Right of access by the data subject under Article 15 of the

GDPR
This is a response to a data subject’s request to obtain access to the personal data processed
by BundID. The response is given in compliance with Article 15 of the GDPR.

1. General information about BundID

With BundID (previously: Federal User Account), you have an easy and secure way to prove
who you are when using online services. Once your identity has been verified, you can file an
online request. In addition, you can receive official communications electronically in your
BundID inbox.

1.1 Controller

The controller – as defined in Article 4 no. 7 of the GDPR – is the Federal Ministry of the Interior
and Community (Bundesministerium des Innern und für Heimat, BMI).

Bundesministerium des Innern und für Heimat

Alt-Moabit 140
10557 Berlin, Germany
Phone: +49-(0)30 18 681-0
Fax: +49-(0)30 18 681-12926
Email: bundid@bmi.bund.de
De-Mail: bundid@bmi.bund.de-mail.de

Please note that emails (except De-Mail) are by default not sent with end-to-end encryption,
which means that unauthorised persons could potentially access and manipulate the
information transmitted. For information that requires protection, we therefore recommend that
you contact us using one of the following methods:

De-Mail
Email with PGP encryption
Contact form

1.2 Data protection office

You can reach the office responsible for data protection at the Federal Ministry of the Interior
and Community at the following address:

Bundesministerium des Innern und für Heimat

Beauftragte/r für den Datenschutz
Alt-Moabit 140
10557 Berlin, Germany
Phone: +49-(0)30 18 681-0
Email: bundid@bmi.bund.de

1.3 Technical operations

The Federal Information Technology Centre (Informations-Technik-Zentrum des Bundes,

ITZBund) processes data on behalf of the Federal Ministry of the Interior and Community. The
Federal Information Technology Centre is part of the federal administration. It is the provider of
federal IT services. A contract according to Article 28 (3) of the GDPR has been concluded
between the Federal Ministry of the Interior and Community and the Federal Information
Technology Centre; the Federal Ministry of the Interior and Community remains responsible for
data protection.

No data processing related to BundID takes place outside of Germany.

2. Description of the processing of personal data

2.1 Purposes of processing

We process your personal data so that you can take full advantage of the features of your
BundID account. The data are used to prove who you are when using online services and to
send you official communications.

2.2 Categories of personal data

We process the following categories of personal data and the related data objects for the
purposes described in section 2.1.

Table 1: Categories of personal data and related data objects in your BundID account
Data category Name of personal data item Personal data item

Identity and communication data The “unique ID” of this account’s 6f6939a2-d549-4daa-ad1b-
dataset 28567d7b1dd6

Name of the data subject usually given

Abolfazl MOHSENPOUR GALOUSANG
and family name

Title

Given name Abolfazl

Family name MOHSENPOUR GALOUSANG

Doctoral degree

Date of birth 12.04.1998

Name at birth

Place of birth KALIBAR

 Street and house number GUTENBERGSTRAßE 5

Postcode 32756

City/town DETMOLD

Country DE

Communication data

Phone number

Account’s email address a.mohsenpour98@gmail.com

Account’s De-Mail address

Account details Account settings

Account created on 2023-03-19 13:18:04

Account activated on 2023-03-19 13:18:04

Language preference en

Account status AKTIVIERT

Last change to account on 2023-03-19 13:18:04

Last login on 2023-03-19 13:18:54

Inbox handle (unique identifier of your

330c6f83-cdfa-437b-afd0-
inbox to receive official
529d3df29ed7
communications)

Credential options

Credential BENUTZERNAME

Type of assurance level BASIC REGISTRATION

Status of credential AKTIVIERT

Service- and card-specific identifier /

pseudonym
*only visible when using an electronic
identity card to prove identity

Issuing country of credential

*only visible when using an electronic
identity card to prove identity

Credential created on 2023-03-19 13:18:04

Credential changed on 2023-03-19 13:18:04

Last login with credential

Credential options

Credential NPA

Type of assurance level HIGH

Status of credential AKTIVIERT

 Service- and card-specific identifier /
pseudonym da3274beaae746d938ed1140cd0750c3
*only visible when using an electronic 831a474083dbf3548a9b2614cd07ec0c
identity card to prove identity

Issuing country of credential

*only visible when using an electronic
identity card to prove identity

Credential created on 2023-03-19 13:18:04

Credential changed on 2023-03-19 13:18:04

Last login with credential 2023-03-19 13:18:54

Consent upon account creation

43316a0d-5379-4efb-9357-
Unique identifier of consent
b93785e6db06

Confirmation of consent to the

Yes
processing of your personal data

Date and time of consent 2023-03-19 12:18:297

ID for log identification, unique identifier 6024c22f-41ec-4a62-86d2-

of your consent log df142c5f70cc

Account deletion

Account deleted on

Reason for account deletion

Communication content data BundID inbox

Number of received messages 1

Number of unread messages 1

In addition, the following data are processed in the backend; they can be attributed to your
sessions and to your account.

Table 2: Identification data stored in your BundID account.

Data category Name of personal data item

Login data Username (see above)

Password

Security question

Secret answer

We also store logins, changes to your account data and other activities related to your
credentials (e.g. username and password, eID card, etc.), including timestamps, so that you
have better control over your BundID activities. You can view this data any time under “Activity
log” in your BundID account.
3. Data origin
Data in your account that can be personally attributed to you were originally

entered or provided by yourself;

Activity logging and data recorded by the system;
read from your electronic means of identification (e.g. eID).

4. Recipients or categories of recipients

Recipients or categories of recipients to whom the personal data have been or will be disclosed
depend on the individual online request that you filed or will file using BundID.

Your personal data are disclosed to third

YES
parties:

Nutzung des bereitgestellten Nutzerkontos Bund; data access by third parties: YES
Datenweitergabe an Fachverfahren während der Nutzung; data access by third parties:
YES
Befriedung rechtlicher Informationspflichten; data access by third parties: NO

Learn more about the disclosure of your data to third parties in section 9 of the BundID Privacy
Policy: https://id.bund.de/en/datasecurity

5. Retention periods
You can delete your BundID account at any time. Your account will be automatically deleted if
you have not logged in for 24 months. Unless otherwise required by law, your data will be
immediately deleted once this period has expired.

Table 3: Overview of retention periods by data category

Data category End of use Time of deletion

Identity data End of use due to deletion of the

immediately
Communication data BundID account
Account details
Communication content data
End of use due to inactivity 24 months after the last login + 1 day
Login data

For an active account, the period starts

after 90 days
on the date the log entry was created.
Activity log
End of use due to deletion of the
immediately
BundID account

End of use due to deletion of the

Consent data immediately
BundID account
6. Exercising rights as a data subject
For more information about exercising your rights as a data subject, in particular your right to
lodge a complaint with a supervisory authority, please consult the BundID Privacy Policy:
https://id.bund.de/en/datasecurity