Privacy policy
0. Overview of data protection declarations
On this page you will find the privacy policy for website operation. You can access the data protection declarations for the specific applications via the following links (currently only available in German):
- Data protection declaration for electronic applications in the Cost-of-living assistance (Hilfe zum Lebensunterhalt) procedure
- Data protection declaration for electronic applications in the Social housing eligibility certificate (WBS) procedure
- Data protection declaration for electronic applications in the Basic welfare for the elderly and people with reduced earnings capacity procedure
- Data protection declaration for electronic applications in the Assumption of rent arrears for recipients of benefits under SGB XII procedure
- Data protection declaration for electronic applications in the Benefits under the Asylum-Seekers’ Benefits Act (AsylbLG) procedure
- Data protection declaration for electronic applications in the Benefit to promote integration into the labour market (Einstiegsgeld) procedure
- Data protection declaration for electronic applications in the Education and participation procedure
- Data protection declaration for electronic applications in the Work Opportunities procedure
- Data protection declaration for electronic applications in the Municipal Integration Services procedure
- Data protection declaration for electronic applications in the Activation and Placement Voucher (AVGS) procedure
- Data protection declaration for electronic applications in the One-Time Needs procedure
- Data protection declaration for electronic applications in the Free Funding procedure
- Data protection declaration for electronic applications in the Supporting young people who are difficult to reach procedure
- Data protection declaration for electronic applications in the Integration of the Long-Term Unemployed procedure
- Data protection declaration for electronic applications in the Grant from Placement Budget procedure
- Data protection declaration for electronic applications in the Integration of Self-Employed procedure
- Data protection declaration for electronic applications in the Social Compensation procedure
1. Data privacy policy: Social Platform (website operation)
In this data privacy policy for the Social Platform, which can be found at https://sozialplattform.de, we explain how information that can be individually assigned to you or others as a person (“personal data”) is processed and used on the Social Platform.
For each step of data processing, we explain:
- Which authority is responsible under data protection law (see Section 1),
- Whom you can contact if you have any questions about data protection (see Section 2), and
- What rights you and other persons whose personal data are processed have (see Section 3).
In Section 4, we explain the individual steps of data processing, in particular why these steps are carried out in each case, on what legal basis, how the steps work in each case, and how the personal data are processed in each case.
1.1. Data controller
Under data protection law, the following authority is responsible for the operation of the Social Platform website and the provision of information i.e. all data processing steps described in Section 4.2:
Ministry of Labor, Health and Social Affairs of the State of North Rhine-Westphalia
Fürstenwall 25
40219 Düsseldorf
The responsible authority can be contacted for general inquiries (for data protection issues, see Section 2) as follows:
Telephone: (02 11) 855-5
Email: poststelle@mags.nrw.de
For data protection inquiries, the data protection officer of the authority should be contacted directly. The contact details are given in Section 2.
1.1.1. Website operation
The following authority is responsible under data protection law for the operation of the website of the social service platform and the information provided, i.e. all data processing steps that are described in Section 1.4.2:
Ministerium für Arbeit, Gesundheit und Soziales des Landes Nordrhein-Westfalen
Fürstenwall 25
40219 Düsseldorf
Die verantwortliche Behörde kann für allgemeine Anfragen (zu Datenschutzfragen siehe unter Ziffer 1.2) wie folgt kontaktiert werden:
Telephone: (02 11) 855 – 5
E-Mail: poststelle@mags.nrw.de
For inquiries about data protection, the data protection officer of the authority should be contacted directly. The contact details are given in section 1.2.
1.2. Data protection officer
Authorities usually have a data protection officer or a similar function that deals specifically with data protection issues. Inquiries about data protection from you or other persons whose personal data is processed by the authority can be sent to the contact details given below.
In addition, each authority is monitored by an independent supervisory authority with regard to the processing of personal data. Complaints about the processing of personal data by the authority can also be addressed to the relevant supervisory authority.
1.2.1. Information on the data protection officer and the supervisory authority
Contact details of the data protection officer:
Ministry of Labor, Health and Social Affairs of the State of North Rhine-Westphalia
Datenschutzbeauftragte [Data Protection Officer]
Fürstenwall 25
40219 Düsseldorf
Telephone: (0211) 855-5
Email: datenschutz@mags.nrw.de
1.3. Rights as a data subject
Any person whose personal data are processed by an authority may, as a data subject, assert the following rights vis-à-vis the respective responsible authority (see Section 1).
1.3.1. Right to information
Data subjects may request information from the authority in accordance with Art. 15 GDPR as to whether or not personal data concerning them are being processed. If so, data subjects can request the information regarding the data processing specified in Art. 15 GDPR.
1.3.2. Right to rectification
Data subjects may ask the authority, in accordance with Art. 16 GDPR, to correct inaccurate personal data concerning them or, if necessary, to supplement incomplete personal data.
1.3.3. Right to erasure
Data subjects may ask the authority, in accordance with Art. 17 GDPR, to delete personal data concerning them, provided that the conditions specified in Art. 17 GDPR are met.
1.3.4. Right to restriction of processing
Data subjects may ask the authority, in accordance with Art. 18 GDPR, to restrict the processing of personal data concerning them, provided that the conditions specified in Art. 18 GDPR are met.
1.3.5. Right to object against processing
Data subjects may lodge an objection with the authority against the processing of personal data concerning them, based on the legal basis of Art. 6 (1) (e) GDPR, in accordance with Art. 21 GDPR, on grounds relating to their particular situation.
The authority will then no longer process the personal data unless it can demonstrate and, if necessary, prove that there are grounds for continuing to process these data in accordance with Art. 21 GDPR.
1.3.6. Right to lodge a complaint with the data protection supervisory authority
Data subjects can lodge a complaint at any time about the processing of personal data concerning them by the authority. Such a complaint must be submitted to the competent data protection supervisory authority named below.
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen [State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia]
Postfach [PO Box] 20 04 44
40102 Düsseldorf
Tel.: +49 (0)211 38424-0
Fax: +49 (0)211 38424-999
Email: poststelle@ldi.nrw.de
Further contact options and complaint forms, etc. at https://www.ldi.nrw.de/metanavi_Kontakt/index.ph
1.3.7 Right to withdraw consent that has been granted
Data subjects may at any time withdraw consent that they have given to the authority for the processing of personal data concerning them in accordance with Art. 7 para. 3 GDPR. The withdrawal of consent is only effective for the future; the processing of personal data that has already taken place on the basis of the consent is not affected by the withdrawal.
If consent is only given for a single processing step, this processing step is carried out and completed immediately after consent is given, and subsequent processing steps are not carried out on the basis of consent, any revocation can no longer have any effect.
1.3.8 Right to lodge a complaint with the data protection supervisory authority
Data subjects may lodge a complaint about the processing of personal data concerning them by the authority at any time. Such a complaint must be submitted to the competent data protection supervisory authority named for the authority in Section 1.2.
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Postfach [PO Box] 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-999
E-mail: poststelle@ldi.nrw.de
Further contact options and forms for complaints etc. at https://www.ldi.nrw.de/metanavi_Kontakt/index.php
1.4. How your personal data are processed
Here in Section 4, we explain the individual processing steps through which personal data are processed.
1.4.1. Technical operation of the Social Service Platform
The technical operation of the Social Service Platform, and therefore all processing of personal data in accordance with this data privacy policy, is carried out entirely by the State Office for Information and Technology of North Rhine-Westphalia (IT.NRW), Mauerstraße 51, 40476 Düsseldorf. IT.NRW shall act as processor in accordance with Art. 28 GDPR.
1.4.2. Visiting the website
Whose personal data are processed? (Categories of data subjects)
Every visitor to the website at https://sozialplattform.de.
Which categories of personal data are processed?
- IP address of the accessing terminal or connection
- Unique identifier for recognizing the user across the entire website
- Postal code selected in the search
- Date and time of retrieval
- Name of the Internet service retrieved, resource retrieved and action used
- Query submitted by the client
- Amount of data transferred
- Message whether the retrieval was successful
- Client information (including browser, operating system)
Why are the data processed? (Purposes of processing)
To guarantee that the Social Platform website operates faultlessly, including troubleshooting; to ensure that the website functions as intended; as well as to defend against and analyze attacks.
What happens to the personal data?
Data are stored and processed in server log files on one hand, and on the other with the following cookies:
- Session cookie: Used to assign activities on the platform (e.g. page changes) to a session, by storing a session identifier.
- Functionality cookie: Used to temporarily store activities on the platform as part of an active session. After selecting a language and changing pages, these cookies prevent the language from having to be changed again.
- Protocol cookie: Used to store settings and information entered even after a session has ended, for example, when searching for a location.
What is the legal basis?
1. Insofar as data are retrieved from the user’s end device or stored on the end device, this is done on the legal basis of Section 25 (2) of the Telecommunications and Telemedia Data Protection Act (TTDSG), since it is necessary to retrieve and store these data for the provision of the Social Platform website and its intended functions.
2. The legal basis for processing personal data is Article 6 (1) (e) GDPR in conjunction with Section 1 (1) of the Online Access Act (OZG) and Section 5a (2), first sentence, of the Act on the Protection of Minors in North Rhine-Westphalia (EGovG NRW), as processing is necessary for the provision of the Social Platform website and its intended functions.
Is there an obligation to provide these personal data and what are the possible consequences if the data are not provided?
No, there is no obligation to enable the storage of cookies. However, the functionality of the Social Platform website may be restricted if the storage of cookies in the browser is restricted or deactivated.
How long are the personal data stored for?
Server log files are restricted after 48 hours with regard to processing to the effect that data can only be restored from encrypted backups in individual cases on request. After six weeks, the data in the encrypted backups will also be deleted.
The session cookie is valid for 10 minutes from the last interaction; the functionality cookie is valid for one year from the last interaction. The protocol cookie is valid indefinitely. All cookies remain stored, regardless of their validity, until they are deleted in the browser by the user, e.g. by activating a function to delete all cookies.
2. Privacy policy using the National Feedback Component
The Ministry of Labour, Health and Social Affairs of the State of North Rhine-Westphalia (MAGS NRW) informs you about the processing of personal data when using the National Feedback Component (NFK) via the Portal of the social platform.
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
2.1. Information about the processing of personal data
Responsible authority to Article 4 (1), (7) and Article 26 of the General Data Protection Regulation (GDPR) is:
Federal Minister of the Interior (BMI)
Referat DV II 3
Alt-Moabit 140
10557 Berlin
Phone: +49 (0)30 18 681-0
E-Mail: poststelle@bmi.bund.de
DE-Mail: poststelle@bmi-bund.de-mail.de
If you have any questions regarding the protection of your data, please contact the data protection officer:
Data protection officer
Federal Minister of the Interior
Alt-Moabit 140
10557 Berlin
Phone: +49 (0)30 18 681-0
E-Mail: bds@bmi.bund.de
As processors are acting:
]init[ Aktiengesellschaft für digitale Kommunikation
Köpenicker Straße 9
10997 Berlin
Phone: +49 30 97006 0
E-Mail: init@init.de
The order processor and operator of the National Feedback Component is the Federal Information Technology Center (ITZBund).
Informationstechnikzentrum Bund
Bernkasteler Straße 8
53175 Bonn
Phone: +49 (0) 22899 680-0
E-Mail: poststelle@itzbund.de
An agreement on commissioned processing in accordance with Article 28 GDPR has been concluded.
2.2. Collection and storage of personal data
Using the internet offer
Each time the Internet offer (platform with input mask) is accessed, data about this process is temporarily processed in a log file. In detail, the following personal data is stored for each access or retrieval:
- Date and time the website was viewed (timestamp),
- IP address of the accessing device or server,
- Request details and destination address (protocol version, HTTP method, referrer, UserAgent string),
- Name of the retrieved file and amount of data transferred (requested URL incl. query string, size in bytes) and
- Message indicating whether the retrieval was successful (HTTP status code).
The MAGS NRW as operator of the Portal of the social platform does not process personal data according to Art. 4 (1) GDPR.
- The mentioned personal data will be deleted completely after a maximum of 90 days.
2.3. Legal basis and purpose of processing
The legal basis for collecting personal data is Article 6 (1) Sentence 1 (c), (e) GDPR in conjunction withe § 3 Federal Data Protection Act (BDSG), § 5 BSI-Act for storing the data to defend against attacks on the Internet infrastructure of MAGS NRW and the communications technology of the federal government beyond the time of your visit. This data is evaluated and required for legal and criminal prosecution in the event of attacks on communications technology. The data will be deleted at least after 90 days.
The purpose of processing the personal data is to ensure the functionality of the IT systems of the federal government or its service providers. Your feedback will be processed anonymously during the evaluation. This means that the input you provide will not be processed together with your personal data and, in particular, will not be forwarded to the relevant authority to which you provide feedback. It is not possible to draw conclusions about you from your responses. Please make sure not to enter any personal data in free text fields. Your personal data will be processed exclusively for the stated purpose. The processing of the above-mentioned personal data is necessary for this purpose.
2.4. Storage period
The mentioned personal data will be deleted completely after a maximum of 90 days.
2.5. Using Cookies
The form does not use cookies.
2.6. Rights of data subjects
Data subjects have the following rights regarding to their personal data:
- Right of access, Art. 15 GDPR
The right of access provides data subjects with comprehensive insight into the data concerning them and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right regulated in Section 34 BDSG apply.
- Right to rectification, Art. 16 GDPR
The right of rectification includes the possibility for the data subject to have inaccurate personal data concerning him corrected.
- Right to erasure, Art. 17 GDPR
The right to erasure includes the possibility for the data subject to have data deleted from the data controller. This is only possible if the personal data concerning him or her is no longer necessary, is being processed unlawfully, or if consent in this regard has been revoked. The exceptions to this right regulated in Section 35 BDSG apply.
- Right to restriction of processing, Art. 18 GDPR
The right to restriction of processing includes the possibility for the data subject to prevent further processing of personal data concerning him or her for the time being. A restriction occurs primarily in the review phase of other rights by the data subject.
- Right to object to the collection, processing and / or use, Art. 21 GDPR
The right to object includes the possibility for data subjects to object to the further processing of their personal data in a special situation if this is justified by the performance of public tasks or public as well as private interests. The exceptions to this right regulated in Section 36 BDSG apply.
- Right to data portability, Art. 20 GDPR
The right to data portability includes the possibility for the data subject to receive the personal data concerning him or her from the controller in a common, machine-readable format in order to have it forwarded to another controller, if necessary. According to Art. 20 (3) sentence 2 GDPR this right is not available if the data processing serves the performance of public tasks.
The aforementioned rights can be asserted in writing at the contact details listed in section 1.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the data protection supervisory authority. The supervisory authority responsible for us ist he Federal Commissioner for Data Protection and Freedom of Information (BfDI), Graurheindorfer Str. 153, 53117 Bonn, Germany, poststelle@bfdi.bund.de. Further contact information can be found here: https://www.bfdi.bund.de/DE/Service/Kontakt/kontakt_node.html.
You can also contact the mentioned data protection officer with questions and complaints at any time.