Data protection statement

1. General

(1) The operator of the BQ portal, the Federal Ministry for Economic Affairs and Climate Action, takes the protection of your personal data very seriously. All data collected will be used solely in the operation of the BQ portal. This data will not be sold.

The following declaration is intended to provide an overview of how we guarantee to safeguard all data, and of what kind of data we collect and for what purpose. In this context, please also note our current Terms and Conditions of Use.

(2) Responsibility for the processing of personal data lies with

Federal Ministry for Economic Affairs and Climate Action
Scharnhorststr. 34-37
10115 Berlin
Postal address: 11019 Berlin
Email: info@bmwk.bund.de
Website: www.bmwk.de
Phone: +49 (0)30 186150

This website is operated on behalf of the ministry by German Economic Institute (IW), Research Unit Vocational Education and Training, Postfach 10 19 42, 50459 Cologne 0221 4981-873, email: projektbuero@bq-portal.de.

If you have any specific questions about the protection of your data at the Federal Ministry for Economic Affairs and Climate Action, please contact the ministry’s Data Protection Officer:

Data protection officer for the Federal Ministry for Economic Affairs and Climate Action
Scharnhorststr. 34-37
10115 Berlin
datenschutzbeauftragte@bmwk.bund.de

(3) Legal basis for the processing of personal data

The Federal Ministry for Economic Affairs and Climate Action processes personal data as it carries out the tasks of public interest that are assigned to it. These public duties particularly include public relations work, which also involves providing information for the public on this website. The processing of personal data in this context is based on Art. 6 (1) (e) General Data Protection Regulation (GDPR) in conjunction with the relevant national or European standards, or in conjunction with Section 3 of the Federal Data Protection Act. The same applies to applications made to the Federal Ministry for Economic Affairs and Climate Action, the processing of which requires the ministry to process personal data (e.g. applications for funding or for access to information under the German Freedom of Information Act, the Environmental Information Act or press law). Insofar as the processing of personal data is, in individual cases, required in order to fulfil a legal obligation, this is based on Article 6 (1) (c ) GDPR in conjunction with the relevant legal provisions under which the legal obligation arises.

Insofar as we obtain the consent of the data subject to process his/her personal data, this is based on Art. 6 (1) (a) GDPR.

In individual cases, the processing of personal data required for the performance of a contract to which the data subject is a party is based on Art. 6 (1) (b) GDPR. This also applies to processing operations necessary for the implementation of pre-contractual measures. As a contracting party under civil law, the Federal Ministry for Economic Affairs and Climate Action is particularly active in the field of personnel recruitment and procurement.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, this is based on Art. 6 (1) (d) GDPR.

2. Registering for the portal

In order to make full use of the BQ portal and to access all of the information published, users must register and log in. Non-registered users only have access to the information that is publicly available.

The operator of the BQ portal accepts no responsibility for the loss of the password and for any loss or damage incurred by the user as a result of this. The user must ensure that he or she uses a password that is as secure as possible and keeps this secret from third parties, including BQ portal staff.

3. Collection of personal data when you visit our Website

(1) If you use this website for purely informational purposes, i.e. you do not register or provide us with information in any other way, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you, to guarantee its stability and ensure it remains secure (based on Art. 6 (1) sentence 1 (f) GDPR):

- IP address

- Date and time of the request

- Time-zone difference to Greenwich Mean Time (GMT)

- Content of the request (specific page)

- Access status/HTTP status code

- Amount of data transferred in each case

- Website from which the request originates

- Browser

- Operating system and interface

- Language and version of the browser software

(2) The data collected electronically and in writing during the registration process will be stored by the operator of the BQ-Portal and used only for the contractually agreed purposes (including identifying the user during the registration process, checking the user’s affiliation to a competent authority and their role there). All data collected by the operators of the BQ portal will be stored either electronically or in written form.

(3) The operator of the BQ-Portal informs registered users about news and portal-changes by sending out e-mails to the users’ addresses (Infomail). Users have the right to cancel consent at any time by  e-mail or in writing.

Additionally, Name and Title are required for receiving the Infomail in order to address the registered users personally. This is based on Art. 6 (1) sentence 1 (a) GDPR.

We would like to point out that we evaluate your user behaviour when sending the newsletter. In order to conduct this evaluation, the emails sent contain web beacons or tracking pixels, which are one-pixel image files stored on our website. The evaluations involve linking the data mentioned in Section 3 and the web beacons with your email address and an individual ID. The data is exclusively collected using a pseudonym, so the IDs are not linked to your other personal data, making it impossible for them to be related back to a specific individual.

To send out the newsletter and collect tracking data, we use services provided by Cleverreach. You can find further information on the third party provider’s data protection at Datenschutzerklärung von CleverReach

(4) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard drive which are assigned to the browser you are using and through which certain information flows to the location that has set the cookie (in this case, to us). Cookies cannot launch and operate programmes or transmit viruses to your computer. They serve to make internet services more user-friendly and efficient.

Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

- Transient cookies (see b)

- Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close your browser. This particularly includes session cookies. These store a ‘session ID’, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised again when you return to our website. Session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies via the security settings for your browser at any time.

d) You can configure your browser settings according to your wishes and, for example, refuse to accept all third-party cookies or all cookies in general. We draw your attention to the fact that depending on which settings you select, you may not be able to use all the functions of this website.

e) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects store the required data regardless of the browser you are using, and do not have a date on which they automatically expire. If you do not want the Flash cookies to be processed, you must install an appropriate add-on, such as Better Privacy for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in private mode. We also recommend that you delete your cookies and browser history manually on a regular basis.

4. Right of access and corrections

The user has the right to check all data related to his or her person that is stored with the operator, and to correct it if it is outdated or not correct. The user can contact the project office for this purpose (projektbuero@bq-portal.de).

5. Data security

We maintain up-to-date technical measures to ensure data security, especially to protect your personal data from risks during data transmission and from access to the information by third parties. Each of these measures is suitably updated to the current state of technology.

6. Disclosure of data to third parties

(1) Personal data will only be made available to third parties if the operator uses this data to operate the BQ portal. An example is the service provider that hosts the BQ portal and the data generated via the portal. The third parties entrusted with providing this type of service will be obligated by the operator of the BQ portal to observe the statutory provisions (for example, the Federal Data Protection Act).

Insofar as the operator is bound to do so by statute or by court order, the data will be provided to authorities entitled to receive such information.

Apart from this, no data will be transferred to third parties without the express permission of the respective user.

(2) An exception to this is the portal’s editor search function for registered users for the purposes of establishing contact within the password-protected area. The “user name”, “chamber affiliation”, “country expertise”, “language expertise” and “professional expertise” fields (where these have been completed) can be found by other registered users via the search function. If a user explicitly agrees that all of the data provided by him or her can be found, then this is completely visible to other registered users.

The operator of the portal points out that information disclosed in the forum area, for example, can also be viewed by other users. Users are obliged to exercise the appropriate care when publishing content.

7. Filing an objection/revoking consent to our processing your data

(1) If you have given your consent to the processing of your data, you can revoke it at any time. Once you have revoked your consent, the permissibility of your personal data being processed is altered.

(2) Insofar as we base the processing of your personal data on a weighing up of interests, you may file an objection to us carrying out this processing. This is the case if the processing of this data is, in particular, not necessary in order to fulfil a contract with you, which is indicated by us in each case. In the event that you wish to file an objection, we ask you to explain the reasons why we should cease to process your personal data. If you then file an objection in which you state the relevant reasons, we will examine the facts and either discontinue or adapt the processing or will set out compelling reasons as to why we will continue to process the data concerned.

(3) You may, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to the processing of your personal data for advertising purposes by writing to us at the following: German Economic Institute (IW), Research Unit Vocational Education and Training, Postfach 10 19 42, 50459 Cologne 0221 4981-873, email: projektbuero@bq-portal.de.

8. Deletion of personal data

The data collected during registration will be set to inactive following a cancellation, but will not be deleted from the system. This ensures that no one is able to access the profile of a user who has de-registered, and that the document histories of texts and entries to which the user has contributed remain intact.

The registration or newsletter receipt can be suspended by the user.

The data will be saved if a statutory or contractual storage period applies.

9. Use of Matomo

 (1) This website uses Matomo web analysis services to analyse and regularly improve the use of our website. The statistics obtained will enable us to improve our services and make them more useful and attractive to you as a user. The use of Matomo is based on Art. 6 sentence 1 (f) GDPR.

(2) In order to undertake this evaluation, cookies (more details in Section 3) are stored on your computer. The party responsible stores the information collected in this way on its server in [Germany] only. You can influence the evaluation by deleting existing cookies and preventing cookies from being stored. If you prevent cookies from being stored, we point out that you may not be able to use this website in its entirety. You can prevent cookies from being stored via your browser settings. You can prevent Matomo from being used by removing the following tick and activating the opt-out plug-in:

3) This website uses Matomo along with the extension AnonymizeIP. This means that IP addresses are further processed in a shortened form and, in turn, that personal data cannot be related back to a specific individual. The IP address transmitted by your browser via Matomo is not merged with any other data we collect.

(4) Matomo is an open source programme. You can find information on data protection undertaken by the third party provider at https://matomo.org/privacy-policy/

10. Use of social media plug-ins

 (1) We currently use the following social media plug-ins: Facebook, Twitter, Xing, Google+.

We use a two-click solution for this. This means that when you visit our site, as a basic rule, no personal data is passed on to the providers of the plug-ins. You can see who the provider of the plug-in is by looking at the name given in the title line or by hovering the mouse over the logo or the button. We have made it possible for you to communicate directly with the provider of the plug-in by providing a button. The plug-in provider will only receive information that you have accessed the relevant page of our online service if you click on and thereby activate the marked field. In addition, the data mentioned under Section 3 of this declaration will also be transmitted.

According to information provided by the respective providers of Facebook and Xing in Germany, IP addresses are made anonymous immediately after they are collected. By activating the plug-in, your personal data are transferred to the respective plug-in provider and stored by them at their location (e.g. in the case of US providers, this information is stored in the USA). As the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.

(2) We have no influence on the data collected and the data processing operations used, nor are we aware of the full scope of data collection, the purposes of processing, or the periods of data retention. In addition, we do not have any information relating to deletion of the data collected by the plug-in provider.

(3) The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or needs-based website design. This data (including that of users who are not logged in) is evaluated in particular in order to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and can exercise this right by contacting the respective plug-in provider. The plug-ins make it possible for you to interact with social networks and other users and thereby enable us to improve the services we offer and make them more attractive and useful to you as a user. The use of plug-ins is based on Art. 6 sentence 1 (f) GDPR.

(4) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in with them. If you are logged in with the plug-in provider, the data that we collect about you will be directly assigned to your existing account with this provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, as this allows you to avoid data about you being assigned to your profile at the plug-in provider.

(5) Further information on the scope of data collection and processing by the plug-in provider and on the purposes for which it is used can be found in the following data protection statements published by these providers. These also contain further information on associated rights and on the different privacy protection settings that are available.

(6) The addresses of the respective plug-in providers and the URLs where their data protection information can be found are as follows:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/. Google has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; twitter.com/privacy. Twitter has committed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

11. Embedding of YouTube videos

(1) We have embedded YouTube videos on our website which are stored at www.YouTube.com and can be played directly from our website. These are all embedded in the extended data protection mode, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. The data referred to in paragraph 2 are transmitted only if you play the videos. We have no influence on the transmission of this data.

(2) If you visit the website, YouTube receives the information that you have accessed the corresponding page of our website. In addition, the data mentioned under Section 3 of this declaration will also be transmitted. This occurs regardless of whether you have a YouTube user account that you are logged in to, or whether you do not have such an account. When you are logged in to Google, your information will be directly associated with your account. If you do not wish your profile to be associated with YouTube, you must log out before activating the button. YouTube stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or needs-based website design. This data (including that of users who are not logged in) is evaluated in particular in order to develop targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and can exercise this right by contacting YouTube.

(3) Further information on the scope of data collection and processing undertaken by YouTube and on the purposes for which it is used can be found in its data protection statement. This also contains further information on your rights and on the different privacy protection settings that are available: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

12. Your rights

You have the following rights with regard to the personal data concerning your person:

  • Right of access, Art. 15 GDPR

The right of access confers on the data subject a comprehensive right of access to the data concerning his/her person and to certain important information-related criteria, such as the purposes for which it is processed or the duration for which it will be stored. The exceptions to this right regulated in Section 34 Federal Data Protection Act apply.

  • Right to rectification, Art. 16 GDPR

The right of rectification includes the possibility for the data subject to have inaccurate personal data corrected.

  • Right to erasure, Art. 17 GDPR

The right to erasure includes the possibility for the data subject to have data deleted by the party responsible. However, this is only possible if the personal data concerning his/her person are no longer needed, are processed unlawfully or if the relevant consent has been revoked. The exceptions to this right regulated in Section 35 Federal Data Protection Act apply.

  • Right to restriction of processing, Art. 18 GDPR

The right to restrict the processing includes the possibility for the data subject to prevent further processing of personal data concerning his/her person for the time being. A restriction particularly occurs pending verification of the exercise of other rights of the data subject.

  • Right to object to collection, processing and/or use, Art. 21 GDPR

The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data, insofar as this is justified by the exercise of public functions or of public or private interests. The exceptions to this right regulated in Section 36 Federal Data Protection Act apply.

  • Right to data portability, Art. 20 GDPR

The right to data portability includes the possibility for the data subject to obtain the personal data concerning his/her person from the person responsible in a standard, machine-readable format, in order to be able to forward them to another person responsible if necessary. According to Art. 20 (3) sentence 2 GDPR, however, this right does not apply if the data processing serves the performance of public tasks.

  • Right to revoke consent, Art. 13 and 14 GDPR

If personal data is processed on the basis of consent, the data subject may revoke such consent at any time for the purpose for which it was given. The lawfulness of the processing undertaken on the basis of this consent remains unaffected until receipt of the revocation.

You can assert the aforementioned rights in writing using the contact details set out in Section 1.

Pursuant to Art. 77 GDPR, you also have the right to appeal to the data protection supervisory authority: the Federal Commissioner for Data Protection and Freedom of Information.

You can also contact the Data Protection Officers under Section 1 if you have any questions or complaints.

13. Alteration of the privacy policy (reservation of the right to make changes)

These data protection notices may be altered at any time in compliance with the applicable data protection regulations. The version valid at the time of your visit shall apply.