Privacy policy NFK

The Federal Ministry of the Interior and Home Affairs informs you here about the processing of personal data when using the National Feedback Component (NFK). Your feedback will be anonymised and forwarded to the EU Commission. On the basis of Art. 25 of Regulation (EU) 2018/1724, we are obliged to report feedback on our online services to the Commission. Personal data is not processed in the process. Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

1. information on the processing of personal data

The controller pursuant to Article 4(1)(7) and Article 26 of the General Data Protection Regulation (GDPR) is

Federal Ministry of the Interior and for Home Affairs (BMI)
Division DV II 3
Alt-Moabit 140
10557 Berlin
Tel: +49 (0)30 18 681-0
E-mail: poststelle@bmi.bund.de
DE-Mail: poststelle@bmi-bund.de-mail.de

If you have any questions about the protection of your data, please contact the data protection officer:

Commissioner for Privacy Policy
Federal Ministry of the Interior and for Home Affairs
Alt-Moabit 140
10557 Berlin
Tel: +49 (0)30 18 681-0
E-mail: bds@bmi.bund.de

We act as a processor:

]init[ Aktiengesellschaft für digitale Kommunikation
Köpenicker Street 9
10997 Berlin
Phone: +49 30 97006 0
E-mail: init@init.de

The Information Technology Centre Germany (ITZBund) is the processor and operator of the National Feedback Component.

Information Technology Centre Germany
Bernkasteler Straße 8
53175 Bonn
Tel: +49 (0) 22899 680-0
E-mail: poststelle@itzbund.de

An agreement on order processing in accordance with Article 28 GDPR has been concluded with the processors.

2. Collection and storage of personal data

When using the website

Every time the website (platform with input mask) is accessed, data about this process is temporarily processed in a log file. In detail, the following personal data is stored for each access or retrieval:

  • Date and time of access (time stamp),
  • IP address of the accessing device or server,
  • Request details and destination address (protocol version, HTTP method, referrer, user agent string),
  • Name of the retrieved file and amount of data transferred (requested URL incl. query string, size in bytes) and
  • Message as to whether the request was successful (HTTP status code).

A free text field has been integrated. This free text field is provided with the note that no personal data within the meaning of Art. 4 (1) GDPR is collected.

  • The above-mentioned personal data will be completely deleted after a maximum of 90 days.

3. Legal basis and purpose of processing

The BMI is obliged on the basis of Article (Art.) 6(1)(c), (e) of the General Data Protection Regulation (GDPR) in conjunction with Section 3 of the Federal Data Protection Act (BDSG); Section 5 of the BSI Act to store data to protect against attacks on the BMI's Internet infrastructure and Germany's communications technology beyond the time of your visit. This data is analysed and, in the event of attacks on the communications technology, is required to initiate legal and criminal prosecution. The data will be deleted after a maximum of 90 days.

The sole purpose of processing your personal data is to ensure the functionality of Germany's IT systems or those of its service providers.

Your feedback, on the other hand, is processed anonymously during the evaluation. This means that the information you provide will not be processed together with your personal data and, in particular, will not be forwarded to the Government agency to which you provide feedback. It is not possible to draw conclusions about your person from your answers. Please ensure that you do not enter any personal data in free text fields. Your personal data will only be processed for the stated purpose. The processing of the above-mentioned personal data is necessary for this purpose.

Personal data of employees of the public bodies using the NFK are processed on the basis of Art. 6 para. 1 lit. b GDPR and stored for the duration of the contract.

4. storage period

The above-mentioned personal data will be completely deleted after a maximum of 90 days.

5. use of cookies

The form does not use cookies.

6. Rights of the data subjects

Data subjects have the following rights vis-à-vis the BMI with regard to the personal data concerning them

  • Right of access, Art. 15 GDPR
    The right of access gives data subjects comprehensive insight into the data concerning them and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right set out in Section 34 BDSG apply.
  • Right to rectification, Art. 16 GDPR
    The right to rectification includes the possibility for the data subject to have inaccurate personal data concerning them corrected.
  • Right to erasure, Art. 17 GDPR
    The right to erasure includes the possibility for the data subject to have data erased by the controller. However, this is only possible if the personal data in question is no longer necessary, is being processed unlawfully or consent has been withdrawn. The exceptions to this right set out in Section 35 BDSG apply.
  • Right to restriction of processing, Art. 18 GDPR
    The right to restriction of processing includes the possibility for the data subject to prevent further processing of the personal data concerning them for the time being. A restriction occurs above all in the examination phase of other rights exercised by the data subject.
  • Right to object to the collection, processing and/or use, Art. 21 GDPR
    The right to object includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the fulfilment of public tasks or public and private interests. The exceptions to this right set out in Section 36 BDSG apply.
  • Right to data portability, Art. 20 GDPR
    The right to data portability includes the possibility for the data subject to receive the personal data concerning him/her from the controller in a commonly used, machine-readable format in order to have it forwarded to another controller if necessary. According to Art. 20 para. 3 sentence 2 GDPR, however, this right is not available if the data processing serves the fulfilment of public tasks.

You can assert the aforementioned rights in writing using the contact details listed under point 1.

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the data protection supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information (BfDI), Graurheindorfer Str. 153, 53117 Bonn, telephone: +49 (0)228 997799-0, www.bfdi.bund.de.

You can also contact the above-mentioned data protection officer at any time with questions and complaints.

Status: 04.12.2023