Privacy policy

1. Foreword

This document contains data protection information pursuant to Art. 13 GDPR on the use of the Self-Service-Portal within the framework of the online service "Access to Public Procurement - Vermittlungsdienst Service" (hereinafter "Online Service"). This is operated by the Federal Government, represented by the Procurement Office of the BMI.

The online service provides the professional and technical basis for notices of calls for tenders from federal procurement systems or for the publication of these in the National Contract Notices Service (BKMS) as well as TED. In this context, an intermediary service is established that receives the state-specific procurement data and forwards it to the BKMS and TED for the provision of information.

In order to use this service, registration for a user account via the Self-Service-Portal is required in advance.

The data protection information refers exclusively to the Self-Service-Portal. For information on further processing by the BKMS or TED, please refer to the respective data protection declarations.

In connection with the use of the Self-Service Portal, personal data are processed. The following information summarises how the personal data is processed, in particular

  • the name and contact details of the controller (who processes the data),

  • the contact details of the Data Protection Officer,

  • the purposes of the data processing,

  • the legal bases on which the data are processed,

  • the recipients of the data,

  • the period for which the personal data will be stored,

  • the rights of the data subject.

2. User Account

In order to use this online service, a user account must be set up via the Self-Service-Portal. This is a central IT component for identification and communication.

3. Responsible

Is the responsible party (hereinafter "Provider") within the meaning of Art. 4 No. 7 GDPR:

Federal Republic of Germany

represented by the Federal Ministry of the Interior and Home Affairs

represented by the Procurement Office of the BMI

Brühler Str. 3

53119 Bonn

Phone: +49 22899 610 -0

Email: poststelle@bescha.bund.de

4. Data Protection Officer

In the event of complaints, enquiries and suggestions in connection with data processing by the Procurement Office of the Federal Ministry of the Interior, you can contact its official data protection officer:

Procurement Office of the BMI

- Data Protection Officer -

Brühler Str. 3

53119 Bonn

Phone: +49 (0)22899 610-0

Email: datenschutz@bescha.bund.de

5. Purposes of Data Processing

As a matter of principle, we only process personal data of our users to the extent that this is necessary to provide a functioning self-service portal. The Self-Service-Portal bundles all information for connecting to the Vermittlungsdienst service and provides a registration form to request the data required to create access data for the Vermittlungsdienst service.

6. Legal Basis / Data Processed

The legal basis for data collection in the Self-Service-Portal is Art. 6 para. 1 lit. a GDPR. Consent is always given voluntarily. If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time for the future. You can send the revocation of your consent by e-mail to the controller.

The following personal data are processed in this Self-Service-Portal:

  • Name of the contact person

  • First name of contact person

  • business email address

  • business phone number

As part of the registration process, the user's consent to the processing of this data is obtained.

7. Data Security

Technical and organisational measures are taken to protect your data from unwanted access as comprehensively as possible. An encryption procedure is used on the online service pages. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can recognise this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with https://.

8. Cookies

Only technically necessary session cookies are collected, processed and stored:

  • Description and scope of data processing

When visiting the website and using the Self-Service-Portal, data is collected during an ongoing connection via your internet browser and with the help of technically necessary so-called session cookies.

  • Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

  • Purpose of the data processing

The session cookies used here enable the functionality of the data entered. The user data collected through technically necessary cookies are not used to create user profiles.

  • Duration of storage, possibility of objection and elimination

Cookies that have already been saved can be deleted at any time. This can also be done automatically. Please note that deleting the browser history can also lead to the deletion of the cookies that have been set.

Cookies set by the application are deleted after the browser is closed. After login, it is a persistent cookie that ends when the session expires. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.

9. Creation of Log Files

Every time this website is accessed or every time a file is retrieved, data about this process is temporarily processed in a log file. In detail, the following data is stored:

  • the date and time of access;

  • the name and URL of the retrieved file;

  • the website from which the access is made;

  • the operating system of your computer and the browser you are using;

  • the IP address

To protect against attacks on the internet infrastructure of the commissioned data processor, it is obligatory to store this data beyond the time of the visit. This is done via so-called log files. In addition, the log files are evaluated manually in order to ensure and further develop the user-friendliness of our service.

10. Recipient of the Data

The recipient of the data is the national BKMS and, in the event of support, the IT service provider in accordance with section 13. The transfer of personal data to a third country or an international organisation is excluded.

11. Data Deletion and Storage Period

The Self-Service-Portal organises the technical registration of the company to be able to use the BKMS. Your data will be processed and stored for as long as is necessary to fulfil the legal obligations or for the respective purpose.

Log files and session cookies are deleted after 30 days at the latest.

12. Job Processing

The processing of data in the Self-Service-Portal as well as in the online service is currently carried out by Nortal AG, Knesebeckstraße 1, 10623 Berlin, with the corresponding agreed security requirements within the framework of commissioned processing in accordance with Art. 28 (3) GDPR. As part of the operation of the self-service portal, the online service and the associated processes, other service providers may support us (e.g. for hosting and web development). These service providers are strictly bound by instructions to us and are contractually obligated in accordance with Article 28 GDPR.

13. Rights of the Data Subject

According to the EU General Data Protection Regulation (GDPR), data subjects have various rights. Details can be found in particular in Articles 15 to 18 and 21 of the GDPR.

  • Right of access (Art. 15 GDPR)

Data subjects can request information about their personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Therefore, the request should be as specific as possible.

  • Right of rectification (Art. 16 GDPR)

If the information concerned is not (or is no longer) accurate, data subjects may request that it be corrected. If their data is incomplete, they can request that it be completed.

  • Right to erasure (Art. 17 GDPR)

Every data subject has the right to erasure if one of the reasons mentioned in Art. 17 GDPR applies (e.g. if the data is no longer needed for the purposes pursued).

  • Right to restriction of processing (Art. 18 GDPR)

There is also the right to restriction of processing if one of the conditions set out in Article 18 of the GDPR applies, and the right to data portability in the cases set out in Article 20 of the GDPR.

  • Right to object (Art. 21 GDPR)

If data is processed on the basis of Art. 6(1)(e) (data processing for the performance of official duties or for the protection of the public interest), the data subject shall have the right to object to the processing at any time on grounds relating to his or her particular situation. The data will then no longer be processed unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

  • Right of appeal (Art. 77 GDPR)

The data subject also has the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR if he or she is of the opinion that the processing of data relating to him or her violates data protection provisions. The right to lodge a complaint may in particular be exercised before a supervisory authority in the Member State of his or her residence, place of work or the place of the alleged infringement.

14. Validity and Amendment of the Privacy Policy

The data protection declaration has the status 12.09.2023. We reserve the right to change this data protection declaration at any time with effect for the future in accordance with the GDPR. An up-to-date version is available on the website of the Self-Service-Portal. Please visit this website regularly and inform yourself about the applicable data protection provisions.