Information concerning data protection pursuant to General Data Protection Regulation according to article 13 GDPR with regard to provision of the website of the FMSA
Thank you for visiting our website and for your interest in our company and our internet pages.
Compliance with both the pertinent data protection provisions and the confidential use of data is second nature to us, and we consider the protection of your privacy to be of the utmost importance. For this reason, it is important for us to provide you with information about the categories of personal data we collect, when we collect such data, how long we store such data and for which purposes such data are used.
1. Data controller
Bundesanstalt für Finanzmarktstabilisierung (FMSA)
60439 Frankfurt am Main
Phone: +49 (0) 69 25 616 1607
Fax: +49 (0) 69 25 616 1429
2. Data protection officer
Bundesanstalt für Finanzmarktstabilisierung (FMSA)
c/o Bundesrepublik Deutschland – Finanzagentur GmbH
- Data Protection Officer -
60439 Frankfurt am Main
3. Data subjects
The Federal Agency for Financial Market Stabilisation (Bundesanstalt für Finanzmarktstabilisierung – FMSA) processes the personal data of the visitors to its website in order to provide general information on what the FMSA does as well as to enable visitors to contact the FMSA.
4. Personal data and categories of data
Personal data means any information relating to an identified or identifiable natural person. Such personal data could be, for example, the name, the telephone number, the postal or e-mail address. Information that cannot be attributed to an individual person does not constitute personal data.
We process the personal data that we receive when you use our website or when we responding to your enquiries.
Every time you visit our website or retrieve a file from our website, data on this access is stored and processed temporarily in a log file. In detail this processing and storing comprises the following data:
- date, time and duration of your visit (timestamp)
- request details and target address (protocol version http method, referrer, useragent-string)
- name of the accessed file and retrieved data volume (requested URL incl. query string, size in bytes)
- message whether the access was successful (http status code)
5. Purpose and legal basis of data processing
a. Data processing on the basis of consent in accordance with Article 6(1)(a) and Article 9 GDPR
The information provided by you voluntarily when you request information is processed on the basis of your consent. You have the right to withdraw your consent at any time with future effect. This also applies to consent given by you before the entry into force of the GDPR on 25th May, 2018.
b. Data processing necessary to safeguard legitimate interests in accordance with Article 6(1)(f) GDPR
Where personal data are processed for IT security purposes, this processing serves to safeguard the legitimate interests of the FMSA. Your personal data will be processed for the establishment of legal claims in the legitimate interest of the FMSA, should this be required in individual cases. In addition, your personal data will be processed for the investigation of criminal offences, should this be required in individual cases in order to safeguard the legitimate interests of the FMSA.
6. Storage period
We store your personal data for as long as such data are required for the stated purpose or for as long as statutory retention provisions apply.
The weblog data collected when you visit our website is stored for a period of four weeks. Subsequently, your IP address is anonymized for evaluation at a later point in time, enabling us to continually analyse and optimise the information we provide on the Internet. After this process, we are not able to establish a link to you personally.
7. Recipients or categories of recipients of personal data
The FMSA makes use of other agencies to carry out its tasks, e.g. a web hosting service provider.
8. Data processing in a third country
Your data will not be transferred outside the EU. In individual, exceptional cases, access from a third country outside the EU may be granted for the maintenance or servicing of IT systems. An appropriate level of data protection shall be safeguarded through standard contractual clauses in accordance with Article 46(2)(c) GDPR, binding corporate rules in accordance with Article 47 GDPR, or through a so-called adequacy decision adopted by the Commission in accordance with Article 45 GDPR. These can be supplied by the FMSA on request.
9. Rights of the data subject
a. Right of access to information (Art. 15 GDPR)
You have the right of access to information and the right to receive an electronic copy of your personal data.
b. Right to correction (Art. 16 GDPR)
You have the right to correction of your personal data, should such data be inaccurate. This right includes the right to completion of your data, should such data be incomplete.
c. Right to deletion (right to be forgotten) (Art. 17 GDPR)
You have the right to deletion of your personal data, in particular where such data are no longer required to fulfil the purpose for which the data were collected. This right also prevails if the underlying legal basis was invalid from the outset or if it ceases to be applicable at a later date.
d. Right to restriction of processing (Art. 18 GDPR)
You have the right to restrict the processing of your personal data if
- you dispute the accuracy of the data,
- you object to the deletion of the personal data and instead demand restriction of its use,
- the data controller no longer needs the personal data for the stated purposes, but you need this data for the establishment, exercise or defence of legal claims,
- you have objected to the processing of the personal data in accordance with Article 21(1) GDPR and it is not or has not yet been established whether the legitimate grounds of the data controller override those of the data subject.
e. Right to data portability (Art. 20 GDPR)
Where you have made personal data available to us, you have the right to receive such data in a structured, commonly used and machine-readable format. If such data are processed on the basis of consent or for the purpose of fulfilling a contract, you also have the right to request that we transfer this data to a third party, where technically possible.
f. Right to object (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. This right shall prevail provided the data is processed in accordance with Article 6(1)(f) (data processing required to safeguard legitimate interests).
g. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you assume the processing of your personal data violates your rights you have the right to lodge a complaint with the competent data protection supervisory authority.
Federal Commissioner for Data Protection and Freedom of Information
10. Encrypted email communication with FMSA
Information is transmitted uncoded on the internet. Without precautions to protect confidentiality and integrity unauthorized persons could read or modify messages. In order to exchange confidential messages there exist apps like Pretty Good Privacy (PGP) or GnuPG. You can download the public part of FMSA's PGP key here:
Further information about PGP encryption can also be found on the web pages of the OpenPGP project.
Encrypted messages are sent in three steps:
- Install GnuPG, PGP or a related app on your computer.
- Download the public key of FMSA to your computer and add it to your public keys bundle (pubring.pkr).
Then you can check if the fingerprint matches the follwing number on this page:
Fingerprint: CD0C AD45 9B95 EBF4 84B9 8366 FFE8 053F 9A7C 1E62
- Save your information to a file (e.g. attachment.txt) and encrypt it with the public key of FMSA.
11. External links
For further information, we have provided links on our website that point to third-party websites.
The FMSA does not have any influence over the contents and structure of these third-party websites. Please be aware that the statements made in this Privacy Notice do not apply to third-party websites.
Version: November 2018