You are logged in! You are in the online counselling service logged in! Logout

Attention

You have been inactive for a long time. Therefore, for your own safety, we will end the session shortly. Logout
Language:
Listen

Data protection declaration

The protection of your personal data when you visit our website is very important to us. We do not collect more personal data than absolutely necessary. Your data is protected under law.

The Federal Centre for Health Education has taken technical and organisational measures to ensure that data protection regulations are observed.

The use of contact data published on our website by third parties for the purpose of sending unsolicited advertisement and informational materials is hereby expressly prohibited. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information. 

I. Name and address of the responsible entity 

The responsible entity within the meaning of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is:

Bundeszentrale für gesundheitliche Aufklärung (BZgA)Maarweg 149 - 161
50825 Cologne
Germany
Tel.: 0221-8992-0
Email: poststelle@bzga.de
Website: www.bzga.de

II. Contact details of the data protection officer

The contact details of the data protection officer of the BZgA are:

Bundeszentrale für gesundheitliche Aufklärung - Datenschutzbeauftragter
Maarweg 149 - 161
50825 Köln
Germany
Tel.: +49 (0)221-8992-0
Email: datenschutzbeauftragter@bzga.de 

III. General information about data processing

1. Scope of personal data processing

As a matter of principle, we only collect and use the personal data of our users to the extent necessary to provide a functioning website as well as our content and services. The personal data of our users is only collected and used with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

In as far as we seek the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as a legal basis for the processing of personal data.

In the processing of personal data that is required to fulfil a contract whose contracting party is the data subject, Article 6(1)(b) of the GDPR serves as a legal basis. This also applies to processing required to implement pre-contractual measures.

In as far as the processing of personal data is required to comply with a legal obligation our authority is subject to, Article 6 (1)(c) of the GDPR serves as a legal basis.

If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible entity or if it is necessary for the performance of a task of the responsible entity or in the exercise of official authority vested in the responsible entity, Article 6(1)(f) of the GDPR serves as a legal basis for the data processing.

3. Data deletion and storage duration

The personal data of the data subject is deleted or blocked as soon as the purpose of the storage ceases to apply. Furthermore, data may be stored if this is laid down by the European or national legislators in EU regulations, laws or other rules the responsible entity is subject to. The data is also blocked or deleted if a data retention period stipulated by the mentioned standards expires, unless there is a requirement for further storage of the data for the purpose of contract conclusion or contract performance.

IV. Provision of the website and creation of log file

1. Description and scope of data processing

Whenever our website is accessed, our system automatically collects data and information from the computer system of the requesting computer. In that case, the following data is collected:

  • Browser type and version
  • Operating system used
  • Website from which you visit us (referrer URL)
  • Pages and files you access on our website
  • If applicable, the website you visit after ours (when clicking on an external link on our website)
  • Date and time of your access
  • The Internet Protocol (IP) address, shortened and anonymise

The data is stored in the log files of our system. This data is not stored together with any personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6(1)(f) of the GDPR in conjunction with Section 3 of the BDSG.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this to happen, the IP address of the user must remain stored for the duration of the session.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose of its collection. With regard to data collection for the provision of the website, this is the case when the session has ended.

With regard to the storage of data in log files, this is the case after no later than fourteen days. The data can no longer be stored after that time. The IP addresses of the users are anonymised during the writing of the log files, which means the accessing client can no longer be identified.

5. Possibility of appeal and elimination

The collection of data for the provision of the website and the storage of the data in log files is essential for the running of the website.

V. Use of cookies

1. Description and scope of data processing

Some elements of our website require for the calling browser to be identified even after a page change. We use cookies for this purpose to ensure the basic functionality of our website and to make the website more user-friendly (technically necessary cookies).

Where necessary, we ask you for permission to set further cookies (cookies requiring consent).

Cookies are text files which are stored in the internet browser or by the internet browser on the computer system of the user. When a user visits a website, a cookie may be stored in the user's operating system. This cookie contains a string of characters that enables the browser to be identified uniquely when the website is accessed again.

If we want to set one or more cookies that require your consent, you will be informed about the number, type and purpose of these cookies when you first visit our website and asked to consent to their use. For this purpose, an information text is displayed at the beginning or at the end of the browser window ("cookie notice"). This notice remains displayed until you have accepted or rejected the cookies.

No cookie notice is displayed if only technically necessary cookies are used.

If the acceptance of cookies is activated in your browser (e.g. Internet Explorer, Mozilla, Opera), the following cookies are stored by our website.

Technically necessary cookies:

  • 1 Cookie to store web tracking consent or rejection
  • 1 Cookie when using the online ordering system to store items in the shopping cart
  • 1 Cookie when registering in a login area

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6(1)(f) of the GDPR for cookies requiring consent and if the user has given their consent, and Article 6(1)(f) of the GDPR in conjunction with Section 3 of the BDSG (data protection act) for technically necessary cookies.

3. Purpose of data processing

The purpose of the use of technically necessary cookies is to make it easier for users to use websites and to ensure their basic functions. Some features of our website are not available without the use of cookies. For this it is necessary that the browser is recognised even after a page change.

The analysis cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used, which allows us to continually improve our offerings.

For optimisation purposes, the BZgA (Federal Centre for Health Education) uses the Matomo web analysis tool, which runs on our own server. Matomo is used in accordance with the recommendations of the Independent Centre for Data Protection Schleswig-Holstein (ULD). Matomo immediately anonymises IP addresses, which means visitors cannot be identified. The anonymous statistical data is stored separately from any personal data you may have provided, which means it is not possible to use it to identify individuals.

4. Duration of storage, possibility of appeal and elimination

Cookies are stored on the user's computer and transmitted to our website by it. You as a user and therefore have full control over the use of cookies. By changing the settings in your internet browser you can disable or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be automated.

Storage duration of the cookies:

  • Cookie when using the online ordering system: no more than 24 hours
  • Cookie when registering in a login area: until the browser is closed (session cookie)

You can delete all cookies manually or configure the browser such that all cookies are automatically deleted after the end of a session.

If technically necessary cookies are disabled for our website, you may not be able to use all the features of the website.

VI. Web tracking / web analysis

1. Description and scope of data processing

For optimisation purposes, the BzgA (Federal Centre for Health Education) uses the Matomo web analysis tool (formerly Piwik). We use Matomo without tracking cookies. We have deactivated the use of tracking cookies provided for in the basic configuration of Matomo to make the process particularly data protection-friendly.

The following data is stored:

  • 1 Byte of the IP address of the system the user uses to access the website
  • Time and duration of the visit

  • Pages and files accessed during the visit

  • The website from which the user accessed the website (referrer)

  • Search terms used by users to access the website and search terms used in internal searches

  • The accessing of external websites that are called up via links on our site

  • System information of the users (operating system, browser, browser language, device type, screen resolution)

Matomo runs exclusively on our own servers. The collected data of a website visit is only stored there. Matomo immediately anonymises 

IP addresses, which means visitors cannot be identified. The anonymous statistical data is stored separately from any personal data you may have provided on the website, which means it is not possible to use it to identify individuals.

2. Legal basis for data processing

The legal basis for data processing of the aforementioned data is Article 6(1)(e) of the GDPR in conjunction with Section 3 of the BDSG (data protection act).

3. Purpose of data processing

The processing of the aforementioned data enables us to analyse the surfing behaviour of users of our website. By evaluating the obtained data, we are able to collect information about the use of the individual components of our website. This allows us to continuously improve the content and user-friendliness of our website, so that users can access the information they need quickly and efficiently. The need for the website to be designed in line with these requirements is also based on the obligation to use budget funds economically for public bodies within the scope of their statutory duties. The interest of users in the protection of their personal data is sufficiently taken into account by anonymising the IP address.

4. Duration of storage

The anonymous log data is deleted as soon as it is no longer required for our record-keeping purposes. This is the case after 90 days. After that time, only the reports created from them are processed.

5. Possibility of appeal and elimination

You have the option to object to the logging of your visit for analysis purposes (opt-out option). When you opt out a cookie is set in your browser, which signals to our system not to store the data of your visit to our website (see the list in Section VI 1.):

You disabled the Matomo-Tracking.

You accepted the Matomo-Verification.

In addition, the "Do not track" function is activated in the Matomo installation of the BZgA.
If your browser supports this function and you have activated the function in the browser settings, Matomo does not automatically collect any data.

VII. Media orders

1. Description and scope of data processing

If you would like to order information materials, we ask you to provide certain personal data. This may include your company name, first name and surname, address, email address and, if necessary, your telephone number. You must be authorised to provide this personal data. We expressly point out that an order in someone else's name, without the knowledge of the recipient, is not permitted. This violates our ordering terms and conditions and constitutes misuse of our ordering system.

2. Legal basis for data processing

The legal basis for data processing is its necessity for the fulfilment of the contract concluded through the ordering process pursuant to Article 6(1)(b) of the GDPR.

3. Purpose of data processing

The data is stored and used for the purposes associated with the processing of media orders. In the event of misuse of our ordering system, we will use the data to prevent further cases of misuse and for the clarification of these cases.

In the case of orders of the information materials on offer, your personal data will be used within the BZgA and by the company commissioned to send the media (PVS DVG - Vertriebsgesellschaft GmbH, Birkenmaarstraße 8, 53340 Meckenheim). The data will not be passed on to other third parties without your consent. We have taken appropriate technical and organisational measures to ensure that the data protection directives are observed by us as well as by external service providers.

4. Duration of storage

The personal data provided for the purpose of ordering media will be stored for a period of 3 months after the completion of the order process (i.e. after full delivery and, where applicable, after payment has been made in full). We do this so that we are able to answer queries about the orders. After this period, the personal data will be deleted.

5. Possibility of appeal and elimination

The processing of the data is essential for the fulfilment of the contract in connection with the ordering process.

VIII. Newsletter order

1. Description and scope of data processing

If you would like to receive BZgA newsletters (e.g. the newsletter for professionals), we ask you to provide us with your email address. Your consent to the processing of the data is obtained and this data protection declaration is referred to during the registration process. Shipping is partially handled by two service providers (d-SIRE GmbH & Co. KG and one other), which are commissioned by us with shipping and support of this website. The service provider is bound by data protection regulations and will not use or pass on your data in an unauthorised manner.

2. Legal basis for data processing

The newsletter is sent out when the user has registered for it on the website. The legal basis for the processing of personal data after newsletter registration is, provided the user has given their consent, Article 6(1) (a) of the GDPR. 

3. Purpose of data processing

The purpose of collecting the users' data is to deliver the newsletter.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose of its collection. The user’s email address is stored for as long as the user has an active newsletter subscription.

5. Possibility of appeal and elimination

The user can unsubscribe from the newsletter at any time.. Each newsletter therefore contains an unsubscribe link. Alternatively, you can send an email directly to info@liebesleben.de. When the user unsubscribes, the personal data will be deleted immediately. 

IX. Individual services / login areas

Includes the following individual services

  • Forums

  • Chats

  • Other individual login areas

  • Contact forms

  • Online counselling on HIV and STDs

  • Online counselling on protecting yourself against conversion therapy

  • Safer-Sex Check

  • Feedback module

1. Description and scope of data processing

If you wish to register for other individual services (forums, chats, online counselling, member areas, etc.), we ask you to provide certain personal data. In each case, the BZgA requires the data requested in order to provide you with the relevant application or service. Depending on the application or service you need, data such as title, surname and first name, address and email address are collected. For the online counselling, special categories of personal data (health data) are also collected on a voluntary basis. However, this health data is processed anonymously, i.e., it cannot be used to identify an individual.

In connection with online counselling for protection against conversion therapy, data is collected and stored in a database for the purpose of the legally required evaluation. However, this data is also processed anonymously, i.e., it cannot be used to identify an individual.

Your consent to the processing of the data is obtained and this data protection declaration is referred to during the registration process.

If you send an inquiry to the BZgA via the contact form or by email, your data will be exclusively used to correspond with you.

The Safer-Sex Check of LIEBESLEBEN is completely anonymous. The information provided cannot be used to identify an individual.

No personal data is processed in connection with the feedback module on the website. If you click on the feedback module, your use of the module cannot identify you individually and is therefore anonymous.

2. Legal basis for data processing

The user can use the individual services / login area because they registered for it on the website. The legal basis for the processing of personal data after registration for the individual services / login areas by the users is Article 6(1)(a) of the GDPR, provided the user has given their consent; with regard to the online counselling, the legal basis is Article 9(2)(a) of the GDPR, provided consent has been given.

3. Purpose of data processing

The purpose of collecting user data is to enable users to use the individual services / login areas.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose of its collection. The personal data provided for the use of the individual services / login areas will be stored until the user unsubscribes from the respective service or revokes their consent. An exception is the personal data provided for the online counselling services, which are automatically deleted after one year of user inactivity.

5. Possibility of appeal and elimination

Users can unsubscribe from the individual services / login areas at any time. Users can unsubscribe using the unsubscribe function, if there is one, in the login area or by sending an email to info@liebesleben.de. When the user unsubscribes, the personal data will be deleted immediately.

X. Integration of services and third-party content

Our online services include content and services from third-party providers.

This always means that the third-party provider of this content becomes aware of the IP address of the users, because without the IP address they would not be able to send content to their browser. This means that the IP address is required to display this content. We endeavour to only use content where the respective provider only uses the IP address to deliver their content. Furthermore, third-party providers can use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical and marketing purposes. These “pixel tags” enable the analysis of information, such as visitor traffic on the pages of this website. The pseudonymous information may be stored in cookies on the users' device. For the purpose and scope of data collection by third-party providers as well as its further processing and use there, please refer to the data protection declaration of the respective provider.

The following third-party services or content are used:

Google Maps

We integrate the maps of the Google Maps service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data protection declaration: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated.

YouTube

Videos of the YouTube platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data protection declaration: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated.

Dialogfeed

We integrate social walls of the provider Dialogfeed, HQ Belgium: Costation, 5 place Sainte Gudule 1000 Brussels.
Data protection declaration: https://www.dialogfeed.com/privacy-policy/

XI. Social networks
 

The online social networking platforms are a great way for a federal agency to communicate and network with its citizens and to be close to them. For this reason, the BZgA has set up its own Facebook, Instagram, Twitter, Google+ and YouTube accounts. You can find out about our work and talk to us on these platform.

We would like to take this opportunity to point out that the terms of use of the services mentioned above and their operators are not under the control of the BZgA.

We will always handle your data carefully on these platforms as well, but we are not liable for the behaviour of their operators or third parties.

Social media services are often multi-level provider relationships where the information or communication service is offered on a platform provided by third parties and where user data is processed as part of the platform operators' own business purposes. This makes social media services difficult to understand from a user perspective and often problematic from a legal perspective, especially with regard to who is responsible for what.

Please note that user data may be processed for market research and advertising purposes in the context of the use of social networks and platforms. It is possible to create user profiles based on the behaviour of users. On the basis of such user profiles, advertisements can be placed on the social networks or platforms, but also where applicable on third-party sites. Cookies are often placed on users' computers for this purpose. These cookies record user behaviour and interests. The BZgA has no influence on the data collection and its further use by the social networks. The BZgA does not know to what extent, where and for how long the data is stored, to what extent the networks comply with deletion obligations, how the data is analysed or linked and who they pass the data on to.

The BZgA takes the discussion about data protection within social networks very seriously. We are following the debate and the audits by the relevant authorities and are continuously monitoring ourselves to ensure that we can continue to operate our social media accounts under the current data protection conditions.

For the time being, we ask you to carefully check what personal data you want to disclose as a user of social media. Please also make sure that you regularly check your social network privacy settings.

The processing of personal data is based on Article 6(1)(e) of the GDPR in conjunction with Section 3 of the BDSG (Data Protection Act). Article 6(1)(a) of the GDPR may also be relevant as a basis for data processing if a user has consented to the processing of data by a provider of a social network or platform.

Detailed information about data processing within social networks or on platforms is provided by the providers of the networks and platforms. This includes providing regular information about the option to object to certain data processing operations, the so-called opt-out option. In the case of requests for information and the assertion of user rights, these are probably easiest to assert with the respective providers, as they have access to the user data and, in addition to providing information, can also take immediate action.

Please note the following provider information:

The BZgA takes the discussion about data protection within social networks very seriously. We are following the debate and the audits by the relevant authorities and are continuously monitoring ourselves to ensure that we can continue to operate our social media accounts under the current data protection conditions.

For the time being, we ask you to carefully check what personal data you want to disclose as a user of social media. Please also make sure that you regularly check your social network privacy settings.

The BZgA uses so-called social plugins (e.g. "Like" button, "Tweet" button or others) on some internet pages, which can be used to share content via social networks. The BZgA uses certain methods to protect your privacy that prevent data transmission to the providers of the social networks when you access our pages. Data is only transmitted when a plugin is clicked on.

XII. Rights of the data subject

We are happy to inform you about your rights under the GDPR as a "data subject". You have the following rights with regard to the personal data concerning you:

  • Right to access information (Article 15(1, 2) of the GDPR)

  • Right to data correction (Article 16 of the GDPR) or deletion (Article 17 of the GDPR)

  • Right to restrict data processing ("blocking“), Article 18 of the GDPR)

  • Right to data portability (Article 20 of the GDPR)

  • Right to object to data processing (Article 21 of the GDPR)

  • Right of withdrawal (Article 7(3) of the GDPR)

  • Right of appeal to a supervisory authority (Article 77 of the GDPR)

In addition, we summarise key points of the rights of the data subject under the GDPR for you below; this presentation does not claim to be complete, but merely addresses the main features of the rights of the data subject under the GDPR:

1. Right to information

You can request a confirmation from the responsible entity about whether your personal data is processed by us. If data is processed, you can request the following information from the responsible entity:

  • The purposes for which the personal data is processed;

  • the categories for which the  personal data is processed;

  • the recipients or categories of recipients to whom the relevant personal data was disclosed or will be disclosed;

  • the planned duration of storage of your personal data or, if no specific information can be provided, criteria for determining the duration of storage;

  • The existence of a right to correction or deletion of your personal data, a right to restricting its processing by the responsible entity or a right of objection against its processing;

  • the existence of a right to appeal to a data protection supervisory authority;

  • all available information about the source of the data, if the personal data was not collected from the data subject;

2. Right to correction

In accordance with Article 16 of the GDPR you have the right vis-à-vis the responsible entity to correction and/or completion if the personal data concerning you is incorrect or incomplete.

3. Right to deletion

You can request that the responsible entity immediately deletes your personal data, and the responsible entity is obliged to immediately delete this data if one of the following reasons applies:

  • You personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

  • You revoke your consent to which the processing in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR was based on, and there is no other legal basis for its processing.

  • You file an objection against its processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate reasons for its processing, or you file an objection against its processing in accordance with Article 21(2) of the GDPR.

  • You personal data was processed unlawfully.

  • The deletion of your personal data is required to meet a legal obligation under EU law or the law of the member state the responsible entity is subject to.

  • Your personal data was collected in relation to the services offered by the information society in accordance with Article (8)(1) of the GDPR.

 

4. Restriction of processing ("blocking")

You may request the restriction of the processing of your personal data under the conditions of Article 18 of the GDPR:

Where the processing of your personal data has been restricted, this data, with the exception of storage, may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.

If processing of data was restricted pursuant to the above points, you will be informed by the responsible entity before the restriction of processing is lifted.

5. Right to data portability

In accordance with Article 20 of the GDPR, you have the right to receive your personal data which you have provided to a responsible entity in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another responsible entity without hindrance from the responsible entity to which the personal data was provided, where

  • the processing is based on consent in accordance with Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract in accordance with Article 6(1)(b) of the GDPR and

  • the processing is done automatically.

In exercising your right to data portability, you also have the right to have the personal data transmitted directly from one responsible entity to another, if this is technically feasible. This must not impact the freedoms and rights of other persons.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible entity.

6. Right of objection

Under the conditions of Article 21 of the GDPR, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data at any time based on Article 6(1)(e or f) of the GDPR; this includes profiling based on those provisions.

The responsible entity will no longer process your personal data unless the responsible entity shows that it has compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the assertion, exercise or defence of legal claims.

Right to revoke the declaration of consent regarding data protection

In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.

7. Right to revoke

You have the right to revoke the declaration of consent regarding data protection at any time. The revocation of consent does not affect the lawfulness of processing based on consent before its revocation.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right under Article 77 of the GDPR to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, place of work or place of the alleged violation if you believe that the processing of personal data relating to you violates the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.