According to Section 2 (1) of the Federal Registration Act (BMG), the registration authority must register personal data on persons residing within its jurisdiction (residents) in order to be able to determine and verify their identity and place of residence. The personal data stored in the registration registers is used by the registration authority to take into account the legitimate information needs of both non-public bodies and private individuals as well as public bodies in accordance with the provisions on registration register information (Sections 44 et seq. BMG) and data transfers (Sections 33 et seq. BMG) and to assist other public authorities in performing their tasks (Section 2 (3) BMG). On certain occasions, regular data transfers take place (Sections 36, 43 BMG; 1st and 2nd Federal Registration Data Transfer Ordinance) to other public bodies and, pursuant to Section 42 BMG, to religious societies under public law. Any additional, including regular, data transfers are carried out on the basis of provisions in federal or state law, which specify the respective underlying reasons and purposes of the data transfer, the recipients, and the data to be transferred.

a) The registration authority may transfer data from the register to other public authorities in Germany (see Section 2 of the Federal Data Protection Act), religious societies under public law, and search services, or pass on data within the administrative unit (municipality), insofar as this is necessary for the fulfillment of its own tasks or those falling within the competence of the recipient.

b) Private individuals and non-public bodies may, upon request, obtain information on individual personal data for a fee, provided that the person concerned can be clearly identified by the registration authority on the basis of the information provided by the applicant. Upon request, private individuals and non-public bodies may be provided with information about the membership of a group (e.g., a specific birth year) and about certain personal data for a large number of unnamed persons if a public interest can be established. Foreign bodies outside the European Union are treated as non-public bodies.

c) Political parties, voter groups, and other bodies responsible for election proposals may receive registration data in connection with elections and referendums at the state and municipal level.

d) Elected officials, the press, and broadcasters may receive data directly related to this specific purpose in the case of birthdays and wedding anniversaries.

e) Address book publishers may receive only individual, exhaustively listed data on all adult residents from the registration authority for the purpose of publication in printed address books.

f) The apartment owner/landlord is entitled to information about the residents registered in his apartment, provided he can demonstrate a legitimate interest. In addition, he may check with the registration authority to ensure that the person whose move-in he has confirmed has registered with the registration authority.

g) Data may be transferred to public authorities in other member states of the European Union and the European Economic Area (EEA) and to institutions and bodies of the European Union or the European Atomic Energy Community is permitted within the scope of activities that fall wholly or partly within the scope of European Union law, insofar as this is necessary for the performance of public tasks falling within the competence of the registration authority or the recipient. A prerequisite for transfer within the EEA is that the EEA states adopt the content of the General Data Protection Regulation.

After the resident has moved away or died, the registration authority must immediately delete all data that is not used to establish identity and prove residence and is not required for electoral and income tax purposes or for the implementation of nationality law procedures. Five years after the resident's departure or death, the data stored for the purpose of fulfilling the tasks of the registration authorities shall be retained for a period of 50 years and secured by technical and organizational measures. During this period, the data may no longer be processed, with the exception of the family name and first names as well as previous names, date of birth, place of birth and, in the case of birth abroad, also the country, current and previous addresses, date of departure and date of death, place of death and, in the case of death abroad, also the country. The prohibition on processing does not apply to the cases specified in Section 13 (2) sentence 3 BMG. Shorter deletion periods apply to certain data in accordance with Section 14 (2) BMG.

According to the General Data Protection Regulation (GDPR), every person affected by data processing has the following rights in particular:

a) Right of access to personal data stored about them and its processing (Article 15 GDPR).

b) Right to rectification of data if their data is inaccurate or incomplete (Article 16 GDPR).

c) Right to erasure of data stored about them, provided that one of the conditions set out in Article 17 GDPR applies. The right to erasure of personal data does not apply in addition to the exceptions specified in Article 17(3) GDPR if erasure is not possible or would involve a disproportionate effort due to the specific type of storage. In such cases, erasure is replaced by restriction of processing in accordance with Article 18 GDPR.

d) Right to restriction of data processing, provided that the data has been processed unlawfully, the data is required for the establishment, exercise, or defense of legal claims of the data subject, or in the event of an objection, it is not yet clear whether the interests of the registration authority outweigh those of the data subject (Article 18(1)(b), (c), and (d) of the GDPR). If the accuracy of the personal data is disputed, there is a right to restriction of processing for the duration of the accuracy check.

e) Right to object to certain data processing, provided that there is no compelling public interest in the processing that outweighs the interests of the data subject and no legal provision requires the processing (Article 21 GDPR). Further information on the right to object under the Federal Registration Act can be found in the notes on the registration form.

The transfer of personal data for advertising or address trading purposes is only permitted if the data subject has given their consent (Article 6(1)(a) GDPR). Consent may be revoked at any time in accordance with Article 7(3) GDPR by notifying the body to which consent was previously given.

Every data subject has the right to lodge a complaint with the supervisory authority (the State Commissioner for Data Protection and Freedom of Information in Rhineland-Palatinate: Hintere Bleiche 34, 55116 Mainz, Germany, telephone: +49 6131 2082449, poststelledatenschutz.rlpde) if they believe that their personal data is being processed unlawfully.