Jump directly to main navigation Jump directly to content Jump to sub navigation

Data Protection

Privacy policy

Responsible handling of personal data is a high priority for the Friedrich-Loeffler-Institut (FLI). We want users to know which data is collected and used by the FLI and when.

As an authority of the Federal Republic of Germany without legal capacity, the FLI operates a website under the domain www.fli.de on which it informs the public about its activities and provides low-threshold information to the public.

We only process personal data to the extent necessary. Which data is required and processed for which purposes and on what basis depends largely on the type of service you use and the purpose for which it is required.

We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by our external service providers. 
The processing of personal data at FLI is carried out in accordance with the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG).

1. General Information

1.1 Responsibility and Data Protection Officer

Responsibility for the processing of personal data lies with the

Friedrich-Loeffler-Institut
Federal Research Institute for Animal Health
Südufer 10
D-17493 Greifswald - Insel Riems
represented by the president
E-Mail: Leitungsbuero-fli@fli.de

If you have specific questions about how your privacy is protected, please contact the external Official Data Protection Officer

Philipp Herold
Mein Datenschutzbeauftragter.de
Rudolf-Diestel-Straße 10
23617 Stockelsdorf
E-Mail: Datenschutz@~@hub24.de

or the Coordinating Officer - Data Protection at FLI:

Kati Cornelius
Friedrich-Loeffler-Institut
Federal Research Institute for Animal Health
Südufer 10
D-17493 Greifswald - Insel Riems
E-Mail: Koordinierungsstelle-Datenschutz@~@fli.de

1.2 Personal data

The term "personal data" means all information related to an identified or identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly, in particular by linking them to an identifier such as a name, identification number, location data or an online reference number.

1.3 Protection of minors

Anyone younger than 16 should not submit personal data to us without the consent of their parents or guardians. If these data are needed in order to visit the FLI, number 5.2 applies. These data are not shared with third parties.

1.4 Legal basis for processing personal data

The FLI processes personal data in carrying out its assigned responsibilities in the public interest. Its public responsibilities include in particular informing the public and thus making information available to the public through its website. The legal basis for processing in this case is Article 6 (1) (e) of the EU’s General Data Protection Regulation in conjunction with the relevant national or European law and with Section 3 of the BDSG. If personal data must be processed in the individual case to meet a legal obligation, Article 6 (1) (c) of the GDPR applies as well, in conjunction with the relevant legal provision on which the legal obligation is based.

If we obtain consent from the data subject to process personal data, Article 6 (1) (a) GDPR serves as the legal basis.

When processing personal data needed to fulfil a contract with the data subject, Article 6 (1) (b) GDPR also serves as the legal basis in the individual case. The same applies to processing needed to carry out pre-contractual measures. The FLI acts as a contracting party under civil law in particular with regard to staff recruitment and procurement.

If vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) (d) GDPR serves as the legal basis.

2. Data processing related to visiting this website

2.1 Data collection

Every time someone accesses our website and retrieves a file, data are temporarily saved in a log file.

Specifically, the following data are stored:

  • date and time of retrieval (time stamp) and the IP address of the device or server requesting access
  • details of the request and destination (log version, HTTP method, referrer, user agent string)
  • name of the file retrieved and amount of data transferred (requested URL and query string, size in bytes)
  • whether the request was successful (HTTP status code).

According to Article 6 (1) (e) GDPR in conjunction with Section 5 of the Act on the Federal Office for Information Security (BSI-Gesetz), we are also required to store data past the time of your visit in order to protect against attacks on the FLI’s Internet infrastructure and federal communications technology. These data are analysed and, in case of attacks on the communications technology, needed to initiate legal and criminal proceedings. These data are deleted as soon as they are no longer needed for official purposes.

Data logged when the FLI website is accessed are shared with third parties only if we are legally obligated to do so, or if needed for legal or criminal proceedings in case of attacks on federal communications technology. Otherwise these data are not shared with third parties. The FLI does not combine these data with other data sources.

2.2 Session cookies

Cookies are used on the web pages of the FLI, which are valid for the time you visit our website. This is necessary for technical reasons. Cookies are used on the basis of Article 6 (1) (e) GDPR in conjunction with Section 3 BDSG in the context of informing the public in order to provide information on the FLI’s assigned tasks as needed.

Session cookies are small units of information which a website provider saves to the random access memory of the visitor’s computer. A session cookie contains a randomly generated, unique identification number, known as a session ID. A cookie also contains information on its origin and how long it may be saved. These cookies are unable to store any other data.

Session cookies are deleted when you end the session, by closing your browser window or leaving the web page.

Every Internet browser can show you when cookies have been stored on your computer and what they contain. The websites of the Federal Commissioner for Data Protection and Freedom of Information and the Federal Office for Information Security offer more detailed information.

Some cookies are permanent, in order to remember website visitors returning after a long absence. They are stored as text files on the hard drive of the visitor’s computer. We do not use such cookies on our website.

Most browsers accept cookies by default. However, storage of cookies can be disabled, or the browser can be set up to store cookies only for the duration of the individual Internet connection.

2.3 Web analysis

On the basis of Art. 6 para. 1 lit. e GDPR in conjunction with § 3 of the Federal Data Protection Act, the FLI evaluates usage information for statistical purposes as part of its public relations work and for the needs-based provision of information on the tasks to be performed by the FLI
This is done with the web analysis service Matomo/PIWIK.
When individual pages of our website are accessed, the following data is stored

  • two bytes of the IP address of the user's accessing system (anonymous)
  • the website accessed
  • the website from which the user came to the website accessed (referrer)
  • the subpages that are accessed from the accessed website
  • the time spent on the website
  • the frequency with which the website is accessed
  • whether downloads have been made
  • Search terms.
Cookie options

You can use the following cookie consent tool to check and adjust your data protection settings.
Please use a browser that supports iFrames.

Note: If you delete your cookies, this means that the settings you have specified will also be deleted and you may have to make them again.

2.4 Third-party providers

In order to display our content correctly and graphically appealing across browsers, we use “Google Web Fonts” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to display fonts on this website. You can find the library operator's privacy policy here: policies.google.com/privacy.
On some websites, we embed maps from the “Openstreetmap” platform of the provider Openstreetmap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. The relevant privacy policy can be found here: wiki.openstreetmap.org/wiki/DE:Datenschutz.

3. Processing of personal data in the context of making contact

The processing of personal data depends on the method of contact. A distinction can be made between contact by e-mail, contact form, letter or telephone (hotline).

3.1 Contacting the FLI by e-mail

It is possible to contact the FLI by e-mail via the employees' personal business e-mail addresses and various functional mailboxes as well as via this central e-mail address: internetredaktion@fli.de. The personal data sent to the central address and stored in the organizational unit responsible for central message distribution will be deleted after one year following forwarding to the responsible organizational units of the FLI.
In the organizational units, the data transmitted by you (e.g.: surname, first name, address), but at least the e-mail address, as well as the information contained in the e-mail (including any personal data transmitted by you) will be stored for the purpose of contacting you and processing your request in accordance with the deadlines for the storage of documents set out in the Registry Directive. 
We would like to point out that the data is processed on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. Processing of the personal data transmitted by you is necessary for the purpose of processing your request.

3.2 E-mail addresses without FLI reference

The FLI website also provides e-mail addresses of third parties on specialist topics. These addresses do not contain “fli.de” after the @. If you use one of these addresses to contact us, the FLI is not responsible for the processing of personal data. If you have any questions regarding the handling of your personal data by this third party, please contact them accordingly.

3.3 Contacting the editorial office via the contact form

You can use the contact form on this website to contact the FLI editorial office.
The content of the FLI contact forms is transmitted via an encrypted https connection.
If you use the contact form for communication, it is necessary to provide a salutation, your first and last name and your e-mail address. Without this data, your request sent via the contact form cannot be processed. Providing your address is optional and enables us - if you wish - to process your request by post. In addition, the date and time of your request and your IP address will be transmitted to us.
If we receive a message from you via the contact form or an e-mail, we assume that we are entitled to reply by e-mail. Otherwise, you must expressly inform us of another form of communication.

We would like to point out that the processing of the data transmitted via the contact form and the content (which may also contain personal data transmitted by you) is based on Article 6(1)(a) GDPR for the purpose of processing your request. 
When using the contact form of the Internet editorial office, the content of the data fields is transmitted exclusively to the Internet editorial office of the FLI. The IP address of the sender is recorded. This also takes place when sending a conventional e-mail to the address internetredation@fli.de. By activating the checkbox and sending the contact form, you consent to the transmission and storage of your personal data and IP address in accordance with Art. 6(1)(a) GDPR. The processing and temporary storage of personal data serve to answer your request. The IP address is used exclusively in the context of state law enforcement and security measures in compliance with the legal requirements.

The processing is carried out by the employees of the Internet editorial department. The online editorial team will only store your data for the purpose of processing your request and in accordance with legal and contractual requirements. Your data will be deleted after your question has been answered, but at the latest after the end of the respective calendar year. If your request cannot be processed by the online editorial team, it will be forwarded to the relevant organizational units.
If your data is forwarded, it will be processed in accordance with the time limits for the storage of documents set out in the Registry Guidelines. 
If you do not agree to your data being processed, you can cancel the contact process at any time. Your message will then not be sent.

3.4 Contact by letter 

If you write a letter to the FLI, the data you provide (e.g.: surname, first name, address) and the information contained in the letter (any personal data you provide) will be stored for the purpose of contacting you and processing your request in accordance with the deadlines for the storage of documents set out in the Registry Directive. 
We would like to point out that the data is processed on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. Processing of the personal data transmitted by you is necessary for the purpose of processing your request.

3.5 Making contact by telephone

If you contact an employee by telephone, your personal data will be processed to the extent necessary to process your request. 

4. Processing of personal data in the context of the use of social networks

In order to present our institute in the best possible way and to communicate with you as a user or interested party, we make use of our presence in social networks. This requires temporary data storage by a service provider. The data is stored on a server located in the European Union and includes the following Profile and account name and picture, content of the request, number of followers and profiles followed by the profile, and latest tweets. The data is stored for six months. We would like to point out that the data is processed on the basis of Article 6(1)(e) GDPR in conjunction with Section 3 BDSG. The processing of the personal data transmitted by you is necessary for the purpose of processing your request. 

When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as exists in the EU cannot be guaranteed in all countries outside the EU.
In this context, there may be risks for you as a user if the transferred data is processed in so-called third countries with an inadequate level of data protection. This makes it more difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country. We only transfer personal data to third countries for which an adequate level of protection has been confirmed or if the transfer of personal data can be ensured by contractual agreements or other suitable guarantees.

We would also like to expressly point out that Meta and X (Twitter) and LinkedIn store their users' data (e.g. personal information, IP address, etc.) in accordance with their data usage guidelines and use it for business purposes. To achieve this, cookies are used to record user behavior and enable user profiling. 
A specific list of the purposes for which user data is processed can be found in the privacy policies of the respective providers. By making the appropriate settings in your user account, you can restrict profiling, at least to a certain extent. For the exact procedure, please read the relevant data protection information of the respective provider.

The relevant platforms are:

PlatformResponsible PartyData protection information of the platform operator
InstagramMeta Platforms Ireland Ltd
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Privacy policy of Instagram
LinkedInLinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland
Privacy policy of LinkedIn
XTwitter Inc
1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy policy of X

In this context, the platform operators also use certain data that they have collected from users of the platform (e.g. whether a photo on a profile has been marked with “Like” or commented on) to create aggregated usage statistics and make them available to the respective operators of the profile (so-called “insights” or “analytics”). We as the profile operator also receive such usage statistics. The information we receive as profile operators does not allow us to draw any conclusions about individual users. The profile operator itself has no access to personal data that the platform operator processes for the creation of usage statistics. Only the respective platform operator determines which data is processed for these purposes and how. The FLI has no influence on the data collection and its further use by the social network. For example, there is no knowledge of the extent to which, where and for how long the data is stored, the extent to which the networks comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on.

For processing in connection with the compilation of usage statistics, the FLI and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR. Where possible, joint controllership agreements are in place with the respective platform operators.

Platform Mastodon:

The FLI uses the microblogging service Mastodon to fulfill its editorial tasks in social networks. For this purpose, we use the technical platform and the services of the Federal Commissioner for Data Protection and Freedom of Information (BfDI), Graurheindorfer Str. 153, 53117 Bonn, Germany. We therefore refer here to the BfDI's privacy policy. Information on which data is processed by the BfDI and for what purposes it is used can be found in the BfDI's privacy policy. The FLI does not collect or store any data itself in this context. We would like to point out that you use the Mastodon short message service and its functions on your own responsibility.

5. Processing of personal data in the context of providing information

The processing of personal data depends on the type of information provided. Here we distinguish between the provision of our newsletter and information visits to the FLI.

5.1 Data for sending the newsletter

If you subscribe to one of the FLI's newsletter mailing lists, your e-mail address, date and time of registration will be stored by us on a server. The data is processed on the basis of your consent in accordance with Article 6(1)(a) GDPR. We use this data exclusively for sending the newsletter and for statistical evaluations to analyze system performance. We do not pass on your data to third parties and do not use it for any other purposes of our own. 
The registration system with an additional confirmation message containing a link for final registration (double opt-in) ensures that you explicitly wish to receive the newsletter.

When you register, your data will be stored on our server and a confirmation message with a link to the final registration will be generated and sent to the e-mail address provided. If you do not confirm the registration by clicking on the link in this e-mail, the data will be deleted after 48 hours.
Only when you confirm the link in the e-mail will your data for sending the newsletter be stored for the duration of your use of our newsletter service.
If you no longer agree to the storage of your data for this purpose and therefore no longer wish to use our service, you can unsubscribe from our newsletter at any time. The data you have provided will then be deleted. 

5.2 Visitors

The FLI regularly receives groups for an information visit as well as individual visitors on specific occasions. In order to be able to grant these visitors access to the FLI premises, the FLI must collect the first and last names and dates of birth of the participants in advance of the appointment for security reasons in order to fulfill its tasks (public or specialist work) in accordance with Article 6 paragraph 1 lit. e GDPR in conjunction with § 3 BDSG. 
Further data, such as institution, type of school, grade level, club or mobility restrictions are optional and serve to better prepare the visit to the FLI. The processing of this data for the purpose of the specialist or information visit is based on your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time. The lawfulness of the processing based on your consent remains unaffected until receipt of your revocation. 
The data provided by you (first name and surname; date of birth) as well as the additional personal data voluntarily provided by you will be completely deleted 30 days after your visit to the FLI
By providing the personal data, visitors consent to the processing for the above-mentioned purpose.

6. Video surveillance 

The FLI premises are monitored by a video surveillance system for the security of the FLI premises as well as for the purpose of personal safety and the recording of animal experiments (research). Processing is carried out on the basis of Article 6(1)(e) GDPR in conjunction with Section 4 BDSG and Article 88(1) GDPR, Section 26(4) BDSG in conjunction with service agreements on video surveillance at the FLI

7. Your Rights

You have the following rights vis-à-vis the FLI with regard to your personal data:

  • Right of access, Art. 15 GDPR
    The right of access provides the data subject with a comprehensive insight into the data concerning him/her and some other important criteria, such as the purposes of processing or the duration of storage. The exceptions to this right set out in Section 34 BDSG apply.
  • Right to rectification, Art. 16 GDPR
    The right to rectification includes the possibility for the data subject to have inaccurate personal data concerning them corrected.
  • Right to erasure, Art. 17 GDPR
    The right to erasure includes the possibility for the data subject to have data erased by the controller. However, this is only possible if the personal data in question is no longer necessary, is being processed unlawfully or consent has been withdrawn. The exceptions to this right set out in Section 35 BDSG apply.
  • Right to restriction of processing, Art. 18 GDPR
    The right to restriction of processing includes the possibility for the data subject to prevent further processing of the personal data concerning them for the time being. A restriction occurs above all in the examination phase of other rights exercised by the data subject.
  • Right to object to the collection, processing and/or use, Art. 21 GDPR
    The right to object includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the performance of public tasks or public and private interests. The exceptions to this right set out in Section 36 BDSG apply.
  • Right to data portability, Art. 20 GDPR
    The right to data portability includes the possibility for the data subject to receive the personal data concerning him/her from the controller in a commonly used, machine-readable format in order to have it forwarded to another controller if necessary. According to Art. 20 para. 3 sentence 2 GDPR, however, this right is not available if the data processing serves the performance of public tasks. 
  • Right to withdraw consent, Art. 7 GDPR
    If personal data is processed on the basis of consent, the data subject may withdraw this consent for the relevant purpose at any time. The revocation is to be sent to, stating the respective subject: Datenschutz@~@hub24.de. The lawfulness of the processing based on the consent given remains unaffected until receipt of the revocation.

You can assert the aforementioned rights in writing using the contact details provided in section 1.1.
Pursuant to Art. 77 GDPR, you also have the right to lodge a complaint with the data protection supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information.
You can also contact the data protection officer at the FLI named in section 1.1 with questions and complaints.