For Affected Persons
1. How to contact us as the controller :
Tel.: +49 30 25 93 91 0
Company data protection officer: email@example.com
2. Scope of processing
2.1 Categories of personal data that is processed
- ID document data: family name, first name, date of expiry, place of birth, nationality, birth name, date of birth, registered address, ID document number (for comparison with request, ID document, proof of ID), issuing authority
- Other data: Title, academic title, contact e-mail, e-mail certificate, mobile phone number, invoice address, organization, product-specific ID, user name
- Proof: Video proof of identity (recording of the person, ID card/passport/ID document)
- IP addresses, access points
- If applicable, documentation of information provided pursuant to section 8 (2) of the Trusted Services Act (VDG, Vertrauensdienstegesetz)
- If applicable, data to be signed via self-service UI
2.2 Sources of personal data
- The data of the persons concerned is:
- recorded in a web form during self-registration
- received from identification service providers as a validated data record
- received from customers who communicate with the sign-me application via the API
- in the case of contact persons of customers, taken from contracts and forms
- taken from service and support requests by companies who provide support services for their own end customers
- taken from direct support requests by the persons concerned
2.3 Data storage period
The traceability of the identification which serves as the basis for issuing a certificate is a quality feature of the certificate. The statutory storage periods or those specified in certifications depend on the specific product.
In the case of qualified signature certificates, the provisions of section 16 (4) VDG on permanent storage apply to certificates, identification data, including contact data. This corresponds to the entire duration of operations by the trust service provider. Before discontinuing its operations, the trust service provider is required to hand over the data to the Federal Network Agency or another qualified trust service provider.
All other identification data will be deleted eight years after the validity of the last certificate issued on the basis of this data has expired. The same applies to certificates.
The revocation password hash is deleted at the latest one year after the validity of the last certificate issued on the basis of this data has expired.
Invoice data is deleted after ten years.
Documentation of information provided pursuant to section 8 (2) VDG is stored for twelve months.
Documents uploaded to be signed by the sign-me user via the self-service UI will be deleted within 5 days.
2.4 Purpose of processing
Data is processed for the following purposes: to establish the identity of the applicant, to check a request and for handling, billing, observing documentation obligations, to warrant the certificate life cycle including revocation and operation of the repository service (status information service), checking cost efficiency and quality, for statistical purposes (anonymized) and in individual cases for troubleshooting, especially in the case of support requests.
The certificates are used as part of the signature creation service to create signatures for the certificate holder (data subject).
Data processing is also carried out as part of measures to maintain information security, especially to detect and ward off attacks, including internal and external audits, export control and sanctions list checking.
In the case of enquiries pursuant to section 8 (2) VDG, the information provided is sent to the competent offices.
The sign-me user can upload PDF-documents via the self-service UI. The uploaded data is processed to add the sign-me users signature to the document.
2.5 Legal basis for processing
Certificates and identification data, contact data, order data, invoice data, revocation password hashes, documentation of support/service cases and if applicable documents to be signed are processed in order to perform the contract with the data subject.
eIDAS Regulation (No. 910/2014) and the Trusted Services Act provide the legal framework for trust services.
The consent of the data subject is obtained in order to copy the ID card, passport or other ID document.
Section 8 (2) VDG provides the legal basis for sending the information provided to competent offices.
Data subject requests are processed pursuant to Art. 12 - 23 GDPR or sections 32 - 37 of the Federal Data Protection Act (BDSG, Bundesdatenschutzgesetz).
The information provided is sent to affiliated group companies after weighing up the interests of all sides.
2.6 Legitimate interests
D-Trust has a legitimate interest within the meaning of Art. 6 (1) f GDPR in the following cases:
Information security and preventive measures are carried out using technical and organizational measures, including incident handling, in order to assess and prevent possible damage to the company (D-Trust), the data subjects whose data has been processed and to the trust service users.
The controller is part of a company group. Within the meaning of Recital 48 EU GDPR, Bundesdruckerei GmbH, as a subsidiary company of Bundesdruckerei Gruppe GmbH, has a legitimate interest in processing certain data centrally. Sanction list and export control checks, parts of dunning, sales activities and support service are performed by Bundesdruckerei GmbH.
2.7 Necessity to collect data
As a trust service provider, the controller is obliged to ensure the identity of the subscriber. The data marked as mandatory fields must be processed in order to meet with this obligation. If data is incorrect or not provided, it will not be possible to issue the certificate. The same applies to submitting proof, such as organizational affiliation or professional attributes. Without proof, the data cannot be included in the certificate.
The data subject’s mobile phone number or German landline number must be provided because it is used as a second factor as part of authentication to trigger a signature. The service cannot be performed without this security mechanism which is based on provision of this phone number.
2.8 Forwarding and foreign reference
In order to perform support services, the necessary data will be sent to the customer service unit of Bundesdruckerei GmbH and INCO Spólka z o.o. (subsidiary of Bundesdruckerei Gruppe GmbH in Poland).
Customers or partners running partner applications (e.g. portals or shop applications for signature credits) who use the sign-me API can use an user name to query the status of the users‘ certificates (certificate type and validity) and view information on any signature credit. In this way, an operator of partner applications receives information as to whether a user is registered with sign-me and, if so, which certificates are already available for the user.
If the certificate is used for signing, it is important for the recipient of the signature to know whether the signature is in fact from the signatory named and from a trusted source. The software used triggers a certificate status request, for instance, for this check. D-Trust GmbH offers a status query service for this purpose. This service can be used to find out whether or not a certain certificate has been revoked. Additionally the certificate is published in a repository service if the user agrees to this publication. The repository service, similar to a telephone directory, lists the certificates. The certificate is available online.
In addition, officers and identifying persons, auditors, supervisory authorities and, if necessary, competent authorities pursuant to section 8 (2) VDG can access the respective data.
Within the scope of export control, the name and organization are sent to Bundesdruckerei's sanctions list server. If matches fail, the date of birth, place of birth and nationality as well as the name at birth are used. In addition, the dispatch address, the country of dispatch, the invoice recipient’s address and, if applicable, other partners are assessed by Bundesdruckerei with a view to export control law.
Sales activities and dunning procedures are partly carried out by Bundesdruckerei GmbH.
There is no procedure in place nor the intention to transfer personal data to a third country or to an international organization.
When individual pages are called up, so-called temporary cookies are used for technical service provision. These session cookies do not contain any personal data and expire at the end of the session. Techniques such as Java applets or Active-X-Controls, which enable the access behavior of the users to be traced, are not used.
4. Rights of data subjects
If you have any requests for information regarding your data and its correction, deletion or restriction regarding processing, please send this to the postal address shown above or signed to firstname.lastname@example.org. The same applies if you wish to object to processing within the meaning of Art 21 of the GDPR or if you have a query regarding data portability.
If you have any questions or complaints regarding a procedure, please contact us using one of the contact options listed above. If you have any other reason for complaint, you can also contact our supervisory authority (Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, Germany).
5. Whistleblower system
Ensuring compliance with legal regulations and internal rules, such as our Code of Conduct, and also with our Code of Conduct for Business Partners is a top priority for the Bundesdruckerei Group. This applies to our own business unit as well as to our supply chains.
It is important to us that risks are identified at an early stage and violations are avoided as far as possible. We want to initiate appropriate countermeasures in good time and avoid possible damages for those affected, as well as customers, employees, business partners and our group of companies.
That is why we have set up an independent, impartial and confidential whistleblowing system that allows internal and external whistleblowers to also report anonymously.
With the help of the transparent Complaints Procedure, we create the greatest possible protection for those affected, the whistleblowers and the employees who are involved in clarifying the reported facts. All actual and alleged violations of legal requirements, the Code of Conduct and the Code of Conduct for Business Partners can be reported under the Complaints Procedure. Likewise, the subject of a report may involve human-rights or environmental risks, or breaches of duty along the entire supply chain of our Group companies and in our own business area.
Rapid, standardised processes plus confidential and professional processing of tips by internal experts form the foundation of this system, which is based on the principle of fair proceedings.
Discrimination or punishment of whistleblowers and persons entrusted with the handling of complaints and tips will not be tolerated.
The aformentioned Complaints Procedure is applicable to Bundesdruckerei Group GmbH and the group companies Bundesdruckerei GmbH, Maurer Electronics GmbH, genua GmbH, D-Trust GmbH, Maurer Electronics Split d.o.o, iNCO Sp. z o.o. and Xecuro GmbH (together being the “Bundesdruckerei Group”).
a) Purpose and legal basis of data processing
The purpose of processing personal data is the management of the whistleblower system, including the detection of serious violations or potential violations of applicable law or other serious matters.
The processing of personal data is necessary for the fulfillment of legal obligations to which we are subject; see Art. 6 (1) (1) (c) GDPR. This is the law for better protection of whistleblowers (Whistleblower Protection Act – Hinweisgeberschutzgesetz, HinSchG).
The processing serves to safeguard the legitimate interest in the detection of serious violations or potential violations of applicable law or other serious matters pursuant to Art. 6 (1) (1) (f) GDPR.
As far as the processing of special categories of personal data is concerned, processing on the basis of the Whistleblower Protection Act is necessary for reasons of substantial public interest, see Art. 9 (2) (g) GDPR. Special categories of personal data are processed pursuant to Art. 9 (2) (f) GDPR in conjunction with Art. 6 (1) (1) (f) GDPR for the establishment, exercise or defence of legal claims.
Data subjects are persons who are the subject of the notification. They may be employees, contractual partners or other persons who are professionally associated with us. In addition, we process personal data about whistleblowers even if the contact information or other information transmitted or communicated by them exposes their identity. Whistleblowers must therefore be aware that we may process personal data about them in connection with the processing of the reported case.
b) Categories of personal data
The report can be made anonymously. In this case, no personal data of the whistleblower will be processed.
The categories of personal data processed will depend on the information reported. If the whistleblower reports personal data about another person, including that of the person or persons being reported on, this personal data will also be processed. The following categories of personal data may be processed:
- General personal data (name, address, e-mail address, telephone number, position, etc.)
- Personal data relating to criminal convictions or suspicion of such
- Special categories of personal data (information revealing racial or ethnic origin, political opinions, religious or philosophical convictions or trade union membership, data concerning health and data concerning a person’s sex life or sexual orientation)
We advise the whistleblower only to report information that is of specific relevance to the reported case and, in particular, not to report sensitive information unless it is of central importance for the processing of the reported case.
c) Obligation to provide personal data
There is no obligation to provide the personal data listed under section b, as it is also possible to report anonymously. However, it may not be possible for us to process the report without being provided with personal data.
d) Recipients of personal data
The reports are documented as a process in the WhistleB System at Bundesdruckerei GmbH. Following an assessment, the processes are passed on internally to the relevant departments, and any necessary follow-up measures are initiated. If a report concerns one of the Group companies of the Bundesdruckerei Group, these processes will be forwarded to the responsible persons of the respective Group company and evaluated internally by the responsible person, and any necessary follow-up measures will be initiated. Personal data is only passed on for a specific purpose and in accordance with the principle of data minimisation; in other words, only the personal data that is absolutely necessary to process the notification is passed on.
We disclose personal data about the whistleblower to authorities if this is necessary to deal with serious offences or serious matters or to ensure the right of defending the data subjects. In other cases, personal data about the whistleblower will only be passed on with the consent of the whistleblower. Personal data about persons other than the whistleblower will only be passed on in the context of following up a reported case or to deal with serious offences or serious matters.
e) Storage duration
Personal data that proves to be irrelevant for the processing of a reported case, along with reports that we consider to be unfounded, is immediately categorised as “irrelevant”, and any personal reference (unless it is already an anonymous report) is removed. In order to guarantee compliance with the legally required documentation obligation or statutory deletion period from Sec. 11 (1), (5) HinSchG, this report will then be archived at first (without personal reference), but not yet deleted. Archived cases are used exclusively to fulfil documentation obligations and can therefore no longer be called up for processing.
Reports and personal data collected in the course of processing a report form the basis for further processing and are anonymised as soon as possible. However, if the need for follow-up measures within the meaning of Sec. 3 (8) and Sec. 18 HinSchG arises, it is possible that the anonymisation must be deviated from due to an official order or in order to secure legal claims. In this case, pseudonymisation is generally striven for unless something else has been specified (e.g., by a court order). The documentation will be deleted three years after completion of the procedure. The documentation may be kept for longer to fulfil the requirements of this Act or other legislation, as long as this is necessary and proportionate.