Data protection declaration

The German Federal Institute for Risk Assessment (BfRshort forGerman Federal Institute for Risk Assessment) attaches great importance to the responsible handling of personal data. We want users to know when which data is collected and used by the BfRshort forGerman Federal Institute for Risk Assessment.

The BfRshort forGerman Federal Institute for Risk Assessment operates websites under the following domains 

We only process personal data to the necessary extent. The basis on which different data is processed depends on the purpose for which the data is required.

1. Who is responsible for data processing and who can I contact?

The German Federal Institute for Risk Assessment is responsible for processing your data in line with Art.short forarticle 4 No. 7 GDPR. You can find our contact details below:

German Federal Institute for Risk Assessment (BfRshort forGerman Federal Institute for Risk Assessment)
Max-Dohrn-Str. 8-10
D - 10589 Berlin
Tel.: 0049 (0)30-18412-0
Fax: 0049 (0)30-18412-99099
E-mail: poststelle@bfr.bund.de
External Link:www.bfr.bund.de/en

If you have questions about the processing of your data or about data protection, please contact our Data Protection Officer:

Janina Rochon
German Federal Institute for Risk Assessment (BfRshort forGerman Federal Institute for Risk Assessment)
Max-Dohrn-Str. 8-10
D - 10589 Berlin
Tel +49 30 18412 31002 
E-mail: dsb@bfr.bund.de

1.1 Implementation, ongoing operation, hosting

3pc GmbH Neue Kommunikation is responsible for the implementation and hosting of the BfRshort forGerman Federal Institute for Risk Assessment website and the distribution of the BfRshort forGerman Federal Institute for Risk Assessment newsletter. Email distribution is handled by BREVO (Sendinblue GmbH).

2. On which legal basis do we process your personal data?

At the BfRshort forGerman Federal Institute for Risk Assessment, personal data is processed in accordance with the External Link:European General Data Protection Regulation (GDPR), the German Telemedia Act (TMG) and the External Link:German Federal Data Protection Act (BDSG).

Provided the BfRshort forGerman Federal Institute for Risk Assessment obtains consent from the person concerned to process their personal data, Art.short forarticle 6 Para. 1 lit. a GDPR serves as the legal basis. Consent can be revoked at any time with future effect. This also applies to revoking consent that was given to us before the GDPR came into effect, i.e. before 25 May 2018.

If personal data required to fulfil a contract is processed where the contract party is the person concerned, Art.short forarticle 6 Para. 1 lit. b GDPR serves as the legal basis in the individual case. This also applies to processing that is required to perform pre-contractual measures.

If personal data needs to be processed in an individual case in order to fulfil a legal obligation, Art.short forarticle 6 Para. 1 lit. c GDPR also serves as the legal basis in conjunction with the relevant legislation from which the legal obligation arises.

In the rare case that vital interests of the person concerned or another individual necessitate processing of personal data, Art.short forarticle 6 Para. 1 lit. d GDPR serves as the legal basis.

The BfRshort forGerman Federal Institute for Risk Assessment processes personal data during performance of its tasks in the public interest. The public tasks of the BfRshort forGerman Federal Institute for Risk Assessment include in particular the tasks and activities assigned to it according to the BfRshort forGerman Federal Institute for Risk Assessment law (BfRG). The legal basis of the processing here is Art.short forarticle 6 Para. 1 lit. e of the GDPR in conjunction with the relevant provisions of the BfRG, in particular § 2 BfRG.

Where necessary, we also process your data for protection of our own justified interests or those of third parties. Examples may include enforcement of legal claims and defence in legal disputes, guaranteeing IT security and IT operation of the BfRshort forGerman Federal Institute for Risk Assessment, PR work of the BfRshort forGerman Federal Institute for Risk Assessment or the prevention of crimes, etc. In such cases, Art.short forarticle 6 Para. 1 lit. f GDPR serves as the legal basis.

3. Which personal data is processed in the context of visits to our website?

3.1   Data collection

Each time a user accesses our web pages and each time a file is opened, data on this process is temporarily processed in a log file on the web server.

The following data in particular is saved on each access operation/file opening:

  • Browser type and version
  • Operating system used
  • Website from which you visit our web pages (referrer URL)
  • Web page that you visit
  • Date and time of access
  • Your Internet Protocol (IP) address in anonymised form

The legal basis for temporary saving of data is Art.short forarticle 6 Para. 1 lit. e and f GDPR. This data is not combined with the user's other personal data.

When using this information, the BfRshort forGerman Federal Institute for Risk Assessment does not draw conclusions about the person in question. Rather, this information is required to:

  • Correctly deliver the contents of our web page
  • Optimise the contents of our web page
  • Guarantee functionality of our IT systems and the technology of our web page

The collected data is transferred to our statistics tool (see 3.3).

3.2 Cookies

Cookies are text files that are saved in the web browser or by the web browser on the user's device. When a user accesses a web page, a cookie can be saved on the user's operating system. This cookie contains a characteristic string that enables unique identification of the browser when the website is accessed again.

Our website uses the following cookies:

Name: fe_typo_user

Function: This cookie is technically necessary for the shopping cart function and other basic functions of our website. It is automatically deleted after the end of the session.

The cookie which are valid during the time of the visit to the website is used on the pages of our ordering service for publications. This is necessary for technical reasons to ensure the correct functioning of the shopping cart function. This takes place on the basis of Art.short forarticle 6 Para. 1 lit. e GDPR in conjunction with Art.short forarticle 3 BDSG in the context of PR work for audience-oriented provision of information. The cookies used are deleted when you end the session. When you close the browser window or access another website, your shopping cart is reset. The shopping cart contents collected up to that point will need to be added again if you end the session but have not yet completed the ordering process.

You can view with any web browser when cookies are set and what they contain. Most browsers are set in such a way that they automatically accept cookies. However, the saving of cookies can be disabled at any time or the browser can be set so that cookies are only saved for the duration of the respective connection to the internet.

If you reject all cookies, the function of the website may be impaired and it may not be possible for the service to be provided in the desired quality.

3.3 Web analysis with the analysis tool Matomo

On the basis of Art.short forarticle 6 Para. 1 lit. e GDPR in conjunction with Art.short forarticle 3 BDSG in the context of PR work, the BfRshort forGerman Federal Institute for Risk Assessment performs statistical evaluation of the user access operations with the Matomo. 

We use Matomo in cookieless modeModeTo glossary. This means that no cookies are stored or read on your device.

Data collected
Matomo only collects technically necessary, anonymised information:

  • IP address (shortened/anonymised)
  • URLs visited and referrer
  • Browser and operating system type and screen resolution
  • Time spent on the individual pages

Purpose and storage
The data is stored exclusively on our own servers. 
There is no link to personal data. 
The data collected is used exclusively for statistical evaluations and optimisation of the website.

Objection
You can object at any time via your browser settings (DoNotTrack) or by using a browser plug-in.

3.4 Which personal data is processed when contact is established?

Personal data is processed depending on the method of contact. We can distinguish here between contact by e-mail and contact via the contact form.

3.4.1 Contact by e-mail

Contact with the BfRshort forGerman Federal Institute for Risk Assessment by e-mail can be made via

  • The individual work e-mail addresses of the employees
  • The e-mail address for the specific role
  • The central e-mail address (poststelle@bfr.bund.de)

If you use one of the methods of contact listed above, the data transmitted by you (e.g. first name, surname, address etc.), but at least the e-mail address, as well as the information contained in the e-mail (including any personal data provided by you) will be processed for the purposes of contacting you and handling your issue. We advise you that data processing takes place on the basis of Article 6 Paragraph 1 lit. e GDPR in conjunction with Art.short forarticle 3 BDSG. It is necessary to process the personal data transmitted by you in order to handle your issue.

3.4.2 Contact via the contact form 

You can also use the contact form on our website to send your query to the BfRshort forGerman Federal Institute for Risk Assessment

The contents of the contact form are transmitted via an encrypted https connection.

Captcha forms in forms are checked via friendlycaptcha. No cookies are set or data transferred. friendlycaptcha.com/privacy/gdpr/

If a user makes use of this possibility, the data entered in the input form is transmitted to us and saved. This data comprises:

  • First name and surname *
  • E-mail address *
  • Institution (if applicable)
  • Telephone
  • Street and house number
  • Postal code and city
  • Subject *
  • Private/business *

  • Your message *

     

    * Required field

If you use the contact form for communication, you need to enter your title, first name, surname, subject, private/business and your message and e-mail address. Without this information, the issue outlined in the contact form cannot be handled. To order information material to be sent by post, you need to enter your address (see item 3.6.2). We process the personal data described above in accordance with the provisions of the GDPR and the BDSG on the basis of your consent (Art.short forarticle 6 Para. 1 lit. a GDPR).

Your data is processed internally at the BfRshort forGerman Federal Institute for Risk Assessment exclusively by the responsible employees. Your data is not passed on to any third parties. Processing only takes place in Germany. Through technical and organisational measures, we ensure that your data is protected against accidental or intentional manipulation as well as unauthorised access. Your transmitted data is saved until revoked to process your request, and for any inquiries. It is generally deleted after 12 months. Other periods may apply in the context of legal retention periods. If you wish to change or delete your data, you can notify us of this at any time using the method most convenient for you.

3.5 Which personal data is processed in the context of the use of social networks?

The BfRshort forGerman Federal Institute for Risk Assessment is active on social networks. The social networks in which the BfRshort forGerman Federal Institute for Risk Assessment is active are listed in the footer of the BfRshort forGerman Federal Institute for Risk Assessment website. The BfRshort forGerman Federal Institute for Risk Assessment website only provides links to our Institute's presence on the respective platforms. The BfRshort forGerman Federal Institute for Risk Assessment does not save any data relevant to data protection for this purpose. By leaving the BfRshort forGerman Federal Institute for Risk Assessment website and accessing external social media platforms, you are subject to their own data protection policies and data collection practices. The BfRshort forGerman Federal Institute for Risk Assessment has no influence over these. 

Data protection policies of the social media platforms used by the BfRshort forGerman Federal Institute for Risk Assessment:

Instagram/Threads: External Link:https://help.instagram.com/519522125107875

LinkedIn: External Link:https://de.linkedin.com/legal/privacy-policy

X: External Link:https://x.com/de/privacy

Bluesky: External Link:https://bsky.social/about/support/privacy-policy

Mastodon: External Link:https://mastodon.social/privacy-policy

YouTube/Google: policies.google.com/privacy

3.6 Which personal data is processed in the context of information provision?

The processing of personal data depends on the type of information provision, e.g. if you subscribe to a newsletter or order publications from us.

3.6.1 Data for newsletter distribution

If you register on one of the BfRshort forGerman Federal Institute for Risk Assessment newsletter mailing lists, we generally save your e-mail address, the date and time of registration, and the newsletter type you have selected on a server. The data is processed on the basis of your consent according to Article 6 Paragraph 1 lit. a GDPR. We only use this data for sending the relevant newsletter. We do not forward the data to any third parties.

The registration system with an additional confirmation message containing a link to the final registration (double opt-in) ensures that you explicitly wish to receive the newsletter.

On registration, your data is saved on our server and a confirmation message with a link to final registration is sent to the given e-mail address.

Your data for newsletter distribution is only saved for the duration of use of our newsletter service when you confirm the link in the e-mail.

If you no longer agree to the saving of your data for this purpose and therefore no longer wish to use our service, you can unsubscribe from our newsletters at any time. The data provided by you is then deleted. Please use this link to deregister. You will need the e-mail address that you gave when you registered.

3.6.2 Ordering BfRshort forGerman Federal Institute for Risk Assessment publications

If you order brochures, flyers or other printed documents via our website, processing of your personal data according to Article 6 Paragraph 1 lit. b GDPR is necessary in order to carry out pre-contractual measures and fulfil the contract (providing the relevant publication).

The following personal data must be specified to process the order:

  • Name
  • Street address
  • Post code and town/city
  • E-mail address

This data is processed in the context of the order. The data that you provide is processed by the BfRshort forGerman Federal Institute for Risk Assessment or forwarded to a service provider commissioned with sending the publication. The service provider who works for us is obliged contractually and legally according to Art.short forarticle 28 GDPR to ensure performance of technical and organisational measures in such a way that processing takes place in accordance with the requirements of the GDPR and protection of your rights is guaranteed.

If the data specified above is not available, it is not possible for the order to be processed.

The data transmitted by you will be deleted after the order is complete or after the expiry of legal retention periods.

3.7 Session Storage

The watch list is saved via session storage, i.e. the temporary data is deleted as soon as the browser or tab is closed.

4. Is data transferred to a third country or an international organisation?

Transfer of data to countries outside of the EU or the EEA (so-called third states) only takes place if this is contractually required, prescribed by law or in the context of order data processing. If order data processors in a third country are used, these processors are contractually obliged to comply with the data protection regulations of the EU.

5. What data protection rights do I have?

The BfRshort forGerman Federal Institute for Risk Assessment guarantees you the following rights with respect to your personal data:

  • The right to information according to Art.short forarticle 15 GDPR
  • The right to rectification according to Art.short forarticle 16 GDPR
  • The right to erasure according to Art.short forarticle 17 GDPR
  • The right to restriction of processing according to Art.short forarticle 18 GDPR
  • The right to object from Art.short forarticle 21 GDPR
  • The right to data portability from Art.short forarticle 20 GDPR

The restrictions according to Arts. 34 and 35 BDSG apply to the rights to information and erasure.

You can revoke consent given to us to process personal data at any time with future effect. This also applies to revoking consent that was given to us before the General Data Protection Regulation came into effect, i.e. before 25 May 2018.

You can assert the rights specified above to the BfRshort forGerman Federal Institute for Risk Assessment under poststelle@bfr.bund.de or by post to the postal address of the BfRshort forGerman Federal Institute for Risk Assessment given at the beginning of this data protection declaration.

Furthermore, you have the right to complain to the regulatory authority for data protection (German Federal Commissioner for Data Protection and Freedom of Information), cf. Art.short forarticle 77 GDPR in conjunction with Art.short forarticle 19 BDSG.

You can also contact the Data Protection Officer at the BfRshort forGerman Federal Institute for Risk Assessment (dsb@bfr.bund.de) with questions or complaints.

6. Data protection information with respect to the production and use of photos and/or video recordings pursuant to Art.short forarticle 13 GDPR

Information can be found here (in German) .

7. Changes to the data protection declaration

The BfRshort forGerman Federal Institute for Risk Assessment reserves the right to modify this data protection declaration so that it always adheres to the current legal requirements. We recommend that you read our data protection declaration regularly in order to stay up to date regarding the protection of the personal data that we collect.

Status:

Our newsletters

The BfRshort forGerman Federal Institute for Risk Assessment offers you various newsletters in German and English.