Homepage 5 Privacy Policy

Privacy Policy

This privacy policy is a translation created with the help of AI. Only the german version of this privacy policy is legally binding and can be found here: https://www.e-rechnung-bund.de/datenschutz/

As an authority of the Federal Republic of Germany without legal capacity, the Procurement Office of the Federal Ministry of the Interior (Procurement Office) operates a website (the ‘Website’) under the domain https://en.e-rechnung-bund.de, which it uses to make information on e-invoicing available to the public. 

We only process personal data to the necessary extent. Which data is required and processed for what purpose and on what basis depends largely on the type of service you are using and the purpose for which it is required. We have taken technical and organisational measures to ensure that the data protection regulations are followed both by us and by our external service providers. The processing of personal data at BeschA is carried out in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1 Principles

1.1 Data Controller and Data Protection Officer 

The data controller responsible for the processing of personal data is the 

Procurement Office of the Federal Ministry of the Interior 
Brühler Straße 3, 53119 Bonn, Germany 
Telefon: +49-(0)22899 610 0 

Fax: +49-(0)22899 610 87 1000  

E-Mail: e-rechnung@bescha.bund.de 

If you have specific questions about the protection of your data, please contact the Data Protection Officer (DPO) at the Procurement Office: 

Procurement Office of the Federal Ministry of the Interior 
Brühler Straße 3, 53119 Bonn, Germany 
Telephone: +49-(0)22899 610 0 
Email: datenschutz@bescha.bund.de 

You can also contact the Procurement Office by email via this central email address: poststelle@bescha.bund.de. The personal data sent to the central address and stored in the organisational unit responsible for central message distribution will be deleted after one year following forwarding to the competent organisational divisions of the Procurement Office.  

Order processor is 

Nortal AG 
Knesebeckstr. 59-61/61a, 10719 Berlin 
Telefon: +49 (0)30-318 05 09-00 
E-Mail: erechnung.bund@nortal.com 

Nortal AG acts on behalf of the Procurement Office. 

1.2 Personal Data 

Personal data are all information referring to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. 

1.3 Protection of Minors  

Persons under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. Should personal data of children and young people be required to visit the property, section 6.3 applies. The data will not be passed on to third parties. 

1.4 Legal Basis for the Processing of Personal Data 

The Procurement Office of the Federal Ministry of the Interior (Procurement Office) processes personal data whenever it is performing the tasks incumbent upon it in the public interest. Specifically, the public tasks of the Procurement Office include public relations work and, within this context, provision of information to the public through this website. 

The legal basis for processing in this case is Article 6(1)(e) GDPR in conjunction with the relevant national or European task standard or in conjunction with Section 3 FDPA. 

Insofar as the processing of personal data should be necessary in individual cases for fulfilment of legal obligations of the Procurement Office of the Federal Ministry of the Interior, Art. 6(1)(c) GDPR, in conjunction with the corresponding legal provision from which the legal obligation arises, serves as the legal basis. 

Insofar as we obtain the data subject’s consent for processing operations of personal data, Art. 6(1)(a) GDPR serves as the legal basis. You can revoke this consent at any time with effect for the future. 

In the event that vital interests of the affected person or another natural person require the processing of personal data, Article 6(1)(d) GDPR is the legal basis.  

If processing is necessary for the purposes of the legitimate interests pursued by the Procurement Office or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6(1)(f) GDPR. 

2 Data Processing in Relation to Your Website Visit 
2.1 Data Collection  

The Procurement Office processes your personal data from the following categories:  

  1. Personal details: Your first name and surname (e.g. when contacting us by email, letter or telephone).
  2. Contact details: Address, postal address, telephone number, e-mail address (e.g. when contacting us by e-mail, letter or telephone).

  3. User information: Each time the website is accessed, two bytes of the IP address of the user’s accessing system (anonymous); the website accessed; the website from which the user came to the website accessed (‘referrer’); the subpages accessed from the website accessed; the time spent on the website and the frequency with which the website is accessed are recorded.

  4. Automatically collected data: Every time a user accesses the website and every time a file is retrieved, data about this process is temporarily processed in a log file. Specifically, the following data is stored for each access/retrieval: Date and time of access (time stamp), as well as the IP address of the accessing device or server; request details and destination address (protocol version, HTTP method, referrer, user agent string); name of the file accessed and amount of data transferred (requested URL incl. query string, size in bytes) and notification of whether the access was successful (HTTP status code). 

The purposes of processing personal data when visiting the website include in particular the following:  

Protection against attacks on the Procurement Office’s web infrastructure and the federal government’s communication technology: The Procurement Office is obliged on the basis of Art, 6 para. 1 lit. e GDPR in conjunction with § 5 BSI Act to store data to protect against attacks on the web infrastructure of the Procurement Office and the communication technology of the Federal Government beyond the time of your visit. This data is analysed and, in the event of attacks on the communication technology, is required to initiate legal and criminal prosecution. The data is deleted as soon as it is no longer required for the fulfilment of tasks. Data logged when accessing the Procurement Office’s website is only transmitted to third parties if we are legally obliged to do so or if disclosure is necessary for legal or criminal prosecution in the event of attacks on the Federal Government’s communications technology. Data will not be passed on in other cases. The Procurement Office does not merge this data with other data sources.  

Web analysis: On the basis of Art. 6 Para. 1 lit. e GDPR in conjunction with Section 3 of the Federal Data Protection Act (BDSG), the BeschA analyses usage information for statistical purposes as part of its public relations work and for the needs-based provision of information on the tasks to be performed by the Procurement Office. This is done by using a cookie in cooperation with the web analysis service Matomo/PIWIK. For more details, please refer to section 52.2: ‘Use of cookies on the website’.  

Links on the website will also take you to other providers or web portals that do not belong to the Procurement Office. The Procurement Office’s privacy policy does not apply to websites that you can access via hyperlinks. 

2.2 Use of Cookies on the Website 

The Procurement Office uses two types of cookies on its website to implement important user functions and to collect statistical, anonymised data for web analysis. This is based on Art. 6(1)(e) GDPR in conjunction with Section 3 FDPA as part of the public relations work for the demand-oriented provision of information on tasks assigned to the Procurement Office. 

When accessing the website, information is stored via a cookie as to whether active consent has been given by the user in accordance with Art. 6 (1)(a) GDPR with regard to the Privacy Policy. 

As part of web analysis, another cookie is used to collect anonymised usage data, which is processed in cooperation with web analysis service Matomo/PIWIK. In this context, the collected data is passed on to Matomo/PIWIK as a third party if you agree to the web analysis through the cookie via the opt-in option. If you do not agree to the completely anonymous storage and analysis of the data from your visit, you can object to the storage and use at any time via a mouse-click. In this case, a so-called opt-out cookie will be stored in your browser, which means that Matomo/PIWIK will no longer collect any session data. 

Show Cookie-Settings 

Please note that deleting cookies in your browser will also delete the opt-out cookie and you may have to reactivate it. 

In any Internet browser, you can view whether cookies have been set and what data they process. Detailed information is available on the websites of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security. 

Most browsers are set to accept cookies automatically. However, the storage of cookies can be deactivated or the browser can be set so that cookies are only stored for the duration of the respective connection to the Internet. 

3 Processing of Personal Data in the Context of Contacting 

Personal data is processed depending on the method of contact. A distinction can be made between contact by e-mail, contact form, letter or telephone.  

The Procurement Office collects your personal data from various sources. This includes in particular: 

  1. Data that you provide to us directly: Your personal data is collected when it is provided to us by you (electronically, in writing or verbally). We may also ask you for data and information (e.g. personal details and contact information) when you contact us.
  2. Data collected internally or via third parties: We process information about you that we obtain through your use of our website or your interaction with us (e.g. by contacting us). We and third parties use cookies to collect information about your computer or device and your use of the website. For more information on the use of cookies, please refer to section 2.2 ‘Use of cookies on the website’.
3.1 Contacting the Procurement Office by E-Mail  

If you contact the Procurement Office by email, your email will first be forwarded to the relevant organisational unit of the Procurement Office. The organisational units will store the data you send (e.g.: surname, first name, address), but at least the e-mail address, as well as the information contained in the e-mail (including any personal data you may have sent) for the purpose of contacting you and processing your request, in accordance with the time limits applicable to the storage of documents in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries (GGO). We would like to point out that the data is processed on the basis of Art. 6 para. 1 lit. e GDPR in conjunction with Section 3 BDSG. Processing of the personal data transmitted by you is necessary for the purpose of processing your request. 

3.2 Contact via Contact Form 

If you use the contact form for communication, it is necessary to provide your surname and first name as well as your e-mail address and authority/company. Without this data, your enquiry sent via the contact form cannot be processed. The date and time of your enquiry will also be transmitted to us. If we receive a message from you via the contact form or an e-mail, we assume that we are authorised to reply by e-mail. Otherwise, we ask you to expressly inform us of another form of communication (such as letter post or fax). The content of the Procurement Office’s contact forms is transmitted via the Jotform Online Forms plugin. Jotform Online Forms is a service for creating contact forms. The Jotform Online Forms plugin is only used to forward entered form data to the relevant e-mail addresses: erechnung.bund@nortal.com, erechnung@zrb.bund.de and sendersupport-xrechnung@bdr.de. 

Further information and the applicable data protection provisions of Jotform Online Forms can be found at https://www.jotform.com/gdpr-compliance/. Communication between the browser and server takes place exclusively via HTTPS (SSL/TLS) encryption. The processing of the data transmitted with the contact form and the content (which may also contain personal data transmitted by you) is carried out on the basis of Article 6(1)(a) GDPR for the purpose of processing your request. When using the contact form, the content of the data fields is transmitted to the authorised representatives of the Procurement Office for the purpose of responding to enquiries. Specifically, these are Bundesdruckerei, the Federal Central Accounting Office and Nortal AG. Consultants from these companies act on behalf of the Procurement Office. The IP address of the sender is recorded. This also takes place when a conventional e-mail is sent to one of the stored addresses. The processing and temporary storage of personal data serves to answer your enquiry. The processing of your request, which you have communicated to us via the contact form, is carried out by the employees of the above-mentioned companies. They store your data in order to process your enquiry and in accordance with legal and contractual requirements. If your request cannot be dealt with by the staff, it will be forwarded to the office otherwise responsible for it at the Procurement Office. 

3.3 Contact by Letter 

If you write a letter to the Procurement Office, the data you provide (e.g.: surname, first name, address) and the information contained in the letter (any personal data you provide) will be stored for the purpose of contacting you and processing your request in accordance with the deadlines for the storage of documents set out in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries (GGO). We would like to point out that the data is processed on the basis of Art. 6 para. 1 lit. e GDPR in conjunction with Section 3 BDSG. Processing of the personal data transmitted by you is necessary for the purpose of processing your request. 

3.4 Contact by Telephone  

If you contact an employee of the Procurement Office by telephone, your personal data will be collected and processed to the extent necessary to process your request. We would like to point out that the data is processed on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. Processing of the personal data transmitted by you is necessary for the purpose of processing your request. 

4 Data Storage and Deletion 

We process and store your personal data for as long as necessary to fulfil our contractual and legal obligations. It should be noted that some of our business relationships are long-term obligations.  

If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted unless its – temporary – further processing is necessary for the following purposes:  

1. fulfilment of retention obligations under commercial and tax law: 

These include the German Commercial Code (HGB), the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years. In cases of procurement in connection with EU-funded programmes, the retention period is generally 10 years after the end of the funding programme.  

2. preservation of evidence within the framework of the statutory limitation period. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years. 

5 Use of automated Decision-making 

In connection with the operation of this website, we generally do not use automated decision-making including profiling within the meaning of Article 22 GDPR. If we use such procedures in individual cases, we will inform you of this separately to the extent required by law. 

6 Your Rights as a Data Subject

You have the following rights vis-à-vis the Procurement Office with regard to your personal data: 

  1. The right to gain access to the stored personal data pursuant to Art. 15 GDPR: The right of access provides the data subject with comprehensive insight into the personal data processed concerning him or her and some other important criteria such as the processing purposes or the storage duration. The exceptions to this right, as regulated in Section 34 FDPA, apply. 

  2. The right to rectification pursuant to Art. 16 GDPR: The right to rectification includes the possibility for the data subject to have inaccurate personal data concerning him or her corrected.

     

  3. The right to erasure pursuant to Art. 17 GDPR: The right to erasure of personal data includes the possibility for the data subject to have his or her personal data deleted by the controller. However, this is only possible if the personal data in question are no longer necessary, are being processed unlawfully or if consent in this regard has been revoked. The exceptions to this right, as regulated in Section 35 FDPA, apply.

     

  4. The right to restriction of processing pursuant to Art. 18 GDPR: The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data concerning him or her for the time being. A processing restriction occurs primarily in the review phase of other rights exercised by the data subject. 

  5. The right to object to collection, processing and/or use pursuant to Art. 21 GDPR: The right to object includes the possibility to object to further processing of your personal data. The exceptions to this right, as regulated in Section 36 FDPA, apply.

     

  6. The right to data portability pursuant to Art. 20 GDPR: The right to data portability includes the possibility for the data subject to receive his or her personal data in a common, machine-readable format from the controller in order to have it forwarded to another controller, if necessary. Pursuant to Art. 20(3)(2) GDPR, this right is not available if the data processing serves the performance of public tasks.

     

  7. The right to withdraw consent pursuant to Art. 13 and 14 GDPR: Insofar as the processing of personal data is based on consent, the data subject may revoke such consent for the relevant purpose at any time. The lawfulness of the processing based on the provided consent remains unaffected until receipt of the revocation. 

You can assert the aforementioned rights in writing to the data controller (section 1. of this Privacy Policy). Pursuant to Art. 77 GDPR, you also have the right to lodge a complaint with the data protection supervisory authority: The Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Str. 153, 53117 Bonn, Germany. 

You can also contact the Procurement Office or the data protection officer at the Procurement Office directly with questions and complaints.