Zur Suche und Sprachnavigation Zur Navigation Zum Inhalt Zur Fußzeile

Privacy Policy

As an agency of the Federal Republic of Germany without legal capacity, the Federal Ministry of the Interior, Building and Community (BBR) operates a website at the domain www.nachhaltigesbauen.de where it informs about Sustainable Building and makes information easily available to the public.

We process personal data only to the extent necessary. Which data are needed and processed for what purposes and on what basis depends on the type of service you choose and for what purpose the data are needed.

We have put technical and organizational safeguards in place to ensure that we and our external service providers comply with data protection law.

The BBR processes personal data in compliance with the EU’s General Data Protection Regulation (2016/679) and the Federal Data Protection Act (BDSG)

1. General Information

1.1 This website is published by the:

Federal Ministry of the Interior, Building and Community
Division Press; Internet
Alt-Moabit 140
10557 Berlin, Germany

Telephone: +49 30 18 681-0

1.2 Controller and data protection officer

The controller responsible for processing personal data is the:

Federal Office for Building and Regional Planning (BBR)
Deichmanns Aue 31 – 37, 53179 Bonn or Straße des 17. Juni 112, 10623 Berlin
Deutschland
Tel.: +49 228 99401-0 (Bonn) or +49 30 18401-0 (Berlin)
E-Mail:   zentrale(at)bbr.bund.de
zentrale(at)bbr.de-mail.de

If you have specific questions about how your privacy is protected, please contact our data protection officer:

Katharina Rodenbach
Deichmanns Aue 31 – 37, 53179 Bonn
Deutschland
Tel.: +49 228 99401-2423
E-Mail: datenschutz(at)bbr.bund.de

1.3. Personal data

The term "personal data" means all information related to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, identification number, location data or an online reference number.

1.4 Protection of minors

Anyone younger than 16 should not submit personal data to us without the consent of their parents or guardians.

1.5 Legal basis for processing personal data

The BBR processes personal data in carrying out its assigned responsibilities in the public interest. Its public responsibilities include in particular informing the public and thus making information available to the public through its website. The legal basis for processing in this case is Article 6 (1) (e) of the EU’s General Data Protection Regulation in conjunction with the relevant national or European law and with Section 3 of the BDSG. If personal data must be processed in the individual case to meet a legal obligation, Article 6 (1) (c) of the GDPR applies as well, in conjunction with the relevant legal provision on which the legal obligation is based.

If we obtain consent from the data subject to process personal data, Article 6 (1) (a) GDPR serves as the legal basis.

When processing personal data needed to fulfil a contract with the data subject, Article 6 (1) (b) GDPR also serves as the legal basis in the individual case. The same applies to processing needed to carry out pre-contractual measures. The BBR acts as a contracting party under civil law in particular with regard to staff recruitment and procurement.

If vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) (d) GDPR serves as the legal basis.

2. Data processing related to visiting this website

2.1 Data collection

Every time someone accesses our website and retrieves a file, data are temporarily saved in a log file.

Specifically, the following data are stored:

  • date and time of retrieval (time stamp) and the IP address of the device or server requesting access
  • details of the request and destination (log version, HTTP method, referrer, user agent string)
  • name of the file retrieved and amount of data transferred (requested URL and query string, size in bytes)
  • whether the request was successful (HTTP status code)

According to Article 6 (1) (e) GDPR in conjunction with Section 5 of the Act on the Federal Office for Information Security (BSI-Gesetz), we are also required to store data past the time of your visit in order to protect against attacks on the BBR’s Internet infrastructure and federal communications technology. These data are analysed and, in case of attacks on the communications technology, needed to initiate legal and criminal proceedings. These data are deleted as soon as they are no longer needed for official purposes.

Data logged when this website is accessed are shared with third parties only if we are legally obligated to do so, or if needed for legal or criminal proceedings in case of attacks on federal communications technology. Otherwise these data are not shared with third parties. The BBR does not combine these data with other data sources.

2.2 Session cookies

Cookies are used on the web pages for ordering our brochures and where banners are displayed. These cookies are valid for the time you visit our website. They are needed for the shopping cart feature and for displaying the banners. Cookies are used on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG in the context of informing the public in order to provide information on the BBR’s assigned tasks as needed.

Session cookies are small units of information which a website provider saves to the random access memory of the visitor’s computer. A session cookie contains a randomly generated, unique identification number, known as a session ID. A cookie also contains information on its origin and how long it may be saved. These cookies are unable to store any other data. The session ID is used to put the items you wish to order in your shopping cart.

Session cookies are deleted when you end the session, by closing your browser window or leaving the web page without completing your order. In this case, your shopping cart will be reset to zero and your items will not be ordered.

Every Internet browser can show you when cookies have been stored on your computer and what they contain. The websites of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security offer more detailed information.

Some cookies are permanent, in order to remember website visitors returning after a long absence. They are stored as text files on the hard drive of the visitor’s computer. We do not use such cookies on our website.

Most browsers accept cookies by default. However, storage of cookies can be disabled, or the browser can be set up to store cookies only for the duration of the individual Internet connection.

If you reject all cookies,

  • you will not be able to add multiple items to your shopping cart
  • and will have to order each publication individually.

2.3 Web analysis

Based on Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG, the BBR analyses information on website use for statistical purposes in the context of informing the public and in order to provide information on the BBR’s assigned tasks as needed.

It does so using the web analysis service Matomo/PIWIK.

When individual pages of our website are retrieved, the following data are stored:

  •  two bytes of the IP address of the user’s retrieving system (anonymous)
  •  the web page accessed
  •  the website from which the user arrived at the the web page retrieved (referrer)
  •  the sub-pages retrieved from the web page retrieved
  •  length of time spent on the page
  •  how often the web page was retrieved

For our web analysis, no cookies are placed on users’ computers. Nor are the data shared with third parties.

If you do not want these data from your website visit to be stored and analysed, although they are entirely anonymous, you can opt out below with a mouse click.

In this case, an opt-out cookie is saved to your browser, which means that Matomo will not collect any more session data.

3. Processing personal data when you contact us

Personal data are processed differently depending on how you contact us: via e-mail, online form, post or telephone (hotline).

3.1 Contacting the BBR via e-mail

You can contact the BBR using the central e-mail address zentrale(at)bbr.bund.de, the e-mail address of individual staff members or one of the BBR’s various special mailboxes.

Personal data sent to the central e-mail address and stored by the organizational unit responsible for distributing mail are deleted one year after they are forwarded to the responsible organizational units within the BBR. For more information on contacting the BBR’s public enquiry service, please see number 3.3.

The data you send (such as first and last name, address) and at least your e-mail address and the information contained in your message (including any personal data you provide) will be saved by the relevant organizational unit for the purpose of contact and responding to your message in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

3.2 E-mail addresses of third parties

This website can also provide e-mail addresses of third parties regarding specific topics. These addresses do not end in @bbr.bund.de. If you send a message to one of these addresses, the BBR is not responsible for processing the personal data. If you have any questions about how these third parties deal with your personal data, please contact them directly.

3.3 Contacting the BBR using the online form of the public enquiry service

If you use the online form of the public enquiry service to contact the ministry, you will need to provide your title (Mr, Ms, Dr), first and last name and e-mail address. Without this information, your message cannot be processed. A postal address is optional and enables us to respond by post, if requested. In addition, the date and time your message was sent will be transmitted to us.

If you send us a message via e-mail or the online form, we will assume that we are authorized to reply via e-mail. If not, please indicate how you wish to communicate with us.
The information provided through the BBR contact form is transmitted via an encrypted https connection.

Please note that the data transmitted with the online form and its content (which may also include personal information you provide) will be processed on the basis of Article 6 (1) (a) GDPR for the purpose of responding to your message.

Information submitted on this online form is transmitted only to the BBR public enquiry service. The sender’s IP address is collected as well. By ticking the box and submitting the form, you agree in accordance with Article 6 (1) (a) GDRP to have your personal data and IP address transmitted and stored. The processing and temporary storage of your personal data serve the purpose of responding to your message in the framework of Article 17 of the Basic Law. The IP address will be used only if needed for law enforcement and threat prevention purposes on the basis of applicable law.

You also agree that your message may be forwarded to third parties if necessary to answer your question.

Your enquiry, which you submitted using the online form, will be processed by the staff of our public enquiry service, who will store your data to respond to your message and in compliance with the legal and contractual requirements. The data will be deleted automatically after three years. If staff of the public enquiry service are unable to respond to your message, it will be forwarded to the appropriate body.

If your message is forwarded, it will be processed in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

If you do not consent to the processing of your data, you can cancel the process at any time, and your message will not be submitted.

3.4 Contacting the BBR by post

If you write a letter to the ministry, the data you send (such as first and last name, address) will be stored and the information contained in your letter (including any personal data you provide) will be saved for the purpose of contact and responding to your letter in accordance with the time limits for record retention given in the Registry Directive, supplemental to the Joint Rules of Procedure of the Federal Ministries (GGO).

Please note that the data will be processed in compliance with Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG. To respond to your message, it is necessary to process the personal data you provide.

3.5 Contacting the BBRby telephone

If you contact a ministry staff member by telephone, your personal data will be processed as far as necessary respond to your concern.

4. Your Rights

You have the following rights vis-à-vis the BBR with regard to personal data concerning you:

  • Right of access, Article 15 GDPR
    This right gives data subjects comprehensive access to data concerning them and to a few other key criteria, such as the purpose of processing or the length of storage. Exceptions to this right are governed by Section 34 BDSG.
  • Right to rectification, Article 16 GDPR
    This right enables data subjects to have inaccurate personal data concerning them to be corrected.
  • Right to erasure, Article 17 GDPR
    This right enables data subjects to have the controller delete personal data concerning them. However, such data may be deleted only if they are no longer needed, if they were processed unlawfully or if consent covering their processing has been withdrawn. Exceptions to this right are governed by Section 35 BDSG.
  • Right to restriction of processing, Article 18 GDPR
    This right enables data subjects to temporarily prevent further processing of personal data concerning them. Such a restriction is used above all when data subjects are examining whether to claim other rights.
  • Right to object, Article 21 GDPR
    This right enables data subjects to object in a special situation to further processing of personal data concerning them if such processing is justified by the performance of public tasks or by public or private interests. Exceptions to this right are governed by Section 36 BDSG
  • Right to data portability, Article 20 GDPR
    This right enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to transmit those data to another controller. According to Article 20 (3), second sentence of the GDPR, this right does not apply if the data processing is necessary for the performance of a task carried out in the public interest.
  • Right to withdraw consent, Articles 13 and 14 GDPR
    If the personal data are processed on the basis of consent, data subjects can withdraw their consent at any time for the purpose in question. The lawfulness of processing on the basis of the consent provided remains unaffected until notification has been received that consent has been withdrawn.

According to Section 57 BDSG, you have the right to information about your data; according to Section 58 BDSG, you have the right to have your data corrected or deleted and to restrict processing under the conditions given there. According to Section 51 BDSG, you also have the right to withdraw your consent.

You may claim these rights by sending e-mail to zentrale(at)bbr.bund.de or a letter to the BBR’s postal address given at the start of this document.

You also have the right to submit a complaint to the supervisory authority under data protection law (Federal Commissioner for Data Protection and Freedom of Information). You may also submit questions and complaints to the BBR Data Protection Officer at datenschutz(at)bbr.bund.de.