• 1. Controller and data protection officer
• 2. General information about website use and data processing
• 3. Data processing when visiting the website
• 4. Processing of personal data when establishing contact
• 5. Information about social media use
• 6. Your rights

Protecting your data is a matter to which the Bundeskriminalamt (BKA) attaches great importance. For this reason, the "personal data" - as described in the definitions given in art. 4 no. 1 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; GDPR) - will only be processed on this website to the extent necessary and in accordance with the principles outlined in art. 5 (1) of the GDPR. 

Personal data of our users are only processed after these have given their consent. An exception applies in those cases where factual grounds make it impossible to obtain prior consent but the processing of the data is permitted by legal regulations.

Which data are required and processed for what purpose and on what basis largely depends on the kind of service you wish to use and / or the task for which we need them.

Please make sure to use a current version of your internet browser. This is also in your own interest. The use of outdated versions may lead to error messages when our website is accessed. Please refer to the website of the "Bundesamt für Sicherheit in der Informationstechnik" (BSI; Federal Office for Information Security) for further information on the applicable security standards.

1. Controller and data protection officer

The body responsible for the processing of personal data (controller) is the

Bundeskriminalamt
65173 Wiesbaden
Phone: +49 (0)611 55 - 0
Fax: +49 (0)611 55 - 12141
E-Mail: impressum@bka.bund.de
DE-Mail: poststelle@bka.de-mail.de
(This email address can only be used by owners of DE-mail accounts.)

If you have any concrete questions concerning the protection of your data, please contact the Data Protection Officer:

Bundeskriminalamt
Der Datenschutzbeauftragte
65173 Wiesbaden
Fax: +49 (0)611 55-45641
Kontaktformular (contact form)

Please refer to the "Anfragen und Auskunftserteilung" (Queries and provision of information; only available in German) section for further information about inquiries directed to the BKA pursuant to the Federal Data Protection Act and the Federal Act Governing Access to Information held by the Federal Government. 

2. General information about website use and data processing

a. Secure use of website

The secure use of our website is ensured by means of the encrypted Hypertext Transfer Protocol Secure (HTTPS) connection and the preloading of the HTTP Strict Transport Security (HSTS).

By taking all necessary technical and organisational security measures, which correspond to the current state of technology, the BKA makes sure that your personal data are protected against unauthorised data intervention, such as data loss, destruction, intentional tampering or access by unauthorised third parties.

b. Protection of minors

Persons under 16 years of age should not transmit any personal data to us without the consent of their parents or legal guardians.

c. Legal bases for the processing of personal data

The BKA processes personal data when performing its tasks in the public interest incumbent upon it. Public relations work is part of the BKA's public functions; this also includes the provision of information to the public in the framework of this internet presentation.

Insofar as your consent is requested for processing personal data, art. 6 (1) lit. a of the GDPR shall serve as the legal basis.

Insofar as the processing of personal data is required to fulfil a legal obligation incumbent on the BKA, art. 6 (1) lit. c of the GDPR in conjunction with the relevant legal provision, from which the legal obligation arises, shall additionally serve as a legal basis.

In case vital interests of the data subject or another natural person require the processing of personal data, art. 6 (1) lit. d of the GDPR shall serve as the legal basis.

Insofar as processing is necessary for the aforementioned performance of the BKA's tasks, which are in the public interest or carried out in the exercise of official authority transferred to the BKA, art. 6 (1) lit. e of the GDPR in conjunction with section 3 of the Federal Data Protection Act shall serve as the legal basis.

d. Deletion of data and retention period

Personal data are deleted or blocked as soon as the purpose of their storage has ceased to exist. Data may also be stored if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which the BKA is subject.

e. Further information on data protection

Further details on which data are processed for what purpose and what rights you have with regard to the processing of personal data can be gathered from the following information of this Data Privacy Statement.

3. Data processing when visiting the website

a. Provision of the website

Data required for provision of the website are collected and exchanged whenever a user accesses our website. These are:

• IP address
• Date and time of the access (time stamp)
• Details of the query and destination address (protocol version, HTTP method, referrer, user-agent string)
• Name of the file accessed and data volume transmitted (URL requested including query string, size in bytes)
• Message whether the request was successful (HTTP status code)

These data are also stored in log files on servers of our web provider, the "Informationstechnikzentrum Bund" (ITZBund; Federal Information Technology Centre), beyond the time of the actual access. This Centre is obliged to store the data even after the time of your access to prevent attacks on the internet infrastructure of the federal communications technology. These data are analysed and will be needed to initiate legal action and law enforcement measures in the case of attacks on the communications technology. The data will be deleted as soon as they are no longer needed for the performance of tasks.

Data logged when the BKA website is accessed will only be transmitted to third parties if we are legally obliged to do so or if the transmission is necessary to initiate legal action or law enforcement measures in the case of attacks on the federal communications technology. In all other cases, no transmission will be made. The BKA does not collate these data with other data sources in cases other than those mentioned above.

b. Use of cookies for technical operation

Cookies are short text data packets. Websites can store them locally in the memory of your internet browser on the computer you are using. In particular, cookies enable recognition of the web browser used. We use two kinds of cookies.

Firstly, we use a so-called AL_LB-S cookie. This is placed by the load balancer to ensure that all of your requests are sent to the same back-end server.

Secondly, we use a so-called JSESSIONID cookie enabling you to use forms provided on our website (e.g. to perform a query or the contact form). The session cookie, however, will only be placed when one of our forms is used. These cookies make it possible to trace other activities related to the use of the form. This is done as part of the public relations work with a view to providing information related to the tasks assigned to the BKA on a needs-oriented basis.

The aforementioned cookies do not collect your personal data or information on your using the website. You can delete all cookies placed at any time by calling up the respective menu item in your internet browser or by deleting them from your hard disk. For detailed information, please refer to your browser's help menu.

Of course, you can also visit our website without the use of cookies. To this end, you can at any time generally reject (deactivate) the use of cookies via the settings of your web browser or opt for having the placing of cookies displayed and decide individually whether or not to allow the placing of cookies (cookie alert). For detailed information, please refer to your browser's help menu. Rejecting cookies or having them displayed may have an impact on the performance of our website.

c. Web analysis

In order to provide information related to the tasks assigned to the BKA on a needs-oriented basis, the BKA analyses usage information for statistical purposes.

This is done with the help of the web analytics service "Matomo" (formerly "PIWIK").
This software runs exclusively on the servers of the Federal Information Technology Centre on behalf of the BKA.

If individual pages of our website are accessed, the following data are stored:

• two bytes of the IP address of the accessing system of the user (anonymously)
• the website accessed
• the website from which the user has reached the accessed website (referrer)
• the sub-pages opened from the accessed website
• the dwell time on the website
• the frequency of access to the website.

No cookies are placed on the computer of the user in the scope of our web analysis.
Neither are the data transmitted to third parties.

If you do not agree with the completely anonymous storage and analysis of these data from your visit, you can object to the storage and use via the opt-out function at any time:

4. Processing of personal data when establishing contact

The BKA offers you to contact the relevant unit of the BKA or the contact person for a variety of purposes. The processing of personal data depends on the occasion and the contact channel chosen.

The website offers users to establish contact by means of a contact form. In addition, contact can be made via e-mail, letter or phone.

a. Contact via contact form

The contents contained in the BKA's contact form are transmitted over an encrypted https connection.

If you use one of the contact forms for communication (e.g. press, citizens', data protection contact form), your mandatory data are limited to the details needed to handle your request. These mandatory data vary depending on the addressee of the contact form you have used and the processing requirements of your request. Without these data the request you transmitted via contact form cannot be processed. Further information is optional.

Please note that the data and contents transmitted in the contact form are processed for the purpose of handling your request.
When the contact form is used, the IP address of the sender and the information contained in the user-agent string (e.g. browser used, browser version, operating system and version of the operating system) are transmitted to the BKA in addition to the contents of the data fields. The IP address and the information from the user-agent string are used exclusively for the designated purpose and in the context of state measures to enforce the law and avert danger in compliance with statutory requirements.

When you activate the "data protection" checkbox and send the contact form, you consent to your personal data, IP address and information from the user-agent string being transmitted and stored. If you do not agree with this, you can terminate the process at any time. In the event of this happening your message will not be transmitted.

The request you send via the contact form will be handled by BKA staff. The BKA will process your data only to handle your request and in accordance with the pertinent legal provisions.

b. Contact by e-mail

If you wish to contact the BKA by e-mail, you can use one of the e-mail addresses indicated on our website.

If you contact the BKA by e-mail, the data you have transmitted (e.g. name, first name, address), but at least the e-mail address and the information contained in the e-mail (possibly any personal data transmitted by you), are stored for the purpose of contacting you and handling your request in accordance with the deadlines applicable to the retention of records as laid down in the Directive on the processing and management of records (files and documents) in Federal Ministries, which supplements the Joint Rules of Procedure of the Federal Ministries.

Processing of the personal data transmitted by you is necessary for the purpose of handling your request.

The request you send by e-mail will be handled by BKA staff. The BKA will process your data only to handle your request and in accordance with the pertinent legal and contractual provisions.

c. Contact by letter

If you write a letter to the BKA, the data you have transmitted (e.g. name, first name, address) and the information contained in the letter (personal data possibly transmitted by you) are stored for the purpose of contacting you and handling your request in accordance with the deadlines applicable to the retention of records as laid down in the Directive on the processing and management of records (files and documents) in Federal Ministries, which supplements the Joint Rules of Procedure of the Federal Ministries.

Processing of the personal data transmitted by you is necessary for the purpose of handling your request.

d. Contact by phone

If you choose to contact the BKA by telephone, the personal data received from you will be processed to handle your request insofar as this is necessary.

Please note that the data and contents transmitted (which may also include personal data transmitted by you) are processed for the purpose of handling your request.

e. External contacts

This website also provides contact information (internet addresses, e-mail addresses, phone numbers, etc.) of third parties (e.g. local police offices in the context of media-assisted search measures). If you use this information to establish contact, the processing of personal data does not fall within the area of responsibility of the BKA.

If you have any questions about the handling of your personal data by third parties, please contact them accordingly.

5. Information about social media use

No data will be transmitted to social media providers when this website is accessed. No social media plugins are integrated into this website.

The social media icons shown are graphic symbols leading to the relevant social media information offer via hyperlinks. These hyperlinks are implemented in the form of the "2-click solution", which is in compliance with data protection requirements. When the user clicks on the first (internal) link, the following notification is shown on this website:

You have just clicked on the link to our offer on "name of the social media platform". If you use the services of this provider, usage data may be recorded and stored in server logs. The Bundeskriminalamt has no influence on the type and extent of the transmitted and / or stored data. Please see the provider's data privacy policy for further information on the data collected by "name of the social media platform", their storage and use.

By actively clicking on the (external) hyperlink again, which resolves to the relevant social media platform and is displayed underneath the information text, the user consents to the processing of his / her data.

The Twitter module on the homepage of the BKA website was implemented in a way that no user data are forwarded to Twitter without the active use by the website visitor (accessing the tweet and changing to the BKA's Twitter channel).

The separate data protection information of the BKA (data privacy statement, data protection impact assessment, utilization concept, disclaimer notice, netiquette, legal information) applying to the use of our social media channels as well as the social media concept can be found on the "Datenschutz Social Media Kanäle" (Data protection social media channels; only available in German) page.

6. Your rights

You have the following rights vis-à-vis the BKA with regard to your personal data:

a. Right to withdraw consent - art. 7 (3) of the GDPR

Provided that your personal data have been processed on the basis of your consent (art. 6 (1) lit. a of the GDPR), you may withdraw your consent at any time for the relevant purpose. The lawfulness of processing based on your consent will remain unaffected until your withdrawal is received.

b. Right to demand information - art. 15 of the GDPR

In accordance with art. 15 of the GDPR, you have the right to demand disclosure of your personal data processed by us. In particular, you may demand information on the purposes of the processing, the category of personal data, the category of recipients to whom your data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data (if the data have not been collected by us), and the existence of automated decision-making, including profiling. The exceptions to this right regulated in section 34 of the German Federal Data Protection Act apply accordingly.

c. Right to rectification - art. 16 of the GDPR

In accordance with art. 16 of the GDPR, you have the right to demand the immediate rectification of inaccurate personal data, or to have incomplete personal data stored by us completed.

d. Right to deletion - art. 17 of the GDPR

In accordance with art. 17 of the GDPR, you have the right to demand the immediate deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims. In addition, the exceptions to the right of deletion regulated in art. 35 of the German Federal Data Protection Act apply accordingly.

e. Right to restriction of processing - art. 18 of the GDPR

In accordance with art. 18 of the GDPR, you have the right to demand the restriction of the processing of your personal data should you contest the accuracy of the data, should the processing be unlawful but you oppose the deletion of the data and we no longer need the data but you require the data for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with art. 21 of the GDPR.

f. Right to data portability - art. 20 of the GDPR

In accordance with art. 20 of the GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, or the right to demand that the data be transferred to another controller. In accordance with art. 20 (3) sentence 2 of the GDPR, this right, however, shall not apply to processing necessary for the performance of tasks carried out in the public interest.

g. Right to object - art. 21 of the GDPR

Insofar as your personal data are processed on the basis of legitimate interests pursuant to art. 6 (1) sentence 1 lit. f of the GDPR, you have at any time the right to object to the processing of your personal data pursuant to art. 21 of the GDPR. This does not apply if the Bundeskriminalamt can demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of your person or the processing serves to assert, exercise or defend legal claims. The exceptions to the right regulated in art. 36 of the German Federal Data Protection Act apply accordingly.

You may assert the aforementioned rights by referring to the BKA Data Protection Officer indicated under item 2 of this Privacy Policy. To do so, you may use the contact form provided.

In addition, in accordance with Art. 77 of the GDPR, you have the right to lodge a complaint with the supervisory authority overseeing compliance with data protection legislation (Federal Commissioner for Data Protection and Freedom of Information) if you consider that the processing of personal data related to you infringes the GDPR.