BGR Bundesanstalt für Geowissenschaften und Rohstoffe

Federal Institute for Geosciences and Natural Resources Privacy Policy

I. Name and address of the controller responsible for data processing and of the data protection officer

The controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR), other EU member state data protection laws and further data protection regulations is

The Federal Institute for Geosciences and Natural Resources (BGR)
Stilleweg 2
30655 Hannover
Deutschland
Tel.: +49 (0) 511-643-0
E-Mail: poststelle@bgr.de

You can contact the BGRʼs data protection officer at
Stilleweg 2
30655 Hannover
Deutschland
E-Mail: Datenschutz@bgr.de
Tel.: +49 (0) 511-643-3688

II. Data processing

  • General information
    We collect and process our usersʼ personal data only to the extent necessary to ensure the proper working of our website and to deliver our content and services. We process our usersʼ personal data only after they have consented to such processing. An exception is made in those cases in which it is not possible, for practical reasons, to obtain prior consent and the processing of such data is permissible by law. ‟Personal data” means all those data relating to you personally, for example your name, postal address, email address and user behaviour.
  • Provision of the website
    The use of this website is generally possible without disclosing personal information. In order to enable the delivery of the website to the user's computer, to optimise our website and for reasons of technical security, in particular to defend against attempted attacks, data that may allow identification is automatically stored for a limited period of time in a log file on the web servers of our web provider Informationstechnikzentrum Bund (ITZBund) when you visit the website. This involves the following data:

    • IP address
    • Date and time of access
    • pages viewed
    • document currently accessed
    • HTTP status code

    The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. e DSGVO in conjunction with § 5 BSI Act.

  • Web analysis and cookies
    Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. The legal basis is Art. 6 para. 1 lit. e DSGVO.
    Cookies are used on our website to facilitate navigation (session ID). These session cookies do not contain any personal data and expire at the end of the session. Techniques such as Java applets or Active-X controls, which make it possible to track the access behaviour of users, are not used.
    Of course, you can also use our website without cookies. Please note that in this case use is restricted. You can deactivate the storage of cookies in your browser, limit it to certain websites or set your brow
    The evaluation is carried ouser to notify you as soon as a cookie is sent.
  • Use of Matomo (formerly PIWIK)
    The evaluation is carried out with the open source web analysis service Matomo. If individual pages of our website are called up, the following data is stored:

    • two bytes of the IP address of the user's calling system (anonymous)
    • the website accessed
    • the website from which someone accessed the website (referrer)
    • the sub-pages accessed from the accessed website
    • the time spent on the website
    • the frequency with which the website is accessed

         

    Here, you can decide, whether it is allowed that a specific web analytic cookie can be stored in your browser, which enables the owner of the website to analyze different statistical data. If you do not want that, please chose the corresponding option, to store the Matomo-deactivation-cookie in your browser.

         
         

  • Email
    You have the option of contacting us by email. Personal data are only collected if you voluntarily notify us of these data in your email. In such cases we will store the personal data transmitted to us so that we can process and respond to your request. These data are not passed on to third parties.
    Point (a) of Article 6(1) of the GDPR forms the legal basis for the above.
    Processing of your personal data enables us to deal with your request.
    You may, at any time, withdraw your consent to personal data being stored. The email conversation will, however, then be discontinued. You can withdraw your consent by writing to the controller responsible for data processing either by post or email (see I. above for contact details).
  • Ordering materials and products
    You have the option of ordering various materials and products via our “Produktcenter”. Whenever you place an order, we will store your personal data (incl. email address, name and postal address) for the purposes of contractual correspondence and delivering the ordered materials or products.
    Point (b) of Article 6(1) of the GDPR forms the legal basis for the above.
    Personal data are processed for the purpose of order processing.
  • Newsletter and press distribution list
    You can register to receive our newsletter and to be put on our press distribution list. You will then receive up-to-date information, including on events, and press releases. When you register for the newsletter, the email address entered in the input mask will be transmitted to us. When you register to be put on the press distribution list we will be sent those personal data which you notified by email. The same applies when you register for our event newsletter.
    Registration for our newsletter is completed through what is known as the double opt-in procedure. This means that after you have registered we will send an email to the email address which you have notified us of. In that email you will be requested to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, this information will be blocked and automatically erased after one month. We will also store the IP addresses used and the times at which you registered and confirmed your registration. This is necessary in order to be able to provide proof of your registration and, where necessary, to investigate any possible misuse of your personal data. The stored email address is used only so that we can send out our newsletter. No personal data are passed on to third parties.
    Point (a) of Article 6(1) of the GDPR forms the legal basis for the above.
    You can, at any time, withdraw your consent to receive the newsletter and cancel your subscription. To withdraw your consent, simply click on the link included in each newsletter email or send an email to one of the addresses provided in I. above. Consent to receive press releases can also be withdrawn by post or email.
  • YouTube with enhanced data protection
    Our website embeds YouTube videos. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
    We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.
    As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
    Furthermore, after starting a video, YouTube may save various cookies on your end device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.
    If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no control.
    YouTube is used in the interest of an appealing presentation of our online offers. The processing is carried out on the basis of your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
    For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=en.
  • Audio and video conferences

    Telephone and video conferences are regularly conducted by the BGR via the Cisco WebEx Cloud service over the Internet. The provider of this service is Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany.
    For technical reasons, the transmission is temporarily stored by the service provider. At the end of the meeting, the recording is automatically deleted, unless the meeting organiser has activated a recording beforehand. The BGR does not use this function in the default settings and announces a recording in advance in individual cases.
    Data provided by you in advance (e.g. telephone number, email address) will be processed and stored for the purpose of inviting you to the telephone or video conference and for the traceability of the administrative process. We would like to point out that the processing of personal data is based on Article 6 Paragraph 1 lit. e DS-GVO in conjunction with Section 3 BDSG. There is a corresponding order processing agreement with the service provider Cisco in accordance with Art. 28 DS-GVO. Further information on the handling of personal data can be found in the data protection declaration of the order processor Cisco for the WebEx Cloud.

III. Retention period

A data subjectʼs personal data are erased or blocked as soon as the purpose of storage no longer applies. Personal data may, further, be stored where provided for by either the European or national legislature in Union regulations, laws or other directives to which the controller is subject. Data are also blocked or erased once the retention period provided for in the relevant data protection norms expires.
Data stored for the purpose of data processing are erased as soon as they are no longer needed to achieve the purpose for which they were collected. Those data which are recorded for the purpose of delivering our website are deleted once the session ends.

IV. Rights of data subject

Where personal data relating to you are processed, then you are the ‟data subject” within the meaning of the GDPR. In accordance with Article 15 et seqq. of the GDPR, you thus have the following rights vis-à-vis the controller:

  1. Right of access
    You have the right to obtain confirmation from the controller as to whether or not we are processing personal data relating to you. Where this is the case, you have the right to access to the personal data and to the following information:
    (1) The purposes for which your personal data are being processed;
    (2) The categories of personal data which are being processed;
    (3) The recipients or categories of recipients to whom your personal data have been or will be disclosed;
    (4) The envisaged period for which your personal data will be stored, or, if provision of this information is not possible, the criteria used to determine that period;
    (5) The existence of the right to request correction or erasure of your personal data or restriction of the processing of personal data by the controller, or to object to such processing;
    (6) The right to lodge a complaint with a supervisory authority;
    (7) Where the personal data are not collected from the data subject, any available information as to their source;
    (8) The existence of automated decision-making, including profiling, as defined in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processes for the data subject.
    You have the right to information about whether your personal data are being transmitted to a third country or to an international organisation. Where this is the case, you have the right to be informed about appropriate safeguards as set out in Article 46 of the GDPR relating to the transfer.
  2. Right to rectification
    You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller must rectify such data immediately.
  3. Right to restriction of processing
    You have the right to obtain restriction of the processing of your personal data where one of the following conditions applies
    (1) You contest the accuracy of the personal data relating to you for a period which enables the controller to verify the accuracy of the personal data;
    (2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
    (3) The controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise or defence of legal claims;
    (4) If you object to the processing in accordance with Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.
    Where processing of your personal data has been restricted, these personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or of a member state.
    Where processing has been restricted under one of the above conditions, you will be informed by the controller before the restriction is lifted.:
  4. Right to object
    You have the right, on grounds relating to your particular situation, at any time to object to the processing of personal data relating to you which is based on point (e) or point (f) of Article 6(1) of the GDPR; this also applies to profiling based on those provisions.
    The controller will no longer process your personal data unless compelling legitimate grounds for the processing can be demonstrated which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
    In the context of using information society services and notwithstanding Directive 2002/58/EC, you may exercise your right to object to automated means using technical specifications.
  5. Right to erasure
    5.1. Obligation to erase data
    You have the right to obtain from the controller the immediate erasure of personal data concerning you. The controller is obliged immediately to erase these data where one of the following grounds applies:
    (1) The personal data concerning you are no longer required for the purposes for which they were collected or otherwise processed;
    (2) You withdraw the consent on which the processing is based as set out in point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, or there is no other legal ground for the processing;
    (3) You object to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing as set out in Article 21(2) of the GDPR;
    (4) The personal data concerning you have been unlawfully processed;
    (5) The personal data concerning you have been erased to satisfy a legal obligation under EU or member state law to which the controller is subject;
    (6) The personal data concerning you have been collected in relation to the offer of information society services as set out in Article 8(1) of the GDPR.
    5.2. Notification to third parties
    If the controller has made your personal data public and is obliged, in accordance with Article 17(1) of the GDPR, to erase them, then the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers processing the personal data that you, the data subject, have requested such controllers to erase any links to or copies or replications of those personal data.
    5.3. Exceptions
    The right to erasure does not apply where the processing is necessary
    (1) to exercise the right of freedom of expression and information;
    (2) to satisfy a legal obligation which requires processing under EU or member state law to which the controller is subject or to perform a task carried out in the public interest or exercise official authority vested in the controller;
    (3) for reasons of public interest in the area of public health as set out in point (h) and point (i) of Article 9(2) and in Article 9(3) of the GDPR;
    (4) for archiving purposes which are in the public interest, scientific or historical research or for statistical purposes as set out in Article 89(1) of the GDPR in so far as the right referred to in 5.1 above is likely to render impossible or seriously impair the achievement of the objectives of that processing;
    (5) for the establishment, exercise or defence of legal claims.
  6. Right to notification
    Where you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be notified by the controller about who these recipients are.
  7. Right to data portability
    .You have the right to receive, in a structured, commonly used and machine-readable form, the personal data concerning you which you have provided to the controller. You also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data were originally provided, where
    (1) the processing is based on consent as defined in point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract as referred to in point (b) of Article 6(1) of the GDPR; and
    (2) the processing is carried out by automated means.
    Further, in exercising this right to data portability you have the right to have your personal data transmitted directly from one controller to another, where this is technically feasible. The rights and freedoms of other persons may not be adversely affected by such transmission.
    The right to data portability does not apply to the processing of personal data which is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in the controller.
  8. Right to lodge a complaint with a supervisory authority
    Irrespective of other administrative or judicial legal remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence or place of work or of the place of the alleged infringement if you are of the opinion that the processing of personal data relating to you infringes the GDPR.
    The supervisory authority with which the complaint has been lodged informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy as referred to in Article 78 of the GDPR.
  9. Right to withdraw consent
    You have the right at any time to withdraw your consent to the processing of your personal data. The withdrawal of consent does not affect the lawfulness of any processing based on consent before its withdrawal.

This Page: