Data protection – an integral part of our company

Data protection forms an integral part of Bundesdruckerei's philosophy. It applies to all customers, suppliers and staff as well as to all work areas and processes.

Privacy policy

Protecting personal data is a top priority for Bundesdruckerei GmbH, Kommandantenstraße 18, 10969 Berlin, Germany, and its subsidiaries (together “Bundesdruckerei”). That’s why Bundesdruckerei processes personal data in accordance with the applicable legal provisions regarding the protection of personal data and data security.

Data protection forms an integral part of Bundesdruckerei's philosophy. It applies to all customers, suppliers and staff as well as to all work areas and processes.

Bundesdruckerei is aware of its special obligation to protect each and every citizen's right to informational self-determination. The company’s data protection officer continuously checks that Bundesdruckerei complies with the requirements of the General Data Protection Regulation (GDPR), the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG (new)) and other statutory data protection requirements.

This means that the personal data, which Bundesdruckerei needs on a temporary basis, for instance, to produce ID documents, is handled strictly in line with data protection laws. It goes without saying that Bundesdruckerei also protects the data of its customers, suppliers and employees in just the same way.

Accreditation of the company according to DIN EN ISO 9001, especially ISO/IEC 27001 and CWA 14641, also warrants outstanding quality.

Data categories, purpose of processing and legal basis

Bundesdruckerei processes the following personal data when you use Bundesdruckerei websites, applications or online tools ("Bundesdruckerei’s online offering"):
Personal data that you voluntarily enter in the context of a Bundesdruckerei online offering (e.g. when registering, making contact or participating in surveys, etc.), such as your first and last name, e-mail address, telephone number, information provided in the context of a support enquiry, comments or forum contributions and information that is automatically sent to us by your web browser or device, such as your IP address, device type, browser type, previously visited website, pages visited or date and time of the respective visitor enquiry.
We process your personal data for the following purposes:

  • to enable you to make use of Bundesdruckerei online offering,
  • to verify your identity and enable user authentication,
  • to process your enquiry, and
  • to enforce our Terms of Use, to assert or defend against legal claims and to defend and prevent fraudulent and similar acts, including attacks on our IT infrastructure.

The processing of personal data is necessary in order to achieve the aforementioned purposes. Unless expressly stated otherwise when personal data is collected, the legal basis for data processing is as follows:

  • the performance and fulfilment of a contract with you (Article 6 (1) (b) of the General Data Protection Regulation),
  • the fulfilment of legal obligations to which Bundesdruckerei is subject (Article 6 (1) (c) of the General Data Protection Regulation), or
  • the protection of Bundesdruckerei's legitimate interests (Article 6 (1) (f) of the General Data Protection Regulation). Bundesdruckerei has a legitimate interest in processing your personal data for the purpose of offering and operating Bundesdruckerei online services.

In some cases, we expressly ask you to consent to the processing of personal data. In this case, your consent forms the legal basis for processing personal data (Article 6 (1) (a) of the General Data Protection Regulation).

We ensure that we only process your personal data if you have previously provided us with your consent as required by the GDPR and the German Act Against Unfair Competition (UWG) in individual cases and have not revoked this consent.

Ordering newsletters and whitepapers

We need your name and your e-mail address if you wish to receive our newsletters and whitepapers. Before we can send the newsletter or whitepaper, respectively, to you, you must expressly confirm using the so-called double opt-in procedure that you want us to activate the newsletter mailing and whitepaper download service for you. You will then receive a confirmation and authorization e-mail from us, requesting that you click on the link in the e-mail to confirm that you would like to receive our newsletter or the download link for the whitepaper. Your e-mail address will only be used by us and will not be forwarded to any third party.

We use Evalanche to process your order for the newsletters offered on Bundesdruckerei's microsites. Evalanche will not pass on your personal data required to receive the newsletter to third parties. Evalanche is an analysis service of SC-Networks GmbH, Enzianstraße 2, 82319 Starnberg. Evalanche uses so-called "cookies", i.e. text files which are stored on your computer and enable your use of the newsletter to be analysed. The information generated by the cookie about your use of the newsletter (including your IP address) is read out and sent to a server in Germany.

You can unsubscribe from the newsletter by clicking on the link in the newsletter or by sending a written message to Bundesdruckerei GmbH, keyword: Newsletter, Kommandantenstraße 18, 10969 Berlin.

Use of cookies

We use so-called "session cookies" which are temporarily stored only for the duration of your visit to one of our web pages.

In order to publish advertising that meets with your wishes, we use AdServer technology from Adform. If you have opted in for use of the feature, a cookie will be stored on your device (for instance, on your PC or smartphone). This cookie is used to transmit an anonymous device ID which is generated from various features of your device. The cookie will be automatically deleted if you do not interact with our advertising for 30 days.

You can also cancel the use of the software at any time (in banner advertising, by restricting the use of cookies in your web browser settings). After the cookie has been generated, data will be sent to the companies Adform and masterplan-media when you interact with our advertising. The following data is then stored: anonymous device ID, IP address without the last two bytes, URL, time and the probable location of the device. Personal data will not be transmitted to third countries within the meaning of the Federal Data Protection Act [BDSG]. The privacy policies of both companies can be found here and here.

If you consent to the use of cookies when visiting Bundesdruckerei’s microsites for purely advertising purposes, your personal data will be processed automatically and forwarded to SC-Networks. The following data is then stored automatically: operating system, browser version, device type, session cookies, user agent (an encrypted profile ID) and URL. Personal data will not be transmitted to third countries within the meaning of the General Data Protection Regulation [GDPR]. SC-Networks' privacy policy can be found here.

External links

This privacy policy applies to the website: www.bundesdruckerei.de. The website also contains links to third-party websites. Liability for these websites lies with the respective operators. Bundesdruckerei GmbH is responsible neither for the content nor for the data protection provisions of third-party websites.

If you leave the website www.bundesdruckerei.de, we recommend that you carefully read the privacy policy of each website that collects personal data.

Social media – Two-click method for Twitter, LinkedIn and XING

In order to ensure better data protection, we use the so-called two-click method on our sites rather than provider plug-ins. If you visit our website, your IP address is not automatically forwarded to the provider. Your IP address will only be transmitted if you have pressed the activation button and then the corresponding button. If you do not press the activation button, you are not consenting to the transmission of your IP address and other data. We do not know how your data will be used by third parties, or what type of data is collected. For further information, please contact the respective provider.

Inclusion of Youtube videos

(1) Our offering includes YouTube videos available at http://www.YouTube.com that can be played directly from our website. When you play these videos, this is carried out by YouTube as the provider. These videos are integrated in “extended data protection mode”, i.e. no data about you as the user will be sent to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence over this data transmission.

(2) When you play a video, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in paragraph 2 of this declaration will be transmitted. This takes place regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. When you are logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses it for advertising and market research purposes and/or to design its website to meet user needs. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-orientated advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

(3) Further information on the purpose and scope of data collection and processing by YouTube can be found in Google's Privacy Policy. You can also find further information there about your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Statistical evaluation

Bundesdruckerei GmbH's website uses technologies from etracker GmbH for analysis and statistical evaluation of website use. The information collected about your use of this website is used exclusively to analyse and optimize the quality of our website. Website visit data is anonymized. Neither etracker nor Bundesdruckerei can identify you personally.

etracker uses cookies to record visit data. Cookies are small text files that are stored locally in the cache of the user's Internet browser and allow your use of the website to be analysed. The information generated by the cookie about your use of this website is sent to an etracker server located in Germany for storage. For more information about data protection at etracker, go to: etracker.com/de/datenschutz.html.
You can revoke the collection and storage of data at any time. Do to this, click the following link:

Data categories, purpose of processing and legal basis

As part of its collaboration with business partners, Bundesdruckerei processes personal data for the following purposes:

  • Communication with business partners regarding products, services and projects, for example, to process enquiries from business partners
  • Planning, implementation and management of the (contractual) business relationship between Bundesdruckerei and the business partner, e.g. to handle orders for products and services, collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance or repairs
  • Order processing, e.g. in the context of producing identity documents
  • Conducting customer surveys, marketing campaigns, market analyses, competitions or similar events 
  • Maintaining and protecting the security of our products, services and websites, preventing and detecting security risks, fraud or other criminal or malicious activities
  • Adherence to:
    • legal requirements (e.g. storage obligations under tax and commercial law),
    • existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering or terrorist financing), and
    • Bundesdruckerei's guidelines and industry standards
  • Settling legal disputes, enforcing existing contracts and asserting, exercising and defending legal claims.

Bundesdruckerei may process the following categories of personal data for the aforementioned purposes:

  • Contact information, such as first and last name, address, telephone number, mobile phone number, fax number and e-mail address
  • Payment information, such as information required to process payment transactions or prevent fraud, including credit card information and card verification numbers
  • Other information which must be processed within the scope of a project or is needed to conclude a contractual relationship with Bundesdruckerei, or which is voluntarily provided by our contact persons, such as orders placed, inquiries made or project details
  • Information collected from publicly available sources, information databases or credit agencies
  • In as far as required as part of compliance screenings: information on relevant legal proceedings and other legal disputes involving business partners.

Personal data must be processed in order to achieve the above-mentioned purposes, including the execution of the (contractual) business relationship with the business partner. Unless expressly stated otherwise, the legal basis for data processing is Article 6 (1) (b) and (f) of the EU’s General Data Protection Regulation or the express consent given by our contact person (Article 6 (1) (a) of the EU’s General Data Protection Regulation).

If the personal data mentioned is not made available or Bundesdruckerei cannot collect such data, the individual purposes described may not be achieved and in case of doubt it will not be possible to establish or continue business relations.
 

Bundesdruckerei takes all the necessary technical and organizational precautions to protect personal data against loss or misuse. Your data is stored in a secure operating environment which cannot be accessed by the public.

If you wish to communicate with Bundesdruckerei by e-mail, we would like to point out that the confidentiality of the information sent is not guaranteed. Third parties may be able to see the contents of e-mails. We hence recommend that you send confidential information by post only.
 

Bundesdruckerei may transfer personal data to other Bundesdruckerei Group companies for the above-mentioned purposes, but only if this is necessary to fulfil the above-mentioned purposes.

Bundesdruckerei may transfer personal data to courts, supervisory authorities or law firms if this is legally permissible and necessary in order to comply with applicable law or to assert, exercise or defend legal claims.

Bundesdruckerei works together with service providers (so-called contract processors), such as service providers for IT maintenance services. These service providers only act on Bundesdruckerei's instructions and are contractually obliged to comply with the applicable data protection requirements.

The data recipients described in No. 2 may be located in countries outside the European Economic Area ("third countries") where applicable law does not guarantee the same level of data protection as in your home country.

In this case, Bundesdruckerei will take measures to secure other appropriate and reasonable guarantees for the protection of personal data.

Personal data will only be transmitted to recipients outside the Group in third countries if they

If no explicit storage period is specified during collection (e.g. within the scope of a declaration of consent), personal data will be deleted as soon as it is no longer required for the business relationship, unless statutory storage obligations (e.g. storage obligations under commercial and tax law) prevent deletion.

If you have consented to the processing of your personal data, you have the right to revoke your consent at any time with effect for the future, i.e. revocation does not affect the legality of the processing carried out on the basis of the consent prior to revocation. Once revoked, Bundesdruckerei may only process the personal data to the extent to which it can base such continued processing on another legal basis. For revocation please send an e-mail to datenschutz-request [at] bdr.de.

Under applicable data protection law, you may have the right:

  • to request confirmation as to whether Bundesdruckerei processes personal data about you and to receive information about the personal data processed by Bundesdruckerei as well as further information,
  • to request the correction of inaccurate personal data,
  • to request the deletion of personal data processed by Bundesdruckerei,
  • to request that Bundesdruckerei restrict the processing of personal data,
  • to receive personal data which you have provided to Bundesdruckerei in a structured, current and machine-readable format or to request that the personal data be transmitted to a third party, or
  • to object to Bundesdruckerei processing your personal data.

Bundesdruckerei will assist you in all matters relating to data protection. Complaints may also be made and the rights referred to in No. 5 may be asserted.

You can contact Bundesdruckerei at datenschutz [at] bdr.de for this purpose.

The data protection officer responsible for Bundesdruckerei GmbH, Bundesdruckerei International Services GmbH and Maurer Electronics GmbH:

Dirk Clemens
Bundesdruckerei GmbH
Internal Audit, Compliance & Data Privacy Protection
Kommandantenstraße 18
10969 Berlin, Germany
Tel.: +49 (0)30 2598-0
E-mail: datenschutz [at] bdr.de

The data protection officer responsible for D-TRUST GmbH:

Uta Roßberg
D-Trust GmbH
Kommandantenstraße 15
10969 Berlin, Germany
Tel.: +49 (0)30 2593 91-0
Fax: +49 (0)30 2593 91 2205
E-mail: datenschutz [at] bdr.de

The data protection officer responsible for iNCO Sp. z o.o.:

Daniel Chruściński
Wawrów 90
66-403 Gorzów-Wlkp, Poland
Tel.: +48 95 7317340
Fax: +48 48 95 7317341
E-mail: iod [at] incoscan.com

Bundesdruckerei always endeavours to address enquiries and remedy complaints received via the above-mentioned channels. In addition to the above-mentioned contacts at Bundesdruckerei, it is also possible to contact the relevant data protection supervisory authorities at any time.

The data protection authorities responsible for Bundesdruckerei GmbH, Bundesdruckerei International Services GmbH and D-TRUST GmbH:

for operating as a non-public body:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin, Germany
Tel.: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
E-mail: mailbox [at] datenschutz-berlin.de

and

for operating as a public body:

Federal Commissioner for Data Protection and Freedom of Information
Husarenstraße 30
53117 Bonn, Germany
Tel.: +49 (0)228 997799-0
Fax: +49 (0)228 997799-5550
E-mail: poststelle [at] bfdi.bund.de

The following data protection authority is responsible for Maurer Electronics GmbH as a non-public body:

The Bavarian Data Protection Commissioner
Wagmüllerstraße 18,
80538 Munich, Germany
Tel.: +49 (0)89 212672-0
Fax: +49 (0)89 212672-50
E-mail: poststelle [at] datenschutz-bayern.de

The following data protection authority is responsible for iNCO Sp. z o.o.:

Biuro Urzędu Ochrony Danych Osobowychul. Stawki 2
00-193 Warsaw, Poland
Tel.: +48 22 531 03 00
Fax: +48 22 531 03 01
E-mail: kancelaria [at] uodo.gov.pl