Data protection statement
I. Controller's contact details
The controller for the personal data processed in the use of the website is the
Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen (BNetzA)
represented by its President, Jochen Homann.
Tel.: +49 (0) 228 / 14 - 0
II. Contact details of the authority's data protection officer
III. Data processing
The Bundesnetzagentur wants to make you aware of how it processes your personal data and your data protection rights. When we process personal data, this processing is always directly connected to the performance of our public duties.
Purposes for Processing
Personal data are processed by the Bundesnetzagentur to the extent necessary for the purpose of performing its legally assigned duties. Information about the Bundesnetzagentur’s work is available at Bundesnetzagentur’s duties and in the organisation chart: Organisation Chart (pdf / 255 KB)
The Bundesnetzagentur also processes personal data as a contracting party under civil law. Examples of this are for the procurement of office materials or auxiliary services. In this context and in pursuit of its own interests the Bundesnetzagentur may also process personal data of the contracting party’s employees. The Bundesnetzagentur’s interest lies in the initiation, conclusion and execution of such contractual relationships.
As a public sector employer, the Bundesnetzagentur also processes personal data as part of its personnel recruitment and administration efforts.
The Bundesnetzagentur processes personal data on the basis of consent for special services such as delivering newsletters.
Where the processing of your personal data is based on your consent, the legal basis is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).
Where the processing is necessary to fulfil a contract, the contracting party of which is the data subject, or the processing is required in order to carry out pre-contractual measures that are implemented upon the request of the data subject, the legal basis is Article 6(1)(b) GDPR.
Where the processing of personal data is necessary for compliance with a legal obligation to which we are subject, the legal basis is Article 6(1)(c) GDPR.
Where the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, the legal basis is Article 6(1)(e) GDPR in conjunction with the specific legal provision governing the task.
Where the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, the legal basis for the processing is Article 6(1)(f) GDPR.
Visiting our website
When you visit our website, we process the following computer system data, accessed by the website, as part of our automatic logging:
- IP address, anonymised
- date and time
- notification if the access was successful
- page accessed/name of file accessed
- data volume transmitted
- user agent for statistics
The legal basis we rely on is Article 6(1)(f) GDPR, which allows us to process personal data when it is necessary for the purposes of our legitimate interest in maintaining the stable functioning of our IT systems and the technology of our website. The data are only evaluated for statistical purposes, to improve our service and to ensure data protection and information security at the Bundesnetzagentur. They are not used for other purposes or passed on to third parties. Where third-party service providers provide services for us, they are subject to agreements on processing on behalf of another party.
Temporary session cookies are used on certain web pages and saved on your device to make navigating the site easier. These cookies do not contain any personal data and expire once the session ends. We do not use any technology to track users' browsing habits.
Contacting the Bundesnetzagentur using an online form or email
If you get in touch with us using our online form or email, the personal data you provide will be processed to deal with your query and to contact you.
The legal basis for processing your data depends on the reason you contacted us. If we process the data in the course of fulfilling our responsibilities, the usual legal basis is Article 6(1)(e) and (3) GDPR in conjunction with section 3 of the German Federal Data Protection Act (BDSG).
How long we have to store data and when we have to delete it also depend on the reason you contacted us. Queries from members of the public are stored in accordance with the periods laid down in the Registry Directive for the retention of records.
You can subscribe to a free newsletter on our website. When you subscribe to the newsletter, the data you enter in the user form will be transmitted to us. During the registration process you will be asked for your consent to your data being processed and made aware of this data protection statement. The legal basis for data processing once you have registered for the newsletter and given consent is Article 6(1)(a) GDPR. Your email address is collected in order to send the newsletter to you. Other personal data collected during the registration process are used to make sure that services or the email address given are not abused. You can cancel your subscription to the newsletter at any time.
- Video surveillance
Video surveillance is conducted on the properties of the Bundesnetzagentur under our responsibility.
As part of the video surveillance, personal data (video recordings) of individuals on the properties of the Bundesnetzagentur are processed on the basis of Article 6(1)(e) GDPR.
The Bundesnetzagentur uses video surveillance solely for the purposes of safety and meeting the special security needs of the agency.
The video surveillance serves the legitimate interest of preventing damage to monitored buildings as well as the people and the information located in the buildings (premises security and protection from sabotage), early detecting and preventing entry by unauthorized persons (physical access control), and documenting and preserving evidence of any unauthorized entry.
Video surveillance may include making video recordings. This can be done on an as-needed basis – where the level of apparent danger makes it necessary – or on a permanent basis. Video recordings will only be shared to the extent necessary in the event of a criminal prosecution or to avert danger. The data must be deleted immediately – but after no more than seven days – if it is no longer necessary for security purposes.
IV. Your rights as a data subject
Where we process your personal data for the performance of a task
- Right to information
Article 15 GDPR gives you the right to information about your personal data processed by the Bundesnetzagentur free of charge. In particular:
- the purposes of the processing of your personal data,
- the categories of personal data that are being processed,
- the recipients or categories of recipients to whom the personal data have been or will be disclosed,
- the envisaged period for which the personal data will be stored, or the criteria used to determine that period,
- the source of the data if we did not collect the data from you.
The exceptions to this right laid down in section 34 BDSG apply.
- Right to rectification
Article 16 GDPR gives you the right to have inaccurate personal data corrected without undue delay and, where appropriate, the right to have incomplete personal data completed.
- Right to erasure
Article 17 GDPR gives you the right to have your personal data erased, provided the grounds laid down in Article 17(1) GDPR apply. However, according to paragraph 3 there is no such right when the processing of data is necessary for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims. In addition, the exceptions to this right laid down in section 35 BDSG apply.
- Right to restriction of processing
Article 18 GDPR on the right to restriction of processing gives you the option to temporarily prevent the further processing of your personal data provided the grounds laid down in Article 18(1) apply; for example, for a period enabling your opposing rights to be verified.
- Right to data portability
Article 20 GDPR gives you the right to receive the personal data concerning you, which you have provided to the Bundesnetzagentur, in a structured, commonly used and machine-readable format, where the Bundesnetzagentur processes this data based on your consent and the processing is carried out by automated means. In accordance with Article 20(3) second sentence GDPR, this right does not apply to processing necessary for the performance of a task carried out in the public interest.
- Right to object
Where the Bundesnetzagentur processes your personal data for the performance of a task carried out in the public interest or for the purposes of legitimate interests (Article 6(1)(e) and (f) GDPR), you have the right to object, on grounds relating to your particular situation, to this processing (Article 21 GDPR). If you exercise your right to object, the Bundesnetzagentur will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims. In accordance with section 36 BDSG, the right to object does not apply if there is an urgent public interest in the processing that outweighs the interests of the person concerned or if processing is required by law.
Right to lodge a complaint with a supervisory authority
Article 77 GDPR gives you the right, without prejudice to any other legal remedy, to lodge a complaint with the competent supervisory authority if you consider that the processing of personal data relating to you is unlawful. The competent supervisory authority for the Bundesnetzagentur is:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (Federal Commissioner for Data Protection and Freedom of Information)
V. Information in accordance with section 55 Federal Data Protection Act (Bundesdatenschutzgesetz):
a) Purposes for processing (section 55 para 1 BDSG)
The Bundesnetzagentur is also responsible for preventing, investigating, taking action against and penalising certain regulatory breaches. The Bundesnetzagentur is entitled to process personal data in order to perform these tasks.
b) Data subjects’ rights (section 55 para 2 BDSG)
In accordance with section 57 Federal Data Protection Act, the Bundesnetzagentur must inform the data subject upon request whether the data concerning them is being processed. The data subject also has the right to receive the information in accordance with section 57(1) Federal Data Protection Act.
Furthermore, the data subject has the right to rectification, erasure and limitation of the processing in accordance with section 58 Federal Data Protection Act.
c) Right to appeal with the Federal Commissioner for Data Protection and Freedom of Information (section 55 para 4 and 5 BDSG)
In accordance with section 60 Federal Data Protection Act, the data subject can, at any time, contact the Federal Commissioner for Data Protection and Freedom of Information. The contact information is:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (Federal Commissioner for Data Protection and Freedom of Information)
Telephone: +49 228 99 7799-0
Fax: +49 228 99 7799-5550
Data protection in social media
The Bundesnetzagentur is active on Twitter and has its own YouTube channel. More specific information is available at:
Datenschutzinformationen zum Twitter-Kanal (pdf / 15 KB)
Datenschutzinformationen zum YouTube-Kanal (pdf / 14 KB)
The Bundesnetzagentur also operates a grid expansion fan page on Facebook and uses SlideShare.
More specific information is available at: https://www.Netzausbau.de/datenschutz