BaFin - Navigation & Service

Stand:updated on 09.10.2023 | Topic Compliance Data protection

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht BaFin) processes personal data only in accordance with the general data processing principles of the EU General Data Protection Regulation (Regulation (EU) 679/2016 – GDPR) and complies with the legal provisions set forth in the GDPR and in the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

1. Information on personal data processing arising from use of the online offer

Insofar as personal data are collected through the online offer of BaFin, BaFin will process such data for the intended purpose only and in accordance with legal provisions.

All access to BaFin’s online offer is saved in a log file. The log file stores the following data:

  • IP address of the accessing computer;
  • name of the file that is retrieved;
  • date and time of retrieval;
  • data volume transferred;
  • message stating whether the retrieval was successful.

BaFin evaluates the data saved in the log file in anonymised form and for statistical purposes only and to improve BaFin’s online portal. The data are not shared with third parties. Therefore, the data are no longer available for further processing.


When accessing the BaFin website, temporary cookies (so-called session cookies) are used to navigate the site. These cookies do not contain personal data and expire once the session has ended.

On its website, BaFin offers users the option to order publications, to subscribe to newsletters, to submit complaints, and to make general contact. If you wish to use these offers, you will be asked to enter personal data which are required to process your request. You are free to decide whether you wish to use these offers and enter your data. By transmitting your personal data, you consent to the processing of these data; if not, it is not possible to use these offers.

The data collected from you are saved and processed only for the purpose of processing your request. Where necessary, when processing complaints about companies, this may include your data being transmitted to the company concerned; when ordering publications, your data may be transmitted to service providers commissioned with the delivery of said publications.

The user has the option to subscribe to the BaFin newsletter. For this purpose, users may provide their e-mail address which BaFin will use to send a newsletter to until either the user opts to unsubscribe from the newsletter (which is feasible at any time) or until BaFin ceases to provide this offer. Each newsletter contains information on how the user can unsubscribe from the newsletter service. The e-mail address will be erased as soon as the user unsubscribes from the newsletter, or BaFin ceases to provide the newsletter service.

Persons under the age of 18 should not transmit any personal data to BaFin without the prior consent from their parents or their guardians. BaFin does not request any personal data from persons under the age of 18. BaFin neither knowingly collects those data, nor does BaFin transmit these to third parties.

BaFin reserves the right to update its data protection information. We will inform you about any such updates on this web page.

In principle, you have the right of access to and rectification or erasure of personal data, the right to restriction of processing, data portability and the right to object against BaFin. You also have the right to lodge a complaint with the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für Datenschutz und InformationsfreiheitBfDI).

The controller within the meaning of the GDPR is the Federal Financial Supervisory Authority (Bundesanstalt für FinanzdienstleistungsaufsichtBaFin).

The contact details for BaFin and BaFin’s Data Protection Officer are as follows:

Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: 0228 / 4108 – 0
Fax: 0228 / 4108 – 1550
E-mail: poststelle@bafin.de or De-Mail: poststelle@bafin.de-mail.de
BaFin’s Data Protection Officer can be reached at: Datenschutz@bafin.de

2. Use of Social Media Plugins

BaFin uses social plugins ("plugins") provided by social networks on its website. At present, BaFin uses X (formerly Twitter), LinkedIn, Mastodon and Instagram. These services are offered by Twitter Inc., LinkedIn, Mastodon and Meta Platforms Ireland Ltd.

Twitter/X is operated by Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, United States of America.

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The Mastodon profile is operated under social.bund.de by the Federal Commissioner for Data Protection and Freedom of Information (Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit), Graurheindorfer Str. 153, 53117 Bonn, telephone: +49 (0)228 997799-0, email: socialmedia@bfdi.bund.de.

Instagram is provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

If you are logged in on Instagram with your own profile while accessing BaFin’s social media channel, Meta can link your visit to our website to your profile.

When you use the services of Twitter/X, Twitter Inc. processes the data collected and it may transmit these data to non-EU countries. These data include the IP address, the application used, information on the end user device (including device ID and application ID), information from websites accessed, location and mobile service provider. These data are linked to the data used in your Twitter account and/or to your Twitter profile.

Therefore, we would expressly like to point out that the services used by BaFin – Twitter/X, LinkedIn, Mastodon and Meta – store the data of users (e.g. personal information, IP address) in accordance with their respective privacy policies and use the data for business purposes. BaFin does not have any influence on how the social networks collect and further use data. Please note that you use the functions provided by Twitter/X, LinkedIn, Mastodon and Instagram on your own responsibility.

We are following the debate and the audits by the relevant authorities and are continuously reviewing whether we can maintain our current social media presence under the given data protection conditions.

If you visit a BaFin web page that contains such a plugin, your browser establishes a direct connection to the servers of Twitter, LinkedIn, Mastodon and Meta. The respective social network transmits the content of the plugin directly to your browser and embeds it on the page. The embedded plugin informs the social network that your browser has accessed the corresponding page on our website, even if you do not have an account with that social network or are currently not logged in to your account. Your browser transmits this information (including your IP address) directly to one of the social networks' servers in the USA, where the information is subsequently stored. If you are logged in to one of the social networks, the respective social network can directly link your visit to our website to your profile on Twitter/X, LinkedIn, Mastodon or Instagram. If you interact with the plugins (for example, by clicking on the Twitter, LinkedIn, Mastodon or Instagram buttons), that information is also transmitted directly to one of the social networks' servers and stored there. The information is also published on the social network or your respective account and is visible to your contacts.

For information on how the social networks process your data, about your rights under data protection law and set-up options for protecting your data, please consult the privacy policy of the respective social network.

If you want to prevent Twitter/X, LinkedIn, Mastodon or Instagram from directly linking the data collected via our website to your account, you must log out of the respective social network prior to visiting our website. You can also completely prevent the plugins from loading by enabling add-ons for your browser.

You do not need to register with/sign in to Twitter/X to read the content we publish on Twitter/X. In addition, we also offer you the opportunity to share our information with other users via LinkedIn, Twitter/X, Mastodon and Instagram. The information we share on social media can also be accessed through our newsletter or our website.

3. Information for data subjects (Article 13 and Article 14 of the GDPR)

To comply with its legal and (pre-)contractual obligations, BaFin uses personal data which also include data provided to us by data subjects, or which we collected from third parties on data subjects. To promote awareness regarding data processing and your rights and to comply with our duty to provide information (Article 13 and Article 14 of the GDPR), we will be informing you below of the individual circumstances:

Information regarding the processing of your personal data.

4. General information on data processing for administrative offences under section 55 of the BDSG

To fulfil its legal obligations, BaFin uses personal data. These legal obligations include in particular the prevention, investigation, detection or punishment of criminal or administrative offences.

The purpose of data processing is the prevention of money laundering and terrorist financing. BaFin also ensures that banking, financial services and insurance businesses are not being conducted without official authorisation. It is also responsible for enforcement relating to unauthorised business.

In principle, as a data subject you have the right of access to personal data (section 57 of the BDSG) and the rights to rectification, erasure and restriction of processing (section 58 of the BDSG).

Moreover, you have the right to appeal to the Federal Commissioner for Data Protection and Freedom of Information (BfDI). You can reach the BfDI as follows:

Die Bundesbeauftragte / der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Phone: +49 (0)228-997799-0
E-mail: poststelle@bfdi.bund.de

You can contact BaFin and BaFin’s Data Protection Officer as follows:

Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: 0228 / 4108 – 0
Fax: 0228 / 4108 – 1550
E-mail: poststelle@bafin.de oder De-Mail: poststelle@bafin.de-mail.de
BaFin’s Data Protection Officer can be reached at: Datenschutz@bafin.de

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field