Email: bmftr(at)bmftr.bund.de

If you have specific questions concerning the protection of your data, please contact the BMFTR’s Data Protection Officer:

Federal Ministry of Education and Research (BMFTR)
Datenschutzbeauftragte/r
53170 Bonn, Germany 
Phone: +49 (0)228 9957-3369 
Email: datenschutz(at)bmftr.bund.de

The following statement provides you with an overview of how the BMFTR ensures the protection of your data and what type of data is collected for what purpose and on what basis.

Processing of data resulting from your visit to this website

Whenever a website is visited, data is collected and exchanged which is needed to provide the service in question. The data concerned is:

  •     IP address

  •     your browser type and version

  •     the operating system used

  •     the web page accessed

  •     the page previously visited (referrer URL)

  •     the time of the server request

This is known as log data (as defined in Section 2 (8a) of the Act on the Federal Office for Information Security (BSI-Gesetz)) which is stored in log files on an external server at our service provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen beyond the time of your your visit to the website.

In addition to this log data collected during the interaction with this website, protocol data (as defined in Section 2 (8) of the BSI-Gesetz) is also collected. Protocol data is information that is used and necessary for the data transfer / communication process (metadata).

This data (protocol and log data) is created in order to protect federal/BMFTR technical infrastructure and communications technology against attacks as well as to recognize, contain or remedy disruptions or problems and is stored and analysed beyond the time of your visit to the website. This data is processed in compliance with Article 6 (1) (c) and (e) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 5 (1) sentence 4 and Section 5a sentence 2 of the BSI-Gesetz. The data is processed by the service provider Hetzner Online.

Web analytics

Our website uses the open-source software Matomo for the statistical evaluation of visitor access.
The analysis is carried out without the use of cookies and in strict compliance with the requirements of the General Data Protection Regulation (GDPR).

What data are collected?

The following data is stored anonymously when individual pages of our website are accessed:

  • anonymized IP address (e.g., 192.168.xxx.xxx)

  • pages visited and duration of visit

  • referring page (referrer)

  • browser and operating system used

  • screen resolution and language settings

  • the frequency of visits to the website

These data are used solely to optimize our website and are not used to identify individual users.

No cookies – no consent requirement

Web analysis is carried out without cookies and without cross-session tracking.
No personal data are stored. Therefore, no consent via a cookie banner is required.

The software is configured in such a way that IP addresses are stored incompletely, with 2 bytes concealed (e.g. 192.168.xxx.xxx). This makes it impossible for the shortened IP address to be linked to the retrieving computer, meaning that you remain anonymous as the user.

The software runs only on the web servers of the service provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen on behalf of the BMFTR. This is the only place where information on your use of the website is stored. No data is disclosed to third parties.

Cookie List

Overview of the cookies used on this website:

dp_cookieconsent_status

  • Category: Necessary

  • Storage duration: 1 year

  • Description: This cookie stores the allowed cookie options from the cookie consent on this website.

mtm_consent_removed

  • Category: Statistics

  • Storage duration: 1 year

  • Description: Indicates that a visitor has opted out of Matomo tracking.

Hosting and data processing

All collected data are stored exclusively on our own server and are not passed on to third parties.
Processing does not take place outside the European Union.

Legal basis

Processing is carried out in accordance with Article 6 (1) (f) GDPR, based on our legitimate interest in improving and securing our website.

Right to object

You can object to the anonymous tracking of your visits at any time.
To do so, please click the following link to activate an opt-out:

Matomo Opt-Out

Collection of personal data when you contact us

Various personal data is collected and processed depending on the method used to contact us.

Contact can be made by email, contact form, letter or telephone (hotline).

Where electronic communication (via the online contact form and/or email) takes place with the BMFTR, protocol and log data are also created in addition to the data mentioned in the relevant sections. Their purpose is to protect federal/BMFTR technical infrastructure and communications technology against attacks as well as to recognize, contain or remedy disruptions or problems and are stored and analysed even after your visit to the website. Protocol data (as defined in Section 2 (8) of the Act on the Federal Office for Information Security (BSI-Gesetz)) is information that is used and necessary for the data transfer / communication process (metadata). Log data (as defined in Section 2 (8a) of the BSI-Gesetz) contains information on technical events or situations within a system This data is processed in compliance with Article 6 (1) (c) and (e) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 5 (1) sentence 4 and Section 5a sentence 2 of the BSI-Gesetz. The data is processed by the service providers ITZBund, BDBOS and BSI.

Means of contact, legal basis and purpose of processing

Contact via email

You can contact the BMFTR via the email address of individual staff members or via the following central email addresses:

If you use one of the email addresses given above, the data transmitted by you (e.g. surname, first name, address) or at least your email address and the information contained in the email (any personal data communicated by you) will be stored for the purpose of contacting you and responding to your enquiry.

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 of the Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMFTR’s tasks. In order to respond to your message, it is necessary to process the personal data you provide.

Note on contacting the BMFTR via the address information[at]bmftr.bund.de

Enquiries sent to the email address information@bmftr.bund.de are dealt with by the staff of the BMFTR’s service provider contracted for this purpose, “Telemark Rostock - Kommunikations- und Marketinggesellschaft mbH”.

Letters and faxes

If you write a letter or fax to the BMFTR, the data communicated by you (e.g. surname, first name, postal address) and the information contained in the letter or fax (including any personal data communicated by you) will be stored for the purpose of contacting you and responding to your enquiry.

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 of the Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMFTR’s tasks. In order to respond to your enquiry, it is necessary to process the personal data you provide.

Telephone (hotlines)

If you contact a member of staff by telephone, your personal data will be processed as needed to respond to your enquiry.

The BMFTR offers a general service telephone number: +49 (0)30 1857-0

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 of the Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMFTR’s tasks.

Length of storage and forwarding of personal data processed when you contact us

If your personal data is collected and processed for the purpose of responding to your enquiry by a service provider contracted by us it will store your data solely for the purpose of responding to your enquiry and in accordance with the statutory and contractual requirements. If the staff of the service provider are unable to respond to your enquiry, they will forward it to the BMFTR.

BMFTR staff will only process the data communicated in the context of responding to your enquiry. In these cases, the data transmitted is stored in accordance with the periods for retaining records as set out in the Registry Directive (Registraturrichtlinie, RegR), which supplements the Joint Rules of Procedure of the Federal Ministries (Gemeinsame Geschäftsordnung der Bundesministerien, GGO).

Where the enquiry involves a matter which can be answered by the service provider contracted by the BMFTR, “Telemark Rostock Kommunikations- und Marketinggesellschaft mbH” or is covered by its service contract or concerns a service provider of the BMFTR or which can only be answered by that service provider, the enquiry will be forwarded to the relevant service provider together with the personal data required for responding to your enquiry. The service provider will process your data solely for the purpose of responding to your enquiry and in accordance with the statutory and contractual requirements.

In these cases, the data will be passed on in compliance with Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with Section 3 of the Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMFTR’s tasks.

Furthermore, it may be necessary for the purposes of legal and technical supervision to forward your personal data which has been supplied to us to those authorities supervised by us in connection with your enquiry. In such cases, the data will be forwarded in accordance with Section 25 (1) BDSG in conjunction with Section 23 (1) (6) BDSG.

Under Section 1 of the Act on the Powers of the Petitions Committee of the German Bundestag (Gesetz über die Befugnisse des Petitionsausschusses des Deutschen Bundestages, GGArt45cG), the BMFTR is required to transmit your personal data to the Petitions Committee of the German Bundestag where it is necessary for the purpose of preparing decisions on complaints under Article 17 of the German Basic Law (Grundgesetz, GG).

Your rights

You have the following rights vis-à-vis the data controller concerning your personal data:

Right of access (Article 15 GDPR)

This right includes the possibility for you to request access to your personal data that is being processed by us. In particular, you can request access to information regarding the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom the personal data has been or will be disclosed, the envisaged period of storage, the existence of the right to rectification, erasure, restriction of processing or to object to processing, the right to lodge a complaint, information as to the source of your data where this has not been collected by us, as well as the existence of automated decision-making, including profiling and relevant meaningful information where appropriate.

Right to rectification (Article 16 GDPR)

This right includes the possibility for data subjects to obtain the rectification of inaccurate personal data concerning them.

Right to erasure (Article 17 GDPR)

  • The right to erasure encompasses the possibility for data subjects to obtain the erasure of data from the controller. However, this is only possible if, for example, the personal data concerning them is no longer necessary, is being unlawfully processed or consent on which the processing is based is withdrawn.

Right to restriction of processing, Article 18 GDPR

  • This right includes the possibility for data subjects to temporarily prevent the further processing of personal data concerning them. Such restriction mainly occurs in the period of verification regarding the exercise of other rights by the data subject

Right to data portability, Article 20 GDPR

  • The right to data portability encompasses the possibility for data subjects to receive from the controller the personal data concerning them in a commonly used and machine-readable format in order to have it transmitted to another controller as required. In accordance with Article 20 (3) second sentence of the GDPR, this right does not apply to processing that is necessary for the performance of a task carried out in the public interest.

Right to object to collection, processing and/or use, Article 21 GDPR

You have the right to object, at any time, to the processing of your personal data on the basis of Article 6 (1) (e) and (f) GDPR for reasons pertaining to your particular situation. This personal data will then no longer be processed for these purposes, unless evidence can be provided of compelling legitimate reasons for processing the data which supersede your interests, rights and freedoms, or the processing is necessary for the assertion, exercise or defence of legal claims.

If the personal data is processed on the basis of your consent (in accordance with Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of processing your personal data on the basis of the consent provided by you remains unaffected until your withdrawal of consent has been received.

You can assert the above-mentioned rights, for example, by sending an email to BMFTR@BMFTR.bund.de.

You also have the right to lodge a complaint with a data protection authority of your own choice. This also includes the supervisory authority responsible for us: Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Str. 153, 53117 Bonn, Germany.

You may also address any questions or complaints to the BMFTR’s Data Protection Officer at datenschutz@BMFTR.bund.de.