§ 25 BDSG
Data transfers by public bodies
(1)The transfer of personal data by public bodies to public bodies shall be permissible where it is necessary for the performance of the tasks within the competence of the transferring body or of the third party to whom the data are transferred and the conditions which would permit processing under Section 23 are met. The third party to whom the data are transferred may only process those data for the purpose for which they were transferred to it. Processing for other purposes shall be permissible subject to the conditions of Section 23.
(2)The transfer of personal data by a public body to a non-public body shall be permissible whereSection 35 shall remain unaffected. 1 it is necessary for the performance of the tasks within the competence of the transferring body and the conditions which would permit a processing under Section 23 are met,; 2 the third party has credibly demonstrated a legitimate interest in the knowledge of the data to be transferred and the data subject has no legitimate interest in the exclusion of the transfer or; 3 it is necessary in the overriding interest of the general public.
(3)Where a public body transfers personal data to other bodies, the transferring body shall bear the responsibility for the permissibility of the transfer. If the transfer is carried out on the basis of a request from the receiving body, the responsibility shall be borne by the receiving body. In such cases, the transferring body shall merely verify whether the request for transfer falls within the scope of the tasks of the receiving body, unless there is particular reason to examine the permissibility of the transfer. Section 25 Subsection (2) No. 2 shall not apply to automated transfers.