|
|
Line 5: |
Line 5: |
| We would like to point out that data transmissions via the Internet (e.g. communication by e-mail) can be insecure. Complete protection of data against access by third parties is not possible. | | We would like to point out that data transmissions via the Internet (e.g. communication by e-mail) can be insecure. Complete protection of data against access by third parties is not possible. |
|
| |
|
| ===1. Name and contact details of the controller=== | | ===Name and contact details of the controller=== |
|
| |
|
| German Federal Institute for Risk Assessment (BfR) | | German Federal Institute for Risk Assessment (BfR) |
Line 23: |
Line 23: |
| www.bfr.bund.de | | www.bfr.bund.de |
|
| |
|
| === 2. Contact details of the data protection officer=== | | ===Contact details of the data protection officer=== |
|
| |
|
| Janina Rochon | | Janina Rochon |
Line 37: |
Line 37: |
| E-Mail: dsb@bfr.bund.de | | E-Mail: dsb@bfr.bund.de |
|
| |
|
| ===3. Purposes and legal bases of the processing=== | | ===Purposes and legal bases of the processing=== |
|
| |
|
| The World Safety Almanac is made available online, as part of the task assigned to the BfR in the public interest. We are processing personal data to the extent, which is necessary on order to assure the correct functioning of this website. The legal basis for this processing is Art. 6 (1) e) GDPR in conjunction with § 2 BfR Law (BfRG). Insofar as BfR obtains the consent of the data subject for processing operations involving personal data, Art. 6 (1) a) GDPR serves as the legal basis. Should the processing be for the performance of a contract with you, Article 6 (1) b) GDPR serves as the legal basis in individual cases. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. | | The World Safety Almanac is made available online, as part of the task assigned to the BfR in the public interest. We are processing personal data to the extent, which is necessary on order to assure the correct functioning of this website. The legal basis for this processing is Art. 6 (1) e) GDPR in conjunction with § 2 BfR Law (BfRG). Insofar as BfR obtains the consent of the data subject for processing operations involving personal data, Art. 6 (1) a) GDPR serves as the legal basis. Should the processing be for the performance of a contract with you, Article 6 (1) b) GDPR serves as the legal basis in individual cases. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. |
|
| |
|
| === 4. Data collection on this website=== | | ===Data collection on this website=== |
|
| |
|
| In the course of providing the World Food Safety Almanac, we process the following categories of data: | | In the course of providing the World Food Safety Almanac, we process the following categories of data: |
| ld not work without them (e.g. registration or login to this website). | | ld not work without them (e.g. registration or login to this website). |
|
| |
|
| ===== a) Cookies ===== | | ===== Cookies ===== |
|
| |
|
| Our internet pages use so-called "cookies". Cookies are small blocks of data and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted once you close the web browser. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. | | Our internet pages use so-called "cookies". Cookies are small blocks of data and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted once you close the web browser. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser. |
Line 56: |
Line 56: |
| You can set your browser so that you are informed about the cookies and only allow cookies for specific instances or exclude the acceptance of cookies in general. Furthermore, you can activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. | | You can set your browser so that you are informed about the cookies and only allow cookies for specific instances or exclude the acceptance of cookies in general. Furthermore, you can activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. |
|
| |
|
| ===== b) Server log files ===== | | ===== Server log files ===== |
|
| |
|
| The hoster of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: | | The hoster of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: |
Line 76: |
Line 76: |
| Log files are automatically deleted after 14 days. | | Log files are automatically deleted after 14 days. |
|
| |
|
| ===== c) Inquiry by e-mail, telephone or fax ===== | | ===== Inquiry by e-mail, telephone or fax ===== |
|
| |
|
| If you contact us by e-mail, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of answering your request. We will not share this data without your consent. | | If you contact us by e-mail, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of answering your request. We will not share this data without your consent. |
Line 84: |
Line 84: |
| The data you send to us via contact requests will be stored until you request its deletion, revoke your consent or the purpose for storing the data no longer applies (e.g. once your request has been answered). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. | | The data you send to us via contact requests will be stored until you request its deletion, revoke your consent or the purpose for storing the data no longer applies (e.g. once your request has been answered). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. |
|
| |
|
| ===== d) User accounts ===== | | ===== User accounts ===== |
|
| |
|
| User accounts are created and assigned by the BfR. The user name, e-mail address and the name of the institution are stored. | | User accounts are created and assigned by the BfR. The user name, e-mail address and the name of the institution are stored. |
Line 94: |
Line 94: |
| The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected. | | The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected. |
|
| |
|
| ===5. Source of data=== | | ===Source of data=== |
|
| |
|
| The personal data, which we process, is being collected directly from you, where you send us an inquiry or request a user account. | | The personal data, which we process, is being collected directly from you, where you send us an inquiry or request a user account. |
Line 100: |
Line 100: |
| Other data is collected automatically by our IT systems or after obtaining your consent when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). | | Other data is collected automatically by our IT systems or after obtaining your consent when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). |
|
| |
|
| ===6. Recipients or categories of recipients of the personal data=== | | ===Recipients or categories of recipients of the personal data=== |
|
| |
|
| We use a data processor to host this website (hoster). The personal data collected on this website is stored on the hoster's servers. The hoster is commissioned in order to assure the correct functioning of the online World Food Safety Almanac (Art. 6 (1) e) GDPR). Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. | | We use a data processor to host this website (hoster). The personal data collected on this website is stored on the hoster's servers. The hoster is commissioned in order to assure the correct functioning of the online World Food Safety Almanac (Art. 6 (1) e) GDPR). Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data. |
Line 114: |
Line 114: |
| We have concluded a data processing agreement in accordance with Art. 28 GDPR with the provider. | | We have concluded a data processing agreement in accordance with Art. 28 GDPR with the provider. |
|
| |
|
| ===7. Transfer of personal data to a third country=== | | ===Transfer of personal data to a third country=== |
|
| |
|
| Your personal data will not be transferred to a third country or to any international organisation. | | Your personal data will not be transferred to a third country or to any international organisation. |
|
| |
|
| ===8. Duration of the storage of personal data=== | | ===Duration of the storage of personal data=== |
|
| |
|
| Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you request its deletion or revoke your consent, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply. | | Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you request its deletion or revoke your consent, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply. |
|
| |
|
| ===9. Data subject rights=== | | ===Data subject rights=== |
|
| |
|
| You have the following rights vis-à-vis the BfR with regard to personal data concerning you: | | You have the following rights vis-à-vis the BfR with regard to personal data concerning you: |
Line 141: |
Line 141: |
| You can also contact the BfR Data Protection Officer (dsb@bfr.bund.de) with questions and complaints. | | You can also contact the BfR Data Protection Officer (dsb@bfr.bund.de) with questions and complaints. |
|
| |
|
| ===10. Right of appeal to the supervisory authority=== | | ===Right of appeal to the supervisory authority=== |
|
| |
|
| Pursuant to Art. 77 DS-GVO in conjunction with. § 19 BDSG, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. The address of our competent supervisory authority is: | | Pursuant to Art. 77 DS-GVO in conjunction with. § 19 BDSG, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. The address of our competent supervisory authority is: |
Line 157: |
Line 157: |
| E-Mail: poststelle@bfdi.bund.de | | E-Mail: poststelle@bfdi.bund.de |
|
| |
|
| ===11. Existence of automated decision making including profiling=== | | ===Existence of automated decision making including profiling=== |
| | | |
| Your personal data is not subject to fully automated decision-making, including profiling referred to in Art. 22 GDPR. | | Your personal data is not subject to fully automated decision-making, including profiling referred to in Art. 22 GDPR. |