Difference between revisions of "Privacy Policy"

From World Food Safety Almanac
Jump to navigation Jump to search
(Created page with "<translate> <!--T:74--> <languages/> <!--T:1--> The operator of this page takes the protection and confidentiality of your personal data very seriously. Your personal data i...")
 
(No difference)

Latest revision as of 14:25, 9 March 2022

Other languages:
English

The operator of this page takes the protection and confidentiality of your personal data very seriously. Your personal data is being processed in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and any other relevant statutory provisions.

When you use this website, personal data is collected. Personal data is any data relating to an identified or identifiable natural person. This privacy policy explains what data we process, how and for what purpose.

We would like to point out that data transmissions via the internet (e.g. communication by e-mail) can be insecure. Complete protection of data against access by third parties is not possible.

Name and contact details of the controller

German Federal Institute for Risk Assessment (BfR)

Max-Dohrn-Str. 8-10
10589 Berlin
Germany

Tel.: +49 (0) 30-18412-0
Fax: +49 (0) 30-18412-99099
E-mail: poststelle@bfr.bund.de
www.bfr.bund.de

Contact details of the data protection officer

Janina Rochon

Max-Dohrn-Str. 8-10
10589 Berlin
Germany

Tel.: +49 (0) 30-18412-31002
E-mail: dsb@bfr.bund.de

Purposes and legal bases of the processing

The World Food Safety Almanac is made available online, as part of the task assigned to the BfR in the public interest. We are processing personal data to the extent necessary in order to assure the correct functioning of this website. The legal basis for this processing is Art. 6 (1) e) GDPR in conjunction with § 2 BfR Law (BfRG). Insofar as BfR obtains the consent of the data subject for processing operations involving personal data, Art. 6 (1) a) GDPR serves as the legal basis. Should the processing be for the performance of a contract with you, Article 6 (1) b) GDPR serves as the legal basis in individual cases. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Data collection on this website

In the course of providing the World Food Safety Almanac, we process the following categories of data:

Cookies

Our internet pages use so-called "cookies". Cookies are small blocks of data and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted once you close the web browser. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. registration or login to this website).

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for logging in) are stored on the basis of Art. (1) e) GDPR in conjunction with § 2 Para. 3 No. 12 BfRG, in the context of public relations work for audience-oriented provision of information, unless another legal basis is specified.

You can set your browser so that you are informed about the cookies and only allow cookies for specific instances or exclude the acceptance of cookies in general. Furthermore, you can activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Server log files

The hoster of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address

This information is not being matched or combined with other datasets. When using this information, the BfR does not draw any conclusions about the data subject. Rather, this information is required in order

  • to deliver the contents of our website correctly,
  • to optimize the contents of our website,
  • to ensure the functionality of our IT systems and the technology of our website.

Log files are automatically deleted after 14 days.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all personal data arising from it (name, enquiry) will be stored and processed by us for the purpose of answering your request. We will not share this data without your consent.

The processing of this data is based on Art. 6 (1) b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on the performance of the tasks assigned to the BfR in the public interest (Art. 6 (1) e) GDPR) or on your consent (Art. 6 (1) a) GDPR) where it has been provided by you.

The data you send to us via contact requests will be stored until you request its deletion, revoke your consent or the purpose for storing the data no longer applies (e.g. once your request has been answered). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

User accounts

User accounts are created and assigned by the BfR. The user name, e-mail address and the name of the institution are stored.

On the website, there is the possibility to request access. We use data, entered in the request access form, in order to review the request and, if accepted, to create a user account. The mandatory information requested during registration (user name, e-mail address, institution) must be provided. Otherwise, the application for a user account cannot be processed.

The data collected when applying for a user account is processed for the purpose of providing the World Food Safety Almanac.

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

Source of data

The personal data, which we process, is being collected directly from you, when you send us an inquiry or request a user account.

Other data is collected automatically by our IT systems or after obtaining your consent when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view).

Recipients or categories of recipients of the personal data

We use a data processor to host this website (hoster). The personal data collected on this website is stored on the hoster's servers. The hoster is commissioned in order to assure the correct functioning of the online World Food Safety Almanac (Art. 6 (1) e) GDPR). Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

We work with the following hoster:

Hosting Rhine Neckar

Turleyplatz 12
68167 Mannheim
Germany

We have concluded a data processing agreement in accordance with Art. 28 GDPR with the provider.

Transfer of personal data to a third country

Your personal data will not be transferred to a third country or to any international organisation.

Duration of the storage of personal data

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you request its deletion or revoke your consent, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

Data subject rights

You have the following rights vis-à-vis the BfR with regard to personal data concerning you:

  • the right to information according to Art. 15 DSGVO,
  • the right to rectification according to Art. 16 DSGVO,
  • the right to erasure according to Art. 17 DSGVO,
  • the right to restrict processing in accordance with Art. 18 DSGVO,
  • the right to object from Art. 21 DSGVO
  • as well as the right to data portability from Art. 20 DSGVO.

The restrictions according to §§ 34 and 35 BDSG apply to the right of information and the right of deletion.

You can revoke your consent at any time with effect for the future. The lawfulness of the processing carried out before the revocation shall not affected by this.

You can assert the aforementioned rights at poststelle@bfr.bund.de or by post at the BfR postal address given at the beginning.

You can also contact the BfR Data Protection Officer (dsb@bfr.bund.de) with questions and complaints.

Right of appeal to the supervisory authority

Pursuant to Art. 77 DS-GVO in conjunction with § 19 BDSG, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. The address of our competent supervisory authority is:

The Federal Commissioner for Data Protection and Freedom of Information

Graurheindorfer Str. 153
53117 Bonn
Germany

Tel.: +49 (0) 228-997799-0
Fax: +49 (0) 228-997799-5550
E-mail: poststelle@bfdi.bund.de

Existence of automated decision-making, including profiling

Your personal data is not subject to fully automated decision-making, including profiling referred to in Art. 22 GDPR.