Information pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) Da­ta pro­tec­tion state­ment

Foto: Zahlreiche LAN-Kabel stecken in einem Server.

© dpa | Ole Spata | 2013

These notes on data protection provide you with information about processing of your personal data by the Secretariat of the Bundesrat (SdBR) and about your rights in this context.

- In case of doubt, the German version shall apply. -

1. What are the Bundesrat Secretariat’s responsibilities?

In its role as a legislative body, the Bundesrat is one of the Federal Republic of Germany’s five permanent constitutional bodies. The Bundesrat represents the federal states at the level of the Federation as a federal body alongside the Federal President, the Bundestag, the Federal Government and the Federal Constitutional Court. The Bundesrat Secretariat (SdBR) was established in 1949 to support the Bundesrat. This role informs the Secretariat’s remit, which encompasses responsibility for preparing and implementing meetings of the Bundesrat and its committees, providing support services to the President of the Bundesrat, maintaining parliamentary relations, carrying out press and public relations work including the visitor service, running the documentation unit / library, as well as conducting the classical administrative tasks of a public authority. In total, around 200 employees are involved in dealing with these tasks.

2. Who is responsible for data processing and whom can you contact?

The Bundesrat Secretariat is responsible for data processing:
Sekretariat des Bundesrates
Leipziger Straße 3 - 4, 10117 Berlin

Contact details for the Data Protection Officer:
Datenschutzstelle im Sekretariat des Bundesrates
Leipziger Straße 3 - 4, 10117 Berlin

You can also reach both offices via the following de-mail address: or by telephone on (030) 18 9100 0.

3. What data is collected when you use our online media?

You can use our online services without disclosing your identity.

Collection, storage and processing of your data

Data is stored temporarily and processed in a log file whenever a user accesses our Internet services and whenever a file is retrieved.

Specifically, the following data is stored for 30 days each time the website is accessed / a file is retrieved:

  • Date and time of retrieval (time stamp)
  • Request details and destination address (protocol version, HTTP method, referer, User Agent string)
  • Name of file retrieved and data volume transferred (requested URL incl. query string, size in bytes)
  • Notification as to whether the retrieval was successful (HTTP status code)

The user’s IP address is not stored in this context.

Evaluation of user behaviour

We use the open source software Matomo for statistical evaluation of visitor access. The data collected with this software is used in anonymised form to analyse utilization of the Bundesrat’s website and to improve the website. Your IP address is immediately anonymised during this process, so that you as a user remain anonymous to us. By using the website, you agree to Matomo’s processing of the data collected in the manner and for the purpose described above.

You can prevent Matomo from collecting data by activating the “Do Not Track” function in your Internet browser. In most browsers you will find this function under “Settings -> Privacy”.

E-mail, contact forms

Your disclosure of your data is on an expressly voluntary basis if you send us an e-mail or use the option to enter personal or business data (e-mail addresses, names, addresses) as part of our Internet services. We store your data on specially protected servers in Germany. Access to this data is only possible for a few specifically authorised individuals involved with technical or editorial server support.

Use of cookies

A cookie is a short entry in a special file directory on your computer and is used for exchange of information between computer programmes or for temporary archiving of information. Cookies for example help keep the system for online orders of publications running smoothly (shopping cart) and contribute to maintaining the selected font size when various subpages are viewed. The Bundesrat only uses cookies required for technical provision of the website. The cookies are only set for a short time and are deleted automatically immediately after your visit to our site (session cookies).


When you subscribe to our newsletter, we request your e-mail address and ask you to select the topics on which you would like to receive newsletter information. By entering your data, you consent to use of the data for this specific use. We only store your data as long as it is required for this specific purpose. You can revoke storage of your e-mail address and topics selected at any time by cancelling your subscription to our newsletter. Your data will be deleted when you unsubscribe from the newsletter.

Embedded videos from external websites

No data is transmitted if you simply load a page within our online content that contains an integrated YouTube video. Your IP address will only be transmitted to YouTube if you play the video.

Links to other online content

Our online content contains links to other websites. We have no influence on compliance by operators of such websites with data protection provisions.

Ordering material

When information material is ordered online for delivery by post, we use your personal data within the Bundesrat. The data collected will not be transmitted to third parties. The orders are stored and retained for about three months in case of queries. After statistical recording of the material ordered, the data is deleted. The data is only accessible to the relevant employees of the Bundesrat and is used by these employees solely for purposes connected with dispatch of the information material.

Protection of minors

Persons under 18 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people. We do not deliberately collect such data.

Mobile applications

The Bundesrat offers an app in versions for the iOS and Android operating systems. We use the open source software Matomo for statistical evaluation of visitor access. The data collected with this software is recorded in anonymous form so that you as a user remain anonymous to us. The data is utilized for usage analysis and to improve the Bundesrat’s app. By using the app, you agree to processing of the data collected by Matomo in the manner and for the purpose described above.

The operating system and version number are transmitted when the app is used in order to transfer content data. In addition, certain access rights must be granted to enable the app to operate:

The app requires access to the device’s network connection information. This is needed to load and update the app’s content and to select a suitable bandwidth for live streaming of the plenary sessions. Furthermore, access to the device’s appointment calendar is required to allow appointments to be imported directly into the calendar if the user requests such import. No other access rights are required.

Social media data protection statement

The Bundesrat uses Twitter, Instagram, YouTube and Flickr. The Bundesrat cannot assess the extent to which these social networks provide their services in accordance with European data protection regulations.

We therefore expressly draw attention to the fact that these networks store their users’ data (e.g. personal information, IP address, etc.) in keeping with their data usage guidelines and utilize such data for commercial purposes.

The Bundesrat has no influence on data collection and subsequent use of such data by social networks. The Bundesrat therefore has no information concerning the extent, location and duration of such data storage, the extent to which these social networks comply with existing deletion obligations, which evaluations and links are made using the data or to whom the data may be transferred.

4. Which data and sources do we use?

The following data and data categories are processed on a regular basis:

  • Personal data (e.g. name, address and contact details)
  • Job application details
  • Photographs within the context of our public relations work
  • Contact details for invitation mailing list
  • Registration data from visitor and pupil groups
  • Contract data and tax-relevant data in connection with ongoing business relationships
  • Correspondence (e.g. correspondence with you)
  • Images recorded during video surveillance of outdoor areas around our building

We process data that we receive directly from you (Article 13, GDPR) or from third parties (Article 14, GDPR). Third parties are, for example, schools that register school groups, your company if you work for us as a tradesman or your contact data as an official accessing content via the federal Intranet. On a case-by-case basis, we may also use your own website or Internet search engines to research contact data.

Spam or unsolicited (mass) advertising mails will be deleted immediately.

5. Why is your data processed (purpose of processing)?

We process your data exclusively within the scope of fulfilment of our official remit and for the particular purposes for which we receive your data from you or from third parties.


When preparing and implementing meetings of the Bundesrat and its committees, we may receive your contact details, for example if you communicate with us by e-mail from your office. If you send us a submission on a legislative proposal, that submission will be recorded and processed here.

In the context of press and public relations work, we use e.g. mailing lists with your contact data, which we have received from you, your publishing house or from public directories. On the website we offer you the option of subscribing to a newsletter.

We require data from you if visit us and participate in a guided tour or plenary session, for example to be able to pay out travel allowances to school classes or to exclude security risks.

Within the scope of classical administrative tasks that we deal with, we process e.g. applicants’ data when dealing with tender procedures or supplier data when handling invoicing; for security reasons we also process identification data of company employees working for us.

6. Legal basis for data processing

In the following section, we provide you with information concerning the purposes for which we process your data and the legal basis for such data processing.

6.1 On the basis of consent from you (Article 6(1)(a), GDPR)

If you have given us consent to process your personal data, this consent constitutes the legal basis for the data processing stipulated in each specific instance of consent.
You may revoke such consent at any time with effect for future processing. This also applies to declarations of consent that you issued before the GDPR entered into force, i.e. before 25th May 2018. The revocation takes effect solely in respect of any future data processing.

6.2 To fulfil contractual obligations (Article 6(1)(b), GDPR)

We process your data in order to fulfil our contracts with you. The purposes for which data is processed depend upon each specific agreement.

6.3 To fulfil the SdBR’s legal obligations or within the framework of duties we perform in the public interest (Article 6(1)(c) and (e), GDPR)

We process your data on the basis of numerous laws, the Bundesrat’s Rules of Procedure and related regulations such as the Bundesrat’s in-house rules.

6.4 For the purpose of recruitment (Article 88, GDPR in conjunction with § 26, Federal Data Protection Act (BDSG)) within the context of responses to positions advertised or unsolicited applications

6.5 Video surveillance of publicly accessible areas (§ 4, BDSG)

7. Who receives your data?

Within the Bundesrat Secretariat (SdBR), data access is provided to the units that require such data to fulfil our contractual and legal obligations

Your data will only be passed on to recipients outside the SdBR if a legal basis expressly permits such data transfer. In addition, the following may receive your data:

  • contracted data processors deployed by us (Article 28, GDPR) to process your data in accordance with our instructions and
  • other bodies for which you have given us prior consent for data transmission.

Personal (contact) data are transmitted to third countries (outside the European Economic Area) or to international organisations in accordance with Chapter V, GDPR in the context of fostering parliamentary relations, e.g. in the case of conference participation. You will be informed separately of the specific provisions in such cases.

8. How long is your data stored?

We store your data in line with the relevant stipulated storage periods or for as long as such data storage is necessary to fulfil the SdBR’s remit.

That means:
Where necessary, your personal data will be stored for the duration of business relations, which also includes initiation and fulfilment of a contract.

In addition, the Secretariat of the Bundesrat is subject to various obligations concerning data storage and documentation that arise inter alia from the German Civil Code (BGB), the General Equal Treatment Act (AGG), the German Commercial Code (HGB) and the Tax Code (AO).

Furthermore, the storage period is also assessed in the light of statutory limitation periods, which, for example, pursuant to §§ 195 ff., German Civil Code (BGB), generally entails a three-year storage period, but in certain cases stipulates data storage for up to thirty years.

9. Your data privacy rights

You have the right to information pursuant to the respective legal conditions (Article 15, GDPR; § 34, BDSG). Furthermore, you have the right to correction or completion of your personal data stored with us (Article 16, GDPR), to deletion of such data (Article 17, GDPR; § 35 BDSG), to restrict processing of such data (Article 18, GDPR) and to data transferability (Article 20, GDPR).

In addition, you have the right to lodge an appeal with the Federal Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, 53117 Bonn (Article 77, GDPR; § 19, BDSG) or to consult the data protection office in the Bundesrat Secretariat (§ 6 (5), BDSG).

10. Do you have an obligation to provide data?

In the context of fulfilment of the Bundesrat Secretariat’s remit or within the framework of business relations, you must provide only such personal data as are required for this purpose or which the Bundesrat Secretariat is legally obliged to collect. If we do not receive this data, we will generally not be able to process your request or to establish a contractual relationship.

11. To what extent is automated decision-making utilized in particular cases?

The Secretariat of the Bundesrat does not use any procedures for automated decision-making pursuant to Article 22, GDPR.

12. Your rights of revocation and objection (Article 13(2)(c), Article 14(2)(d) and Article 21, GDPR)

If your data is processed on the basis of your consent to such processing, you can revoke this consent at any time in respect of future data processing.

You also have the right to object at any time, for reasons arising from your particular situation, to processing of personal data concerning you on the basis of Article 6(1)(e), GDPR (data processing for performance of a task in the public interest or in the course of exercising official authority). If you enter an objection, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for such data processing that take precedence over your interests, rights and freedoms or unless such data processing serves to assert, exercise or defend legal claims.

Revocations or objections can be addressed, with no specific requirements concerning the form to be observed, to the responsible body cited in Point 2.

13. Validity and amendment of this data protection statement

This data protection statement (status: May 2018) is currently valid. Amendments to this data protection statement may become necessary due to further development of our website and services provided through it or as a result of changes in legal or regulatory provisions. The current data protection statement can be downloaded in a printable version from the website at any time at