The Federal Commissioner for the Records of the State Security Service of the Former German Democratic Republic (BStU) takes the protection of personal data very seriously. We want you to know when we collect data and how we use it. We have taken technical and organisational measures to ensure that the data privacy rules are observed not only by our agency, but also by external service providers.
Jump to content
The Federal Commissioner for Stasi Documents (BStU), as an authority of the Federal Republic of Germany without legal capacity, operates an internet site under the domain www.einblick-ins-geheime.de on which he informs the public about the exhibition "Access to Secrecy".
We will only process personal data to the extent necessary. Which data is required and processed, and to which purpose and on what basis, depends largely on the type of service you use or on the purpose for which it is needed.
We have taken technical and organisational measures to ensure that data privacy rules are observed not only by our agency, but also by external service providers.
The processing of personal data is carried out in accordance with the European General Data Protection Regulation (EU DSGVO) and the Federal Data Protection Act (BDSG).
General Provisions and Definitions
Responsibility and Data Protection Representative
Responsibility for the processing of personal data lies with the authority of the
Federal Commissioner for the Records of the State Security Service of the GDR
Specific questions regarding the protection of your data should be directed to the data protection representative at the BStU:
The Federal Commissioner for the Stasi Records Data Protection Representative Karl-Liebknecht-Straße 31/33 10178 Berlin
Postal Address: BStU 10106 Berlin
Personal data is all information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified directly or indirectly - in particular by assignment to an identification such as a name, an identification number, location data or an online identification.
Protection of Minors
Persons under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians. The data will not be transferred to third parties.
Legal Basis for Processing Personal Data
The BStU processes personal data in the performance of its public interest duties. The public tasks of the BStU also include public relations work, including the provision of information for the public on this website. The legal basis for processing is Art. 6 para. 1 lit. e of the General Data Protection Regulation of the EU (DSGVO) in conjunction with the corresponding national or European task standard or in conjunction with § 3 of the BDSG. In individual cases in which the processing of personal data is necessary to fulfil a legal obligation, Art. 6 para. 1 lit. e of the DSGVO in conjunction with the corresponding legal provision from which the legal obligation is derived, shall also serve as the legal basis.
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a of the DSGVO serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b of the DSGVO also serves as the legal basis in individual cases. This also applies to processing operations that are necessary to carry out pre-contractual measures. As a contracting party under civil law, the BStU is particularly active in the area of personnel recruitment and procurement.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the DSGVO serves as the legal basis.
Data Processing in Conjunction with a Visit to this Internet Site
Every time a user accesses our website or downloads a file, data about this activity is processed temporarily in a log file.
Specifically, the following data is stored about each access or retrieval:
Date and time of the request (time stamp), as well as the IP address of the accessing device or server
Name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes)
Message on whether the request was successful (HTTP status code)
On the basis of Article 6 paragraph 1 lit. e of the EU General Data Protection Regulation (DSGVO) in conjunction with § 5 of the BSI Act, we are obligated to store data beyond the time of your visit for protection against attacks on the internet infrastructure of the BStU and the communication technology of the federal government. This data is analysed and, in the event of attacks on communications technology, is required to initiate legal and criminal prosecution. The data will be deleted as soon as it is no longer needed to fulfil the task.
Data logged when accessing the BStU's website will only be transmitted to third parties if we are legally bound to do so or if disclosure is required for legal or criminal prosecution in the event of attacks on the federal government's communication technology. Data will otherwise not be passed on. The BStU does not merge this data with other data sources.
Furthermore, we note expressly that when a user of the BStU website engages in active use of the services provided by YouTube that have been integrated into the website by the BStU, such as by playing a video on the website, the YouTube service provider stores the BStU visitor’s data according to its own data usage guidelines and uses it for its business purposes. The BStU has no influence on data collection and further use by YouTube. Thus, we cannot provide any information about the extent, location and duration of data storage, the extent to which the network fulfils existing deletion obligations, which assessments and links are made with the data and to whom the data is transferred.
Brochures and books can be ordered through our publication pages. During this process cookies are used, which are valid for the duration of the visit to the website. This is necessary for technical reasons for the function of the shopping cart. This is done on the basis of Art. 6 para. 1 lit. e of the DSGVO in conjunction with § 3 of the Federal Data Protection Act in the context of public relations work for the demand-oriented provision of information on the tasks assigned to the BStU.
Session cookies are small pieces of information that a provider stores in the main memory of the visitor’s computer. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Your orders are compiled in your shopping cart using the session ID.
The session cookies used are deleted when you end the session. When you close the browser, your shopping cart is reset. If you end the session without completing the ordering process, the contents that you entered into the shopping cart up to that point must be reordered.
You can use any internet browser to view cookies and their contents. Detailed information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security.
We do not use persistent cookies, which are stored as text files on the hard disk of the visitor’s computer to allow visitors to be recognized at a later time.
Most browsers are set automatically to accept cookies. However, the storage of cookies can be deactivated or the browser can be set so that cookies are only stored for the duration of each connection to the internet.
If you reject all cookies, the shopping cart cannot be used to order different publications and you will only be able to order one brochure at a time.
On the basis of Art. 6 para. 1 lit. e of the DSGVO in conjunction with § 3 of the Federal Data Protection Act, the BStU evaluates usage information for statistical purposes within the context of public relations work and for the demand-oriented provision of information on the tasks performed by the BStU.
This is carried out by the web analysis service Awstats/Matomo/PIWIK.
When individual pages of our website are accessed, the following data is stored:
Two bytes of the IP address of the user’s calling system (anonymous)
The accessed web page
The website from which the user accessed the website (referrer)
The subpages that are accessed from the website
The length of stay on the website
The frequency with which the website is accessed
No cookies are set on the user’s computer as part of our web analysis. The data will not be transferred to third parties.
If you also do not wish to consent to the completely anonymous storage and evaluation of data from your visit, you may object to the storage and use by mouse click at any time. In this case, an opt-out cookie is stored in your browser, which means that Awstats/Matomo/PIWIK will no longer collect any session data.
Note: If you delete your cookies, the opt-out cookie will also be deleted and you may have to reactivate it.
Processing Personal Data within the Context of Establishing Contact
The processing of personal data depends on what form of contact is used. There are differences between contacting us by e-mail, contact form, letter or telephone.
Contacting the BStU by E-Mail
In addition to using the staffs’ personal business e-mail addresses and various function mailboxes, it is also possible to send an email to the BStU using this central e-mail address: E-Mail an: email@example.com" href="mailto:firstname.lastname@example.org">email@example.com
If you use one of the above channels of contact, your e-mail address and any other data you transmit (e.g. last name, first name, address), as well as the information contained within the e-mail (including any personal data you provide) will be stored for the purpose of contacting and processing your request in accordance with the deadlines of the registration guideline applicable to the storage of documents.
We note explicitly that the processing of data is based on Article 6 paragraph 1 lit. e of the DSGVO in conjunction with § 3 of the BDSG. It is necessary to process the personal data you transmit in order to process your request.
E-Mail Addresses not Related to the BStU
The BStU website also contains third-party e-mail addresses. These addresses do not end with “bstu.bund.de” after the @. If you use one of these addresses to contact us, the BStU will not be responsible for the processing of personal data. Should you have any questions regarding the handling of your personal data by this third party, please contact them directly.
Using the Contact Form to Contact the BStU
You can use the form on this website to contact the BStU’s internet editorial office. The contents of the contact form are transmitted via an encrypted https connection.
You must provide your first and last name and e-mail address to use the contact form for communication. Without this data, your request sent via the contact form cannot be processed. Providing a telephone number is optional and enables us - if you wish - to contact you with any questions we may have. The date and time of your inquiry and your IP address will also be transmitted to us.
If we receive a message from you via the contact form or an e-mail, we will assume that we are entitled to reply by e-mail. You must otherwise expressly inform us of another form of communication.
We wish to note that the processing of data transmitted through use of the contact form and its content (which may also contain personal data transmitted by you) is carried out on the basis of Article 6 paragraph 1 lit. a of the DSGVO for the purpose of processing your request.
When using the contact form, the sender’s IP address is recorded. By submitting the contact form, you consent to the transmission and storage of your personal data as well as the IP address in accordance with Art. 6 paragraph 1 letter a) of the DSGVO. Processing and temporary storage of personal data serves to answer your inquiry within the scope of Article 17 of the Basic Law. The IP address is used exclusively within the context of national law enforcement and security measures in compliance with legal requirements.
Processing is carried out by the employees of the internet editorial office. The internet editorial staff stores your data only to process your request and in accordance with legal and contractual requirements. If your request cannot be processed in the internet editorial office, it will be forwarded to the relevant specialist departments or to the citizens’ advisory office.
You may cancel the contact process at any time if you do not agree to the processing of your data. Your message will not be sent.
Contact by Telephone
If you contact an employee by phone, personal data about you will be processed insofar as this is necessary to fulfil your request.
You have the following rights vis-à-vis the BStU with regard to your personal data:
- Right to information, Art. 15 of the DSGVO
The right of access gives the data subject a comprehensive view of the data concerned as well as other important criteria such as the purposes of processing or the duration of storage. The exceptions to this right regulated in § 34 of the BDSG apply.
- Right to correction, Art. 16 DSGVO
The right to correction includes the possibility for the data subject to have incorrect personal data that concerns him/her corrected.
- Right to deletion, Art. 17 of the DSGVO
The right to deletion includes the data subject’s right to have data deleted by the person responsible. However, this is only possible if the personal data concerned is no longer necessary, is processed illegally or if consent has been revoked. Exceptions to this right regulated in § 35 of the BDSG apply.
- Right to limitation of processing, Art. 18 of the DSGVO
The right to limitation of processing includes the possibility for the data subject to prevent further processing of the concerned personal data for the present time. A restriction occurs above all in the examination phase of other rights exercised by the person concerned.
- Right to object to the collection, processing and/or use, Art. 21 of the DSGVO
The right to object includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the performance of public duties or public or private interests. The exceptions to this right regulated in § 36 of the BDSG apply.
- Right to data transferability, Art. 20 of the DSGVO
The right to data transferability includes the possibility for the data subject to receive the personal data concerned in a common, machine-readable format from the data controller in order for it to be forwarded to another data controller if necessary. According to Art. 20 para. 3 sentence 2 of the DSGVO, however, this right is not available if data processing serves the performance of public tasks.
- Right to revoke consent, Articles 13 and 14 of the DSGVO
If the processing of personal data is based on consent, the data subject may revoke this consent at any time for the relevant purpose. The legality of the processing based on the consent given remains unaffected until receipt of the revocation.
You can assert the rights listed above in writing using aforementioned channels of communication.
In accordance with Art. 77 of the DSGVO, you also have the right to appeal to the data protection supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information.
If you have any questions or complaints, you can also contact the data protection representative at the BStU.