The protection of your personal data during your visit to our website is very important to us. As a matter of principle, we collect as little personal data as absolutely necessary. Your data is protected in accordance with the statutory provisions.

The Bundeszentrale für gesundheitliche Aufklärung has taken technical and organisational measures to ensure that data protection regulations are observed.

The use of the contact data published on our website by third parties for sending unsolicited advertising and information material is hereby expressly prohibited. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information.

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the

Bundeszentrale für gesundheitliche Aufklärung (BZgA)
Maarweg 149 - 161
50825 Cologne
Germany
Tel.: 0221-8992-0
Email: poststelle(at)bzga.de
Website: www.bzga.de

The contact details of the BZgA's data protection officer are

Bundeszentrale für gesundheitliche Aufklärung
- Data Protection Officer
Maarweg 149 - 161
50825 Cologne
Germany
Tel.: 0221-8992-0
Email: datenschutzbeauftragter@bzga.de

1. scope of the processing of personal data
We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our authority is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or if it is necessary for the performance of a task carried out within the scope of the controller's responsibility or in the exercise of official authority vested in the controller, Art. 6 para. 1 lit. e GDPR in conjunction with Art. 3 Federal Data Protection Act (BDSG) serves as the legal basis. § Section 3 of the Federal Data Protection Act (BDSG) serves as the legal basis for processing.

3. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

1. description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
(1) Browser type and version
(2) Operating system used
(3) Website from which you visit us (referrer URL)
(4) Pages and files that you access on our website
(5) If applicable, the website that you visit after ours (when clicking on external links). the website you visit after ours (when clicking on an external link on our website)
(6) Date and time of your access
(7) The Internet Protocol (IP) address, anonymised in abbreviated form

The data is stored in the log files of our system. This data is not stored together with the user's personal data.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. § Section 3 BDSG.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of the storage of data in log files, this is the case after fourteen days at the latest. Storage beyond this period is possible. The IP addresses of the users are already anonymised during the writing of the log files, so that an assignment of the calling client is no longer possible.

5. Objection and removal option
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website.

1. description and scope of data processing
We use cookies to ensure basic functions of our website and to make it more user-friendly (technically necessary cookies).
If necessary, we may ask you for permission to set further cookies (cookies requiring consent). Some elements of our website require that the accessing browser can be identified even after a page change.

Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When users access a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

If we wish to set one or more cookies that require consent, you will be informed about the number, type and purpose of these cookies when you first visit our website and asked to consent to their use. For this purpose, an information text is displayed at the top or bottom of the browser window ("cookie notice"). This notice remains displayed until you have made a choice to accept or reject the cookies.

If only technically necessary cookies are used, no cookie notice will be displayed.

If the acceptance of cookies is activated in your browser (e.g. Internet Explorer, Mozilla, Opera), the following cookies are stored by our website.

Technically necessary cookies:
1 cookie when logging into a login area
1 cookie when calling up the video player to ensure barrier-free use

2.Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. a GDPR for the use of cookies requiring consent and Art. 6 para. 1 lit. e GDPR in conjunction with Art. 3 BDSG for the use of technically necessary cookies. § Section 3 BDSG.

3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.

The purpose of using analysis cookies is to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

The BZgA uses the web analysis tool "Matomo", which is operated on our own server, for optimisation purposes. Matomo is used in accordance with the recommendations of the Independent Centre for Data Protection in Schleswig-Holstein (ULD). The IP addresses are immediately anonymised by Matomo, making it impossible to identify visitors. The anonymous statistical data is stored separately from any personal data you may have provided and does not allow any conclusions to be drawn about a specific person.

4. Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted from there to our site. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

Storage duration of cookies:

• Cookie when calling up the video player to ensure barrier-free use: maximum 7 days
• Cookie for storing consent or rejection of web tracking (opt-out): maximum 365 days

You can delete all cookies manually or set your browser to automatically delete all cookies at the end of a session.

If the technically necessary cookies for our website are deleted, it may no longer be possible to use all functions of the website to their full extent.

1. description and scope of data processing

The BZgA uses the web analysis tool "Matomo" (formerly Piwik) to optimise its website. We use Matomo without the use of tracking cookies. We have deactivated the use of tracking cookies provided for in the basic configuration of Matomo to ensure a particularly data protection-friendly procedure.

The following data is stored using Matomo:

• 1 byte of the IP address of the user's accessing system
• Time and duration of the visit
• Pages and files accessed during the visit
• Website from which users accessed the website (referrer)
• Search terms used by users to access the website and search terms used in internal searches
• Access to external websites that are accessed via links on our site
• System information of users (operating system, browser, browser language set, device type, screen resolution)

Matomo runs exclusively on our own servers. The data collected during a website visit is only stored there. The IP addresses are immediately anonymised by Matomo, making it impossible to identify visitors. The anonymous statistical data is stored separately from any personal data you may have entered on the website and does not allow any conclusions to be drawn about a specific person.

2 Legal basis for data processing

The legal basis for the processing of the aforementioned data is Art. 6 para. 1 lit. e GDPR in conjunction with § 3 BDSG.

3 Purpose of the data processing

The processing of the aforementioned data enables us to analyse the surfing behaviour of users on our website. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to constantly improve the content and user-friendliness of our website so that users can access the information they need quickly and efficiently. The need to design the website in line with requirements also results from the obligation of public authorities to use budget funds economically within the scope of their statutory duties. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.

4 Duration of storage

The anonymous log data is deleted as soon as it is no longer required for our recording purposes. This is the case after 90 days. Thereafter, only the reports generated from it are processed.

5. objection and removal option
You have the option here to object to the recording of your visit for analysis purposes (opt-out). This sets a cookie in your browser that signals our system not to save the data of your visit to our website (see list under point VI 1.):

In addition, the "Do not track" function is activated in the BZgA's Matomo installation. If your browser supports this function and you have activated it in your browser settings, Matomo will not automatically collect any data.

1. description and scope of data processing
If you would like to order information material, we ask you to provide certain personal data. This may include company name, surname and first name, address, e-mail address and, if applicable, telephone number. You must be authorised to provide this personal data. We expressly point out that it is not permitted to place an order in someone else's name without the knowledge of the specified recipient. This violates our ordering conditions and constitutes misuse of our ordering system.

2. Legal basis for data processing
The legal basis for data processing is its necessity for the fulfilment of the contract concluded through the ordering process in accordance with Art. 6 para. 1 lit b GDPR.

3. Purpose of data processing
The data is stored and used for the purposes associated with the processing of media orders. In the event of misuse of our ordering system, we will use the data to prevent further cases of misuse and to clarify the cases. 
If you order the information materials offered, your personal data will be used within the BZgA and by the company commissioned to send the media (PVS DVG - Vertriebsgesellschaft GmbH, Birkenmaarstraße 8, 53340 Meckenheim). Your data will not be passed on to other third parties without your consent. We have taken technical and organisational measures to ensure that the data protection regulations are observed by us and the external service providers.

4. Duration of storage
The personal data provided for the purpose of ordering media will be stored for a period of 3 months after the order has been processed in full (i.e. until delivery has been completed and, if applicable, until payment obligations have been settled in full). This serves the purpose of being able to answer queries about the orders. After this period has expired, the personal data will be deleted.

5. Right of objection and removal
The processing of the data is absolutely necessary for the fulfilment of the contract in connection with the order process. 
 

1. description and scope of data processing
If you would like to receive the BZgA newsletter, we ask you to provide your e-mail address. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

2. Legal basis for data processing
The newsletter is sent on the basis of the user's registration on the website. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if consent has been given.

3. Purpose of data processing
The purpose of collecting user data is to deliver the newsletter.

4. Objection and cancellation options
The user can cancel their subscription to the newsletter at any time. There is a corresponding link in every newsletter for this purpose. In the event of cancellation, the personal data will be deleted immediately.

5. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the newsletter subscription is active.

The following individual services are included

• forums
• chats
• Further individual log-in areas
• Contact forms

1. description and scope of data processing
If you wish to register for other individual services (forums, chats, member areas, etc.), we will ask you to provide certain personal data. The data required by the BZgA to provide you with the relevant application or service will be requested. Depending on the application or service, data such as salutation, title, surname and first name, address and email address are collected. 

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

If you send an enquiry to the BZgA via the contact form or by email, your data will be used exclusively for correspondence with you.

Some of the correspondence is handled by the service providers Redaktionsteam kindergesundheit-info.de and HauptwegNebenwege GmbH, who have been commissioned by us to provide editorial support for this website. These service providers are bound by data protection regulations and will not use or pass on your data without authorisation.

2. Legal basis for data processing
The use of the individual services/log-in areas is based on the user's registration on the website. The legal basis for the processing of the data after registration for the individual services/log-in areas by the users is Art. 6 para. 1 lit. a GDPR if the users have given their consent.

3. Purpose of data processing
The collection of user data serves to enable the use of the individual services/log-in areas.

4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The personal data provided for the use of the individual services/log-in areas will be stored until the user unsubscribes from the respective service.

5. Objection and removal options
It is possible to unsubscribe from the individual services/log-in areas at any time. In the event of cancellation, the personal data will be deleted immediately.

The internet platforms of the social network offer a federal authority excellent opportunities for communication, networking and proximity to citizens. The BZgA has therefore decided to set up its own presences on Facebook, Instagram, Twitter, Google+ and YouTube. We would be delighted if you could also find out about our work there and exchange information with us.

We would like to take this opportunity to point out that the terms of use of the aforementioned services and their operators are not under the control of the BZgA. For our part, we will always handle your data with care, but accept no liability for the behaviour of the operators or third parties.

Social media services are often multi-level provider relationships in which the respective information or communication service is offered on a platform provided by third parties and in which user data is processed as part of the platform operator's own business purposes. This makes social media services difficult to understand from the user's perspective and often problematic from a legal perspective, particularly with regard to existing responsibilities.

Please therefore note that user data can be processed for market research and advertising purposes in the context of the use of social networks and platforms. User profiles can be created from the behaviour of users. Based on such user profiles, adverts can be placed within the social networks or platforms, for example, but also on third-party sites if necessary. For these purposes, cookies are often stored on users' computers, which are used to record user behaviour and interests. The BZgA has no influence on the data collection and its further use by the social networks. For example, the BZgA has no knowledge of the extent to which, where and for how long the data is stored, the extent to which the networks fulfil existing deletion obligations, which analyses and links are made with the data and to whom the data is passed on.

The BZgA takes the discussion about data protection in social networks very seriously. We are following the debate and the reviews by the responsible authorities and are constantly checking ourselves whether we can continue to operate our social media presence under the given data protection conditions.

In the meantime, we also ask you to carefully check which personal data you disclose as a social media user. Please also regularly check the settings in the social networks to protect your privacy.

The processing of personal data takes place on the basis of Art. 6 para. 1 sentence lit. e GDPR i.V.m. § 3 BDSG. Art. 6 para. 1 sentence 1 lit. a GDPR may also be relevant as a basis for processing if a user has consented to data processing by a provider of a social network or platform.

Detailed information about data processing in social networks or on platforms is provided by the respective providers. This also regularly includes information about the possibility of objecting to certain data processing operations, so-called opt-outs. In the case of requests for information and the assertion of user rights, these should be easiest to assert with the respective providers, as they have access to the users' data and can also take direct action in addition to providing information.

Please note the following information from the providers

- Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads
PrivacyShield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

- YouTube, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

- Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA: Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

- Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA Privacy Policy: http://instagram.com/about/legal/privacy/
Opt-Out: http://instagram.com/about/legal/privacy/

- WhatsApp, Inc, 1601 Willow Road, Menlo Park, California 94025, USA Privacy Policy: https://www.whatsapp.com/legal/#privacy-policy

- Snap Inc., 2772 Donald Douglas Loop N, Santa Monica, CA 90405, USA Privacy Policy: https://www.snap.com/de-DE/privacy/privacy-policy
Opt-Out: https://help.snapchat.com/hc/de/articles/7012345515796-Wie-%C3%A4ndere-ich-meine-Werbe-und-Interessenpr%C3%A4ferenzen-bei-Snapchat
Privacy Shield: https://help.snapchat.com/hc/de/articles/11399265637012-Deine-Datenschutz-Optionen-auf-Snapchat

The BZgA takes the discussion about data protection in social networks very seriously. We are following the debate and the reviews by the competent authorities and are constantly checking ourselves whether we can continue to operate our social media presence under the given data protection conditions.

In the meantime, we also ask you to carefully check which personal data you disclose as a social media user. Please also regularly check the settings on social networks to protect your privacy.

The BZgA uses so-called social plugins (e.g. Like button, Tweet button or others) on some websites, which you can use to share content via social networks. The BZgA uses technologies to protect your privacy that prevent data from being transferred to the social network providers as soon as you visit our website. Data is only transferred when you actively click on the respective plugin.

We would like to inform you about your rights under the GDPR as a "data subject". You have the following rights with regard to your personal data:

• Right of access (Art. 15 para. 1, 2 GDPR)
• Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
• Right to restriction of processing ("blocking", Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to the processing (Art. 21 GDPR)
• Right of cancellation (Art. 7 para. 3 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In addition, we summarise the key points of the rights of data subjects under the GDPR for you as follows, whereby this presentation does not claim to be exhaustive, but merely addresses the main features of the rights of data subjects under the GDPR:

1. right of access
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller

1. The purposes for which the personal data is processed;
2. the categories of personal data being processed
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
4. the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
6. the existence of a right to lodge a complaint with a supervisory authority
7. all available information about the origin of the data if the personal data is not collected from the data subject;

2. right to rectification
In accordance with Art. 16 GDPR, you have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete.

3. right to erasure
Under the conditions of Art. 17 GDPR, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase this data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
4. The personal data concerning you has been processed unlawfully.
5. The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

4. restriction of processing ("blocking")
Under the conditions of Art. 18 GDPR, you may request the restriction of the processing of personal data concerning you:

Where processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

5. right to data portability
Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
2. the processing is carried out by automated means.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

6. right to object
Under the conditions of Art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

7. right of revocation
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.