Data privacy information

Personalized data is all information referring to identified or identifiable natural persons. A natural person is regarded identifiable when he can be directly or indirectly identified, especially through allocation of identification information such as a name, an identification number, location information or online identification.

1. Information concerning the collection of personalized data

Institutions responsible in accordance with Section 4 (1) sentence 7 general data protection regulation (GDPR) (Datenschutz-Grundverordnung, DSGVO)
Bundesministerium des Innern und für Heimat (BMI) 
(Federal Ministry of the Interior and for Home)
Projektgruppe Ukraine-Hilfe-App
Alt-Moabit 140
10557 Berlin 
tel: +49 (0)30 18 681-0

If you have questions concerning the protection of your data, please turn to the Data Security Supervisor (Datenschutzbeauftragter) of the BMI
Beauftragte/r für den Datenschutz
(Data Security Supervisor)
Bundesministerium des Innern und für Heimat
Alt-Moabit 140
10557 Berlin
tel: +49 (0)30 18 681-0

Job processing for the BMI is executed by:
Presse- und Informationsamt der Bundesregierung (BPA)
(Press and Information Office of the federal government)
11044 Berlin
tel.: +49 (0)30 18 272-0

2. Collection and storage of personalized data as well as nature and purpose of application

a) When visiting the website

Whenever you access the website, the system automatically collects data and information from the computer system of the requesting device. The following data is logged:

  • information concerning the type of browser and version used
  • the user’s operating system 
  • the user’s IP address
  • date and time of acces
  • websites from which the user’s system came to our website (stored as HTTP referers) 

The temporary storage of the IP address by the system is necessary in order to enable a delivery of the website onto the user’s computer. The user’s IP address has to be stored for the duration of the session. 

Furthermore, for statistical evaluation, Matomo (used to be called “PIWIK“) is used. This is an open source tool for web analysis. No data outside of the control of the website supplier is transmitted to the server with Matomo. Matomo is deactivated when you are visiting the website. No earlier than after you have actively agreed will your user behavior be collected in an anonymized manner.

Matomo uses so-called cookies. This is text data which is stored on your computer and enables the analyzation of the use of this website. Information won through the cookie can be transferred to the server of the website through use so that the user behavior can be evaluated. The IP address is immediately anonymized, the users therefore stay anonymous. The information created by the cookie concerning the use of this website will not be transmitted to a third party. The analysis is understood as part of internet services. We aim to continue to improve the website and to adjust it even further to the users’ needs.

If you agree to the web analysis using Matomo, the following data will be collected:

  • 2 bytes of the IP address of the user’s system with which he or she accesses the website
  • the website accessed
  • the website from which the user went to the accessed website (HTTP referer),
  • the subpages that were accessed from the accessed website
  • the time spent on the website
  • the frequency of accessing the website

The software only runs on the servers of the website. Storage of personalized data only takes place there. The data is not passed on to third parties. Find further information concerning the Matomo software’s privacy under the following link:

Some cookies are necessary for us in order to provide the basic functions of this website. They therefore cannot be deactivated. This applies to the following, separately mentioned cookies:

  • CM_SESSIONID – CoreMedia Sessioncookie: This cookie is a session identifier (session ID) which helps the server assign the user to the right session after the reloading of the website. If the website is also opened in another tap, the server can assign the session number. This is a standard cookie of the product CoreMedia. 
  • cookie-allow-necessary – A cookie used for saving the setting “only essential cookies” when visiting the website.
  • cookie-banner – cookie used for hiding the cookie banner. Prevents the renewed display of the banner after the loading of the website.

b) Contacting via contact form of the internet editorial office

Using a form, you can contact the editorial office of The transfer of content of the BMI’s contact form is executed via encrypted https connection.

As long as you use the contact form for communication, it is necessary to indicate your title, first and last name as well as you e-mail address. Without this data, the request transmitted via the contact form cannot be processed. Indicating your address is optional and enables us – as far as this is desired – to process your request by mail. Date and time of your request are also transferred to us.

Should we receive a message from you via the contact form or by e-mail, we will assume that we can also respond by e-mail. If you do not wish that, you have to explicitly demand an answer via a different form of communication (for instance by phone or by facsimile). The processing of the data and the content transferred via the contact form (which may contain the personalized data transferred) is executed in accordance with Section 6 (1) lit. a GDPR for the purpose of processing your request. This processing of the personalized data submitted by you is essential for the processing of your request.

c) Contacting the BMI by e-mail or letter

Contacting the BMI by e-mail is possible by using the BMI’s central e-mail address: The personalized data that has been sent to the central address and stored in the organization unit responsible for the storage of personalized data is deleted after one year after having been transferred to the BMI’s organization unit in charge. 

In the organization units, data transferred by you (e. g. your first and last name and your address), but at least your e-mail or post address, as well as the information contained in the e-mail or the letter (inclusive of possible personalized data transferred by you) is processed for the purpose of contacting you and for processing your request. The processing of the personalized data transmitted by you is necessary for the purpose of processing your request.

d) When using the app

When using the app, the open source software tool Matomo is used (see point 2.a). Matomo is deactivated when calling on the app. Your user behavior is recorded anonymously only as soon as you agree. The explanations given in 2.b (contact form) and 2.c (contacting by e-mail or letter) also apply for the app.

e) When using the online polling tool LamaPoll

When the user poll is executed, the online polling tool “LamaPoll” is used. LamaPoll is a product of Lamano GmbH & Co KG, Berlin and is characterized by its data-minimising handling of personalized data. Find further information here: The processing of personalized data is not necessary for a participation in the poll. The questions are not formulated in such a way that indicating personalized data would be necessary. 

3. Legal basis for the processing of personalized data

When carrying out its responsibilities that lie in the public interest, BMI is processing personalized data. Legal grounds of the processing are Section 6 (1) lit e. GDPR in conjunction with Section 3 of the Federal Data Protection law (Bundesdatenschutzgesetz, BDSG)). Should the processing of personalized data be obligatory in an individual case in order to comply with a legal obligation, Section 6 (1) lit. c. GDPR in conjunction with the relevant legislation from which legal duty results serves as legal grounds. Should processing of your personalized data be executed with your consent, the processing is executed on the grounds of Section 6 (1) lit a. GDPR. 
Within the framework of Section 6 (1) lit. e GDPR in conjunction with Section 5 of the BSI Act (law on the federal office for security in information technology), we are obliged to store data beyond your visit for the protection against attacks on the internet infrastructure of the BMI and Germany’s communication technology. Data that was recorded when you accessed the BMI website will only be transferred to third parties if we are legally obligated to do so or if a transfer is necessary for prosecution in case of an attack on Germany’s communication technology. If none of these reasons apply, a transfer will not be executed. Collation of this data with other data sources, for instance in order to create user profiles, is not executed by the BMI.

4. Storage period

The IP address is stored on the transmission server for 60 days. This is to assure operation and protection against attacks.
Cookies are stored on the user’s computer, and with it transferred to our website. This is why you also have full control over the use of cookies. Through a change of settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies already saved can be deleted at any point in time. This can also be effected automatically. Matamo is deactivated when you visit our website. You need to willingly agree for your user behavior to be recorded anonymously.
The storage of communication between you and the BMI is based on the maturities for the storage of documents in accordance with the registry directive (Registraturrichtlinie) that supplements the common rules of procedure of the federal ministries [Gemeinsame Geschäftsordnung der Bundesministerien (GGO)].

5. Protection of minors

People under the age of 16 should not transmit personalized data to us without their parents’ consent.

6. Your rights

Against the BMI, you have the following rights regarding the personalized data concerning you:

  • Right of access, Section 15 GDPR
    With the right of access, the person affected gets an extensive insight into the data concerning him as well as into other important criteria such as processing purposes and the duration of storage. The exceptions to the right stipulated in Section 34 of the Federal Data Protection law (Bundesdatenschutzgesetz, BDSG) apply.
  • Right of Correction, Section 16 GDPR
    The right of corrections contains the possibility for the person affected to have incorrect personalized data concerning him corrected.
  • Right to erasure, Section 17 GDPR. 
    The right to erasure encompasses the possibility for the person affected to have data deleted by those in charge. However, this is only possible if the personalized data concerning him is no longer relevant, has been illicitly processed or if a correspondent approval has been recalled. The exceptions to the right stipulated in Section 35 of the BDSG apply.
  • Right to restriction of processing, Section 18 GDPR
    The right of restriction of processing contains the possibility for those affected to prevent further processing of the personalized data concerning him for the time being. A restriction mainly occurs in the examination phase of the management of different rights of the person affected. 
  • Right to object against collection, processing and/or usage, Section 21 GDPR
    The right to object contains the possibility that those affected may contradict further processing of their personalized data in certain situations, as far as this is justified due to the observation of public duties and public as well as private interests. The exceptions to the right stipulated in Section 36 BDSG apply.
  • Right to data portability, Section 20 GDPR
    The right to data portability contains the possibility for the person affected to receive the personalized data concerning him in a typical, machine-readable format from the unit responsible in order to possibly forward it to a different unit responsible. In accordance with Section20 (3) sentence 2 GDPR, however, this right cannot be claimed when data processing serves the observation of public duties.
  • Right of withdrawal of consent, Section 7 (3) GDPR
    As far as the processing of personalized data is based on consent, the person affected can revoke it anytime for the appropriate reason. The legitimacy of processing based on the consent given remains unaffected until the reception of the withdrawal.

You can assert the rights mentioned above at the institutions mentioned under number 1 or also via the form

In accordance with Section 77 GDPR, you have the right to appeal at the supervisory authority for data protection, the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit, BfDI), Graurheindorfer Str. 153, 53117 Bonn, tel: +49 (0)228 997799-0,

Privacy settings


Back to guide