Protecting personal data is a top priority for Bundesdruckerei Gruppe GmbH, Kommandantenstraße 18, 10969 Berlin, Germany, and its subsidiaries (together ‘Bundesdruckerei Group’). That’s why Bundesdruckerei processes personal data in accordance with the applicable legal provisions regarding the protection of personal data and data security.
Data protection forms an integral part of the corporate philosophy of the Bundesdruckerei Group. It applies to all customers, suppliers and staff as well as to all work areas and processes.
The Bundesdruckerei Group is aware of its special obligation to protect each and every citizen's right to informational self-determination. The data protection officers of the Bundesdruckerei Group continuously check the Bundesdruckerei Group for compliance with the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and other statutory data protection requirements.
This means that the personal data, which Bundesdruckerei needs on a temporary basis, for instance, to produce ID documents, is handled strictly in line with data protection laws. It goes without saying that the Bundesdruckerei Group also protects the data of its customers, suppliers and employees to the same extent.
Accreditation of the company according to DIN EN ISO 9001, especially ISO/IEC 27001 and CWA 14641, also warrants outstanding quality.
Data categories, purpose of processing and legal basis
Every time you use Bundesdruckerei’s websites, applications or online tools (‘Bundesdruckerei’s online offer’), the Bundesdruckerei Group processes the following personal data:
Personal data that you voluntarily enter in the context of a Bundesdruckerei online offer (e.g. when registering, making contact or participating in surveys, etc.), such as your first and last name, e mail address, telephone number, information provided in the context of a support enquiry, comments or forum contributions and information that is automatically sent to us by your web browser or device, such as your IP address, device type, browser type, previously visited websites, pages visited or date and time of the respective visitor enquiry.
We process your personal data for the following purposes:
to enable you to make use of the services and functions of Bundesdruckerei’s online offer,
to verify your identity and enable user authentication,
to process your enquiry and
The processing of personal data is necessary in order to achieve the aforementioned purposes. Unless expressly stated otherwise when personal data is collected, the legal basis for data processing is as follows:
the performance and fulfilment of a contract with you (Art. 6 (1) (b) of the General Data Protection Regulation),
the fulfilment of legal obligations to which the Bundesdruckerei Group is subject (Art. 6 (1) (c) of the General Data Protection Regulation), or
the protection of legitimate interests of the Bundesdruckerei Group (Art. 6 (1) (f) of the General Data Protection Regulation). The Bundesdruckerei Group has a legitimate interest in processing your personal data for the purpose of offering and operating Bundesdruckerei’s online offer.
In some cases, we expressly ask you to consent to the processing of personal data. In this case, your consent forms the legal basis for processing personal data (Art. 6 (1) (a) of the General Data Protection Regulation).
We ensure that we only process your personal data if you have previously provided us with your consent as required by the GDPR and the German Act Against Unfair Competition (UWG) in individual cases and have not revoked this consent.
2.1 Ordering newsletters
We require your e mail address if you wish to receive our newsletter. You are not required to provide your first and last name (optional). Before we can send the newsletter to you, you must first use the so-called double opt-in procedure to confirm that you want us to activate the newsletter mailing service for you. You will then receive a confirmation and authorization e-mail from us, requesting that you click on the link in the e mail to confirm that you would like to receive our newsletter. Your e-mail address will only be used by us and will not be forwarded to any third party.
We use Evalanche to process your order for the newsletters offered on the websites of the Bundesdruckerei Group. Evalanche will not pass on your personal data required to receive the newsletter to third parties. Evalanche is an analysis service of SC-Networks GmbH, Enzianstraße 2, 82319 Starnberg, Germany. Evalanche uses so-called ‘cookies’, i.e. text files which are stored on your computer and enable your use of the newsletter to be analyzed. The information generated by the cookie about your use of the newsletter (including your IP address) is read out and sent to a server in Germany.
You can unsubscribe from the newsletter by clicking on the link in the newsletter or by sending a written message to Bundesdruckerei Gruppe GmbH, keyword: Newsletter, Kommandantenstraße 18, 10969 Berlin.
We use so-called ‘session cookies’ which are temporarily stored only for the duration of your visit to one of our web pages.
2.3 External links
2.4 Social media – Two-click method for Twitter, LinkedIn and XING
In order to ensure better data protection, we use the so-called two-click method on our sites rather than provider plug-ins. When you visit our website, your IP address is not automatically forwarded to the provider. Your IP address will only be transmitted if you have pressed the activation button and then the corresponding button. If you do not press the activation button, you are not consenting to the transmission of your IP address and other data. We do not know how your data will be used by third parties, or what type of data is collected. For further information, please contact the respective provider.
2.5 Inclusion of YouTube videos
Our online offer includes YouTube videos available at YouTube.com that can be played directly from our website. When you play these videos, this is carried out by YouTube as the provider. These videos are integrated in ‘extended data protection mode’, i.e. no data about you as the user will be sent to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence over this data transmission.
When you play a video, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in this section 2 will be transmitted. This takes place regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. When you are logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses it for advertising and market research purposes and/or to design its website to meet user needs. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-orientated advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
2.6 Whistleblower system
2.7 Statistical evaluation
The Bundesdruckerei Group website uses technologies from etracker GmbH for analysis and statistical evaluation of website use. The information collected about your use of this website is used exclusively to analyze and optimize the quality of our website. Website visit data is anonymized. Neither etracker nor Bundesdruckerei can identify you personally.
We use Google Ads Conversion Upload for better analysis of our Google Ads campaigns. Google Ads allows the import of conversion data from third-party systems, such as etracker Analytics. When we upload data from etracker Analytics to Google Ads, no personal data is transferred. The only data transferred is statistical data on the number of conversions and, if applicable, the assigned sales value per campaign click.
You can revoke the collection and storage of data at any time. Do to this, click the following link:
2.8 Upload/Download Portal (UDP)
a) Web interface (WebUI) and UDP app
With the UDP, you can now send large amounts of data and/or sensitive data via the web user interface, which is described in this manual, or via the UDP app without having to install special software. Your documents remain encrypted along the entire transmission path and are therefore protected against disclosure to unauthorized persons.
SecuPass encryption, which was developed by FTAPI, enables the transmission of all kinds of files with consistent (end-to-end) encryption. Besides maximum security, another special feature of SecuPass is that these transfers can take place between any persons (or end points) without the need to perform complex key and/or certificate creation and installation procedures. With the UPD, this process is fully automated and is as simple and easy as sending an e‑mail.
c) SubmitBox link
You can use the SubmitBox link in order to send large amounts of data and/or sensitive data via a simple website without having to install special software or remember login data. All you need now is to receive the link (SubmitBox link) from the respective Bundesdruckerei employee. An example of this link is shown below: https://udp.bundesdruckerei.de/submit/MMustermann.
Data categories, purpose of processing and legal basis
As part of its collaboration with business partners, the Bundesdruckerei Group processes personal data for the following purposes:
Communication with business partners regarding products, services and projects, for example, to process enquiries from business partners
Planning, implementation and management of the (contractual) business relationship between the Bundesdruckerei Group and the business partner, e.g. to handle orders for products and services, collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance or repairs
Order processing, e.g. in the context of producing identity documents
Conducting customer surveys, marketing campaigns, market analyses, competitions or similar events
Maintaining and protecting the security of our products, services and websites, avoiding and detecting security risks, fraud or other criminal or malicious activities
legal requirements (e.g. storage obligations under tax and commercial law),
existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering or terrorist financing), and
Bundesdruckerei's guidelines and industry standards
Settling legal disputes, enforcing existing contracts and asserting, exercising and defending legal claims.
The Bundesdruckerei Group may process the following categories of personal data for the aforementioned purposes:
Contact information, such as first and last name, address, telephone number, mobile phone number, fax number and e mail address
Payment information, such as information required to process payment transactions or prevent fraud, including credit card information and card verification numbers
Other information which must be processed within the scope of a project or is needed to conclude a contractual relationship with the Bundesdruckerei Group, or which is voluntarily provided by our contact persons, such as orders placed, inquiries made or project details
Information collected from publicly available sources, information databases or credit agencies
In as far as required as part of compliance screenings: information on relevant legal proceedings and other legal disputes involving business partners.
Personal data must be processed in order to achieve the above-mentioned purposes, including the execution of the (contractual) business relationship with the business partner. Unless expressly stated otherwise, the legal basis for data processing is Art. 6 (1) (b) and (f) of the EU’s General Data Protection Regulation or the express consent given by our contact person (Art. 6 (1) (a) of the EU’s General Data Protection Regulation).
If the personal data mentioned is not made available or the Bundesdruckerei Group is unable to collect such data, the individual purposes described may not be achieved and in case of doubt it will not be possible to establish or continue business relations.
The Bundesdruckerei Group takes all the necessary technical and organizational precautions to protect personal data against loss or misuse. Your data is stored in a secure operating environment which cannot be accessed by the public.
If you wish to communicate with the Bundesdruckerei Group by e mail, we would like to point out that the confidentiality of the information sent is not guaranteed. Third parties may be able to see the contents of e mails. We hence recommend that you send confidential information by post only.
The Bundesdruckerei Group may transfer personal data to other Bundesdruckerei Group companies for the above-mentioned purposes, but only if this is necessary to fulfil the above-mentioned purposes.
The Bundesdruckerei Group may transfer personal data to courts, supervisory authorities or law firms if this is legally permissible and necessary in order to comply with applicable law or to assert, exercise or defend legal claims.
The Bundesdruckerei Group works together with service providers (so called commissioned data processors), such as service providers for IT maintenance services. These service providers only act on the instructions of the Bundesdruckerei Group and are contractually obliged to comply with the applicable data protection requirements.
The data recipients described in this section 5 may be located in countries outside the European Economic Area (‘third countries’) where applicable law does not guarantee the same level of data protection as in your home country.
In this case, the Bundesdruckerei Group will take measures to secure other appropriate and reasonable guarantees for the protection of personal data.
Personal data will only be transmitted to recipients outside the Group in third countries if they
If no explicit storage period is specified during collection (e.g. within the scope of a declaration of consent), personal data will be deleted as soon as it is no longer required for the business relationship, unless statutory storage obligations (e.g. storage obligations under commercial and tax law) prevent deletion.
If you have consented to the processing of your personal data, you have the right to revoke your consent at any time with effect for the future, i.e. revocation does not affect the legality of the processing carried out on the basis of the consent prior to revocation. Once revoked, Bundesdruckerei may only process the personal data to the extent to which it can base such continued processing on another legal basis. For revocation please send an e-mail to datenschutz-request [at] bdr.de.
Under applicable data protection law, you may have the right:
to request confirmation as to whether the Bundesdruckerei Group processes personal data about you and to receive information about the personal data processed by the Bundesdruckerei Group as well as further information (see Art. 15 GDPR),
to request the correction of inaccurate personal data (see Art. 16 GDPR),
to request the deletion of personal data processed by the Bundesdruckerei Group (see Art. 17 GDPR),
to request that the Bundesdruckerei Group restrict the processing of personal data (see Art. 18 GDPR),
to receive personal data, which you have provided to the Bundesdruckerei Group, in a structured, customary and machine-readable format or to request that the personal data be transmitted to a third party (see Art. 20 GDPR), or
to object to Bundesdruckerei processing your personal data (see Art. 21 GDPR).
If you have exerted your right in relation to the Bundesdruckerei Group to have processing restricted or data rectified or erased, the Bundesdruckerei Group is then obliged to notify each recipient to whom the personal data has been disclosed of this unless this proves impossible involves disproportionate effort.
You are entitled to request information regarding these recipients (see Art. 19 GDPR).
The Bundesdruckerei Group will assist you in all matters relating to data protection. Complaints may also be made and the rights referred to in section 8 may be asserted.
If you have general questions or if you are unsure which company of the Bundesdruckerei Group is the right body to which to turn with your question, you can contact the Bundesdruckerei Group at datenschutz [at] bdr.de.
For direct inquiries to the companies of the Bundesdruckerei Group, please contact one of the following addresses:
The data protection officer responsible for Bundesdruckerei GmbH and Maurer Electronics GmbH can be reached at the following address:
The Bundesdruckerei Group always endeavors to address enquiries and remedy complaints received via the above mentioned channels. In addition to the above-mentioned contacts at Bundesdruckerei, it is also possible to contact the relevant data protection supervisory authorities at any time.
The data protection authorities responsible for Bundesdruckerei GmbH and D-Trust GmbH:
for operating as a non-public body:
Berlin Commissioner for Data Protection and Freedom of Information
10969 Berlin, Germany
Tel.: +49 (0) 30 13889-0
Fax: +49 (0)30 2155050
E-mail: mailbox [at] datenschutz-berlin.de
for operating as a public body:
Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn, Germany
Tel.: +49 (0) 228 997799-0
Fax: +49 (0) 228 997799-5550
E-mail: poststelle [at] bfdi.bund.de