The protection of your personal data during your visit to our website is very important to us. As a matter of principle, we collect as little personal data as absolutely necessary. Your data is protected in accordance with the statutory provisions.

The Federal Institute of Public Health (BIÖG) has taken technical and organisational measures to ensure that data protection regulations are observed.

The use of the contact data published on our website by third parties for sending unsolicited advertising and information material is hereby expressly prohibited. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information.

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the

Federal Institute of Public Health (BIÖG) 
Maarweg 149 - 161 
50825 Cologne 
Germany 
Tel.: 0221-8992-0 
Email: poststelle(at)bioeg.de 
Website: www.bioeg.de

The contact details of the BIÖG's data protection officer are

Federal Institute of Public Health
- Data Protection Officer 
Maarweg 149 - 161 
50825 Cologne 
Germany 
Tel.: 0221-8992-0 
Email: datenschutzbeauftragter@bioeg.de

1. scope of the processing of personal data
We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our authority is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or if it is necessary for the performance of a task carried out within the scope of the controller's responsibility or in the exercise of official authority vested in the controller, Art. 6 para. 1 lit. e GDPR in conjunction with Art. 3 Federal Data Protection Act (BDSG) serves as the legal basis. § Section 3 of the Federal Data Protection Act (BDSG) serves as the legal basis for processing.

3. Data erasure and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

1. description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
(1) Browser type and version
(2) Operating system used
(3) Website from which you visit us (referrer URL)
(4) Pages and files that you access on our website
(5) If applicable, the website that you visit after ours (when clicking on external links). the website you visit after ours (when clicking on an external link on our website)
(6) Date and time of your access
(7) The Internet Protocol (IP) address, anonymised in abbreviated form

The data is stored in the log files of our system. This data is not stored together with the user's personal data.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. § Section 3 BDSG.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of the storage of data in log files, this is the case after fourteen days at the latest. Storage beyond this period is possible. The IP addresses of the users are already anonymised during the writing of the log files, so that an assignment of the calling client is no longer possible.

5. Objection and removal option
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website.

5.1 Description and scope of data processing
We use cookies to ensure basic functions of our website and to make it more user-friendly. If you agree, we also use cookies for statistical and analytical purposes (web tracking). Some elements of our website require that the accessing browser can be identified even after a page change.

Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When users access a website, a cookie can be stored on their operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

You will be informed about the use of cookies the first time you visit our website. For this purpose, an information text is displayed at the beginning or end of the browser window ("cookie notice"). This notice remains displayed until you have made a selection to accept or reject analysis cookies.

If only technically necessary cookies are used, no cookie notice is displayed.

If the acceptance of cookies is activated in your browser (e.g. Internet Explorer, Mozilla, Opera) and depending on the access to certain content pages or functions, the following cookies are stored by this website:

Technically necessary cookies

5.2 Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. a GDPR for the use of cookies requiring consent and Art. 6 para. 1 lit. e GDPR in conjunction with Art. 3 BDSG for the use of technically necessary cookies. § Section 3 BDSG.

5.3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users and to ensure basic functions. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The purpose of using analytics cookies is to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

5.4 Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted from there to our site. As a user, you therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

Storage duration of cookies: see cookie list under point 5.1

You can delete all cookies manually or set your browser so that it automatically deletes all cookies at the end of a session.

If technically necessary cookies for our website are deleted, it may no longer be possible to use all functions of the website to their full extent.

6.1 Description and scope of data processing

BIÖG uses the web analysis tool "Matomo" to optimise its website.

The collection of visit data by Matomo does not take place without the consent of the user. For this purpose, an information banner is displayed on the first visit to our website with the option of consenting or rejecting data collection by Matomo. Data is only collected if explicit consent is given by clicking on the "Consent" button.

By clicking on the "Consent" or "Reject" buttons, a cookie is stored in the user's browser to save the decision. Another cookie is stored to permanently hide the information banner after consent or refusal has been selected (see point 5 of this privacy policy).

We have deactivated the use of tracking cookies provided for in the basic configuration of Matomo to ensure a particularly data protection-friendly process.

The following data is stored using Matomo

• 1 byte of the IP address of the user's accessing system
• Time and duration of the visit
• Pages and files accessed during the visit
• Website from which users accessed the website (referrer)
• Search terms used by users to access the website and search terms used in internal searches
• Access to external websites that are accessed via links on our site
• System information of users (operating system, browser, browser language set, device type, screen resolution)

Matomo runs exclusively on our own servers. The data collected during a website visit is only stored there. The IP addresses are immediately anonymised by Matomo, making it impossible to identify visitors. The anonymous statistical data is stored separately from any personal data you may have entered on the website and does not allow any conclusions to be drawn about a specific person.

6.2 Legal basis for data processing

The legal basis for the processing of the aforementioned data is Art. 6 para. 1 lit. a GDPR if consent has been given.

6.3 Purpose of the data processing

The processing of the aforementioned data enables us to analyse the surfing behaviour of users on our website. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This enables us to constantly improve the content and user-friendliness of our website so that users can access the information they need quickly and efficiently. The need to design the website in line with requirements also arises from the obligation of public bodies to use budget funds economically within the scope of their statutory duties.
By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.

6.4 Duration of storage

The anonymous log data is deleted as soon as it is no longer required for our recording purposes. This is the case after 90 days. After that, only the reports created from it are processed.

6.5 Objection and removal options
Here you have the option of changing your decision to consent or reject the recording of your visit for analysis purposes.

In addition, the "Do not track" function is activated in the BIÖG's Matomo installation. If your browser supports this function and you have activated it in your browser settings, Matomo will not automatically collect any data.

7.1 Description and scope of data processing
If you wish to order information material, we ask you to provide certain personal data. This may include company name, surname and first name, address, e-mail address and, if applicable, telephone number. You must be authorised to provide this personal data. We expressly point out that it is not permitted to place an order in someone else's name without the knowledge of the specified recipient. This violates our order conditions and constitutes misuse of our ordering system.

7.2 Legal basis for data processing
The legal basis for data processing is its necessity for the fulfilment of the contract concluded through the ordering process in accordance with Art. 6 para. 1 lit. b GDPR.

7.3 Purpose of data processing
The data is stored and used for the purposes associated with the processing of media orders. In the event of misuse of our ordering system, we will use the data to prevent further cases of misuse and to clarify the cases.
In the case of orders for the information materials offered, your personal data will be used within BIÖG and by the company commissioned with the media dispatch (PVS DVG -Vertriebsgesellschaft GmbH, Birkenmaarstraße 8, 53340 Meckenheim). Your data will not be passed on to other third parties without your consent. We have taken technical and organisational measures to ensure that the data protection regulations are observed by us and the external service providers.

7.4 Duration of storage
The personal data provided for the purpose of ordering media will be stored for a period of 3 months after complete order processing (i.e. until complete delivery and, if applicable, until complete completion of payment obligations). This serves the purpose of being able to answer queries about the orders. After this period has expired, the personal data will be deleted.


7.5 Objection and removal options
The processing of the data is absolutely necessary for the fulfilment of the contract in connection with the order process.

8.1 Description and scope of data processing
If you would like to receive BIÖG newsletters, we ask you to provide your email address. Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

8.2 Legal basis for data processing
The newsletter is sent out on the basis of the user's registration on the website. The legal basis for the processing of data after registration for the newsletter by users is Art. 6 para. 1 lit. a GDPR if consent has been given.

8.3 Purpose of data processing
The purpose of collecting user data is to deliver the newsletter.

8.4 Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's email address will therefore be stored for as long as the subscription to the newsletter is active.

8.5 Objection and cancellation options
Users can cancel their subscription to the newsletter at any time. There is a corresponding link in every newsletter for this purpose. In the event of cancellation, the personal data will be deleted immediately.

The following individual services are included

• forums
• chats
• Further individual log-in areas
• Contact forms

9.1 Description and scope of data processing
If you wish to register for other individual services (forums, chats, member areas, etc.), we will ask you to provide certain personal data. The data required by BIÖG to provide you with the relevant application or service will be requested. Depending on the application or service, data such as salutation, title, surname and first name, address and email address are collected.

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

If you send an enquiry to BIÖG via the contact form or by email, your data will be used exclusively for correspondence with you.

Some of the correspondence is handled by external editorial teams who are commissioned by us to provide editorial support for this website. The service provider is bound by data protection regulations and will not use or pass on your data without authorisation.

9.2 Legal basis for data processing
The use of individual services/log-in areas is based on the user's registration on the website. The legal basis for the processing of data after registration for the individual services/log-in areas by the users is Art. 6 para. 1 lit. a GDPR if consent has been given.

9.3 Purpose of data processing
The purpose of collecting data from users is to enable them to use the individual services/log-in areas.

9.4 Duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The personal data provided for the use of the individual services/log-in areas will be stored until the user unsubscribes from the respective service.

9.5 Objection and removal options
It is possible to unsubscribe from the individual services/log-in areas at any time. In the event of cancellation, the personal data will be deleted immediately.

The internet platforms of the social network offer a federal authority excellent opportunities for communication, networking and proximity to citizens. BIÖG has therefore decided to set up its own presences on Facebook, Instagram, X, Google+ and YouTube. We would be delighted if you could find out more about our work there and exchange information with us.

We would like to take this opportunity to point out that the terms of use of the aforementioned services and their operators are not subject to BIÖG's control. For our part, we will always handle your data with care, but accept no liability for the behaviour of the operators or third parties.

Social media services are often multi-level provider relationships in which the respective information or communication service is offered on a platform provided by third parties and in which user data is processed for the platform operator's own business purposes. This makes social media services difficult to understand from the user's perspective and often problematic from a legal perspective, particularly with regard to existing responsibilities.

Please therefore note that user data can be processed for market research and advertising purposes in the context of the use of social networks and platforms. User profiles can be created from the behaviour of users. Based on such user profiles, adverts can be placed within the social networks or platform, for example, but also on third-party sites if necessary. Cookies are often stored on users' computers for these purposes, which are used to record user behaviour and interests. BIÖG has no influence on the collection of data and its further use by the social networks. For example, BIÖG has no knowledge of the extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, which analyses and links are made with the data and to whom the data is passed on.

BIÖG takes the discussion about data protection in social networks very seriously. We are following the debate and the reviews by the responsible authorities and are constantly checking ourselves whether we can continue to operate our social media presence under the given data protection conditions.

In the meantime, we also ask you to carefully check which personal data you disclose as a social media user. Please also regularly check the settings in the social networks to protect your privacy.

The processing of personal data takes place on the basis of Art. 6 para. 1 sentence lit. e GDPR i.V.m. § 3 BDSG. Art. 6 para. 1 sentence 1 lit. a GDPR may also be relevant as a basis for processing if users have consented to data processing by a provider of a social network or platform.

Detailed information about data processing in social networks or on platforms is provided by the respective providers. This also regularly includes information about the possibility of objecting to certain data processing operations, so-called opt-outs. In the case of requests for information and the assertion of user rights, these should be easiest to assert with the respective providers, as they have access to the user's data and can take immediate action in addition to providing information.

Please note the following information from the providers

- Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads

- YouTube, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

- X Cop. (formerly Twitter), International Unlimited Company
Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND
Privacy Policy: https://x.com/de/privacy
Opt-Out: https://x.com/settings/account

- Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA
Privacy Policy: http://instagram.com/about/legal/privacy/
Opt-Out: http://instagram.com/about/legal/privacy/

BIÖG uses so-called social plugins (e.g. Like button, Tweet button or others) on some Internet pages, through which you can share content via social networks. BIÖG uses technologies to protect your privacy that prevent data from being transferred to the social network providers as soon as you access our pages. Data is only transferred when you actively click on the respective plugin.

On this website we also use the CAPTCHA function of Friendly Captcha GmbH, Am Anger 3-5,82237 Woerthsee, Germany ("FriendlyCaptcha"). This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The anti-bot service respects the highest German data protection standards and does not store any personal data of your end users.

The use of FriendlyCaptcha is based on Art. 6 para. 1 lit. e GDPR i.V.m. § 3 BDSG. BIÖG's tasks also include protecting its websites from abusive automated spying and SPAM.
Further information about FriendlyCaptcha can be found in the privacy policy at the following links: https://friendlycaptcha.com/de/legal/privacy-end-users/.

We would like to inform you about your rights under the GDPR as a "data subject". You have the following rights with regard to your personal data:

• Right of access (Art. 15 para. 1, 2 GDPR)
• Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
• Right to restriction of processing ("blocking", Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to the processing (Art. 21 GDPR)
• Right of cancellation (Art. 7 para. 3 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In addition, we summarise the key points of the rights of data subjects under the GDPR for you as follows, whereby this presentation does not claim to be exhaustive, but merely addresses the main features of the rights of data subjects under the GDPR::

12.1 Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request the following information from the controller

1. The purposes for which the personal data is processed;
2. the categories of personal data being processed
3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
4. the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
6. the existence of a right to lodge a complaint with a supervisory authority
7. all available information about the origin of the data if the personal data is not collected from the data subject;

12.2 Right to rectification
In accordance with Art. 16 GDPR, you have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete.

12.3 Right to erasure
Under the conditions of Art. 17 GDPR, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase this data without undue delay where one of the following grounds applies:

1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
4. The personal data concerning you has been processed unlawfully.
5. The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

12.4 Restriction of processing ("blocking")
Under the conditions of Art. 18 GDPR, you can request the restriction of the processing of personal data concerning you: Where processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

12.5 Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

1. the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
2. the processing is carried out by automated means. In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

12.6 Right to object
Under the conditions of Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) of Art. 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

In connection with the use of information society services - notwithstanding Directive 2002/58/EC - you have the option of exercising your right to object by automated means using technical specifications.

12.7 Right of revocation
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

12.8 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.