Data protection

Privacy notice for the use of the Robert Koch Institute’s survey system

Welcome to the survey system of the Robert Koch Institute (RKI). The survey system is the central RKI portal for online surveys on epidemiological, health-related and other topics.

Below you will find general information about how your personal data (“data”) is processed when you use the survey system. Specific information about how your data is processed when you participate in a survey can be found in the privacy notice for the individual survey or in the relevant declaration of consent. These will be available to you as soon as you start the survey.

1. Controller and data protection officer

The so-called controller responsible for processing your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) is:

Robert Koch-Institut
Nordufer 20
13353 Berlin
represented by its President

Contact:
Robert Koch-Institut
Press and Public Relations
Nordufer 20
13353 Berlin
Phone: 030 18754 0
Fax: 030 18754 2328
Email: presse@rki.de
Homepage: www.rki.de

If you have any questions for our data protection officer, you can reach her at:

Data protection officer
Email: datenschutz@rki.de

The RKI takes the protection of your data very seriously. Data as defined above means any information relating to an identified or identifiable person. This includes information that allows conclusions to be drawn about your identity. Further definitions of the terms used here (e.g. “processing”) can be found in Art. 4 GDPR. As a federal authority, the RKI is subject to the provisions of the GDPR and the BDSG.

2. Purpose and legal basis of data processing

When you use the survey system, depending on how you use it, your data may be processed, as described in more detail in Section 3. The processing is carried out for the following purposes:

  • To enable and ensure the operation of the survey system,
  • to allow you to connect to the system without any problems,
  • so that using the survey is as easy and convenient as possible,
  • to evaluate system security and system stability,
  • for technical security purposes, in particular to defend against attempted attacks on the web server, and
  • zfor other administrative purposes.

The legal basis for the processing of your data is Sect. 3 BDSG in conjunction with Art. 6(1) Sentence 1(e) GDPR.

3. Type of data processed

a) On the home/landing page

b) On the survey page

When you click on the “Start survey” button on the landing page and are redirected to the survey page, the RKI will collect the following data from you, in particular for technical reasons:

  • IP address
  • Device
  • Browser type und version
  • Operating system used
  • HTTP user-agent header
  • Website from which you are accessing the survey (referrer URL)

4. Storage period

The RKI will store the data referred to in Section 3 b) until the end of your current web session. The data will then be erased.

5. Recipients

The RKI does not use any service providers to process your data in connection with the operation of the survey system.

Data will only be transferred to third parties if the RKI is legally obliged to do so or if passing on the data is necessary for legal action or criminal prosecution in the case of attacks on the Federal Government’s communications technology. In other cases, it will not be passed on.

6. Your data protection rights (rights of the data subject)

If the RKI processes your data, you have the following data protection rights in accordance with the legal requirements:

  • The right to obtain access to your personal data, and information about its processing, at any time (Art. 15 GDPR),
  • the right to have inaccurate data rectified or incomplete data completed (Art. 16 GDPR),
  • the right to have data erased or its processing restricted in accordance with the legal requirements (Art. 17, 18 GDPR),
  • in the case of data processing based on consent, the right to withdraw your consent at any time with effect for the future (Art. 7(3) GDPR),
  • the right to data portability (you can have an overview of your data provided in an electronic format) (Art. 20 GDPR),
  • the right to object to data processing which is performed based on legitimate interests of the RKI or for scientific or historical research purposes within the meaning of Art. 89 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest or in the exercise of official authority (Art. 21 GDPR),
  • the right to contact the RKI’s data protection officer and raise your concerns (Art. 38(4) GDPR) and
  • the right to lodge a complaint with a supervisory authority for data protection (e.g. the Federal Commissioner for Data Protection and Freedom of Information, Graurheindorfer Straße 153, 53117 Bonn, +49 (0)228-997799-0, email: poststelle(at)bfdi.bund.de, http://www.bfdi.bund.de) (Art. 77(1) GDPR).

These rights can be asserted as long as the data can be attributed to the specific person.

Version: 1.0. Last amended: 22 February 2021