Privacy Policy

This section provides you with information on how personal data are processed.

Personal data are information about or relating to a person (e.g. name, address, postal address, telephone number, IP address) which can be used to ascertain the identity of that person. Personal data are any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly – in particular by linking them to an identifier such as a name, identification number, location data or an online identifier.

1. Controller and Data Protection Officer

 

Controller:

Secretariat of the Advisory Council for Consumer Affairs (SVRV)
Federal Ministry of Justice and Consumer Protection (BMJV)
Mohrenstraße 37, 10117 Berlin,
e-mail address: info@svr-verbraucherfragen.de

 

Responsible Data Protection Officer:

Elisabeth Duhr
Federal Ministry of Justice and Consumer Protection
Mohrenstraße 37, 10117 Berlin,
e-mail address: datenschutzbeauftragte@bmjv.bund.de

2. Processing of data for visits to this website

Each time our website is visited, we collect data required for providing the service. Whenever someone accesses our website, the IP address is recorded and a log file is created, which collects and stores the following data:

  • date and time of access,
  • username if a login is required to access the members-only content,
  • actions carried out (e.g. access to the homepage itself and all the other pages available on the website, as well as all the files contained on the website),
  • browser type and version,
  • operating system used,
  • referrer URL,
  • hostname of the accessing computer if there is direct communication e.g. via SMTP

The IP address and the log file are temporarily processed and stored on a server at Mivitec GmbH.

Data collected from visits to the SVRV’s website and stored in log files are shared with third parties only if we are legally obliged to do so, or if needed for legal or criminal proceedings in cases of attacks on the SVRV’s communications technology. Otherwise, these data are not shared with third parties.

Accessing individual pages generates so-called cookies to facilitate navigation. These session cookies contain no personal data. Most web browsers are configured to accept cookies automatically. However, you can deactivate the automatic acceptance of cookies or configure your web browser to accept cookies only for the duration of a single internet session.

This website uses Google Fonts to ensure that fonts are displayed uniformly. When you visit our website, your browser will load the required web fonts into your browser cache to display texts correctly. If your browser does not support Google Fonts, content will be displayed in a default font. Further information about Google Fonts can be found at:

https://developers.google.com/fonts/faq?hl=de-DE&csw=1

and in Google’s privacy policy:

https://policies.google.com/privacy/update?hl=de-DE

3. Processing of personal data when you submit details and make enquiries

Whenever you submit details or make enquiries, we only process the data that are necessary to communicate with you and to properly document the administrative activities of the SVRV and the SVRV secretariat. This particularly includes personal information (e.g. surname, first name, address, e-mail address, etc.) that we have directly received from you, as well as information about the method you chose to contact us (letter, telephone, e-mail). The processing of this data is necessary in carrying out our responsibilities (see Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with section 3 of the Federal Data Protection Act (BDSG)).

We will only share the data received from you with third parties if you have given your explicit consent thereto, or if we are required to do so by law or by reason of a court decision. The storage of submitted details and enquiries in electronic form – as well as in paper form – is carried out in accordance with the statutory periods for retaining records as specified in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries. As a rule, the respective retention periods are 10 years.

4. Processing of personal data for sending out newsletters

If you sign up to receive our newsletter, your name and e-mail address will be stored on a server. We do not share your data with third parties and do not use them for any other internal purposes. Furthermore, if you choose to cancel the newsletter subscription, your data will be deleted immediately.
 

5. Processing of personal data when you register for an event

If you wish to attend an event organised by the SVRV, you will usually have to register in advance.  For security reasons, we must ask you to provide us in advance with your first and last names and your e-mail address. This allows us to carry out our responsibilities (public relations work) pursuant to Article 6 (1) (e) GDPR in conjunction with section 3 BDSG. These data are passed on to the persons/institutions responsible for carrying out the identity checks at the entrance (e.g. the Federal Police) and are fully deleted one week after the event.

6. Rights of data subjects

Responsibility for the processing of personal data lies with the BMJV (represented by the SVRV secretariat) – both in its capacity as a contracting party under civil law and as part of its obligation to perform public responsibilities. Data subjects therefore have the following rights under the General Data Protection Regulation:

a) Right of access – Article 15 GDPR

The right of access gives data subjects comprehensive access to data concerning them and to several other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by section 34 BDSG.

b) Right to rectification – Article 16 GDPR

The right to rectification enables data subjects to have inaccurate personal data concerning them corrected.

c) Right to erasure – Article 17 GDPR

The right to erasure enables data subjects to have the controller erase personal data concerning them. However, such data may be erased only if they are no longer necessary, if they were processed unlawfully or if consent to their processing has been withdrawn. Exceptions to this right are governed by section 35 BDSG.

d) Right to restriction of processing – Article 18 GDPR

The right to restriction of processing enables data subjects to temporarily prevent further processing of personal data concerning them. Such restrictions mainly occur during the examination period of other rights being exercised by the data subject.

e) Right to data portability – Article 20 GDPR

The right to data portability enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to have these data transmitted to another controller. According to Article 20 (3) second sentence of the GDPR, this right does not, however, apply if the data processing is necessary for the performance of public responsibilities. At the BMJV, this is always the case except where the processing of personal data is carried out for taxation purposes.

f) Right to object – Article 21 GDPR

The right to object enables data subjects to object in a particular situation to further processing of personal data concerning them, if such processing is justified by the performance of public responsibilities or by public or private interests. According to section 36 BDSG, this right does not apply if the respective public body is obliged by law to process the data.

g) Right to withdraw consent

If the personal data are processed on the basis of your consent (Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of the processing based on your provided consent remains unaffected until notification has been received that your consent has been withdrawn.

7. Right to submit a complaint

You can submit a complaint regarding the SVRV secretariat’s processing of data to the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit), which is responsible for supervising the data protection activities of the federal authorities. It can be contacted at the following address:

Bundesbeauftragte für den Datenschutz und die Informationsfreiheit,
Husarenstraße 30, 53117 Bonn,
e-mail: poststelle@bfdi.bund.de