Privacy policy of the Point of Single Contact Berlin
Contents
Status: May 2026
The One-Stop Support Center serves as a contact and information center and provides procedural guidance for citizens and businesses. As part of this role, it supports recipients of business-related services and assists with the recognition of European professional qualifications.
It performs the duties of the Single Point of Contact as defined in Part V, Section 1a of the Administrative Procedure Act in conjunction with Section 1(1) of the Berlin Administrative Procedure Act. In this privacy policy, we inform you about the confidential handling of your data.
This Privacy Policy applies to the following web addresses:
ea.berlin.de
berlin.de/ea
Controller
The Controller, within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as any other data protection provisions, is:
- E-mail:
- datenschutz@senweb.berlin.de
- Address:
Martin-Luther-Straße 105
10825 Berlin
Name and address of the Data Protection Officer
The Controller’s Data Protection Officer is:
- E-mail:
- datenschutz@senweb.berlin.de
- Address:
Martin-Luther-Straße 105
10825 Berlin
Central services of the web portal
Browser data
The technical operator for berlin.de, BerlinOnline GmbH, provides the website and collects browser data (so-called log files).
BerlinOnline GmbH
Stefan-Heym-Platz 1
10367 Berlin
Description and scope of the data processing
Every time a user accesses a page or file on the web portal, data is collected about this process.
This data is:
- Browser type and version
- Operating system used
- Website that referred you to us (referrer URL)
- Website you visit
- Date and time of your visit
- Your Internet Protocol (IP address)
- Amount of data transferred
- Access status (files transferred, file not found, etc.)
Legal basis for the data processing
The legal basis for the processing of the data is the legitimate interest pursuant to Article 6 (1) (f) GDPR. The legitimate interest lies in the secure provision of the website requested by the user. In addition, the purposes listed below also constitute our legitimate interests.
Purpose of the data processing
The data is processed for technical reasons in order to maintain and improve the functionality and operational security of the web portal.
Duration of storage
The data will be deleted after 14 days.
Cookies
The website may make use of temporary cookies. These are small text files sent by the web server to your computer to store certain information.
Temporary cookies are used only for the session. These cookies are deleted at the end of the session, i.e. when you leave the website or close the browser window.
The legal basis is the legitimate interest pursuant to Article 6(1)(f) GDPR.
The website can also be viewed without cookies being stored. You can deactivate the storage of cookies in your browser settings or set your browser to notify you when a website intends to store a cookie. In this case, you can decide whether or not to accept the cookie. However, for technical reasons it is necessary to allow all temporary cookies in order to use the full functionality of the website.
Mapp Intelligence
The web analytics service „Mapp Intelligence“ (formerly „Webtrekk Analytics“) from Webtrekk GmbH is used on the web portal pages.
Mapp Digital
c/o Webtrekk GmbH
Schönhauser Allee 148
10435 Berlin
We would like to point out that Webtrekk GmbH, as the operator of the service, belongs to the Mapp Digital US group of companies based in the USA and that US law may apply. We have been assured that data transfer is excluded (through appropriate technical and organisational measures).
Description and scope of the data processing
Information collected includes operating system, browser, provider, previously visited website (referrer URL), and date and time visited.
The IP address is truncated prior to any processing so that it is anonymised and used only for session identification and geolocation (down to city level). The truncated IP address is then immediately deleted so that the stored data no longer has any personal reference and cannot be linked to the user’s identity, even via the Internet Service Provider.
To protect the privacy of visitors to the site, no personally identifiable information is collected. IP addresses are not logged, nor is any unique visitor information (such as e-mail addresses or names) collected. There is no cross-device tracking, URL parameters are truncated before processing, there is no merging with other data (e.g. demographic data) and the data is not shared with third parties.
The web analytics service also uses cookies to collect data. These are text files that are stored on the visitor’s computer. Mapp Intelligence only uses temporary session cookies that are limited to the duration of the visit. No persistent cookies are used for further recognition of visitors. Reach analysis is therefore exclusively session-based.
The analytical data collected will be stored and processed exclusively in Germany.
Legal basis for the data processing
The legal basis for anonymisation and the associated one-time processing of the IP address is legitimate interest pursuant to Article 6(1)(f) of the GDPR.
Purpose of the data processing
The service collects completely anonymous statistical data about the use of the website and enables us to continually improve the portal and its user-friendliness by evaluating, for example, reach, frequently visited areas and times, visitor flows and user actions.
Duration of storage
The anonymised data will be kept for 4 years.
Right of objection, removal and revocation
Falls personenbezogene Daten versehentlich in die Suchmaske eingegeben worden sind, können diese Daten auf Anforderung gelöscht werden. Hierzu wenden Sie sich bitte an den behördlichen Datenschutzbeauftragten der für die zentralen Dienste des Webportals verantwortlichen Senatskanzlei unter behDSB@senatskanzlei.berlin.de
Sie können der Verarbeitung durch den Webanalysedienst „Mapp Intelligence“ widersprechen. In diesem Fall wird ein sogenanntes Opt-out-Cookie (webtrekkOptOut) auf Ihrem Endgerät gespeichert, das die zukünftige Erfassung Ihrer Daten beim Besuch der Website verhindert. Bitte beachten Sie, dass der Widerspruch nur so lange wirksam ist, wie das Opt-out-Cookie in Ihrem Browser gespeichert bleibt. Wenn Sie Ihre Cookies löschen oder einen anderen Browser oder ein anderes Endgerät verwenden, müssen Sie den Widerspruch erneut erklären.
Den Widerspruch können Sie über folgenden Link ausüben: Zählung deaktivieren
Conword
Diese Webseite nutzt den Dienst Conword zur automatischen Übersetzung von Inhalten.
Conword GmbH
Herwarthstraße 12
50672 Köln
Description and scope of the data processing
Mit der Nutzung der Übersetzungsfunktion wird Ihre IP-Adresse in anonymisierter Form durch Conword verarbeitet.
Weitere personenbezogene Daten werden nicht verarbeitet. Ebenfalls findet keine Übermittlung in ein Drittland ohne Angemessenheitsbeschluss statt.
Mit dem Anbieter wurde ein Auftragsverarbeitungsvertrag gem. Art. 28 DSGVO abgeschlossen.
Legal basis for the data processing
Rechtsgrundlage für die Anonymisierung und damit einhergehende, einmalige Verarbeitung der IP-Adresse ist Art. 6 Abs. 1 lit e) DSGVO i.V.m. § 11 Abs. 1 EGovG Bln, § 3 BlnDSG.
Purpose of the data processing
Wir nutzen Conword, um unsere Webseiten automatisiert übersetzen zu lassen und dadurch eine Darstellung in anderen Sprachen für die Besuchenden zu ermöglichen.
Duration of storage
Ihre IP-Adresse wird an unseren Auftragsverarbeiter übermittelt, der sie unmittelbar nach Bereitstellung der Übersetzung anonymisiert.
Youtube
This service includes videos from the YouTube service on its pages.
Google Ireland Limited,
Gordon House,
Barrow Street,
Dublin 4
Ireland
Description and scope of the data processing
YouTube videos are provided with a preview image to prevent data being sent to Google when you enter the site. You can only see the video content if you have actively consented to the data processing by clicking the „Accept and View“ button. A connection to the Google server is established after you have given your consent. Google also collects, processes and uses information about visitors. The data processed may include IP addresses, browser type, operating system, cookie information and location data.
The purpose and scope of data collection by the service, as well as the further processing and use of your data there, including, without limitation, the retention period or criteria for determining such retention period, and your rights and choices regarding your privacy, can be found in the Google privacy policy.
Google privacy policy: www.google.com/policies/privacy/
Opt out of Google: adssettings.google.com/authenticated
Legal basis for the data processing
Once you have agreed to the display of content by clicking the „Accept and display“ button, you consent to the transfer of your data to Google pursuant to Article 6(1)(1)(a) of the GDPR.
Purpose of the data processing
By using the two-click solution, we can protect your data. The integration of YouTube videos serves to inform members of the public on topics related to the Berlin administration.
Duration of storage
Your consent to view YouTube videos is not saved. When you end your browser session, your consent is deleted, which means that when you return to the pages containing YouTube content, a preview image is displayed and you must give your consent again if you wish to view the content.
Right of objection, removal and revocation
Consent to display the video is valid until the user leaves the embedding page. This does not affect the lawfulness of the processing carried out on the basis of the consent until it is revoked.
Further data processing procedures
Contact form and order form EA Berlin
Description and scope of the data processing
This website contains a form that can be used to contact us electronically. If you use this form to contact us, the data you enter will be transmitted to us and stored. This data may consist of, for example, your:
- Email address
- First and last name
- Address (street, house number, postal code, city)
- Phone number for possible follow-up questions
- Subject and further details regarding your request
In addition, the following data is stored when the message is sent:
- Date and time of form transmission
The message submission process includes a step for obtaining your consent and a link to this data privacy statement.
When the contact form is deployed, a temporary “bo_formular” cookie is set. This cookie prevents spam and misuse of the form, such as the automated submission of requests. The cookie is only set for the duration of the session.
Legal basis for the data processing
Processing data entered in the form is lawful under Article 6 (1) (a) of the General Data Protection Regulation (GDPR) based on the user consent provision.
Temporarily storing the “bo_formular” cookie is lawful under Article 6 (1) (e) GDPR based on our legitimate interest in preventing spam and misuse of the form.
Purpose of the data processing
We process your personal data from the entry form for the sole purpose of handling your inquiry.
The date and time of form transmission are stored to ensure the security of our IT systems.
Setting the cookie has the legitimate purpose of preventing spam and misuse of the form.
Disclosure to third parties
Your data will be forwarded to the responsible office in Berlin’s administration if doing so is required to respond to your inquiry.
Duration of storage
Your information will be deleted as soon as it is no longer needed for the purpose for which it was provided. For personal data from the input screen in the contact form or sent via email, this point is reached when the respective conversation with the user is concluded. The conversation is considered to be finished when it is clear from the circumstances that the matter in question has been conclusively clarified.
The same storage period and deletion principles apply to the additional personal data collected when the message is sent.
The temporary “bo_formular” cookie is saved until the end of the session, specifically when the user leaves the page or closes the browser window.
Right of objection, removal and revocation
The user may revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they may at any time object to the storage of their personal data. In such a case, the conversation cannot be continued.
The revocation should be sent to the contact address set out under “Data Protection Officer”.
In this case, any personal data collected during the contact will be deleted.
Privacy policy of the Point of Single Contact Berlin (SPC) customer and case management system and chatbot "DIWI"
Further information on the portal: customer and case management system and chatbot “DIWI” (digital information assistant)
Definitions
In order to ensure the comprehensibility of the privacy policy, the terms used, which are based on the European General Data Protection Regulation, are explained in advance:
Personal data
is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, from personal data. This data can, for example, be assigned to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
Processing
is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This includes, for example, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Responsible
is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor
is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Receiver
is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The processing of this data by the aforementioned authorities is carried out in accordance with the applicable data protection regulations in accordance with the purposes of the processing.
Third
is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent
of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Customer and case management system
Description and scope of the data processing
Information on the processing of personal data
Below you will find information on the processing of personal data of the Point of Single Contact.
A distinction must be made between the mere informational use of the website (see below) and the submission of data and documents for the use of the online services of the Point of Single Contact Berlin (see below).
ServicePortal Berlin
The online service of the Point of Single Contact is technically linked to the ServicePortal Berlin, for which the following authority is responsible:
The Governing Mayor of Berlin – Senate Chancellery
Head of the Senate Chancellery
Florian Graf
Jüdenstr. 1
10178 Berlin
datenschutz@senatskanzlei.berlin.de
The privacy policy for the ServicePortal Berlin is available at:
https://service.berlin.de/datenschutzerklaerung.700588.php
is the technical operator of berlin.de:
BerlinOnline GmbH
Stefan-Heym-Platz 1
10367 Berlin
Use of the online service
The personal data processed when using the online services is derived from the respective input screen in which the data is collected. This includes, for example, contact and address data of the person concerned or the representative, such as name, address, date of birth, citizenship and residence data, data on previous recognition procedures, data on professional experience and other company-related information such as company address, commercial activity, entry in the commercial register and other data required for the use of the specific administrative service on the basis of the applicable legal provisions. At the end of the online application section for your respective administrative service, you will be offered the option of downloading an overview (in PDF format) which lists all the data required for your application.
The requirement to provide users’ personal data for the online services is based on the Law on the One-Stop Support Center for the state of Berlin and is necessary for processing the relevant administrative procedure. Failure to provide the data will result in the administrative procedure not being processed.
Contact by e-mail / via contact form:
When you contact the Single Point of Contact via email or a contact form, the data you provide—such as your name, street address, house number, ZIP code, city, phone number, email address, subject, and other details regarding your inquiry—will be collected and stored by the Single Point of Contact in order to answer your questions. This data will not be disclosed to third parties. The data collected in this context will be deleted once storage is no longer necessary, or processing will be restricted if statutory retention obligations apply.
Contact us via the order form:
When using the Single Point of Contact’s order form, you can order various publications and informational materials from the One-Stop Support Center. To process your order, the Single Point of Contact collects and stores data such as the reason for the order, your sender information (including name, street, house number, ZIP code, and city), and an email address for any follow-up inquiries. This data will not be disclosed to third parties. The data collected in connection with your order will be deleted once storage is no longer necessary, or processing will be restricted if statutory retention obligations apply.
Further data processing operations / authentication methods
To use the online services of the Point of Single Contact Berlin for certain administrative services, authentication takes place in online application procedures with the help of/via the “BundID” and “My Business Account” (MUK) services. As a result, the respective data protection declarations of these services apply and reference is made to them.
Further information on authentication methods, in particular on the subject of data protection, can be found on the following websites:
BundID https://id.bund.de/de
My company account https://info.mein-unternehmenskonto.de/
Feedback from the competent authorities for the respective administrative services can be provided via the Point of Single Contact. In this case, the (additional) personal data comes from the competent authority.
Technical operation of the online services of the Point of Single Contact
The technical operation of the online services, and therefore all processing of personal data in accordance with this privacy policy, is carried out entirely by IT-Dienstleistungszentrum Berlin (ITDZ Berlin) Anstalt öffentlichen Rechts. The ITDZ Berlin acts as a processor in accordance with Art. 28 GDPR.
IT Service Center Berlin (ITDZ Berlin)
Berliner Straße 112–115
10713 Berlin
Processing of personal data when visiting our website
When you start using the website, the Point of Single Contact stores your personal data, which your browser transmits to the server of the Point of Single Contact or is logged by its web server. This is the following data, which is technically necessary in order to display the Single Point of Contact’s website to you and to ensure stability and security:
- Your IP address
- Your device identification, i.e. the unique number of the end device used
- Content, date and time of the request
- the time zone of the requesting end device
- the requested page
- HTTP status code
- the amount of data transferred in each case
- Website from which the request was forwarded
- Browser ID of your browser
- Language and version of the browser software
- Operating system of the end device used
The storage of this data takes place against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offenses committed. In this respect, the storage of this data is necessary to safeguard the controller. This data is not passed on to third parties unless there is a legal obligation to pass it on or it serves the purpose of criminal prosecution.
Our website uses so-called “cookies”, i.e. small files with text information that are stored on your hard disk when you access the website. Information is stored in a cookie that results in each case in connection with the specific end device used. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall.
This website uses transient and persistent cookies; the scope and functioning of these are explained below:
1. Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
2. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete these cookies at any time via your browser’s security settings.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that our website will then only function to a limited extent, if at all.
The Single Point of Contact uses transient and persistent cookies for the following purposes:
1. Various cookies that are technically necessary to track the user’s server-side web session in the client (web browser) and to protect against certain client-side attack scenarios. If the web browser blocks these cookies, it will not be possible to use the application. These cookies are linked to the client-side session in the web browser and are therefore automatically deleted by the web browser when the user closes it. The contents of these cookies are not permanently stored on the server; once the associated server-side session has expired, it is no longer possible to identify the user account authenticated for that session or the data collected during the session, for example in a form.
2. Various cookies that store the display status of the user interface, including whether the user has opened or closed help texts in wizard-based forms, and whether they have opened or closed certain system and maintenance messages. If the web browser blocks these cookies, the application cannot retain the display status of the relevant information; however, it is still possible to use the application. Some of these cookies are linked to the client-side session and are therefore deleted by the web browser when the user closes it, whilst others remain stored in the web browser for a certain period of time. These cookies contain only the display state and do not at any time allow any conclusions to be drawn about the logged-in user or their account.
Legal basis for the data processing
Use of online services and visiting the website
For the purpose of providing and managing the online services offered by the Single Point of Contact, the necessary personal data is collected, stored and processed in accordance with the legal provisions of Article 6(1), first sentence, point (e) of the General Data Protection Regulation (GDPR). The processing is carried out on the basis of:
Article 6(1)(e) of the GDPR in conjunction with Section 8b of the AZG in conjunction with Annex 1, No. 1, No. 7(1) in conjunction with GVBL Senate Berlin XI No. 19 in conjunction with Sections 2(1)–(3), 3 and 5 of the Berlin EAG in conjunction with Section 1(1) of the Berlin Administrative Procedure Act (VwVfG Bln) in conjunction with Section 6b(1) of the Trade Regulation Act (GewO).
This relates to the following administrative services, accessible via https://www.berlin.de/ea/ihr-anliegen/alle-anliegen-a-z/artikel.1045883.php – last accessed on 11 November 2025)
Data processing is carried out in the public interest and aims to provide a modern, efficient and citizen-friendly digital service.
Without the processing of your personal data, the administrative service you have requested cannot be provided. The personal data entered by the data subject may be used internally for statistical purposes and for the statutory purposes set out in the relevant legislation.
If authentication takes place during the online application process using the “BundID” and “My company account” (MUK) services, the data stored there will be used to the extent necessary. Further information can be found in sections 4.3.1 and 4.3.5
Purpose of the data processing
The Single Point of Contact Berlin provides comprehensive information on all procedures that are necessary to be able to offer a service in Berlin (e.g. business registration, application for licenses, recognition of professional qualifications). All formalities relating to the completion of these procedures can be dealt with via this single point of contact.
Duration of storage
Duration
The data collected digitally by the One-Stop Support Center is automatically forwarded to the authority responsible for the requested administrative service. If your data was collected by other means (e.g., following contact via fax), the data will be deleted from the One-Stop Support Center after 90 days if it has not yet been transmitted to the agency responsible for the administrative service by that time.
Once the data has been transmitted from the One-Stop Support Center to the relevant competent authority and the administrative service has been completed, the data will be deleted from the One-Stop Support Center’s database after 90 days. In exceptional cases, the data may be stored for a longer period if it is expected that this will be necessary to assist you in utilizing the administrative service.
When using the E-Payment service, the user’s name is stored in the transaction database for an additional 12 months to enable the applicant’s name to be linked to a transaction. The SEPA IBAN is stored in the transaction database for 5 days for the purpose of processing the SEPA payment.
Furthermore, your data is stored by the recipients listed below (see below), who are responsible for deleting your data as soon as storage is no longer necessary for the fulfillment of their legal obligations.
Recipients of data
Personal data will be treated confidentially by the Single Point of Contact. Your personal data will not be made available to third parties unless you have given your consent or the Single Point of Contact is legally obliged and entitled to pass on the data in accordance with Section 2 (3) EAG Bln and Section 5 (5) EAG Bln.
The data collected by the Single Point of Contact will be forwarded to the relevant competent authorities in order to perform the administrative service in accordance with the statutory provisions. You will be shown the name and contact details of this responsible body at the end of the online application process for your respective administrative service.
Your personal data will also be shared by the receiving authorities with other competent agencies as part of a referral process (Borough Offices and tax offices of the state of Berlin, German Social Accident Insurance (DGUV), Berlin Chamber of Industry and Commerce (IHK Berlin), Chamber of Crafts (HWK), foreigners authority, Berlin State Office for Citizens’ and Regulatory Affairs (LABO), State Office for Health Protection and Occupational Safety (LAGetSi), Customs, German Pension Insurance for Miners, Railway and Maritime Workers, State Office for Statistics Berlin-Brandenburg, Registry Court, State Office for Measurement and Calibration (LME), provided this is legally permissible and necessary. These agencies store the data within the legally permissible framework for maintaining official registers and lists. The data is generally processed indefinitely until the purpose of the data processing has been achieved.
Furthermore, the data will be stored by the processors commissioned by the Point of Single Contact to operate the service portal for a maximum of the duration specified above under 4.3.4.
Right of objection, removal and revocation
You have the following rights vis-à-vis the Single Point of Contact with regard to your personal data:
- Right to information, Art. 15 GDPR and §§ 24, 43 BlnDSG,
- Right to rectification or erasure, Art. 16 and 17 GDPR and § 44 BlnDSG,
- Right to restriction of processing, Art. 18 GDPR and § 44 BlnDSG,
- Right to withdraw the declaration of consent under data protection law, Art. 7 GDPR,
- Right to object to processing, Art. 21 GDPR,
- Right to data portability, Art. 20 GDPR.
You may exercise your rights by contacting us in writing or electronically using the contact information provided in Section 1. If you wish to exercise your right of withdrawal or objection, simply send an email to ea@senweb.berlin.de.
More information:
The “BundID” and “My company account” services are used for authentication purposes. The respective privacy policies of these services apply. You can find them here: https://meinuk.de/statisch/datenschutz and https://id.bund.de/de/datasecurity. Reference is made to these policies when using these services. You are free at any time to revoke any consent you have given for the processing of your personal data for the future. You can delete the data stored in your account as well as your entire BundID account yourself by logging in there and performing the relevant deletions yourself.
On the use of external services:
To use the online services of the Point of Single Contact Berlin, you must prove your identity. For this purpose, the Point of Single Contact integrates external services. The Online Access Act obliges the federal and state governments to offer their administrative services electronically via administrative portals. In order to comply with this legal obligation, the federal and state governments provide user accounts in the portal network, among other things, through which users can identify themselves uniformly for the electronic administrative services of the federal and state governments available in the portal network. You can identify yourself with your ID card with online function or another suitable means of identification and the BundID, or with a personal ELSTER certificate for My Business Account. If you do not wish to create a permanent user account, you can also register as a guest.
My company account (MUK)
The nationwide standardized company account (“My Company Account” – MUK) offers the opportunity to use digital administrative services from various authorities via a standardized nationwide access. It is the standardized nationwide user account for companies and is designed to be used for all areas of public administration. “My company account” is a central authentication and identification service and also offers a mailbox for communication with various authorities. Further information can be found on the website: https://info.mein-unternehmenskonto.de/allgemeines
The company account is based on ELSTER technology. Users can use the business account to identify and authenticate themselves for the electronic administrative services of the federal and state governments available in the portal network using a secure procedure used in the tax administration in accordance with Section 87a (6) of the German Fiscal Code.
The Bavarian State Tax Office, together with the Bavarian State Ministry for Digital Affairs, has been commissioned by the IT Planning Council to provide My Company Account, the central point for managing company accounts.
President of the Bavarian State Tax Office
Sophienstraße 6
80333 Munich
Mailing Address: 80284 Munich
Phone: 089 9991-0
Fax: 089 9991-1005
Email: poststelle@lfst.bayern.de
Data Protection Officer
Bavarian State Tax Office
Phone: 0911 991-1004
Fax: 089 9991-1099
Email: datenschutz@elster.de
Scope of data processing and legal basis
The privacy policy of this service applies. Comprehensive information can be found on the website: https://meinuk.de/statisch/datenschutz
In accordance with Section 8 (1) No. 2 OZG, the data retrieved via MUK contains a maximum of the information listed below:
- Family name,
- Birth name,
- First names,
- academic degree,
- Day of birth,
- Place of birth,
- Country of birth,
- Address,
- Nationality,
- when using the electronic identity function […] the abbreviation “D” for Federal Republic of Germany, the document type and the service and card-specific identifier,
- the unique identifier and the specific data transmitted by notified electronic identification means […],
- the unique identifier transmitted by other recognized electronic identification means, and
- the mailbox reference of the user account;
Federal user account” (BundID)
The BundID account is the federal user account operated by the Federal Ministry of the Interior and for Home Affairs. You can use this account to register for many online administrative services. The BundID provides you with a central account for identification for all your online applications (e.g. with an online ID card). You can have the form for your online application pre-filled by entering your personal data.
Federal Ministry of the Interior and Homeland Affairs
Alt-Moabit 140
10557 Berlin
Phone: +49-(0)30 18 681-0
Fax: +49-(0)30 18 681-12926
E-Mail: poststelle@bmi.bund.de
De-Mail: poststelle@bmi-bund.de-mail.de
You can reach the Data Protection Officer at the Federal Ministry of the Interior and for Home Affairs using the following contact details:
Federal Ministry of the Interior and Homeland Affairs
Data Protection Commissioner
Alt-Moabit 140
10557 Berlin
Phone: +49-(0)30 18 681-0
E-Mail: bds@bmi.bund.de
Scope of data processing and legal basis
The privacy policy of this service applies. Comprehensive information can be found on the Internet on the website https://id.bund.de/de/datasecurity
The scope of the data retrieved depends on the level of trust required for a particular administrative procedure. The following description illustrates this gradation and shows the personal data processed:
Basic registration: Email; Password
level of confidence substantially: Name; date of birth/place; address; e-mail; password
Confidence level high: Information on the identification document; nationality; name; date of birth/place; address; e-mail; password
E-payment” service – PAYONE GmbH
When using the “e-payment” service, the user is redirected directly to the payment service provider’s website. The name of the user is transmitted. The additional data collected there, such as credit card number, card verification number or IBAN, will not be processed at any time by the controller named in section 1. Further information on the processing of personal data by the payment service provider can be found in its privacy policy:
PAYONE GmbH
Lyoner Straße 9
60528 Frankfurt am Main
The PayOne GmbH Privacy Policy is available at: https://www.payone.com/DE-de/dsgvo.
The transaction database and interface to the e-payment system are operated by BerlinOnline Stadtportal GmbH & Co. KG, located at Stefan-Heym-Platz 1, 10367 Berlin (payment-support@berlin.de).
cit GmbH as IT service provider
As the provider of the “IntelliForm” software, cit GmbH serves as the external service provider for the online service of the One-Stop Support Center Berlin at the Senate Department for Economic Affairs, Energy and Public Enterprises. It is responsible for maintenance, further development, and troubleshooting. If, for operational reasons, it becomes necessary to involve technical staff—for example, in the context of troubleshooting—this is coordinated through the One-Stop Support Center. Against this backdrop, Service Desk staff and technical staff from cit GmbH, in particular, may be involved in resolving tickets as part of technical support. Employees of cit GmbH do not have access to the data holdings of the One-Stop Support Center without supervision by ITDZ Berlin.
cit GmbH
Kirchheimer Straße 205
73265 Dettingen
Phone: 07021 950858-0
Fax: 07021 950858-9
E-Mail: info@cit.de
Contact information for the Data Protection Officer at cit GmbH:
Kirchheimer Straße 205,
73265 Dettingen,
datenschutz@cit.de
You can also find out more about your rights in general in section 5.
Chatbot "DIWI"
Description and scope of the data processing
The chatbot “DIWI” is a text-based dialogue system that can be asked questions or provided with information using natural language. Responses are generated automatically using AI-powered algorithms based on the information database designed for the service.
Use of the chatbot is optional. There are alternative ways to contact us (e.g., contact form, email, or in-person at the One-Stop Support Center).
Entering and processing personal data is neither necessary nor required to use the chatbot. Please do not enter any personal information into the chatbot window. The AI-powered chatbot is designed for anonymous use. Any user input that nevertheless contains personal information will be used solely to respond to your inquiry and will be automatically deleted.
The chat or review content will not be used for advertising, profiling, or general model training purposes beyond those described in this version.
Please note that the IP address is temporarily blocked if an unusually large number of requests are received from the same IP address within a protection window. This serves to ensure the stability of the service offered. Once the respective protection window has expired, the IP address count is automatically reset and deleted.
There is no permanent storage of IP addresses, no profiling, no marketing and no identification of persons. This is based exclusively on publicly accessible content on the berlin.de website.
Technical data is collected in accordance with the Robots Exclusion Standard. No
cookies are used for technical operations. During use, only a server-generated conversation ID (conversationId) is managed for the duration of the session to continue the dialogue.
Legal basis for the data processing
The legal basis for the temporary storage of the IP address is Article 6(1)(e) of the GDPR in conjunction with Section 2 of the Act on the One-Stop Support Center for the state of Berlin (EAG Bln) and Part V, Section 1a of the Administrative Procedure Act (VwVfG) in conjunction with Section 1(1) of the Act on the Procedures of the Berlin Administration (VwVfG BE).
Purpose of the data processing
When using the chatbot, the technical and content-related data necessary to provide the service is processed. A distinction is made between technical security data on the one hand, and conversation and rating data on the other.
Data is processed for the following purposes:
- Facilitation and conduct of the ongoing conversation,
- Ensuring the service’s functionality, stability, and IT security,
- Analysis of conversations and reviews for quality assurance and to improve the information provided,
- Identification of knowledge gaps, recurring misunderstandings, and typical quality patterns at the aggregate level.
We do not process data for the purposes of targeted marketing, reach management, or campaign optimization tailored to specific target groups.
Processing of IP addresses
The IP address is processed when the chatbot service is accessed directly and is used solely to deliver the response, ensure proper functionality, and prevent misuse. IP addresses are processed separately from conversation content and feedback data and are not used for technical analysis.
Please note that the IP address is temporarily blocked if an unusually large number of requests are received from the same IP address within a protection window. This serves to ensure the stability of the service offered. Once the respective protection window has expired, the IP address count is automatically reset and deleted.
IP addresses are not stored permanently, and no profiling, marketing, or identification of individuals takes place. The data is based exclusively on publicly accessible content from the berlin.de website. IP addresses are processed separately from chat histories.
Processing of chat histories
A technical conversation identifier is used to manage the flow of dialogue within the ongoing conversation. This identifier is used to group messages within a conversation and—where applicable—to temporarily associate ratings and analysis data. The identifier is not used to identify individuals and is not combined with IP-based security data.
During the active session, the following data in particular is processed:
- Conversation content (user input and system responses),
- Times of individual interactions,
- technical conversation identifier,
- Ratings in the form of thumbs up/thumbs down, as well as optional free-text comments, where this feature is available,
- technical security data, particularly IP-related protection and rate-limiting information.
Conversation and rating data may be stored for a limited period to assess and specifically improve the quality of the chatbot and the information provided. Before being used in an AI-supported evaluation process, this content is automatically checked for typical personal information and masked, excluded, or otherwise cleaned for analysis purposes. The goal is to ensure that the quality analysis is conducted exclusively using cleaned content suitable for this purpose.
No cookies are used for the technical operation of the chatbot. No profiling is performed at the individual level.
Access to data
Only specifically authorized individuals have access to conversation content, feedback data, and the analysis data generated from them, to the extent necessary for technical operations, IT security, error analysis, and the quality assurance and optimization of the chatbot.
Access is granted on a role-based basis in accordance with the need-to-know principle and is logged. Technical security data, particularly IP-related security data, is processed separately from conversation and evaluation data.
IP-based security data is not combined with conversation or rating data to identify individual users.
Only anonymized or aggregated results of the quality assessment are stored permanently, including, in particular, topic clusters, usage metrics, quality indicators, error patterns, and aggregated evaluation data, provided that these do not allow for the identification of individual persons or specific conversations.
Job processing
External service providers may be engaged as data processors pursuant to Article 28 of the GDPR for the technical operation of the chatbot, data storage, logging, maintenance, the data protection-related processing of analysis data, and the creation of reports.
These service providers process personal data solely in accordance with documented instructions from the controller and are contractually bound to maintain confidentiality and implement appropriate technical and organizational safeguards. Where multiple technical service providers are involved, their roles and access rights are defined separately.
Data processing and storage take place exclusively within Europe. There are no plans to process data in third countries.
Duration of storage
During an active session, conversation content is retained solely for the purpose of continuing the dialogue. Sixty minutes after the last input, the data required for the session is automatically deleted from the active session context.
IP-related security data is processed exclusively for the purposes of IT security and fraud prevention, and is deleted separately from conversation and rating data after a brief retention period.
Conversation content and associated evaluation data are stored for up to 90 days for quality assurance and optimization purposes. After this period expires, the raw data is deleted or irreversibly anonymized. Once this period has expired, it is no longer possible to link the data to a specific conversation.
Only anonymized or aggregated results of the quality assessment are stored permanently, including, in particular, topic clusters, usage metrics, quality indicators, error patterns, and aggregated evaluation data, provided that these do not allow for the identification of individual persons or specific conversations.
Right of objection, removal and revocation
The rights of data subjects, in particular the right to object under Article 21(1) of the GDPR, are set forth in Section 5.
Data subject rights
You have a right, vis-à-vis the office responsible:
- To be given information about the processing of your personal data (which also includes information on the purpose of the processing of your data, the recipients of your data and duration of the storage), pursuant to Art. 15 GDPR
- to rectification of any incorrect personal data (Art. 16 GDPR);
- to erasure pursuant to Art. 17 GDPR;
- to restriction of the processing and data portability (Arts. 18 and 20 GDPR); and
- to object to the processing of your data at any time (Art. 21 GDPR). Should you file an objection, your personal data will no longer be processed. An exception is made if mandatory reasons worthy of protection, which outweigh your interests, exist.
Consent granted by you may be revoked at any time with effect for the future. The lawfulness of the processing that was carried out until the time of the revocation, based on your consent, shall not be affected thereby. In such a case, we may possibly no longer be able to assist you with your concern. The revocation is to be directed to the official Data Protection Officer at the contact address given in Clause II.
In order to preserve any rights mentioned in this clause, any data subject may contact the Data Protection Officer (see Clause II).
In addition, - if you are of the opinion that data protection regulations were not respected when your data was processed - you may contact the competent supervisory authority with a complaint (Art. 77 GDPR). Data subjects may direct their complaint to the authority competent for their place of residence, however basically also to any other data protection supervisory authority. The competent data protection authority is the Berlin Commissioner for Data Protection and Freedom of Information, whom you can contact as follows:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Tel.: +49 30 13889-0
E-mail: mailbox@datenschutz-berlin.de
The Point of Single Contact Berlin
Senate Department for Economic Affairs, Energy and Public Enterprises