1. Name and address of the controller
The controller, within the meaning of the General Data Protection Regulation (hereinafter ‘GDPR’) and other national data protection laws of Member States, as well as any other data protection provisions, is:
Validatis division of Bundesanzeiger Verlag GmbH,
Amsterdamer Str. 192,
Tel.: 0800 1234-334
Fax: (02 21) 9 76 68-255
2. Contact details of the data protection officer
You can request information about the personal data we have stored about you at any time. You have the right to have incorrect personal data concerning you rectified. You can of course also withdraw your consent to the collection and storage of your personal data by Bundesanzeiger Verlag GmbH at any time. In these cases, please send an e-mail to
Bundesanzeiger Verlag GmbH
Datenschutzbeauftragter/Data Protection Officer
Amsterdamer Straße 192
3. General notes on data processing
3.1. Scope of the processing of personal data
As a rule, we only process the personal data of our users if this is necessary for us to provide a functioning website and to provide our content and services. The personal data of our users is only processed following the user’s consent. There is an exception to this in cases where it is not possible to obtain prior consent due to factual grounds and processing of the data is permitted by legal provisions.
3.2. Legal basis for the processing of personal data
If we obtain consent for processing operations of personal data from the data subject, Article 6 (1) (a) of the EU Data Protection Regulation (GDPR) shall serve as the legal basis.
For the processing of personal data which is necessary for the performance of a contract to which the data subject is party, Article 6 (1) (b) of the GDPR shall serve as the legal basis. This also applies to processing operations required for the performance of pre-contractual measures.
If the processing of personal data is necessary due to compliance with a legal obligation to which our company is subject, Article 6 (1) (1) (c) of the GDPR shall serve as the legal basis.
In cases where vital interests of the data subject or another natural person render the processing of personal data necessary, Article 6 (1) (1) (d) shall serve as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and these interests do not override the interests or fundamental rights and freedoms of the data subject, Article 6 (1) (f) of the GDPR shall serve as the legal basis for processing (e.g. debt collection).
3.3. Erasure and storage period
The personal data of the data subject shall be erased or made unavailable as soon as the purpose of storage lapses. In addition, data may be stored if this is intended by the legislator in Union regulations on European or national level to which the controller is subject. Data shall be made unavailable or erased once the storage period defined by the standards named above lapses, unless it is necessary to continue storing the data for entering into or for the performance of a contract.
4. Your rights as a data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and are entitled to exercise the following rights against us:
4.1. Right of access
You may demand confirmation of whether any personal data concerning you is being processed by us. If such data is being processed, you may demand access to the following information:
- the purposes for which the personal data is being processed;
- the categories of personal data being processed;
- the recipients or categories of recipient to whom the personal data has been or will be disclosed;
- the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- any available information as to their source, where the personal data is not collected from the data subject;
- the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You shall have the right to be informed of whether your personal data is transferred to a third country or to an international organisation. In this case, you may demand to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
Article 4.2. Right to rectification
You have the right to obtain rectification and/or completion, provided personal data concerning you, which has been processed, is incorrect or incomplete. We shall carry out the rectification without undue delay.
4.3. Right to restriction of processing
You have the right to obtain restriction of the processing of your personal data where one of the following applies:
- should you contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims, or
- you have objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether our legitimate grounds override your grounds.
Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
4.4. Right to erasure
4.4.1 Obligation to erase
You may obtain the erasure of the personal data concerning you without undue delay where one of the following grounds applies:
- your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent on which the processing is based according to Article 6 (1) (1) (a), or Article 9 (2) (a) of the GDPR, and where there is no other legal ground for the processing;
- you object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR;
- your personal data has been unlawfully processed;
- your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject, or
- your personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
There shall be no right to erasure if the processing
- is necessary for exercising the right of freedom of expression and information;
- is subject to compliance with a legal obligation which requires processing by Union or Member State law or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i), as well as Article 9 (3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise or defence of legal claims.
4.5. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller to which the personal data has been provided, where:
- the processing is based on consent pursuant to Article 6 (1) (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (1) (b) of the GDPR, and
- the processing is carried out by automated means.
In exercising this right, you shall also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected by this.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4.6. Right to object
You have the right to object to processing of personal data concerning you which is based on Article 6 (1) (1) (e) or (f) of the GDPR. In this case, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
4.7. Right to withdraw declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Please note that you can withdraw your consent at any time, including in part, with future effect.
To do so, it is best to send an e-mail to:
Bundesanzeiger Verlag GmbH
Datenschutzbeauftragter/Data Protection Officer
Amsterdamer Straße 192
4.8. Automated individual decision-making
You have the right not to be subject to a decision based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
- is necessary for entering into, or performance of, a contract between you and the data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless Article 9 (2) (a) or (b) of the GDPR applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.
In the cases referred to in points 1. and 3., the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
4.9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
5. Provision of the website
5.1. Description and scope of data processing
For technical reasons and to maintain and improve functionality, information that your web browser transmits to us is automatically collected, stored and, if necessary, shared with third parties. Our legitimate interest in processing is the operational safety of the website pursuant to Article 6 (1) (f) of the GDPR.
This data includes:
- the browser type and browser version;
- the operating system used;
- the website from which you visit us (referrer URL);
- the website you are visiting;
- the date and time of your access;
- the time zone difference with respect to Greenwich Mean Time (GMT);
- your Internet log data (IP address);
- the volume of data transmitted;
- The access status (files transmitted, file not found, etc.), and
- the content of the request (specific page).
This anonymous data (with the exception of IP address) is stored separately from any personal data you may have provided, therefore preventing any conclusions to be drawn about a specific person. It can be evaluated for statistical purposes in order to optimise our website and offering. After evaluation, this data is deleted by us and our service providers.
5.2. Purpose of data processing
Unless otherwise stated, you do not need to provide any personal data to use our website. Every time a user accesses the above-mentioned websites and every time a file is accessed, data about this process is stored in a log file. We use this data to technically facilitate your visit to our site. We also use this data for statistical purposes in order to improve the design and layout of our website. This data is not used for personal reasons. Our legitimate interest in processing is the operational safety and functionality of the website pursuant to Article 6 (1) (f) of the GDPR.
Specifically, the following datasets are stored for each access:
- name of the file accessed;
- date and time of access;
- volume of data transmitted;
- report as to whether access was successful;
- description of the type of web browser used;
- requesting domain, and
- country of origin for the domain.
We also use anonymised user profiles to measure the scope of use of free content. We explain this below:
5.2.1. Analysis of user behaviour for subscribed, free e-mail services
We endeavour to design e-mail communications we send out in the most valuable way for the user. To be able to offer you tailor-made content and offers that you really find useful, we regularly evaluate user behaviour with respect to e-mail recipients. As an example, this means whether an e-mail was read at all (opening behaviour) and which messages and offers have been read and which haven’t (click behaviour). This data is not shared with third parties and is instead used solely to improve the quality of our e-mails to you. If you do not agree with such data collection and evaluation, you can object to it at any time by sending an e-mail to firstname.lastname@example.org.
5.2.2. Use of personal data
If you contact us by e-mail, fax or phone, we can request some personal information from you. We request data that we need to be able to process your contact request in a meaningful way, but this includes as a minimum your surname and first name, e-mail address and telephone number; the legal basis is the legitimate interest in processing in accordance with Article 6 (1) (f) of the GDPR.
You can also voluntarily provide us with further data as part of the contact request. The data is stored by us and used for the purpose of responding to your contact request. Some services on our portal are offered in collaboration with partner companies. To be able to offer this partner service, it may be necessary for us to share your personal data with these partner companies. In this case, the data is used exclusively by our partner for the purpose of responding to your contact request. Data is used in the above-mentioned sense. We record your consent to collect and use data. The legal basis for data processing is the data subject’s consent pursuant to Article 6 (1) (a) of the EU GDPR.
5.2.3. Inventory data
If required for justification, content design or an amendment to the contractual relationship, your personal data (inventory data) is exclusively used to process the contract. The legal basis for data processing is Article 6 (1) (a) of the EU GDPR.
For example, your name and address will be shared with the billing service provider for billing with respect to chargeable services. Your personal data will not be shared with third parties outside the contract without your explicit consent or without a legal basis.
By order of the competent authorities, we may share information relating to inventory data on a case-by-case basis, insofar as this is required for the purposes of law enforcement, for emergency response by police authorities in federal states, for the fulfilment of the legal tasks of the constitutional protection authorities of federal and state governments, the federal intelligence service or military security or for the enforcement of intellectual property rights. If necessary, we carefully review such requests within the means available to us and only share your data if there is a major legal obligation for us to do so. In these cases, the legal basis for data processing is the fulfilment of the controller’s legal obligations, and applicable special law, pursuant to Article 6 (1) (c) of the EU GDPR.
5.2.4. User-dependent services
The processing of personal data is required for some of our service providers. This includes:
- Registration with a user profile
The legal basis for data processing is a contract or contract initiation with the data subject pursuant to Article 6 (1) (b) of the GDPR. Consent is in place following registration. The legal basis for data processing is then the data subject’s consent pursuant to Article 6 (1) (a) of the GDPR.
5.2.5. Creation of a user profile (registration)
You have the option to register on our website, therefore creating a user profile. When you register on our website, in addition to the data that your web browser automatically sends to us, we collect and use the following data which are marked as mandatory or voluntary depending on the processing purpose:
- date and time of registration;
- your first name and surname;
- your address;
- information concerning your company name or your company;
- your e-mail address, and
- your telephone number/fax number.
With your user profile, you have the option of using other parts of our website and logging into the offerings you have acquired.
6. E-mail contact
On our website, it is possible to make contact using the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail is stored. The data is used exclusively to process the conversation.
If contact is made by e-mail, this also presents the legitimate interest necessary for processing the data.
The legal basis for processing the data is the consent of the user pursuant to Article 6 (1) (a) of the GDPR.
The legal basis for processing the data transmitted when an e-mail is sent is Article 6 (1) (f) of the GDPR. If the purpose of the e-mail is to enter into a contract, the additional legal basis for processing is Article 6 (1) (b) of the GDPR.
All personal data collected when contact is initiated is deleted in this case.
7. Contact form
Our website contains a contact form, which can be used for initiating contact electronically. If a user makes use of this option, the data entered in the entry window is transmitted to us and stored.
At the time the message is sent, the following data is stored:
- E-mail address
- Name of contact partner
- Telephone / mobile number
- Information concerning your company name / company
- IP address of the computer used
- Date and time of contact
- Comment (optional)
We use Customer Relationship Management, which enables us to plan and monitor our sales activities.
The processing of personal data from the entry window merely enables us to process the contact. If contact is made by e-mail, this also presents the legitimate interest necessary for processing the data.
Any other personal data processed when the form is submitted is to prevent misuse of the contact form and to guarantee the security of our IT systems.
The legal basis for processing data is contract initiation, carried out on the request of the data subject, pursuant to Article 6 (1) (1) (b)(2) of the GDPR.
The legal basis for processing the data transmitted when an e-mail is sent is Article 6 (1) (1) (f) of the GDPR.
8. Job applications via e-mail and the application form
Our website contains an application form, which can be used for submitting a job application electronically.
In order to be able to provide the application form, we use the recruiting page of staffing and applicant management software Talention. If an applicant makes use of this option, the data entered in the entry window are transmitted to Talention and stored.
If an applicant makes use of this option, the data entered in the entry window are transmitted to us and stored. This data includes:
- First name
- E-mail address
- Cover letter
Alternatively, you can also send us your application by e-mail. In this case, we record your e-mail address and the data you have shared with us in the e-mail.
Once you have submitted your application, you will receive confirmation by e-mail that we have received your application documents.
Your data will not be forwarded to third parties. The data is used exclusively to process your application.
The processing of personal data from the application form merely enables us to process your application. If contact is made by e-mail, this also presents the legitimate interest necessary for processing the data.
Any other personal data processed when the form is submitted is to prevent misuse of the application form and to guarantee the security of our IT systems.
We use ‘cookies’ on our website. These are small text files that are sent from our web server to your computer to store certain information (e.g. characteristics for identification).
Our website can also be displayed without cookies being stored. You can disable the storage of cookies in your browser settings or you can change your settings so that you are informed about intended storage by a website. In this case, you decide whether or not to accept cookies. However, for all of our website’s functions to work properly, temporary cookies must be permitted in full for technical reasons. Even if cookies are disabled, our website sends the described unit ID to your browser to measure the scope of use of free content.
The legal basis for processing personal data using technically necessary cookies is Article 6 (1) (f) of the GDPR.
The legal basis for processing personal data using cookies for analysis purposes is consent of the user regarding this, pursuant to Article 6 (1) (1) (a) of the GDPR.
You can find a list of cookies used here:
|PHPSESSID||edge-cdn.net||MovingImage24 video embedding||Globally in the browser|
|_ga, _gat, _gid||.validatis.de||Google Analytics||Through an opt-out cookie or globally in the browser|
|ga-disable-UA-*||www.validatis.de||Stored through opting out of Google Analytics||Globally in the browser|
|fe_typo_user||www.validatis.de||Login tracking for the publisher’s pages||Globally in the browser|
|__gads, IDE, DSID||.doubleclick.net||Google ad network www.doubleclickbygoogle.com||Through an opt-out cookie or globally in the browser|
|_ga, _gat, _gid||firminform.de||Google Analytics||Globally in the browser|
|firminform||www.firminform.de||Session and login management||Globally in the browser|
10. Plugins used
10.1. Use of Google Analytics
Verlag uses Google Analytics, a web analysis service from Google Inc. (hereinafter referred to as ‘Google Analytics’). Google Analytics uses ‘cookies’ (small text files) that are stored on your computer by a server online and that allow website use to be analysed. Information generated by the cookie about your use of this website is generally sent to a Google server in the USA and stored there. The IP address sent will not be merged with other Google data. We have bound Google to handle your data in a data protection-compliant way through a processing agreement. However, if IP anonymisation is activated on this website, which we have implemented as standard, your IP address is truncated by Google within the European Union Member States or in other signatory states to the Agreement on the European Economic Area before it is sent. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there.
Google has submitted itself to the Privacy Shield Agreement between the European Union and the USA and has been certified. Under this agreement, Google undertakes to adhere to the standards and provisions of European data protection law. You can find more information about this in the following article: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Please note that the ‘anonymizeIp’ code extension has been added to Google Analytics on this website to ensure the anonymous collection of IP addresses (‘IP masking’).
By order of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports for the website operator about website activities and possibly also to provide other services to the website operator that relate to website and internet use, which includes explicit features via display advertising, re-marketing reports for impressions in the Google Analytics display network, the integration of DoubleClick Campaign Manager or Google Analytics reports on performance based on demographic features and interests. Google may also send this information to third parties if this is legally permissible or if third parties process this data by order of Google. However, use is anonymised or pseudonymised. You can prevent cookies from being stored by changing your browser settings; please note that in this case, you may not be able to use all of this website’s functions properly. By using our website, you consent to the processing of data concerning you by Google in the manner and for the purposes set out above.
The purpose of processing personal data is to appeal to a specific target group that has already displayed initial interest by visiting the website.
We use Hotjar to track our visitors’ movements on websites where Hotjar is used (‘heatmaps’). This helps us to optimise the offering on our website. Hotjar technology allows us to get a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, etc.). Hotjar works with cookies and other technology to collect information about the behaviour of our visitors and their end devices (with particular reference to the IP address of the device [which is only recorded and stored in anonymised form], screen size, device type [unique device identifiers], information relating to the browser used, location [country only], and preferred language for displaying our website). Hotjar stores this information in a pseudonymised user profile. The information is neither used by Hotjar nor by us to identify individual users, nor is it used or combined with other data concerning individual users. You can find more information at https://www.hotjar.com/legal/policies/privacy.
You can disable the collection of your data by Hotjar at any time via this opt-out link .
We strive to store your personal data by taking all technical and organisational options to ensure that it is not accessible to third parties. When communicating by e-mail, we cannot guarantee complete data security, so we therefore recommend that you send confidential information by post.
‘Anonymisation’ is changing personal data in such a way that individual details concerning personal or factual circumstances can no longer be assigned to an identified or identifiable natural person or can only be assigned with a disproportionate amount of time, cost and effort.
‘Special types of personal data’ is information revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life.
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
‘Consent of the data subject’ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
‘Recipient’ is any person or body that receives data. A third party is any person or body other than the controller. Third parties do not include the data subject or persons and bodies that collect, process or use personal data by order in Germany, in another Member State of the European Union or in another signatory state to the Agreement on the European Economic Area.
‘Collecting’ is procuring data concerning the data subject.
‘Erasing’ is destroying stored personal data.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number and other specific factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘Pseudonymising’ is replacing the name and other identifying features with an identifier for the purpose of excluding or significantly complicating the determination of the data subject.
‘Company’ is any natural or legal person who carries out an economic activity, regardless of its legal form, including partnerships or associations which regularly pursue an economic activity.
A ‘group of companies’ is a group consisting of a dominant company and the companies dependent on it.
‘Processing’ is saving, changing, transmitting, blocking and erasing personal data. In detail, regardless of the procedures used:
- storing is the collection, recording or storage of personal data on a data carrier for the purpose of further processing or use;
- Changing is redesigning the content of stored personal data;
- Transmitting is disclosing stored personal data or personal data obtained through data processing to a third party in such a way that
- data is shared with a third party; or
- the third party views or retrieves data provided; and
- Blocking is the marking of stored personal data to restrict processing or use.
‘Controller’ is the person or body that collects, processes or uses personal data for itself or has this carried out by others on its behalf.