Data Protection

The Federal Ministry of Health (BMG) takes the protection of your personal data very seriously. To this end, we have taken measures to ensure that data protection regulations are strictly adhered to, both by us and by the external service providers with whom we work.

Personal data means all information associated with an identified or identifiable natural person. A natural person is deemed to be identifiable if they can be directly or indirectly identified, such as by matching up with an identifier such as a name, an identification number, location data or online identification data.

More detailed information on the type of data collected, the purpose for and basis on which it is collected, how you can contact the responsible agency and the data protection officer, and your rights regarding the processing of your personal data, can be found in this privacy statement. As our website and other technologies employed continue to develop, changes in this privacy statement may be required. We thus recommend that you reread the privacy statement from time to time.

Controller/Data protection officer
The controller responsible for the processing of personal data is the Federal Ministry of Health 53123 Bonn, Germany Telephone: +49 (0)228 99441-0 E-mail: poststelle@bmg.bund(dot)de  DE-Mail:
If you have specific questions regarding the protection of your data or need further information regarding the handling of personal data by the Federal Ministry of Health, please feel free to also contact the Federal Ministry's data protection officer:

Federal Ministry of Health - Data Protection Officer - 11055 Berlin, Germany DSB@bmg.bund(dot)de

Access to the website
A record of every visit to the Federal Ministry of Health’s website, and of every file retrieved, is stored in a log file for a limited period of time and processed solely for the purpose of protecting the website and tracking access to it for security purposes.
The log file contains information on:

  • the IP address used
  • the name of the page/file retrieved
  • the date and time
  • the volume of data transmitted
  • whether access/retrieval was successful

Pursuant to Article 6 (1) (e) of the EU General Data Protection Regulation (GDPR) in conjunction with section 5 of the Act on the Federal Office for Information Security (BSI Act), we are required to store the data beyond the date of your visit. This is designed to protect the BMG's internet infrastructure/the Federal Government's communications technology against an attack. The data is analysed and will be needed to initiate legal and criminal prosecution in the event of an attack on the Ministry's communications technology.
The data is stored, beyond the date of your visit, in log files by BMG and on the external servers of Netlify Inc., our service provider. Data which is recorded during visits to the Ministry's website is transmitted to third parties where we are legally required to do so or should such transmission become necessary for the purpose of legal or criminal prosecution following attacks on the communications technology of the Federal Government. At no other time does transmission of data take place. The Federal Ministry of Health does not merge the recorded data with data from other sources. The Ministry statistically evaluates user information as a means of optimising its website to better cater to users' needs. For more detailed information, see the Web Tracking/Web Analysis section of this data privacy statement.

Contacting the Federal Ministry of Health (BMG)
By e-mail:

By post:
Postal address:

Bonn Office: Federal Ministry of Health, 53107 Bonn, Germany
Berlin Office: Federal Ministry of Health, 11055 Berlin, Germany

To contact the Federal Ministry of Health by phone or fax:

Federal Ministry of Health
Telephone: +49(0)228/99441-0  or +49(0)30/18441-0
Fax: +49(0)228/99441-4900 or +49(0)30/18441-4900

If you use one of the above-mentioned channels to contact us, the data you have transmitted (such as your last name, first name, address), but at minimum your e-mail address, as well as the information contained in your e-mail (where applicable, personal data you have communicated) will be stored for the purpose of contacting you and processing your request in accordance with the deadlines applicable to the retention of documents in the Registry Instructions (Registraturrichtlinie), which supplement the Joint Rules of Procedure of the Federal Ministries (GGO).

If you choose to contact us by telephone, no personal data will be collected other than that required to process your request (to call you back or send a written reply).
The processing of data takes places pursuant to Article 6 (1) (e) of the General Data Protection Regulation (GDPR) in conjunction with section 3 of the Federal Data Protection Act (BDSG) and is required for the purposes of task fulfilment.
We would like to point out that the processing of data pursuant to Article 6 (1) (e) GDPR in conjunction with section 3 Federal Data Protection Act (BDSG) occurs in the fulfilment of tasks by the Federal Ministry of Health (BMG). Processing of the personal data you transmitted is required in order to process your request. If you choose to use the contact form to communicate with us, it will be necessary to give your last name, first name, postal code and e-mail address. A request submitted using the contact form cannot be processed without that data. Disclosure of the rest of your address is optional but would allow us, if wished, to process and respond to your request in writing by post.
Optional data is processed subject to your consent and pursuant to Article 6 (1) (a) GDPR.
You may withdraw your consent at any time. The lawfulness of processing based on your consent remains unaffected until such time as we receive notification that you withdraw your consent. The Federal Ministry of Health uses the services of Telemark Rostock Kommunikations- und Marketinggesellschaft mbH (Telemark Rostock), a multimedia communications centre, to answer citizens' questions received by telephone or in electronic or written form. Telemark Rostock only compiles, processes and uses personal data within the limitations stipulated by the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Telemark Rostock has put numerous technical and organisational measures in place to ensure compliance with the law.
This also applies for other service providers (see the section on Request Handlers) who process data on behalf of the Federal Ministry of Health.
Processing of personal data in connection with the provision of information
Whether personal data is processed depends on the type of information to be provided. Differentiation is made between the provision of printed matter and informational visits to the Federal Ministry of Health (BMG).

Request handlers
We use external service providers (request handlers), for example, to dispatch our newsletter and other publications. To ensure your personal data is protected, separate agreements have been drawn up with these service providers on the handling of requests.

We work with the following service providers:
Scholz & Friends Berlin GmbH
Netlify Inc.
Usercentrics GmbH
Friendly Captcha GmbH

Voluntary provision of personal data
In some areas of the BMG website, you have the opportunity to provide personal data voluntarily. The (personal) data you provide is stored and used solely for the purpose for which you provided your data. Personal data is not passed on to third parties.
Automatically stored log data (see Access to the website) is deleted once the deadline for the limited storage period has expired.

Web tracking/Web analysis
This website uses Usercentrics cookie consent technology to obtain your consent to the storage of certain cookies on your device and to document this in accordance with data protection law. The technology used is provided by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany. Website:
 (hereafter "Usercentrics")

When you access our website, the following personal data will be transmitted to Usercentrics:

Your consent(s) or withdrawal of your consent(s)
Your IP address
Information about your browser
Information about your device
The time you accessed the website
Usercentrics also installs a cookie in your browser to be able to assign the consent declaration or its withdrawal to you. The data collected in this way is stored until you request that we delete it, until Usercentrics deletes it or until the purpose for which it is stored no longer exists.

The services of Usercentrics are used to obtain the legally required consent to the use of cookies. The legal basis is Article 6 (1) first sentence (c) of the EU General Data Protection Regulation (GDPR).

You can use the following link to change your previous decision(s) or withdraw your consent(s).

Changing your consent

Friendly Captcha
We use Friendly Captcha on our website, a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany (hereafter "Friendly Captcha"). 

Friendly Captcha is used to check whether the data entered on our websites (e.g. in a contact form) is entered by an individual or an automated program. For this purpose, Friendly Captcha analyses users' behaviour based on the underlying blockchain mechanisms. The analysis begins automatically as soon as a user starts to fill out the form. No cookies are used in this process and no other data is stored. The use of Friendly Captcha is necessary to ensure our website functions in compliance with section 15 (1) of the Federal Telemedia Act (TMG).
External provider information: Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. More information about the external provider's data protection provisions can be viewed on the following website:

For website optimisation we use the Matomo web analysis tool (formerly Piwik). We use Matomo without the need for tracking cookies. We have deactivated the use of tracking cookies provided for in Matomo's basic configuration to ensure an especially data protection-friendly process.
The following data is stored:

1 byte of the IP address of the user's operating system of access
Time and length of the visit
Pages and files accessed while visiting the website
The website from which the user gained access to the website called up (referrer)
Search terms used by users to gain access to the website and search terms used when searching on the website
Calling up external websites accessed via links on our own website
Users' system information (operating system, browser, browser language, type of device, screen resolution).

Matomo is run exclusively on servers in Europe. Data collected during a website visit is stored solely on those servers. Matomo immediately anonymises IP addresses – users cannot be identified as a result. The anonymous statistical data is separated from any personal data you may have entered on the website and allows no conclusions to be drawn regarding a specific individual.

Check your data
You can view the data that was automatically transmitted from your browser to our server. • You can set any internet browser to show you whether cookies are installed and what they contain.

More detailed information is available on the websites of the Federal Commissioner for Data Protection and the Federal Office for Information Security.

Your rights
In dealings with the responsible entity, you can exercise the following rights regarding your personal data:
The right to information, Article 15 of the GDPR

With the right to information, the data subject receives an insight into the data concerning them. The exceptions to this right as stated in section 34 of the Federal Data Protection Act (BDSG) apply.

The right to rectification, Article 16 of the GDPR
The data subject has the right to have data concerning them rectified.

The right to rectification and erasure, Article 17 of the GDPR
The right to erasure contains the opportunity for the data subject to have data stored by the responsible entity deleted. This is only possible, however, when the personal data concerning them is no longer needed, has been processed unlawfully, a related declaration of consent has been withdrawn and there are no legally-regulated grounds for exemption, see Article 17 (3) GDPR and section 35 BDSG.

The right to restriction of processing, Article 18 of the GDPR
The right to restriction of processing contains the opportunity for the data subject to initially prevent further processing of their personal data. The right to restriction of processing can mainly be exercised while the exercise of other rights by the data subject is under review.
The right to data portability, Article 20 of the GDPR
The right to data portability contains the opportunity for the data subject to receive their personal data in an easily accessible, machine readable format in order to forward that data to others. In accordance with the limitations of Article 20 (3) GDPR, this right does not apply, for example, when data processing serves the performance of a public task. Where the Federal Ministry of Health (BMG) is concerned, this is not the case only when data processing serves fiscal purposes.
The right to object to the collection, processing and/or use, Article 21 of the GDPR
The right to object contains the right to object in certain circumstances to further processing of personal data. Under section 36 of the Federal Data Protection Act (BDSG), this right does not apply, among other things, if a public office is required to process data by law.

The right to withdraw consent
Where the processing of personal data is based on your consent under Article 6 (1) (a) of the GDPR, you may withdraw that consent at any time for the purpose in question. The lawfulness of processing your data based on your given consent remains unaffected until such time as your notification of withdrawal of such consent has been received.

You may assert the above-mentioned rights at: poststelle@bmg.bund(dot)de or

Right to lodge a complaint, Article 77 GDPR
You are entitled to lodge a complaint to the data protection supervisory authority (Federal Commissioner for Data Protection and Freedom of Information):
Federal Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, 53117 Bonn, Germany. E-mail: poststelle@bfdi.bund(dot)de 

Protection of minors
Persons under 16 years of age should not transmit personal information to the Federal Ministry of Health (BMG) without the permission of their parent or legal guardian. We neither knowingly process personal data from people in this age group without the consent of their parents and nor do we disclose it to third parties.

© Copyright 2021 Bundesministerium für Gesundheit