Statement on Data Protection

The Federal Ministry of Education and Research (BMBF) takes the protection of your personal data very seriously which is why personal data is only processed by us as necessary. What data is needed and processed for what purpose and on what basis depends on the type of service that you require or on what task we need it for.

The term ‘personal data’ is used here to refer to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

This statement on data protection provides you with detailed information on what data is collected for what purpose and on what basis, how you can contact the ‘data controller’ (the responsible entity) and the Data Protection Officer and what rights you have concerning the processing of personal data.

1. Data Controller and Data Protection Officer

The entity which has responsibility for the processing of personal data (the ‘controller’) is the

Federal Ministry of Education and Research (BMBF)
D-53170 Bonn
Phone: +49 (0)228 9957-0
Fax: +49 (0)228 99578-3601
E-mail: bmbf@bmbf.bund.de
DE-Mail: poststelle@bmbf-bund.de-mail.de

If you have specific questions concerning the protection of your data please contact the BMBF’s official Data Protection Officer:

Federal Ministry of Education and Research (BMBF)
„Datenschutzbeauftragte/r“
D-53170 Bonn
Telefon: +49 (0)228/9957-3369
Fax: +49 (0)228/9957-8-3369
elektronische Post: datenschutz@bmbf.bund.de 

This statement on data protection provides you with an overview of how the Federal Ministry of Education and Research (BMBF) ensures the protection of your data and what types of data are collected and for what purpose and on what basis.

2. Processing of data resulting from your visit to this website

Whenever a website is visited, certain data is collected and exchanged which is needed to provide the necessary service, namely:

  • IP address

  • your browser type and version
  • the operating system used
  • the web page accessed
  • the page previously visited (referrer URL)
  • the time of server request

Click here to see what data your internet browser communicates to our server.

After your visit to the website, this data is stored in log files on an external server at our service providers “bringe Informationstechnik GmbH” and “informedia GmbH”.

In accordance with Article 6 (1) (c) and (e) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 5 of the Act on the Federal Office for Information Security (BSI-Gesetz), we are also required to store data past the time of your visit in order to protect the internet infrastructure against attacks and to recognize, contain or remedy disruptions to or problems with federal/BMBF communications technology. This data is analysed and, in case of attacks on the communications technology, needed to initiate legal and criminal proceedings.

Data logged during access to the BMBF’s website is only disclosed to third parties in so far as we are legally obliged to do so or if disclosure is required for criminal or other prosecution in the case of attacks on federal communications technology. Data will not be disclosed to others in any other cases. The BMBF does not merge this data with other data sources.

a) Web analytics

The BMBF, together with its service providers contracted for support and development, “bringe Informationstechnik GmbH” and “informedia GmbH”, analyse user information for statistical purposes on the basis of Article 6 (1) (e) of the GDPR in conjunction with Section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) as part of its public relations work and for the purpose of providing information on tasks within the BMBF’s remit as needed. 

It does so using the Matomo web analytics service.

The software uses permanent cookies to recognize visitors returning even after longer periods of time. This type of information is stored as a text file on the hard drive of the user’s computer. The cookie is valid for 13 months after which it deletes itself.

The software also uses session cookies. Session cookies are small information units that are stored by the provider of a website in the active memory of the visiting user’s computer. A randomly generated, unique ID number, a so-called session ID, is stored in a session cookie. A cookie also contains information on its origin and the maximum period of time it is to be stored on a computer. These cookies cannot store any further types of data. Their purpose is to distinguish between the number of clicks and unique visitors to our site.  This means that the session cookie identifies you as the same unique visitor regardless of the number of your clicks. If your session cookies are deactivated, every single click on the site will list you as a new visitor. The session cookies used by the BMBF are deleted as soon as you end a session.

The following data is stored when individual pages of our website are accessed:

  • two bytes of the IP address of the user’s retrieving system (anonymous)
  • the web page accessed
  • the website from which the user reached the accessed web page (referrer)
  • the sub-pages loaded via the accessed web page
  • the length of time spent on the web page
  • how often the page has been accessed

The software is configured so that IP addresses are stored incomplete with 2 bytes concealed (e.g. 192.168.xxx.xxx). This makes it impossible for the shortened IP address to be linked to the retrieving computer, meaning that you remain anonymous as the user.
The relevant software runs only on the web servers of our service providers “bringe Informationstechnik GmbH” and “informedia GmbH” on behalf of the BMBF. These are the only servers where user information is stored. No data is disclosed to third parties.

If you do not wish to have your session data stored and analysed, you can click on the box below to withdraw your consent at any time.

In this case, a so-called “opt-out cookie” will be placed on your browser which will prevent Matomo from collecting any session data.

Note: If you delete the cookies on your computer, you will also delete your opt-out cookie. In that case you will have to set a new one.

b) Session cookies

Session cookies are small pieces of information that are stored in the memory of the visitor's computer. An undesired identity number, a specific session ID, is stored in a session cookie. Different a cookie the information about its origin and the storage period. These cookies cannot save any other data. 

The session cookies used by the BMBF are deleted as soon as you end the session. The contents of the shopping cart that have been collected up to that point must be compiled again if you have ended the session but not completed the order process.

Handling cookies

You can control the use of cookies with all internet browsers. Most browsers are set up to accept all cookies without asking the user for permission. However, by changing the settings in your browser you can deactivate or restrict the use of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

Reviewing your data

Sie können die von Ihrem Browser an unseren Server automatisch übermittelten Daten here.

Any internet browser can be set up to notify you if cookies are set and to display their contents. Detailed information is available on the websites of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security.

3. Gathering of personal data when you contact us

Various personal data is collected and processed depending on the method used to contact us.

a) Means of contact, legal basis and purpose of processing

Contacting us via the online form

If you use the online contact form for communicating with us, you will be required to give your surname and first name and also your e-mail address. Without this data we will be unable to respond to any message communicated via the contact form. Providing a postal address is optional and enables us to respond by post, if requested.

Please note that the data and content transmitted via the online contact form (which may also include personal data communicated by you) will be processed on the basis of your consent in compliance with Article 6 (1) (a) GDPR.

You may withdraw this consent at any time. The lawfulness of processing your personal data on the basis of the consent provided by you remains valid until your withdrawal of consent has been received.

The processing of your request, which you have communicated to us via the contact form, is carried out by the employees of the Federal Institute for Vocational Education and Training (BIBB).

Contact via e-mail

You can contact the Federal Institute for Vocational Education and Training (BIBB) via the e-mail address of individual staff members or the following central e-mail addresses or via the online contact form:

If you use one of the e-mail addresses given above, the data communicated by you (e.g. surname, first name, address) or at least your e-mail address and the information contained in the e-mail (any personal data communicated by you) will be stored for the purpose of contacting you and responding to your enquiry.

Please note that the data will be processed in compliance with Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with Section 3 of the Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMBF’s tasks. In order to respond to your message, it is necessary to process the personal data you provide.

Letters and fax

If you write a letter or fax to the Federal Institute for Vocational Education and Training (BIBB), the data communicated by you (e.g. surname, first name, postal address) and the information contained in the letter or fax (including any personal data communicated by you) will be stored for the purpose of contacting you and responding to your enquiry. Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG for the purpose of fulfilling the BMBF’s tasks. In order to respond to your message, it is necessary to process the personal data you provide.

Telephone

If you contact a member of the staff of the Federal Institute for Vocational Education and Training (BIBB) by telephone, your personal data will be used to respond to your enquiry as needed.

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 of the Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMBF’s tasks.

b) Length of storage and forwarding of personal data processed where contact has been taken up

The employees of the Federal Institute for Vocational Education and Training process the transmitted data only in connection with the processing of your request. In these cases, the storage of the transmitted data is based on the deadlines for the storage of written material in the registry guideline, which supplements the joint rules of procedure of the federal ministries (Gemeinsame Geschäftsordnung der Bundesministerien, GGO).

If the matter concerns the Federal Ministry of Education and Research (BMBF) or a service provider of the BMBF or can only be answered by them, your request and the personal data required for processing will be forwarded to the BMBF or the responsible person Service provider. The BMBF or the service provider process your data only to process your request and in accordance with the legal and contractual requirements.

In diesen vorgenannten Fällen, erfolgt die Weitergabe der Daten auf Grundlage des Artikels 6 Absatz 1 lit. e DSGVO in Verbindung mit § 3 BDSG im Rahmen der Aufgabenerfüllung des BMBF.

In these cases, the data will be passed on in compliance with Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with Section 3 of the Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMBF’s tasks.

Under Section 1 of the Act on the Powers of the Petitions Committee of the German Bundestag (Gesetz über die Befugnisse des Petitionsausschusses des Deutschen Bundestages, GGArt45cG), the BMBF is required to transmit your personal data to the Petitions Committee of the German Bundestag where it is necessary for the purpose of preparing decisions on complaints in accordance with Article 17 of the German Basic Law (Grundgesetz, GG).

4. Processing personal data in the context of providing information

Data used for newsletter subscriptions

Your e-mail address and selected newsletter list(s) are stored on the servers of our service providers contracted for support and development, “bringe Informationstechnik GmbH” and “informedia GmbH”, when you sign up to be on a mailing list for one of the BMBF’s newsletters.

The data provided will be processed on the basis of your consent in accordance with Article 6 (1) (a) of the General Data Protection Regulation (GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter(s). The lawfulness of processing your personal data on the basis of the consent provided by you remains valid until your withdrawal of consent has been received.

Your data is used only to send the newsletters and for statistical evaluations to analyse system performance. The size of the mailing list and the capacity utilization of the technology employed are used for the statistical evaluation of system performance. Where individual problems arise involving delivery of the newsletter, your data will be used by our service providers “bringe Informationstechnik GmbH” and “informedia GmbH” solely for the purpose of solving the problem concerned. We neither pass on your data to third parties nor use it for any other purposes of our own.

When you sign up for a newsletter your data will be stored on the servers of our service providers contracted for support and development, “bringe Informationstechnik GmbH” and “informedia GmbH”, and an automatic message to the e-mail address provided by you will be generated containing a link for you to confirm your registration. If you do not click on the link included in the e-mail to finalize registration, your data will be deleted after 24 hours.

If you do click on the link to confirm your registration, it is only then that your data will be stored for the purpose of sending you the desired newsletter for as long as your subscription continues.

Our registration system with its additional request for confirmation, requiring the clicking of a link to finalize registration (double opt-in), ensures that you have explicitly subscribed to the newsletter.

You can check the data stored for you at any time via the corresponding website. To do so, you will need the e-mail address you provided when subscribing to the newsletter.

Cancelling the newsletter / access to your data for the newsletter

If you no longer want your data to be stored for this purpose and thus no longer wish to subscribe to our newsletter, you can unsubscribe at any time, and the data you provided will be deleted. Please use this link to unsubscribe or to review/change the data stored for you. To do so, you will need the e-mail address you provided when subscribing to the newsletter.

5. Social networks (Facebook and Twitter)

The links to social networks are identified on our website by the Facebook or Twitter logo, among other things. No social plugins are used.

Please note that the BMBF has no control over the terms of use of these services and their operators. These services store and process personal data of their users (e.g. personal information, IP address etc.) in accordance with their guidelines. The BMBF has no influence over the collection of data and its further use by the social networks. Thus, the BMBF has no knowledge about the extent, the location and the period of time such data is stored, whether and to what extent these networks meet applicable obligations to delete data, what analysis and links the data is subjected to and with whom the data is shared. Please consult the data protection guidelines of these providers with regard to your rights and options for settings to ensure the protection of your privacy.

a) Facebook

If you follow the links from our website while you are logged into your personal Facebook account, the fact that you visited our website will be passed on to Facebook. Facebook will be able to trace your visit to our website to your Facebook account. This information will be passed on to Facebook and saved there. To prevent this, you will need to log out of your Facebook account before clicking on the link.

If you have a Facebook account and use a non-public direct message to contact the BMBF via Facebook Messenger, the data passed on in this way will be processed in compliance with Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with Section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) for the purpose of fulfilling the BMBF’s tasks.

The data will be stored in the BMBF’s user profile as well as on a local BMBF server for the duration of the processing of your enquiry. The enquiry (as a direct message via Facebook Messenger) including the data communicated will be deleted from the BMBF server and from the BMBF’s Messenger inbox in Facebook two years after the end of the calendar year in which the enquiry has been dealt with. The BMBF is unable to provide information about whether Facebook will continue to store the data even after the deletion of the enquiry by the BMBF. Once it has deleted the enquiry, the BMBF no longer has access to the message and the accompanying data in Facebook.

b) Twitter

Tweets are integrated on this site in such a way that a link to Twitter is not established on the client side. Tweets are both downloaded and sent via the server. This avoids the passing of user data to Twitter. Only the last eight messages are saved. The duration of storage therefore depends on the number of Tweets.

The Tweets displayed at www.bmbf.de are saved on a server located in the European Union. The following data is collected: Profile and account name and picture, content of the message, number of the followers and the profiles followed by the profile as well as the most recent Tweets.

If you use your Twitter account to send a direct message to the BMBFTwitter account, the message and the accompanying data will be saved in the BMBF’s user profile as well as on a local BMBF server for the duration of the processing of your enquiry. The enquiry (as a direct message via Twitter) including the accompanying data will be deleted from the BMBFserver and from the BMBF’s Messenger inbox in Twitter two years after the end of the calendar year in which the enquiry has been dealt with. The BMBF is unable to provide information about whether Twitter will continue to store the data even after the deletion of the enquiry by the BMBF. Once it has deleted the enquiry, the BMBFno longer has access to the message and the accompanying data.

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. In order to respond to your message, it is necessary to process the personal data you provide.

c) Share

This website enables users to share content via the social networks Facebook, Twitter or Google+. No data is sent to the social network concerned until the user clicks on the Share function.

6. Your rights

You have the following rights vis-à-vis the data controller concerning your personal data:

  • right of access (Article 15 GDPR)
  • right to rectification (Article 16 GDPR)
  • right to erasure (Article 17 GDPR)
  • right to restriction of processing (Article 18 GDPR)
  • right to object to collection, processing and/or use (Article 21 GDPR)
  • right to data portability (Article 20 GDPR)
  • If the personal data is processed on the basis of your consent (in accordance with Article 6 [1][a] GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of processing your personal data on the basis of the consent provided by you remains valid until your withdrawal of consent has been received.

You may exercise the aforementioned rights by sending an e-mail to bmbf@bmbf.bund.de or poststelle@bmbf-bund.de-mail.de.

You also have the right to submit a complaint to the supervisory authority under data protection law (Federal Commissioner for Data Protection and Freedom of Information, BfDI).

Questions and complaints may also be addressed to the BMBF’s Data Protection Officer datenschutz@bmbf.bund.de.