Data protection

Information concerning data protection pursuant to Article 13 General Data Protection Regulation with regard to provision of the website of the Finance Agency

Thank you very much for visiting our website and for your interest in German government securities, our company and our website.
Compliance with both the pertinent data protection provisions and the confidential use of data is second nature to us, and we consider the protection of your privacy to be of the utmost importance. For this reason, it is important for us to provide you with information about the categories of personal data we collect, when we collect such data, how long we store such data and for which purposes such data are used.

1. Data controller

Federal Republic of Germany – Finance Agency
Olof-Palme-Str. 35
60439 Frankfurt / Main
Tel.: +49 (0) 69 256 160
Fax: +49 (0) 69 256 161 476

2. Data protection officer

Our Data Protection Officer can be contacted at
Federal Republic of Germany – Finance Agency
- Data Protection Officer -
Olof-Palme-Str. 35
60439 Frankfurt / Main

3. Data subjects

The Finance Agency processes the personal data of the visitors to its website in order to provide general information on what the Finance Agency does as well as to enable visitors to contact the Finance Agency.

4. Personal data and categories of data

Personal data means any information relating to an identified or identifiable natural person. Such personal data could be, for example, the name, address, telephone number or details of the individual’s debt register account. Information that cannot be attributed to an individual person does not constitute personal data.

We process the personal data that we receive when you use our website, when responding to your enquiries and when you subscribe to our newsletters.

a) Data processing on our website
Every time you visit our website or retrieve a file from our website, data on this access is stored and processed temporarily in a log file. In detail this processing and storing comprises the  following data:

  • date, time and duration of your visit (timestamp),
  • request details and target address (protocol version http method, referrer, useragent-string),
  • ip-address,
  • name of the accessed file and retrieved data volume (requested URL incl. query string, size in bytes),
  • message whether the access was successful (http status code).

b) Newsletter subscription
When you subscribe to a newsletter, we record your email address, the newsletter you have selected, and the date and time of your registration.
To make sure that the newsletter was expressly requested by you, the subscription procedure involves an additional confirmation email containing a link to complete the registration process (double opt-in). When you register, an unencrypted confirmation email with a link to complete the registration is generated and sent to the email address you provided. The data required for you to receive the newsletter, along with the confirmation email itself (double opt-in), will only be stored once you click the link in the email. The data will only be stored for the duration of your subscription and solely for the purpose of sending the newsletter.
Should you no longer wish to use our services, you can unsubscribe from our newsletters at any time. A corresponding link can be found at the end of each newsletter.

5. Cookies

Cookies are small text files which, depending on your browser settings, are stored on the hard drive of your computer when you visit our website. These cookies do not retrieve any information about you stored on your hard drive and do not interfere with your computer or its files. Most browsers are configured to automatically accept cookies. However, you can generally deactivate the storage of cookies or configure your browser so that it notifies you that cookies have been set.

The Finance Agency is legally obliged to determine whether you are located in the USA, Canada, Australia, Japan, Hong Kong or any other jurisdiction in which the purchase or sale of German Government securities is subject to legal restrictions. This will determine which products and services we may offer you.
We use a splash screen to perform this query. If the information you provide indicates you are not subject to any trading restrictions, we will set a session cookie. This session cookie remembers your self-assessment and is set when you visit the ‘Private Investors’ and ‘Institutional Investors’ sections. The session cookie prevents the splash screen from being reopened each time a page is accessed. The cookie is used exclusively to give you access to legally protected areas of the site. Setting this cookie is therefore strictly necessary according to Article 5(3) of Directive 2002/58 in order to make the website available to you in accordance with the law.
Nevertheless you have now the possibility to delete the cookie with immediate effect:

Delete cookie

All created cookies were removed successfully.

6. Purpose and legal basis of data processing

a) Data processing on the basis of consent in accordance with Article 6(1)(a) and Article 9 GDPR
The information provided by you voluntarily when you subscribe to our newsletters and when you request documents for delivery is processed on the basis of your consent. You have the right to withdraw your consent at any time with future effect. This also applies to consent given by you before the entry into force of the GDPR on 25th May, 2018.

b) Data processing necessary to safeguard legitimate interests in accordance with Article 6(1)(f) GDPR
Where personal data are processed for IT security purposes, this processing serves to safeguard the legitimate interests of the Finance Agency. Your personal data will be processed for the establishment of legal claims in the legitimate interest of the Finance Agency, should this be required in individual cases. In addition, your personal data will be processed for the investigation of criminal offences, should this be required in individual cases in order to safeguard the legitimate interests of the Finance Agency.

7. Storage period

We store your personal data for as long as such data are required for the stated purpose or for as long as statutory retention provisions apply. The weblog data collected when you visit our website is stored for a period of four weeks. Subsequently, your IP address is anonymized for evaluation at a later point in time, enabling us to continually analyse and optimise the information we provide on the Internet. After this process, we are not able to establish a direct link to you personally.
If you have subscribed to a newsletter, we store the data for as long as you receive the newsletter. Should you unsubscribe from the newsletter, your data will be deleted immediately.

8. Recipients or categories of recipients of personal data

The Finance Agency makes use of other agencies to carry out its tasks, e.g. a web hosting service provider.

9. Data processing in a third country

Your data will not be transferred outside the EU. In individual, exceptional cases, access from a third country outside the EU may be granted for the maintenance or servicing of IT systems. An appropriate level of data protection shall be safeguarded through standard contractual clauses in accordance with Article 46(2)(c) GDPR, binding corporate rules in accordance with Article 47 GDPR, or through a so-called adequacy decision adopted by the Commission in accordance with Article 45 GDPR. These can be supplied by the Finance Agency on request.

10. Rights of the data subject

a) Right of access to information (Art. 15 GDPR)
You have the right of access to information and the right to receive an electronic copy of your personal data.

b) Right to correction (Art. 16 GDPR)
You have the right to correction of your personal data, should such data be inaccurate. This right includes the right to completion of your data, should such data be incomplete.

c) Right to deletion (right to be forgotten) (Art. 17 GDPR)
You have the right to deletion of your personal data, in particular where such data are no longer required to fulfil the purpose for which the data were collected. This right also prevails if the underlying legal basis was invalid from the outset or if it ceases to be applicable at a later date.

d) Right to restriction of processing  (Art. 18 GDPR)
You have the right to restrict the processing of your personal data if

  • you dispute the accuracy of the data,
  • you object to the deletion of the personal data and instead demand restriction of its use,
  • the data controller no longer needs the personal data for the stated purposes, but you need this data for the establishment, exercise or defence of legal claims,
  • you have objected to the processing of the personal data in accordance with Article 21(1) GDPR and it is not or has not yet been established whether the legitimate grounds of the data controller override those of the data subject.

e) Right to data portability  (Art. 20 GDPR)
Where you have made personal data available to us, you have the right to receive such data in a structured, commonly used and machine-readable format. If such data are processed on the basis of consent or for the purpose of fulfilling a contract, you also have the right to request that we transfer this data to a third party, where technically possible.

f) Right to object  (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. This right shall prevail provided the data is processed in accordance with Article 6(1)(f) (data processing required to safeguard legitimate interests).

g) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
If you suppose the processing of your personal data violates your rights you have the right to lodge a complaint with the competent data protection supervisory authority.

Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Str. 153
53117 Bonn



11. Encrypted email communication with the Finance Agency

Information is transmitted openly across the Internet. If no precautions are taken to protect the confidentiality and integrity of the information, unauthorised persons could read or alter your messages. If you want to send and receive confidential messages, we recommend using Pretty Good Privacy (PGP) or GnuPG. You can download the public part of the Finance Agency’s PGP key here:

Public Key
You can find information on PGP encryption on a number of websites, including the homepage of the Federal Office for Information Security (BSI) or of the OpenPGP project. You can send encrypted messages in three steps:

  1. Install GnuPG, PGP or a software programme with similar functionality on your computer.
  2. Download the Finance Agency’s public key on to your computer and add it to your public key ring (pubring.pkr). Next, you can check whether the fingerprint of the key matches the information on this page.
    Fingerprint: CD0C AD45 9B95 EBF4 84B9 8366 FFE8 053F 9A7C 1E62
  3. Save the information you wish to send in a file (e.g. attachment.txt) and encrypt it with the Finance Agency’s public key.

12. External links

For further information, we have provided links on our website that point to third-party websites.
The Federal Republic of Germany - Finance Agency does not have any influence over the contents and structure of these third-party websites. Please be aware that the statements made in this Privacy Notice do not apply to third-party websites.

Version: May 2020

To top