Data protection statement
I. Controller's contact details
The controller for the personal data processed in the use of the website is the
Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen (BNetzA)
represented by its President, Jochen Homann.
Tel.: +49 (0) 228 / 14 - 0
II. Contact details of the authority's data protection officer
Tel.: +49 (0) 228 / 14 - 4140
Fax: +49 (0) 228 / 14 - 6414
III. Data processing
- Data processing
The Bundesnetzagentur wants to make you aware of how it processes your personal data and your data protection rights.
When we process personal data, this processing is always directly connected to the performance of our public duties.
- Legal basis
.Where the processing of your personal data is based on your consent, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR)
Where the processing of personal data is necessary for compliance with a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR.
Where the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, the legal basis is Article 6(1)(e) GDPR.
Where the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, the legal basis for the processing is Article 6(1)(f) GDPR.
Visiting our website
When you visit our website, we process the following computer system data, accessed by the website, as part of our automatic logging:
- IP address, anonymised
- date and time
- notification if the access was successful
- page accessed/name of file accessed
- data volume transmitted
- user agent for statistics
The legal basis we rely on is Article 6(1)(f) GDPR, which allows us to process personal data when it is necessary for the purposes of our legitimate interest in maintaining the stable functioning of our IT systems and the technology of our website. The data are only evaluated for statistical purposes, to improve our service and to ensure data protection and information security at the Bundesnetzagentur. They are not used for other purposes or passed on to third parties. Where third-party service providers provide services for us, they are subject to agreements on processing on behalf of another party.
Temporary session cookies are used on certain web pages and saved on your device to make navigating the site easier. These cookies do not contain any personal data and expire once the session ends. We do not use any technology to track users' browsing habits.
- Contacting the Bundesnetzagentur using an online form or email
.If you get in touch with us using our online form or email, the personal data you provide will be processed to deal with your query and to contact you
The legal basis for processing your data depends on the reason you contacted us. If we process the data in the course of performing our responsibilities, the usual legal basis is Article 6(1)(e) and (3) GDPR in conjunction with section 3 of the German Federal Data Protection Act (BDSG).
How long we have to store data and when we have to delete it also depend on the reason you contacted us. Queries from members of the public are stored in accordance with the periods laid down in the Registry Directive for the retention of records.
You can subscribe to a free newsletter on our website. When you subscribe to the newsletter, the data you enter in the user form will be transmitted to us. During the registration process, you will be asked for your consent to your data being processed and made aware of this data protection statement. The legal basis for data processing once you have registered for the newsletter and given consent is Article 6(1)(a) GDPR. Your email address is collected in order to send the newsletter to you. Other personal data collected during the registration process are used to make sure that services or the email address given are not abused. You can cancel your subscription to the newsletter at any time.
IV. Your rights as a data subject
You have legal rights concerning the processing of your personal data. These include in particular:
Right of access
Article 15 GDPR gives you the right to information free of charge about the personal data concerning you processed by us. This includes in particular
- the purposes of the processing,
- the categories of personal data concerned,
- the recipients or categories of recipient to whom the personal data have been or will be disclosed,
- the envisaged period for which the personal data will be stored, or the criteria used to determine that period,
- the source of data, if we did not collect them from you.
The exceptions to this right laid down in section 34 BDSG apply.
- Right to rectification
Article 16 GDPR gives you the right to have inaccurate personal data corrected without undue delay and, where appropriate, the right to have incomplete personal data completed.
- Right to erasure
Article 17 GDPR gives you the right to have your personal data erased provided the grounds laid down in Article 17(1) GDPR apply. However, according to paragraph 3 there is no such right when the processing of data is necessary for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims. In addition, the exceptions to this right laid down in section 35 BDSG apply.
- Right to restriction of processing
Article 18 GDPR enables you to temporarily prevent the further processing of your personal data provided the grounds laid down in Article 18(1) GDPR apply; for example, for a period enabling your opposing rights to be verified.
- Right to data portability
Article 20 GDPR gives you the right to receive the personal data that you provided to us in a structured, commonly used and machine-readable format where the processing is based on consent and carried out by automated means. According to Article 20(3) second sentence GDPR, this right does not apply to processing necessary for the performance of a task carried out in the public interest.
- Right to lodge a complaint with a supervisory authority
tArticle 77 GDPR gives you the right, without prejudice to any other legal remedy, to lodge a complaint with the competent supervisory authority if you consider that the processing of personal data relating to you is unlawful. The competent supervisory authority for the Bundesnetzagentur is
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (Federal Commissioner for Data Protection and Freedom of Information):
V. Right to object
Where we process your personal data for the performance of a task carried out in the public interest or for the purposes of legitimate interests (Article 6(1)(e) and (f) GDPR), you have the right to object to this processing on grounds relating to your particular situation (Article 21 GDPR). If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. According to section 36 BDSG, the right to object does not apply if there is an urgent public interest in the processing which outweighs your interests or if processing is required by law.
Data protection in social media
The Bundesnetzagentur has no influence on the collection and use of data by the social networks. We are unable to tell how much data is stored or where and for how long, to what extent the networks comply with current requirements for deleting data, how the data collected is processed and linked, or to whom the data is passed on. If you need any more information about how personal data is handled, please contact the Bundesnetzagentur's data protection officer.
For any further information regarding the handling of personal data, please contact the Bundesnetzagentur's Data Protection Commissioner.