Information pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) Privacy statement

Foto: Zahlreiche LAN-Kabel stecken in einem Server.

© dpa | Ole Spata | 2013

Protecting your personal data is important to us. We should like to inform you about processing of personal data by the Bundesrat Secretariat.
Personal data are processed by us only to the extent necessary. The question of when personal data is processed, which data is processed, for which purposes and on which legal basis depends on the type of service you opt to use.

We have adopted technical and organisational measures to ensure that we and our external service providers comply with data protection regulations.

Processing of personal data in the Bundesrat Secretariat is carried out in accordance with the European Union’s General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1. Fundamental Principles

1.1. Responsible body and Data Protection Officer

The Bundesrat Secretariat is responsible for protection of your personal data
Leipziger Straße 3 - 4, 10117 Berlin
E-Mail: organisation@bundesrat.de

If you have specific questions about protection of your data, please contact the Data Protection Officer in the Bundesrat Secretariat:
Datenschutzstelle im Sekretariat des Bundesrates
Leipziger Straße 3 - 4, 10117 Berlin
E-Mail: datenschutzbeauftragter@bundesrat.de

You can also reach both bodies via the general “de-mail” address: de-mail@bundesrat.de-mail.de or by telephone at (030) 18 9100 0.

1.2. Personal data

Personal data is any information relating to an identified or identifiable natural person. A natural person is regarded as identifiable if he or she can be identified directly or indirectly - in particular by reference to an identifier such as a name or an identification number, location data or an online identifier.

1.3. Protection of minors

People under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request any personal data from children and young people. We do not knowingly collect such data. Should personal data be required to visit the Bundesrat Secretariat, point 6.3 shall apply. The data shall not be transmitted to third parties.

1.4. Legal basis for processing of personal data

The Bundesrat Secretariat processes personal data when performing the public-service duties incumbent upon it. The public duties to be performed by the Bundesrat Secretariat include, in particular, public relations work, which encompasses, inter alia, provision of information to the public within the framework of this website. The legal basis for data processing in this context is Article 6(1)(e), GDPR in conjunction with the corresponding national or European standard on duties to be performed or in conjunction with § 3, BDSG. Insofar as processing of personal data should be necessary on a case-by-case basis to fulfil a legal obligation, Article 6(1)(c), GDPR, in conjunction with the relevant legislation that gives rise to the legal obligation, shall also serve as a legal basis.

Insofar as we obtain the consent of the data subject in question for processing of personal data, Article 6(1)(a), GDPR serves as the legal basis.

In individual cases, Article 6(1)(b), GDPR also serves as the legal basis for processing of personal data required for performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for implementation of pre-contractual measures. The Bundesrat Secretariat acts as a contractual party pursuant to civil law in particular in the fields of personnel recruitment and procurement.

Article 6(1)(d), GDPR shall serve as the legal basis should vital interests of the data subject or another natural person make it necessary to process personal data.

2. Data Processing in Connection with Visits to this Website

You can use the services we offer online without disclosing your identity.

2.1. Data collection

Data is temporarily stored and processed in a log file whenever the website is accessed and whenever a file is retrieved.

The following specific data is stored for 30 days for each site access / file retrieval:

  • Date and time of retrieval (time stamp),
  • Request details and destination address (protocol version, HTTP method, referrer, user agent string),
  • Name of retrieved file and data volume transferred (requested URL incl. query string, size in bytes) as well as
  • Notification of whether the retrieval was successful (HTTP status code).

Users’ IP addresses are not stored in this context.

Our online content contains links to other websites. We have no influence on compliance with data protection regulations by operators of such websites.

Pursuant to 6 (1) (e), GDPR in connection with § 5, Act to Strengthen the Security of Federal Information Technology (BSIG), we are obliged to store the data after your visit to help safeguard against attacks on the Bundesrat’s internet infrastructure and the Federal Government’s communication technology. This data is analysed and can be used to initiate legal and criminal proceedings in the event of attacks on communications technology. The data is deleted as soon as it is no longer needed to perform the relevant tasks.

Data recorded when accessing the Bundesrat’s website will only be transmitted to third parties if we are legally obliged to provide such data or if such transmission of data is required for legal or criminal prosecution in the event of attacks on the Federal Government’s communications technology. Data is not transmitted in any other cases. The Bundesrat Secretariat does not merge this data with other data sources.

In addition, we should like to expressly draw your attention to the fact that the service provider YouTube, which is integrated by the Bundesrat into the website, stores data from visitors to the Bundesrat website during active use (playing a video on the website), in accordance with YouTube’s data usage guidelines and that YouTube uses such data for its commercial purposes. The Bundesrat Secretariat has no influence on this data collection and further utilization of the data by social media. Consequently the Bundesrat Secretariat does not have any information concerning the extent to which such data is stored, where and for how long the data will be stored, to what extent social media will comply with existing deletion obligations, which evaluations and links may be made with the data and to whom the data may be transmitted.

If you merely access a page from our website with an embedded YouTube video, no data will be transmitted. Data is transferred only when such a video is played – in this case, the IP address is transmitted to YouTube.

2.2. Web analytics

The Bundesrat Secretariat evaluates usage information from the website for statistical purposes. This evaluation is based on Article 6(1)(e), GDPR in conjunction with Article 3, Federal Data Protection Act (BDSG) as part of public relations work and to ensure needs-oriented provision of information on the tasks to be performed by the Bundesrat.

The evaluation is carried out using the open-source web-analysis service Matomo.

When individual pages of our website are accessed, the following data is stored:

  • two bytes of the IP address of the system deployed by the user for access (anonymous)
  • the website accessed
  • the website from which someone arrived at the website accessed (referrer)
  • the subpages that are accessed from the accessed website
  • time spent on the website
  • frequency of access to website

No cookies are set on your computer within the context of our web analysis. The data will not be transmitted to third parties either.

If you disagree with completely anonymous storage and evaluation of this data from your visit, you may object to such storage and subsequent use at any time with just one click .

In this case, what is known as an opt-out cookie is stored in your browser and as a consequence Matomo will no longer collect any session data.

2.3. Session cookies

A cookie is a text file that is generated by the server of the Bundesrat Secretariat’s website and sent to your Internet browser. The cookie is used for exchange of information between computer programmes or for temporary archiving of information. Certain functions on the Bundesrat Secretariat’s website use cookies that store a sequence of numbers to identify the user (ID). These are only stored for a short period and are automatically deleted immediately after your visit to our site (session cookies).

Cookies help, for example, to ensure that you can order publications smoothly (shopping cart) and that the selected font size remains the same when calling up various subpages. The Bundesrat Secretariat only uses cookies that are necessary for technical provision of the website. This is done on the basis of Article 6(1)(e), GDPR in conjunction with Article 3, BDSG as part of public relations work for needs-oriented provision of information on the tasks assigned to the Bundesrat Secretariat.

The session-ID is used to compile your orders of publications in your shopping cart. The session cookies used are deleted when you end the session. If you close the browser window or access another page, your shopping cart will be reset. The shopping-cart contents collected up to that point must be recompiled if you end the session without completing the order process. Any Internet browser can display information about any cookies stored and what these cookies contain. Detailed information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information and the website of the Federal Office for Information Security. Permanent cookies also exist and make it possible for visitors to be recognized even after a long time. This information is stored as a text file on the visitor’s hard drive. We do not use such cookies on our website.

Most browsers are set to accept cookies automatically. However, storage of cookies can be deactivated or the browser may be set to store cookies only for the duration of each Internet session.

If you refuse all cookies

  • it will not be possible to collect a range of publications in the shopping cart, and
  • brochures can only be ordered one at a time.

3. Data Processing in Connection with Use of Mobile Applications

The Bundesrat Secretariat offers an app for iOS operating systems and an app for Android operating systems. If you use these apps, your personal data will be processed on the basis of Article 6 (1) (e), GDPR in conjunction with § 3, BDSG within the framework of public relations work and for the needs-oriented provision of information on the tasks to be performed by the Bundesrat.

3.1. Data collection

When downloading the Bundesrat app from the Apple Store or Play Store, the requisite information is transmitted to the respective app store, in particular user name, e-mail address, app store customer number and the individual device ID. We have no influence on this data processing. The operator of the respective app store is responsible for this. We only process the data required to download the app to your device.

To transfer the content data, the operating system and version number are transmitted each time the app is accessed. In addition, certain access rights must be granted to allow operation of the apps. Each app needs access to the network connection information of the device on which it runs. This is necessary to download and update the app’s contents and to select a suitable bandwidth to livestream the plenary sessions. Furthermore, access to the appointment calendar is necessary so that appointments can be imported directly into the calendar if desired. No further access rights are required.

3.2. Monitoring

The Bundesrat Secretariat evaluates usage information from mobile applications for statistical purposes. We use the open-source software Matomo for statistical evaluation of visitor access. The data collected with this software is collected in anonymised form so that you as a user remain anonymous to us. The data are used to analyse usage and improve the Bundesrat’s app. By using the app, you consent to processing of the data collected by Matomo in the manner and for the purpose set out above.

4. Processing of Personal Data When Users Contact Us

Processing provisions concerning your personal data depend on the way in which you contact us. You can contact us by e-mail, contact form, letter or telephone.

4.1. Contacting the Bundesrat Secretariat by e-mail

In addition to each staff member’s individual official e-mail address, the Bundesrat Secretariat can also be contacted by e-mail via this central e-mail address and via various functional mailboxes: bundesrat@bundesrat.de.

Personal data sent to the central address and stored in the organisational unit responsible for central distribution of messages shall be deleted after three years after being forwarded to the competent organisational units within the Bundesrat Secretariat.

In the organizational units, the data you have transmitted (e.g. surname, first name, address), encompassing at least the e-mail address, as well as the information contained in the e-mail (including any personal data you have transmitted) are stored for the purpose of establishing contact and processing your enquiry in accordance with the periods applicable to storage of written records. We store your data on particularly well-protected servers in Germany. Access is only possible for a few specially authorised individuals who are responsible for ensuring technical or editorial server support.

Processing of your data is based on Article 6 (1) (e), GDPR in conjunction with § 3, BDSG. Processing of the personal data you have transmitted is necessary for the purpose of processing your enquiry.

4.2. Contact via the contact form

You can contact the Internet editorial office of the Bundesrat Secretariat via this website using the form provided here.

The contents of the Bundesrat contact form are transmitted via an encrypted https connection.

If you use the contact form to communicate with us, you must first indicate your surname and first name as well as your e-mail address. Without these data, an enquiry submitted by contact form cannot be processed. In addition, the date and time of your enquiry and your IP address will be transmitted to us.
If we receive a message from you via the contact form or an e-mail, we assume that we are entitled to reply via e-mail. If this is not the case, you must expressly request another form of communication.

When using the contact form, the content of the data fields (first name and surname, e-mail, content of the message with any personal data that you transmit therein) is transmitted to the Internet editorial office of the Bundesrat Secretariat. The IP address of the sender is recorded. This also occurs as a general rule when sending a conventional e-mail to the address onlineredaktion@bundesrat.de. By activating the check-box and sending the contact form, you agree to transmission and storage of your personal data and IP address in accordance with Article 6 (1) (a), GDPR. Processing and temporary storage of personal data serve to respond to your enquiry within the framework of Article 17, Basic Law. The IP address is used only within the framework of state criminal prosecution and security measures in compliance with statutory provisions.

The data processing is carried out by staff in the Internet editorial office. The Internet editorial office stores your data only to address your enquiry and in keeping with statutory and contractual provisions. Your data will be deleted once your question has been answered, and at the latest after three years. If your enquiry cannot be handled in the Internet editorial office, it will be forwarded to the appropriate specialist department(s).

If you do not agree to processing of your data, you can interrupt the contact process at any time. If you do so, your message will not be sent.

4.3. Contact by letter

If you write a letter to the Bundesrat Secretariat, the data you provide (e.g. surname, first name, address) and the information contained in the letter (possibly personal data you have provided) will be stored for the purpose of establishing contact and processing your enquiry in accordance with the time limits applicable to retention of written records.

Please note that the data is processed on the basis of Article 6 (1) (e), GDPR in conjunction with § 3, BDSG. Processing of the personal data you have transmitted is necessary to deal with your enquiry.

4.4. Contact by phone

If you contact a member of staff by telephone, your personal data will be processed to the extent necessary to deal with your enquiry.

5. Conference calls and video conferences

5.1. Conference calls

Conference calls are conducted via Deutsche Telekom AG’s public network. Your personal data is not collected; dial-in to a conference call takes place via the keyboard of the telephone you are using. Your telephone number is displayed internally to the moderators hosting the call, with the final digits of your telephone number rendered illegible.

5.2. Video conferences within the networks of the federal government

If you are an employee of a federal authority participating in a video conference with employees of the Secretariat of the Bundesrat, we will process your name and contact information (e-mail address) in order to invite you to the conference via the “Wire” platform of Wire Swiss GmbH, Untermüli, 96300 Zug, Switzerland. Your details will be stored on servers in Germany and may only be viewed by the staff of the Secretariat of the Bundesrat who are involved in the conference. Neither the contents of the video conference nor any data that is exchanged as part of it will be stored. For the processing of your personal data by Wire Swiss GmbH, we refer to the “Wire” privacy policy, which may be accessed here.

5.3. Video conferences outside the networks of the federal government

If you participate in a video conference with members of the Bundesrat Secretariat but are not employed by a federal authority, we will process your name and contact details (e-mail address) in order to invite you to the conference via the “CMS-Bund” platform. The legal basis for this is Art. 6 (1) (e) and (2) GDPR in conjunction with § 3 BDSG [Federal Data Protection Act]and § 2 (1), 2nd sentence BDBOSG [Federal Act Establishing BDBOS] as well as Art. 6 (1) (a) GDPR. "CMS-Bund" is provided by the Federal Agency for Public Safety Digital Radio (BDBOS). Data from the video conference will not be transmitted to third parties. We shall send you supplementary information on data protection with the invitation to the videoconference.

6. Processing of Personal Data When Using Social Media

The Bundesrat uses the social media Twitter, Instagram, YouTube and Flickr. The Bundesrat cannot judge to what extent these networks offer their services in accordance with European data protection regulations. In order to fulfil its editorial remit on social media, the Bundesrat Secretariat processes data on persons who interact with the Bundesrat. This requires temporary data storage by a service provider. The data is stored on a server that is located in the European Union and includes: profile plus account name and picture, content of the enquiry as well as the latest tweets or posts. The data is stored for six months.

Please note that the data is processed on the basis of Article 6 (1) (e), GDPR in conjunction with § 3, BDSG. Processing of the personal data you have transmitted is necessary for the purpose of dealing with your enquiry.

In addition, we expressly draw your attention to the fact that the aforementioned services store their users’ data (e.g. personal information, IP address etc.) in accordance with their data utilization guidelines and use such data for business purposes. The Bundesrat Secretariat has no influence on this data collection or on subsequent use of such data by social media. It therefore has no information as to the extent to which, where and for how long the data will be stored, to what extent social media comply with existing deletion obligations, which evaluations and links will be made with the data and to whom the data will be transferred.

Information about which data is processed by Twitter and for which purposes can be found in Twitter’s privacy policy.

For information about which data Instagram processes and uses, see Instagram Privacy Policy.

Information about which data is processed by YouTube and for which purposes can be found in the privacy policy of YouTube or Google.

Information about which data is processed by Flickr and for which purposes can be found in Flickr Privacy Policy.

As all these companies are non-European providers, they take the view that they are not obliged to comply with German data protection regulations. This concerns, for example, your rights to information about, blocking or deletion of data or the option of objecting to utilization of usage data for advertising purposes.

7. Processing of Personal Data in the Context of Providing Information

7.1. Data for newsletter dispatch

If you subscribe to one of the Bundesrat’s newsletter mailing lists, your e-mail address, the date and time of registration and the type of newsletter you have chosen will be stored by us on a server. The data will be processed on the basis of your consent in accordance with Article 6 (1) (a), GDPR. We use this data exclusively for dispatch of the newsletter and for statistical evaluations. We do not transmit your data to third parties and do not use it for any other purposes.

The registration system with an additional confirmation message containing a link for definitive registration (double opt-in) ensures that you have explicitly requested the newsletter.

When you register, your details will be stored on our server and a confirmation message will be generated and sent to the email address provided, with a link for definitive registration. If you do not confirm your registration via the link in this e-mail, the data will be deleted after 48 hours.
Your data will be only stored for newsletter dispatch once you have confirmed your subscription via the link in this e-mail and for the duration of your subscription to our newsletter.

You can unsubscribe from our newsletters at any time if you no longer agree to storage of your data for this purpose and therefore no longer wish to use this service. The data you have provided will be deleted. Please follow this link to unsubscribe. In order to unsubscribe you will need the e-mail address you indicated when you registered.

7.2. Ordering printed materials

If you order information material (brochures, leaflets and other printed materials) via this website to be sent to you by post, your personal data must be processed in order to carry out pre-contractual measures and to fulfil the contract (provision of the products) pursuant to Article 6(1)(b), GDPR.

To enable us to process your order, the following personal data must be provided:

Surname
Street, house number
Postcode and city
E-mail

This data is processed within the context of the order. If the order cannot be fully processed by us, the data you have provided will be transmitted to third parties (shipping company, possibly other authorities or institutions if they will send the material you have ordered). If the aforementioned data is not available, the order cannot be processed. Additional information, such as form of address, first name, company and country are not necessary for processing, but serve to improve order processing.

The orders placed are stored and retained for about three months in case of any queries. The data is deleted after statistical recording of the material ordered.

7.3. Visits to the Bundesrat

The Bundesrat regularly receives groups for information visits. In order to grant access to the Bundesrat’s premises, the Bundesrat Secretariat must, for security reasons, collect data (participants’ first names, surnames, dates of birth) prior to such visits in order to fulfil its duties (public relations/specialised work) pursuant to Article 6 (1) (e), GDPR in conjunction with § 3, BDSG.

Further data, such as institution, type of school, class/year, association or mobility restrictions serve to better prepare for the visit; providing such data is optional. These data are processed on the basis of your consent in accordance with Article 6 (1) (a), GDPR. You can withdraw this consent at any time. Processing based on your consent continues to be legal until revocation of consent is received.

The data you have provided (first name and surname; date of birth) will be completely deleted immediately after your visit, at the latest after three months, as will any additional personal data that you have provided voluntarily.

By providing personal data, you consent to processing of this data for the aforementioned purpose.

8. Video Surveillance

The Bundesrat premises/grounds are monitored in outdoor areas with a video surveillance system to ensure Bundesrat house rules are respected and for the purposes of security and criminal prosecution. Data processing is conducted on the basis of Article 6(1)(e), GDPR in conjunction with Article 4, BDSG. Image recording occurs either permanently (24/7) automatically or when persons enter the monitored area. The recordings will only be evaluated in case of concrete suspicion and may if necessary be stored for longer periods. The data is stored on internal file servers with stringent access restrictions until storage capacity is full; the oldest data is subsequently overwritten. Due to the retention capacity, this cycle starts anew on average after 7 days.

If necessary, the video surveillance system can generate image files in response to a manual request. The data collected in this way may only be transferred to the competent investigating authorities if this is requested as part of a substantiated police measure or on the basis of a court order for the aforementioned purposes. Transfer of such data is documented accordingly. There is no data transmission in other cases and no automated data matching with other sources of information.

Right of access to data:
Any person claiming to have been within a monitored area during a specified time-period may request access to the recording if it is still available (please note the cycle for data deletion). For this purpose, the person in question may contact the Bundesrat Secretariat using the aforementioned channels.

9. Processing of personal data in the context of documentation of visitor details as a measure to combat the coronavirus pandemic

Due to the particular circumstances of the coronavirus pandemic, you are currently requested to enable contact tracking via the luca app when entering the Bundesrat building. This will allow contact tracing by the competent health authorities in the event of a suspected coronavirus case. The Bundesrat cannot access the data you enter in the luca app. For matters concerning processing of your personal data by the app, the Bundesrat refers to the data protection statement of the app provider culture4life GmbH, which you can view here.

10. Press Accreditation

Data collected in the context of press accreditation is collected and processed for the accreditation procedure. When using the registration form for a one-day accreditation, the content of the data fields (surname, first name, date and place of birth, medium for which the applicant works and their function there, e-mail address) is transmitted to the Bundesrat Secretariat. The IP address of the sender is not recorded.

Please note that processing of the data and content transmitted with the form (which may also contain personal data you have transmitted) is based on Article 6 (1) (e), GDPR in conjunction with § 3, BDSG for the purpose of processing your enquiry.

Accreditation is processed by staff in the Press Office of the Bundesrat Secretariat. The Press Office stores your data to process your enquiry and in accordance with statutory and contractual requirements. The data will be deleted at the end of the event that you are attending.

Your registration data will also be forwarded to the Federal Criminal Police Office (BKA). The information collected is used exclusively for the purpose of granting admission to the Bundesrat building for the notified purpose. The data will be deleted after the action has been completed. The BKA is entitled to collect, process and use personal data on the basis of §§ 22 in conjunction with 5 and 21 (1), sentence 2 or §§ 25 and 28, Act on the Federal Criminal Police Office (BKAG) in order to fulfil its duties of protection.
Accreditation cannot be provided if you do not consent to this processing of your data.

The contents of the accreditation form of the Bundesrat Secretariat are transmitted via an encrypted https connection.

9. Processing of personal data in the context of documentation of visitor details as a measure to combat the coronavirus pandemic

Due to the particular circumstances of the coronavirus pandemic, you are currently requested to enable contact tracking via the luca app when entering the Bundesrat building. This will allow contact tracing by the competent health authorities in the event of a suspected coronavirus case. The Bundesrat cannot access the data you enter in the luca app. For matters concerning processing of your personal data by the app, the Bundesrat refers to the data protection statement of the app provider culture4life GmbH, which you can view here.

11. Your Rights

You have the following rights vis-à-vis the Bundesrat Secretariat with regard to your personal data:

  • Right of access, Article 15 GDPR
    The right of access provides that data subjects shall have comprehensive access to data concerning them and to a number of other important criteria such as the purposes for which the data is processed or the duration of data retention. Exceptions to this right as stipulated in § 34, BDSG shall apply.
  • Right of rectification, article 16 GDPR
    The right of rectification refers to the possibility for data subjects to have corrections made to erroneous personal data about them.
  • Right to deletion, Article 17 GDPR
    The right to deletion includes the possibility for data subjects to have their data deleted by the person responsible. However, this is only possible if the personal data relating to the data subject is no longer necessary, is processed unlawfully or if consent to such processing has been withdrawn. Exceptions to this right as stipulated in § 35, BDSG shall apply.
  • Right to restrict processing, Article 18 GDPR
    The right to restrict processing involves the possibility for data subjects to prevent further processing of personal data concerning them for a period. A restriction arises above all when scrutiny/verification is underway concerning exercise of other rights by data subjects.
  • Right to object to collection, processing and/or use, Article 21 GDPR
    The right to object includes the possibility for data subjects to object on grounds relating to their particular situation to further processing of their personal data, insofar as this is justified by the exercise of public functions or by public or private interests. Exceptions to this right as stipulated in § 36, BDSG shall apply.
  • Right to data portability, Article 20 GDPR
    The right to data portability includes the possibility for data subjects to obtain personal data relating to them from the controller in a commonly-used, machine-readable format, in order to have them forwarded to another controller if necessary. Pursuant to Article 20(3), second sentence, GDPR, this right cannot be exercised if the data processing occurs for the performance of a task carried out in the public interest.
  • Right to withdraw consent, Articles 13 and 14 GDPR
    Insofar as the processing of personal data is carried out on the basis of consent, data subjects may withdraw this consent to data processing for a particular purpose at any time. Processing on the basis of the consent given continues to be lawful until notice of revocation is received.

You can exercise the aforementioned rights in writing using the contact information indicated in section 1.1.

Pursuant to Article 77, GDPR, you are also entitled to appeal to the data protection supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information.
You can also address questions and complaints to the Data Protection Officer in the Bundesrat Secretariat mentioned under point 1.1.

Effective 2021.04.22

Glossary

Data protection

You can decide here whether you authorise us to conduct completely anonymous collection and analysis of statistical information with the web analysis software Matomo, in addition to cookies required for technical purposes. Statistical information makes it easier for us to provide and optimise our website.

Statistical cookies are deactivated by default. If you agree to allow collection and analysis of statistical information, please activate the tick in the “Statistics” checkbox and click or tap the “Confirm selection” button. A unique web analysis cookie will subsequently be stored in your browser.

Please consult our privacy statement for further information on data protection.