Jump to content

Privacy policy

The protection of your personal data is a special concern of the Federal Office of Civil Protection and Disaster Assistance (BBK). Therefore, we process your personal data only to the extent necessary. Which data is required, for what purpose, and on what legal basis it is processed depends primarily on the type of service you use or the specific task for which we need it.

As of: April 23, 2026

Further information on which data is collected for which purpose and on what legal basis, how you can contact the responsible body and the data protection officer, and what rights you have regarding the processing of your personal data can be found in this privacy policy.

The processing of personal data at the BBK is carried out in accordance with the European General Data Protection Regulation (abbrev: GDPR) and the Federal Data Protection Act (abbrev: BDSG).

1. Fundamentals

1.1 Controller and Data Protection Officer

The controller responsible for the processing of your personal data is:

Federal Office of Civil Protection and Disaster Assistance (BBK)
Provinzialstraße 93
53127 Bonn
Germany

Phone: +49 228 99 550-0
Email:

For specific questions regarding the protection of your personal data, please contact the Data Protection Officer at the BBK:

Data Protection Officer at the BBK
Federal Office of Civil Protection and Disaster Assistance (BBK)
Provinzialstraße 93
53127 Bonn
Germany

Phone: +49 228 99 550-0
Email:

1.2 Personal data

Personal data means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.

1.3 Protection of minors

Persons under the age of 16 should not transmit personal data to us without the consent of their parents or legal guardians.
We do not request personal data from children or adolescents, do not knowingly collect such data, and do not pass it on to third parties.

1.4 Legal basis for the processing of personal data

When performing the tasks assigned to it in the public interest, the BBK processes personal data.
These public tasks of the BBK include, in particular, public relations work and, among other things, the provision of information to the public through this website.

The legal basis for this processing is Article 6(1)(e) GDPR in conjunction with the relevant national or European legal provisions defining the tasks in question, and in conjunction with Section 3 of the German Federal Data Protection Act (BDSG).

Where the processing of personal data is required in an individual case to comply with a legal obligation, Article 6(1)(c) GDPR in conjunction with the relevant legal provision establishing the legal obligation constitutes the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR may serve as the legal basis in individual cases. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract. As a civil law contracting party, the BBK is active in particular in the fields of recruitment and procurement.

If the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR constitutes the legal basis.

On the basis of Article 6(1)(e) GDPR in conjunction with Section 5 of the Act on the Federal Office for Information Security (BSI Act), the BBK is obliged to store data for a period extending beyond the time of your visit in order to protect the BBK’s internet infrastructure and the Federal Government’s communication technology against attacks. These data are analysed and, in the event of attacks on the communication technology, used to initiate legal or criminal proceedings. The data are deleted as soon as they are no longer required for the fulfilment of these tasks.

Data logged when accessing the BBK’s online services are only transmitted to third parties where we are legally obliged to do so or where disclosure is necessary in the event of attacks on the Federal Government’s communication technology for the purposes of legal or criminal prosecution.
No data are passed on in any other cases.
The BBK does not merge these data with other data sources (for example for the purpose of creating user profiles).

1.5 Hosting

The hosting services we use from the Federal Information Technology Centre (ITZBund) provide the infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance that we require for operating this online offering.

In this context, we and our processor ITZBund process master data, contact data, content data, contract data, usage data as well as meta and communication data of users of this online offering on the basis of our statutory duties and our public information and public relations mandate, and in the interest of the efficient and secure provision of this online offering in accordance with Article 6(1)(e) and Article 28 GDPR in conjunction with Section 3 BDSG.

2. Data processing in connection with visits to this website

2.1 Access to www.bevoelkerungsschutztag.de

Every time a user accesses the website www.bevoelkerungsschutztag.de and every time a file is retrieved, data relating to this process are temporarily stored and processed in a log file.
Specifically, the following data are stored for each access/retrieval:

  • Date and time of access (timestamp)
  • Request details and target address
  • Protocol version, Hypertext Transfer Protocol method (HTTP method), referrer, user agent string
  • Name of the retrieved file and volume of data transmitted
  • Requested Uniform Resource Locator (URL), including query string, size in bytes
  • Message indicating whether the retrieval was successful (HTTP status code)

Your Internet Protocol (IP) address is not stored in this context.

The log files are stored for 30 days on a server of ITZBund.
On the basis of Article 6(1)(e) of the EU General Data Protection Regulation (GDPR) in conjunction with Sections 5 and 4(2) sentence 1 no. 4 of the Civil Protection and Disaster Relief Act (ZSKG), in the context of its statutory task of self‑protection and informing the population, we are authorised to process these data beyond the time of your visit.

These data are analysed and used for statistical and security purposes as well as for optimisation.
Data logged when accessing the online service www.bevoelkerungsschutztag.de are only transmitted to third parties where we are legally obliged to do so. No data are passed on in any other cases.
The BBK does not combine these data with other data sources.

To ensure the highest possible level of data security, we protect your personal data with the greatest care and by using technological measures such as SSL encryption.
SSL (Secure Sockets Layer) is an encryption protocol successfully used throughout the World Wide Web.

2.2 Use of technically necessary cookies

The website www.bevoelkerungsschutztag.de uses cookies to ensure the technically secure and correct provision of this website.
Cookies are small text files that are exchanged between a web browser and the hosting server. Cookies are stored on the user’s device and sent from there to our site.

You can restrict or completely disable the use of cookies at any time by changing the settings in your web browser.
Cookies that have already been stored can be deleted at any time.
If technically necessary cookies are disabled for our website, this may result in the website not being displayed or functioning in full.

The legal basis for the use of technically necessary cookies is Article 6(1)(e) GDPR in conjunction with Section 25(2) no. 2 of the German Telecommunications and Telemedia Data Protection Act (TTDSG).
Under this provision, no consent from the user is required for the setting of technically necessary cookies.

The following technically necessary cookies are used:

  • JSESSIONID
    Cookie for session management of the application server; does not contain personal data; is not based on the user’s IP address or any other information that would allow tracing back to the actual user; validity ends when the current session expires; the session ID is valid only on the respective server and is not synchronised across different server instances.
  • AL-SESS-S / ALLB
    Cookie of the load balancer/reverse proxy to ensure that a user’s requests within a session are always routed to the same server; serves exclusively for load distribution; validity ends when the current session expires.
  • Cookiebanner
    Set when the cookie banner is closed (“Confirm selection” or “Select all”); the value of the cookie is “closed”.

The cookies listed above do not contain personal data.
No IP addresses or other information are captured that would allow tracing back to the actual user.
All cookies used are only valid for the duration of the current session or until the respective website is closed.

In connection with certain functions on the website, additional cookies are used in order to technically provide the relevant services.
This is necessary, for example, for the brochure ordering service using the shopping basket function.
These cookies are likewise only valid for the duration of the visit to the website.

2.3 Use of optional cookies for web analytics with Matomo

With your consent (Article 6(1)(a) GDPR), the BBK uses the web analytics software Matomo (tracking) and evaluates usage information for statistical purposes as part of its public relations work and to provide needs‑based information on the tasks to be performed by the BBK.
Web analytics is only activated if you explicitly consent to the use of statistics cookies via the cookie banner (opt‑in).

If you have consented to the collection of usage statistics using Matomo, the cookie “matomo_tracking” with the value “true” is set.
The information generated by the cookie is transmitted to servers of the hosting service provider ITZBund and stored there in order to analyse user behaviour.

Matomo is configured in such a way that no personal data are collected; your IP address is anonymised so that it cannot be traced back to you.
The following information is collected via Matomo JavaScript tracking:

  • Anonymised IP address (the IP address is truncated by 2 bytes before the hash is generated and is never stored in full; for example, 77.87.229.100 becomes 77.87.0.0)
  • Date and time of the request
  • Title of the page visited
  • URL of the page visited
  • URL of the previously visited page (referrer URL)
  • Screen resolution used
  • Time zone used
  • Files clicked or downloaded
  • Outbound links clicked to other websites
  • Exit page
  • Time taken to generate the page
  • Browser language used
  • Browser used
  • Operating system used

Visitor logs containing the above information are deleted after 30 days.
Only the aggregated reports remain available for 24 months.
The information generated by the cookie about the use of this online service is not passed on to third parties.

If, despite having given your consent via the cookie banner, you do not agree to the storage and evaluation of data relating to your visit, you can object to this at any time by clicking the relevant option.
In this case, an opt‑out cookie is stored in your browser, which prevents Matomo from collecting any session data in the future.

You can choose whether a unique web analytics cookie may be stored in your browser to enable the operator of the website to collect and analyse various statistical data.
If you do not agree to this, please select the corresponding option so that a Matomo deactivation cookie (opt‑out cookie) is stored in your browser.

A link such as “Open cookie settings” allows you to change your choice at any time.

2.4 Protection against malware and threats to the Federal Government’s communication technology by the Federal Office for Information Security (BSI)

Pursuant to Sections 5 and 5a of the BSI Act (BSIG), the Federal Office for Information Security (BSI) is responsible for protecting the Federal Government’s communication technology and its components against malware and other threats.
For this purpose, the BSI must analyse data arising at the interfaces of the Federal Government’s communication technology and process data generated by the operation of this communication technology to the extent necessary to detect and defend against malware.

A brief overview of how your personal data are processed by the BSI for this purpose is provided below:

Name of processingCategory of personal dataData subjectsPurpose of processingStorage period
Malware detection systemData arising at the interfaces of the Federal Government’s communication technologyFederal employees, email sendersProtection against malware and threats to the Federal Government’s communication technologyDeleted immediately after analysis
Log data analysis systemLog data generated by the operation of the Federal Government’s communication technologyFederal employees, website visitors, email sendersProtection against malware and threats to the Federal Government’s communication technologyDeleted immediately after analysis
Logging data analysis systemLogging data generated by the operation of the Federal Government’s communication technologyFederal employees, website visitors, email sendersProtection against threats to the Federal Government’s communication technology and its componentsDeleted immediately after analysis

2.4.1 Malware detection system

To fulfil its statutory tasks, the BSI operates a malware detection system.
This system automatically analyses incoming and outgoing communication traffic and forwards detected potential attacks for further analysis.
In this context, personal data arising at the interfaces of the Federal Government’s communication technology, such as IP addresses, may also be processed.

Purpose and legal basis

On the basis of Article 6(1)(e), (2) and (3) GDPR in conjunction with Section 5(1) and (3) BSIG, the BSI is authorised to store data beyond the time of your visit or communication in order to detect and protect against attacks on the BSI’s internet infrastructure and on the Federal Government’s overall communication technology.
These data are analysed and are required for defending against malware, threats arising from detected malware and for detecting and defending against other malware (Section 5(3) sentence 2 BSIG).

Recipients of personal data

Personal data analysed under Section 5(3) BSIG are only transmitted by the BSI to other authorities in accordance with Section 5(5) and (6) BSIG.
No data are passed on in any other cases.
The BSI does not combine these data with other data sources.

Transfer to third countries

The BSI does not transfer your personal data to countries outside the EU or EEA or to international organisations.

Storage period

The automated evaluation of interface data takes place without delay.
The data are immediately and irretrievably deleted after matching, unless further analysis under Section 5(3) BSIG is required.
If such analysis is required, the data are deleted as soon as they are no longer needed for the fulfilment of tasks.

2.4.2 Log data analysis system

To fulfil its statutory tasks, the BSI operates a log data analysis system.
For this purpose, the BSI must collect and automatically analyse log data generated by the operation of the Federal Government’s communication technology to the extent necessary to detect, contain or remedy disruptions or faults in the Federal Government’s communication technology or attacks on the Federal Government’s information technology.

Log data within the meaning of the BSIG are control data of an information technology protocol used for data transmission, which are transmitted independently of the content of a communication process or stored on the servers involved in the communication and are necessary to ensure communication between sender and recipient.
Log data may contain traffic data within the meaning of Section 3 no. 30 of the German Telecommunications Act and usage data within the meaning of Section 15(1) of the German Telemedia Act (Section 2(8) BSIG).
Typical log data include, in particular, server or firewall log files and header data of communication protocols such as IP, ICMP, TCP, UDP, DNS, HTTP, SMTP.

Purpose and legal basis

Insofar as log data contain personal data, the BSI is authorised, on the basis of Article 6(1)(e), (2) and (3) GDPR in conjunction with Section 5(1) and (3) BSIG, to store these data beyond the time of your visit in order to detect and protect against attacks on the BSI’s internet infrastructure and on the Federal Government’s communication technology.
These data are analysed and are required for defending against malware, threats arising from detected malware and for detecting and defending against other malware (Section 5(3) sentence 2 BSIG).

Recipients of personal data

Personal data analysed under Section 5(3) BSIG are only transmitted to other authorities in accordance with Section 5(5) and (6) BSIG.
No data are passed on in any other cases.
The BSI does not combine these data with other data sources.

Transfer to third countries

The BSI does not transfer your personal data to countries outside the EU or EEA or to international organisations.

Storage period

The automated evaluation of log data takes place without delay.
The data are immediately and irretrievably deleted after matching.
Where there are concrete indications that, in the event of a confirmed suspicion within the meaning of Section 5(3) sentence 2 BSIG, the log data may be required to defend against threats arising from the detected malware or to detect and defend against other malware, they may be stored for a maximum of 18 months (Section 5(2) sentence 1 BSIG).
If the suspicion within the meaning of Section 5(3) sentence 2 BSIG is confirmed, the data are deleted as soon as they are no longer required for the fulfilment of tasks.

2.4.3 Logging data analysis system

To fulfil its statutory tasks, the BSI operates a logging data analysis system.
For this purpose, the BSI must process logging data generated by the operation of the Federal Government’s communication technology to the extent necessary to detect, contain or remedy disruptions, faults or security incidents in the Federal Government’s communication technology or attacks on the Federal Government’s information technology, provided that interests relating to the protection of classified information or overriding security interests of the bodies concerned do not conflict with this.

Logging data within the meaning of this Act are records of technical events or states within information technology systems.
Logging data serve to detect, contain or remedy disruptions or faults in the Federal Government’s communication technology or to detect, contain or remedy attacks on the Federal Government’s communication technology (Section 2(8a) BSIG).

Purpose and legal basis

Insofar as logging data contain personal data, the BSI is authorised, on the basis of Article 6(1)(e), (2) and (3) GDPR in conjunction with Section 5a sentence 1 BSIG, to process these data in order to defend against threats to the Federal Government’s communication technology and its components, including technical infrastructures required for the operation of the Federal Government’s communication technology.

Recipients of personal data

Within the authority, only those units that require your data to fulfil the above‑mentioned purposes have access to them.
In addition, the BSI only passes on your data if it is legally required or permitted to do so by law or court decision.
No further disclosure to third parties takes place without your consent.
The BSI does not combine these data with other data sources.

Transfer to third countries

The BSI does not transfer your personal data to countries outside the EU or EEA or to international organisations.

Storage period

The automated evaluation of logging data takes place without delay.
The data are immediately and irretrievably deleted after matching.
Where there are concrete indications that, in the event of a confirmed suspicion within the meaning of Section 5a sentence 3, Section 5(3) sentence 2 BSIG, the logging data may be required to defend against threats arising from the detected malware or to detect and defend against other malware, they may be stored for a maximum of 18 months (Section 5a sentence 3, Section 5(2) sentence 1 BSIG).
If the suspicion within the meaning of Section 5a sentence 3, Section 5(3) sentence 2 BSIG is confirmed, the data are deleted as soon as they are no longer required for the fulfilment of tasks.

3. Collection of personal data in the context of contacting us

You can contact staff of the BBK by email, contact form, letter or telephone hotline.
We store your data solely for the purpose of responding to you and processing your request.

The processing of the personal data you provide is necessary in order to handle your enquiry.
For contact via the aforementioned communication channels, the processing of the personal data transmitted and of the content (which may itself contain personal data provided by you) is carried out on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG for the purpose of processing your request.

Retention is carried out in accordance with the applicable retention periods of the “Registry Directive for the handling and management of records in federal ministries” (Registraturrichtlinie für das Bearbeiten und Verwalten von Schriftgut in Bundesministerien, version of 11 July 2001), which supplements the Joint Rules of Procedure of the Federal Ministries (GGO).
The processing of personal data takes place, as described below, depending on the means of contact used.

3.1 Contact by email

You can contact the BBK using the following email address:

If you use email as a means of contact, the data you provide (for example first name, last name, address, and at least your email address) as well as the information contained in the email, which may include personal data you have provided, are stored and processed for the purpose of contacting you and processing your request.

3.2 Email addresses without BBK reference

The website www.bevoelkerungsschutztag.de also provides email addresses of third parties for specialist topics.
Where these addresses do not belong to the bevoelkerungsschutztag.de domain, the processing of personal data does not fall under the responsibility of the BBK.
If you have any questions regarding the handling of your personal data by these third parties, please contact them directly.

3.3 Contact by letter

You can contact the BBK by post at the following address:

Federal Office of Civil Protection and Disaster Assistance
P.O. Box 1867
53008 Bonn
Germany

If you use postal mail as a means of contact, the data you provide (for example first name, last name, address, telephone number, subject, email address) as well as the information contained in the letter, which may include personal data you have provided, are stored and processed for the purpose of contacting you and processing your request.

3.4 Contact via telephone hotline

You can contact the BBK via the following hotline number:
+49 228 99 550-0

If you use the hotline as a means of contact, the data you provide (for example first name, last name, address, telephone number, subject, email address) as well as the information communicated during the call, which may include personal data you have provided, are stored and processed for the purpose of contacting you and processing your request.

3.5 Contact via contact form

If you use the contact form to communicate with us, it is necessary to provide your first and last name as well as your email address.
Without this information, your request submitted via the contact form cannot be processed.
Providing your postal address is optional and allows us, if you so wish, to process your request by post.

Please note that the processing of the data transmitted via the contact form and of the content, which may itself contain personal data provided by you, is carried out on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG for the purpose of processing your request.

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected.
For the personal data from the contact form, this is the case when the respective conversation with the user has ended.
The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and retention for possible follow‑up questions from the data subject is no longer necessary.

Retention of the data is determined by the retention periods applicable to records, as set out in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries (GGO).
Any additional personal data collected during the submission process are deleted at the latest after seven days.

4. Processing of personal data when using social media

The BBK maintains an online presence on social networks in order to inform users active on those platforms about the services and information offered by the BBK.
The BBK’s social media channels complement the BBK’s own web presence and offer citizens who prefer this form of information an alternative way of communicating.

The BBK operates, in particular, the following channels:

4.1 Operator of the social media profiles

Federal Office of Civil Protection and Disaster Assistance (BBK)
Provinzialstraße 93
53127 Bonn
Germany

Phone: +49 228 99 550-0
Email:

4.2 Legal basis for processing

The legal basis for processing data following interaction by users with content on the BBK’s social media profiles is Article 6(1)(e) GDPR in conjunction with Section 3 BDSG, and, where users have given consent, Article 6(1)(a) GDPR.

4.3 Purposes of data processing

Operating the BBK’s social media profiles is necessary for targeted and well‑balanced public relations work, recruitment, and crisis and emergency communication by the BBK.
The associated processing of your data when you visit these pages serves this purpose and therefore constitutes processing carried out in the public interest within the meaning of Article 6(1)(e) GDPR.

In 1977, the Federal Constitutional Court ruled that public relations work by the Federal Government is not only constitutionally permissible but also necessary, since democratic decision‑making requires informed citizens.
In a further decision in 1983, the Court confirmed this, provided that the Government communicates its policies in a factual, accurate, proportionate and restrained manner. Other court rulings have reached the same conclusion.

Statistical studies show that media usage and citizens’ information behaviour are changing.
An increasing number of population groups rely less on traditional information channels such as daily newspapers or television and instead use media that operate entirely or partly on the internet, in particular social media platforms, for information.

Through its public relations work, the BBK aims, among other things, to reach as many population groups as possible and to inform them within the scope of its constitutional mandate.
The BBK therefore uses social media platforms alongside other essential media channels.
Citizens thus have the opportunity to obtain information about the work of the BBK and to make contact via different channels, while receiving information of consistently high quality.

Further details about our services can be found on the BBK website at www.bbk.bund.de.

4.4 Facebook

4.4.1 Information about the Facebook page of the Federal Academy for Civil Protection and Civil Defence (BABZ)

For the information service offered here, the BBK uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Please note that you use this Facebook page and its functions under your own responsibility.
This applies in particular to the use of interactive features (for example, commenting, sharing, rating).

4.4.2 Processing of personal data by Facebook

When you visit the Facebook page of the BABZ, Facebook collects, among other things, your IP address and other information that is stored in the form of cookies on your computer.
This information is used to provide the BBK, as the operator of the Facebook page, with anonymised statistical information about the use of the Facebook page.

Facebook provides more detailed information on this at:
https://de-de.facebook.com/help/pages/insights

The data collected about you in this context are processed by Facebook Ltd. and may be transferred to countries outside the European Union.
Facebook explains which information it receives and how it is used in its data policy.
There you will also find information on how to contact Facebook and on the settings available to you for advertisements.

The data policy is available at:
https://de-de.facebook.com/about/privacy

Facebook’s full data policy can be found at:
https://de-de.facebook.com/full_data_use_policy

When you access a Facebook page, Facebook receives the IP address assigned to your device.
According to Facebook, this IP address is anonymised.
In addition, Facebook stores information about users’ devices (for example in the context of the “login alert” function).
This may enable Facebook to associate IP addresses with specific users.

If you are currently logged in to Facebook as a user, a cookie containing your Facebook ID is stored on your device.
This enables Facebook to track that you have visited this page and how you have used it.
This applies to all other Facebook pages as well.

Using Facebook buttons embedded in websites, Facebook can record your visits to those websites and associate them with your Facebook profile.
These data allow content or advertising to be tailored to you.

If you wish to avoid this, you should log out of Facebook or deactivate the “keep me logged in” function, delete the cookies present on your device and restart your browser.
This removes Facebook information that can directly identify you.
You can then use the Facebook fan page without your Facebook ID being disclosed.

If you use interactive features on the page (“Like”, commenting, sharing, sending messages, etc.), a Facebook login screen will appear.
Once you have logged in, Facebook will again be able to identify you as a user.

Information on how you can manage or delete information about you can be found on the following Facebook support pages:
https://de-de.facebook.com/about/privacy

According to its own statements, Facebook stores data until it is no longer needed to provide Facebook products and services or until the respective user account is deleted, whichever comes first.
The length of time depends on the circumstances of the individual case, including the type of data, why it is collected and processed, and relevant legal or operational storage requirements.
Further information on data retention is available at:
https://de-de.facebook.com/about/privacy

4.4.3 Facebook Page Insights

As part of its “Page Insights”, Facebook processes a range of personal data about visitors to pages for its own purposes.
This processing takes place regardless of whether visitors are logged into Facebook or whether they are members of the Facebook network.
Users who access Facebook pages without being registered or logged in also have the option, via a cookie banner set by Facebook, to influence the scope of data processing.

Facebook provides more information about cookies at:
https://www.facebook.com/policies/cookies

Page Insights consist of aggregated statistics generated from certain events logged by Facebook’s servers when people interact with pages and their associated content.
Page administrators themselves do not have access to the personal data processed as part of these events, but only to the aggregated, anonymised Page Insights.

Further information is available at:
https://www.facebook.com/legal/terms/page_controller_addendum

The BBK has deactivated Page Insights for the Facebook fan page of the BABZ.

4.4.4 Rights of data subjects

The Facebook fan page allows you to react to our posts and to comment on them.
Please carefully consider which personal data you share with us via our Facebook fan page.
If you wish to avoid Facebook processing personal data about you that you transmit to us, please contact us by other means.

Where personal data of users are processed, they are entitled, under the EU General Data Protection Regulation, in particular to the rights of access, rectification, objection, data portability and erasure.

Under the Page Insights Controller Addendum, Facebook Ireland has undertaken to respond to data subjects’ requests in accordance with the obligations assigned to Facebook under this addendum (available at:
https://www.facebook.com/legal/terms/page_controller_addendum).

Facebook provides further information on data subject rights here:
https://www.facebook.com/help/2069235856423257

Requests from users regarding data processing when visiting a Facebook fan page are forwarded by us to Facebook in accordance with the Page Insights addendum.
Users can find further information on their data subject rights at:
https://de-de.facebook.com/about/privacy

4.5 Instagram

4.5.1 Information about the Instagram page

Instagram is an online service for sharing photos and videos and is part of the Meta group (formerly Facebook).
For the information service offered here, the BBK uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The BBK points out that you use the Instagram page and its functions under your own responsibility.
This applies in particular to the use of interactive features (for example, commenting, rating).

4.5.2 Processing of personal data by Instagram

When you visit this Instagram page, Facebook collects, among other things, your IP address and other information stored in the form of cookies on your computer.
This information is used to provide the BBK, as the operator of the Instagram page, with anonymised statistical information about the use of the Instagram page.

The data collected about you in this context are processed by Facebook Ltd. and may be transferred to countries outside the European Union.
The details of which data Facebook processes and for what purposes, as well as your rights and settings to protect your privacy, are described in Instagram’s and Facebook’s privacy policie

When you visit the Instagram page, Facebook/Meta processes, among other things, your IP address and other information that is stored in the form of cookies on your device.
This information is used, for example, to provide the BBK, as the operator of the Instagram page, with anonymised statistical information on the use of the Instagram page (so‑called “Insights”).

The data collected about you in this context are processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union.
Which information Facebook/Instagram receives and how it is used is described in Instagram’s privacy policy and in the Meta (Facebook) Data Policy.
There you will also find information on contact options and on the settings you can use to protect your privacy.

Further information is available at, for example:

If you are currently logged in to Instagram, Instagram / Meta can associate your visit to our page with your account.
If you wish to avoid this, log out of Instagram before visiting our page, delete the cookies on your device and restart your browser.

The BBK has no influence on the type and scope of data processed by Instagram, the way in which they are processed and used, or the transfer of these data to third parties.
The BBK also has no effective control options in this respect.

Your rights as a data subject (in particular access, rectification, erasure, restriction of processing, objection and data portability) can in principle be asserted both against the BBK and against Instagram / Meta.
However, it is most effective to exercise your rights directly against Instagram / Meta, as only Instagram / Meta has full access to the user data.

4.6 X (formerly Twitter)

For the BBK’s presence on X (formerly Twitter), the technical platform and services of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, are used.
Please note that you use the X account and its functions under your own responsibility. This applies in particular to the use of interactive features (for example, replying, reposting, liking).

When you visit the BBK’s profile on X, X processes, among other things, your IP address and further information stored in the form of cookies on your device.
These data are used for statistical and advertising purposes and may be used to create user profiles.

The BBK has no control over the nature and scope of the data processed by X, the way in which they are processed and used, or the transfer of these data to third parties.
Information on what data X processes and for what purposes can be found in X’s privacy policy.

You can adjust your privacy settings in your X account.
If you wish to avoid X being able to associate your visit to our profile with your X account, log out of X before visiting our page, delete the cookies on your device and restart your browser.

4.7 YouTube

The BBK operates a YouTube channel and uses the technical platform and services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for this purpose.
You use the YouTube channel and its functions under your own responsibility. This applies in particular to interactive features (for example, commenting, sharing, liking).

When you visit the BBK YouTube channel, Google processes, among other things, your IP address and other information stored in the form of cookies on your device.
These data are used for statistical and advertising purposes and may be linked with other Google services and your Google account if you are logged in.

Information about what data Google processes and for what purposes can be found in Google’s privacy policy:
https://policies.google.com/privacy

If you wish to avoid Google being able to associate your visit to our channel with your Google account, log out of Google before visiting our channel, delete the cookies on your device and restart your browser.

4.8 LinkedIn

The BBK operates LinkedIn profiles and uses the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
You use the LinkedIn pages and their functions under your own responsibility. This applies in particular to interactive features (for example, commenting, sharing, following).

When you visit the BBK’s LinkedIn pages, LinkedIn processes, among other things, your IP address and other information stored in the form of cookies on your device.
These data are used for statistical and advertising purposes and may be linked with your LinkedIn profile, if you are logged in, in order to display personalised content.

Further details on data processing by LinkedIn can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy

If you wish to avoid LinkedIn being able to associate your visit to our profile with your LinkedIn account, log out of LinkedIn before visiting our page, delete the cookies on your device and restart your browser.

4.9 Alternative access to information without using social media

Alternatively, you can also access the information provided via the BBK’s social media channels on the BBK’s website at www.bbk.bund.de.

4.10 Further processing of personal data

Beyond this, the BBK, as the provider of this information service, does not collect or process any data resulting from your use of our social media offerings.

4.11 Further data protection information and contacting us

If you have any questions about our information services, you can reach us using the contact details provided above. Please read the data protection information before contacting us.

Further information about social networks and how you can protect your data can be found on the website of the Federal Office for Information Security (abbreviated in German as BSI):

https://bsi.bund.de/dok/sicherheitsoptionen

4.12 Joint responsibility and data subject rights in social media

For the processing of personal data in connection with visits to the respective social media pages, the BBK and the respective platform provider are, to a certain extent, joint controllers within the meaning of Article 26 GDPR (in particular with regard to the “Insights” statistics provided by the platforms).

In this context, the platform providers assume primary responsibility for data processing and the fulfilment of data subject rights.
You can assert your rights (access, rectification, erasure, restriction of processing, objection, data portability, and, where applicable, withdrawal of consent) both against the BBK and against the respective platform provider.

However, for reasons of efficiency and because only the platform providers have full access to the user data, it is generally advisable to exercise your rights directly with the respective platform provider.

Where we are able to support you in exercising your rights, we will of course do so.
If we receive requests that relate to data processing exclusively or primarily carried out by the platform provider, we will forward these requests to the platform provider in accordance with the applicable joint controller arrangements.

When using social media platforms, please carefully consider which personal data you share with us via these channels.
If you wish to avoid social media providers processing personal data about you in connection with your interaction with us, you can contact us via the alternative contact options listed in this privacy notice (website, email, contact form, post or telephone).

5. Processing of personal data in the context of providing information

The processing of personal data depends on the type of information provided.
We distinguish here between the provision of our newsletter, printed materials and informational visits to the BBK.

5.1 Visitors

The BBK regularly receives groups for informational visits and, on specific occasions, individual visitors.
In order to grant access to the premises of the BBK, the BBK must, for security reasons, collect the first and last names and dates of birth of the participants in advance of the visit for the fulfilment of its tasks (public relations and/or specialist work) in accordance with Article 6(1)(e) GDPR in conjunction with Section 3 BDSG.

Additional data such as institution, type of school, grade level, association or mobility restrictions are optional and serve to better prepare the visit to the BBK.
The processing of these data for the purpose of the specialist or informational visit is based on your consent pursuant to Article 6(1)(a) GDPR.
You may withdraw this consent at any time.
The lawfulness of processing carried out on the basis of your consent up to the time of withdrawal remains unaffected.

Due to its tasks and functions, the BBK is, according to the assessment of the security authorities, exposed to a generally high abstract risk.
There is therefore a correspondingly high need for protection for all persons present at the Federal Office.

For reasons related to internal procedures, the names and dates of birth of visitors are stored in an IT‑based (information technology) system.
Visitors who do not hold an official service ID card from a federal, state or municipal authority are, for the purpose of averting danger, checked by the Federal Police within the scope of its powers (Sections 23(5) and 34(1) of the Federal Police Act – BPolG).

By providing their personal data, visitors consent to the processing of these data for the above‑mentioned purpose.

6. Video surveillance

The premises of the BBK are monitored by a video surveillance system in the outdoor areas in order to exercise the right to control access to the premises and for the purposes of averting danger and prosecuting criminal offences.
Processing is carried out on the basis of Article 6(1)(e) GDPR in conjunction with Section 4 BDSG.

Image recording generally takes place continuously (24/7) in an automated manner.
The video stream is stored on internal file servers with specific access restrictions until storage capacity is reached; the oldest data are then overwritten.
Due to the recording quality, this cycle typically restarts after an average of 10 days.

Special provisions for video surveillance at the “Barbarastollen” site

The recordings are also transmitted to the alarm centre of:

Siba security service GmbH
Kronenstraße 28
79100 Freiburg
Germany
Phone: +49 761 7052‑712
Email:

There, they are stored for a maximum of 48 hours.

The following data are stored:

  • Video image without sound
  • Recording time
  • File name
  • File type
  • Size and date of creation
  • Client/owner

Video surveillance of the interior and exterior areas of the BBK premises is indicated by appropriate warning signs.

Right of access

Any person who claims to have been present within a monitored area during a specific period of time may request access to the relevant recordings, provided they are still available.
For this purpose, they may contact the BBK using the contact details provided above.

7. Your rights

In relation to the processing of your personal data by the BBK and the website www.bevoelkerungsschutztag.de, you have the following rights:

Right of access (Article 15 GDPR)

The right of access gives you comprehensive insight into the personal data concerning you and into other important information, such as the purposes of processing and the envisaged period for which the data will be stored.
The exceptions set out in Section 34 BDSG apply to this right.

Right to rectification (Article 16 GDPR)

The right to rectification allows you to have inaccurate personal data concerning you corrected and incomplete data completed.

Right to erasure (Article 17 GDPR)

The right to erasure allows you to request the deletion of your personal data by the controller.
This is possible in particular where the personal data concerning you are no longer necessary, are being processed unlawfully, or where a consent on which the processing was based has been withdrawn.
The exceptions set out in Section 35 BDSG apply to this right.

Right to restriction of processing (Article 18 GDPR)

The right to restriction of processing allows you to temporarily prevent further processing of your personal data.
Restriction typically applies for the duration of a review when you are exercising other rights (for example, when the accuracy of the data is contested).

Right to object to collection, processing and/or use (Article 21 GDPR)

The right to object allows you, on grounds relating to your particular situation, to object to the further processing of your personal data, insofar as the processing is justified by the performance of tasks carried out in the public interest or on the basis of public or private interests.
The exceptions set out in Section 36 BDSG apply to this right.

Right to data portability (Article 20 GDPR)

The right to data portability allows you to receive the personal data concerning you, which you have provided to the controller, in a commonly used, machine‑readable format, and to have those data transmitted to another controller, where applicable.
In accordance with Article 20(3), second sentence, GDPR, this right does not apply where the processing of data is carried out in the performance of a task carried out in the public interest.

Right to withdraw consent (Article 7(3) GDPR)

Where the processing of personal data is based on your consent, you may withdraw this consent at any time for the relevant purpose.
The lawfulness of processing carried out on the basis of your consent before its withdrawal remains unaffected.

You may exercise the above rights in writing using the contact details provided in section 1.

In addition, you have the right to lodge a complaint with the data protection supervisory authority pursuant to Article 77 GDPR.
The supervisory authority responsible is, in particular:

Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany

Phone: +49 228 99 77 99‑0

Email:

8. Changes to this privacy notice

In the course of further developments and the implementation of new technologies, it may become necessary to amend this privacy notice.
We therefore recommend that you read this privacy notice regularly.

Cookies