Data Privacy Statement
Data controller within the meaning of EU General Data Protection Regulation (GDPR) Art 4(7) and Germany's Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)
Welcome to the website digitaler-impfnachweis-app.de. In the following we provide you with information about the processing of your personal data when you use this website.
1. Controller and data protection officer
The so-called controller responsible for processing your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) is:
Robert Koch Institute (RKI)
represented by its president.
If you have any questions for our data protection officer (DPO), you can reach the DPO at:
Data protection officer
The RKI takes the protection of your personal data very seriously. Personal data means any information relating to an identified or identifiable person. This includes information that allows conclusions to be drawn about your identity. Further definitions of the terms used here (e.g. “processing”) can be found in Art. 4 GDPR. As a federal authority, the RKI is subject to the provisions of the GDPR and the BDSG.
2. Purpose and legal basis of data processing
Each time you call up the website, your browser automatically transmits data so that you can visit the website. This access data includes:
- IP address
- Date and time of retrieval (time stamp)
- Transmitted data volume (or packet length)
- Notification of whether the access was a success.
This processing is necessary in order to display the website. The legal basis for the processing is Sect. 3 BDSG.
3. Making contact
You can reach us at the contact details above. If you contact us, we will collect and store your contact details and information relating to your request. As a rule, we will store your data as a telephone note if you call us, as a printout if you fax us, and electronically and/or as a printout if you email us.
This processing is necessary in order to deal with your request. The legal basis for the processing is Sect. 3 BDSG.
4. Storage period
The RKI stores the log files described in Section 2 for up to 30 days. Your data will be stored in accordance with the guidelines on processing and managing written records in federal ministries, which have been implemented at the RKI as the Records Management Guidelines (RegR).
In connection with the operation of the website, the RKI uses the Federal Institute for Drugs and Medical Devices (BfArM), Kurt-Georg-Kiesinger-Allee 3, 53175 Bonn as a service provider. The BfArM processes the personal data on behalf and at the instruction of the RKI (meaning it is a so-called processor under data protection law). The RKI has concluded a separate agreement with the BfArM to guarantee compliance with the data protection requirements. The BfArM also uses other service providers (Amazon Web Services Sàrl), which may also receive personal data. The service providers provide different features of the website. To safeguard your rights, contracts have also been concluded with these service providers.
6. Transfers to third countries
The website uses a so-called content delivery network (CDN) of the service provider Amazon Web Services Sàrl. A CDN is a network of regionally distributed servers that are used to make the contents of the website available to you securely, efficiently and quickly, even if you access the website from outside Germany.
When calling up the website, especially from outside Europe, it is possible that personal data may be transferred to countries outside the European Union or the European Economic Area. For some of these countries, there is no Commission adequacy decision (Art. 45 GDPR). If personal data is transferred there, then there is a risk that authorities will record and analyse it and that your rights as a data subject cannot be enforced. For this reason, the data transfer is limited to what is strictly necessary. Standard contractual clauses have been concluded with the service provider to ensure an adequate level of data protection.
7. Your data protection rights (rights of the data subject)
If the RKI processes your personal data, you have the following data protection rights in accordance with the legal requirements:
- The right to obtain access to your personal data, and information about its processing, at any time (Art. 15 GDPR),
- the right to have inaccurate data rectified or incomplete data completed (Art. 16 GDPR),
- the right to have data erased or its processing restricted (e.g. if you withdraw your consent or the processing is unlawful) in accordance with the legal requirements (Art. 17, 18 GDPR),
- the right to object to data processing which, based on a legitimate interest of the RKI, is carried out for the performance of public tasks or in the exercise of official authority (Art. 21 GDPR),
- the right to contact the RKI’s data protection officer and raise your concerns (Art. 38(4) GDPR) and
- the right to lodge a complaint with a supervisory authority for data protection (e.g. the Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Straße 153, 53117 Bonn, +49 (0)228-997799-0, email: poststelle(at)bfdi.bund.de, http://www.bfdi.bund.de) (Art. 77(1) GDPR).
8. Contents of other providers
This website contains links to other websites. The RKI has taken the greatest possible care when including links to content on third-party websites (“third-party content”). These links merely provide access to third-party content. Special attention has been paid to the trustworthiness of third-party providers and the accuracy and legality of third-party content.
However, as the content of websites is dynamic and can change at any time, it is not always possible to regularly check the linked content in each case. The RKI therefore expressly distances itself from third-party content that is linked to its own website. In each case, the provider of the linked page is solely liable for damage and legal infringements resulting from the use or non-use of third-party content. This does not affect obligations to remove or block the use of information in accordance with general laws. However, liability in this regard is only possible from the point in time when a concrete infringement becomes known. If we become aware of any such legal infringements, we will remove the relevant content immediately.
The RKI does not check and has no way of influencing whether the operators comply with data protection provisions.
9. Social media
The RKI takes the current discussion about data protection in social networks very seriously. It has not yet been finally clarified from a legal point of view whether and to what extent all networks offer their services in accordance with European data protection provisions.
For this reason, we expressly draw your attention to the fact that the services used by the RKI – Twitter, Instagram and YouTube – store the data of their users (e.g. personal information, IP address) in accordance with their own data usage policies and use it for business purposes.
The RKI has no influence on social networks’ collection and further use of such data. For example, it is not clear to what extent, where, and for how long the data is stored, to what extent the networks comply with their erasure obligations, whether and how the data is evaluated and combined, and to whom the data is passed on.
10. Our content
Insofar as the contents of these pages contain legal provisions, official references, recommendations or information, the greatest possible care has been taken when preparing these. However, in the event of any discrepancy, only the current official version as published in the designated official gazette shall apply. Any legal notes, recommendations and information are non-binding. The information provided does not constitute legal advice.
The RKI shall not be liable for any damage or legal infringements resulting from the use or non-use of the information provided.
In the case of its own content, the RKI holds the copyright for texts and images. Texts, parts of texts, graphics, tables or image material made available on this website, insofar as they are protected by copyright, may not be duplicated, distributed or exhibited without the prior consent of the RKI.
Version: 1.4/ Last amended: 27 July 2021