Statement on Data Protection
The Federal Ministry of Education and Research (BMBF) takes the protection of your personal data very seriously which is why personal data is only processed by us as necessary. What data is needed and processed for what purpose and on what basis depends on the type of service that you use and on the task for which we need it.
The term 'personal data' refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
This statement on data protection provides you with detailed information on what data is collected for what purpose and on what basis, how you can contact the 'data controller' (the responsible entity) and the Data Protection Officer and what rights you have concerning the processing of personal data.
1. Data Controller and Data Protection Officer
The entity which has responsibility for the processing of personal data (the 'controller') is the
Bundesministerium für Bildung und Forschung /
Federal Ministry of Education and Research (BMBF)
Phone: +49 (0)228 9957-0
Fax: +49 (0)228 99578-3601
If you have specific questions concerning the protection of your data, please contact the BMBF’s Data Protection Officer:
Bundesministerium für Bildung und Forschung
Phone: +49 (0)228 9957-3369
Fax: +49 (0)228 9957-8-3369
This statement provides you with an overview of how the BMBF ensures the protection of your data and what type of data is collected and for what purpose and on what basis.
2. Processing of data resulting from your visit to this website
This website is supported by Project Management Jülich, Forschungszentrum Jülich GmbH, on behalf of the BMBF and hosted on servers of Forschungszentrum Jülich.
Whenever a website is visited, certain data is collected and exchanged which is needed to provide the service requested The data concerned is:
- IP address
- your browser type and version
- the operating system used
- the web page accessed
- the page previously visited (referrer URL)
- the time of server request
This data is stored in log files on an external server at our service provider "Project Management Jülich, Forschungszentrum Jülich GmbH" even after your visit to the website.
When using this general data and information, Project Management Jülich, Forschungszentrum Jülich GmbH, will not draw any conclusions regarding the person concerned. This information is required to (1) deliver content on our website correctly, (2) optimize content for delivery on our website, (3) ensure the permanent operability of our IT systems and website technology and (4) provide prosecuting authorities with the information necessary for prosecution in the event of a cyberattack. The data and information collected anonymously by Project Management Jülich, Forschungszentrum Jülich GmbH, are analysed for statistical purposes and with the aim of increasing data protection and data security in order to ultimately guarantee optimum protection of the personal data processed by Project Management Jülich, Forschungszentrum Jülich GmbH. Server log file data is stored separately from all the personal data provided by any person concerned. The legal basis for data processing is Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with Section 3 of the German Federal Data Protection Act (BDSG) and Section 5 of the Act on the Federal Office for Information Security (BSIG).
If you have given your consent in accordance with Article 6 (1) (a) of the GDPR, the BMBF, together with its service provider contracted for support and development “Project Management Jülich, Forschungszentrum Jülich GmbH”, will analyse information on your use of our website for statistical purposes as part of public relations work and for the purpose of providing information on tasks within the BMBF’s remit as needed.
It does so using the Matomo web analytics service.
The software uses permanent cookies to recognize visitors returning even after longer periods of time. This information is stored as a text file on the hard drive of the user’s computer. The cookie is valid for 13 months after which it deletes itself.
The software also uses session cookies. Session cookies are small information units that are stored by the provider of a website in the active memory of the visiting user’s computer. A randomly generated, unique ID number, a so-called session ID, is stored in a session cookie. A cookie also contains information on its origin and the period of time it is to be stored on a computer. These cookies cannot store any further types of data. The software uses session cookies to provide for the unambiguous identification of visitors.
The following data is stored when individual pages of our website are accessed:
- Two bytes of the IP address of the user’s retrieving system (anonymous)
- The accessed web page
- The website from which the user reached the accessed web page (referrer)
- The sub-pages loaded via the accessed web page
- The length of time spent on the web page
- How often the page has been accessed
The software is configured so that IP addresses are stored incomplete with 2 bytes concealed (e.g. 192.168.xxx.xxx). This makes it impossible for the shortened IP address to be linked to the retrieving computer, meaning that you remain anonymous as the user.
The relevant software runs only on the web servers of the service provider “Project Management Jülich, Forschungszentrum Jülich GmbH” on behalf of the BMBF. These are the only servers where information on your use of the website is stored. No data is disclosed to third parties.
If you want to modify your decision regarding use of the cookie for web analytics purposes and give your consent or withdraw it again, you can do this by changing your settings before continuing your visit. The default setting for web analytics is that they are disabled.
Please note that the providers Twitter, YouTube and Google are based in a so-called third country, here the USA, within the meaning of the GDPR. In its decision of July 16, 2020, Case C-311/18 ("Schrems II"), the Court of Justice of the European Union (CJEU) invalidated the European Commission's decision on EU-US data protection obligations (Privacy Shield Decision 2016/1250) explained. A data protection level that is essentially comparable to the European data protection standards does not exist for the USA.
As a result, there is no valid adequacy decision by the European Commission with regard to the transfer of personal data to the USA within the meaning of 45 Para. 1, 3 GDPR. Furthermore, there are no so-called suitable guarantees within the meaning of Art. 46 Paragraph 2, 3 GDPR, which enable a corresponding level of protection without further measures. It cannot be ruled out that a company based in the USA may grant government agencies access to the processed personal data. Personal data could therefore be passed on to third parties. The rights of those affected may not be able to be enforced.
Therefore, the transmission of the data (IP address) in the context of the use of Twitter, YouTube or Google is only possible with your express consent in accordance with Article 49 Paragraph 1 lit.
3. Collection of personal data when contacting us
This website contains data which supports quick electronic contact and direct communication with us, including a general email address. If a person concerned enters into contact with the entity responsible for processing or the service provider by email or via a contact form, the personal data provided by that person will be stored automatically. Such data provided voluntarily by the person concerned to the entity responsible for processing will be stored for processing purposes or for contacting that person. The legal basis for this is Article 6 (1) (a) GDPR and Article 6 (1) (e) GDPR in conjunction with Section 3 of the German Federal Data Protection Act (BDSG).
The data you provide is stored for the sole purpose of responding to your enquiry and in accordance with the statutory and contractual requirements. If the staff of "Projektträger Jülich, Forschungszentrum Jülich" are unable to respond to your enquiry, it will be forwarded to the BMBF.
BMBF staff will only process the data communicated to the extent necessary to respond to your enquiry. The data is stored in these cases in accordance with the statutory periods for retaining records set out in the Registry Directive (Registraturrichtlinie, RegR), which supplements the Joint Rules of Procedure of the Federal Ministries (Gemeinsame Geschäftsordnung der Bundesministerien, GGO).
Where the enquiry involves a matter which concerns another service provider or funding recipient of the BMBF or which can only be answered by that service provider or funding recipient, the enquiry will be forwarded to that party together with the personal data required for responding to your enquiry. The service provider or funding recipient processes your data for the sole purpose of responding to your enquiry and in accordance with the statutory and contractual requirements.
In these cases, the data will be passed on in compliance with Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with Section 3 of the German Federal Data Protection Act (BDSG) for the purpose of fulfilling the BMBF’s tasks.
Furthermore, it may be necessary for the purposes of legal and operational supervision to disclose your personal data which has been supplied to us to those authorities supervised by us in connection with your enquiry. In such cases, the data will be forwarded in accordance with Section 25 (1) BDSG in conjunction with Section 23 (1) (6) BDSG.
Under Section 1 of the Act on the Powers of the Petitions Committee of the German Bundestag (Gesetz über die Befugnisse des Petitionsausschusses des Deutschen Bundestages, GGArt45cG), the BMBF is required to transmit your personal data to the Petitions Committee of the German Bundestag where it is necessary for the purpose of preparing decisions on complaints in accordance with Article 17 of the German Basic Law (Grundgesetz, GG).
4. Processing of personal data in the context of newsletter delivery
To receive the newsletter offered on our website, you can register via our form. We use a double opt-in procedure. This means that a confirmation email is sent to the email address you entered, which in turn requests your confirmation. Your registration becomes effective only after you click on the activation link in the confirmation email. If you do not click on the activation link, your data will be erased after four weeks. We use the data provided by you for the exclusive purpose of delivering the newsletter, which may include information or services.
We deliver our newsletter by rapidmail. Your data is therefore disclosed to the rapidmail GmbH, which is prohibited from using your data for purposes other than delivery of our newsletter. The rapidmail GmbH is not allowed to disclose or sell your data. rapidmail is a certified German newsletter software provider which was selected carefully in accordance with the requirements of the GDPR and the BDSG.
The data provided will be processed on the basis of your consent in accordance with Article 6 (1) (a) of the General Data Protection Regulation (GDPR). You can withdraw your consent to the storage of your data and its use for newsletter delivery at any time, e.g. using the unsubscribe link in the newsletter. The lawfulness of processing your personal data on the basis of the consent provided by you remains valid until your withdrawal of consent has been received.
5. Social networks
This website enables users to share content via the social networks Facebook or Twitter. No data is sent to the social network concerned until the user clicks on the Share function.
6. Your rights
You have the following rights vis-à-vis the data controller concerning your personal data:
- right of access (Article 15 GDPR)
- right to rectification (Article 16 GDPR)
- right to erasure (Article 17 GDPR)
- right to restriction of processing (Article 18 GDPR)
- right to object to collection, processing and/or use (Article 21 GDPR)
- right to data portability (Article 20 GDPR)
- If the personal data is processed on the basis of your consent (in accordance with Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of processing your personal data on the basis of the consent provided by you remains valid until your withdrawal of consent has been received.
You may exercise the aforementioned rights by sending an email to firstname.lastname@example.org or email@example.com.
You also have the right to submit a complaint to the supervisory authority under data protection law (Federal Commissioner for Data Protection and Freedom of Information).