Responsible in according with Article 4, paragraph 7 GDPR is the

Federal Office for Radiation Protection (BfS)
President Dr Inge Paulini
Willy-Brandt-Straße 5
38226 Salzgitter

Phone: +49 (0) 3018 333-0
Fax: +49 (0) 3018 333-1885
E-mail: ePost@bfs.de

Questions on data protection matters can be directed to our data protection officer:

Adina Inan
Willy-Brandt-Straße 5
38226 Salzgitter

Phone: +49 (0) 3018 333-1410
E-mail: datenschutzbeauftragte@bfs.de

As a person affected by the processing of personal data by the BfS (i.e. data subject), you have the following rights:

Right of information in accordance with Article 15 GDPR

You can request information about your personal data processed by us.

Right of rectification in accordance with Article 16 GDPR

If the information concerning you is not (or no longer) correct, you can request that it be corrected. If your data is incomplete, you can request that it be completed.

Right of deletion in accordance with Article 17 GDPR

You have the right to have your personal data deleted. However, this applies only if the data is no longer necessary for the fulfilment of the task, is processed unlawfully, or a corresponding consent has been revoked. Section 35 of the Federal Data Protection Act (BDSG) sets out further restrictions.

Right to restrict processing in accordance with Article 18 GDPR

You have the right to request a restriction of the processing of data concerning you. This claim can take the place of an actually existing claim for deletion if this cannot be fulfilled because of the existence of special circumstances.

Right of data transferability in accordance with Article 20 GDPR

The right of data transferability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority transferred to the BfS (Article 20, paragraph 3 (2) GDPR).

Right of objection in accordance with Article 21 GDPR

You have the right to object to the processing of personal data concerning you if you are in a special situation. This right is restricted by Section 36 BDSG if there is a compelling public interest in the processing that outweighs your interests or a legal provision obliges the processing.

Right to lodge a complaint about the processing of personal data in accordance with Article 77 GDPR

If you believe that we have not handled your personal data in a fully responsible manner, you can lodge a complaint with the office below:

Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Straße 153
53117 Bonn

Phone: +49 (0) 228 99 7799 – 0
Fax: +49 (0) 228 99 7799 - 550
E-Mail: poststelle@bfdi.bund.de
Internet: www.bfdi.bund.de

In order to properly fulfil our tasks, we also process personal data (e.g. in the context of enquiries or administrative procedures). In doing so, the requirements of the GDPR and those of the BDSG are taken into account and complied with. Special data protection provisions in other laws (e.g. the Radiation Protection Act) also apply in individual cases.

For what purpose do we process your personal data?

We are an independent scientific and technical higher federal authority in the portfolio of the Federal Ministry for the Environment, Nature Conservation and Nuclear Safety (BMU). We work for the safety and protection of people and the environment from harm caused by ionising and non-ionising radiation. Your personal data is processed for these purposes and in compliance with the provisions of the GDPR, the BDSG, and all other applicable laws:

For the fulfilment of a contract or the implementation of pre-contractual measures (Article 6, paragraph 1 (b) GDPR).

The processing of your personal data serves, among other things, to fulfil contracts that we have concluded with you or your institution or company. This also includes the implementation of pre-contractual measures.

On the basis of legal requirements (Article 6, paragraph 1 (c) GDPR) or in the public interest (Article 6, paragraph 1 (e) GDPR in conjunction with Section 2 of the Act on the Establishment of a Federal Office for Radiation Protection in conjunction with special legal regulations such as from radiation protection law, freedom of information law, or civil service law).

In addition, we process your personal data within the scope of our statutory duties under the Act on the Establishment of a Federal Office for Radiation Protection.

Our statutory duties include in particular:

• Federal administrative tasks in the fields of radiation protection, including emergency protection, assigned to us on the basis of the Radiation Protection Act or other federal laws such as

  • the establishment and maintenance of a register on the radiation exposure of persons exposed through occupational activities (radiation protection register);
  • the establishment and maintenance of a register on highly radioactive sources;
  • the establishment and maintenance of a register of the ethics committee operating under the Radiation Protection Act;
  • the approval and examination of notifications of the use of radioactive substances or ionising radiation on humans for the purpose of medical research;
  • the authorisation of the design of devices containing radioactive substances and installations for the generation of ionising radiation;
  • the recognition of bodies for the measurement of radon-222 activity concentration;
  • the monitoring for incorporation;
• the technical and scientific support to the BMU in the fields of radiation protection, including emergency protection;
• the scientific research to fulfil our tasks in the fields of radiation protection, including emergency protection;
• the support of competent authorities, at their request, in cases of the loss or discovery of radioactive substances or radioactively contaminated substances as well as in cases of a suspected criminal offence in connection with such substances, in the investigation and analysis of such substances, and in protective measures in the context of their seizure;
• the answering of questions from private individuals in the field of radiation protection;
• the informing of the public about the effects and risks of ionising and non-ionising radiation.

Based on consent (Article 6, paragraph 1 (a) GDPR)

Insofar as you have given us consent to process personal data for specific purposes, the data processing is based on your consent. Consent given can be revoked at any time with effect for the future. This applies also to the revocation of declarations of consent given to the BfS before the GDPR came into force (i.e. before 25 May 2018). Please note that the revocation is effective only for the future. Processing that took place before the revocation shall not be not affected by this.

What personal data do we process?

Within the scope of fulfilling our tasks, we process the following personal data in particular; this data has been received either directly from you or from third parties in a permissible manner (e.g. for the fulfilment of contracts or on the basis of consent given). In addition, we process data that we have permissibly obtained from publicly accessible sources (e.g. press, internet, commercial register):

• Personal/contact data (e.g. first name, surname, address, telephone number, fax, email)
• Communication data in connection with correspondence (emails, correspondence)
• Contract and billing data (e.g. bank details, goods/services ordered, invoice data)
• Health data (e.g. in connection with citizens' enquiries)
• Exposure data (e.g. the entries in the radiation protection register).

Under what circumstances may we pass on your data to third parties?

Within the BfS, your personal data will be accessed only by those offices that need it to fulfil the legal tasks within their responsibility.

Your personal data will be passed on to external recipients (e.g. public agencies of the Federal Government or the Federal States, contractual partners of the BfS, and parties involved in administrative proceedings) only if we are obliged to provide information, report, or pass on data in order to fulfil legal requirements or if you have consented to the transfer of your personal data. In addition, data is passed on to external service providers who act as order processors on our behalf or who perform functions for us. All recipients are obliged to comply with data protection.

Data is transferred to countries outside the EU or the EEA (third countries) only if this is necessary for the fulfilment of the aforementioned purposes or is required by law, if you have given your consent, or if this is within the scope of order processing. If service providers in the third country are used, an appropriate level of data protection is guaranteed.

How long do we store your personal data?

For the performance of BfS tasks, personal data are stored in paper as well as in electronic form in accordance with the specifications for the management of written records. After expiry of the retention periods, the documents, including the personal data contained therein, are offered to the Federal Archives and are taken over by the Federal Archives if they deemed worthy of archiving. Personal data may be deleted only if and when this has been agreed in writing with the Federal Archives for the relevant records.

The only exceptions to this are data for which legal provisions other than the GDPR explicitly stipulate deletion.

The administration of documents is regulated in a BfS service instruction. This contains information on the retention periods of various types of records as well as on the modalities according to which records are offered by the BfS to the Federal Archives. Any records not accepted by the Federal Archives are destroyed.

The user data required for the use of the website are stored each time the BfS website is accessed. In this context, the IP address is processed only for the mediation of the requests or the response at the level of network communication but is not made available to the web application (website) and is therefore not stored or evaluated in relation to the use of the web application.

Within the scope of a usage process, the following data record is stored in a log file:

• Page visited or name of the retrieved file,
• Date and time of access,
• Amount of data transmitted,
• Notification of whether the access or retrieval was successful,
• Details of the program that retrieves the data (e.g. web browser),
• Internet address of the previously visited page,
• Parameter list of the request (e.g.: search parameters, sort order, and page specification within lists) provided these are contained in the URL.

This data set is evaluated for optimising the internet offer as well as for statistical purposes.

In addition, temporary cookies are used; these expire after the session and are used exclusively for the operation of the website. These cookies do not contain any personal data.

Data collected when accessing the BfS website will be transmitted to third parties only if the BfS is obliged to do so by law or by court decision or if the transmission is necessary for legal or criminal prosecution in the event of attacks on the internet infrastructure.

Statistical survey

This website uses the web tracking tool Matomo to collect and store data for statistical and optimisation purposes. This function can be deactivated in the following (objection to tracking by Matomo). As a user, you have the option to refuse tracking by Matomo at any time. Please follow the necessary steps mentioned at the bottom of this page.

When a web page is called up, data about this process is stored. In detail, this is the following information: page title, search term (through which visitors come to the page), search engines, page URL, number of pages visited, location of the visitor (country), provider, browser language setting, browser, operating system, screen resolution, browser plug-ins, visit times, visit duration, entry pages, exit pages, downloads, referring web pages.

Personal data

If you order informational material, newsletters, or brochures or rate an article on the BfS website as "helpful" or "not helpful", we will ask you for your name and other personal information in the contact form. It is your free decision as to whether you enter this data. The contents of the BfS contact forms are transmitted via an encrypted https connection. The personal data collected for sending the newsletter (email address) is used exclusively for sending the newsletter.

If you send us a message using the contact form or an email, your data will be used for correspondence with you. If we receive a message from you via the contact form or an email, we assume that we are entitled to reply by email. Otherwise, you must explicitly inform us of another method of communication.

In principle, requests in electronic form are stored in files in the same way as requests in paper form.

References/links

The internet pages of the BfS contain references or links to internet pages of other providers. The BfS has no influence on whether these providers comply with data protection regulations.

Social networks

The BfS has no influence on the collection of data and its further use by social networks.

We therefore expressly draw your attention to the fact that the services used by the BfS (e.g. Twitter) store the data of its users (e.g. IP address or other location-related information, use of cookies) in accordance with their respective data usage guidelines and may use it for business purposes.

The BfS also presents itself in the online business network Xing. Please note the provider’s privacy policy there.

Insofar as video surveillance of the BfS properties takes place, this is done for the purpose of exercising the right to determine who shall be allowed or denied access. An allocation of the data collected in this way to a specific person takes place only in exceptional cases in the event of a violation of the right to determine who shall be allowed or denied access.

In the case of video surveillance of laboratories and measuring equipment for the safety of the data subjects, these persons shall be informed separately.

In the course of your application and recruitment, you provide personal data, which is used by the BfS to fulfil its legal and contractual obligations.

For what purpose do we process your personal data?

In the selection and recruitment process, we process your personal application data insofar as this is necessary to assess your suitability, ability, and professional performance with regard to the position for which you are applying (cf Article 33, paragraph 2 German Basic Law). Additional legal requirements for the selection procedure result in particular from the General Act on Equal Treatment (AGG), the Social Code IX, and budgetary law.

The collection of personal data for the purpose of establishing an employment or service relationship is carried out for employees, trainees, apprentices, interns, and guest students on the basis of Section 26, paragraph 1 BDSG, for civil servants in accordance with Section 106, paragraph 4 Federal Civil Servants Act, and for applications in the collective bargaining sector in corresponding application.

Insofar as special categories of personal data within the meaning of Article 9, paragraph 1 GDPR are communicated or requested in the context of the application procedure (e.g. health data such as severely disabled status, official medical certificate from the public health department) or data revealing political opinions or religious or ideological convictions, the legal basis is also Article 9, paragraph 2 (b), (g), and/or (h) GDPR. Insofar as an official certificate of good conduct is requested as part of the application procedure, the processing of the data contained therein is based on Article 6, paragraph 1 (b), Article 88 GDPR, Section 26 BDSG in conjunction with Article 10 GDPR.

What personal data do we process?

In order to be able to carry out the application procedure, we process the following data from you provided you have given us this information:

• Personal details (including name, address, telephone, date of birth, email address)
• Further details in the curriculum vitae, proof of qualifications such as school, training, study and work certificates, references given, certificates
• Salary data, social security data, tax data, health data

The personal data collected from third parties in the course of recruitment are – if required – information on health suitability for public service (occupational or official medical examination result) and possible previous convictions subject to entry in the Federal Central Criminal Register according to Section 32 (criminal record certificate). Furthermore, the third party enquiry may extend to your personnel file – requested with your consent from previous departments.

Under what circumstances may we pass on your data to third parties?

Within the BfS, your personal data will be accessed only by those offices that need it to fulfil our contractual and legal obligations. In addition to the responsible personnel officers, these are – as far as legally required – the staff council, the representative for severely disabled persons, and the equal opportunities officer.

Your personal data will be passed on to external recipients (e.g. public agencies of the Federal Government or the Federal States, contractual partners of the BfS, and parties involved in administrative proceedings) only if we are obliged to provide information, report, or pass on data in order to fulfil legal requirements or if you have consented to the transfer of your personal data.

How long do we store your personal data?

We store your personal data as long as it is necessary to achieve the processing purposes and/or to comply with legal retention obligations. Under certain circumstances, we will also retain your data for the duration of the statutory limitation period in accordance with Sections 195 et seq. German Civil Code (BGB).

If an employment or service relationship is established between you and us, we will include the personal data in the personnel file to the extent necessary and store it for at least the duration of the employment or service relationship.

Do you need to provide personal data?

The provision of personal data in the context of an application procedure is neither legally nor contractually required. You are therefore not obliged to provide information about your personal data. However, please note that these are required for the application process. If you do not provide us with any personal data in the course of your application, the BfS cannot consider you in the application process. It is recommended that you provide only personal data that is necessary for the application process.

Is there any automated decision making?

Because the decision on your application is not based exclusively on automated processing, no automated decision in individual cases within the meaning of Article 22 GDPR takes place.

With the following information, we inform you about the processing of your personal data when using the video conferencing tool Cisco Webex Meetings (hereinafter Webex). Webex is a service of Cisco International Limited (hereinafter Cisco), which has its registered office at 9-11 New Square Park, Bedfont Lakes, Feltham, England TW14 8HA, United Kingdom.

Note: If you access the Webex website, Cisco is responsible for data processing. However, accessing the website is necessary only to download the software for the use of Webex.

You can also use Webex if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the Webex app.

If you do not want to or cannot use the Webex app, the basic functions can also be used via a browser version, which you can also find on the Webex website.

For what purpose do we process your personal data?

We use the Webex tool to conduct telephone conferences, online meetings, video conferences, and/or web seminars (hereinafter collectively referred to as Online Meetings).

What personal data do we process?

When using Webex, different types of data are processed. The scope of the data also depends on the information you provide before or during participation in an online meeting.

The following personal data are subject to processing:

• Information on the user: First name, last name, telephone (optional), email address, password (if single sign-on is not used), profile picture (optional), division (optional)
• Meeting meta-data: subject, description (optional), participant IP addresses, device/hardware information
• For recordings (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, and text file of the online meeting chat.
• When dialling in with the telephone: Incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
• Text, audio, and video data: You may have the opportunity to use the chat, question, or poll functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting and, if necessary, to record them. In order to enable the display of video and the playback of audio, data from the microphone and any video camera of your end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Webex apps.

In order join an online meeting or enter the meeting room, you must at least provide details of your name.

To what extent is the personal data processed?

We use Webex to conduct online meetings. If we want to record online meetings, we will tell you transparently in advance and – where necessary – ask for consent. The fact of the recording is also shown to you in the Webex app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of web seminars, we may also process questions asked by web seminar participants for the purposes of recording and following up on web seminars.

If you are registered as a Webex user, reports of online meetings (meeting meta-data, telephone dial-in data, questions and answers in web seminars, and survey function in web seminars) can be stored at Webex for up to one month.

The possibility of software-based attention monitoring (attention tracking) that exists in online meeting tools such as Webex is deactivated.

Automated decision-making in the sense of Article 22 GDPR is not used.

What is the legal basis for processing your personal data?

If you use Webex as part of your employment at BfS, the Section 26 of the BDSG is the legal basis for the processing of your personal data.

Furthermore, the legal basis for data processing when conducting online meetings is Article 6, paragraph 1 (b) GDPR insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Article 6, paragraph 1 (e) GDPR in conjunction with Section 2 of the Act on the Establishment of a Federal Office for Radiation Protection and Section 3 BDSG.

Under what circumstances may we pass on your data to third parties?

Personal data processed in connection with participation in online meetings will not be disclosed to third parties (except to Cisco with whom an order processing agreement has been concluded). Cisco necessarily obtains knowledge of the aforementioned data collected precisely for the purpose of using Webex according to the arrangements provided for in our order processing agreement with Cisco.

Because Cisco is based in the UK, processing of personal data takes place outside the EU or EEA (third country). However, this refers to the processing of contractual data only. The other personal data, in particular that of the meeting participants, is processed exclusively on servers in the EU.

We have concluded an order processing contract with Cisco that complies with the requirements of Article 28 GDPR. Furthermore, EU standard contractual clauses were concluded.

How long do we store your personal data?

Your personal data will be stored only for as long as is necessary to achieve the aforementioned purposes.

The data protection notices of Cisco that apply beyond this can be viewed here: https://www.cisco.com/c/en_uk/about/legal/privacy-full.html

We would like to inform you below about the processing of your personal data in connection with the use of the web seminar platform "Zoom" of Zoom Video Communications, Inc. (based in the US).

Purpose of the processing

The data collected by BfS is processed exclusively for the organisation and implementation of the information event as a web seminar.

Note: If you access the "Zoom" website, Zoom Video Communications, Inc. is responsible for data processing. For the use of "Zoom", calling up the Internet site is necessary only in order to download the software for the use of "Zoom".

Processing of personal data

When using "Zoom", different types of data are processed. The scope of the data also depends on the information you provide before or during participation in the web seminar.

The following personal data may be the subject of processing:

• Information on the user: First name, last name, telephone (optional), email address (optional), profile picture (optional), and affiliation to an organisation (optional)
• Meeting meta-data: subject, meeting name and description, meeting duration, participant IP addresses, chat status, and device/hardware information
• Text data: You have the possibility to use the chat and question functions in the web seminar. In this respect, the text entries you make will be processed in order to transmit them to the BfS as organiser and moderator of the web seminar.
• Information on the processing of cookies can be found in the Cookie Policy of Zoom.

If you are registered as a user with Zoom, reports on online meetings (meeting meta-data, telephone dial-in data, questions and answers in online seminars, and survey functions in online seminars) can be stored with Zoom for up to one month.

For participation in the web seminar, only the first name and surname are required by the BfS to verify registration and participation if this is necessary for issuing a certificate of attendance. If the chat, question, or survey function is used, further processing of text data (questions asked) takes place at BfS exclusively in anonymised form (i.e. without personal reference). The video camera (video data and image) and the microphone (audio data) as well as corresponding recordings (video, audio and presentation recordings) are not released.

Automated decision-making in the sense of Article 22 GDPR is not used.

Note: Further information on the processing of personal data at "Zoom" can be found at https://zoom.us/gdpr and https://zoom.us/privacy .

Legal basis

The legal basis for the data processing is Article 6, paragraph 1 (e) GDPR in conjunction with Section 3 BDSG or Article 88, paragraph 1 GDPR in conjunction with Section 26 BDSG.

Data processing outside the EU/EEA

Zoom Video Communications, Inc. is headquartered in San Jose, California, US. In this respect, the data processing takes place in a third country.

A contract processing agreement has been concluded with "Zoom"; this complies with the requirements of Article 28 GDPR. Zoom has also assured the transfer in accordance with the standard contractual clause of the European Commission.

The requirements for data transfers to third countries (countries outside the EU) have become stricter as a result of the ruling of the European Court of Justice of 16 July 2020. The previous EU-US "Privacy Shield" as a legal basis for a data transfer to the US can no longer be invoked because of its ineffectiveness. The resulting level of protection is thus lower than in the EU.

Therefore, please participate in the web seminar only if you expressly consent to the possible risks of such data transfer for you in accordance with Article 49 GDPR.

When using "Zoom" to participate in the web seminar, the following risks of such data transfers exist:

• Impeded assertion of the rights of data subjects
• Lower level of protection than in the scope of the GDPR (EU)
• Access to the data by the US security authorities
• Absence of the European fundamental rights standard
• Difficulty in enforcing the law
• Disclosure and recipients of personal data

The personal data collected by the BfS during the information event on "Zoom" will, in principle, not be passed on to third parties. The names of the participants ("viewers") and the questions they ask in the chat are visible only to the BfS staff participating in the information event. There is no contact between the viewers.

Deletion of data

The personal data collected by the BfS (your name, email address, and organisational affiliation) will be deleted as soon as the purpose of the data processing (verification of registration before the start of the event and issuance of the certificate of attendance after the event) has been achieved.

Further notes on the use of "Zoom"

As a rule, no content that requires a high level of protection or is strictly confidential should be exchanged via "Zoom".

Keep the video conferencing software (or the browser you use to join the video conference) up to date.

If you use the chat channel, you should express yourself only in such a way that accidental publication of the chat does not cause you any harm.

6.1. Basic data protection regulation (GDPR)

You can find the legal text of the GDPR here: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&rid=1

6.2. Standard data protection clauses

You can find the standard data protection clauses here: https://eur-lex.europa.eu/eli/dec/2010/87/oj?locale=en