Data protection – an integral part of our company
Protecting personal data is a top priority for Bundesdruckerei Gruppe GmbH and its subsidiaries (jointly referred to as the Bundesdruckerei Group). That’s why we process personal data in accordance with the applicable legal provisions regarding the protection of personal data and data security.
Bundesdruckerei Group is aware of its special obligation to protect each and every citizen’s right to informational self-determination. The data protection officers of the subsidiaries of the Bundesdruckerei Group continuously monitor compliance with the requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG, Bundesdatenschutzgesetz) and other data protection requirements, such as the Telecommunications Telemedia Data Protection Act (TTDSG,Telekommunikation-Telemedien-Datenschutz-Gesetz).
The data controller for the provision of the website and related functions as described within this data protection information is Bundesdruckerei GmbH, Kommandantenstraße 18, 10969 Berlin, Germany. You can reach the data protection officer of Bundesdruckerei GmbH at the above address by adding ‘An den Datenschutzbeauftragten’ (To the data protection officer) and also by e‑mail at: email@example.com
2.1 Data categories, purpose of processing and legal basis
We regularly process the following personal data when you use Bundesdruckerei’s web pages, applications or online tools (‘online offering’):
Personal data, such as
- contact data, e.g., first and last name, e-mail address, telephone number, which you yourself enter voluntarily within the scope of a Bundesdruckerei online offering, for instance, when registering, when making enquiries about contacting us, when participating in surveys, etc.,
- information provided as part of a support request,
- information that is automatically sent to us by your web browser or device, such as your IP address, device type, browser type, previously visited web pages, visited sub-pages or date and time of the respective visitor request.
We process your personal data for the following intended purposes:
- to enable you to make use of the services and functions offered online,
- to verify your identity and enable user authentication,
- to process your enquiry.
The processing of personal data is necessary in order to achieve the aforementioned purposes. Details can be found below in this data protection information. Detailed information is provided on the individual processing series and the legal basis for processing your personal data.
When you visit our website, we collect data while connected via your internet browser and using technically required so-called session cookies. These session cookies enable us to provide the various websites of the Bundesdruckerei Group. They expire when the session ends.
Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent. When cookies are set, the following information is sent to the party that set the cookie (in this case, to us):
- date and time the website was accessed,
- web browser and operating system used,
- complete IP address of the requesting computer,
- volume of data transferred.
The legal basis for the storage of information in the end user’s device is Sec. 25 (2) No. 2 TTDSG. The use of session cookies is absolutely necessary so that we, as the provider of the Bundesdruckerei Group websites (telemedia service), can provide this expressly requested telemedia service.
2.3 Log file processing
Every time this website is accessed or every time a file is retrieved, data about this process is temporarily processed in a log file. The following data is stored:
- date and time the website was accessed,
- web browser and operating system used,
- complete IP address of the requesting computer,
- volume of data transferred.
In the event of attacks (e.g., DDoS attacks) on the communication systems, this data is analyzed and, if necessary, used to initiate legal and criminal prosecution. These log files are deleted after seven days at the latest. The legal basis for this processing of your personal data is Art. 6 (1) (f) GDPR. Our legitimate interest is the investigation of security-related incidents.
Below, we would like to inform you of our newsletter content, as well as the registration, mailing and statistical analysis processes and your rights to object. By subscribing, you consent to receiving this newsletter and to the procedure described. We only send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) with the recipient’s consent or legal permission. Our newsletters contain information on our products, offers, campaigns and innovations from the companies in the Bundesdruckerei Group.
Registration/double opt-in procedure: In order to receive our newsletter you must enter your e-mail address. The disclosure of your first names and surname is optional. Registration for our newsletter is a double opt-in procedure. This means that you receive an email after subscribing, in which you are requested to confirm your subscription. This confirmation is necessary to ensure that no-one can subscribe using third-party or non-existent email addresses. The subscriptions to the newsletter are logged, to allow us to verify the subscription process in accordance with the statutory requirements. In this procedure we store the IP address, the date and time of registration and confirmation. The legal base for storing these data is Article 6 (1) (f) of the GDPR. In cases of doubt, Our legitimate interest lies in being able to prove that informed consent has been given and the newsletter received. After careful consideration has been carried out, the exclusion interests of the visitors to the website are not shown.
The legal base for the delivery of the newsletter and the processing of your personal data is your informed, voluntary consent in accordance with § 7 (2) (2) Unfair Competition Act in conjunction with Article 6 (1) (a) GDPR. All group member companies of the Bundesdruckerei Group are authorised to send you newsletters by e-mail on the basis of this consent.
In order to receive only those newsletters directed towards your interests, you may customise your interests on our website and make an initial selection from the topics available. In accordance with your selection, your informed consent, your e-mail address, your interests and any other information which you have given when registering for our newsletter are forwarded to the appropriate Bundesdruckerei Group member company.
Shipping service provider: The Evalanche application from SC-Networks GmbH, Würmstraße 4, 82319 Starnberg is used to deliver the newsletter. We have concluded a contract on commissioned data processing in accordance with Article 28 GDPR with SC-Networks GmbH. Evalanche's data protection statements are available here: SC-Networks GmbH.
Withdrawal: Your consent is valid until you withdraw it; you can declare withdrawal at any time with effect for the future. You can withdraw at any time via this link: Unsubscribe newsletter or click on the "Unsubscribe" button at the end of every newsletter or send us an e-mail to Datenschutz-Request@bdr.de. The withdrawal of consent does not affect the legality of the processing carried out prior to the withdrawal.
Please note that, if you withdraw your consent to the use of Evalanche, this consent will be erased from our newsletter distribution list and you will no longer receive newsletters from the Bundesdruckerei Group. The withdrawal of consent does not affect the legality of the processing carried out prior to the withdrawal. If you withdraw your consent, the consent data is stored for a reasonable period of time in blocked form. The legal base for this purpose is Article 6 (1) (f) GDPR. Our legitimate interest lies in being able to prove that informed consent has been given and the newsletter received, in cases of doubt. After careful consideration has been carried out, the exclusion interests of the visitors to the website are not shown.
3.2 Premium Content
3.3 Press distribution list
The press distribution list receives press releases from the member companies of the Bundesdruckerei Group. The provision of your e-mail address is necessary for inclusion in the Bundesdruckerei Group press distribution lists. The details of first names and surnames are compulsory; information on your medium is voluntary.
Registration/double opt-in procedure: As part of the double opt-in procedure and prior to delivery by the press distributor, you must expressly confirm that we may activate the delivery of the press distribution list for you. For this reason, you will receive a confirmation and authorisation e-mail from us. We request that you click on the link included in the e-mail and that you confirm to us that you would like to receive our press releases. Please refer to the remarks in Point 3.1 for further details of the type and scope of the data processing related to the double opt-in procedure.
No statistical data is collected from the subscribers and no analyses are conducted.
Your consent is valid until you withdraw it; you can declare withdrawal at any time with effect for the future. You can unsubscribe from the press distribution list via the following link: presseverteiler-abmeldung or unsubscribe by e-mail to Datenschutz-Request@bdr.de. The withdrawal of consent does not affect the legality of the processing carried out prior to the withdrawal.
A contact form is provided so that you can get in touch with us. You can choose whether you wish us to respond to your enquiry by telephone or by e‑mail. You can specify this in a free text field after you have made a pre‑selection for the area to which your enquiry relates. We can then find the right contact person in the Bundesdruckerei Group as quickly as possible. Possible recipients of your data are therefore the internal employees who will answer your enquiry as well as affiliated companies that are relevant for the area of your enquiry.
Some fields are not mandatory. If you nevertheless provide the relevant information, you consent to our processing of your personal data for the purpose of responding to your enquiry.
The legal basis for the processing of your personal data in conjunction with a contact request is Art. 6 (1) (b) GDPR if you are interested in further information about our products. If, on the other hand, you have a different request, we will process your personal data in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to respond to your request.
In order to reach potential colleagues in the best possible way, we operate a company page on popular business networks. The following data protection information therefore applies to the processing of personal data on these portals.
If you want to use our LinkedIn company page, follow our page or engage with the page, LinkedIn processes personal data about this interaction which enables us to analyze user behavior on the basis of statistics. This is the so-called ‘page insights’ function. For these statistical analyses, LinkedIn primarily processes data that you have made available to the platform via information within your profile. In addition, LinkedIn processes information about how you interact with our LinkedIn company page, for instance, if you follow our company page. If we organize so-called ‘polls’, i.e., if we release topic-related surveys on our company website, we will see related analyses showing voting behavior.
LinkedIn does not provide us with any personal data through page insights. We only have access to summarized page insights which do not allow any conclusions to be drawn regarding specific members.
The processing of personal data as part of the page insights function is carried out by LinkedIn and us as joint controllers. The analysis of activities on our LinkedIn company page helps us in our constant efforts to align our PR work with the needs of our users. The legal basis for this processing is Art. 6 (1) (f) GDPR.
We have entered into a joint controller agreement with LinkedIn which lays down the the allocation of data protection obligations between us and LinkedIn. The agreement can be retrieved here. In principle, the company alone is responsible under data protection law for the processing of personal data within the LinkedIn platform. More information about the processing of personal data by LinkedIn can be found here. Please note that LinkedIn processes personal data in the US or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate safeguards in accordance with Art. 46 GDPR.
XING and kununu
When you visit the service, cookies and similar technologies, such as Pixel, may be used to collect information about your use of the service and to make functions available to you. In addition, advertisers or other partners of XING may provide cookies or similar technologies on your device. You can opt to restrict the processing of your data in the privacy settings of your profile. For information on privacy settings, see here.
Depending on your mobile device, you can go to the settings and restrict access by the service to contact and calendar data, photos, location data, etc. This depends, however, on the operating system used.
We process data you enter on XING via our company page on the XING platform, in particular, your (user) name. We process the content published under your account by sharing your posts or when we respond to them. We may also write posts that link to your profile and content, thereby attracting the attention of our followers.
The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our legitimate interest is to interact with potential employees and to present the Bundesdruckerei Group within the network. You can object to this data processing at any time. More information about this can be found under the heading ‘Rights of data subjects’ below.
Kununu is also a brand operated by New Work SE. As a user of kununu, you can request the data saved about you in this application via the following link: https://www.kununu.com/user/inquiry. Further information on data processing in connection with the entire XING service and its applications (such as kununu) can be found in Xing's data protection information.
Inclusion of YouTube videos
Our website embeds videos from YouTube. The provider of this video platform is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland. Only when you call up an embedded video will a connection to the YouTube server be established (so-called two-click method). This tells the YouTube server which of our pages you have visited. In addition, YouTube obtains your IP address. This also applies if you are not logged into YouTube or do not have an account with Google. If you are logged into your Google account on YouTube at the same time, you enable Google to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Google account on YouTube. By the loading of the embedded YouTube video confirmed by you, your IP address could be read by the Google Fonts Tool used by YouTube and forwarded to Google, over which we have no control. For this reason, please load embedded YouTube videos only if you agree to such data forwarding.
Personal data is normally sent to a Google server in the US and stored there. Due to the activation of IP anonymization – _anonymizeIp() – Google will first shorten your IP address within the EU member states or in other signatory states of the Agreement on the European Economic Area. Please note that it cannot be guaranteed that data processing will be carried out at the same level of protection as within the EU. In this respect, we believe that there is a risk that you may have difficulty enforcing your rights as a data subject and that state security authorities disproportionately access data. Moreover, there is no data protection supervisory authority. We expressly draw your attention to this matter.
In order to obtain information about the behavior of users when they visit our websites, we use the web tracking tool etracker from etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. To count visitors, we only use data that the browser transmits anyway. However, for the further purpose of ‘analyzing user behavior’, we anonymize this data so that we do not create user profiles. Web analysis is therefore not carried out on the basis of personal data, but with the help of so-called ‘cross device IDs’ which cannot be referenced to individual users.
The legal basis for the processing of your personal data to analyze your user behavior is your voluntary and informed consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with future effect by sending an e‑mail to: Datenschutz-Request@bdr.de. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
We use Google Ads Conversion Upload for improved analysis of our Google Ads campaigns. Google Ads allows the import of conversion data from third-party systems, such as etracker Analytics. When we upload data from etracker Analytics to Google Ads, no personal data is transferred. The only data transferred is statistical data on the number of conversions and, if applicable, the sales value assigned for each campaign click.
Our employees use their own upload and download portal for the secure exchange of documents. With the help of your e‑mail address, we can assign credentials to you and provide you with documents in a secure way.
a) Web interface (WebUI) and UDP app
With UDP, you can now transmit large amounts of data and/or sensitive data via the web user interface, which is described in this manual, or via the UDP app without having to install special software. Your documents remain encrypted along the entire transmission path and are therefore protected against disclosure to unauthorized persons.
SecuPass encryption, which was developed by FTAPI, enables the transmission of all kinds of files with consistent (end-to-end) encryption. Besides maximum security, another special feature of SecuPass is that these transfers can take place between any persons (or end points) without the need to perform complex key and/or certificate creation and installation procedures. With UPD, this process is fully automated and is as simple and easy as sending an e‑mail.
c) SubmitBox link
You can use the SubmitBox link in order to send large amounts of data and/or sensitive data via a simple website without having to install special software or remember login data. All you need is to receive the link (SubmitBox link) from the respective Bundesdruckerei employee. This link could be as shown in this example: https://udp.bundesdruckerei.de/submit/MMustermann.
More information can be found in the user manual at: https://udp.bundesdruckerei.de/bdr/UDP_Anwenderdokumentation.pdf.
We take all the necessary technical and organizational precautions to protect personal data against loss or misuse. Your data is stored in a secure operating environment which cannot be accessed by the public.
The web pages also contain links to third-party websites. Liability for these websites lies with the respective operators. Bundesdruckerei GmbH is not responsible for the content nor for the data protection provisions of third-party websites.
Bundesdruckerei GmbH may transfer personal data to other Bundesdruckerei Group companies for the above-mentioned purposes only if this is necessary to fulfil the above-mentioned purposes.
Personal data may also be transmitted to courts, supervisory authorities or law firms if this is legally permissible and necessary in order to comply with applicable legislation or to assert, exercise or defend legal claims.
In as far as we cooperate with service providers (so-called commissioned data processors), such as service providers for IT maintenance services, these providers will only act on our instructions and are contractually obliged to comply with the applicable data protection requirements. Bundesdruckerei GmbH remains the controller for data processing.
If no explicit storage period is specified during collection (e.g. within the scope of a declaration of consent), personal data will be deleted as soon as it is no longer required for the intended purpose, unless statutory storage obligations (for instance, storage obligations under commercial and tax law) prevent deletion.
Under applicable data protection law, you generally have the following data subject rights:
- to request confirmation as to whether personal data about you is being processed and to receive information about the personal data processed as well as further information (see Art. 15 GDPR),
- to request the correction of inaccurate personal data (see Art. 16 GDPR),
- to request the deletion of processed personal data (see Art. 17 GDPR),
- to request the restriction of the processing of personal data (see Art. 18 GDPR),
- to receive personal data provided by you, in a structured, customary and machine-readable format or to request that the personal data be transmitted to a third party (see Art. 20 GDPR),
- to object to data processing carried out on the basis of Art. 6 (1) (f) GDPR or for the purpose of direct advertising (see Art. 21 GDPR),
- to revoke consent at any time with effect for the future. Revocation is only effective for the future and will not affect the lawfulness of the processing of personal data up until revocation.
In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with a
data protection supervisory authority.