I. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection provisions

Bundesinstitut für Arzneimittel und Medizinprodukte
Kurt-Georg-Kiesinger-Allee 3
53175 Bonn

Telephone: +49 (0)228 99 307-0
Fax: +49 (0)228 99 307-5207
E-mail: poststelle@bfarm.de
Website: www.bfarm.de

As an independent higher federal authority in the portfolio of the Federal Ministry of Health (BMG), the Federal Institute for Drugs and Medical Devices (BfArM) is subject to the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

II. The Data Protection Officer of the controller

Arian Mehrpuyan

Contact options:

• E-mail: datenschutz@bfarm.de
• De-Mail: poststelle@bfarm.de-mail.de
• Telephone: +49 (0)228 99 307-0
• Special electronic authority mailbox (beBPo) - receiver: "Bundesinstitut für Arzneimittel und Medizinprodukte, Justitiariat"
• Federal Portal (Bundesportal) for online services and data subject rights under the General Data Protection Regulation

III. General information on the processing of data

1. Scope of the processing of personal data

As a matter of principle, we collect and use personal data of users only to the extent necessary for the provision of a functional website and of our content and services. As a rule, the personal data of the users are collected only with their prior consent. Exceptions apply in those cases where obtaining prior consent is not possible for factual reasons, the processing is technically necessary for providing the website or the processing of the data is permitted by legal regulations.

Insofar as further processing of personal data is required in order to provide our services, we will inform you of this fact at the appropriate point (such as through our online application portal) and refer you to the relevant section of this policy.

2. Legal basis for the processing of personal data

Insofar as the data subject has given their consent for operations involving the processing of personal data, the legal basis is article 6 para. 1 lit. a) of the General Data Protection Regulation (GDPR). Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the legal basis is article 6 para. 1 lit. b of the GDPR. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary for the fulfilment of legal obligations to which the BfArM is subject, the legal basis is article 6 para. 1 lit. c) of the GDPR. In case processing is necessary in order to protect the vital interests of the Data Subject or of another natural person, the legal basis is article 6 para. 1 lit. d) of the GDPR.

If the processing of personal data takes place within the context of the performance of tasks which are in the public interest or are carried out in the exercise of official authority conferred on the BfArM as the controller, the legal basis is article 6 para. 1 lit. e) of the GDPR in conjunction with section 1 para. 1 and 3, section 4 para. 1 and 4 of the Act on Successor Institutions to the Federal Health Agency (BGA-NachfG) in conjunction with section 77 para. 1 of the German Medicinal Products Act (AMG). The statutory delegation of tasks, which is one of the legal bases for our processing of personal data in conjunction with Article 6 para. 1 lit. e) of the GDPR, has been transposed into a number of special laws at the national level. In addition to the aforementioned AMG, these include the Narcotics Act (BtMG), the Medical Devices Act (MPG), the Medical Devices Safety Plan Ordinance (MPSV) and the Basic Substances Monitoring Act (GÜG). These legal bases also apply, in particular, to the processing of personal data in connection with the forms provided on this website.

3. Deletion and storage period of data

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place as provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless the continued storage of the data is necessary for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of the data processing

Each time our website is accessed, our system automatically collects and processes data and information from the computer system of the accessing computer.

This involves collecting the following data:

• Information about the type and version of the browser used
• Operating system of the device accessing the page
• IP address
• Date and time of access
• Websites from which the user's system accesses our website
• Page accessed/Name of the file accessed
• Data volume transferred
• Message whether the access/retrieval was successful
• Website visited by you after the visit to our website

The aforementioned data is also stored in the log files of our system. For as long as you visit our website, your IP address is processed for the delivery of data to your computer. The IP address is then shortened by two bytes (e.g. 192.168.xxx.xxx) and saved in this form. Thus, it is no longer possible to associate the shortened IP address to the calling computer. Other data that enables the data to be associated with users is not stored. Neither is the aforementioned data stored together with the users’ other personal data.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data is article 6 para. 1 lit. e) of the GDPR in conjunction with section 1 para. 1 and 3, section 4 para. 1 and 4 of the Act on Successor Institutions to the Federal Health Agency (BGA-NachfG) in conjunction with section 77 para. 1 of the German Medicinal Products Act (AMG).

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary so that the website can be delivered to the user's computer. This necessitates storing the IP address of the user for the duration of the session. The subsequent storage of the anonymised IP address serves to protect our information technology systems from hacker attacks and to optimise our Internet offering.

4. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In case the provision of the website requires the collection of personal data or of data attributable to particular persons, this is the case as soon as the respective session has ended. The data stored in the log file are no longer attributable to particular users. They are stored for the period of one year. The data will not be passed on to third parties or used in any other way.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. This means that there is no possibility for users to object, as the data is stored in the log files without being associated with a particular person.

V. Cookies

1. Description and scope of the data processing

Our website uses cookies, which are text files stored in the Internet browser or by the Internet browser on the user's computer system. When a website is accessed, a cookie may be stored on the user's operating system. This cookie contains a particular string of characters which enables the browser to be uniquely identified when the website is called up again.

Cookies may also be used on linked pages without us being able to inform users of this. Most browsers are set to accept cookies automatically. However, the storage of cookies can be deactivated or the browser can be set to notify users as soon as cookies are sent.

2. Legal basis for the data processing

The legal basis for the processing of personal data using cookies is article 6 para. 1 lit. e) of the GDPR in conjunction with section 1 para. 1 and 3, section 4 para. 1 and 4 of the BGA-NachfG in conjunction with section 77 para. 1 of the German Medicinal Products Act (AMG).

3. Purpose of the data processing

We use cookies on our website to make our website more user-friendly. Some elements of our website require the calling browser to be identifiable even after the change to another page. This concerns the adoption of language settings and the memorisation of search terms. The cookies we use are also used for load balancing purposes and to ensure that user requests are always sent to the same server during a session. The user data collected by means of technically necessary cookies is not used for the creation of user profiles.

4. Matomo (Piwik)

Diese Website nutzt den Web-Analysedienst Matomo, 150 Willis St, 6011 Wellington, New Zealand (vormals Piwik), zu dem Zweck und in unserem Interesse, Ihre Nutzung unserer Website zu analysieren. Über die so gewonnenen Statistiken können wir unser Angebot verbessern und auch für Sie als Nutzer interessanter ausgestalten.
Für diese Auswertungen werden keine Cookies auf Ihrem Computer gespeichert, sondern sie erfolgen anhand der Browserdaten, wobei Ihre IP-Adresse um die letzten beiden Blöcke gekürzt und anschließend kodiert wird. Eine Identifizierbarkeit Ihrer Person kann damit ausgeschlossen werden. Die mittels Matomo von Ihrem Browser übermittelte IP-Adresse wird nicht mit anderen von uns erhobenen Daten zusammengeführt. Rechtsgrundlage für die Datenverarbeitung ist Art. 6 Abs. 1 lit. f DS-GVO.
Sie haben das Recht, der Datenverarbeitung zu widersprechen, indem Sie den folgenden Haken entfernen und so das Opt-out-Plugin aktivieren:
Sie können sich hier entscheiden, ob in Ihrem Browser ein eindeutiger Webanalyse-Cookie abgelegt werden darf, um dem Betreiber der Website die Erfassung und Analyse verschiedener statistischer Daten zu ermöglichen. Wenn Sie sich dagegen entscheiden möchten, wählen Sie bitte die entsprechende Option, um den Matomo-Deaktivierungs-Cookie in Ihrem Browser abzulegen.

Open cookie settings

In diesem Fall wird in Ihrem Browser ein sog. Opt-Out-Cookie abgelegt, was zur Folge hat, dass Matomo keinerlei Sitzungsdaten erhebt. Bitte beachten Sie, dass die vollständige Löschung Ihrer Cookies zur Folge hat, dass auch das Opt-Out-Cookie gelöscht wird und ggf. von Ihnen erneut aktiviert werden muss.

5. Storage period, possibility of objection and removal

Cookies are stored on the user's computer and transmitted from that computer to our site. This means that users also have full control over the use of cookies, with the transmission of cookies being deactivated or restricted by changing the settings of the Internet browser. Cookies that have already been saved can be deleted at any time, including automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. The cookies we use are so-called session cookies whose validity is only maintained for the duration of the respective session.

VI. Contact form and e-mail contact

1. Description and scope of the data processing

Our website contains a contact form which can be used for getting into contact with us electronically. If users make use of this option, the data entered in this form will be transmitted to us and stored. The following data can be entered:

• Subject
• Your message
• Salutation
• Last name
• First name
• E-mail address
• Company
• Street and house number
• Zip Code
• City
• Country
• Telephone number

The information entered into the aforementioned data fields is, on principle, voluntary, while the fields "Subject", "Your message", "Last name" and "E-mail address" are marked as mandatory fields. In addition to the actual message, the purpose of the data entered into the subject field is to assign the appropriate contact persons at an internal level, while we require the specification of an e-mail address to send a reply to the user. The purpose of the last name is the differentiation between the entries made by different users and their assignment to previous conversations. The field "Last name" also permits the entry of any alias, which makes anonymous messages possible.

The consent of the user with the processing of the data is obtained during the submission, with reference also being made to this Privacy Policy in that context.

Alternatively, it is possible to contact us via the e-mail address provided in the Imprint. In this case, the personal data of the user transmitted with the e-mail will be stored. The intended purpose of the storage of this data is to enable us to contact users if necessary in the course of processing requests.

This does not involve the passing on of data to any third parties, with the data being used exclusively for processing the conversations.

Apart from that, we are connected to the Federal Portal (Bundesportal) - another channels through which we can be contacted - as per the requirements of the Online Access Act (OZG). For this purpose, you need a BundID account, which requires a one-time registration. All essential information about the processing of personal data can be found in our Privacy Policy for the respective administrative service on the pages of the Federal Portal if you wish to use this contact channel.

2. Legal basis for the data processing

The legal basis for the processing of the data is article 6 para. 1 lit. a) GDPR if the users have given their consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is article 6 para. 1 lit. e) GDPR in conjunction with section 1 para. 1 and 3, section 4 para. 1 and 4 of the BGA-NachfG in conjunction with section 77 para. 1 of the AMG.

3. Purpose of the data processing

The purpose of processing the personal data entered through the contact form is to process contacts with users and individualise their enquiries. Individualisation permits the attribution of previous enquiries of users and their being taken into account during processing. In case of anonymous contact, the additional purpose of individualisation is to distinguish the requests from each other. In the case of contact by e-mail, the purpose of storing the e-mail address is also to enable us to reply to the sender.

The provision of the address only becomes mandatory if requests from users give rise to fees, as can be the case for requests under the German Freedom of Information Act (IFG). If a request gives rise to fees, users will be made aware of this before processing begins and will be asked for their consent. If the request is not confirmed within the deadline set in the letter, the personal data collected will be deleted together with the request. With your consent, you will also be asked to provide your postal address, if this has not already been provided. This will allow for the delivery of a written fee notice. Providing your telephone number only helps to process the request in a more timely fashion. Should there be any uncertainties on our part with regard to the questions provided to us, this would allows us to consult those persons wishing to make contact to us in a quicker and more uncomplicated manner.

4. Storage period

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and if this would be no longer in conflict with any applicable regulations on the storage of data, in particular with the “Registration Directive on the Processing and Management of Documents in Federal Ministries”, which is applied by way of analogy in Federal Authorities. According to this directive, the registered personal data and conversations will be stored for a period of 10 years for the purposes stated. They will not be passed on to third parties.

5. Possibility of objection and removal

Users have the possibility to revoke their consent to the processing of their personal data at any time. Users who have contacted us by e-mail can object to the storage of their personal data at any time. All personal data stored in the course of contacting us will be deleted in this case. In such a case, the conversation cannot be continued.

VII. Processing in other offerings of the Federal Institute for Drugs and Medical Devices

Our website gives you access to various functions and offerings. Insofar as this involves the processing of personal data, the functions and offerings either have their own Privacy Policies or will refer to this section of the General Privacy Policy, which explains the special features of the processing of personal data in these functions and offers.

Portal for ordering prescriptions for narcotics (BtM-Rezepte)

1. Description and scope of the data processing

The Federal Institute for Drugs and Medical Devices (BfArM) is responsible for issuing prescriptions for substances classified as narcotics (BtM-Rezepte). For this purpose, doctors can request narcotics prescriptions through the web-based ordering portal of the BfArM, which is hosted and operated on behalf of the latter institution by the Bundesdruckerei GmbH. In order to obtain these prescriptions, they must authenticate themselves by means of an electronic health professional card (eHBA). In this context, the authentication itself takes place outside the web portal by means of the Authenticator, a software provided by gematik GmbH. The personal data processed in this context are your first name, surname, address, postcode, occupation and telematics ID are processed when making your order request. The order data is temporarily stored in a database to be retrieved by the BfArM. The data is deleted after it has been retrieved, but otherwise after a period of 90 days.

2. Legal basis for the data processing

The legal basis for the processing of personal data is article 6 para. 1 lit. c) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with Regard to the Processing of Personal Data, on the Free Movement of such Data and Repealing the Directive 95/46/EC (GDPR) in conjunction with section 8 para. 2 sentence 1 of the German Ordinance on the Prescription, Dispensing and Tracing of Narcotic Drugs (BtMVV).

3. Purpose of the data processing

The purpose of the processing of personal data through the narcotics prescription forms provided in our ordering portal is to enable members of the medical profession to place electronic requests by means of an eHBA via an Internet portal. The purpose of the processing of the data provided along with the request - comprising, in particular, the telematics ID, the name and address of the requesting member of the medical profession and the professional designation of doctor or dentist figuring in the eHBA - is the processing of the application.

4. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data is initially stored until the request for the narcotics prescription forms has been checked and processed, but for a maximum of 90 days.

5. Possibility of objection and removal

There is no possibility to raise an objection against the described processing.

Occupational health management

1. Description and scope of the data processing

The occupational health management (BGM) program of the BfArM offers employees the opportunity to participate in seminars or health circles.

Registration for the seminars offered takes place by means of a completed registration form sent by the respective supervisor to the functional mailbox gesundheitsmanagement@bfarm.de . For this purpose, the employee users submit the data required for registration (surname, first name, job reference, business telephone number). By means of the registration form, the consent of the employee users to the processing of the data required for the implementation of the seminars is obtained, with the registration form also referencing this privacy policy. The purpose of this data is to enable participation in the seminars. The e-mails with the registrations are saved in an Outlook folder assigned to the seminar and the names are transferred to a list of participants in the order in which they are received. After the registration deadline, the list of participants will be submitted to the Equal Opportunities Officer, the Staff Council and the Representation for the Interests of the Severely Disabled for approval. Afterwards, the list of participants is forwarded to the external provider of the seminar (external social counsellor, the ias mental health GmbH or other external providers) so that they can use it to check attendance and send it to the occupational health management afterwards. The external providers are instructed to delete the transmitted data of the participants after the end of the seminar As far as the seminar takes place externally, such as at a cooperating clinic, the data are relayed to the clinic at the clinic’s request. The clinic stores the data for the purpose of monitoring the confidentiality agreements it enters into with participants. All participants receive a certificate of participation and the participation is recorded in the human resources software Persinf, where is will remain stored for a period of five years after termination of employment with the BfArM. The e-mails with the registrations, the certificates of participation and the lists of participants will be stored at the occupational health management for a maximum of three years. The list of participants is transferred to the human resources development division and stored there for three years.

Registration for the health circles offered takes place via a completed registration form to the functional mailbox gesundheitsmanagement@bfarm.de . For this purpose, the employee users provide the data required for registration (surname, first name, job reference number, official telephone number; other data such as career affiliation, working time below or above 30 hours per week can also be provided on a voluntary basis). By means of the registration form, the consent of the employee users to the processing of the data required for the implementation of the health circles is obtained, with the registration form also referencing this privacy policy. The purpose of this data is to enable participation in the health circles. The e-mails containing the registrations are saved in a dedicated Outlook folder for the health circle. Afterwards, the list of participants is forwarded to the external social consulting company (ias mental health GmbH) who acts as a moderator for the health circles, to enable it to check attendance and submit the data to the occupational health management afterwards. In this context, the external persons are instructed to delete the transmitted data of the participants after the termination of the health circle. The e-mails with the registrations and the lists of participants will be stored at the occupational health management for a maximum of three years.

2. Legal basis for data processing

The legal basis for the processing of data after registration of the employee users for the health circles or for the seminars is article 6 para. 1 lit. a) of the Regulation (EU) 2016/679 (DSGVO) in conjunction with section 26 para. 2 of the BDSG if consent has been given. The further legal basis for the processing of employee data is article 6 para. 1 lit. e) alternative 1 of the Regulation (EU) 2016/679 (GDPR) in conjunction with section 611a of the German Civil Code (BGB), section 78 of the Federal Civil Servants Act (BBG), section 45 of the Act Governing the Status of Civil Servants in the Federal States (BeamtStG) and the Agreement on Key Points for Occupational Health Management in the Federal Ministry of Health and its Division dated 27 May 2011. The legal basis for the continued storage of the data is section 26 para. 1 of the BDSG and section 113 para. 1 of the BBG.

3. Purpose of the data processing

The purpose of the processing of the data of the employee users is to enable and implement the participation in the offering of seminars or health circles. Apart from that, the data processing is also relevant with regard to the personnel composition of the health circles. The purpose of the storage in the human resources software PersInf is the implementation of the employment relationship and the documentation of further training measures. The purpose of storing the list of participants by the staff development division is to process enquiries from the Federal Ministry of Health (BMG) on the number of participants in training courses and events for statistical purposes.

4. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The initial storage period of the data is until the seminar or the health circle have been terminated and the certificates of participation have been handed out. They are subsequently stored for a maximum period of another three years for reasons of compliance with the retention periods, to prove proper implementation (including consent) and to be able to process the collected data for statistical purposes. The note in the human resources software PersInf is stored for up to five years after the personnel file has been closed.

5. Possibility of objection and removal

The employee users have the option of submitting an application for the deletion of the data kept on their behalf at any time. Insofar as there are no mandatory retention periods to the contrary, the data will then be deleted immediately. An application to this effect can be made via the functional mailbox gesundheitsmanagement@bfarm.de . Should this occur during the registration phase or before or during the implementation of a seminar or health circle, the registration will be withdrawn at the same time.

Furthermore, users have the possibility of revoking their consent to the processing of the data at any time. The revocation can be made in the same way as the application, meaning via the functional mailbox gesundheitsmanagement@bfarm.de . Revocation of consent to data processing during the registration phase or before or during the implementation of a seminar or health circle will also result in the withdrawal of the registration. The revocation of consent shall not affect the lawfulness of the processing hat has taken place on the basis of the consent until its revocation.

Bulletin on Drug Safety

1. Description and scope of the data processing

Our website offers you the possibility to subscribe to the online or print version of the Bulletin on Drug Safety. In doing so, the consent of the users is first obtained when registering for the bulletin, with reference being made to this Privacy Policy. After that, the data entered through the entry form will be transmitted to us. In the case of registration in the respective BfArM distribution list, the e-mail address or the address data of the users will be stored by us on a server within Germany. We use this data exclusively for the purpose of sending the Bulletin. We do not pass on the users’ data to any third parties and we do not use it for any other purposes of our own.

After the user has registered to receive the online version of the Bulletin, our system generates a confirmation message which is sent to the e-mail address provided. Registration for the online version of the Bulletin is not complete until users have clicked on the link within that message. This is to ensure that the owner of the e-mail address actually wishes to receive the Bulletin. Users have the option to unsubscribe from the Bulletin at any time. For the online version of the Bulletin, the easiest way to do this is to use the corresponding link at the end of each message. Clicking the link removes the entered e-mail address from the list of recipients. If you no longer wish to receive the printed version of the Bulletin, please inform us by sending an e-mail to oea@bfarm.de.

2. Legal basis for data processing

The legal basis for the processing of user data after registration for the online or print version of the Bulletin on Drug Safety is article 6 para. 1 lit. a) of the GDPR if the users have given their consent.

3. Purpose of the data processing

The purpose of collecting the users’ e-mail address is to deliver the Bulletin on Drug Safety by e-mail or by post.

4. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s e-mail address is stored accordingly as long as the subscription to the Bulletin is active.

5. Possibility of objection and removal

The subscription to the Bulletin on Drug Safety can be cancelled at any time by the respective user. For the online version of the Bulletin, the easiest way to do this is to enter the e-mail address used for the subscription in the cancellation form on our website. This will remove the e-mail address from the list of recipients. A link to this input mask is also included in each message. If you no longer wish to receive the printed version of the Bulletin, please inform us by sending an e-mail to oea@bfarm.de.

DiGA Application Portal - Digital Health Applications Directory - DiGA API Interface

1. Description and scope of the data processing

The target group for the Application Portal are companies which can use it to submit applications for the inclusion of digital health applications pursuant to the Digital Health Applications Ordinance (DiGAV). In the course of the registration process, an e-mail address and a password are recorded as mandatory data. Likewise, it is mandatory to state a contact address. As contrasted with that, the provision of surnames and first names and the upload of a profile picture are voluntary.

These contact data of the applicants and the name of the DiGA are stored unencrypted on the servers of a data centre certified as per ISO/IEC 27001 and PCI DSS for the purpose of matching applicants with the encrypted content data of their applications. As this contact data, unlike the substantive application data, is held in unencrypted format, no personal data but only company names, company addresses and functional e-mail addresses should be used. In case the company voluntarily states the name of a contact person, the data of that contact person, together with the information pursuant to section 20 para. 2 and 3 of the DiGAV, shall be made available to authorised persons within the meaning of section 21 para. 2 and 3 of the DiGAV via the programming interface DiGA-API.

In addition, registrants can create accounts for other users who are to participate in the processing of the application at their own discretion. For these users, the e-mail address and, optionally, the surname and first name are subsequently stored. For this case, too, it is recommended to use a functional e-mail address. Registration also involves generating an authentication token which is stored on the applicant’s computer and allows visitors to be recognised. The data communicated after registration in the course of the application pursuant to section 2 of the DiGAV, i.e. for example the name of the DiGA and contact data of applicants, is stored on the servers of the certified data processing centre in an encrypted format and will only be decrypted and processed for purposes in connection with the application applied for.

2. Legal basis for the data processing

The legal basis for the collection and processing of the registration information of the manufacturer is article 6 para. 1 lit. e) of the General Data Protection Regulation (GDPR) in conjunction with sections 1 et seq. of the DiGAV and article 6 para. 1 lit. a) of the GDPR.

3. Purpose of the data processing

The purpose of processing the registration data is to enable the electronic registration of the DiGA via an internet portal for applicants and the users created by them. The purpose of the processing of the application data as detailed in section 2 of the DiGAV is to process the applications.

4. Storage period

Data shall be stored for a maximum of 30 years beyond the date until which a DiGA is listed in the DiGA directory. This is to take into account possible claims for damages as well as their limitation according to section 199 para. 2 of the BGB.

5. Possibility of objection and removal

Applicants can themselves delete their registration and thereby the data stored about them at any time via the application portal. The deletion of the registration data does not affect data already processed in the course of the review of the application at the BfArM. Deletion of this data can be requested, for example, by sending an e-mail to diga@bfarm.de . In this case, the examination of the application must be cancelled. The consent with the processing of the personal data of the contact person can also be revoked at any time, for instance by sending an e-mail to diga@bfarm.de , and a deletion of the data can be requested in connection with this. This does not affect the lawfulness of the processing that was carried out prior to the revocation of consent.

DiPA Application Portal - Digital Nursing Application Directory - DiPA API Interface

1. Description and scope of the data processing

The target group of the application portal are companies which can use it to submit applications for Digital Nursing Applications (DiPA in accordance with the "Ordinance on the Eligibility for Reimbursement of Digital Nursing Applications" (DiPAV). In the course of the registration process, an e-mail address and a password are recorded as mandatory data. Likewise, it is mandatory to state a contact address. As contrasted with that, the provision of surnames and first names and the upload of a profile picture are voluntary.

These contact data of the applicants and the name of the DiPA are stored unencrypted on the servers of a data centre certified as per ISO/IEC 27001 and PCI DSS for the purpose of matching applicants with the encrypted content data of their applications. As this contact data, unlike the substantive application data, is held in unencrypted format, no personal data but only company names, company addresses and functional e-mail addresses should be used. In case the company voluntarily states the name of a contact person, the data of that contact person, together with the information pursuant to section 16 para. 2 and 3 of the DiPAV, shall be made available to authorised persons within the meaning of section 17 para and 3 of the DiPAV via the programming interface DiGA-API.

In addition, registrants can create accounts for other users who are to participate in the processing of the application at their own discretion. For these users, the e-mail address and, optionally, the surname and first name are subsequently stored. For this case, too, it is recommended to use a functional e-mail address. Registration also involves generating an authentication token which is stored on the applicant’s computer and allows visitors to be recognised. The data communicated after registration in the course of the application pursuant to section 2 of the DiPAV, i.e. for example the name of the DiPA and contact data of applicants, is stored on the servers of the certified data processing centre in an encrypted format and will only be decrypted and processed for purposes in connection with the application applied for.

2. Legal basis for the data processing

The legal basis for the collection and processing of the registration information of the manufacturer is article 6 para. 1 lit. e) GDPR in conjunction with section 1 et seq. of the DiPAV as well as article 6 para. 1 lit. a) of the GDPR.

3. Purpose of the data processing

The purpose of the processing of the registration data is to enable the electronic registration of the DiPA via an internet portal for applicants and the users created by them. The purpose of the processing of the application data which is described in detail in section 2 of the DiPAV, is to process the application.

4. Storage period

Data shall be stored for a maximum of 30 years beyond the date until which a DiPA is listed in the DiPA directory. This is to take into account possible claims for damages as well as their limitation according to section 199 para. 2 of the BGB.

5. Possibility of objection and removal

Applicants can themselves delete their registration and thereby the data stored about them at any time via the application portal. The deletion of the registration data does not affect data already processed in the course of the review of the application at the BfArM. Deletion of this data can be requested, for example, by sending an e-mail to dipa@bfarm.de . In this case, the examination of the application must be cancelled. The consent with the processing of the personal data of the contact person can also be revoked at any time, for instance by sending an e-mail to dipa@bfarm.de , and a deletion of the data can be requested in connection with this. This does not affect the lawfulness of the processing that was carried out prior to the revocation of consent.

German Clinical Trials Register (DRKS)

1. Description and scope of the data processing

As per the requirements of the World Medical Association as stipulated in section 19 of the Declaration of Helsinki, all clinical trials must be registered with a public database already before the first subjects will be enrolled. The German Clinical Trials Register (DRKS is the primary register for Germany recognised by the World Health Organisation (WHO), in which key data on clinical trials such as the titles of studies, brief descriptions, inclusion and exclusion criteria, study status, endpoints and the results of studies are published. The DRKS serves as a central hub for the collection of information on clinical trials and as such forms the basis for scientific statements concerning the type and number of studies conducted in Germany. The publication of the data creates the greatest possible measure of transparency for the public, promotes the quality of clinical research in Germany and supports the professional public in the planning of studies. This does, for instance help to prevent duplicate studies, as well as supporting ethics committees and authorities in fulfilling their review and supervisory obligations. ICMJE-compliant registration of planned clinical trials in the DRKS gives professionals the opportunity to publish the results of their studies in international medical journals. The data is collected in German and in English. The DRKS is an independent provider with public funding, operated by the Federal Institute for Drugs and Medical Devices (BfArM) based on the decree of the Federal Ministry of Health (BMG) dated 30/07/2017. The registration and entry of studies takes place on a voluntary basis. The use is free of charge.

The registration of studies in the DRKS is subject to application by the so-called "Study Controllers", who are responsible for collecting the data. For this purpose, the persons concerned have to create user accounts stating personal contact data (title, first name, surname, e-mail address, user name, password, telephone number, institution and if applicable street address, house number, postal code, city, country and URL of the institution).

For the WHO-compliant registration of a study, the following information must be published for each study:

• Initiator of the study (primary sponsor)
• Scientific Director (Principal Investigator)
• Contact for scientific enquiries
• Contact for general enquiries

As a primary registry reporting to the WHO, the BfArM is obliged to forward all trial data, including the personal data contained therein, to the International Clinical Trials Registry platform of the WHO.

Responding to enquiries to the DRKS involves the processing of names and contact details.

2. Legal basis for the data processing

The legal basis for the processing of personal data is consent pursuant to article 6 para. 1 sentence 1 lit. a) of the Regulation (EU) 2016/679 (GDPR). Furthermore, the legal basis for the processing of personal data is article 6 para. 1 sentence 1 lit. e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act (BDSG) in conjunction with sections 40 et seq. (in particular section 42b) of the Medicinal Products Act (AMG) in conjunction with the Decree of the Federal Ministry of Health (BMG) dated 30/07/2017.

3. Purpose of the data processing

The purpose of the processing of the personal data of the study controllers is to create an account, to authenticate and verify the person and to register studies, which involves assigning a study controller to the study as well as to contact them.

The purpose of the collection of personal data in the study registry is to fulfil the requirements of the WHO as a primary registry.

In the case of enquiries to the DRKS, the purpose of the processing of personal data in the form of names and contact details is to contact the person in question or to answer the enquiry.

4. Storage period

For the following categories of data different deletion periods have been stipulated:

• Published study data: according to no. 1.5 of the WHO's International Standards for Clinical Trial Registries, studies may never be deleted from a primary registry such as the DRKS once they have been registered.
• Personal data collected and published in the study dataset: deletion period 50 years
• Personal data of voluntary input fields or uploaded documents in the internal area of the study registration (not public): deletion period 50 years

• Personal data collected within the user account:

  • User accounts that have not been released: deletion period 1 month
  • User accounts without a registered study: deletion period 5 years
  • User accounts with at least one registered study: deletion period 50 years
• Personal data stored and displayed at the internal level by the application: deletion period 50 years
• Personal data collected within the e-mail ticket system: deletion period 5 years
• Personal data stored on the project data drive: deletion period 30 years

5. Possibility of objection and removal

Users have the possibility of revoking their consent with the processing of their data. Revocation can take place in the same way as the application, via the functional mailbox drks@bfarm.de . Revocation concerning the personal data which are recorded in the user accounts and are not accessible to the public can take place 3 months after the last registration or update applied for by this user at the earliest, since it must be possible to attribute the declarations of intent to be made in the system in the course of this process to a specific User account and thus to a specific person. The WHO requirements for recognised primary registers include the requirement that once published, the data concerning a study cannot be deleted and that all changes must be traceable through an audit trail. When a data subject files a deletion request, therefore, another contact must be provided or at least a generic telephone number and e-mail address must be provided by way of a substitute. The revocation of consent shall not affect the lawfulness of the processing hat has taken place on the basis of the consent until its revocation.

Health Data Lab (HDL)

1. Description and scope of the data processing

The Health Data Lab processes data in order to fulfil the statutory tasks according to sections 303a to 303f of the SGB V and of the Data Transparency Ordinance.

For this purpose, the HDL annually receives the billing data of holders of statutory health insurance in pseudonymised form from the German National Association of Statutory Health Insurance Funds and the RKI Trust Centre. If necessary, the pseudonymised individual datasets are made available within a secure physical or virtual environment under the control of the Health Data Lab for the performance of analyses, but are not released to the authorised users. The results of the analyses are published in aggregated form. The risk of re-identification on the basis of the aggregated results is reviewed, assesses and, if necessary, further minimised prior to release.

2. Legal basis for the data processing

The legal basis for processing the billing data is article 6 para. 1 lit. c) and e) of the GDPR in conjunction with article 9 para. 2 lit. i) and j) of the GDPR in conjunction with section 2 para. 2 of the DaTraV in conjunction with sections 303d and 303e of the SGB V.

3. Purpose of the data processing

The purpose of the processing in the Health Data Lab is to make the data accessible to the eligible persons named in section 303e para. 1 of the SGB V upon their request and for the purposes described in section 303d para. 2 of the SGB V. This can be done in an anonymised and aggregated form or, if the prerequisites of section 303e para. 4 SGB V are met, also in a pseudonymised form.

4. Storage period

The individual data records relating to the respective insurance holders are deleted after 30 years at the latest in accordance with section 303d para. 3 of the SGB V.

5. Possibility of objection and removal

There is no possibility to raise an objection against the described processing.

Microsoft Teams (MS Teams)

1. Description and scope of the data processing

The Microsoft Teams (MS Teams) platform offers various possibilities for collaboration within a hybrid working environment as well as with regard to collaboration at the European level. It offers functionalities for conducting video conferences as well as a chat function.

BfArM operates MS Teams in European data centres within the Microsoft Azure Cloud and not within its own local data centres. The data protection requirements applicable in this context were analysed and evaluated with the support of external experts as part of a data protection impact assessment (DSFA) in accordance with article 35 of the GDPR. This led to the developed and implementation of a series of technical and organisational measures in order to ensure operation of the platform is compliance with data protection requirements and, as a result, adequate protection of the employees of the BfArM and the other organisations related to it.

The following information is intended to help you understand how and to what extent your personal data is processed and stored by the BfArM and the service provider Microsoft and how you can exercise your rights as a data subject.

In the course of participation in MS Teams video conferences, the following personal data is collected and processed by the BfArM and Microsoft: First and last name, official e-mail address, organisational unit, photo of the user (if available), official telephone number, IP address, computer name, operating system, operating system version and the contents of the communication (chat messages and audio and video data). This data is used to provide the MS Teams services. The use of MS Teams also requires a personal account in the so-called Azure Active Directory. For this purpose, the Azure Active Directory is synchronised with data from the Active Directory operated locally in Bonn by the BfArM. The following personal attributes are transmitted to Microsoft: technical ID, surname and first name, job title, e-mail address, work telephone number, room number, hash (not plain text version) of the password and the date on which the password was last changed.
The BfArM has commissioned Microsoft with the data protection-compliant processing of these personal data while video conferences using the MS Team application are being conducted. Insofar as the service provider Microsoft reserves the right to process individual further data arising from the use of the services (such as the presence and absence status in relation to the MS Teams client as well as pseudonymised information on user activities) for internal purposes, it is not the BfArM who is the Controller for the purpose of data protection law, but only the service provider Microsoft. Details of this data processing and your rights can be found in Microsoft's privacy policy at https://privacy.microsoft.com/en-us/privacystatement and https://learn.microsoft.com/en-us/microsoftteams/teams-privacy.

2. Legal basis for the data processing

In addition to the necessary internal communication, the performance of the public tasks assigned to the BfArM by law is subject to extensive cooperation with other national and European authorities, commissioned service providers and other external parties. This makes participation in video conferences indispensable in today's working environment. The legal basis for the processing of the data is article 6 para. 1 sentence 1 lit. e), para. 3 of Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) in conjunction with section 3 of the BDSG. Accordingly, the processing of personal data for the performance of the tasks assigned to the BfArM in the public interest is lawful. The processing of personal data of employees in the context of the employment relationship by the BfArM is based on article 6 para. 1 sentence 1 lit. b) of the GDPR in conjunction with article 88 para. 1 of the GDPR in conjunction with section 26 of the BDSG. In test mode, data processing is furthermore based on user content within the meaning of article 49 para. 1 lit. a) of the GDPR.

For the legal basis for data processing by Microsoft, please refer to Microsoft's privacy policy at https://privacy.microsoft.com/en-us/privacystatement and https://learn.microsoft.com/en-us/microsoftteams/teams-privacy.

3. Purpose of the data processing

The data is processed to provide all employees and organisations related to the BfArM with MS Teams and thus with a platform for communication. For the purposes of data processing by Microsoft, please refer to the Microsoft Teams privacy policy at https://privacy.microsoft.com/en-us/privacystatement and https://learn.microsoft.com/en-us/microsoftteams/teams-privacy.

4. Storage period

Communication content (audio and video) in a synchronised fashion is subject to volatile processing during transmission to the participants of the video conference; neither the BfArM nor Microsoft stores this data permanently. Chat content is permanently stored in a mailbox in the Azure Cloud. Other usage-related data is deleted by Microsoft after 30 to 180 days. For information on the storage periods used by Microsoft, please refer to the Microsoft Privacy Policy at https://privacy.microsoft.com/en-us/privacystatement and https://learn.microsoft.com/en-us/microsoftteams/teams-privacy.

5. Possibility of objection and removal

Your rights as a person affected by data processing are listed in detail at the end of our Privacy Policy under the item "X. Rights of the data subject". In principle, Data Subjects are free to exercise their right to object and their right to erasure of the personal data processed. If participation in video conferences is required as part of the official duties of BfArM employees, the deletion of the personal data processed in the process is excluded for the duration of the employment relationship in accordance with article 17 para. 1 lit. a) GDPR in conjunction with section 26 para. 1 of the BDSG. The possibility of objection to the processing of such data is also ruled out against this background.

Newsletter and Press Distribution List

1. Description and scope of the data processing

Our website offers you the possibility to subscribe to various free Newsletters and to register for the Press Distribution List. First of all, the consent of the users is obtained as they register for the respective Newsletter or Press Distribution List, with reference being made to this privacy policy in this context. After that, the data entered through the entry form will be transmitted to us.
For users registering for the respective distribution lists of the BfArM, we will store the e-mail address of the respective user on a server located within Germany. We use this data exclusively for the purpose of sending the Newsletters. We do not pass on the users’ data to any third parties and we do not use it for any other purposes of our own.

After the user has registered to receive the respective Newsletter or Press Distribution List, our system generates a confirmation message which is sent to the e-mail address provided. Registration for the Newsletters is not complete until users have clicked on the link within that message. This is to ensure that the owner of the e-mail address actually wishes to receive the Newsletter or the Press Distribution List. Users have the option to unsubscribe from the respective Newsletter and the Press Distribution List at any time. The easiest way to do this is to use the corresponding link at the end of each message. Clicking the link removes the entered e-mail address from the list of recipients.

2. Legal basis for data processing

The legal basis for the processing of data after registration of the users for the respective Newsletter or the Press Distribution List is article 6 para. 1 lit. a) GDPR if the users have given their consent.

3. Purpose of the data processing

The purpose of the collection of the users' e-mail address is to deliver the Newsletter or Press Releases.

4. Storage period

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s e-mail address is stored accordingly as long as the subscription to the respective Newsletter or Press Distribution List is active.

5. Possibility of objection and removal

The subscription to the respective Newsletter or Press Distribution List can be cancelled by the users concerned at any time. The easiest way to do this is to enter the email address used for the subscription in the cancellation form on our website. This will remove the e-mail address from the list of recipients. A link to this input mask is also included in each message.

Object Identifier (OID) Registry Health Care Germany

1. Description and scope of the data processing

The BfArM is responsible for the allocation of object identification numbers (OID) for the health care system in Germany, which support the unique assignment of electronic objects and the exchange of object data to ensure the interoperability of data in the German health care system. Object identifiers are assigned to organisations in Germany as well as to identification mechanisms, coding systems, documents, templates and ValueSets that are mainly used within the health sector in Germany.

The registry is divided into a password protected area for the submission of initial applications and change requests through online forms as well as of a mailbox for the exchange of queries (application portal), a public research functionality for the OID registry for released and formerly active objects (publication of data of the OID registry and public search) as well as an internal processing component.

Application Portal: The application portal can be used for submitting an online application for the assignment of an OID to the BfArM or for requesting an amendment of the data available in the OID registry. Accessing the application templates requires registration with an e-mail address and a password of your choice. The purpose of the registration is to achieve data economy within the meaning of the GDPR, as all further processes and data transfers between the processing team and the applicant are carried out within the application for further processing.

After registration, an initial application can be completed or amendments to the existing data can be submitted via template. Prior to submitting any application data, you will be made aware of this privacy policy and will be required to accept our terms of use. The data from the input mask is then transferred to the processing system. The users' e-mail addresses and the data collected in the applications are stored on an internal server. The personal data may be used by the processing team for contacting the person concerned by telephone. Applicants may agree to have the contact details of the applicant and the responsible contact person published on the official pages of the OID Registry.

Publication of data from the OID registry and public research: The purpose of object identifiers is the unique assignment of electronic objects. In order to interpret an OID correctly, object meta data must be publicly available. The information on object identification numbers is therefore searchable via a public register. Meta data on OIDs are published when outputting documents. These include the symbolic name, the ASN1 notation, a description of the object in German and English, links, relationships to other objects, information on the responsible organisation and, if applicable, the applicant organisation as well as - if requested by applicants or contact persons - the responsible contact person and the applicant person.

2. Legal basis for the data processing

The structure of the OID Registry Health Care Germany and the allocation of object identification numbers for the German health care system is based on a decree of the Federal Ministry of Health dated 21/12/2005 (AZ Z25-133000/05). The legal basis for the processing of data collected in the context of a registration as well as within the context of recording an initial application for the allocation of an OID or within the context of applying for the amendment of existing data is the consent of the users pursuant to article 6 para. 1 lit. a) of the GDPR.

3. Purpose of the data processing

The purpose of the collection of the user’s e-mail address during a simple registration process is to transmit application data within a protected system and to exchange queries about the application data between the controller and the user. In the case of an initial application, data on the contact person and the responsible person are recorded to enable contact in the event of queries. Applicants can decide whether they want to publish the contact details of the applicant and the responsible contact person on the public pages of the OID Registry. Electronic confirmation that an application has been received for processing, as well as confirmation of the allocation of an OID, will be sent to both the e-mail address provided for registration and the contact e-mail addresses provided on the form.

4. Storage period

A published OID must be traceable at all times, even after its useful life has finished. Data describing an object are therefore not automatically deleted from the OID registry after a period of time.
Data that is no longer actively used can be set to the "Retired" status. Information that an OID is no longer in active use (e.g. when a merger takes place or an organisation ceases to exist) is received via oid-registratur@bfarm.de . If registration data should be deleted or contact data of the applicant and the responsible contact person should no longer be displayed on the public pages of the OID registry, the processing team will also accept this via a notification in the application system or at oid-registratur@bfarm.de .

5. Possibility of objection and removal

Consent to the publication of contact details can be revoked at any time. All you need to do is send an e-mail to oid-registratur@bfarm.de . The revocation of consent shall not affect the lawfulness of the processing of your data that has taken place on the basis of that consent until its revocation. If data in the OID registry is not (or no longer) correct or up-to-date, or if errors are discovered, users have the option of submitting a change request through the application at any time. Alternatively, notification to the editing team is possible oid-registratur@bfarm.de .

Sperm Donor Registry

1. Description and scope of the data processing

In accordance with its legal mandate, the Sperm Donor Registry processes data of sperm donors, recipients of sperm donations, donor children, parents of donor children, employees of medical care facilities (also referred to as EMVs) and sperm collection facilities (also referred to as EE).

After a birth in which heterologous semen was used, health care facilities are under an obligation to transmit the personal data of the recipient of the sperm donation to the BfArM (1).

A collection facility is under the obligation to provide the BfArM with the personal data of the sperm donor as well as with any further (voluntary) information of the sperm donor upon the latter’s request (2).

The BfArM stores the names and official contact details of at least one employee of medical care facilities and collection facilities as part of the electronic registration (3).

In addition to the website, which exists purely for informative purposes, the BfArM offers further services such as applications for donor children, parents of donor children, recipients of sperm donation and sperm donors (4).

2. Legal basis for the data processing

The processing of the personal data takes places on the following legal bases:

(1) Transmission of the data of the recipient of the sperm donation:
sections 6 para. 1, 5 para. 2 of the SaRegG in conjunction with article 6 para. 1 lit. c) of the GDPR.

(2) Transmission of the sperm donor's data:
sections 7 para. 2, 2 para. 2 sentence 1, para. 3 sentence 1 of the SaRegG in conjunction with article 6 para. 1 lit. c) of the GDPR.

(3) User accounts for medical care facilities and sperm collection facilities:
sections 6 para. 5 sentence 2, 7 para. 1 of the SaRegG in conjunction with article 6 para. 1 lit. c) of the GDPR.

(4) Applications for donor children, parents of donor children, recipients of sperm donation and sperm donors:
sections 10, 11 of the SaRegG in conjunction with article 6 para. 1 lit. c) of the GDPR.

3. Purpose of the processing

(1) Storage of the personal data of the recipient of the sperm donation in the Sperm Donor Registry:
After the birth, the medical care facilities transmit the data of the recipient (mother) and the date of birth of the child or children to the BfArM. This data is entered into the Recipient Registry of the Sperm Donor Registry of the BfArM.

(2) Storage of the sperm donor's personal data in the Sperm Donor Registry: At the request of the BfArM, the sperm collection facilities shall transmit the sperm donor's data to the BfArM. This data is entered into the Donor Registry of the Sperm Donor Registry of the BfArM.

(3) Registration of medical care facilities and collection facilities to participate in the electronic reporting procedure:
In order to be able to electronically transmit the data of the recipients and the data of the sperm donors to the BfArM, medical care facilities and sperm collection facilities must first register with the BfArM by providing the contact details of one of their employees and an X.509 certificate related to this contact person.

(4) Request for information (donor children, parents of donor children) and request for information and rectification (recipients of sperm donation and sperm donors):
A person who suspects that they have conceived through the heterologous use of semen in medically assisted artificial insemination is entitled to information from the Sperm Donor Registry from the BfArM. After reaching the age of 16, the person can only make this claim themselves. Parents can assert the right to information on behalf of their child within the framework of exercising parental care. The BfArM uses the personal data transmitted in the context of such applications exclusively for processing the application.

4. Storage period

(1) The data of the recipient of the sperm donation and the sperm donor to be transmitted pursuant to section 6 of the SaRegG shall be stored in the Sperm Donor Registry for a period of 110 years. After expiry of the retention period, the data is deleted. The data is deleted immediately as soon a the BfArM becomes aware that the heterologous use of semen for medically assisted artificial insemination has not resulted in the birth of a child. If the BfArM is informed by the collection facility of the revocation of the sperm donor's consent to the further storage of information provided on a voluntary basis, this data will be deleted from the Sperm Donor Registry without delay.

(2) Personal data of employees for the registration of medical care facilities and sperm collection facilities to the Sperm Donor Registry shall be deleted as soon as they are no longer required to fulfil the purpose for which they were stored. This deadline is reached at the latest when the validity of the transmitted personal certificate has expired.

(3) Personal data for a request for information (donor children, parents of donor children) or personal data for requests for information and rectification (recipients of sperm donations and sperm donors) are deleted as soon as they are no longer required to fulfil the request.

5. Possibility of objection and removal

(1) If the heterologous use of sperm for medically assisted artificial insemination has not resulted in the birth of a child, the recipient of the sperm donation has a claim against the BfArM for the deletion of the data stored about her in accordance with section 5 para. 2 and 3.

(2) Consent to the storage of information provided by the sperm donor on a voluntary basis in accordance with section 2 para. 3 of the SaRegG may be revoked at any time in writing or by e-mail to samenspenderinformationen@bfarm.de vis-à-vis the collection centre or the BfArM.

6. Right to access and rectification

Without prejudice to other rights, the following special features apply to the Sperm Donor Registry:

1) Pursuant to section 11 para. 1 of the SaRegG, the sperm donor has a right of access and a right to correction vis-à-vis the BfArM only with regard to their data stored in the Sperm Donor Registry pursuant to section 2 para. 2 sentence 1 of the SaRegG and section 3 sentence 1 of the SaRegG.

(2) Pursuant to section 11 para. 2 of the SaRegG, the recipient of the sperm donation has a right of access and a right to rectification vis-à-vis the BfArM only with regard to her data stored pursuant to section 5 para. 2 sentence 1, para. 3 to 5.

Events

1. Description and scope of the data processing

On our website it is possible to register for BfArM events (e.g. BfArM in Dialogue). Registering for a BfArM event requires your address and contact details. The data entered through the registration form will be transmitted to us and processed here accordingly. Paid event additionally require the processing of payment information.

2. Legal basis for the data processing

The legal basis for the processing of data after a user has registered for an event is the consent of the user as per article 6 para. 1 lit. a) of the GDPR. Insofar as the event is a paid event and as such requires the processing of payment data, the legal basis is article 6 para. 1 lit. c) of the GDPR in conjunction with the relevant provisions of tax law, in particular section 147 para. 3 of the Fiscal Code (AO).

3. Purpose of the data processing

We use the address and contact details you provide to us via the registration form solely for the purpose of contacting you and processing your registration for the respective event and, if necessary, for printing out name badges, confirmations of participation, lists of participants or certificates. For events which are paid events, we also require your data for the purpose of order and payment processing, for which purpose we pass on your payment data to the relevant federal treasury.

4. Storage period

For events which are not paid events, your personal data will be deleted as soon as the data is no longer required to fulfil the purpose for which it was stored, which means that as a rule, it will be deleted after the end of the event or at the latest after the certificates have been sent to the participants. For events which are paid events, we are under an obligation to store your address and payment data for a period of ten years by virtue of tax law.

5. Possibility of objection and removal

You have the right to withdraw your consent at any time. The revocation of consent shall not affect the lawfulness of the processing of your data that has taken place on the basis of that consent until its revocation. If, on the other hand, payment information has to be processed in connection with an event which is a paid event, the possibility to object does not exist.

VIII. Notes on the use of social media

The BfArM takes the current discussion about data protection in social networks very seriously. It is currently not finally clarified in legal terms whether and to what extent all networks offer their services in compliance with European data protection regulations.

We therefore expressly draw attention to the fact that the X (formerly Twitter) service used by the BfArM stores user data (e.g. personal information, IP address) in accordance with the data usage guidelines used there and uses it for commercial purposes. It is impossible for us recognise to which extent and for how long the data is stored.

The BfArM has no influence on the collection of data and its further use by the social networks. For instance, we were unable to ascertain the extent, the location and duration of the storage of the data, the extent to which the networks are in compliance with their existing deletion obligations, the evaluations and linking performed using the data and the individuals or legal persons to whom the data is passed on.

IX. Web analysis by means of Matomo

1. Scope of the processing of personal data

We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of users. We operate Matomo without the use of cookies. Calling up individual pages of our website triggers the storage of the following data:

• Two bytes of the IP address of the calling system of the user.
• The web page called up
• The website from which the user was directed to the website called up (referrer)
• The sub-pages which are called up up from the website called up
• The time the user spent on the website
• The frequency of access to the website

In this context, the software runs exclusively on the servers of our website. The data of the users is stored exclusively on these servers and will not be passed on to any third parties.

2. Legal basis for the processing of personal data

The legal basis for the processing of the aforementioned data is article 6 para. 1 lit. e) of the GDPR in conjunction with section 1 para. 1 and 3, section 4 para. 1 and 4 of the BGA NachfG in conjunction with section 77 para. 1 of the AMG.

3. Purpose of the data processing

The processing of the aforementioned data enables us to analyse the surfing behaviour of the users. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website, which allows us to constantly improve our website in terms of user friendliness. Anonymising the IP address sufficiently takes account of the users’ interest in the protection of their personal data.

4. Storage period

The anonymous log data is deleted as soon as it is no longer required for our recording purposes, which is the case after 30 days. Only the reports generated from this data are subject to subsequent processing.

X. Rights of the Data Subject

Processing the personal data of the users makes these users into data subjects within the meaning of the GDPR. Users of our website therefore have the following rights vis-à-vis the BfArM in the capacity as a controller.

These data subject rights can be asserted in several ways. You are welcome to contact us by letter, telephone, e-mail, De-Mail, beBPo or via the Federal Portal (Bundesportal), addresses above under I. and II.

1. Right of access to personal data

Users have the right to ask us, as the controller, for confirmation as to whether personal data relating to them are being processed by us.

If such processing is taking place, users have the right to request the following information from the controller:

• the purposes for which the personal data are processed;
• the categories of personal data which are processed;
• the recipients or categories of recipients to whom the personal data concerning them have been (or will be) disclosed;
• the planned storage period of the personal data relating to the users or, if specific information on this cannot be obtained, the criteria for determining the storage period;
• the existence of a right of rectification or erasure of personal data concerning the users, a right to restriction of processing by the controller or a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• any available information on the origin of the data if the personal data are not directly collected from the data subject;
• whether any automated decision-making processes - including profiling - within the meaning of article 22 para. 1 and 4 of the GDPR are involved and, at least in those cases, any useful information on the logic involved as well as on the scope and intended effects of such processing for the data subject.

Users have the right to request information as to whether any personal data concerning them is transferred to any third countries or international organisations. In this context, they may request to be informed about the appropriate safeguards as per article 46 of the GDPR in relation to the transfer.

This right of access may be restricted to the extent that it is likely to render impossible or seriously interfere with the achievement of the research or statistical purposes and insofar as the restriction is necessary for the fulfilment of the research or statistical purposes.

2. Right of rectification

Users have a right of rectification and/or completion vis-à-vis the controller if the processed personal data concerning them are inaccurate or incomplete. The controller is under an obligation to rectify the data immediately.

The right of rectification may be restricted to the extent that it is likely to render impossible or seriously interfere with the achievement of the research or statistical purposes and insofar as the restriction is necessary for the fulfilment of the research or statistical purposes.

3. The right to restrict the processing

Users have a right to request the restriction of the processing of personal data concerning them under the following conditions:

• where users contest the accuracy of the personal data concerning them for a period enabling the controller to verify the accuracy of the personal data;
• where the processing is unlawful and you object to the erasure of the personal data and instead ask for a restriction of the use of the personal data;
• where the controller no longer needs the personal data for the purposes of processing, but the users need them for purposes such as the assertion, exercise or defence of legal claims, or
• where users have objected to the processing pursuant to article 21 para. 1 of the GDPR and it is not yet clear whether the legitimate grounds of the controller override the grounds that they have invoked.

Where the processing of personal data relating to users has been restricted, it shall be permitted to process these data (excepting their storage) only with the consent of the users or for the establishment, the exercise or the defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest as far as the Union or a Member State is concerned.

If the right to have the processing of the data restricted is limited in accordance with the aforementioned conditions, users shall be informed by the controller prior to the restriction being lifted.

The right of users to restrict the processing of their data may, in turn, be restricted to the extent that it is likely to render impossible or seriously interfere with the achievement of the research or statistical purposes and insofar as the restriction is necessary for the fulfilment of the research or statistical purposes.

4. Right of erasure

1. Obligation of erasure
   Users have the right to ask the controller for the immediate deletion of personal data concerning them and the controller is under an obligation to delete such data immediately if one of the following conditions is met:

   • The personal data concerning the user are no longer necessary for the purposes for which they were collected or otherwise processed.
   • Users withdraw their consent on which the processing was based pursuant to article 6 para. 1 lit. a) or article 9 para. 2 lit. a) of the GDPR and no other legal basis for the processing exists.
   • Users object to the processing pursuant to article 21 para. 1 of the GDPR and there are no overriding legitimate grounds for the processing or they object to the processing pursuant to article 21 para. 2 of the GDPR.
   • The processing of the personal data of the user was unlawful.
   • The deletion of the personal data concerning the user is necessary for compliance with a legal obligation under Union or Member State legislation to which the controller is subject.
   • The personal data concerning the user have been collected in relation to information society services provided pursuant to article 8 para. 1 of the GDPR.
2. Provision of information to third parties
   If the controller has made the personal data concerning the data subject publicly available and is under an obligation to erase them pursuant to article 17 para. 1 of the GDPR, the controller shall take reasonable steps, including technical measures - having regard to the available technology and the cost of implementation - to inform controllers processing the personal data that data subjects have requested erasure of any links to, or any copies or replications of those personal data.
   
   

3. Exceptions
   The right to erasure does not exist insofar as the processing is necessary

   • for the exercise of the right of free speech and information;
   • for compliance with a legal obligation which requires processing under Union or Member State legislation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of the official authority vested in the controller;
   • for reasons of public interest in the field of public health pursuant to article 9 para. 2 lit. h) and i) and article 9 para. 3 of the GDPR;
   • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to article 89 para. 1 of the GDPR, where the right referred to under lit. a) is likely to render impossible or seriously interfere with the achievement of the purposes of such processing, or
   • for the assertion, exercise or defence of legal claims.

5. Right to be informed

Where users have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the latter shall be obliged to inform all recipients to which the personal data concerning them have been disclosed of this rectification or erasure, unless this proves to be impossible or would involve undue hardship. Users have the right to be informed of the existence of these recipients by the controller.

6. Right to data portability

Users have the right to receive the personal data concerning them that they have provided to the controller in a structured, commonly used and machine-readable format. In addition, users have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, insofar as

• the processing is based on consent pursuant to article 6 para. 1 lit. a) of the GDPR or article 9 para. 2 lit. a) of the GDPR or on a contract within the meaning of article 6 para. 1 lit. b) of the GDPR; and
• the processing is carried out with the aid of automated procedures.

In exercising this right, users also have the right to have personal data relating to them transferred directly from one controller to another controller to the extent this is technically feasible. This must not interfere with the freedoms and rights of other persons. The right to data portability shall not apply if the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

Users have the right to object, on grounds relating to their particular situation, at any time to the processing of the personal data relating to them, which is based on article 6 para. 1 lit. e) GDPR, including to profiling based on those provisions.

The controller shall no longer process the personal data of the user, unless they can prove the existence of compelling legitimate grounds for the processing which override their interests, rights and freedom, or for the establishment, exercise or defence of legal claims.

Users shall have the option of exercising their right to object in relation to the services provided by an information society by means of automated procedures using particular technical specifications, Directive 2002/58/EC notwithstanding.

Users also have the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out for scientific or historical research purposes or for statistical purposes pursuant to article 89 para. 1 of the GDPR.

The users’ right of objection may be restricted to the extent that it is likely to render impossible or seriously interfere with the realisation of the research or statistical purposes and insofar as the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to revoke the declaration of consent under data protection law

Users shall have the right to revoke their declaration of consent under data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing that has taken place on the basis of the consent until its revocation.

9. Automated individual decision-making, including profiling

Users shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This shall not apply if the decision:

• is necessary for entering into, or performance of, a contract between the user and the controller,
• is authorised by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms of users and their legitimate interests or
• is based on the user’s explicit consent.

However, such decisions shall not be based on special categories of personal data within the meaning of article 9 para. 1 of the GDPR, unless article 9 para. 2 lit. a) or g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and legitimate interests of users.

With regard to the cases referred to in a) and c), the controller shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the users, including at least the right to obtain the intervention of a person on the part of the controller, to express their point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, users shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or the place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under article 78 GDPR.