As an authority of the Federal Republic of Germany without legal capacity, the Federal Ministry of the Interior and Community (BMI) operates a website (the ‘Website’) under the domain https://en.e-rechnung-bund.de, which it uses to make information on e-invoicing available to the public.
In its role as data controller, the BMI may process information about you. This information is called ‘personal data’. Personal data refers to any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics. These characteristics are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data is either collected directly from you, internally or in some instances by third parties. We only process personal data to the extent necessary. Which data is processed for which purpose and on which basis depends largely on the type of service you are using or on the purpose for which the personal data is needed.
We have taken technical and organisational measures to ensure that the data protection regulations are observed by us and by our external service provider.
Personal data at the BMI is processed in accordance with the European General Data Protection Regulation (‘GDPR’) and the Federal Data Protection Act (‘FDPA’).
1. Data controller and data protection officer
The data controller responsible for the processing of personal data is the
Federal Ministry of the Interior and Community
Alt-Moabit 140, 10557 Berlin, Germany
Telephone: +49-(0)30 18 681-0
Fax: +49-(0)30 18 681-12926
If you have specific questions about the protection of your data, please contact the Data Protection Officer (DPO) at the BMI:
Federal Ministry of the Interior and Community
Alt-Moabit 140, 10557 Berlin, Germany
Telephone: +49-(0)30 18 681-0
You can also contact the BMI by email via this central email address: email@example.com. The personal data sent to the central address and stored in the organisational unit responsible for central message distribution will be deleted after one year following forwarding to the competent organisational divisions of the BMI. You can contact the Citizen Service via the email address firstname.lastname@example.org.
Order processor is
Knesebeckstr. 1, 10623 Berlin
Telefon: +49 (0)30-318 05 09-00
Nortal AG acts on behalf of the BMI.
2. Types of personal data processed by us
The BMI processes your personal data in the following categories:
- Personal data: Your first and last name (e.g. when contacting us by email, letter or telephone).
- Contact details: Address, postal address, telephone number, email address (e.g. when contacting us by email, letter or telephone).
- User information: Each time the website is accessed, two bytes of the IP address of the user’s accessing system (anonymous); the accessed website; the website from which the user accessed the website (‘referrer’); the subpages accessed from the retrieved website; the time spent on the website and the frequency of accessing the website are recorded.
- Automatically collected data: Every time a user accesses the website and every time a file is retrieved, data about this process are temporarily processed in a log file. Specifically, the following data are stored for each access/retrieval: Date and time of the retrieval (time stamp), as well as the IP address of the accessing device or server; query details and destination address (protocol version, HTTP method, referrer, user agent string); name of the retrieved file and amount of data transferred (requested URL incl. query string, size in bytes) as well as notification of whether the retrieval was successful (HTTP status code).
3. Sources of personal data processed by us
The BMI collects your personal data from various sources. This includes in particular:
- Data that you provide to us directly: Your personal data will be collected when you provide it to us (electronically, in writing or verbally). We may also ask you for data and information (e.g. personal and contact details) when you contact us.
4. Legal basis and purposes of the processing of personal data
The Federal Ministry of the Interior and Community (BMI) processes personal data whenever it is performing the tasks incumbent upon it in the public interest. Specifically, the constitutional tasks of the BMI include public relations work and, within this context, provision of information to the public through this website.
The legal basis for processing in this case is Article 6(1)(e) GDPR in conjunction with the relevant national or European task standard or in conjunction with Section 3 FDPA.
Insofar as the processing of personal data should be necessary in individual cases for fulfilment of legal obligations, Art. 6(1)(c) GDPR, in conjunction with the corresponding legal provision from which the legal obligation arises, serves as the legal basis.
Insofar as we obtain the data subject’s consent for processing operations of personal data, Art. 6(1)(a) GDPR serves as the legal basis. You can revoke this consent at any time with effect for the future.
The purposes of processing personal data while visiting the website specifically include the following:
- Protection against attacks on the Internet infrastructure of the BMI and the communication technology of the Federal Government: Based on Article 6(1)(e) GDPR in conjunction with Section 5 BSI Act, the BMI is obliged to store data to protect against attacks on the Internet infrastructure of the BMI and the Federal Government’s communication technology beyond the time of your visit. These data are analysed and required to initiate legal and criminal prosecution in the event of attacks on the communication technology. The data are deleted as soon as they are no longer required for the fulfilment of tasks. Data logged during access of the BMI’s website are only passed on to third parties if we are legally obliged to do so or if the transfer is necessary for legal or criminal prosecution in the event of attacks on the Federal Government’s communication technology. Data will not be passed on in other cases. The BMI does not combine the data with other data sources.
- Contacting us by email: When you contact us by email, your email will initially be forwarded to the responsible organisational division of the BMI. In the organisational divisions, the data transmitted by you (e.g. last name, first name, address), at the very least the email address as well as the information contained in the email (including any personal data transmitted by you) are stored so that we may contact you and process your request. This is done in accordance with the time limits applicable to the storage of documents in the Registry Directive, which supplements the Common Rules of Procedure of the Federal Ministries (GGO). We would like to point out that the data are processed on the basis of Art. 6(1)(e) GDPR in conjunction with Section 3 FDPA. Processing of the personal data transmitted by you is necessary for processing your request.
- Contact by letter: If you write a letter to the BMI, the data you provide (e.g. last name, first name, address) and the information contained in the letter (if applicable, personal data provided by you) will be stored so that we may contact you and process your request. This is done in accordance with the time limits applicable to the storage of documents in the Registry Directive, which supplements the Common Rules of Procedure of the Federal Ministries (GGO). We would like to point out that the data are processed on the basis of Art. 6(1)(e) GDPR in conjunction with Section 3 FDPA. Processing of the personal data transmitted by you is necessary for processing your request.
- Telephone contact: If you contact the Citizen Service via the telephone numbers +49 (0)228 99681-0 or +49 (0)30 18681-0, no personal data will be collected. Personal data are only collected when you request a call-back or a written message. In these cases, storage is regulated by the time limits applicable to the storage of documents in the Registry Directive, which supplements the Common Rules of Procedure of the Federal Ministries (GGO).
The BMI uses two types of cookies on its website to implement important user functions and to collect statistical, anonymised data for web analysis. This is based on Art. 6(1)(e) GDPR in conjunction with Section 3 FDPA as part of the public relations work for the demand-oriented provision of information on tasks assigned to the BMI.
As part of web analysis, another cookie is used to collect anonymised usage data, which is processed in cooperation with web analysis service Matomo/PIWIK. In this context, the collected data is passed on to Matomo/PIWIK as a third party if you agree to the web analysis through the cookie via the opt-in option. If you do not agree to the completely anonymous storage and analysis of the data from your visit, you can object to the storage and use at any time via a mouse-click. In this case, a so-called opt-out cookie will be stored in your browser, which means that Matomo/PIWIK will no longer collect any session data.
Please note that deleting cookies in your browser will also delete the opt-out cookie and you may have to reactivate it.
In any Internet browser, you can view whether cookies have been set and what data they process. Detailed information is available on the websites of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security.
Most browsers are set to accept cookies automatically. However, the storage of cookies can be deactivated or the browser can be set so that cookies are only stored for the duration of the respective connection to the Internet.
6. Protection of minors
Persons under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians.
7. Your rights as a data subject
You have the following rights vis-à-vis the BMI with regard to your personal data:
- The right to gain access to the stored personal data pursuant to Art. 15 GDPR: The right of access provides the data subject with comprehensive insight into the personal data processed concerning him or her and some other important criteria such as the processing purposes or the storage duration. The exceptions to this right, as regulated in Section 34 FDPA, apply.
- The right to rectification pursuant to Art. 16 GDPR: The right to rectification includes the possibility for the data subject to have inaccurate personal data concerning him or her corrected.
- The right to erasure pursuant to Art. 17 GDPR: The right to erasure of personal data includes the possibility for the data subject to have his or her personal data deleted by the controller. However, this is only possible if the personal data in question are no longer necessary, are being processed unlawfully or if consent in this regard has been revoked. The exceptions to this right, as regulated in Section 35 FDPA, apply.
- The right to restriction of processing pursuant to Art. 18 GDPR: The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data concerning him or her for the time being. A processing restriction occurs primarily in the review phase of other rights exercised by the data subject.
- The right to object to collection, processing and/or use pursuant to Art. 21 GDPR: The right to object includes the possibility to object to further processing of your personal data. The exceptions to this right, as regulated in Section 36 FDPA, apply.
- The right to data portability pursuant to Art. 20 GDPR: The right to data portability includes the possibility for the data subject to receive his or her personal data in a common, machine-readable format from the controller in order to have it forwarded to another controller, if necessary. Pursuant to Art. 20(3)(2) GDPR, this right is not available if the data processing serves the performance of public tasks.
- The right to withdraw consent pursuant to Art. 13 and 14 GDPR: Insofar as the processing of personal data is based on consent, the data subject may revoke such consent for the relevant purpose at any time. The lawfulness of the processing based on the provided consent remains unaffected until receipt of the revocation.
You can also contact the BMI or the data protection officer at the BMI directly with questions and complaints.