Jump to content
Logo: Service Portal Migration Germany
Logo: Service Portal Migration Germany

Privacy policy

1. Introduction

This privacy policy contains all the information that we, the Federal Ministry of the Interior and Community (BMI), are legally required to publish, particularly in accordance with the EU General Data Protection Regulation (GDPR), about how we process your personal data.

In order to fully understand the following text, it will be helpful to familiarise yourself with the definitions of terms in Article 4 of the GDPR.


Controller:

Federal Ministry of the Interior and Community (BMI)
Alt-Moabit 140
10557 Berlin
Germany
Tel.: +49 (0)30 18 681-0
Email: poststelle@bmi.bund.de
DE-Mail: poststelle@bmi-bund.de-mail.de


Data protection officer:

Data Protection Officer for the
Federal Ministry of the Interior and Community (BMI)
Alt-Moabit 140
10557 Berlin
Germany
Tel.: +49 (0)30 18 681-0
Email: bds@bmi.bund.de

 

2. Rights of the data subject

You have the following rights with regard to personal data concerning you that is processed by us:

  • right of access to the data that we process
  • right to rectification or erasure of the data that we process
  • right to restriction of processing
  • right to object to processing  
  • right to data portability

You can claim these rights in writing using the contact information provided in section 1 above.

You have the right to object to processing of your personal data if one of the following applies:

  1. You object, on grounds relating to your particular situation, to processing of personal data concerning you (which is based on Article 6 (1) (e) or (f) of the GDPR), including profiling based on those provisions; or  
  2. You object to processing for direct marketing purposes. This also includes profiling to the extent that it is related to direct marketing.

If you have consented to the processing of your personal data, you can withdraw your consent at any time by sending notification of this to one of the email addresses provided in section 1. Such withdrawal of consent does not affect the lawfulness of any processing carried out prior to your withdrawal of consent.

If you are of the opinion that we are not processing your personal data in line with existing data protection law, you can lodge a complaint with a supervisory authority. The supervisory authority responsible for the Federal Ministry of the Interior and Community is the Federal Commissioner for Data Protection and Freedom of Information.

3. Amendments to this privacy policy

Our privacy policy may change over time as the aims of our platform develop, or due to external influences (e.g. new court rulings). Any such amendments will be announced on our website.

4. We process your data for the following purposes:

The following data are processed when you use the Service Portal Migration Germany:

  • technical personal data  
  • basic personal data such as name, address and date of birth
  • data required for authentication using BundID
  • data required for use of the contact form in the Service Portal Migration Germany
  • data required when applying for administrative services online via the Service Portal Migration Germany  

4.1 Data that we process when you access our online service

The following technical personal data are collected and stored to ensure the best possible technical performance of the website when you use Service Portal Migration Germany:

  • your complete IP address
  • date and time of your visit
  • the website from which you accessed our website (“referrer”)
  • the operating system of your computer and the browser you used
  • request details and destination address (protocol version, HTTP method, referrer, user agent string)
  • name of the file retrieved and volume of data transferred (requested URL and query string, size in bytes)
  • whether the request was successful (HTTP status code)

These data are stored in log files for a period of seven days and are then deleted automatically.

4.2 Data that we process when you access the Service Portal Migration Germany; Authentication using BundID

Authentication using BundID is a secure process that determines the unique identity of persons wishing to use digital administration services. This process simplifies access to online services of the public administration by verifying the unique identity of users.  

Registering with BundID

Before using the authentication process, you will need to register with the BundID website. To register, you will need a valid email address and a username and password of your choice.

Signing into the Service Portal Migration Germany

To use an online administrative service, you will need to sign in using your BundID. BundID authentication gives you access to all the services you require, so there is no need to create a separate account for each service. Once you have authenticated yourself successfully, you will have access to the Service Portal Migration Germany.

Authentication takes place when you sign in with your username and password. During this process, the following personal data are collected and stored:

  • identity data: your name, date of birth, name at birth, place of birth, and address
  • communication data: your email address
  • login data: username, password, security question and answer

You can also provide the following additional data:

  • identity data: your title (e.g. Mr/Ms/Dr)
  • communication data: your telephone number

The legal basis for processing your identity data to create your account is Article 6 (1) (e) of the GDPR in conjunction with your consent in accordance with section 8 (5) of the Online Access Act (Onlinezugangsgesetz, OZG). The legal basis for processing your communication data (in particular your email address) is Article 6 (1) (e) of the GDPR in conjunction with section 8 (3) of the Online Access Act. Login data are processed on the basis of Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Each time you visit the BundID website, data are collected which are technically necessary to display the website and to ensure the stability and security of this service. These data are collected even if you do not sign in with a BundID account.

The following data are collected:

  • date and time of access
  • name and URL of the files retrieved
  • the website from which you accessed our website
  • the operating system of your computer and the browser you used
  • your IP address
  • the name of your internet service provider

These data are recorded in technical log files, where they are stored for 90 days. After that time, the data are deleted automatically. Technical and organisational safeguards have been put in place to ensure that only authorised administrators have access to the data. These data are not combined with any other data sources.

4.3 Data that we process for contact purposes

The following personal data are processed when you use the contact form in the Service Portal Migration Germany:

  • title (optional)
  • first name
  • last name
  • street and house number (optional)
  • post code (optional)
  • town/city (optional)
  • email address
  • subject
  • your message

These data are stored until the processing of your request is complete and deleted no later than one year after receipt of the request.

4.4 Data that we process when you submit applications

The Service Portal Migration Germany can be used to submit the following applications:  

  • application for the EU Blue Card for persons who have a visa – a specially shortened version of the application with automated data retrieval for persons who have already applied for an EU Blue Card from abroad (Service Portal Migration Germany)  
  • application for the EU Blue Card (Potsdam)  
  • application for naturalisation (Bonn)  

For the processing of personal data for applications, separate privacy policies apply. Information about the processing of personal data can be found on the website of the application form in question.

4.5 Purpose of processing

Personal data are generally only processed if this is necessary for the provision and optimisation of a functioning website and its contents and services.  

This includes the provision of our online service (see section 4.1), the authentication and identity check of applicants (see section 4.2), replying to questions about the Service Portal Migration Germany (see section 4.3) and the processing and administration of applications (see section 4.4).  

4.6 Legal basis for data processing

The legal basis for processing your personal data is Article 6 (1) (e) of the GDPR in conjunction with (for naturalisation) sections 31–33 and 36–37 of the Nationality Act (Staatsangehörigkeitsgesetz, StAG) and in conjunction with (for the EU Blue Card) sections 86 et seqq. of the Residence Act (Aufenthaltsgesetz, AufenthG). If we obtain consent to process personal data, Article 6 (1) (a) of the GDPR serves as the legal basis.

5. Retention periods

We retain your personal data for as long as they are needed for the purpose of data processing. Beyond that, data are only retained if there is a legal obligation to retain them or if there are legal claims based on a legal relationship with respect to the data, in which case a longer retention period may be necessary.

The maximum retention period for the processing purpose in question is based on your duration of use of the platform for submitting your applications; retention periods are stipulated in the erasure strategy for the processing purposes in question.

6. Security measures

In accordance with the legal provisions and under consideration of the state of the art, the costs of implementation and the type, the scope, the circumstances and the purposes of processing, and considering the likelihood and extent of the risk to rights and freedoms of natural persons, we take suitable technical and organisational measures to ensure a level of protection that is appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to them as well as the handling, input, disclosure and segregation of data. In addition, we have set up procedures to ensure that the rights of data subjects are observed, data are erased, and threats to data are responded to. Furthermore, we already take into account the protection of personal data when developing and/or choosing hardware, software and data protection procedures – through technological design and through privacy-friendly default settings.

Abbreviated IP addresses: When IP addresses are processed by us or by our service providers and technologies, if this processing does not require the IP address in its full form, a shortened form of the IP address is used (known as IP masking). This involves removing, or substituting a placeholder for the last two digits of the IP address or the last part of the address after the dot. The purpose of abbreviating IP addresses is to prevent users from being identified via their IP address.

Secure internet connection through TLS/SSL encryption technology (HTTPS): In order to prevent unauthorised access to users’ data which are transmitted through our online services, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology enable data to be transmitted securely via the internet. These technologies encrypt the information transmitted between a website or app and the users’ web browser (or between two servers), thus protecting it from unauthorised access. TLS, a more refined and more secure version of SSL, ensures that all data transmission meets the highest security standards. Websites that are secured by SSL/TLS certificates can be recognised by the prefix “HTTPS” in their URL.

7. Disclosure of your data

In order to fulfil the processing purposes outlined above, in certain cases the Federal Ministry of the Interior may be legally obliged to allow access to your data for law enforcement authorities (see section 23 (1) nos. 3 and 4 of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG)) or for the Federal Office for Information Security (BSI) (see section 5 (1) sentence 4 of the Act on the Federal Office for Information Security (Gesetz über das Bundesamt für Sicherheit in der Informationstechnik, BSIG)), if this is required in connection with the prosecution of criminal acts or to defend against attacks on the Federal Government’s IT infrastructure.

8. Use of cookies

Our website uses cookies. Cookies are small pieces of data that a website can store locally in the memory of the web browser on your computer. They contain identifiers (randomly generated identification numbers), which the server can use to clearly identify requests coming from your device. In this way, requests can also be clearly attributed to specific users.

Our website uses functional cookies which are essential (from the user’s point of view) for the provision of our online service; consent to their use is therefore unnecessary. These include, for example, cookies that remember the user’s login status or help to protect user data.

9. Automated decision-making and profiling

Data subjects are not subjected to decisions based solely on automated processing (see Article 22 of the GDPR). No decisions are determined by algorithms.

10. Links

The BundID privacy policy is available here.

 

Last updated: 27 February 2025