Privacy Policy

Version: 15.12.2022

Solutions and technologies of econda GmbH (Zimmerstraße 6, 76137 Karlsruhe, www.econda.de) collect and store data on our behalf to ensure that this website is optimised and designed to meet your needs.

Who is the data controller?

VBL. Pension Institution of the Federal and State Governments
Hans-Thoma-Strasse 19
76133 Karlsruhe

Who should I contact?

VBL's Data Protection Officer can answer any questions you have about data protection

Mr Thilo Mangler
Hans-Thoma-Strasse 19
76133 Karlsruhe
E-mail datenschutz@vbl.de

For what purpose and on what legal basis are my data processed by econda?

We process your personal data exclusively to optimise this website on the basis of the following legal bases:

• On the basis of your consent pursuant to Art. 6 (1) a) GDPR and/or in accordance with Section 25 TTDSG (German Telecommunications Telemedia Data Protection Act). Tracking using your pseudonymised IP address only takes place if you have given your consent.

The web analysis can be performed as session-based web analysis and/or cookie-based web analysis. As part of giving your consent, you can activate both analysis methods or just one analysis method.

In session-based web analysis (anonymous web analysis), anonymous click data are recorded by econda, which is processed internally by VBL for the purpose of analysis and optimisation of the website. A reference to the current user session (browser session storage) is necessary for statistical evaluations. No personal data are collected in this analysis.

There is no persistent storage of data on user devices. No personal data, such as the IP address, is stored. No connection is made between the click data and the region of the user. No cookies are set. You will not be recognised on later visits and it is not possible to create a profile.

As it is theoretically possible to establish, with considerable effort, a connection between your IP address and your click behaviour during the session with econda using your access time and the IP address stored by us for security purposes for seven days, the session-based web analysis is only carried out with your consent. This is no longer possible once the browser has been closed. From this point on, it becomes anonymous statistical data.

You can withdraw your consent to this processing at any time by deactivating the slider.

In cookie-based web analysis (complete web analysis), cookies are set to collect the click data which uniquely identify a user device. The data are collected and processed internally by VBL for the purpose of analysis and optimisation of the website.

If you give your consent to full web analysis, cookies are set for the purpose described above, which allow us to recognise the browser. Among other things, this enables us to establish a relationship between the user's region and the length of time spent on the website. Due to the immediate anonymisation of the IP address after receipt, no personal data are recorded and it is technically impossible to trace the address back to specific individuals. The address is anonymised by deleting the last two octets of the IP address. No user profiles are created on the basis of your insurance number or e-mail address.

As in the case of session-based web analysis, the connection between your IP address and your click behaviour could theoretically be established with considerable effort by working with econda and using the access time, the truncated IP address and the IP address stored by us for seven days for security purposes. After the storage period of the IP address of seven days has expired, this is no longer possible and the reference to you is erased.

You can withdraw your consent to this processing at any time by deactivating the slider.

VBL has no interest in identifying you in this way. The web analysis is only intended to gain statistical insights into click behaviour in order to be able to continuously optimise the website for users.

Which data processing is required?

Anonymous web analysis

Technologies used:

• No persistent storage of data on user devices
• User session (browser session storage)

The following data are recorded:

• Information about the device used (type, operating system, browser)
• Information about pages viewed during the website visit (referrer, including metadata and click IDs)
• Anonymised information about access data (pages viewed, including metadata)

Full web analysis

Technologies used:

• Cookies
• Local storage

The following data are recorded:

• Information about the device used (type, operating system, browser)
• IP address (truncated, e.g. 164.133.xxx.xxx)
• Information about pages viewed during the website visit (referrer, including metadata and click IDs)
• Information about access data (pages viewed, including metadata)

Where does VBL get my data from and who receives it?

We record your data during your visit to our website vbl.de.
Your data are processed by our contractor econda GmbH on the basis of a data processing agreement. The contractor does not use the data for its own purposes and does disclose them to third parties.

How long will my data be stored?

The data are only processed and stored for the period required to achieve the respective processing purpose. The cookie stored for the purpose of cookie-based web analysis is deleted after six months.

Does VBL transfer data to any third countries/international organisations?

The data are processed and stored on servers located in Germany and the EU. No data are transferred to countries outside the EU or the EEA (third countries).

What rights do I have under the GDPR?

Upon request, you will be provided with information about the data stored about you (Art. 15 GDPR and Section 34 BDSG (German Federal Data Protection Act)) and can request the rectification of incorrect data (Art. 16 GDPR). If the legal requirements are met, you can also restrict processing (Art. 18 GDPR) and request erasure (Art. 17 GDPR and Section 35 BDSG) of these data. In addition, you have the right to data portability (Art. 20 GDPR).

In cases where processing takes place on the legal basis of Art. 6 (1) e) or f), you have the right to object to the processing of your personal data (Art. 21 GDPR and Section 36 BDSG). If you assert your rights, we will check that the legal requirements have been met.

You also have the right to lodge a complaint with the Regulatory Authority in accordance with Art. 77 GDPR. You can contact the Regulatory Authority if you believe that your rights have been violated during the collection, processing or use of personal data by VBL.

Visitors to this website can withdraw their consent to this data collection and storage at any time in our Cookie Policy with future effect.

Withdrawal only applies to the device and the web browser on which the cookie was set. If necessary, please repeat the process on all devices for which you have given your consent.

Who is the responsible data protection supervisory authority?

As an institution under public law, VBL is subject to monitoring by the

Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Strasse 153
53117 Bonn
E-mail poststelle@bfdi.bund.de
Internet www.bfdi.bund.de

Information about data protection law for the electronic exchange of data with Deutsche Rentenversicherung (German pension insurance scheme) for pensioners in accordance with Art. 13 and Art. 14 GDPR.

Version: 28.07.2022

VBL and Deutsche Rentenversicherung (DRV) have jointly set up an electronic data exchange. In future, VBL will receive all the data required for calculating and reviewing the occupational pension from the statutory pension notice directly electronically from DRV. The electronic data exchange initially applies to all pension beneficiaries from the compulsory insurance scheme (VBLklassik) who apply for an occupational pension from 1 August 2022 and are entitled to a (survivor's) pension from the statutory pension insurance scheme.

Who is the data controller?

VBL. Versorgungsanstalt des Bundes und der Länder (Pension Institution of the Federal and State Governments)
Hans-Thoma-Strasse 19
76133 Karlsruhe

Who should I contact?

VBL's Data Protection Officer can answer any questions you have about data protection
Mr Thilo Mangler
Hans-Thoma-Strasse 19
76133 Karlsruhe
E-mail datenschutz@vbl.de

For what purpose and on what legal basis are my data exchanged with DRV?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) to calculate your occupational pension:

• From 1 August 2022 due to the obligation under the collective agreement in accordance with Article 6 (1) c) GDPR in conjunction with Section 20 (1) sentence 2 of the collective agreement for pensions (ATV) specified in Sections 48 (1a), 84a (12) of VBL's Articles of Association (VBLS)
• Until 1 August 2022 based on your consent in accordance with Article 6 (1) a) GDPR

If, in a particular individual case, it is not possible for the data to be exchanged, we will contact you.

Which data processing is required? Where does VBL get my data from and who receives them?

In order for us to calculate your occupational pension correctly in accordance with the requirements of the collective agreement, the Articles of Association and the general terms and conditions of insurance for voluntary insurance, we need various pieces of information from the pension notice from Deutsche Rentenversicherung (DRV) concerning your statutory pension. For this reason, the pension notice with the required annexes had to be submitted until now.

Electronic data exchange makes this easier. When you submit an application for an occupational pension to us, we will register you with DRV for data exchange. DRV then sends us the required data and subsequently informs us of any changes to your statutory pension.

We use this data to check and calculate your occupational pension in accordance with VBL's Articles of Association. We do not disclose these data records to other entities or third parties. If you also receive a pension from voluntary insurance (VBLextra/VBLdynamik) in addition to the occupational pension from compulsory insurance (VBLklassik), we use the retrieved data to check and calculate your occupational pension from voluntary insurance in accordance with the specifications of the general terms and conditions of insurance.

The data are transmitted via a secure and encrypted connection between VBL and DRV.

To register for the data exchange, we transmit your name, date of birth, social security number and VBL insurance number.

Only the data required for checking and calculating your occupational pension are then transmitted by DRV. If applicable in your case, we receive the following data: Name, social security number, date of birth, date of pension notice, information on the benefit case and type, access factor, start and end of the pension, reason for calculation or rejection, information on health/nursing care insurance, indicator for a possible reimbursement claim by a social insurance carrier, indicator for pension rights adjustment as well as information on the suspension of the pension or on drawing a partial pension.

The data can be found in the statutory pension notice and the annexes "Calculation of pension", "Calculation of personal earning points" and "Concurrence of pension and income" as well as in the pension adjustment notification for your statutory pension.

You can also find more information on this in our data protection information in accordance with Art. 13 and 14 GDPR.

You can obtain further information on the exchange of benefit data in the pension application process from DRV at: https://www.dsrv.info/de/Navigation/20_Unsere_Verfahren/01_Nationaler_Datenaustausch/11_Versorgungstraeger/03_LEA2/LEA2_index_node.html

Does VBL transfer data to any third countries/international organisations?

No data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA) as part of the data exchange.

How long will my data be stored?

In order to rule out the possibility of a technical transmission error, we store the data records for 14 days following transfer of the data from DRV. They are then deleted.

What other exchange procedures are there with DRV?

In addition, as part of our legal duty, we transmit data to DRV for offsetting income in the case of survivors' pensions and in the context of pension rights adjustment.

You can find more information at Deutsche Rentenversicherung:

On offsetting income:

https://www.dsrv.info/de/Navigation/20_Unsere_Verfahren/01_Nationaler_Datenaustausch/11_Versorgungstraeger/02_LEA1/LEA1_index_node.html

For reimbursement in the pension rights adjustment process:

https://www.dsrv.info/de/Navigation/20_Unsere_Verfahren/01_Nationaler_Datenaustausch/11_Versorgungstraeger/01_G131/G131_index_node.html

What rights do I have under the GDPR?

Upon request, you will be provided with information about the data stored about you (Art. 15 GDPR and Section 34 BDSG) and can request the rectification of incorrect data (Art. 16 GDPR). If the legal requirements are met, you can also restrict processing (Art. 18 GDPR) or request erasure (Art. 17 GDPR and Section 35 BDSG) of these data. In addition, you have the right to data portability (Art. 20 GDPR).

If you have given us your consent to offset your income, you can withdraw it at any time up to 1 August 2022 with effect for the future, e.g. by letter or fax. Due to the new provision of the collective agreement and the Articles of Association, we are generally allowed to process your data from this point onwards based on the provision of the collective agreement. You will be provided information on this separately.

In cases where processing takes place on the legal basis of Art. 6 (1) e) or f), you have the right to object to the processing of your personal data (Art. 21 GDPR and Section 36 BDSG). If you make use of your rights, we will check that the legal requirements are met.

You also have the right to lodge a complaint with the supervisory authority in accordance with Art. 77 GDPR. You can contact the supervisory authority if you believe that your rights have been violated during the collection, processing or use of personal data by VBL.

Who is the responsible data protection supervisory authority?

As an institution under public law, VBL is subject to control by the

Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (Federal Commissioner for Data Protection and Freedom of Information)
Graurheindorfer Strasse 153
53117 Bonn
E-mail poststelle@bfdi.bund.de
Internet www.bfdi.bund.de

Information about data protection law for the participation in surveys via the LamaPoll tool in accordance with Art. 13 and 14 GDPR.

Version: 14.02.2023

In order to carry out surveys, we use the service of Lamano GmbH & Co. KG, Frankfurter Allee 69, 10247 Berlin, hereinafter referred to as LamaPoll. LamaPoll is a web service for the creation and completion of surveys.

Who is the data controller?

VBL. Versorgungsanstalt des Bundes und der Länder
(VBL. Pension Institution of the Federal and State Governments)
Hans-Thoma-Strasse 19
76133 Karlsruhe

Who should I contact?

VBL's Data Protection Officer will answer any questions you have about data protection.
Mr Thilo Mangler
Hans-Thoma-Strasse 19
76133 Karlsruhe
E-Mail datenschutz@vbl.de

For what purpose and on what legal basis are my data processed?

Participation in the survey is voluntary. All information will be treated confidentially. To carry out the survey, we use the LamaPoll service for the purposes described in the survey and will process your data in accordance with Art. 6(1)(a) GDPR. The data processing thereby takes place on the basis of your explicitly granted consent.

Which data processing is required?

The survey link can be provided to participants via different means and media. It could be via a link on our website or in a meeting tool, an invitation link in an email, or a QR code. The survey is not sent via LamaPoll, and your email address will not be processed by the service provider. We will receive it from you separately, for example when booking an event via an appointment booking tool, within the framework of which you will have been informed about participation in a survey. Personal data that we receive as part of surveys is processed by us on the basis of the information you provide, anonymously. In these cases, the surveys include no fields that enable you to be traced personally. 

If you have received the invitation link via email, your answers will not be linked to you personally.

In exceptional cases, such as the use of free text fields, anonymous processing cannot be ensured. If the responses in the survey include information which enables people to be identified, we will process this data on the legitimate assumption that the processing and use of this information is in your interest and takes place voluntarily. The above also applies for surveys that explicitly require the use of personal data in which you are referenced.

The following data is also processed:

Server log files
When you access a survey, information of a general nature will be automatically collected and processed by LamaPoll.

This data is exclusively data that does not enable you to be traced personally and directly. This data is technically necessary to correctly provide you with the surveys you request and is mandatory for the use of the internet. It is required for the operation, maintenance, protection and monitoring of the ordinary functionality of the system. In the event of misuse, these protocols will be used to reproduce scenarios and, if necessary, create the evidence that we must provide. In the event of error, these protocols are used to enable the fastest possible system update. LamaPoll uses this data only when necessary and only for the protection, maintenance and guarantee of the proper operation of the system.

This data (server log files) consists of the following:

• Time of access (date and time)
• Your web browser
• Your operating system
• The survey accessed
• If applicable, the website from which you have accessed the survey (referrer URL)
• IP address

Creation of general statistical information
When answering a survey, the following general information is collected by LamaPoll:

• Date, start and end time, time taken to answer
• Web browser and operating system used
• Language in which the survey was completed

This data is exclusively data which generally does not enable you to be traced personally.

Cookies
A session cookie will be created for the participant, to enable the survey to be answered. The session cookie will be used to recognise current participation and provide a smooth process for the survey response (correct questions, pages and submitted answers, and allocation of the current participation). The cookie will be deleted when the browser is closed.

You can deactivate the use of cookies at any time in your browser settings. Please use the help feature of your web browser to find out how to adjust these settings. Please note that participation in LamaPoll surveys will no longer work if you have deactivated cookies.

IP address
When completing the survey, your IP address will be sent to the service provider, but not matched with your answers. After encryption or conversion into a cryptographic hash, your IP address will no longer be legible or decodable. It will never be linked to the answers you submit (not even in non-anonymous surveys). After the end or erasure of the survey, your encrypted IP address will be erased.

Where does VBL get my data from and who receives it?

We receive the personal data from you.

It is not passed on to third parties. The staff at the service provider will only receive access to your technical data that they require in order to fulfil contractual and statutory obligations.

Does VBL transfer data to any third countries/international organisations?

No data are transferred to countries outside the EU or the EEA (third countries).

How long will my data be stored?

For the purpose of completing surveys, your data will be sent via secure, SSL-encrypted connections to the service provider and stored securely on its servers. Personal data may also be collected within surveys – at which point you can decide yourself which information you disclose. The data will only be stored for as long as is necessary to fulfil the purposes or as long as there are reasons to justify longer storage. This may be the case, for example, on the basis of consent granted in accordance with Art. 6(1)(1)(a) GDPR. In this case, the storage period will arise from the consent itself.

What rights do I have under the GDPR?

Upon request, you will receive information about your personal data which is stored (Art. 15 GDPR and § 34 BDSG – Bundesdatenschutzgesetz/Federal Data Protection Act) and can have incorrect data rectified (Art. 16 GDPR). If statutory requirements exist, you can also request the restriction of processing (Art. 18 GDPR) or erasure (Art. 17 GDPR and § 35 BDSG) of this data. You also have the right to data portability (Art. 20 GDPR).

In cases in which the processing takes place on the legal basis of Art. 6(1)(e) or (f), you have the right to object to the processing of your personal data (Art. 21 GDPR and § 36 BDSG). If you make use of your rights, we will check the existence of the statutory requirements. 

You also have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You can contact the supervisory authority if you are of the opinion that your rights have been violated by the collection, processing or use of personal data by VBL.

Who is the responsible data protection supervisory authority?

As an institution under public law, VBL is subject to control by the
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
(Federal Commissioner for Data Protection and Freedom of Information)
Graurheindorfer Strasse 153
53117 Bonn
E-mail poststelle@bfdi.bund.de
Internet www.bfdi.bund.de
 

Version: 12.12.2022

The following information provides an overview of the collection, processing and use of your data during the initiation or management of a rental relationship.

Who is the data controller?

VBL. Versorgungsanstalt des Bundes und der Länder (Pension Institution of the Federal and State Governments), Hans-Thoma-Strasse 19, 76133 Karlsruhe

Who should I contact?

VBL's Data Protection Officer can answer any questions you have about data protection

Mr Thilo Mangler
Hans-Thoma-Strasse 19
76133 Karlsruhe
E-mail datenschutz@vbl.de

For what purpose and on what legal basis are my data processed?

Your personal data are processed for the following purposes:

• Management of prospective tenants
• For the proper execution of tenancies
• For billing purposes

This takes place on the basis of the following legal bases:

• For prospective tenants with your consent in accordance with Article 6 (1) a) GDPR. You can withdraw your consent at any time. We store the data required for tenant selection and contract initiation in accordance with Article 6 (1) b) GDPR.
• For tenants in accordance with Article 6 (1) b) GDPR for the proper execution of the rental relationship and on the basis of legal obligations in accordance with Article 6 (1) c), such as reporting obligations under the Bundesmeldegesetz (German Federal Registration Act) and the accounting obligation under the HGB (German Commercial Code).

Which data processing is required?

Personal data required for prospective tenants administration and the proper management of a tenancy:

For prospective tenants:

• First and last name, address
• Telephone number
• E-mail address
• Tenant self-disclosure (family circumstances, number of people living in the household, date of birth, occupation and length of service, income, proof of income)
• Copy of ID card: only if a rental agreement is concluded and the identity verification required for this purpose cannot be carried out on site

Additional data for tenants:

• Bank details for direct debit payments
• Rent amount, balance, operating costs
• Consumption data and operating costs according to the Operational Costs Ordinance (BetrKV) and Heating Costs Ordinance (HeizKV)
• Correspondence during the tenancy, contract start and end dates

Voluntary disclosure of further data:

The provision of additional data is optional and voluntary. For this reason, please only send data to VBL if you consider this to be absolutely necessary.

Where does VBL get my data from and who receives it?

For prospective tenants:

Data required for the selection process are collected during contract initiation when you provide your self-disclosure.

For renters:

The data required to properly manage a tenancy will be collected from you during the contract initiation or preparation of the tenancy agreement.

Officials and authorities only receive the data if this is required by law or if VBL needs to comply with its legal obligations.

In the event of maintenance work/damage to the property, tradesmen and insurance companies will receive your data in order to carry out the maintenance work or repair the damage.

Our property management department stores and processes the data within the scope of its administrative work. A billing company will also receive your data for the purpose of preparing the heating bill.

Does VBL transfer data to any third countries/international organisations?

No data are transferred to countries outside the EU.

How long will my data be stored?

Data of prospective tenants will be erased if no contract is concluded and if there are no legal retention or verification periods preventing their erasure. As a rule, the data are erased approximately six weeks after the selection process is complete.

Data from prospective tenants who have given their consent to the storage of their data for a period longer than six weeks is usually erased approximately six months after completion of the selection process.

If you send us copies of your ID card when the contract is concluded, these copies will be erased or destroyed immediately after comparison with the information in the rental contract.

In the case of an existing contractual relationship, the data are stored in accordance with the statutory storage regulations. If the contractual relationship is terminated, the data will be erased after the statutory retention period has expired.

What rights do I have under the GDPR?

Upon request, you will be provided with information about the data stored about you (Art. 15 GDPR and Section 34 BDSG (German Federal Data Protection Act)) and can request the rectification of incorrect data (Art. 16 GDPR). If the legal requirements are met, you can also restrict processing (Art. 18 GDPR) and request erasure (Art. 17 GDPR and Section 35 BDSG) of these data. In addition, you have the right to data portability (Art. 20 GDPR).

In cases where processing takes place on the legal basis of Art. 6 (1) e) or f), you have the right to object to the processing of your personal data (Art. 21 GDPR and Section 36 BDSG). If you assert your rights, we will check that the legal requirements have been met.

You also have the right to lodge a complaint with the Regulatory Authority in accordance with Art. 77 GDPR. You can contact the Regulatory Authority if you believe that your rights have been violated during the collection, processing or use of personal data by VBL.

Who is the responsible data protection supervisory authority?

As an institution under public law, VBL is subject to monitoring by the

Federal Commissioner for Data Protection and Freedom of Information
Graurheindorfer Strasse 153
53117 Bonn
E-Mail poststelle@bfdi.bund.de
Internet www.bfdi.bund.de