deutsch

Data protection information pursuant to Art. 13 GDPR on the use of the online service "handwerk:digital" of the Free Hanseatic City of Bremen represented by the Senator for Finance

The Free and Hanseatic City of Bremen, represented by the Senator for Finance, offers you the opportunity to use the online service "handwerk:digital" to apply for various registrations/applications relating to the topic of "crafts".

Personal data

Personal data is processed in this context. The following information summarizes how personal data is processed, in particular

  • the name and contact details of the controller (who processes the data)
  • the contact details of the data protection officer
  • the purposes of the data processing,
  • the legal basis on which the data is processed
  • the recipients of the data,
  • the duration for which the personal data will be stored
  • the rights of the data subject.

Demarcation between service account/ specialist procedure of the Chamber of Skilled Crafts

Your personal data is collected and stored in this application.

When you submit a completed application, your data will be forwarded to the Chamber of Crafts responsible for the specialist procedure. The respective Chamber of Crafts is responsible for the processing of your data there under data protection law and its data protection regulations apply.

To use this online service, you need to set up a service account (standardized company account based on ELSTER). This is a central IT component for identification and communication. To use this online service and the associated authentication, such a service account must be set up. The state of Bremen is responsible under data protection law for the data processing that takes place within the service account. The technical implementation was carried out by Dataport AöR - owned by the states of Hamburg, Schleswig-Holstein, Bremen and Saxony-Anhalt. Details on these accounts (including the data processed) can be found in the corresponding privacy policy.

Controller

The controller within the meaning of Art. 4 No. 7 GDPR is 

The Senator for Finance of the Free Hanseatic City of Bremen
Referat 45 - Digitalisierung von Verwaltungsleistungen für Unternehmen
Rudolf-Hilferding-Platz 1
28195 Bremen

E-Mail: digliu@finanzen.bremen.de

Data Protection Officer

If you have any complaints, queries or suggestions in connection with data processing by the Senator for Finance, you can contact the official data protection officer of the Senator for Finance:Herr Tobias Ackermann

Mr. Tobias Ackermann
Data Protection Officer

The Senator for Finance
Rudolf-Hilferding-Platz 1
28195 Bremen

E-Mail: datenschutzbeauftragter@finanzen.bremen.de

Purposes of data processing

We only process the personal data of our users insofar as this is necessary to provide a functional website and our content and services. With this online service, the State of Bremen, represented by the Senator for Finance, offers you the opportunity to provide the necessary information digitally and to submit it digitally. For this purpose, the data entered in the digital applications and the data read from the standardized company account are processed, i.e. stored, in this online service and forwarded (transmitted) online to the responsible Chamber of Crafts. The Chamber of Crafts only gains access to the data after it has been transmitted, i.e. after the data has been sent. The relevant Chamber of Crafts is responsible for processing the data after the applications have been sent.

Legal basis

The legal basis for data collection is Art. 6 para. 1 lit. e, c GDPR. If further (optional) data is collected in addition to the required data, the legal basis for this is your consent (Art. 6 para. 1 para. 1 lit. a GDPR). Consent is always given voluntarily. If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time with effect for the future. You can send the revocation of your consent by e-mail to the controller.  

Data subjects and categories of personal data processed

The personal data to be provided may vary depending on the application route. The data is collected from the following groups of data subjects, stored and, if necessary, passed on if the completed application is sent.

Applicants: Surname, first name, date of birth, place of birth, country of birth, e-mail address, telephone number, fax number, gender, residential address, nationality, data on residence permit, certificate of qualification, registration certificate and data on professional background    

Company owners: Surname, first name, date of birth, place of birth, country of birth, e-mail address, telephone number, fax number, home address, gender, nationality, certificate of qualification

Specified legal representatives: Surname, first name, date of birth, country of birth, e-mail address, telephone number, fax number, home address, gender, nationality, residence permit details, certificate of qualification

Shareholders: Surname, first name, date of birth, place of birth, country of birth, e-mail address, telephone number, fax number, gender, nationality, certificate of qualification

Company manager: Surname, first name, date of birth, place of birth, country of birth, e-mail address, telephone number, fax number, gender, nationality, certificate of competence

Participants: Surname, first name, date of birth, place of birth, country of birth, home address, nationality

The following application routes are available:

  • Termination of management
  • Change of address of a place of business
  • Exemption permit/ business entitlement
  • Appointment of the management
  • Closure of a place of business
  • Adding a place of business
  • Deleting the registration of a skilled craft
  • Registration of a craft - new registration
  • Registering a skilled craft - taking over a business
  • Registration of a craft - change of legal form
  • Entry or departure of managing directors and/or shareholders
  • Change of personal data
  • Closure of a place of business 

Recipient of the data

The recipient of the data entered is the processor on behalf of the controller. The recipients are also the competent chambers of crafts of the Federal Republic of Germany, to which the entered data is transmitted for the purpose of craft registration and further processed by them.

The online service "handwerk:digital" only transmits the data to third parties in those cases permitted by law in which it is obliged by law to disclose the user's personal data.

Data security 

Technical and organizational measures are taken to protect your data from unauthorized access as comprehensively as possible.

An encryption procedure is used on the pages of the online service. Your data is transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Cookies

In order to make your visit as user-friendly as possible and to be able to offer all available functions, we collect a range of data and information from the device you used to access our website. This involves the following data:

a) Description and scope of data processing

When you visit the website and use the online service "handwerk:digital", data is collected during an ongoing connection via your Internet browser and with the help of technically necessary so-called session cookies (session). 

b) Legal basis for data processing 

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

c) Purpose of the data processing

The session cookies used here enable the functionality of the data entered. The user data collected by technically necessary cookies is not used to create user profiles.

d) Recipient

The recipient of the data is the processor.

e) Duration of storage, objection and removal options

Cookies that have already been stored can be deleted at any time. This can also be done automatically. Please note that deleting the browser history can also lead to the deletion of the cookies set.

Cookies set by the application are deleted after the browser is closed. After logging in, this is a persistent cookie that ends when the session expires (30 minutes of inactivity). Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.

Creation of server log files

Every time you access this website or retrieve a file, data about this process is temporarily processed in a log file. In particular, the following data is stored:

  • the date and time of access
  • the name and URL of the retrieved file
  • the website from which the access was made
  • the operating system of your computer and the browser you are using
  • the IP address

To protect against attacks on the processor's internet infrastructure, this data must be stored beyond the time of the visit. This takes place via so-called log files. This data is not stored together with other personal data of the user.

Data deletion and storage duration

After forwarding to the responsible Chamber of Crafts, the data remains in the online service for 6 months and is deleted after this time.

Server log files are deleted by the contractor/processor after 7 days at the latest, session cookies after closing the application, i.e. after the end of the session. The personal data entered and temporarily stored in the applications will be deleted 6 months after the last use of the application. 

Your data will be processed and stored for as long as is necessary to fulfill the legal obligations or for the respective purpose.

Order processing

The processing of data in the online service "handwerk:digital" is carried out by ]init[ AG, Köpenicker Straße 9, 10997 Berlin, Germany, with the corresponding agreed security requirements as part of order processing in accordance with Art. 28 para. 3 GDPR.

Other service providers may support us in the operation of these websites and the associated processes (e.g. hosting and web development). These service providers are strictly bound by our instructions and contractually obligated in accordance with Article 28 GDPR.

Rights of the data subject

Under the EU General Data Protection Regulation (GDPR), data subjects have various rights. Details can be found in particular in Articles 15 to 18 and 21 of the GDPR.

Right to information (Art. 15 GDPR)

Data subjects can request information about their personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. The request should therefore contain as much specific information as possible.  

Right to rectification (Art. 16 GDPR)

If the information concerned is not (or no longer) accurate, data subjects may request rectification. If their data is incomplete, they can request that it be completed.  

Right to erasure (Art. 17 GDPR)

Every data subject has the right to erasure if one of the reasons stated in Art. 17 GDPR applies (e.g. if the data is no longer required for the purposes pursued).  

Right to restriction of processing (Art. 18 GDPR)

There is also the right to restriction of processing if one of the conditions set out in Art. 18 GDPR applies and, in the cases set out in Art. 20 GDPR, the right to data portability. 

Right to object (Art. 21 GDPR)

If data is processed on the basis of Art. 6 para. 1 lit. e (data processing for the performance of official tasks or for the protection of the public interest), the data subject has the right to object to the processing at any time for reasons arising from their particular situation. The data will then no longer be processed unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defense of legal claims.

Right to lodge a complaint (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, the data subject also has the right to lodge a complaint with a supervisory authority if they consider that the processing of data relating to them infringes data protection regulations. The right to lodge a complaint may be exercised in particular with a supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement.

Links to websites of other providers

Our online offering contains links to websites of other providers that are not covered by our privacy policy. We would like to point out that the operators of these external websites may collect, evaluate and process the data of visitors. As a rule, these providers have no influence on the content and compliance with data protection regulations. We therefore ask you to inform yourself about the applicable guidelines when visiting these websites.

Validity and amendment of the privacy policy

The privacy policy is valid as of 11.08.2022. We reserve the right to amend this privacy policy at any time with effect for the future in accordance with the GDPR. A current version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection regulations.