Privacy policy for the Bund RFP-Portal website
At the Federal Office of Administration (BVA), we are very serious about using personal data responsibly. We want you to know when the BVA collects and uses which data. If we collect your personal data when you are using the Bund RFP-Portal website (referred to in the following as "the website"), they will be processed in compliance with the European Union's General Data Protection Regulation (GDPR), the Federal Data Protection Act and other applicable law.
1 Contact information
1.1 Controller as defined in the GDPR
Federal Office of Administration (BVA)
50728 Cologne
Telephone: +49(0)228 99 358 0
Fax: +49(0)228 99 358 2823
Alternate telephone: +49(0)221 758 0
E-mail: poststelle@bfdi.bund.de
1.2 Data protection officer for the Federal Office of Administration
Stephan Heß
Federal Office of Administration (BVA)
50728 Cologne
Telephone: +49(0)228 99 358 681234
Alternate telephone: +49(0)221 758 681234
E-mail: datenschutzbeauftragter@bva.bund.de
2 Personal data
What are personal data? "Personal data" means any information (such as name, address, telephone number, e-mail address) that can be used to identify users.
2.1 Obligation to inform data subjects when collecting their data
If we collect your personal data, we must inform you when collecting the data what type and categories of data we collect, the purposes for which they will be processed, who will receive them, and how long they will be saved. We must also inform you of your rights as data subject, unless you already have this information.
The data we collect are not disclosed to third parties without your consent, unless such disclosure is described here or is required by law.
2.2 Personal data when using the website
To use the website, it is necessary to register by providing the following personal data:
- First and last name
- Business e-mail address
- Business telephone number
- Business fax number
Providing a business mobile telephone number is optional; if you provide it, it will also be saved.
These data are processed in compliance with the EU's General Data Protection Regulation (GDPR), the Federal Data Protection Act and other applicable law.
2.3 Making contact
If you contact us via e-mail, we will assume that we are authorized to reply via e-mail. If not, please indicate how you wish to communicate with us. We will then use the data in your message and your e-mail address to communicate with you.
If you use the e-mail function provided on the website, your IP address and the time the e-mail was sent will also be collected. We will use your message and the data you provide when contacting us to respond to your enquiry.
These data will be used only to communicate with you and process your request.
Like messages in paper form, electronic messages are retained and erased in accordance with the legal time limits for records retention and erasure or after the purpose of processing ceases to exist. We cannot specify the time limit, as the legal time limit depends on the content of your message.
2.4 More information on data saved when you access the website
Every time you access the website and retrieve a file, data are temporarily saved and processed in a log file.
Specifically, the following data are saved:
- your IP address
- date and time you accessed the website
- difference between your time zone and GMT
- website content
- access status (HTTP status)
- volume of data transferred
- your web browser
- your operating system
- your browser language and version
The log data are kept for 15 months. They are automatically archived using log rotation, and IP addresses in the log files are anonymized when rotated. This means that after one month at the latest (= 28, 29, 30 or 31 days), IP addresses can no longer be linked to a specific person.
For our website to be displayed on your device, we need to collect and save your device's IP address temporarily, while you are visiting our website. Saving these data in log files ensures the optimal functioning of our website and keeps our information technology systems safe. Temporarily saving your IP address in log files also makes it possible to analyse and correct errors faster.
These data are not used for marketing purposes.
2.5 Purpose of data collection
Data are collected in order to negotiate global hotel rates efficiently, manage the results of negotiations and produce hotel lists, including upload files.
2.6 Disclosure of data
During the rate finding process (RFP), you have the option of choosing a service provider through which to book the negotiated (federal) rate(s) online. In order to load the necessary rates, we share the upload files referred to above with i:FAO Group GmbH and with the service provider you have chosen. The upload files contain the results of the negotiations as well as the personal data (first and last name, business telephone number and business e-mail address) of the contact person listed on our website.
These data are shared with i:FAO Group GmbH because it assists us with rate loading and with checking the loaded rates.
Data are shared with the service provider you have chosen for online booking only in order to display the negotiated rates in the relevant booking system.
The personal data referred to above are disclosed because questions may arise during the rate loading process which require direct communication between you and i:FAO Group GmbH and/or the service provider you have chosen.
3 Rights of the data subject
A natural person whose personal data are processed by a controller is called a data subject.
3.1 Right of access
As data subject, you have the right to be informed free of charge about your personal data which have been saved. This information includes the following: the type and category of data, the purposes for which they are being processed, the recipient of the data, and how long they will be stored.
3.2 Right to rectification
As data subject, you have the right to have inaccurate personal data concerning you corrected immediately and, depending on the purpose of processing, to have incomplete personal data completed.
3.3 Right to erasure
As data subject, you have the right to request that personal data concerning you are erased without delay. We are obligated to erase the personal data when they are no longer needed for the purpose for which they were collected. This does not include data which by law must be saved or archived, or which are still needed for the orderly processing of transactions.
3.4 Right to restriction of processing
As data subject, you have the right to restrict the processing of personal data concerning you if you contest the accuracy of the data and their accuracy still needs to be reviewed. If the controller would like to erase the data due to unlawful processing or because the purposes of the processing have already been met, as data subject you may request that the processing of the data be restricted instead of erasing the data.
3.5 Right to object
As data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We will no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms as data subject, or the processing serves to establish, exercise or defend legal claims.
3.6 Right to data portability
As data subject, you have the right in certain cases to receive the personal data concerning you which you have provided us, in a structured, commonly used and machine-readable format.
4 Right to withdraw consent
As data subject, you have the right to withdraw your consent to data processing at any time without affecting the lawfulness of the processing carried out from the time consent was given until it was withdrawn.
5 Right to make a complaint
Without prejudice to any other administrative or judicial remedy, as data subject you have the right to submit a complaint to a supervisory authority, in particular in the EU member state where you live or work or where the alleged infringement took place if you believe that the processing of personal data relating to you infringes the General Data Protection Regulation.
Note: The supervisory authority responsible for us is the Federal Commissioner for Data Protection and Freedom of Information (BfDI), who may be contacted at poststelle@bfdi.bund.de.
6 Cookies
Our website uses cookies, which are small text files stored in the memory of your device, for example your hard drive, and provide information to the website that set the cookie, in this case Bund RFP-Portal. Cookies cannot operate any software programs or infect your device with viruses. Please see below for more information about the kind of cookies we use.
Every Internet browser can show you when cookies have been stored on your computer and what they contain.
Most web browsers accept cookies by default. However, storage of cookies can be disabled, or the browser can be set up to store cookies only for the duration of the individual Internet connection.
The kind of cookies we use:
Transient cookies, which are erased automatically when you close your web browser. They are also known as session cookies. They save a session ID which enables our website to recognize your device when you submit different queries and when you return after having visited other websites. Session cookies are erased when you log out or close your web browser.
We only use cookies to identify the user currently logged in to our website. Our website will not function if your browser does not accept cookies.
We do not use cookies for purposes of marketing and/or analysis.
These cookies are stored on your device, which sends them to our server. So you can configure how cookies process data yourself.
In your web browser settings, you can decide whether to accept cookies from third parties or at all.
We do not use any cookies from third parties.
We also recommend regularly deleting cookies and your browsing history manually.
7 Server location
Your personal data are processed and/or stored on a server of an external provider in Germany.