BaFin - Navigation & Service

Go to:

Erscheinung:29.05.2018 | Topic Compliance Information on data processing at the Central Procurement Division

The Federal Financial Supervisory Authority (Bundesanstalt für FinanzdienstleistungsaufsichtBaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights and to comply with our duty to provide information in accordance with Article 13 and Article 14 of the EU General Data Protection Regulation (GDPR), BaFin informs you as follows:

1. Contact details for BaFin and BaFin’s Data Protection Office

Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: +49 (0)228/4108-0
Fax: +49 (0)228/4108-1550
E-mail: poststelle@bafin.de oder De-Mail: poststelle@bafin.de-mail.de

BaFin’s Data Protection Officer can be reached at: Datenschutz@bafin.de

2. Purpose of processing

  • execution of procurement procedures, here in particular examination of requests for participation, assessment of tenders, the communication with bidders/tenderers (e.g. replying to questions of tenderers/bidders), documentation/archiving, statistical purposes (recording of awards statistics);
  • performance/processing of contracts signed in the context of award procedures.

3. Legal basis for the collection of data

  • performance of contractual obligations (point (b) of Article 6(1) of the GDPR);
  • compliance with a legal obligation to which BaFin is subject (point (c) of Article 6(1) of the GDPR);
  • performance of a task carried out in the public interest (point (e) of Article 6(1) of the GDPR in conjunction with section 4 of the German Act Establishing the Federal Financial Supervisory Authority (Finanzdienstleistungsaufsichtsgesetz – FinDAG) in conjunction with section 3 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). Erfüllung vertraglicher Pflichten (Art. 6 Abs. 1 S. 1 lit. b) DSGVO)

4. Categories of processed personal data

The personal data held about you include:

  • particulars/address and contact details (e.g. business contact data);
  • data relating to the professional activity (e.g. data which show that a data subject is employed in a certain capacity/in a specific field of activity with a certain company);
  • data regarding training (e.g. CV, study record and evidence of formal qualifications, CPD certificates, training certificates, etc.);
  • data from an existing contractual relationship between BaFin and the data subject, where applicable.

5. Intention to transfer the personal data to recipients in a third country or to an international organisation

BaFin does not intend to transfer your data to a recipient in a third country (non-EU member states and countries outside the European Economic Area) or to an international organisation.

6. Recipient of data

  • BaFin employees (in particular employees of the Central Procurement Division);
  • auditors, certified public accountants, specialist planners, architects, etc. commissioned by/contractually tied to BaFin.

7. Time period for storing your data

The data are stored for as long as is required for the award procedure (including its documentation), for the performance and processing of the contract as well as for the fulfilment of the contractual and/or legal obligations. The data will be erased as soon as storing the personal data is no longer required.

8. Your rights as a data subject

In principle, as a data subject, you have the rights of access to personal data (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), erasure (Article 17 of the GDPR) and restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object to the processing (Article 21 of the GDPR). Moreover, you have a right to lodge a complaint with the data protection authority competent for BaFin, i.e. the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit).

9. Automated individual decision-making, including profiling

There is no automated individual decision-making.

10. Source of personal data

Where appropriate, personal data will not be collected from the data subject but are provided as part of award procedures by the individual bidder (tenders, requests for participation, etc.). This source is not generally accessible.

11. Basis for the provision of your data and consequences in the event of failure to provide your personal data

You provide your data as part of award procedures and/or the performance/processing of the contract.

Please note that during award procedures, expressions of interest, confirmations of interest, requests for participation and tenders must be complete and include all required information, statements, and prices. Also, please note that a subsequent request to complete missing data or inaccurate records/information is only permissible in accordance with the respective applicable award provisions.

If the provision of data is required to perform and process the contract, contractual consequences may ensue from the failure to do so (e.g. the non-conclusion of the contract).

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field