Personal data are information about or relating to a person (e.g. name, address, postal address, telephone number, IP address) which can be used to ascertain the identity of that person. Personal data are any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly – in particular by linking them to an identifier such as a name, identification number, location data or an online identifier.

1. Controller and Data Protection Officer

Responsibility for the processing of personal data lies with the

Federal Ministry of Justice,
Mohrenstraße 37, 10117 Berlin,
E-mail: poststelle@bmj.bund.de

If you have specific questions about your data, please contact the

Responsible Data Protection Officer,
Federal Ministry of Justice,
Mohrenstraße 37, 10117 Berlin,
Tel: +49 (0)30 18 580 0
E-mail: datenschutz@bmj.bund.de

2. Processing of data for visits to this website

Each time our website is visited, we collect data required for providing the service. These include the following:

• your IP address,
• name of the file accessed,
• date and time of access,
• amount of data transmitted,
• notification of whether the file was accessed successfully.

The data are temporarily processed in a log file. Prior to storage, each data record is anonymised by changing the IP address.

The anonymised data are stored on a server at the Federal Information Technology Centre past the time of your visit to the website. We are obliged to do this under Article 6 (1) (e) and (3) (b) of the General Data Protection Regulation (GDPR) in conjunction with section 5 of the Act on the Federal Office for Information Security (BSI Act), in order to protect against attacks on the BMJ’s internet infrastructure and federal communications technology. These data are analysed and are required in the event of attacks on the communications technology.

Data collected from visits to the BMJ’s website and stored in log files are shared with third parties only if we are legally obliged to do so, or if needed for legal or criminal proceedings in cases of attacks on federal communications technology. Otherwise, these data are not shared with third parties.

Accessing individual pages generates so-called transient cookies to facilitate navigation. These session cookies contain no personal data – with the exception of the shopping cart function – and expire at the end of the session. Technology such as Java applets and activeX controls, which allow user access behaviour to be monitored, are not used.

3. Web analysis

This website and its individual offerings are part of the public relations work of the BMJ. In order to tailor the information provided to the needs of users, the BMJ statistically evaluates access to this website on the basis of your consent pursuant to Article 6(1)(a) GDPR.

For the collection of session data, we use the web analytics software Matomo (www.matomo.org) provided by the company InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The software is hosted at the Federal Information Technology Centre and is provided to us from there. Among other things, the cookie enables your Internet browser to be recognised. None of the information generated by the cookie is used to personally identify visitors to our website. No personal data are stored or processed past the time of your actual visit to our website.

In the default setting, web analysis is disabled. You can decide here whether a unique web analytics cookie may be stored in your browser to enable the website’s operator to collect and analyse various statistical data. If you wish to opt out at a later date, please select the relevant option to store the Matomo deactivation cookie in your browser.

4. Processing of personal data when you submit details and make enquiries

Whenever you submit details or make enquiries, we only process the data that are necessary to communicate with you and to properly document the BMJ’s administrative activities. This particularly includes personal information (e.g. surname, first name, address, e-mail address, etc.) that we have directly received from you, as well as information about the method you chose to contact us (letter, telephone, e-mail, contact form). The processing of this data is necessary in carrying out our responsibilities (see Article 6 (1) (e) and (3) (b) of the General Data Protection Regulation (GDPR) in conjunction with section 3 of the Federal Data Protection Act (BDSG)).

We will only share the data received from you with third parties if you have given your explicit consent thereto, or if we are required to do so by law or by reason of a court decision. The storage of submitted details and enquiries in electronic form – as well as in paper form – is carried out in accordance with the statutory periods for retaining records as specified in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries. As a rule, the respective retention periods are 10 years.

5. Other processing of personal data

a) Newsletter

If you sign up to be on the BMJ's newsletter mailing list, your e-mail address, your choice of newsletter and your individually selected user name (optional) will be stored on a server. The processing of the data is carried out on the basis of your consent pursuant to Article 6 (1) (a) GDPR. We use these data to send out the newsletters. We do not share your data with third parties and do not use them for any other internal purposes

When you register, your data are stored on our server and an e-mail confirming the registration is sent to the e-mail address you provided; this e-mail contains a link which you must click in order to finalise the registration. If you do not click on the link to finalise registration, the data will be deleted after 24 hours. Furthermore, if you choose to cancel the newsletter subscription, your data will be deleted immediately.

b) Visitors

The BMJ regularly welcomes groups of visitors to the Ministry for informational visits. In order to grant visitors access to the BMJ’s premises, we must for security reasons ask you to provide us in advance with your first and last names and your date and place of birth. This allows us to carry out our responsibilities (public relations work) pursuant to Article 6 (1) (e) and (3) (b) GDPR in conjunction with section 3 BDSG. These data are passed on to the Federal Police responsible for carrying out the identity checks at the entrance.

Additional information (such as your institution, association, type of school, class level, or any mobility restrictions) can be provided voluntarily to help us prepare for your visit to the BMJ.

The data you provide (first and last name; date and place of birth), as well as any voluntarily submitted personal data, will be fully deleted one week after your visit to the BMJ.

Filming and photography: At some events, photographs and film footage are produced as part of the BMJ’s press and public relations work. Notification of this fact is generally provided when entering the event. The resulting material may be published through our website, social media channels, print media and other formats.

The legal basis is Article 6 (1) (e) and (3) (b) GDPR in conjunction with section 3 BDSG and section 23 of the Art Copyright Act. If you do not consent to images being taken and published, please notify the photographer responsible for generating the material (if possible directly).

c) Contact with the BMJ

 If you make contact with BMJ employees or provide them with your business card, your personal data (name and contact details) will be stored in address and contact lists – insofar as this is necessary for carrying out any further tasks – and then deleted as soon as they are no longer required.

d) Oversight within the remit

The BMJ’s remit includes the Federal Court of Justice, the Federal Administrative Court, the Federal Fiscal Court, the Federal Public Prosecutor General, the Federal Patent Court, the German Patent and Trade Mark Office and the Federal Office of Justice. In the context of exercising oversight over these courts and authorities, it is possible for transmitted personal data to be processed.

6. Video monitoring

The BMJ offices at Mohrenstraße 37 in Berlin are monitored by a video system in order to supervise adherence to the house rules. The exterior of the building is also monitored for the purposes of threat prevention and criminal prosecution. This video monitoring is carried out by the Federal Police as the controller pursuant to section 5 in conjunction with section 27 of the Act on the Federal Police (BPolG). Insofar as collected data are not required for preventing a current danger or for prosecuting a criminal/regulatory offence, the deletion periods stipulated in section 27 BPolG apply.

The BMJ offices at Friedrichstraße 191 and Leipziger Straße 127-128 in Berlin are monitored by video system pursuant to Article 6 (1) (e) and (3) (b) GDPR in conjunction with section 4 BDSG in order to supervise adherence to the house rules and to prevent threats. The controller is the BMJ. The monitoring involves no recording or storage of data.

7. Rights of data subjects

Responsibility for the processing of personal data lies with the BMJ – both in its capacity as a contracting party under civil law and as part of its obligation to perform public responsibilities. Data subjects therefore have the following rights under the General Data Protection Regulation:

a) Right of access - Article 15 GDPR

The right of access gives data subjects comprehensive access to data concerning them and to several other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by section 34 BDSG.

b) Right to rectification - Article 16 GDPR

The right to rectification enables data subjects to have inaccurate personal data concerning them corrected.

c) Right to erasure - Article 17 GDPR

The right to erasure enables data subjects to have the controller erase personal data concerning them. However, such data may be erased only if they are no longer necessary, if they were processed unlawfully or if consent to their processing has been withdrawn. Exceptions to this right are governed by section 35 BDSG.

d) Right to restriction of processing - Article 18 GDPR

The right to restriction of processing enables data subjects to temporarily prevent further processing of personal data concerning them. Such restrictions mainly occur during the examination period of other rights being exercised by the data subject.

e) Right to data portability - Article 20 GDPR

The right to data portability enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to have these data transmitted to another controller. According to Article 20 (3) second sentence of the GDPR, this right does not, however, apply if the data processing is necessary for the performance of public responsibilities. At the BMJ, this is always the case except where the processing of personal data is carried out for taxation purposes.

f) Right to object - Article 21 GDPR

The right to object enables data subjects to object in a particular situation to further processing of personal data concerning them, if such processing is justified by the performance of public responsibilities or by public or private interests. According to section 36 BDSG, this right does not apply if the respective public body is obliged by law to process the data.

g) Right to withdraw consent

If the personal data are processed on the basis of your consent (Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of the processing based on your provided consent remains unaffected until notification has been received that your consent has been withdrawn.

8. Right to submit a complaint

You can submit a complaint regarding the BMJ’s processing of data to the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit), which is responsible for supervising the data protection activities of the federal authorities. It can be contacted at the following address:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit,
Graurheindorfer Str. 153,
53117 Bonn,
E-mail: poststelle@bfdi.bund.de