Data protection – an integral part of our company

Data protection forms an integral part of the corporate philosophy of the Bundesdruckerei Group. It applies to all customers, suppliers and staff as well as to all work areas and processes.

Privacy policy

Protecting personal data is a top priority for Bundesdruckerei Gruppe GmbH, Kommandantenstraße 18, 10969 Berlin, Germany, and its subsidiaries (together ‘Bundesdruckerei Group’). That’s why Bundesdruckerei processes personal data in accordance with the applicable legal provisions regarding the protection of personal data and data security.

Data protection forms an integral part of the corporate philosophy of the Bundesdruckerei Group. It applies to all customers, suppliers and staff as well as to all work areas and processes.

The Bundesdruckerei Group is aware of its special obligation to protect each and every citizen's right to informational self-determination. The data protection officers of the Bundesdruckerei Group continuously check the Bundesdruckerei Group for compliance with the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and other statutory data protection requirements.

This means that the personal data, which Bundesdruckerei needs on a temporary basis, for instance, to produce ID documents, is handled strictly in line with data protection laws. It goes without saying that the Bundesdruckerei Group also protects the data of its customers, suppliers and employees to the same extent.

Accreditation of the company according to DIN EN ISO 9001, especially ISO/IEC 27001 and CWA 14641, also warrants outstanding quality.

Data categories, purpose of processing and legal basis

Every time you use Bundesdruckerei’s websites, applications or online tools (‘Bundesdruckerei’s online offer’), the Bundesdruckerei Group processes the following personal data:

Personal data that you voluntarily enter in the context of a Bundesdruckerei online offer (e.g. when registering, making contact or participating in surveys, etc.), such as your first and last name, e mail address, telephone number, information provided in the context of a support enquiry, comments or forum contributions and information that is automatically sent to us by your web browser or device, such as your IP address, device type, browser type, previously visited websites, pages visited or date and time of the respective visitor enquiry.

We process your personal data for the following purposes:

  • to enable you to make use of the services and functions of Bundesdruckerei’s online offer,
  • to verify your identity and enable user authentication,
  • to process your enquiry and
  • to enforce our Terms of Use, to assert or defend against legal claims and to defend and prevent fraudulent and similar acts, including attacks on our IT infrastructure.

The processing of personal data is necessary in order to achieve the aforementioned purposes. Unless expressly stated otherwise when personal data is collected, the legal basis for data processing is as follows:

  • the performance and fulfilment of a contract with you (Art. 6 (1) (b) of the General Data Protection Regulation),
  • the fulfilment of legal obligations to which the Bundesdruckerei Group is subject (Art. 6 (1) (c) of the General Data Protection Regulation), or
  • the protection of legitimate interests of the Bundesdruckerei Group (Art. 6 (1) (f) of the General Data Protection Regulation). The Bundesdruckerei Group has a legitimate interest in processing your personal data for the purpose of offering and operating Bundesdruckerei’s online offer.

In some cases, we expressly ask you to consent to the processing of personal data. In this case, your consent forms the legal basis for processing personal data (Art. 6 (1) (a) of the General Data Protection Regulation).

We ensure that we only process your personal data if you have previously provided us with your consent as required by the GDPR and the German Act Against Unfair Competition (UWG) in individual cases and have not revoked this consent.

2.1 Ordering newsletters

We require your e mail address if you wish to receive our newsletter. You are not required to provide your first and last name (optional). Before we can send the newsletter to you, you must first use the so-called double opt-in procedure to confirm that you want us to activate the newsletter mailing service for you. You will then receive a confirmation and authorization e-mail from us, requesting that you click on the link in the e mail to confirm that you would like to receive our newsletter. Your e-mail address will only be used by us and will not be forwarded to any third party.

We use Evalanche to process your order for the newsletters offered on the websites of the Bundesdruckerei Group. Evalanche will not pass on your personal data required to receive the newsletter to third parties. Evalanche is an analysis service of SC-Networks GmbH, Enzianstraße 2, 82319 Starnberg, Germany. Evalanche uses so-called ‘cookies’, i.e. text files which are stored on your computer and enable your use of the newsletter to be analyzed. The information generated by the cookie about your use of the newsletter (including your IP address) is read out and sent to a server in Germany.

You can unsubscribe from the newsletter by clicking on the link in the newsletter or by sending a written message to Bundesdruckerei Gruppe GmbH, keyword: Newsletter, Kommandantenstraße 18, 10969 Berlin.

2.2 Use of cookies

We use so-called ‘session cookies’ which are temporarily stored only for the duration of your visit to one of our web pages.

If you consent to the use of cookies when visiting Bundesdruckerei’s websites for purely advertising purposes, your personal data will be processed automatically and forwarded to SC-Networks. The following data is then stored automatically: operating system, browser version, device type, session cookies, user agent (an encrypted profile ID) and URL. Personal data will not be transmitted to third countries within the meaning of the General Data Protection Regulation (GDPR). SC-Networks' privacy policy can be found here.

2.3 External links

This privacy policy applies to the website The website also contains links to third-party websites. Liability for these websites lies with the respective operators. The Bundesdruckerei Group is not responsible for the content nor for the data protection provisions of third-party websites.

If you leave the website, we recommend that you carefully read the privacy policy of each website that collects personal data.

2.4 Social media – Two-click method for Twitter, LinkedIn and XING

In order to ensure better data protection, we use the so-called two-click method on our sites rather than provider plug-ins. When you visit our website, your IP address is not automatically forwarded to the provider. Your IP address will only be transmitted if you have pressed the activation button and then the corresponding button. If you do not press the activation button, you are not consenting to the transmission of your IP address and other data. We do not know how your data will be used by third parties, or what type of data is collected. For further information, please contact the respective provider.

2.5 Inclusion of YouTube videos

Our online offer includes YouTube videos available at that can be played directly from our website. When you play these videos, this is carried out by YouTube as the provider. These videos are integrated in ‘extended data protection mode’, i.e. no data about you as the user will be sent to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence over this data transmission.

When you play a video, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in this section 2 will be transmitted. This takes place regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. When you are logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses it for advertising and market research purposes and/or to design its website to meet user needs. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-orientated advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and processing by YouTube can be found in Google's Privacy Policy. You can also find further information there about your rights and settings to protect your privacy. When transferring data from the EEA to other countries, such as the United States, Google complies with legal frameworks that ensure a level of protection equivalent to that provided by EU law. As of 16 July 2020, Google no longer relies on the EU-U.S. Privacy Shield when transferring data from the EEA or the United Kingdom to the US.

2.6 Whistleblower system

Bundesdruckerei operates a whistleblower management system in order to meet its special responsibility as a federal government security company. This system can be used at any time to report a situation that violates the values or policies of the Group or its business ethics or that has a negative impact on the life or health of individuals (‘whistleblowing’). In addition to regular information and reporting channels, suspected cases can also be reported anonymously if necessary. This reporting channel is therefore provided by an external partner, WhistleB Whistleblowing Centre AB, Stockholm, Sweden. The reporting procedure is encrypted and password-protected, providing a secure, bidirectional communication channel. Personal data (e.g. contact details) do not have to be provided and are entirely optional. For more information, please refer to the Terms of Use.

2.7 Statistical evaluation

The Bundesdruckerei Group website uses technologies from etracker GmbH for analysis and statistical evaluation of website use. The information collected about your use of this website is used exclusively to analyze and optimize the quality of our website. Website visit data is anonymized. Neither etracker nor Bundesdruckerei can identify you personally.

etracker uses cookies to record visit data. Cookies are small text files that are stored locally in the cache of your Internet browser and allow your use of the website to be analyzed. The information generated by the cookie about your use of this website is sent to an etracker server located in Germany for storage. For more information about data protection at etracker, go to:

We use Google Ads Conversion Upload for better analysis of our Google Ads campaigns. Google Ads allows the import of conversion data from third-party systems, such as etracker Analytics. When we upload data from etracker Analytics to Google Ads, no personal data is transferred. The only data transferred is statistical data on the number of conversions and, if applicable, the assigned sales value per campaign click.

You can revoke the collection and storage of data at any time. Do to this, click the following link:

2.8 Upload/Download Portal (UDP)

a) Web interface (WebUI) and UDP app

With the UDP, you can now send large amounts of data and/or sensitive data via the web user interface, which is described in this manual, or via the UDP app without having to install special software. Your documents remain encrypted along the entire transmission path and are therefore protected against disclosure to unauthorized persons.    

b) SecuPass

SecuPass encryption, which was developed by FTAPI, enables the transmission of all kinds of files with consistent (end-to-end) encryption. Besides maximum security, another special feature of SecuPass is that these transfers can take place between any persons (or end points) without the need to perform complex key and/or certificate creation and installation procedures. With the UPD, this process is fully automated and is as simple and easy as sending an e‑mail.

c) SubmitBox link

You can use the SubmitBox link in order to send large amounts of data and/or sensitive data via a simple website without having to install special software or remember login data. All you need now is to receive the link (SubmitBox link) from the respective Bundesdruckerei employee. An example of this link is shown below:

More information can be found in the user manual at:

Data categories, purpose of processing and legal basis

As part of its collaboration with business partners, the Bundesdruckerei Group processes personal data for the following purposes:

  • Communication with business partners regarding products, services and projects, for example, to process enquiries from business partners
  • Planning, implementation and management of the (contractual) business relationship between the Bundesdruckerei Group and the business partner, e.g. to handle orders for products and services, collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance or repairs
  • Order processing, e.g. in the context of producing identity documents
  • Conducting customer surveys, marketing campaigns, market analyses, competitions or similar events
  • Maintaining and protecting the security of our products, services and websites, avoiding and detecting security risks, fraud or other criminal or malicious activities
  • Adherence to:
    • legal requirements (e.g. storage obligations under tax and commercial law),
    • existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering or terrorist financing), and
    • Bundesdruckerei's guidelines and industry standards
  • Settling legal disputes, enforcing existing contracts and asserting, exercising and defending legal claims.

The Bundesdruckerei Group may process the following categories of personal data for the aforementioned purposes:

  • Contact information, such as first and last name, address, telephone number, mobile phone number, fax number and e mail address
  • Payment information, such as information required to process payment transactions or prevent fraud, including credit card information and card verification numbers
  • Other information which must be processed within the scope of a project or is needed to conclude a contractual relationship with the Bundesdruckerei Group, or which is voluntarily provided by our contact persons, such as orders placed, inquiries made or project details
  • Information collected from publicly available sources, information databases or credit agencies
  • In as far as required as part of compliance screenings: information on relevant legal proceedings and other legal disputes involving business partners.

Personal data must be processed in order to achieve the above-mentioned purposes, including the execution of the (contractual) business relationship with the business partner. Unless expressly stated otherwise, the legal basis for data processing is Art. 6 (1) (b) and (f) of the EU’s General Data Protection Regulation or the express consent given by our contact person (Art. 6 (1) (a) of the EU’s General Data Protection Regulation).

If the personal data mentioned is not made available or the Bundesdruckerei Group is unable to collect such data, the individual purposes described may not be achieved and in case of doubt it will not be possible to establish or continue business relations.

The Bundesdruckerei Group takes all the necessary technical and organizational precautions to protect personal data against loss or misuse. Your data is stored in a secure operating environment which cannot be accessed by the public.

If you wish to communicate with the Bundesdruckerei Group by e mail, we would like to point out that the confidentiality of the information sent is not guaranteed. Third parties may be able to see the contents of e mails. We hence recommend that you send confidential information by post only.

The Bundesdruckerei Group may transfer personal data to other Bundesdruckerei Group companies for the above-mentioned purposes, but only if this is necessary to fulfil the above-mentioned purposes.

The Bundesdruckerei Group may transfer personal data to courts, supervisory authorities or law firms if this is legally permissible and necessary in order to comply with applicable law or to assert, exercise or defend legal claims.

The Bundesdruckerei Group works together with service providers (so called commissioned data processors), such as service providers for IT maintenance services. These service providers only act on the instructions of the Bundesdruckerei Group and are contractually obliged to comply with the applicable data protection requirements.

The data recipients described in this section 5 may be located in countries outside the European Economic Area (‘third countries’) where applicable law does not guarantee the same level of data protection as in your home country.

In this case, the Bundesdruckerei Group will take measures to secure other appropriate and reasonable guarantees for the protection of personal data.

Personal data will only be transmitted to recipients outside the Group in third countries if they

If no explicit storage period is specified during collection (e.g. within the scope of a declaration of consent), personal data will be deleted as soon as it is no longer required for the business relationship, unless statutory storage obligations (e.g. storage obligations under commercial and tax law) prevent deletion.

If you have consented to the processing of your personal data, you have the right to revoke your consent at any time with effect for the future, i.e. revocation does not affect the legality of the processing carried out on the basis of the consent prior to revocation. Once revoked, Bundesdruckerei may only process the personal data to the extent to which it can base such continued processing on another legal basis. For revocation please send an e-mail to datenschutz-request [at]

Under applicable data protection law, you may have the right:

  • to request confirmation as to whether the Bundesdruckerei Group processes personal data about you and to receive information about the personal data processed by the Bundesdruckerei Group as well as further information (see Art. 15 GDPR),
  • to request the correction of inaccurate personal data (see Art. 16 GDPR),
  • to request the deletion of personal data processed by the Bundesdruckerei Group (see Art. 17 GDPR),
  • to request that the Bundesdruckerei Group restrict the processing of personal data (see Art. 18 GDPR),
  • to receive personal data, which you have provided to the Bundesdruckerei Group, in a structured, customary and machine-readable format or to request that the personal data be transmitted to a third party (see Art. 20 GDPR), or
  • to object to Bundesdruckerei processing your personal data (see Art. 21 GDPR).

If you have exerted your right in relation to the Bundesdruckerei Group to have processing restricted or data rectified or erased, the Bundesdruckerei Group is then obliged to notify each recipient to whom the personal data has been disclosed of this unless this proves impossible involves disproportionate effort.

You are entitled to request information regarding these recipients (see Art. 19 GDPR).

The Bundesdruckerei Group will assist you in all matters relating to data protection. Complaints may also be made and the rights referred to in section 8 may be asserted.

If you have general questions or if you are unsure which company of the Bundesdruckerei Group is the right body to which to turn with your question, you can contact the Bundesdruckerei Group at datenschutz [at]

For direct inquiries to the companies of the Bundesdruckerei Group, please contact one of the following addresses:

The data protection officer responsible for Bundesdruckerei GmbH and Maurer Electronics GmbH can be reached at the following address:

Bundesdruckerei GmbH
Internal Audit, Compliance & Data Privacy Protection
Kommandantenstraße 18
10969 Berlin, Germany
Phone: +49 (0) 30 2598-0
E-mail: datenschutz [at]

The company data protection officer responsible for D-Trust GmbH can be reached at the following address:

D-Trust GmbH
Kommandantenstraße 15
10969 Berlin, Germany
Phone: +49 (0)30 2593 91-0
E-mail: datenschutz [at]

The external data protection officer responsible for genua GmbH can be reached at the following address:

Holzhofer Consulting GmbH
Lochhamer Str. 31
82152 München – Planegg
E-mail: datenschutzbeauftragter-genua [at]

The contact details of the data protection officer responsible for iNCO Sp. z o.o. are as follows:

iNCO Sp. z o.o.
Wawrów 90
66-403 Gorzów-Wlkp, Poland
Tel.: +48 (0)95 7317340
E-mail: iod [at]

The Bundesdruckerei Group always endeavors to address enquiries and remedy complaints received via the above mentioned channels. In addition to the above-mentioned contacts at Bundesdruckerei, it is also possible to contact the relevant data protection supervisory authorities at any time.

The data protection authorities responsible for Bundesdruckerei GmbH and D-Trust GmbH:

for operating as a non-public body:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin, Germany
Tel.: +49 (0) 30 13889-0
Fax: +49 (0)30 2155050
E-mail: mailbox [at]


for operating as a public body:

Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn, Germany
Tel.: +49 (0) 228 997799-0
Fax: +49 (0) 228 997799-5550
E-mail: poststelle [at]

Liason office:
Friedrichstraße 50
10117 Berlin, Germany

The following data protection authority is responsible for genua GmbH and Maurer Electronics GmbH as non-public bodies:

The Bavarian Data Protection Commissioner
Wagmüllerstraße 18,
80538 Munich, Germany
Tel.: +49 (0) 89 212672-0
Fax: +49 (0) 89 212672-50
E-mail: poststelle [at]

The following data protection authority is responsible for iNCO Sp. z o.o.:

Biuro Urzędu Ochrony Danych Osobowych ul. Stawki 2
00-193 Warszawa, Poland
Tel.: +48 (0)22 531 03 00
Fax: +48 (0)22 531 03 01
E-mail: kancelaria [at]