We accord high priority to the protection of personal data. We want our users to be aware of the personal data that we process and when we process it. We have also implemented technical and organisational measures to ensure that all data protection regulations are complied with by ourselves and our processors.
It is possible to use the bmvg.de website without disclosing any personal data. We only process personal data to the extent that is necessary. If the processing of personal data is necessary, it is always compliant with the requirements of the European Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG).
1. What are personal data?
According to Article 4 (1) GDPR personal data is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier.
2. Data processing
a) Access to the website
The legal basis for data processing is Article 6 (1) e) GDPR in connection with Section 3 BDSG.
Every time a user accesses the website and each time a file is accessed data pertaining to this process are temporarily processed for statistical and security purposes in a log file. The IP address is automatically erased after 80 days.
In particular, the following data are processed each time the website/files are accessed:
- Date and time of the access request
- Referrer URL (uniform resource locator)
- Browser type, version and language
- Website loading time
- Operating system
- Device type, model and make
- Screen resolution
- IP address
- Requested downloads
- Number of clicks
- Country and region
- Clicks on outgoing links/ links to other domains
These data are only processed for statistical purposes and to improve the website experience. They are not analysed in order to trace them back to the user.
b) E-mail contact
If you contact us by e-mail, the data you provide (in particular name, address and, at least, e-mail address, as well as the information contained in the e-mail/ personal data) are processed within the effective time limits for the archiving of written material. The legal basis for the processing of these data is Article 6 (1) e) GDPR in connection with Section 3 BDSG. Personal data which you have provided is only processed for the purposes of contacting you and dealing with your enquiry.
Your IP address is also recorded. The IP address is only used for state law enforcement and security measures in compliance with statutory provisions.
c) Contact form use
If you want to use the contact form we will ask you to disclose personal information so that we can process your request or query. It is up to you whether you provide this data or not. The date and time of your query and your IP address are also transmitted to us.
No automated decision making takes place. The data will be passed on to the department responsible for processing it and externally to processors only. Your data will be processed by e-mail. The content of the contact form is transmitted with SMTP/TLS encryption. The contact e-mail address stores your data on protected servers in Germany. For technical reasons relating to encrypted transmission it is not always possible to send a confirmation mail. This is why you will only receive an anonymous confirmation. We would like to point out that communicating via e-mail may not be secure. For example, e-mails can be intercepted and viewed by other internet users on their way to the recipient.
The processing and storage of enquiries in electronic – and paper – form is carried out in accordance with the time limits for the archiving of written material.
d) Contact via the citizen’s hotline
If you contact us via the citizens’ hotline at +49 (0) 30/1824-24242 no personal data is processed. Personal data will only be processed if you request a call back or a written reply. In those cases, processing is as per the information provided in 2.c).
3. Disclosure of personal data to third parties
Personal data which you provide to us will be passed on to the department responsible for processing and external processors if this is necessary to process your enquiry.
Data which are saved to log files when you visit our website are transferred to third parties if a legal obligation exists for us to do so, or if the transfer is necessary due to attacks on federal government communication technology, or for the purposes of law enforcement or prosecution. Personal data is not otherwise transferred, nor is it merged with data from other sources.
a) Statistical analysis/ web analysis
On the basis of Article 6 (1) e) GDPR in conjunction with Section 3 BDSG we analyse usage information for statistical purposes. We use the Matomo web analytics service for statistical analysis of visits to this website. The data collected in this way are used in anonymous form to analyse use of the bmvg.de website and improve the user experience.
When details of our website are accessed, the following data are stored:
- IP address of the accessing system in anonymous form
- Accessed website
- Referrer website
- Sub-pages that are accessed from the accessed website
- Time spent on the website
- Frequency of visits to the website
By using this website you consent to Matomo processing the collected data in the manner described and for the purposes specified above. You can prevent Matomo from collecting data by activating the ‘do not track’ function in your browser settings. In most browsers, this function can be found in ‘Settings -> Privacy’. You can also deactivate the following plug-in.
You can continue to use our website without impairment when the ‘do not track’ function is activated. In that case, Matomo will be informed by your browser not to collect any data. However, when the ‘do not track’ function is activated you may experience usage restrictions on other websites.
We only use session cookies on our website for the demand-oriented provision of information in accordance with Article 6 (1) e) GDPR. Cookies are small files that are automatically created by the user’s browser and stored on the user equipment when you visit our website.
Information is stored in the cookie relating to the user equipment. However, this does not mean that we are able to obtain knowledge of the user's identity.
Session cookies are deleted when you leave the website again. They allow us to identify users that have visited our websites before and help us to optimise the user experience.
Most browsers automatically accept cookies. However, you can change your browser settings so that it either doesn’t store cookies on your device or so that it only stores them until you end the session and always notifies you before a new cookie is created. If you deactivate all cookies, you may not be able to use all of the functions on our website.
5. Social media privacy statement
We take the current debate on privacy in the social networks very seriously. There is no legislation at this time governing whether and to what extent the social media networks have ensured compliance of their services with the European data protection regulations.
We therefore specifically draw your attention to the fact that the services used by the Federal Ministry for Defence (BMVg) such as YouTube, Facebook, Instagram, Twitter and Flickr save user data in accordance with their data privacy policies and use them for commercial purposes. The BMVg has no influence over the collection and use of data by the social networks. For example, we are not aware of the extent of data stored, the location at which the data are stored and duration of storage, whether the social networks comply with existing data erasure obligations, whether the data are analysed or merged, and to whom they are transferred.
6. Your rights
Article 6 (1) a) of the European General Data Protection Regulation grants you the right to revoke your consent with future effect at any time; This does not affect the lawfulness of processing up to the time of consent withdrawal (Article 7 (3) GDPR). In addition to the right of revocation, data subjects are accorded the following rights: the right to access (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR), the right to object to processing (Article 21 GDPR), and the right not to be subject to a decision based solely on automated processing (Article 22 GDPR). You also have the right to lodge a complaint with the Commissioner for Data Protection and Freedom of Information, Husarenstrasse 30, 53117 Bonn (Article 77 GDPR).
7. Data privacy responsibility
The body responsible for data protection is the Federal Ministry of Defence, Stauffenbergstrasse 18, 10785 Berlin.
8. Data protection officer
If you have any specific questions about the protection of your personal data, please contact the data protection officer: Bundeswehr Data Protection Officer, Federal Ministry of Defence, R II 4, Fontainengraben 150, 52123 Bonn. Contact: BMVgRII4 [at] bmvg.bund.de