Data protection declaration 

Preamble

We are pleased that you are visiting our website “www.bge.de” (hereinafter referred to as “Website”) and thank you for your interest in the Bundesgesellschaft für Endlagerung mbH (hereinafter BGE) and our activities. 

In the following, we would like to inform you about the measures we take to protect your privacy as well as how and for what purposes your data is processed on our websites. We delete personal data as soon as possible.

Data is processed in accordance with the relevant legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation, GDPR) and the Federal Data Protection Act (BDSG). 

If you feel that the following information is not sufficient or not clear enough, you can always contact our data protection officer.

a) Data Controller

Bundesgesellschaft für Endlagerung mbH (BGE)
Eschenstraße 55
31224 Peine
Fax: 05171 43-1218 
E-Mail:  poststelle(at)bge.de
Website:  www.bge.de

b) Data Protection Officer

Bundesgesellschaft für Endlagerung mbH (BGE)
-Datenschutzbeauftragter-
Eschenstraße 55 
31224 Peine
E-Mail:  datenschutz(at)bge.de

c) Supervisory authority responsible for data protection 

According to Section 9 BDSG, the data protection supervisory authority of the BGE is the Federal Commissioner for Data Protection and Freedom of Information:

Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
53117 Bonn
Telefon: +49 (0) 228 99 7799 – 0
Fax: +49 (0) 228 99 7799 - 550
E-Mail:  poststelle(at)bfdi.bund.de
Internet:  www.bfdi.bund.de (external link)

BGE processes personal data in the following contexts. 

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Article 4, No. 1 GDPA).

Data is processed only

  1. based on the consent of the person concerned (Article 6, paragraph 1, sentence 1, letter a) GDPR),
  2. if the processing is necessary for the performance of contracts or for the implementation of pre-contractual measures (Article 6, paragraph 1, sentence 1, letter b) GDPR),
  3. if the processing is necessary for compliance with a legal obligation to which the data controller is subject (Article 6, paragraph 1, sentence 1, letter c) GDPR),
  4. if the processing is necessary in order to protect the vital interests of the data subject or of another natural person (Article 6, paragraph 1, sentence 1, letter d) GDPR),
  5. if the processing is necessary for performing a task in the public interest or exercising official authority vested in the data controller (Article 6, paragraph 1, sentence 1, letter e) GDPR),
  6. if the processing is necessary for the protection of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data (Article 6, paragraph 1, sentence 1, letter f) GDPA).

Consents

Consent is usually obtained electronically (e.g. if a check mark is placed in the box regarding the use of cookies). The consent and its content will be recorded electronically.

You have the right at any time to revoke a consent once granted, in whole or in part, with effect for the future. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

a) Right to information (Article 15 GDPR)

You have the right at any time to demand information from us as to whether we are processing personal data from you. If this is the case, you are entitled to receive the following information free of charge:

  • the processing purposes
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organisations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
  • the existence of a right of rectification or deletion of personal data relating to you or to limitation of the processing by the controller or a right to object to such processing
  • the existence of a right of appeal in the case of a supervisory authority
  • if the personal data are not collected from the data subject, all available information on the origin of the data
  • the existence of automated decision making, including profiling, in accordance with Article 22, paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject

If information has been transferred to a third country outside the scope of the GDPR, you have the right to find out whether and, if so, on the basis of which guarantees in accordance with Articles 45, 46 GDPR an adequate level of data protection is ensured in this third country. 

We will provide you with a copy of the personal data that is the subject of processing. If you submit the application electronically, the information shall be provided by us in a standard electronic format unless you request otherwise. The copy is made subject to the rights of third parties who may be affected by this data. 

If you wish to receive the information electronically, we reserve the right to demand proof of identity from you so that we do not release data in good faith to unauthorised third parties and thereby violate the protection of your personal data.

b) Right to rectification

You have the right to demand that we correct any incorrect personal data concerning you without delay. In consideration of the purposes of processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration. 

c) Right of deletion (Article 17 GDPR)

You have the right to demand that BGE delete any personal data relating to you immediately; the BGE is obliged to delete it immediately if:

  • The personal data are no longer necessary for the purpose of the survey.
  • You revoke your consent to the processing or a legal basis is subsequently lost.
  • You submit an objection to the processing in accordance with Article 21, paragraph 1 GDPR and there are no overriding legitimate reasons for the processing or you have submitted an objection to data processing for the purpose of direct advertising in accordance with Article 21, paragraph 2 GDPR.
  • Your personal data has been processed unlawfully by us.
  • The deletion is necessary to fulfil a legal obligation under European Union law or the law of the Member States.
  • This is the personal data of a child that has been collected in relation to information society services offered in accordance with Article 8, paragraph 1 GDPR.

In particular, the right to the deletion of personal data relating to you does not exist if we process the data on the basis of a legal obligation (e.g. to fulfil legal storage obligations or to perform public tasks under the law of the European Union or its member states) or if we process the data for data backup and data control purposes. The same applies if the personal data is necessary for us to assert legal claims or to defend against legal claims. 

d) Right to restrict processing (Article 18 GDPR)

You can demand that we restrict the processing of your personal data. This applies in the following cases:

  • The correctness of the personal data is disputed by you. In this case you can demand that we do not process the data until the correctness of the data has been checked.
  • The processing is unlawful, but, instead of deletion, you request only the restriction of the processing.
  • The BGE no longer requires the personal data for the purposes of the processing but you need the data to assert, exercise or defend legal claims.
  • You have lodged an objection to the processing in accordance with Article 21, paragraph 1 GDPA as long as it is not yet clear whether the legitimate reasons of the data controller outweigh yours.

e) Right of data transferability (Article 20 GDPR)

You have the right – subject to the following provisions – to demand the surrender of data concerning you in a common electronic, machine-readable data format. The right of data transfer includes the right to transfer the data to another data controller; on request, we will therefore – as far as technically possible – transfer data directly to a responsible person named or to be named by you. The right of data transfer exists only for data provided by you and presupposes that the processing is based on consent or for the execution of a contract and is carried out using automated procedures. The right of data transfer according to Article 20 GDPR does not affect the right to delete data in accordance with Article 17 GDPR. The data transfer is subject to the rights and freedoms of other persons whose rights may be affected by the data transfer.

f) Right of objection (Article 21 GDPR)

If the BGE processes personal data on the basis of tasks in the public interest (Article 6, paragraph 1, sentence 1, letter e) GDPR) or in order to safeguard legitimate interests (Article 6, paragraph 1, sentence 1, letter f) GDPR), you can object to the processing of personal data concerning you at any time with effect for the future. 

In the event of objection, we must refrain from any further processing of your data for the aforementioned purposes, unless

  • there are compelling legitimate reasons for processing that outweigh your interests, rights, and freedoms, or
  • the processing is necessary for the assertion, exercise, or defence of legal claims

You can object to the use of your data for the purpose of direct advertising at any time with effect for the future.

g) Right of appeal to the supervisory authority (Article 77 GDPR)

According to Article 77 GDPR, you have the right to submit a complaint to the supervisory authority if you believe that your personal data are being processed unlawfully. The supervisory authority responsible for the BGE is mentioned in Item 1 letter c). 

The BGE provides information about open vacancies on this website. Thank you for visiting our career site and for your interest in the Bundesgesellschaft für Endlagerung mbH as an employer.

You can apply online exclusively by sending your application documents to the email address stated in the job advertisement. The BGE uses technical and organisational measures to protect the data collected from you against accidental or intentional manipulation, loss, destruction, or unauthorised access.

Legal basis

Your application data will be processed in accordance with Section 26, paragraph 1, BDSG for the purpose of deciding on whether to establish an employment relationship or, after its establishment, for its implementation.

Storage duration

If the employment relationship comes about, your application documents will become part of the personnel file and will be kept in accordance with the legal requirements. If we do not conclude an employment contract with you and/or do not conclude any other written agreement with regard to the further retention of the submitted applicant data, the application documents will be deleted six months after announcing the rejection decision provided that no other legitimate interests on our part conflict with a deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

BGE publishes current invitations to tender on the "invitations to tender" part of the website. We are pleased about your interest in submitting offers.

Tenders or requests to participate in award procedures are usually submitted via the service provider subreport online (www.subreport.de (external link)). subreport online is operated by subreport Verlag Schawe GmbH, Buchforststraße 1-15, 51101 Cologne, Germany. There is a contract processing relationship between the BGE and the service provider (external link, German only) in accordance with Article 28 GDPR, the contract of which you can view as an example. You can view the data protection regulations of subreport (external link, German only).

Access to your data will be granted only to the persons responsible for its processing. In particular, employees of the awarding authority receive offers. In addition, responsible data protection officers, quality managers, internal auditors, invoice and price auditors, and members of the audit institutions can also gain insight into your data.

Legal basis

Data in connection with participation in award procedures is processed on the basis of Article 6, paragraph 1, sentence 1, letter b) GDPR for the purpose of initiating or implementing a contract.

Storage duration

The data will be stored for as long as necessary to fulfil contractual or legal obligations. If the data is no longer required for this purpose, it is regularly deleted. However, this is not the case if their temporary further processing results from the following purposes:

  • Fulfilment of commercial and tax law retention obligations:
    The German Commercial Code (HGB) and the German Fiscal Code (AO) are to be mentioned. The periods of retention or documentation specified there are two to ten years. 
  • Preservation of evidence within the framework of the legal statute of limitations. According to Sections 195 et seqq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

When BGE operates video surveillance on its property, it does so for the following purposes:

  • Enforcement of householder’s rights
  • For danger prevention (theft, vandalism)
  • To protect against disruptive action and other third-party interference
  • To support the security service
  • For purposes of preservation of evidence 

Legal basis

The legal basis derives from the legitimate interest under Section 6 paragraph 1, sentence 1, letter f) GDPR, which consists of the aforementioned purposes.

The recording data is deleted or overwritten after a maximum of 72 hours if no event worthy of documentation has occurred. There is no sound recording.

The records are handed over to the police, public prosecutor’s office, or a court on their orders.

Because of its legal mandate, BGE is obliged to carry out extensive public relations work. At events organised by the BGE or at events co-organised by the BGE, photographs and film recordings of speakers, participants, and guests may be taken and distributed for the purposes of documentation and public relations work. Such recordings may be used on this website, in publications or internal presentations, or may be forwarded to the media.

This fact is pointed out in the invitations issued by BGE and also at the venue itself.

Legal basis

These records are based on Article, 6 paragraph 1, sentence 1, letter e) GDPR. There is a public interest in the final disposal of radioactive waste and related events. The interests of the persons concerned are safeguarded. For example, photographs are taken without consent in accordance with Article 6, paragraph 1, sentence 1, letter a) GDPR only if they are large group or overview photographs. Targeted portraits or close-ups of individual persons or children are taken only with their consent.

The Conference on Sub-areas Database is an online database that is publicly accessible via the BGE website (www.bge.de) and contains data along with notes, comments and questions regarding the site selection procedure and the Sub-areas Interim Report. Using the information provided by the database, interested citizens can trace how the results of the Conference on Sub-areas are handled and how they are taken into account at a later stage in the procedure.

No personal data is transmitted during the use of the database. The hosting of the database is provided by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg. Our server is located in Germany. The database and therefore the documents stored in it are to remain publicly accessible until the end of the site selection procedure.

The BGE has set up a whistleblower system (reporting office) for reporting indications of possible infringements of laws or rules. Data processing within the framework of the whistleblower system is carried out in accordance with the German Whistleblower Protection Act (HinSchG). Moreover, the processing of data serves to handle reports that do not fall within the scope of HinSchG. This serves to maintain sound administrative procedures and to protect the assets of the BGE, its partners, and its business partners. For example, these reports include violations of internal guidelines and of the BGE’s Code of Conduct. Lastly, data processing serves to accept and investigate complaints in accordance with the Supply Chain Act (LkSG). These complaints relate to violations of human rights and environmental due diligence as regulated in LkSG.

Legal basis

The whistleblower’s personal data is generally processed on the basis of Article 6, paragraph 1, letter c, GDPR in conjunction with section 12 HinSchG or in conjunction with section 8 LkSG. In other cases, personal data in the whistleblower system is processed based on Article 6, paragraph 1, letter f, GDPR in order to safeguard the overriding legitimate interest of the BGE. This legitimate interest lies in preventing and combating corruption and in processing serious suspected cases of other rule violations in connection with the BGE and protecting the BGE and its employees from any potential resulting harm. Given that the reporting of violations can avoid legal consequences such as prosecution, claims for damages and considerable reputational damage, this interest is not overridden by the legitimate interests of the affected individuals in excluding processing or use.

The following data is processed:

  • details of the accused (e.g. first name, surname, title, contact details, position and details of the employment relationship)
  • details of the (alleged) behavioural violations and of the circumstances

Since the BGE’s whistleblower system provides for anonymous reporting, no personal details of the whistleblower are collected unless they state otherwise. In the event of non-anonymous reporting, personal data such as the first name and surname of the reporting individual and, if need be, their email address, phone number or address, depending on the reporting channel, are collected along with the circumstances of the observation.

The recipients of the personal data are the BGE’s Compliance and Anti-Corruption Officer, who is responsible for the reporting office, and their representatives as well as, where applicable, other bodies following consent by the whistleblower.

Retention period

Following completion of the procedure, documentation relating to reports pursuant to HinSchG is deleted after three years (section 11(5) HinSchG) and documentation relating to complaints pursuant to LkSG is deleted after seven years (section 10(2), sentence 2, LkSG). Otherwise, personal data from reports is deleted within a reasonable period of time in accordance with the applicable legal provisions.

The data protection regulations may have to be adapted because of technical developments, jurisdiction, or legal changes.

In order to keep yourself informed about the current status of our data use conditions, you should visit this page regularly.

Changes will be announced and updated here in the future:

  • Removal of the references in Item 4 d), e) to the US Privacy-Shield certification regarding YouTube and esri because of ECJ decision C-311/18 of 16 July 2020
  • Insertion of references in Item 4 d), e) to the fact that in the US there is no current level of data protection comparable to that in the EU and that the decision to transfer one’s data to the US is up to the user.

 

 

 

Last updated: 25 March 2024

 

 

 

Top