Data protection policy

This section provides you with information on how personal data are processed by the operator of the website, the Federal Ministry of Justice and Consumer Protection ().

Personal data are information about or relating to a person (e.g. name, address, postal address, telephone number, IP address) that can be used to ascertain the identity of that person. Personal data are any information relating to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly – in particular by linking them to an identifier such as a name, identification number, location data or an online identifier.

1. Controller and data protection officer

Responsibility for the processing of personal data lies with the

Federal Ministry of Justice and Consumer Protection
Mohrenstr. 37
10117 Berlin, Germany

If you have specific questions about your data, please contact the

Responsible Data Protection Officer
Federal Ministry of Justice and Consumer Protection
Mohrenstr. 37
10117 Berlin, Germany
Tel.: +49 (0)30/18 580-0

Should you believe that your rights have been infringed through the processing of your personal data by the , you may appeal to the Federal Commissioner for Data Protection and Freedom of Information.

If you have any questions about data protection at the European Commission, you can find out more on the Commission's website.

2. Data processing for visits to this website

Every time you visit our website, data is collected that are necessary for security reasons and to provide and optimise a functional website as well as our content and services. These include the following:

  • your IP address,
  • name of the file accessed,
  • date and time of access,
  • amount of data transmitted,
  • notification of whether the file was accessed successfully.

The data are temporarily processed in a log file. Prior to storage, each data record is anonymised by changing the IP address.

The anonymised data are stored on a server provided by the agency “Super an der Spree” past the time of your visit to the website. We are obliged to do this under Article 6 (1) (e) and (3) (b) of the General Data Protection Regulation (GDPR) in conjunction with section 5 of the Act on the Federal Office for Information Security (BSI Act), in order to protect against attacks on the ’s internet infrastructure and federal communications technology. These data are analysed and are required in the event of attacks on the communications technology.

Data collected from visits to the website and stored in log files are shared with third parties only if we are legally obliged to do so, or if needed for legal or criminal proceedings in cases of attacks on federal communications technology. Otherwise, these data are not shared with third parties.

Accessing individual pages generates transient cookies to facilitate navigation. These session cookies contain no personal data and expire at the end of the session.

The website does not make use of technology that allows user access behaviour to be monitored, such as Java applets or activeX controls.

3. Web analytics with Fathom

This website uses the web analytics service Fathom. Fathom does not use cookies and does not store any personal information about you.

The use of this analysis tool is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising. Fathom’s data protection policy

4. Processing of personal data when you submit details and make enquiries

Whenever you submit details or make enquiries, we only process the data that are necessary to communicate with you and to appropriately document the ’s administrative activities. This includes in particular personal information (e.g. surname, first name, address, e-mail address, etc.) that we have directly received from you, as well as information about the method you chose to contact us. The processing of this data is necessary in carrying out our responsibilities (see Article 6 (1) (e) and (3) (b) of the General Data Protection Regulation (GDPR) in conjunction with section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)).

We will only share the data received from you with third parties if you have given your explicit consent thereto, or if we are required to do so by law or by reason of a court decision. The storage of submitted details and enquiries in electronic form – as well as in paper form – is carried out in accordance with the statutory periods for retaining records as specified in the Registry Directive, which supplements the Joint Rules of Procedure of the Federal Ministries. As a rule, the respective retention periods are 10 years.

a) Newsletter mailing

If you sign up to be on the CDR Initiative's newsletter mailing list, your e-mail address, your choice of newsletter and your individually selected user name (optional) will be stored on a server. The processing of the data is carried out on the basis of your consent pursuant to Article 6 (1) (a) GDPR. We use these data to send out the newsletters. We do not share your data with third parties and do not use them for any other internal purposes.

When you register, your data are stored on our server and an e-mail confirming the registration is sent to the e-mail address you provided; this e-mail contains a link which you must click on in order to finalise the registration. If you do not click on the link to finalise registration, the data will be deleted after 24 hours. Furthermore, if you choose to cancel the newsletter subscription, your data will be deleted immediately.

b) Registering for events at the

If you wish to attend an event at the , you will usually have to register in advance. For security reasons, we must ask you to provide us in advance with your first and last names and your date and place of birth. This allows us to carry out our responsibilities (public relations work) pursuant to Article 6 (1) (e) and (3) (b) GDPR in conjunction with section 3 BDSG. These data are passed on to the Federal Police responsible for carrying out the identity checks at the entrance.

The requested data are transmitted from an encrypted online form on our website to the responsible department in the Ministry, processed there and fully deleted one week after the event. During the registration process, however, you have the option of allowing us to permanently store your data in an invitation mailing list, in order to be able to invite you to specific events held at the Ministry in future. You can withdraw your consent to the storage of your data at any time by using this form.

Filming and photography: At some events, photographs and film footage are produced as part of the ’s press and public relations work. Notification of this fact is generally provided when entering the event. The resulting material may be published through our website, social media channels, print media and other formats.

The legal basis is Article 6 (1) (e) and (3) (b) GDPR in conjunction with section 3 BDSG and section 23 of the Art Copyright Act (Kunsturhebergesetz). If you do not consent to images being taken and published, please notify the photographer responsible for producing the material (if possible directly).

c) Oversight within the ’s remit

The ’s remit includes the Federal Court of Justice, the Federal Administrative Court, the Federal Fiscal Court, the Federal Public Prosecutor General, the Federal Patent Court, the German Patent and Trade Mark Office and the Federal Office of Justice. In the context of exercising oversight over these courts and authorities, it is possible for transmitted personal data to be processed.

5. Video surveillance

The premises at Mohrenstraße 37 in Berlin are monitored by a video system in order to supervise adherence to the house rules. The exterior of the building is also monitored for the purposes of threat prevention and criminal prosecution. This video monitoring is carried out by the Federal Police as the controller pursuant to section 5 in conjunction with section 27 of the Act on the Federal Police (Bundespolizeigesetz, BPolG). Insofar as collected data are not required for preventing a current danger or for prosecuting a criminal/regulatory offence, the deletion periods stipulated in section 27 BPolG apply.

The premises at Friedrichstraße 191 and at Leipziger Straße 127–128 in Berlin are monitored by a video system in accordance with to Article 6 (1) (e) and (3) (b) GDPR in conjunction with section 4 BDSG in order to supervise adherence to the house rules and to prevent threats. The controller is the . The monitoring involves no recording or storage of data.

6. Rights of data subjects

Responsibility for the processing of personal data lies with the – both in its capacity as a contracting party under civil law and as part of its obligation to perform public responsibilities. Data subjects therefore have the following rights under the GDPR:

a) Right of access – Article 15 GDPR

The right of access gives data subjects comprehensive access to data concerning them and to several other key criteria, such as the purpose of processing or the duration of storage. Exceptions to this right are governed by section 34 BDSG (Federal Data Protection Act).

b) Right to rectification – Article 16 GDPR

The right to rectification enables data subjects to have inaccurate personal data concerning them corrected.

c) Right to erasure – Article 17 GDPR

The right to erasure enables data subjects to have the controller erase personal data concerning them. However, such data may be erased only if they are no longer necessary, if they were processed unlawfully, or if consent to their processing has been withdrawn. Exceptions to this right are governed by section 35 BDSG.

d) Right to restriction of processing – Article 18 GDPR

The right to restriction of processing enables data subjects to temporarily prevent further processing of personal data concerning them. Such restrictions mainly occur during the examination period of other rights being exercised by the data subject.

e) Right to data portability – Article 20 GDPR

The right to data portability enables data subjects to receive the personal data concerning them in a commonly used and machine-readable format from the controller and to have this data transmitted to another controller. According to Article 20 (3), second sentence, of the GDPR, this right does not, however, apply if the data processing is necessary for the performance of public responsibilities. At the , this is always the case except where the processing of personal data is carried out for taxation purposes.

f) Right to object – Article 21 GDPR

The right to object enables data subjects to object in a particular situation to further processing of personal data concerning them where such processing is based on the performance of public responsibilities or on public or private interests. According to section 36 BDSG, this right does not apply if the respective public body is obliged by law to process the data.

g) Right to withdraw consent

If the personal data are processed on the basis of your consent (Article 6 (1) (a) GDPR), you can withdraw your consent at any time for the purpose in question. The lawfulness of the processing based on your provided consent remains unaffected until notification has been received that your consent has been withdrawn.

7. Possibility to submit a complaint

You can submit a complaint regarding the ’s processing of data to the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit), which is responsible for supervising the data protection activities of the federal authorities. It can be contacted at the following address:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit,

Graurheindorfer Str. 153
53117 Bonn, Germany

8. Social media integration: YouTube

Zustimmung für Inhalte von Drittanbietern: Nutzerinnen und Nutzer können der Anzeige von eingebetteten Inhalten von Drittanbietern auch permanent zustimmen. Die Auswahl wird daraufhin dauerhaft im Internetbrowser des Nutzers gespeichert. Die Einwilligung kann hier jederzeit widerrufen werden:

Details zu einzelnen Drittanbietern: Unter den folgenden Links können Sie sich über die Datenschutzhinweise der einzelnen Drittanbieter informieren.

Consent for third-party content: Users also have the option of permanently consenting to the display of embedded content from third-party providers. Once selected, this option is then permanently stored in the user's internet browser. Consent can be revoked here at any time:

Details of individual third-party providers: You can consult the data protection information of the individual third-party providers using the following links.

YouTube Content from YouTube: Via the YouTube player, videos are integrated into the website. For Google's data protection information, please see here.

Inhalte von Youtube: Mit dem YouTube-Player werden Videos in das Internetangebot integriert. Zu den Datenschutzhinweisen von Google:

9. Information on the use of cookies

Extent of processing of personal data

We integrate and use cookies on various pages in order to enable certain functions on our website and to integrate external web services. Cookies are small text files that your browser can store on the device you are using to access the website. These text files contain a unique string of characters that clearly identifies the browser when you return to our website. The process of saving a cookie file is also referred to as "setting a cookie". Cookies can be set both by the website itself and by external web services.

Legal basis for the processing of personal data

Article 6(1)(f) of the GDPR (legitimate interest), Article 6(1)(a) and Article 9(2)(a) of the GDPR (consent).

The relevant legal basis is set out in the cookie table below.

In general, where cookies are used on the basis of a legitimate interest, our legitimate interest is to ensure the functionality of our website and the services it hosts (technically necessary cookies). Additionally, the cookies may serve to increase the user-friendliness of the website and to make it possible to address visitors more individually. Here we have struck a balance between your interests and our interests.

Through the use of cookie technology, we can only identify, analyse and trace individual website visitors if the website visitor has consented to the cookie being used in accordance with Article 6(1)(a) of the GDPR.

Purpose of data processing

The cookies are set by our website or by external web services to maintain the full functionality of our website, to improve user-friendliness or to pursue the stated purpose with your consent. Cookie technology also enables us to recognise individual visitors using pseudonyms, such as an individual or random ID, so that we can offer more individual services. Details are provided in the table below.

Term of the storage

The cookies listed below are stored in your browser until they are deleted or, in the case of a session cookies, until the session has expired. Details are provided in the following table:

Cookie name




Website operator


This cookie is required for our website’s functioning. Without this cookie, it is not possible to use our website.

Legal basis

Legitimate interest

Retention period



Basis functionality

Cookie name




Website operator


This cookie is required for our website’s functioning. Without this cookie, it is not possible to use our website.

Legal basis

Legitimate interest

Retention period



Basic functionality

Cookie name




Website operator


Cookie that stores the user's decision about the cookie banner.

Legal basis

Fulfilment of legal obligations

Retention period

Approx. 12 months


Cookie banner

10. Cookie settings