to content

Data Privacy Policy

1. Data controller and Data Protection Officer
2. Information for data subjects under Articles 13 and 14 of the GDPR
3. Automated decision-making
4. Transfer of data to third countries
5. Your rights
6. Detailed information

The Federal Government Commissioner for Migration, Refugees and Integration and the Federal Government Commissioner for Antiracism is organisationally assigned to the Federal Ministry of Labour and Social Affairs (BMAS). With this privacy notice, the Federal Ministry of Labour and Social Affairs (BMAS), in its capacity as a data controller, is fulfilling its obligations to provide information set out in Articles 13, 14, 7 (3), third sentence, and Article 21 (4) of the General Data Protection Regulation (GDPR).

Data protection applies to personal data. Personal data means any information relating to an identified or identifiable natural person (known as the “data subject”). Personal data therefore includes all information which uniquely identifies a person, or via which it is possible to uniquely identify a person by combining internal and external information, such as a name, address, telephone number or email address. In addition, personal data also includes information which is necessarily generated when using a website, such as the start, end and duration of the user’s session or the user’s IP address.

At the Federal Ministry of Labour and Social Affairs, personal data is processed only to the extent necessary, and it is processed primarily for the purpose of enabling the Ministry to perform public tasks and comply with legal obligations. The processing of this personal data takes place primarily on the basis of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz).

This privacy notice sets out what personal data is processed, the purpose for which it is used, and the basis on which it is required and processed. Details are provided about how to contact the unit responsible and the Data Protection Officer of the Federal Ministry of Labour and Social Affairs. In addition, this privacy notice includes information about the rights of data subjects and is intended, among other things, to enable them to take an informed decision on how their personal data is handled.

1. Data controller and Data Protection Officer

The controller for the processing of personal data is the

Federal Ministry of Labour and Social Affairs (BMAS)
The Federal Government Commissioner for Migration, Refugees and Integration
The Federal Government Commissioner for Antiracism
Wilhelmstraße 49
10117 Berlin
Germany

Tel. Berlin office:
030 18 5270

Tel. Bonn office:
0228 99 5270

Email:
poststelle[at]bmas.bund.de

The contact details of the Ministry’s Data Protection Officer are:

Datenschutzbeauftragte des Bundesministeriums für Arbeit und Soziales
53107 Bonn, Germany

Tel.:
0228 99 5270

Email:
bds[at]bmas.bund.de

2. Information for data subjects under Articles 13 and 14 of the GDPR

To inform data subjects about the data processing and their rights, and to comply with the obligation to provide information (Articles 13 and 14 of the GDPR), information is provided below about individual types of processing: in section 6.

3. Automated decision-making

In principle, no automated decision-making takes place. If, by way of exception, automated decision-making does take place as part of a specific process, notice of this is provided in that context.

4. Transfer of data to third countries

The Ministry does not intend to transfer personal data to recipients in a third country or an international organisation. If, by way of exception, such a transfer of data does take place as part of a specific process, notice of this is provided in that context.

5. Your rights

Data subjects have rights in relation to the Federal Ministry of Labour and Social Affairs, in its capacity as the data controller, when it comes to the processing of their personal data:

5.1 General rights of data subjects

Right of access (Article 15 of the GDPR)
The right of access means the data subject is entitled to receive comprehensive information about the personal data and some other important criteria, such as the purposes of the processing or the period for which the data will be kept. The exceptions to this right set out in section 34 of the Federal Data Protection Act apply.

Right to rectification (Article 16 of the GDPR)
The right to rectification enables the data subject to have inaccurate personal data corrected.

Right to erasure (Article 17 of the GDPR)
The right to erasure enables the data subject to have the controller erase data. However, this is only possible if, for example, the personal data is no longer necessary, has been unlawfully processed, or consent for the processing has been withdrawn. The exceptions to this right set out in Article 17 of the GDPR and section 35 of the Federal Data Protection Act apply.

Right to restriction of processing (Article 18 of the GDPR)
The right to restriction of processing allows the data subject to initially prevent further processing of the personal data in certain circumstances.

Right to data portability (Article 20 of the GDPR)

The right to data portability enables the data subject, in certain circumstances, to receive the personal data from the controller in a commonly used, machine-readable format so that it can potentially be transmitted to another controller. The exception to this right set out in Article 20 (3), second sentence, of the GDPR applies.

5.2 Right to object to data processing on the basis of consent

In cases where personal data is processed on the basis of consent (Article 6 (1) (a), Article 7 or Article 9 (2) (a) of the GDPR), consent may be withdrawn at any time (Article 7 (3), first sentence, of the GDPR).

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

After consent has been withdrawn, it is possible in individual cases that, although the personal data may no longer be processed for the original purpose, processing – in whole or in part – is necessary for other reasons. The data user will be informed accordingly about this change in purpose.

Consent can be withdrawn by contacting the Federal Ministry of Labour and Social Affairs at the contact details provided above, unless a specific point of contact within the Ministry was given in the declaration of consent.

5.3 Right to object under Article 21 of the GDPR

If the processing of personal data is based on Article 6 (1) (e) of the GDPR (performance of public tasks), the data subjects have the right to object, on grounds relating to their particular situation, at any time to processing of personal data (Article 21 (1) of the GDPR). The exceptions to this right set out in Article 21 of the GDPR and section 36 of the Federal Data Protection Act apply.

The objection is not subject to any requirements as to form, but should include the name and other identifiers where appropriate (e.g. email address, postal address); it should be sent to the address given above for the Federal Ministry of Labour and Social Affairs, unless a specific point of contact within the Ministry has been given.

5.4 Right to lodge a complaint

Data subjects have the right to lodge a complaint about the possibility of unlawful processing of their personal data with the competent supervisory authority for data protection at the Federal Ministry of Labour and Social Affairs, namely the Federal Commissioner for Data Protection and Freedom of Information:

Bundesbeauftragte/r für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
German

Tel.:
0228 9977990

Email:
poststelle[at]bfdi.bund.de

6. Detailed information

6.1 Assertion of the rights of data subjects under the GDPR

1) Purpose
The personal data is processed in order to handle, respond to and document the rights of data subjects (e.g. requests for access or erasure, lodging of an objection) that are asserted under Article 12 et seqq. of the GDPR. Any identity documents submitted are used only for identification purposes.

2) Nature and source of the data
The exact data processed in the context of this kind of request depends on the content of the request in question. Normally, it includes, at a minimum, the surname, given name and contact details of the person submitting the request, and the details of the processing operations to which the request relates; however, it may also include the personal data contained in an identity document submitted for identification purposes.

3) Legal basis
This personal data is processed on the basis of Article 6 (1) (c) in conjunction with Article 12 et seqq. of the GDPR. The processing is documented on the basis of Article 6 (1) (c) in conjunction with Article 5 of the GDPR.

4) Recipients
In order to undertake a comprehensive examination of the request, the Ministry may have to request details of the personal data processed by the service provider it has tasked, Telemark Rostock Kommunikations- und Marketinggesellschaft mbH.

5) Retention period
The personal data is kept by the Federal Ministry of Labour and Social Affairs for as long as is necessary to comply with the documentation obligation established by Article 5 (2) of the GDPR and to defend legal positions (Article 17 (3) of the GDPR). This retention period is three years from the end of the year in which the request was received. Any identity document submitted is erased or destroyed immediately after identification has taken place. A note is merely kept of how proof of identity was provided.

6) Obligation to provide data or consequences of non-provision
It is not possible to process and respond to requests under Article 12 et seqq. of the GDPR unless the data subject’s given name, surname and contact details are provided, which usually allow identification in relation to the processing operations.

6.2 Obtaining information from (public) institutions

1) Purpose
The personal data is processed to allow the handling of professional requests and submissions from staff of (public) institutions.

2) Nature and source of the data
The following data is processed: the sender’s given name and surname, and official contact details where applicable.

The Federal Ministry of Labour and Social Affairs obtains the personal data directly from the sender’s correspondence.

3) Legal basis
The data is processed on the basis of Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act.

4) Recipients
Processing only takes place internally within the Ministry.

5) Retention period
The data retention periods are determined in accordance with the Administrative Regulation for Payments, Bookkeeping and Accounting (VV-ZBR BHO 4.7 and no. 6 of Annex 1), the General Administrative Regulation on Physical Security issued by the Federal Ministry of the Interior (VS-Anweisung), and the guidance issued by the Federal Archives on records management regarding the setting of retention periods for the records of supreme federal authorities in accordance with section 19 of the Directive on the Processing and Management of Records in Federal Ministries (Registraturrichtlinie). The data is erased as soon as the purpose of the data processing ceases to apply, unless the Federal Ministry of Labour and Social Affairs has legitimate interests under Article 17 (3) of the GDPR. In accordance with these provisions, the retention period is generally one year from the end of the calendar year in which the processing was completed.

6) Obligation to provide data or consequences of non-provision
The sender’s official contact details need to be provided so that the Ministry can communicate effectively with the sender within the requesting (public) institutions.

6.3 Freedom of Information Act (requests under the Act)

1) Purpose
The personal data provided by a person submitting a request under the Freedom of Information Act (Informationsfreiheitsgesetz) is processed for the purpose of handling, answering and documenting the request.

2) Nature and source of the data
For the request to be answered, it is necessary for an email address to be provided, or in certain cases (if the request is rejected, partially rejected or subject to fees) the individual’s contact details so that a response can be sent by post. The request cannot be processed without this data. A postal address can be provided where the individual would like to receive a response by post or where this is necessary for administrative reasons (if the request is rejected, partially rejected or subject to fees). The Federal Ministry of Labour and Social Affairs receives the personal data directly from the data subjects or via the "Frag den Staat" (Ask the State) website.

3) Legal basis
This personal data is handled on the basis of Article 6 (1) (c) of the GDPR in conjunction with the Freedom of Information Act.

4) Recipients
The request is handled by the staff of the Federal Ministry of Labour and Social Affairs. In some cases, the requests are answered via the "Frag den Staat" website.

5) Retention period
Requests under the Freedom of Information Act are stored in accordance with the retention periods for records established by the Directive on the Processing and Management of Records in Federal Ministries (Registraturrichtlinie), which supplements the Joint Rules of Procedure of the Federal Ministries (Gemeinsame Geschäftsordnung der Bundesministerien). In accordance with these provisions, the retention period is usually ten years from the end of the calendar year in which the processing was completed.

6) Obligation to provide data or consequences of non-provision
The request cannot be processed and answered unless the email address or postal address is provided.

6.4 Website

6.4.1 Visiting the Website

1) Purpose
Every time a user visits the website of the Federal Ministry of Labour and Social Affairs, the data needed to provide this service is processed. The Ministry is required, on the basis of section 5 of the Act on the Federal Office for Information Security (Gesetz über das Bundesamt für Sicherheit in der Informationstechnik), to store data for the purpose of protecting the Ministry’s internet infrastructure and federal communications technology from attack. This data is analysed and is required so that legal action can be taken and a criminal prosecution can be launched in the event of attacks on communications technology.

2) Nature and source of the data
The following data is collected:
Browser type and version
Operating system used
User’s IP address
Server IP address and name
Date and time of the server request
HTTP protocol and status
Data volume transferred
File path

The Ministry obtains the personal data directly from the data subjects and their electronic devices.

3) Legal basis
The personal data is processed on the basis of Article 6 (1) (c) of the GDPR in conjunction with section 5 of the Act on the Federal Office for Information Security.

4) Recipients
This data is also stored in log files on a server run by the web provider Digitas GmbH, and retained after the visit to the website.

Data recorded when users visit the Ministry’s website is only transferred to third parties where there is a legal obligation to do so or where this is necessary for the purpose of legal action or criminal prosecution in the event of attacks on federal communications technology. It is not transferred in any other cases.

5) Retention period
The data is erased as soon as the purpose of the data processing ceases to apply, unless the Federal Ministry of Labour and Social Affairs has legitimate interests under Article 17 (3) of the GDPR or retention obligations exist on IT security grounds (in which case the retention period is three months, under section 5 (2) of the Act on the Federal Office for Information Security).

6) Obligation to provide data or consequences of non-provision
The website cannot be used, for functional or IT security reasons, without providing the technical connection data specified above.

6.4.2 Web analytics

1) Purpose
In the context of the Ministry’s public relations activities and the tasks to be performed by the Ministry, usage information is analysed for statistical purposes so that information can be provided in line with users’ needs.

2) Nature and source of the data
The web analytics service “etracker” sets cookies on the visitor’s device. When individual pages of this website are accessed, the following data is stored:
Two bytes of the IP address of the user’s device (the last six characters are anonymised),
The page accessed,
The page which brought the user to the page accessed (referrer),
Recognition of returning visitors and visitor history,
The pages visited from the page accessed,
The time spent on the page, and
How frequently the page is accessed.

Although the Federal Ministry of Labour and Social Affairs generates the personal data when a user visits the website, the IP address is anonymised without delay as part of this process, ensuring that users remain anonymous from the Ministry’s perspective.

The software is set not to store IP addresses in full; instead, two bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This means the truncated IP address can no longer be attributed to the accessing device.

3) Legal basis
Diese Anonymisierung der personenbezogenen Daten erfolgt auf Grundlage des Art. 6 Abs. 1 c) i. V. m. Art. 5 Abs. 1 c) DSGVO (Grundsatz der Datenminimierung).

Die kurzzeitige Erhebung der IP-Adresse vor der Anonymisierung erfolgt auf Grundlage des Art. 6 Abs. 1 a), Art. 7 DSGVO und im Übrigen gemäß § 25 Abs. 1 TTDSG. Über die Erhebung kann im Vorfeld entschieden werden. Das geschieht durch die Auswahl, welche die Nutzenden zu Beginn des Besuchs im Cookie-Hinweis tätigen. Wenn die Nutzenden die Auswahl nachträglich ändern möchten, kann das durch Klick auf den untenstehenden Link erfolgen. Der Cookie-Dialog öffnet sich dann erneut und die Einstellungen können entsprechend geändert werden.

to the Cookie Dialogue

4) Recipients
The software runs solely on the servers of the “etracker” service provider on behalf of the Federal Ministry of Labour and Social Affairs. Usage information is only stored there. The data is not transferred to third parties.

5) Retention period
As part of this process, the IP address is anonymised without delay, ensuring that users remain anonymous from the Ministry’s perspective.

6) Obligation to provide data or consequences of non-provision
If users have not given their consent for the storage and analysis of this data relating to their visit, an opt-out cookie is set in their browser, which stops “etracker” from collecting any session data.

Users can decide here whether to give consent for a unique web analytics cookie to be set in their browser to enable the website’s operator to collect and analyse various types of statistical data.

If you do not wish to give consent for this, please click the following link to set the “etracker” opt-out cookie in your browser.

No data collection

Please note: Clearing cookies will also delete the opt-out cookie and it may then need to be activated again by the user.

6.5 Contacting the Federal Government Commissioner via publicly accessible contact options

1) Purpose The personal data provided when an individual contacts the Federal Ministry of Labour and Social Affairs is processed for the purpose of handling, responding to and documenting the communication. The Ministry can be contacted in the following ways:

The email addresses intb[at]bmas.bund.de
The email addresses presse-integration.intb[at]bmas.bund.de
Letters can be sent to the Commissioner’s postal address
Telephone
The email address info[at]digitas.com

2) Nature and source of the data
In the context of communications submitted to the Federal Ministry of Labour and Social Affairs, the data provided – usually surname, given name, postal address, and telephone number where applicable – is processed. When individuals contact the Ministry, they have to provide their postal address, as the Ministry is required by the Joint Rules of Procedure of the Federal Ministries (Gemeinsame Geschäftsordnung der Bundesministerien) to respond to communications from members of the public by post, and sending the reply by post is often the only way to guarantee it is confidential.

Other information contained in the communication, together with any enclosures or attachments, which may be necessary for handling it can include the number of years worked (in the case of pension queries). Additional information can include data concerning health, information relating to trade union membership, and so on.

The Ministry usually receives the personal data directly from the data subjects when they contact the Ministry; it may also receive personal data from agencies in its area of responsibility in cases where they are involved in examining and responding to the communication.

3) Legal basis
The processing of the identification and address data and the personal data necessary for handling the communication takes place on the basis of Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act. Any further information is processed on the basis of consent under Article 6 (1) (a) in conjunction with section 7 of the GDPR.

Where the communication or the enclosures or attachments contain special categories of personal data (such as data concerning health or trade union membership), this information is provided voluntarily and the Federal Ministry of Labour and Social Affairs regards the provision of this data as consent for it to be processed as well under Article 9 (2) (a) of the GDPR. Where the processing of this particularly sensitive data takes place on the basis of consent, the data subject’s attention is explicitly drawn to the right to withdraw consent under Article 7 (3) of the GDPR.

4) Recipients
Communications sent via the email address info[at]digitas.com:
Communications sent via the email address info[at]digitas.com are processed by the service provider tasked by the Federal Ministry of Labour and Social Affairs, Digitas GmbH.

If the matter cannot be dealt with by Digitas GmbH, it is passed on to the Ministry.

In connection with the processing and examination of the facts by the Ministry’s staff, it may be necessary to pass on the matter to agencies within the Ministry’s area of responsibility or other competent agencies so that a technically sound or informed response can be provided.

Under Article 6 (1) (e) of the GDPR in conjunction with sections 3, 25 and 23 of the Federal Data Protection Act, the transfer of data takes place only if it is in the interest of the data subject and the communication does not contain any indication that the data subject does not agree to the involvement of such agencies.

In most cases, these agencies within the Ministry’s area of responsibility or other competent agencies could be the data subject’s local employment agency, local job centre, pension insurance fund, or another federal ministry (for example the Federal Ministry of Health in the case of questions relating to medicines, or the Federal Ministry of Finance in the case of questions relating to taxes).

If there is any indication that the data subject may not want the data to be transferred, the Federal Ministry of Labour and Social Affairs will seek the data subject’s prior consent. The same applies if the documents contain special categories of personal data (Article 9 of the GDPR, e.g. data concerning health) which must be passed on for examination.

5) Retention period
The data retention periods are determined in accordance with the Administrative Regulation for Payments, Bookkeeping and Accounting (VV-ZBR BHO 4.7 and no. 6 of Annex 1), the General Administrative Regulation on Physical Security issued by the Federal Ministry of the Interior (VS-Anweisung), and the guidance issued by the Federal Archives on records management regarding the setting of retention periods for the records of supreme federal authorities in accordance with section 19 of the Directive on the Processing and Management of Records in Federal Ministries (Registraturrichtlinie).

Where the communication is received in the context of a submission from an individual, for example, the retention period begins at the end oft he calendar year in which the processing was completed and is one year until December 31,2023 and five years from January 1, 2024. The retention period is up to 20 years in the case of technical subjects or opinions, and up to 30 years for opinions submitted in the framework of the legislative process; in each case, this period begins at the end of the calendar year in which the processing was completed.

Please note: The Ministry may destroy documents which are not required.

6) Obligation to provide data or consequences of non-provision
The communication cannot be processed and answered unless the address data and relevant personal data is provided.

6.6 Social networks

Public relations activities via social networks constitute data processing in the public interest. The Federal Constitutional Court ruled in 1977 that the Federal Government’s public relations activities are not just constitutionally permissible, but also necessary, as democratic decisions require an informed public. The Court affirmed this in another ruling in 1983, provided that the government communicates its policies objectively, accurately, proportionately and with restraint. Other judgments came to the same conclusion.

Statistical studies show that the way the public consumes media and seeks information is changing. A growing number of population groups obtain less and less information about current affairs from “traditional” information channels, such as newspapers or television channels. Instead, they obtain information from media that operate solely or at least partly online, and above all from social networks. One of the aims pursued by the Federal Government Commissioner for Migration, Refugees and Integration and the Federal Government Commissioner for Antiracism in its public relations activities is reaching as many population groups as possible and informing them in the framework of its constitutional remit.

The Commissioner therefore uses social networks, alongside other essential media channels. This gives the public a range of channels, all upholding the same quality standards, via which they can obtain information about the Ministry’s work and get in touch with the Ministry.

Alternatively, the information offered via these services can also be accessed on the Commissioner’s website.

Guidance (in German) on privacy-enhancing user settings on social networks can be accessed on the website of the Federation of German Consumer Organisations at: https://www.verbraucherzentrale.de/wissen/digitale-welt/soziale-netzwerke. Further information (in German) on social networks and how personal data can be protected can also be found on the website of the Federal Office for Information Security (BSI) and at www.youngdata.de.

1) Purpose
The Commissioner is active on the following social networks: X and Instagram.

The operation of the Commissioner’s social media profiles is necessary for targeted and balanced public relations activities, personnel recruitment, and the Federal Government’s crisis communication.

In order to perform its tasks on the social networks, the editorial team processes the data of people who actively engage with the Commissioner there, for example via comments or messages. The personal data provided also has to be processed for the purpose of reacting to individual communications.

2) Nature and source of the data
The data can consist of profile information (such as name, profile picture, number of followers and number of profiles followed by the data subject), comments, posts, reactions, direct messages, the content of enquiries, and most recent tweets.

The Commissioner obtains the personal data directly from the data subjects and their electronic devices. At most, the Ministry receives anonymised statistical data from the social networks’ services.

3) Legal basis
The data is processed on the basis of Article 6 (1) (e) of the GDPR in conjunction with section 3 of the Federal Data Protection Act.

4) Recipients (potentially in third countries)
We expressly draw attention to the fact that social networks also store and process their users’ data. Even if this data processing constitutes an arrangement involving joint controllers under Article 26 of the GDPR, these social networks remain contracting parties and points of contact for users on data protection issues.

X
The Commissioner uses the technical platform and services of X Corp.,1355 Market Street, Suite 900, San Francisco, CA 94103, United States.

Information about what data is processed by X and for what purposes it is used can be found in X’s privacy policy. Users also have the option of requesting information via the X privacy policy inquiries form (https://support.twitter.com/forms/privacy) or by downloading their X archive (https://help.twitter.com/en/managing-your-account/how-to-download-your-twitter-archive).

The Commissioner draws attention to the fact that users are responsible for their use of the X service and its features. This is particularly true of the interactive features (e.g. retweets, likes). Users should give careful consideration to what personal data they share with the Commissioner via X.

The Commissioner has no influence over the nature and scope of the data processed by X, the work of processing and using this data, or the transfer of this data to third parties.

The data about users collected in the course of using the service is processed by X Corp.. and, in this context, it may be transferred to countries outside the European Union. This data includes the IP address, the app used, information about devices used (including device ID and app ID), information about webpages visited, location and mobile provider. This data is associated with the data of the X account or profile in question.

Information about what data is processed by X and for what purposes it is used can be found in X’s privacy policy: https://twitter.com/privacy; information is also available about ways for users to access their own X data: https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data.

X buttons or widgets embedded on websites and the use of cookies enable X to track visits to these sites and attribute them to the X profile in question. This data can be used to serve tailored content or ads. Information about this and the settings available can be found on the following X support pages:
https://help.twitter.com/de/using-twitter/tailored-suggestions
https://help.twitter.com/de/rules-and-policies/twitter-cookies

There are options to limit the processing of personal data in the general settings of a X account, as well as under the “Privacy and safety” heading. In addition, mobile devices (smartphones, tablets) have settings which can be used to restrict X’s access to contact and calendar data, photos, location data, etc. This depends on the operating system, however. Further information on these issues can be found on the following X support page: https://support.twitter.com/articles/105576#.

Guidance (in German) on privacy-enhancing user settings can be accessed on the website of the Federation of German Consumer Organisations at: https://www.verbraucherzentrale.de/wissen/digitale-welt/soziale-netzwerke/sicheres-surfen-in-sozialen-netzwerken-10620

Instagram

The Commissioner uses the Instagram service. Instagram is an online service for sharing photos and videos, and is owned by Meta, formerly Facebook. To provide its information service on this platform, the Commissioner uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The Commissioner draws attention to the fact that users are responsible for their use of the Instagram service and its features. This is particularly true of the interactive features (e.g. sharing, liking). Users should give careful consideration to what personal data they share via the Commissioner’s Instagram page.

Information about what data is processed by Instagram and for what purposes this data is used can be found in Instagram’s Data Policy: Instagram Data Policy | Instagram Help Centre.

When users visit the Commissioner’s Instagram page, Facebook records, among other things, IP addresses and other information from cookies stored on the user’s device. This information is used to provide the Commissioner as the admin of the Instagram page, with anonymised statistical information about the use of the Instagram page. The Data Policy is available at the following link: https://help.instagram.com/519522125107875. The full Terms of Use of the Instagram service can be found here: https://help.instagram.com/581066165581870/?helpref=hc_fnav.

Facebook provides information about the use of cookies in the Cookies Policy for the Instagram service: https://help.instagram.com/1896641480634370/?helpref=hc_fnav.

The Commissioner draws attention to the fact that the cookies used enable Facebook Ireland to track user behaviour (across devices, in the case of logged-in users) even beyond the Instagram service, on other websites. This applies to data subjects irrespective of whether or not they are registered with the Instagram service.

Facebook itself states that it stores data until it is no longer necessary to provide its services and Facebook products, or until the user’s account is deleted, whichever comes first. This is a case-by-case determination that depends on things like the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. More detailed information about data retention can be found at: https://facebook.com/about/privacy.

Facebook processes a variety of personal data about page visitors for its own purposes in the framework of what it calls “Insights”. This processing takes place irrespective of whether or not page visitors are logged into Facebook or Instagram, and whether or not they have a Facebook or Instagram account. Users who visit Instagram pages without being registered with or logged into Instagram still have the option to influence the scope of data processing via the cookie banner shown by Facebook. More detailed information about Facebook cookies can be found at: https://www.facebook.com/policies/cookies/

Instagram Insights are aggregated, anonymised statistics. Page admins do not have access to the personal data processed in this context but only to the aggregated, anonymised Insights. More detailed information can be found at: https://www.facebook.com/help/instagram/788388387972460

Facebook Ireland is required to respond to requests from data subjects. Facebook provides further information about the rights of data subjects here: https://www.facebook.com/help/2069235856423257

Requests from users relating to data processing when visiting an Instagram page which fall within the sole responsibility of Facebook Ireland are forwarded to Facebook Ireland by the Commissioner. Users can contact Facebook’s Data Protection Officer themselves at the following link: https://www.facebook.com/help/contact/540977946302970

Facebook also provides information about privacy-enhancing profile settings for Instagram profiles: https://help.instagram.com/811572406418223/?helpref=hc_fnav

5) Retention period
The personal data will be erased, to the extent that this is within the Ministry’s power, when the Commissioner stops offering information services on these social network sites. If this data is retained beyond this point by the individual social network services, this is based solely on the provisions in their data policies and terms of use.

6) Obligation to provide data or consequences of non-provision
There is no obligation to provide this data.

Members of the public who use these platforms to submit requests to the Ministry are notified that individual personal requests are only processed and answered with reference to the individual case via the Commissioner’s usual contact methods.