Privacy terms
Bundesdruckerei GmbH is part of the funded IDunion research project. The project’s aim is to create an open ecosystem for decentralised identity management, which can be used worldwide and is based on European values and regulations. This internet service serves as a technology demonstrator for project results. This includes the implementation of issuance and verification services that implement emerging standards, such as OpenID for Verifiable Credential Issuance or IETF Selective Disclosure for JWT.
1. Controller
The data controller for the provision of the website and related functions as described within this data protection information is Bundesdruckerei GmbH, Kommandantenstraße 18, 10969 Berlin, Germany. You can reach the data protection officer of Bundesdruckerei GmbH at the above address by adding ‘An den Datenschutzbeauftragten’ (To the data protection officer) and also by e‑mail at: datenschutz@bdr.de
2. Processing of personal data when using our online services
2.1 Data categories, purpose of processing and legal basis
We regularly process the following personal data when you use this service:
Personal data, such as
- contact data, e.g., first and last name, e-mail address, which you yourself enter voluntarily within the scope of Bundesdruckerei decentral identity test services,
- information that is automatically sent to us by your web browser or device, such as your IP address, device type, browser type, previously visited web pages, visited sub-pages or date and time of the respective visitor request.
We process your personal data for the following intended purposes:
- to enable you to make use of the services and functions offered online
The processing of personal data is necessary in order to achieve the aforementioned purposes. Details can be found below in this data protection information. Detailed information is provided on the individual processing series and the legal basis for processing your personal data.
2.2 Use of cookies
When you visit our website, we collect data while connected via your internet browser and using technically required so-called session cookies. These session cookies enable us to provide the various websites of the Bundesdruckerei Group. They expire when the session ends.
Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent. When cookies are set, the following information is sent to the party that set the cookie (in this case, to us):
- date and time the website was accessed,
- web browser and operating system used,
- complete IP address of the requesting computer,
- volume of data transferred.
The legal basis for the storage of information in the end user’s device is Sec. 25 (2) No. 2 TTDSG. The use of session cookies is absolutely necessary so that we, as the provider of the Bundesdruckerei Group websites (telemedia service), can provide this expressly requested telemedia service.
2.3 Log file processing
Every time this website is accessed or every time a file is retrieved, data about this process is temporarily processed in a log file. The following data is stored:
- date and time the website was accessed,
- web browser and operating system used,
- complete IP address of the requesting computer,
- volume of data transferred.
In the event of attacks (e.g., DDoS attacks) on the communication systems, this data is analyzed and, if necessary, used to initiate legal and criminal prosecution. These log files are deleted after seven days at the latest. The legal basis for this processing of your personal data is Art. 6 (1) (f) GDPR. Our legitimate interest is the investigation of security-related incidents.
3. PID Issuer Service
Issuance of demo digital verifiable credential. For this purpose, test data will be used that is either a predefined set of static data or data read from a test Personalausweis. No userdata is needed or supplied.
4. Storage periods
If no explicit storage period is specified during collection (e.g. within the scope of a declaration of consent), personal data will be deleted as soon as it is no longer required for the intended purpose, unless statutory storage obligations (for instance, storage obligations under commercial and tax law) prevent deletion.
5. Rights of data subjects
Under applicable data protection law, you generally have the following data subject rights:
The right
- to request confirmation as to whether personal data about you is being processed and to receive information about the personal data processed as well as further information (see Art. 15 GDPR),
- to request the correction of inaccurate personal data (see Art. 16 GDPR),
- to request the deletion of processed personal data (see Art. 17 GDPR),
- to request the restriction of the processing of personal data (see Art. 18 GDPR),
- to receive personal data provided by you, in a structured, customary and machine-readable format or to request that the personal data be transmitted to a third party (see Art. 20 GDPR),
- to object to data processing carried out on the basis of Art. 6 (1) (f) GDPR or for the purpose of direct advertising (see Art. 21 GDPR),
- to revoke consent at any time with effect for the future. Revocation is only effective for the future and will not affect the lawfulness of the processing of personal data up until revocation.