The Federal Ministry of Health (BMG) takes the protection of your personal data very seriously. That is why we have taken measures to ensure that the data protection provisions are not only adhered to by us, but also by our external service providers.
Personal data refers to any information relating to an identified or identifiable natural person. A natural person is considered identifiable, if they can be identified directly or indirectly, particularly through attribution to an identifier, such as a name, an ID number, location data or an online name.
Responsible for the processing of personal data is the
Bundesministerium für Gesundheit (Federal Ministry of Health)
Phone: +49 (0)228 99441-0
German email: poststelle(at)bundesgesundheitsministerium.de-mail.de
The Federal Ministry of Health’s Data Protection Officer is also available to provide answers to specific questions about the protection of your data as well as any additional information regarding how personal data is handled at the Federal Ministry of Health.
Bundesministerium für Gesundheit
- Datenschutzbeauftragte -
Any access to the Federal Ministry of Health’s online presence as well as any file access is stored and processed in a protocol file over a limited period of time for the exclusive purpose of protection and tracking security-related access.
The protocol file contains details regarding:
- The IP address used
- The name of the page/file accessed
- Date and time of data transmission
- Report on whether data retrieval was successful.
We are obligated under Article 6 (1) letter e) of the EU’s General Data Protection Regulation (GDPR) in conjunction with section 5 of the Act on the Federal Office for Information Security (BSI) to store data beyond the duration of your visit. This is intended to protect against attacks on the BMG’s internet infrastructure/the Federal Government’s communications technology. This data is analysed and needed to initiate legal action or criminal prosecution in case of attacks on our communications technology.
This data is stored in form of log files beyond the duration of your visit not only with us, but also on external servers, our service providers “Mittwald CM Service GmbH & Co. KG” and the “Hundertserver GmbH”.
Our website uses the services of Myra Security GmbH (DE), Landsberger Str. 187, 80687 Munich. The purpose of the service is for secure encrypted data transmission on the Internet (SSL), to improve worldwide website performance through the Myra Content Delivery Network (CDN) and to improve security and protection against hacker attacks through the Myra Hyperscale Web Application Firewall (WAF). Since we care a lot about your privacy, we've chosen Myra as a German IT security provider, that meets the high GDPR standards reliably, when processing your data. The legal basis for data processing is therefore our legitimate interest pursuant to Art. 6 para. 1 lit. e GDPR. The service is mandatory for the technical security of our website. More detailed information about GDPR and Myra Security can be found on the GDPR pages of Myra Security: https://www.myrasecurity.com/en/privacy-policy/
Contact by email
Contact by letter
Bonn Office: Bundesministerium für Gesundheit, 53107 Bonn
Berlin Office: Bundesministerium für Gesundheit, 11055 Berlin
Contact by phone or fax
Federal Ministry of Health
Phone.: +49(0)228/99441-0 or. +49(0)30/18441-0
Fax: +49(0)228/99441-4900 or +49(0)30/18441-4900
Should you contact the Federal Ministry of Health in writing by way of one of the aforementioned channels, then your transmitted data (e.g. surname, first name, address and/or email address) as well as the information contained within the message itself (such as personal data you might share) will be stored for the purposes of contacting you and processing your request in accordance with the statutory periods for retaining written records as set by the Registry Directive, which complements the Joint Rules of Procedure of the Federal Ministries (GGO).
Should you contact us by telephone, generally no personal data is recorded, unless this is needed in order to process your request (call back, written message).
The data is processed on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the German Federal Data Protection Act (BDSG) and is required to fulfil the tasks.
Please note that your data will be processed on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the BDSG to carry out the BMG’s responsibilities. To process your request, it is necessary for us to process the personal data you have transmitted to us.
If you use this contact form for communication, you need to provide your surname and first name, your post code and your email address. Without this data, we cannot process the request you sent us via the contact form. Providing additional address information is optional and enables us to process, if you so wish, your request by post.
Optional information will be processed on the basis of your consent pursuant to Article 6 (1) letter a) of the GDPR.
You can withdraw your consent at any time. The lawfulness of processing based on your consent remains unaffected until such time as a withdrawal of your consent is received.
In order to respond to telephone, electronic or written requests from the public, the Federal Ministry of Health has engaged the services of the Telemark Rostock Kommunikations- und Marketinggesellschaft mbH (Telemark Rostock), a multimedia communications centre. Telemark Rostock collects, processes and uses personal data exclusively within the limits prescribed in the GDPR and the Federal Data Protection Act (BDSG). It has taken a range of technical and organisational measures to ensure compliance with the legal regulations.
This equally applies to the service providers engaged in the context of processing (more information available under the “Processors” section).
Contact by web conference
Data collected during web conference
If you contact us by web conference, the following details are collected:
- Event title and meeting room name.
- Date and time of event.
- Account of organiser (email address and name) and
- Name of the participant, which can be freely selected by the participant (e.g. an anonymous username may be used).
- Participants’ time of entry/exit.
- When participating via telephone, the telephone number where available.
- Line parameters for video and audio (roundtrip time, latency, package loss, jitter)
- When participating via an external VC system:
- IP address of the VC system,
- By browser or app, depending on the participant’s user settings, additional data is stored:
- the IP address,
- System identifier (type of browser, operating system)
Additional legal information
- Legal basis
The processing needed to carry out the web conferences is conducted on the basis of Article 6 (1) letter e) of the GDPR (performance of tasks carried out in the public interest).
Logging personal data serves to detect and eliminate disruptions and misuse. It is necessary to ensure the network and information security and is therefore a legitimate interest of the Federal Ministry of Health.
- Data transfer
As a rule, personal data is not transmitted to third parties. Access to available data is reserved exclusively to employees of the Federal Ministry of Health who have been tasked with the support of this service. Where required, pursuant to section 5 (1) sentence 4 of the Act on the Federal Office for Information Security, the Federal Ministry of Health does, however, provide the Federal Office for Information Security (BSI) with traffic data, which is anonymised before transmission.
- Storage period
Logging data is deleted or overwritten after 90 days at the latest. This retention period is needed to be able to perform a debugging operation in case of error or misuse.
- Technical-organisational measures
Es wird eine zertifikatsbasierte Verschlüsselung der Transportschicht (TLS) verwendet. Certificate-based transport layer security (TLS) is used. Depending on the type of event, participants can freely select whether, for instance, to switch off the microphone and/or camera, or only to participate by telephone (in other words just sound without video) and also whether to display a name.
- Your rights as a data subject
With respect to personal data that concerns you, you have the following rights vis-a-vis the Federal Ministry of Health: The right to information, rectification, erasure, restriction of processing, data portability, objection and file complaints. Additional details are available under "Your rights".
The processing of personal data depends on the type of information provision. Here we differentiate between the provision of printed materials and information-gathering visits to the BMG.
If you order brochures, reports, leaflets or other printed materials via this website, the data provided in the order form (shopping basket) to carry out the pre-contractual measures or to fulfil the contract (provision of printed materials) is processed according to Article 6 (1) letter b) of the GDPR.
To process your order, the following personal data must be provided:
- Form of address,
- Surname, first name
- Street, house no
- Post code and city
In case the previously indicated data is not available, it will not be possible to process the order.
Provision of additional information such as institution, department, country and email address are voluntary, but serve to better process the order.
This is processed as part of the ordering process by the service providers commissioned by the Federal Ministry of Health, “IBRo Versandservice GmbH” and “GVP Bonn-Rhein-Sieg gGmbH”.
Your data is retained by the service provider for a duration of three months following your order. Upon expiry of this time, your data will be fully anonymised. Should it not be possible to process your order on account of supply shortages, then your data will be retained until the order is completed. This retention period may last over three months. Insofar as the order cannot be completed solely by us, the data you have provided is passed onto third parties (shipping company, potentially other authorities or institutions, in case they send out the ordered materials).
It is possible to subscribe to selected publications of the Federal Ministry of Health. The data which you enter for the subscription is processed on the basis of your consent pursuant to Article 6 (1) letter a) of the GDPR. You can withdraw your consent at any time. The lawfulness of processing on the basis of your consent remains unaffected until such time as it is withdrawn.
To process your order, the following personal data must be provided:
- Form of address,
- Surname, first name
- Street, house no
- Post code and city,
- Email address
- Requested order size
Your data will be stored by the service providers commissioned by the Federal Ministry of Health, “IBRo Versandservice GmbH“ and “GVP Bonn-Rhein-Sieg gGmbH” for the purpose of processing until such time as consent is withdrawn (unsubscribing). To process order requests, it is necessary to regularly check the data you have entered, above all the order size. To do so, BMG staff will view the data. Here no data is transmitted to third parties.
The BMG regularly receives groups for the purpose of information and discussion. When contacting the BMG via the email address Besucherdienstinland(at)bmg.bund.de, please provide your first name and surname as well as your email address. Without this data, we cannot process your request.
During the initial contact, additional information, such as institution, address data, telephone/fax number, group structure and impairments are optional. These serve to enable better planning of the visit and/or to contact you by other means (phone, letter).
In the further course, you will receive an email from the Federal Ministry of Health regarding a possible date and confirmation of your request. This email also asks you to enter additional personal data concerning the people who will be participating in the visit.
- the form of address,
- first and surname as well as
- the birth date of the participant
are required to facilitate coordination of the visit to the BMG.
Additional data, such as:
- school type, school grade,
- club as well as
- mobility impairments
are optional and enable better preparation for your visit to the BMG.
Processing of the personal data you have provided is carried out in order to fulfil the task of public relations pursuant to Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act (BDSG). Following a visit to the Federal Ministry of Health or after the date of a scheduled visit that was cancelled, the data is completely erased at the end of that same year.
For good order, the Federal Ministry would like to draw attention to the fact that it is the legal responsibility of the person(s) carrying out the registration to ensure that the requested personal data of participants may be transmitted to the Federal Ministry of Health.
We utilise external service providers (processors) e.g. to send out publications and the newsletter. Separate agreements on order processing have been concluded with the service providers so as to ensure the protection of your personal data.
We collaborate with the following service providers:
Scholz & Friends GmbH
THE BRETTINGHAMS GmbH
coding. powerful. systems. CPS GmbH
Cosmonauts & Kings GmbH
Some sections of the BMG’s online presence enable you to provide voluntary personal data. The (personal) data transmitted is stored and used exclusively for the purpose you intended when providing them. It will not be passed on to third parties.
Automatically stored logging data (see access to the online presence) is deleted after a limited period of time.
Cookies are small text files, which are stored when calling up particular sites or functions on your computer.
A prerequisite for storage is that you have cookies activated in your browser settings (e.g. Microsoft Edge, Internet Explorer, Mozilla Firefox, Opera, Apple Safari).
The BMG’s online presence is largely usable without activating cookies in your browser settings. Cookies only need to be activated in your browser when using the shopping basket to order information material. In this connection, a cookie referred to as a “session cookie” is set, which is automatically deleted from your computer once the browser session is closed. This is carried out on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the BDSG to provide needs-based online information on the tasks conferred to the Federal Ministry of Health.
Additionally, when calling up the website of the Federal Ministry of Health, solely the essential cookies are stored/accessed on your end device. Furthermore, the session cookies used on this page do not contain any personal data.
To ensure a needs-based design and for optimisation purposes, the Federal Ministry of Health analyses the usage of this website on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 3 of the German Federal Data Protection Act (BDSG) using the open-source web-analytics platform Matomo. Here the information from the log files is used and anonymised, before the information is used for usage analysis.
To embed videos, the site uses external services that are outside the BMG’s control. When watching a video, these services autonomously store and process their users’ personal data (e.g. IP addresses). Data may also be stored on your end device or data stored there accessed.
We embed these videos using a two-click solution. A direct connection between the service and the user is only established when the user actively clicks on the video to start it, thus giving consent (Article 6 (1) letter a) of the GDPR). User data is not automatically transmitted to the operators of these platforms. Personal data concerning your visit is processed by the operators when you watch the video. Fundamentally, it is the same as following a link to their services. Further information can be found in the service providers’ data privacy policies.
We work with the following providers:
The social media internet platforms provide a federal authority with excellent opportunities to communicate, network and actively engage with citizens. The Federal Ministry of Health has therefore decided to set up its own online presences on Facebook, Instagram, Twitter, LinkedIn and YouTube. To provide information about the coronavirus, the Federal Ministry of Health is additionally also represented on TikTok and Telegram. Feel free to also inform yourself on our work and exchange ideas with us there.
In addition, we expressly note that the operators of the social networks that we use for communication permanently store data outside of Germany and for commercial purposes. The extent and duration to which the data is stored cannot be ascertained by us.
The Federal Ministry of Health takes the discussion around data privacy in social networks very seriously. We are following the debate and the investigations by the competent authorities and examine on an ongoing basis ourselves whether we can continue to run our social media presences under the prevailing conditions relating to data privacy.
Until further notice, we would ask you to carefully check what specific personal data you are revealing as a social media user. Please also regularly check the settings in your social media to protect your privacy.
For the information service provided here, the Federal Ministry of Health utilises the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.
Please note that you are using this Facebook page and its features under your own responsibility. This applies especially to the use of interactive features (e.g. commenting, sharing, liking). Alternatively, you can also call up the information we have available about this site at our website.
When visiting our Facebook page, Facebook collects information such as your IP address as well as additional information on your computer in form of cookies. This information is used to provide us as the operator of these Facebook pages with statistical data concerning the use of the Facebook page. Additional relevant information is provided by Facebook via this link.
The data collected on you in this connection is processed by Facebook Ltd. and where relevant transmitted to countries outside of the European Union. What information Facebook collects and how it employs this is explained by Facebook in a general manner in its data usage policies. There you will also find information on how to contact Facebook as well as settings on advertising. The data usage policies can be found here.
Facebook’s full data policies can be found here.
How Facebook uses the data collected when visiting Facebook pages for its own purposes, to what extent activities on the Facebook page are traced to individual users, how long Facebook stores this data and whether data from visiting a Facebook page is relayed on to third parties is not conclusively or clearly indicated or known to us.
When accessing a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to information provided by Facebook, this IP address is anonymised (in case of “German” IP addresses) and deleted after 90 days. Furthermore, Facebook stores information about the users’ end devices (e.g. as part of the “login notification” feature) and may thereby potentially be able to trace IP addresses back to individual users.
When you, as a user, log in on Facebook, a cookie is placed on your end device with your Facebook name. This enables Facebook to reconstruct your visit to this page and how you have used it. This applies to all other Facebook pages. It is possible for Facebook to track your visits to these websites and trace them back to your user profile using Facebook buttons that are integrated in these websites. This data enables content and ads to be tailored to you.
If you wish to avoid this, you should log out of Facebook and/or deactivate the feature “remain logged on”, delete the cookies stored on your device and then close down and restart your browser. This deletes Facebook data through which you can be identified directly. This allows you to use our Facebook page without revealing your Facebook name. When you access interactive features of this page (liking, commenting, sharing, messaging etc.), a Facebook log-in page will appear. After a log-in, you will once more be visible as a distinct user to Facebook.
Information on how to manage or delete the information concerning you can be found on these Facebook support pages.
As providers of this information service, we do not collect or process additional data on your usage of our service.
Information on the data protection risks of social media services from a legal perspective
Social media services are often multilevel service provider relationships, wherein the respective information or communication service is offered on a platform, provided by third parties and where the users' data is processed in the context of the platform operators' own business purposes. This makes social media services non-transparent from a user perspective and often problematic from a legal perspective, specifically with regard to existing responsibilities. Particularly in the case of platform operators/providers from outside Europe, from a data protection perspective, social media services often do not adhere to the General Data Protection Regulation.
In particular, it requires that users be provided with sufficient information and requires their consent before personal data is processed.
Public authorities that operate a social media presence to perform their tasks share the responsibility under data protection law for processing the data of the users visiting their social media presence with the operators of the social media platform.
The platform operator’s data protection provisions can be found on the following page:
Facebook’s data usage policies:
Facebook’s full data policies:
Information on ways to limit the respective platform operator’s processing of your data can be found here:
If you have questions regarding our information offering, you can reach us using the following contact details:
Bundesministerium für Gesundheit
- Datenschutzbeauftragte -
- You can view the data that is automatically transmitted to our server from your browser.
- You can use any internet browser to display whether cookies are set and what these contain.
Detailed information is provided on the websites of the Federal Commissioner for Data Protection and the Federal Office for Information Security.
With respect to personal data concerning you, you have the following rights vis-a-vis the controller:
Right of access, Article 15 of the GDPR
The right of access entitles the data subject to access the personal data concerning them. The exceptions to this right provided under section 34 of the Federal Data Protection Act (BDSG) apply.
Right to rectification, Article 16 of the GDPR
The data subject can demand that inaccurate personal data concerning them be rectified.
Right to erasure, Article 17 of the GDPR
The right to erasure means the data subject can demand the controller erase data. However, this is only possible if the personal data concerning them is no longer required, is being processed illegitimately, the relevant consent has been withdrawn and none of the statutory reasons for exemption apply, cf. Article 17 (3) of the GDPR, section 35 of the BDSG.
Right to restriction of processing, Article 18 of the GDPR
The right to restriction of processing entails the possibility of the data subject to prevent further processing of personal data for the time being. Such restrictions mainly occur during the examination period of other rights being exercised by the data subject.
Right to data portability, Article 20 of the GDPR
The right to data portability affords the data subject the possibility to receive their personal data in a commonly used, machine-readable format in order to potentially pass these on to other controllers. Pursuant, for instance, to the exemptions set out under Article 20 (3) of the GDPR, this right does not apply when the processing of data serves the performance of a task carried out in the public interest. The sole instance where this is not the case at the Federal Ministry of Health is when data processing is carried out for taxation purposes.
Right to object against data collection, processing and/or use, Article 21 of the GDPR
The right to object entails the right in a specific situation to object against further processing of personal data. Pursuant, for instance, to section 36 of the BDSG, this right does not apply if a public authority is required to process the data by law.
Right to withdraw consent
Where processing is carried out in accordance with Article 6 (1) letter a) of the GDPR on the basis of your consent, you can always withdraw your consent for that purpose. The lawfulness of processing remains unaffected until a withdrawal of consent is received.
The aforementioned rights can be asserted by contacting poststelle(at)bmg.bund.de or poststelle(at)bundesgesundheitsministerium.de-mail.de.
Right to lodge a complaint with a supervisory authority, Article 77 of the GDPR
Furthermore, you have the right to submit a complaint to the supervisory authority for data protection law (the Federal Commissioner for Data Protection and Freedom of Information) at:
Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit,
Graurheindorfer Straße, 153 53117 Bonn,
The premises of the Federal Ministry of Health in Bonn (Rochusstraße 1, 53123 Bonn) and in Berlin (Friedrichstraße 108, 10117 Berlin) are monitored by a video system to supervise adherence to the house rules. Processing is carried out on the basis of Article 6 (1) letter e) of the GDPR in conjunction with section 4 of the Federal Data Protection Act (BDSG). Data collected in this way is only shared with third parties to the extent that we are legally required to do so or sharing it is necessary for legal action or criminal prosecution in cases of house law violation. Otherwise, it will not be passed on.
People under the age of 16 should not transmit personal data to the Federal Ministry of Health without the consent of a legal guardian. No personal data is knowingly processed or passed on from this group to third parties without parental consent.