Data protection declaration


We are pleased that you are visiting our website “” (hereinafter referred to as “Website”) and thank you for your interest in the activities of the Bundesgesellschaft für Endlagerung mbH (hereinafter BGE) and the Bundesanstalt für Geowissenschaften und Rohstoffe (hereinafter BGR). We (BGE and BGR) act as joint data controllers.

In the following, we would like to inform you about the measures we take to protect your privacy as well as how and for what purposes your data is processed on our websites. We delete personal data as soon as possible.

Data is processed in accordance with the relevant legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation, GDPR) and the Federal Data Protection Act (BDSG). 

If you feel that the following information is not sufficient or not clear enough, you can always contact our data protection officer.


1. Responsible bodies/data protection officer/supervisory authority 

a) Joint Data Controllers

Bundesgesellschaft für Endlagerung mbH (BGE)
Eschenstraße 55
D-31224 Peine
Fax: 05171 43-1218 
E-Mail:  poststelle(at)


Bundesanstalt für Geowissenschaften und Rohstoffe (BGR)

Authorized to represent:

Prof. Dr. Ralph Watzel

Stilleweg 2

D-30655 Hannover

Telefon: +49 (0)511-643-0



b) Data Protection Officer

Bundesgesellschaft für Endlagerung mbH (BGE)
Eschenstraße 55 
31224 Peine
E-Mail:  datenschutz(at)


c) Supervisory authority responsible for data protection 

The data protection supervisory authority of the joint controllers is the Federal Commissioner for Data Protection and Freedom of Information:

Bundesbeauftragter für den Datenschutz und die Informationsfreiheit
D-53117 Bonn
Telefon: +49 (0) 228 99 7799 – 0
E-Mail:  poststelle(at)


2. Basis for the processing of personal data 

Personal data is processed in the following contexts:  

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Article 4, No. 1 GDPA). 

Data is processed only

  1. based on the consent of the person concerned (Article 6, paragraph 1, sentence 1, letter a) GDPR),
  2. if the processing is necessary for the performance of contracts or for the implementation of pre-contractual measures (Article 6, paragraph 1, sentence 1, letter b) GDPR),
  3. if the processing is necessary for compliance with a legal obligation to which the data controller is subject (Article 6, paragraph 1, sentence 1, letter c) GDPR),
  4. if the processing is necessary in order to protect the vital interests of the data subject or of another natural person (Article 6, paragraph 1, sentence 1, letter d) GDPR),
  5. if the processing is necessary for performing a task in the public interest or exercising official authority vested in the data controller (Article 6, paragraph 1, sentence 1, letter e) GDPR),


Consent is usually obtained electronically (e.g. if a check mark is placed in the box regarding the use of cookies). The consent and its content will be recorded electronically. 

You have the right at any time to revoke a consent once granted, in whole or in part, with effect for the future. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.


3. Your rights as a data subject 

a) Right to information (Article 15 GDPR)

You have the right at any time to demand information from us as to whether we are processing personal data from you. If this is the case, you are entitled to receive the following information free of charge:

  • the processing purposes
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organisations
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
  • the existence of a right of rectification or deletion of personal data relating to you or to limitation of the processing by the controller or a right to object to such processing
  • the existence of a right of appeal in the case of a supervisory authority
  • if the personal data are not collected from the data subject, all available information on the origin of the data
  • the existence of automated decision making, including profiling, in accordance with Article 22, paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing on the data subject

If information has been transferred to a third country outside the scope of the GDPR, you have the right to find out whether and, if so, on the basis of which guarantees in accordance with Articles 45, 46 GDPR an adequate level of data protection is ensured in this third country. 

We will provide you with a copy of the personal data that is the subject of processing. If you submit the application electronically, the information shall be provided by us in a standard electronic format unless you request otherwise. The copy is made subject to the rights of third parties who may be affected by this data. 

If you wish to receive the information electronically, we reserve the right to demand proof of identity from you so that we do not release data in good faith to unauthorised third parties and thereby violate the protection of your personal data.

b) Right to rectification

You have the right to demand that we correct any incorrect personal data concerning you without delay. In consideration of the purposes of processing, you also have the right to request the completion of incomplete personal data – also by means of a supplementary declaration. 

c) Right of deletion (Article 17 GDPR)

You have the right to demand that the joint controllers delete any personal data relating to you immediately; the joint controllers are obliged to delete it immediately if:

  • The personal data are no longer necessary.
  • You revoke your consent to the processing or a legal basis is subsequently lost.
  • You submit an objection to the processing in accordance with Article 21, paragraph 1 GDPR and there are no overriding legitimate reasons for the processing or you have submitted an objection to data processing for the purpose of direct advertising in accordance with Article 21, paragraph 2 GDPR.
  • Your personal data has been processed unlawfully by us.
  • The deletion is necessary to fulfil a legal obligation under European Union law or the law of the Member States.
  • It is personal data of a child that has been collected in relation to information society services offered in accordance with Article 8, paragraph 1 GDPR.

In particular, the right to the deletion of personal data relating to you does not exist if we process the data on the basis of a legal obligation (e.g. to fulfil legal storage obligations or to perform public tasks under the law of the European Union or its member states) or if we process the data for data backup and data control purposes. The same applies if the personal data is necessary for us to assert legal claims or to defend against legal claims. 

d) Right to restrict processing (Article 18 GDPR)

You can demand that we restrict the processing of your personal data. This applies in the following cases:

  • The correctness of the personal data is disputed by you. In this case you can demand that we do not process the data until the correctness of the data has been checked.
  • The processing is unlawful, but, instead of deletion, you request only the restriction of the processing.
  • The joint controllers no longer require the personal data for the purposes of the processing but you need the data to assert, exercise or defend legal claims.
  • You have lodged an objection to the processing in accordance with Article 21, paragraph 1 GDPA as long as it is not yet clear whether the legitimate reasons of the data controller outweigh yours.

e) Right of data transferability (Article 20 GDPR)

You have the right, subject to the following provisions, to request the provision of data relating to you in a common electronic, machine-readable format. The right of data transfer includes the right to transfer the data to another data controller; on request, we will therefore – as far as technically possible – transfer data directly to a responsible person named or to be named by you. The right of data transfer exists only for data provided by you and presupposes that the processing is based on consent or for the execution of a contract and is carried out using automated procedures. The right of data transfer according to Article 20 GDPR does not affect the right to delete data in accordance with Article 17 GDPR. The data transfer is subject to the rights and freedoms of other persons whose rights may be affected by the data transfer.

f) Right of objection (Article 21 GDPR)

If the joint controllers process personal data on the basis of tasks in the public interest (Article 6, paragraph 1, sentence 1, letter e) GDPR), you can object to the processing of personal data concerning you at any time with effect for the future. 

In the event of objection, we must refrain from any further processing of your data for the aforementioned purposes, unless

  • there are compelling legitimate reasons for processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the assertion, exercise, or defence of legal claims

You may at any time object to the processing of your personal data with effect for the future. 

g) Right of appeal to the supervisory authority (Article 77 GDPR)

According to Article 77 GDPR, you have the right to submit a complaint to the supervisory authority if you believe that your personal data are being processed unlawfully. The supervisory authority responsible for us as the joint controllers (BGE and BGR) is mentioned in point 1 letter c).


4. Data processing when using this website

a) Calling up the website in the browser

We process personal data when you call up this website in a browser. Data processing only takes place to the extent necessary for the provision of this website. We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The data includes

  1. Browser type and browser version
  2. Operating system used
  3. Referrer URL (i.e. the previously visited page)
  4. Name and URL of the retrieved file
  5. Date and time of the server request
  6. Internet protocol address (IP address, anonymised by shortening)
  7. Amount of data transferred

This data is not merged with other data sources. Nor are any conclusions drawn about the person concerned. 

The information from the above-mentioned data is used to optimise the content of our website and to ensure its continuous functionality and that of our IT systems. In the event of a cyber attack on our systems, it may be used to provide law enforcement authorities with necessary information.

Legal basis

The basis for the processing of the data results from Art. 6 para. 1 S 1. e) DSGVO, as the aforementioned purposes are in the public interest.


We host this website with the following third-party provider: HostPress GmbH, Bahnhofstr. 34, 66571 Eppelborn, Germany. The server location is Germany.

Storage period

The data is deleted when it is no longer required to achieve its processing purpose.  In the case of data processing when the website is called up in the browser, this is the case when the respective session has ended.  The log files, including the IP address, are stored for a maximum period of 15 days for the purpose of protecting system security.

b) Setting cookies and other technologies


We use cookies on our website. Cookies are small text files that are stored on your computer and saved by your browser. Cookies that are necessary for the operation of the site are set. Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. In all cases, information is processed anonymously. No data is passed on to third parties. Below we outline the cookies used on this website.


Your consent applies to the following domains:

Necessary Cookies (2)







Retains the user’s states for all page requests.


HTTP Cookie


Speichert den Zustimmungsstatus des Benutzers für Cookies auf der aktuellen Domäne.

1 year

HTTP Cookie

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Removal option for cookies

The cookies are stored on your respective terminal device in the browser. You can also delete the cookies at any time before their storage period indicated above expires by deleting them via the corresponding function of your web browser. You can also set your browser so that no cookies are stored at all. Your browser gives you full control.

Legal basis for the use of cookies

For technically necessary cookies, Art. 6 para. 1 p.1 e) DSGVO is the legal basis as they are necessary for the operation of the website and the functionality of the website is in the public interest.

For statistics/analysis cookies and third-party cookies, the legal basis results from your consent pursuant to Art. 6 para. 1 p. 1 letter a) DSGVO. You give your consent electronically the first time you visit this website via our cookie consent tool Cookiebot, which appears in the foreground of the page. Information about the tool is available at

c) Use of analysis tools

This website uses the open source web analytics service Matomo. The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage. With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which page views were made and from which region they come. We also collect various log files (e.g. anonymised IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks etc.).

IP anonymisation

We use IP anonymisation for the analysis with Matomo. This means that your IP address is shortened before analysis so that it can no longer be clearly assigned to you.


We host Matomo with the following third-party provider: Amazon Web Services EMEA SARL 38 avenue John F. Kennedy, L-1855 Luxembourg, server location Germany.

Legal basis

The use of this analysis tool is based on Art. 6 para. 1 lit. e DSGVO. Analysing user behaviour is in public interest in order to optimise our website for the visitors.


5. Registration on this website

You have the option to register on this website to be able to use additional website functions such as registering for the Clay Conference. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.

To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.

We shall process the data entered during the registration process in order to take steps to entering into a contract (Art. 6(1)(b) GDPR).

The data recorded during the registration process shall be stored by us as long as you are registered on this website or if the purpose of processing the data no longer applies. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.

Please note that we work together with a service provider, the company F&U confirm GbR
Permoserstraße 15, 04318 Leipzig, Germany, for all registration processes.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

6. Payment service providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data for the establishment, content arrangement and modification of our contractual relationships. Data with personal references to the use of this website (usage data) will be collected, processed, and used only if this is necessary to enable the user to use our services or required for billing purposes. The legal basis for these processes is Art. 6(1)(b) GDPR.

The collected customer data shall be deleted upon completion of the order or termination of the business relationship and upon expiration of any existing statutory archiving periods. This shall be without prejudice to any statutory archiving periods.

Data transfer upon closing of contracts for services

We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.

Any further transfer of data shall not occur or shall only occur if you have expressly consented to the transfer. Any sharing of your data with third parties in the absence of your express consent, for instance for advertising purposes, shall not occur.

The basis for the processing of data is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual actions.

Payment services

We integrate payment services of third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) are processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6(1)(b) GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment transaction (Art. 6(1)(f) GDPR). Insofar as your consent is requested for certain actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consent may be revoked at any time for the future.

We use the following payment services / payment service providers within the scope of this website:

The provider for customers within the EU is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: and Details can be found in Stripe’s Privacy Policy at the following link:


7. Photo and film references for events 

Due to our legal mandate, we, as the joint controllers, are obliged to carry out extensive public relations work. At events organised by us or at events co-organised by us, photographs and film recordings of speakers, participants, and guests may be taken and distributed for the purposes of documentation and public relations work. Such recordings may be used on this website, in publications or internal presentations, or may be forwarded to the media.

This fact will be pointed out in the invitations sent out and at the venue itself.

Legal basis

These records are based on Article, 6 paragraph 1, sentence 1, letter e) GDPR. There is a public interest in the Clays in Natural and Engineered Barriers for Radioactive Waste Confinement. The interests of the persons concerned are safeguarded. For example, photographs are taken without consent in accordance with Article 6, paragraph 1, sentence 1, letter a) GDPR only if they are large group or overview photographs. Targeted portraits or close-ups of individual persons or children are taken only with their consent.


8. Online-based Audio and Video Conferences (Conference tool)

Data processing

We use an online conference tool, among other things, for communication with our partners. The tool we use is explained in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tool collects all information that you provide/access to use the tool (email address and/or your phone number). Furthermore, the conference tool processes the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.

Purpose and legal bases

The conference tool is used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tool serves to generally simplify and accelerate communication with us or our company. Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.

Duration of storage

Data collected directly by us via the video and conference tool will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.

Conference tool used

We use Webex. The provider of this service is the Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany.

It cannot be ruled out that data processed via Webex will be transferred to third-party countries (e.g. USA). Webex has Binding Corporate Rules (BCR) which have been approved by the Dutch, Polish, Spanish, and other relevant European Data Protection Authorities. These are binding corporate rules that legitimize the transfer of data within the company to third countries outside the EU and EEA: and

For details on data processing, please refer to Webex’s privacy policy:

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.


9. Newsletter

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address, and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.

Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

10. Notice of possible changes to this data protection declaration 

The data protection regulations may have to be adapted because of technical developments, jurisdiction, or legal changes.

In order to keep yourself informed about the current status of our data use conditions, you should visit this page regularly.