GSB 7.1 Standardlösung

Navigation and service

Seiteninhalt

Privacy policy statement

PDF Download:

Privacy policy statementPDF, 171KB, File does not meet accessibility standards

Kraftfahrt-Bundesamt (KBA) takes the protection of your personal data seriously. The KBA wants you to know when it collects which data and how it uses it. It has taken technical and organisational measures to ensure that it and the external service providers it commissions to perform its tasks comply with the data protection regulations.

Data protection is the protection of privacy. The aim of data protection is to safeguard the fundamental right to informational self-determination. In order to achieve this goal, any processing of personal data of natural persons must be carried out in accordance with the EU General Data Protection Regulation (GDPR), the sector-specific data protection regulations and the German Federal Data Protection Act (BDSG). This means that personal data may only be processed for specific, clear and legitimate purposes. Only as much data may be processed as is absolutely necessary for the respective purpose. In addition, the data must always be kept correct and up to date. It must only be possible to identify the data subject for as long as is necessary to fulfil the respective purpose. In organisational and technical terms, the data must be adequately protected against unauthorised access, loss, destruction and damage.

These requirements naturally also apply to data processing by the KBA. The variety of tasks performed by the KBA, the volume and sensitivity of the data processed and the advancing digitalisation with its ever new processing possibilities mean that data protection is becoming increasingly important.

1 Information on data processing in connection with the performance of the KBA's public duties

The KBA processes personal data when performing the tasks assigned to it by law in accordance with Section 2(1)(2) of the Act on the Establishment of the Kraftfahrt-Bundesamt (KBAG). The content and purpose of the data stored in the KBA's registers are defined by law (see also the explanations in section 1.6.).

1.1 What data does the KBA store / process in its registers?

1.1.1 Register of Driver Fitness (FAER)

The KBA processes the following data in the FAER in accordance with the provisions of Sections 28 et seq. of the Road Traffic Act (StVG) in conjunction with the associated legal ordinances:

Gender, academic degree if applicable, first name, surname, different maiden name if applicable, religious, artist or former names if applicable, date of birth, place of birth, nationality, address of the person in respect of whom a legally binding decision has been issued for an administrative offence or criminal offence affecting road safety or an effective decision of the driving licence authority concerning the withdrawal or restriction of the driving licence.

1.1.2 Central Vehicle Register (ZFZR)

The KBA processes the following data in the ZFZR in accordance with the provisions of §§ 31 ff. StVG in conjunction with the associated legal ordinances:

Gender, academic degree if applicable, first name, surname, different maiden name if applicable, religious or stage name, date of birth, place of birth, address as data of the vehicle owner as a natural person or name/designation and address of the company (or association) if vehicles are registered to companies (or associations).

Technical vehicle data corresponding to the registration certificate part I (formerly vehicle registration document), vehicle identification number, vehicle licence plate number, number of the registration certificate part II (formerly vehicle registration document), insurance data and, since 01/10/2017, also data and results of general inspections/safety tests of vehicles.

1.1.3 Central Register of Driving Licences (ZFER)

In the ZFER, the KBA processes the following data in accordance with the provisions of §§ 48 et seq. StVG in conjunction with the corresponding statutory ordinances:

Licence number and driving licence number, date of issue and expiry of the driving licence (in the case of licences issued after 18.1.2013), gender, where applicable, academic degree, first name, surname, surname, name of order or artist’s name, date of birth, place of birth of the licence holder, categories of driving licences issued with the date of issue and, if the classes have been granted for a limited period, the date of expiry of the validity; Administrative key of the driving licence authority; in the case of beginners, the beginning and end of the probationary period. Issue of driving training licences and driving licences for the carriage of passengers, recognition as a motor vehicle expert, examiner or test engineer.

The register has been kept since 1.1.1999 for EU card licences in check card format.

1.1.4 Register of Tachograph cards (FKR)

In the FKR, the KBA processes the following data in accordance with Regulation (EU) No 165/2014 in conjunction with § 4 and 12 Driving Personnel Act (FPersG):

Tachograph card number, name and authority keys of the issuing authority, start and expiry of the validity of the tachograph card.

For the driver card:
Title, academic degree, first name, surname, birth name, date of birth, place of birth, driver’s license number

For the company card:
Title, academic degree, first name, surname, birth name, date of birth, place of birth of the person appointed

At the workshop card:
Title, academic degree, first name, surname, birth name, date of birth, place of birth of the appointed person and the responsible professional

1.1.5 Register of Professional Drivers Qualification (BQR)

In the BQR, the KBA processes the following data in accordance with Directive (EU) 2018/645 in conjunction with §§ 12ff Professional Driver Qualifications Act (BKrFQG):

1. Driver qualification data:

a) Birth and surname, first name, day and place of birth, academic degree and gender of the holder of the driver qualification certificate;

b) the date of issue and expiry of the validity of the driver qualification certificate;

c) the authority issuing the driver qualification certificate;

d) the status of the driver qualification certificate indicating the status date;

e) the authority notifying the status of a driver qualification certificate issued;

f) the driving licence number of the driving licence valid at the time of issue of the driver’s qualification certificate, including the issuing State of the driving licence;

g) serial number of the driver qualification certificate;

h) number 95 according to Annex 9 of the Driving Licence Ordinance;

i ) categories of driving licences for which the key number 95 is valid;

2. Data on the basic qualification of drivers:

a) Birth and surname, first name, day and place of birth, academic degree and gender of the participant;

b) the name and address of the auditing body;

c) the day of successful completion of the theoretical and practical examination,

d) the nature of the examination, namely:

aa) Regulatory test,

bb) Transitional examination,

cc) lateral entry-level examination,

dd) Examination to complete vocational training as a professional driver or

ee) Examination for completion of vocational training as a driving specialist,

e) categories of driving licences for which the basic qualification has been obtained;

3. Data on accelerated basic qualification of drivers:

a) the name and address of the training establishment, as well as information on the competent recognition and surveillance authority and the reference number of the recognition notice;

b) Birth and surname, first name, day and place of birth, academic degree and gender of the participant;

c) the period of teaching and the actual duration of the course;

d) information on the sub-knowledge areas referred to in Annex 1 of the Professional Driver Qualification Ordinance and on other completed special measures within the meaning of § 12 No. 4,

e) the name and address of the auditing body;

f) ) the day of successful completion of the theoretical examination,

g) the nature of the examination, namely:

(aa) Regulatory test,

bb) Transitional examination, or

cc) lateral entry-level examination,

h) categories of driving licences for which the accelerated basic qualification has been acquired; and

4. Driver training data:

a) the name and address of the training establishment, as well as information on the competent recognition and surveillance authority and the reference number of the recognition notice;

b) Birth and surname, first name, day and place of birth, academic degree and gender of the participant;

c) the period of teaching and the actual duration of the course;

d) information on the sub-knowledge areas referred to in Annex 1 of the Professional Driver Qualification Ordinance and on the existence of other completed special measures within the meaning of Section 12(4),

e) serial number of the currently valid driver qualification certificate, insofar as one has already been issued.

1.2 Why is my data processed (purpose)?

The KBA’s register data is used to provide information to authorised bodies at home and abroad (e.g. police and regulatory authorities, fine authorities, driving licence authorities, tax authorities, insurance companies, but also private individuals) about vehicles and keepers or road users in accordance with the Road Traffic Act and other European legal regulations, in particular to ensure road safety or the facilitation of registration procedures within Germany and the EU for the benefit of all road users.

1.2.1 Register of Driver Fitness (FAER)

The data of the FAER referred to in 1.1.1.1 are transmitted in accordance with § 30 StVG, inter alia, for the prosecution of criminal offences, for the execution or execution of penalties, for the prosecution of administrative offences and for the enforcement of fine notices and their ancillary consequences under this Act and the Law on Road Drivers or for administrative measures pursuant to this Act or the legal provisions based on it.

1.2.2 Central Vehicle Register (ZFZR)

The data of the ZFZR mentioned under 1.1.2. are stored in accordance with § 32 StVG for the registration and monitoring of vehicles in accordance with the StVG or the legal provisions based thereon, for measures to ensure insurance coverage in the context of motor vehicle liability insurance, for measures for the implementation of motor vehicle tax law, for measures pursuant to the Federal Services Act, the Traffic Safety Act, the Traffic Services Act or the legal provisions based thereon, for civil protection measures in accordance with the laws of the Länder enacted for this purpose or the legislation based thereon, for measures implementing end-of-life vehicle law, for measures for the implementation of data processing in respect of motor vehicles with a highly or fully automated driving function in accordance with the StVG or under the legislation based on this Act.

The ZFZR is also led to the storage of data for the provision of information in order to identify or identify persons in their capacity as the holder of vehicles, vehicles of a holder or vehicle data.

1.2.3 Central Register of Driving Licences (ZFER)

In accordance with § 49 StVG, the data of the ZFER mentioned under 1.1.3. are used to determine which driving licences and which driving licences a person holds or for which he can apply for the new grant.

1.2.4 Register of Tachograph Cards (FKR)

In accordance with Regulation (EU) No 165/2014 in conjunction with § 4 and 12 of the German Driving Personnel Act (FPersG), the data of the FKR mentioned under 1.1.4. serve to ensure that the driving personnel are only in possession of a driver card. Information is also provided to authorised authorities in Germany and through the European information system TACHOnet to foreign bodies.

1.2.5 Register of Professional Drivers Qualification (BQR)

According to § 12 BKrFQG, the data of the BQR mentioned under 1.1.5 are used to determine whether the driver is in possession of a driver qualification certificate, for which driving licence category the obligation to (accelerated) basic qualification and further training has been fulfilled, which areas of knowledge have been communicated to the driver, whether an accounting for other completed special measures has taken place, whether, when and where the driver has taken a test to obtain the (accelerated) basic qualification and whether subsequent facts have been disclosed, on the basis of which entries in the BQR have been changed or withdrawn.

1.3 The categories of personal data that are being processed

Personal data are listed under section 1.1. ff) in accordance with special statutory regulations as for the individual registers; furthermore, log data about the recipients authorised to receive will be processed in accordance with point 1.4.

1.4 The recipients or categories of recipients who have already received or will still receive my data in the future

See also the comments on point 1.2. The data will only be transmitted to or retrieved from authorised bodies if you are a vehicle owner, holder of a driving licence or other authorisations within Germany or the EU and insofar as this is necessary in particular to prosecute traffic offences or offences relating to road traffic or otherwise to motor vehicles, trailers, license plates or vehicle documents, driving licences or driving licences.

In addition, the ZFZR provides information on vehicle and document thefts in support of the registration procedure, the prevention of threats to public order, the monitoring of insurance cover and vehicle tax, recall measures (to manufacturers), the implementation of end-of-life vehicle law, public law and private law enforcement, scientific research and statistical purposes and emergency preparedness (see also § 35 et seq. StVG). In order to prosecute legal claims relating to participation in road traffic, private individuals also receive information from the ZFZR (see § 39 StVG).

The KBA shall keep records of the information as the transmitting authority. In order to determine whether and which authorities have already received information about your data in the past, the records (log data) would have to be evaluated. Strict sector-specific regulations apply (e.g. § 36(6) StVG). If the requirements for these protocol data evaluations are not met, such data can only be done on the initiative of the Federal Commissioner for Data Protection and Freedom of Information (BfDI) in accordance with § 34 (3) BDSG. In such a case, please contact the BfDI (see also remarks on point 1.6. and point 4). Whether data on your person will be transmitted to authorised locations in the future depends, among other things, on your traffic behaviour and cannot be determined in advance. In the event of a traffic violation detected, for example, the owner’s data may be accessed by the competent fine authority via your license plate here.

1.5 Duration of storage

1.5.1 ZFZR

The data relating to a vehicle (vehicle data and respective owner data) are stored in the Federal Republic of Germany for the entire period of registration. The data in the ZFZR must be deleted in principle seven years after the vehicle was put out of service and since then has not been re-registered in the Federal Republic of Germany.

1.5.2 FAER

VZR
until 30.4.2014		FAER
from 1.5.2014
Administrative offences
(serious violations)		2 years2.5 years*
Administrative offences
(especially serious violations)		2 years5 years*
Offences
(without revocation of driving licence)		5 or 10 years5 years*
Offences
(with revocation of driving licence)		10 years10 years*
Starting dateDifferentlyUniform from the date of res judicata
Eradication inhibitionextension of the repayment period in case of repeated infringementsNot applicable, each infringement is time-barred individually

* Deletion takes place after another year (extension period).

1.5.3 ZFER

The data in the ZFER is deleted with the date of birth + 110 years of the respective driving licence holder.

1.5.4 FKR

The deletion of the data in the FKR takes place five years after the expiry of the validity of a card.

1.5.5 BQR

The data on the driver qualification certificate in the BQR is deleted six years after the validity of the driver qualification certificate expires.

The data on the basic qualification, the accelerated basic qualification and the further training are automatically deleted from the professional driver qualification register eleven years after the completion of the respective basic qualification or further education measure.

Without prejudice to the two paragraphs above, the data stored in the Professional Driver Qualification Register shall be deleted at the age of 110 of the data subject.

1.6 Right to access, rectification, erasure or restriction of the processing of the data, right to data portability, right to object to processing pursuant to Article 21 GDPR and right of appeal to the competent supervisory authority

With the right to information pursuant to Article 15 of the GDPR, the data subject receives comprehensive information about the data aspiring to him or her and some other important criteria such as the processing purposes or the duration of the storage. The exceptions to this law laid down in § 34 BDSG also apply.

For information from the Register of Driver Fitness, the additional requirements of § 30(8) StVG apply. Further information regarding the application for information from the Register of Driver Fitness can be found here.

The additional requirements of § 58 StVG apply to the information provided in the Central Register of Driving Licences. Further information regarding the application for information from the Central Register of Driving Licences can be found here.

If a data subject wishes to request the rectification or deletion of data in the individual registers in accordance with Article 16 of the GDPR, this must be done through the authority that placed the data in the register concerned.

The deletion of register data also depends on the exception of Article 17 (3) b) GDPR in conjunction with the respective area-specific deletion periods (see the explanations in section 1.5.).

The right to data portability pursuant to Article 20 GDPR includes the possibility for the data subject to receive the personal data aspiring to him in a common machine-readable format from the controller in order to have them forwarded to another controller if necessary. In accordance with the second sentence of Article 20(3) of the GDPR, however, this right is not available if the data processing serves the performance of public tasks, which is regularly the case in the activities of the KBA in connection with the management of the register.

If misuse or incorrect handling of the data or the transmission of the data is suspected, you can contact the official data protection officer of the KBA (cf. contact details under section 4.2.). In addition, you have the option of submitting a complaint pursuant to Article 77 GDPR to the supervisory authority responsible for the KBA. Please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI): Graurheindorfer Str. 153, 53117 Bonn, www.bfdi.bund.de, E-Mail: poststelle@bfdi.bund.de.

In this respect, the BfDI is the supervisory authority responsible for the KBA.

The objection to the processing of the data by the KBA pursuant to Article 21 GDPR is excluded according to § 36 BDSG, since the KBA as a “public body” is specifically obliged to process the data and also at the exact times of deletion due to legal provisions (in particular §§ 28 et seq. StVG, see also the comments on point 1.5.).

1.7 Information on the origin of the data

The data only transmits authorised authorities and bodies in accordance with §§ 28 et seq. of the StVG.

1.8 Automated decision-making including profiling pursuant to Article 21 GDPR

Automated decision-making or profiling does not take place when the KBA processes data.

1.9 Transfer of personal data to a third country or to an international organisation

Information to a third country is only provided in the context of traffic surveillance (e.g. traffic violations and criminal offences) and the authorisation procedure.

Data from the ZFZR are transmitted to the European Commission in accordance with § 37c StVG for the inspection of the insurance obligation.

Information relating to the transmission of data could only be made regularly through the evaluation of the log data of all central registers. However, pursuant to Section 34(3) of the Federal Data Protection Act (BDSG), the protocols may only be evaluated by the KBA on the basis of the area-specific regulations of the StVG. If you suspect misuse in the handling of your data, reference is made to the statements regarding Section 1.6.

2 Processing of personal data when contacting the KBA

Your personal data will be processed depending on the contact route you have chosen. Here a distinction is made between contacting by e-mail, by de-mail, by contact form, by letter, by fax.

2.1 Contacting by e-mail

Contacting the KBA by e-mail is possible in addition to the employees’ personal e-mail addresses, as well as various functional mailboxes. In the departments, the data transmitted by you (e.g. surname, first name, address), but at least the e-mail address and the information contained in the e-mail, including, where applicable, personal or personal data transmitted by you, for the purpose of contacting and processing your request, in accordance with the deadlines of the Rules of Procedure of the Kraftfahrt-Bundesamt (GO-KBA) applicable for the storage of written material in connection with the registration instruction or the area-specific legal regulations are stored.

If the KBA receives a message from you by e-mail, it assumes that it is entitled to reply by e-mail. Otherwise, you must explicitly point the KBA to another type of communication. If (further) personal or personal data are to be transmitted in the course of the reply, the communication/response takes place exclusively by post.

The processing of these data takes place on the basis of Article 6(1)(e) GDPR in conjunction with § 3 BDSG. The processing of the personal data transmitted by you is necessary for the purpose of processing your request.

2.2 Contacting by De-Mail

De-Mail enables verifiable and confidential electronic communication. In addition, only de-mail users with a verified identity can send and receive messages. If you want to send a de-mail to the KBA, you will need a de-mail address, which you will receive from the accredited De-Mail service providers.

You can reach the KBA via the central de-mail address poststelle@kba.de-mail.de.

For the processing and storage of the data transmitted by you on this communication channel, the executions under 2.1. shall apply correspondingly.

2.3 Contact us via the contact form

If you use the contact form for communication, the indication of your name and first name as well as your e-mail address is required. Without this data, your request cannot be processed. The indication of the address is optional and allows the KBA, if you wish, to process your request by post. In addition, the date and time of your request will be transmitted to the KBA.

If the Office receives a message from you via the contact form, it assumes that it is entitled to reply by e-mail. Otherwise, you must explicitly point the KBA to another type of communication. If (further) personal or personal data are to be transmitted in the course of the reply, the communication/response takes place exclusively by post.

The contents of the KBA contact form are transmitted via an encrypted https connection.

The processing of the data transmitted via the contact form and the content, which may also contain personal data transmitted by you, takes place on the basis of Article 6 (1) (e) GDPR in conjunction with § 3 BDSG for the purpose of contacting and processing your request. Your data transmitted to the KBA will be stored in conjunction with the registration instructions or the area-specific statutory regulations in accordance with the time limits of the business regulations of the Federal Motor Transport Office (GO-KBA) applicable for the storage of written material.

When using the contact form, the content of the data fields is transmitted exclusively to the KBA. By activating the checkbox, you take note of its privacy policy. The processing of personal data serves to answer your request within the framework of Article 17 of the Basic Law. The use of the IP address takes place exclusively within the framework of state law enforcement and security measures in compliance with the legal requirements.

If you do not agree to the processing of your data, you can cancel the process at any time. Your message will not be sent.

2.4 Contacting the KBA by fax

Contacting the KBA is also possible by fax.

The data transmitted by you by fax, including the content, which may also contain personal or personal data transmitted by you, will be processed for the purpose of contacting and processing your request on the basis of Article 6(1)(e) GDPR in conjunction with § 3 BDSG. The data is stored by the employees of the KBA in accordance with the deadlines of the Rules of Procedure of the Federal Motor Transport Office (GO-KBA) applicable for the storage of written material in conjunction with the registration instructions or the area-specific statutory regulations.

2.5 Contact by letter

If you contact the KBA by post, the data you provide (e.g. surname, first name, address) and the information contained in the letter (possibly provided by you) will be stored for the purpose of contacting and processing your request in accordance with the deadlines of the Rules of Procedure of the Kraftfahrt-Bundesamt (GO-KBA) applicable for the storage of written material in conjunction with the registration instructions or the area-specific legal regulations.

The processing of the data takes place on the basis of Article 6(1)(e) GDPR in conjunction with § 3 BDSG.

3 Data processing in connection with the homepage of the KBA

3.1 Access to the website of the KBA

Every time a user accesses the website of the KBA and every time a file is retrieved, data about this process is temporarily stored and processed in a log file. Before storage, each record is anonymised by changing the IP address.

When you visit the KBA website, the web server stores the following data by default:

• the domain name (DNS name) or the anonymised IP address of your computer (anonymisation is done by setting the last two bytes of the IP address to “0”)
• the browser,
• the Protocol,
• the operating system you are using,
• the website from which you visit the KBA,
• the website you visit with him,
• the error code of the request,
• the amount of data transferred and
• the date and time of the visit.

In addition, the KBA uses cookies when visiting its website. Further explanations can be found under section 3.4. of this data protection information.

This data is used exclusively for statistical evaluation and to improve its Internet service and is not evaluated back to you. This data will also not be passed on to third parties.

The KBA’s online offer contains links to other websites. It assumes no responsibility for the content of websites that can be accessed via links. The links are only viewed and evaluated in cursory terms upon admission. A continuous review of the content is neither intended nor possible. The KBA expressly dissociates itself from all content that may be relevant under criminal or liability law or violate good morals.

Persons under the age of 18 shall not transfer personal data to the KBA without the consent of their parents or guardians. It does not request personal data of children and adolescents. It does not knowingly collect such data and does not pass it on to third parties.

3.2 When subscribing to our newsletter

On the website of the KBA it is possible to subscribe to the newsletter in order to be informed about current press releases or statistics. These newsletters are aimed at all interested users.

If you have expressly consented in accordance with Article 6 (1) sentence 1 lit. a GDPR, the KBA will use your e-mail address to send you its newsletter on a regular basis. To receive the newsletter, it collects your e-mail address as a mandatory indication.

After registering, you will receive a registration notification by e-mail, which you must confirm in order to receive the newsletter (so-called Double Opt-In). This serves the KBA as proof that the registration was actually initiated by you.

Unsubscribe is possible at any time, e.g. via a link at the end of each newsletter.

Your e-mail address will be deleted immediately after revocation of your consent to send the newsletter.

3.3 Transfer of personal data to third parties

The KBA will only pass on the personal data concerning you to third parties if:

• You have given your express consent in accordance with Article 6 (1) sentence 1 lit. a GDPR;
• this is necessary in accordance with Article 6 (1) sentence 1 lit. b GDPR for the performance of a contract with you,
• in the event that there is a legal obligation to pass on pursuant to Article 6 (1) sentence 1 lit. c GDPR,
• processing in accordance with Article 6 (1) sentence 1 lit. d GDPR is necessary in order to protect the vital interests of you or another natural person;
• processing in accordance with Article 6 (1) sentence 1 lit. e GDPR is necessary for the performance of a task which is in the public interest or in the exercise of official authority conferred on the KBA;
• processing in accordance with Article 6 (1) sentence 1 lit. f GDPR is necessary to safeguard the legitimate interests of the KBA or a third party, unless the interests or fundamental rights and freedoms of you that require the protection of personal data prevail, in particular if you are a child.

The forwarded data may be used by the third party exclusively for the aforementioned purposes.

3.4 Cookies

Cookies are small information units that are stored by the KBA’s Content Management System (CMS) on the user’s computer or mobile device. In the respective web browser used, users can restrict or generally prevent the use of cookies by setting them accordingly. Cookies already stored can be deleted at any time. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a notice always appears before a new cookie is created. However, the complete disabling of cookies may result in you not being able to use all the features of the KBA website.

In order to ensure the technically safe and correct provision of the website, KBA uses a technically necessary cookie called JSESSIONID cookie on its website. This cookie is intended to increase the security and functionality of the offered web applications and serves the load distribution of the servers as well as the session management of the application server. This cookie does not contain any personal data. No IP address or other information is collected that makes it possible to trace back to the actual user.

The legal basis for the use of this technically mandatory cookie is Art. 6 (1) (e) GDPR and Art. 6(2) GDPR in conjunction with § 3 of the Act for the Promotion of Electronic Administration (EGovG) and § 25(2) no. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG). Your consent is therefore not required for the use of this cookie.

Explanatory note: JSESSIONID/sessionid

  • Cookie for the session management of the application server,
  • does not contain any personal data,
  • in particular, is not based on the IP of the user or any other information traceable to the actual user,
  • Validity ends at the end of the current session,
  • The session ID is valid only on the respective server and is not synchronised across different server instances

3.5 Web analysis: AWStats

The KBA uses the web analysis software Awstats. This is a free web analysis software that uses the log files that its servers create due to visits to its website for statistical evaluation. No cookies are used for this purpose. However, the statistical evaluation does not mean that you can be identified as a person or that certain information can be assigned to you. No pseudonymous user profiles are created. No merging with other data takes place. The data is not transmitted to third-party servers, as the software is operated on our hosted web server.

The KBA uses Awstats on the basis of Article 6 (1) sentence 1 lit. f GDPR for the needs-based design and continuous optimisation of its website. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

3.6 Social Media Plugins

The KBA does not use social media plugins.

3.7 Data security

All personal data transmitted by you will be encrypted using the commonly used and secure TLS (Transport Layer Security) standard. TLS is a safe and proven standard, which is also used in online banking, for example. You can recognise a secure TLS connection by, among other things, the attached s on the http (i.e. https://..) in the address bar of your browser or the lock icon in the lower part of your browser.

The KBA also uses appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Its security measures are continuously improved in line with technological developments.

4 Timeliness and modification of this data protection information

This privacy policy is currently valid and has the status of October 2022.

Due to the further development of the website of the KBA and offers about it or due to changed legal or official requirements, it may become necessary that it changes its data protection declaration. The current data protection declaration can be accessed and printed by you at any time on the website at www.kba.de.

5 Contact and contact persons

5.1 Contact details of the KBA as the responsible authority:

Postal address:
Kraftfahrt-Bundesamt
24932 Flensburg
Telephone: +49 461 316-0
Fax: +49 461 316-1650, -1495
E-Mail: poststelle@kba.de

5.2 Contact details of the official data protection officers:

Postal address:
Kraftfahrt-Bundesamt
Privacy
24932 Flensburg
Telephone: +49 461 316-1468
Fax: +49 461 316-1846
E-Mail: Datenschutz@kba.de .

5.3 Contact details of the competent supervisory authority:

As a data subject, you also have the opportunity to contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) if necessary: Graurheindorfer Str. 153, 53117 Bonn, www.bfdi.bund.de, E-Mail: poststelle@bfdi.bund.de .

To contact us by E-Mail, please use the contact form