Privacy statement

As the protection of your personal data is of great importance to the Federal Office of Civil Protection and Disaster Assistance (BBK), we will process your personal data only to the extent required. The services used by you and the tasks for which we need the data largely determine which data will be required and processed for which purpose and on what basis they will be collected and processed.

More detailed information as to which data will be collected for which purpose and on what basis, how you can contact the competent authority and the data protection officer and what rights you have with regard to the processing of your personal data is given in this privacy statement.

At the Federal Office of Civil Protection and Disaster Assistance, personal data is processed in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the Federal Data Protection Act.

1. Foundations

1.1 Competent authority and data protection officer

Responsible for the processing of your personal data is the:

Bundesamt für Bevölkerungsschutz und Katastrophenhilfe
(Federal Office of Civil Protection and Disaster Assistance)
Provinzialstraße 93
53127 Bonn
Phone: +49 22899 550-0
Fax: +49 22899 550-1620
E-mail: poststelle@bbk.bund.de

Should you have any specific questions relating to the protection of your personal data, please contact the data protection officer of the Federal Office of Civil Protection and Disaster Assistance:

Data protection officer at the Federal Office of Civil Protection and Disaster Assistance
Bundesamt für Bevölkerungsschutz und Katastrophenhilfe
(Federal Office of Civil Protection and Disaster Assistance)
Provinzialstraße 93
53127 Bonn
Phone: +49 22899 550-0
E-mail: datenschutzbeauftragter@bbk.bund.de

1.2 Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

1.3 Protection of minors

People under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request any personal data from children and adolescents. We do not knowingly collect such data or disclose them to third parties.

1.4 Legal basis for the processing of personal data

The Federal Office of Civil Protection and Disaster Assistance processes personal data when performing the public-service duties incumbent upon it. The public duties to be performed by the Federal Office of Civil Protection and Disaster Assistance include, in particular, public relations work, which encompasses, inter alia, provision of information to the public within the framework of this website. The legal basis for data processing in this context is Article 6(1)(e) of the European General Data Protection Regulation in conjunction with the corresponding national or European standard on duties to be performed or in conjunction with Section 3 of the Federal Data Protection Act. Insofar as processing of personal data should be necessary on a case-by-case basis to fulfil a legal obligation, Article 6(1)(c), EU GDPR, in conjunction with the relevant legislation that gives rise to the legal obligation, shall also serve as a legal basis.

In individual cases, Article 6(1)(b), EU GDPR also serves as the legal basis for processing of personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for the implementation of pre-contractual measures. The Federal Office of Civil Protection and Disaster Assistance acts as a contractual party pursuant to civil law in particular in the fields of personnel recruitment and procurement. Article 6(1)(d), EU GDPR shall serve as the legal basis should vital interests of the data subject or another natural person make it necessary to process personal data.

Pursuant to Article 6(1)(e), EU GDPR in connection with Section 5 of the Act on the Federal Office for Information Security (Gesetz über das Bundesamt für Sicherheit in der Informationstechnik, BSI-Gesetz), the Federal Office of Civil Protection and Disaster Assistance is obliged to store the data after your visit to help safeguard against attacks on the BBK’s internet infrastructure and the Federal Government’s communications technology. This data is analysed and can be used to initiate legal and criminal proceedings in the event of attacks on communications technology. The data is deleted as soon as it is no longer needed to perform the relevant tasks. Data recorded when accessing the BBK’s website will only be transmitted to third parties if we are legally obliged to provide such data or if such transmission of data is required for legal or criminal prosecution in the event of attacks on the Federal Government’s communications technology. Data is not transmitted in any other cases. The Federal Office of Civil Protection and Disaster Assistance does not merge this data with other data sources, for example to create user profiles.

1.5 Hosting (as part of commissioned data processing)

The hosting services we use from Profihost serve to provide the following services: Infrastructure and platform services, computing capacities, storage space and database services, security services and technical maintenance services which we use for the operation of this online service.

In this context, we and/or our data processor (Profihost) will process inventory data, contact data, content data, contract data, usage data, meta and communication data of the users of this online service on the basis of our legitimate interests in an efficient and secure provisioning of this online service in accordance with Article 6(1)(f) of the EU GDPR in conjunction with Article 28 (Processor) of the EU GDPR.

2 Data processing in connection with visits to this website

2.1 Access to www.warnung-der-bevoelkerung.de

• Data is temporarily stored and processed in a log file whenever the website www.warnung-der-bevoelkerung.de is accessed by a user and whenever a file is retrieved.
• The following data is stored for each access/retrieval:
• Date and time of retrieval (time stamp)
• Request details and destination address (protocol version, HTTP method, referrer, user agent string)
• Name of retrieved file and data volume transferred (requested URL including query string, size in bytes)
• Notification of whether the retrieval was successful (HTTP status code).
• Your IP address is not stored in this context. The log files are stored for 30 days on a server of the German Federal Information Technology Centre.

In accordance with Article 6(1)(e) of the European General Data Protection Regulation in connection with Section 5 and Section 4 paragraph 2 sentence 1 number 4 of the German Civil Defence and Disaster Relief Act (Zivilschutz- und Katastrophenhilfegesetz, ZSKG) and within the framework of the statutory task “Selbstschutz und Information der Bevölkerung” (Self-Protection and Information of the Population), we are authorised to process this data beyond the day of your visit. This data will be analysed and used for statistical, backup and optimisation purposes. Data recorded when accessing the website www.warnung-der-bevoelkerung.de will only be transmitted to third parties if we are legally obliged to do so. Data is not transmitted in any other cases. The Federal Office of Civil Protection and Disaster Assistance will not merge this data with other data sources.

In order to ensure maximum data security, we will protect your personal data with the utmost care and by means of technological procedures such as SSL encryption. SSL is the abbreviation for “Secure Sockets Layer” and describes an encryption procedure which is successfully used in the entire World Wide Web.

2.2 Use of technically necessary cookies

Cookies are used on the www.warnung-der-bevoelkerung.de website for technical purposes to ensure the secure and correct provision of this website. Cookies are small text files which are exchanged between the web browser and the hosting server. Cookies are stored on the user’s computer and transmitted from there to our website. You can restrict or generally prevent the use of cookies by selecting the appropriate setting on the web browser used. Cookies that have already been stored can be deleted at any time. If technically necessary cookies are deactivated for our website, this may prevent the full display or use of all of our website’s functions.

The legal basis for the use of technically necessary cookies is Article 6(1)(e) EU GDPR in conjunction with Section 25 paragraph 2 number 2 of the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG, German Telecommunications Telemedia Data Protection Act). According to this, the consent of the user is not required for the setting of technically necessary cookies.

The following – technically necessary – cookies are set:

• JSESSIONID: Cookie for the session management of the application server. Does not include personal data. Is not based on the IP address of the user or any other information which allows the identification of the actual user. Validity expires at the end of the current session. The session ID is only valid on the relevant server and is not synchronised on different server instances.
• AL-SESS-S/AL_LB: Cookie of the load balancer & reverse proxy in order to always forward requests of a user to the same server within one session. Serves exclusively the purpose of load distribution. Validity expires at the end of the current session.
• Cookie banner: Is set when the cookie banner is closed (click on “confirm selection” or “select all”). The value of the cookie is “closed”.

The above-mentioned cookies do not include personal data. The IP address or any other information which allows the identification of the actual user are not collected. The validity of the cookies used expires at the end of the current session and/or when the website is closed. Within the scope of specific website functions, additional cookies are used for the technical implementation of the services. This is necessary, among other things, for the brochure ordering service using the shopping cart function. These cookies are also valid only during the visit to the website.

3. Collection of personal data when users contact us

You can contact the staff of the Federal Office of Civil Protection and Disaster Assistance (BBK) by e-mail, contact form, letter or phone (hotline). We will store your data only for establishing contact and processing your request. The processing of personal data you have transmitted is necessary for the purpose of processing your request.

If you establish contact by using the contact possibilities described above, the (personal) data supplied by you and the contents (which may also include personal data supplied by you) will be processed on the basis of Article 6(1)(e) of the EU GDPR in conjunction with Section 3 of the German Federal Data Protection Act in order to handle your request. The storage of this data is governed by the statutory periods for retaining records laid down in the Federal Government’s Registry Directive (Registraturrichtlinie), which supplements the Common Rules of Procedure of the Federal Ministries (Gemeinsame Geschäftsordnung der Bundesministerien, GGO).

The processing of personal data depends on the method of contact as described below.

3.1 Contact by e-mail

Contact with the Federal Government/Länder ISF project can be established via the following e-mail address:
isf-blp-warnung@bbk.bund.de
If you contact us by e-mail, the data you have transmitted (e.g. last name, first name, address), but at least the e-mail address and the information contained in the e-mail (including any personal data you have transmitted), will be stored and processed in order to establish contact and to handle your request.

3.2 Contact by letter

Contact with the Federal Government/Länder ISF project “Warning of the Population” can be established via the following postal address:

Bundesamt für Bevölkerungsschutz und Katastrophenhilfe
(Federal Office of Civil Protection and Disaster Assistance)
ISF Bund-Länder-Projekt “Warnung der Bevölkerung”
(Federal Government/Länder ISF project “Warning of the Population”)
Postfach 1867
53008 Bonn

If you contact us by mail, the data you have transmitted (e.g. last name, first name, address, phone, subject, e-mail address) and the information contained in the letter (including any personal data you have transmitted) will be stored and processed in order to establish contact and to handle your request.

3.3 Contact by phone (hotline)

You can contact the Federal Office of Civil Protection and Disaster Assistance (BBK) via the following hotline number:

+49 22899 550-0

If you contact us via the hotline, the data you have transmitted (e.g. last name, first name, address, phone, subject, e-mail address) and the information communicated to us by phone (including any personal data you have transmitted) will be stored and processed in order to establish contact and to handle your request.

4. Your rights

You have the following rights vis-à-vis the Federal Office of Civil Protection and Disaster Assistance (BBK) and the website www.warnung-der-bevoelkerung.de, which is operated by the BBK, with regard to your personal data:

Right of access, Article 15 EU GDPR
With the right of access, the data subject has comprehensive access to the personal data concerning him or her and other important criteria, e.g. the purposes of the processing or the period for which the personal data will be stored. Exceptions to this right as stipulated in Section 34 of the German Federal Data Protection Act (BDSG) shall apply.

Right to rectification, Article 16 EU GDPR
The right to rectification entitles the data subject to obtain the rectification of inaccurate personal data concerning him or her.

Right to erasure, Article 17 EU GDPR
The right to erasure entitles the data subject to have the controller erase personal data. However, this is only possible if the personal data concerning the data subject are no longer necessary, have been unlawfully processed or the consent on which the processing is based is withdrawn. Exceptions to this right as stipulated in Section 35 of the German Federal Data Protection Act (BDSG) shall apply.

Right to restriction of processing, Article 18 EU GDPR
The right to restriction of processing entitles the data subject to provisionally prevent the further processing of the personal data concerning him or her. A restriction arises above all when the exercise of other rights by the data subject is being considered.

Right to object to collection, processing and/or use, Article 21 EU GDPR
The right to object entitles data subjects to object on grounds relating to their particular situation to further processing of their personal data, insofar as this is justified by the exercise of public functions or by public or private interests. Exceptions to this right as stipulated in Section 36 of the German Federal Data Protection Act (BDSG) shall apply.

Right to data portability, Article 20 EU GDPR
The right to data portability entitles the data subject to receive the personal data concerning him or her from the data controller in a commonly used, machine-readable format in order to potentially transmit it to another controller. According to Article 20(3)(2) of the EU GDPR, however, that right shall not apply to processing necessary for the performance of a task carried out in the public interest.

Right to withdraw consent, Article 7(3) EU GDPR
If the processing of personal data is subject to consent, the data subject shall have the right to withdraw this consent for the relevant purpose at any time. The lawfulness of processing based on the consent provided shall remain unaffected until the consent is withdrawn.
You can exercise the aforementioned rights in writing using the contact details listed under point 1.
Pursuant to Article 77 of the EU GDPR, you are also entitled to lodge a complaint with the data protection supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information.

5. Amendment of the privacy statement

In the course of the further development and implementation of new technologies, amendments of this privacy statement may become necessary. Therefore, we recommend that you regularly read through this privacy statement.

Last amended: 1 August 2023