The privacy of your data is very important to us!
We would like to inform you below about the processing of personal data within the context of the use of our Internet pages. This data protection information informs you about the type, scope and purpose of the processing of personal data in conjunction with our online services and the associated websites, functions and content, as well as external online sites such as our social media profiles.
With regard to the terms used, such as "processing" or "Data Controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Which data are processed?
When you visit our website, personal data are also processed.
In order for the pages to be displayed in your browser, the IP address of the terminal device you are using needs to be processed. Further information about the browser of your terminal device is also required.
We are also obliged under data protection law to guarantee the confidentiality and integrity of the personal data which are processed with our IT systems.
The purposes for which we collect data (purpose of the processing) and the legal basis for this
We process the above-mentioned personal data in accordance with the provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG").
This includes, for example, the provision of insurance services or the implementation of pre-contractual measures, in particular risk assessment. The submission and processing of claims upon the occurrence of an insured event and the review of the preconditions of the insured event, as well as for the charging and settlement of your brokerage fee claims, must also be listed here.
As an underwriting agent, we are subject to various legal obligations (e.g. insurance contract law, tax laws etc.) as well as regulatory requirements (e.g. trade supervision, the Chamber of Commerce and Industry and the Federal Financial Supervisory Authority). The purposes of the processing include, for example, the obligation to keep records, the prevention of fraud and terrorism, as well as the review of sanctions.
We partly process data which are not necessary for the fulfilment of the contract in order to protect the legitimate interests of ourselves or third parties. This includes the assertion of legal claims and defense in the case of legal disputes, as well as the prevention of criminal offences.
The processing of your personal data is also lawful if you have given your consent to this (e.g. site inspection, forwarding of data for the risk assessment etc.). You can revoke this consent at any time. However, this revocation then only applies to the future - the previous processing is not affected by it.
Information about the collection of personal data
We provide information below on the collection of personal data when you use our website. Personal data means individual pieces of information regarding personal or factual conditions of a specific or identifiable natural person (data subject), e.g. name, address, E-mail addresses, user behavior).
When we are contacted by you via E-mail or via a contact form, the data you provide (your E-mail address and - if applicable - your name and telephone number) will be stored by us in order to answer your questions. We will delete the data collected within this context after their storage is no longer required, or otherwise limit their processing if retention obligations exist according to the law.
You have the following rights toward us with regard to the personal data relating to you:
— right to information,
— right to correction or deletion,
— right to the restriction of processing,
— right to object to their processing,
— right to withdraw consent,
— right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Personal data collection when visiting our website
If you only wish to use our website for information purposes, i.e. if you do not register or otherwise provide us with information, only the personal data transmitted by your browser to our server will be collected. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and guarantee its stability and security (the legal basis is Art. 6, para. 1, sentence 1 (f) of the General Data Protection Regulation (GDPR):
— IP address
— date and time of the query
— time zone difference compared to Greenwich Mean Time (GMT)
— contents of the request (specific page)
— access status/HTTP status code
— amount of data transmitted in each case
— the website from which the request comes
— operating system and its interface
— language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and associated with the browser you are using and by means of which the party which sets the cookie (in this case us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make our site more user-friendly and effective.
Duty to provide information when collecting personal data
Transient cookies (see b)
Persistent cookies (see c).
[(f) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on the end device. These objects store the required data regardless of the browser you are using and do not have an automatic expiration date. If you do not want the Flash cookies to be processed, you must install a corresponding add-on, for example "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the AdobeFlash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. In addition, we recommend that you regularly delete your cookies and browser history manually].
Further functions and offers of our website
In addition to the purely informational use of our website, we offer various services that you can use if interested. For this purpose, you must provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
Objection to or revocation of the processing of your data
If you have given your consent to the processing of your data, you can revoke this at any time. Such revocation affects the admissibility of the processing of your personal data after you have submitted it to us.
You have the right to object to the processing, insofar as we base the processing of your personal data on the balancing of interests. This is the case if the processing is not necessary in particular for the fulfilment of a contract with you, as stated by us in each case with the following description of the functions. Should you submit an objection, we ask you to explain the reasons why we should not process your personal data in the manner that we have. In the case of your justified objection, we will examine the circumstances and either discontinue or adjust the data processing or inform you of our compelling reasons which are worthy of protection and on the basis of which we are continuing the processing; if the processing does not serve the purpose of asserting, exercising or defending against legal claims.
You can of course object to the processing of your personal data for advertising and data analysis purposes at any time.
You can inform us of your objection to advertising at the following address: firstname.lastname@example.org
In addition, we process
- contract data (for example, subject matter of the contract, validity period, customer category)
- payment data (for example, bank details, payment history)
of our customers, potential customers and business partners for the purpose of providing contractual and other services, customer care, marketing, advertising and market research.
Special forms of use of websites
Use of our online shop
If you want to place an order in our web shop, we need personal data to process the order. The required mandatory fields are marked, but all other fields are optional. We use the data provided by you to process your order. For this purpose, we can pass your payment data on to our principal bank. The legal basis for this is Art. 6 Para. 1 sentence 1(b) GDPR.
A customer account is created for you, with which we store the data you provide for subsequent purchases. These data are stored with revocable effect when the account is opened and can be deleted at any time if you ask us to do so.
We may also process the information you provide in order to inform you about other interesting products from our portfolio or send you technical information by E-mail.
We are obliged by commercial and tax law to store your address, payment, and order data for a period of ten years.
In order to prevent unauthorized access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
Establishment of contacts
When you contact us (e.g. via a contact form or E-mail), we process the data provided by you in order to handle the inquiry or in the event that follow-up queries are submitted. If the data processing is carried out in conjunction with contractual or pre-contractual relationships, the legal basis for this data processing is Art. 6, para. 1, clause 1 b of the GDPR. We will only process further personal data with your consent (Art. 6, para. 1, clause 1 a) of the GDPR) or if we have a legitimate interest in the processing of your data (Art. 6, para. 1, clause 1 f) of the GDPR). A legitimate interest would be, for example, to respond to your inquiry.
We send newsletters, E-mails and other electronic notifications with advertising information only with the consent of the recipient. The declaration of consent lists the goods and services advertised.
For the dispatch of the newsletter it is only necessary to provide your E-mail address. All other information is voluntary and will be used to personalize the newsletter. After your registration we also store your E-mail address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 para. 1 as of the GDPR.
You can revoke your consent to the dispatch of the newsletter at any time and cancel the newsletter. You can declare your revocation by sending an E-mail to email@example.com or a message to the contact address stated in the publishing information.
Users can optionally create a user account. During the registration process, the necessary mandatory information is provided to the users. The data entered as part of the registration process is used for the purpose of taking advantage of the offers available. Users may be informed by E-mail of information which is relevant to the offer or registration, such as changes to the scope of the offer or technical circumstances. If users have terminated their user account, their data will be deleted with respect to the active use of the user account, subject to the proviso that their retention is required under commercial or fiscal law pursuant to Art. 6, para. 1 c) of the GDPR. It is the responsibility of the users to secure their data before the end of the contract in the case of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
We store the IP address and the time of the respective user activity when the user avails himself/herself of our registration and login functions and during the use of the user account. The storage referred to above is based on our legitimate interests, as well as the user's interests in being protected against abuse and other unauthorized use. These data will not be passed on to third parties under any circumstances unless this is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6, para. 1 f of the GDPR.
The IP addresses are anonymized or deleted after 7 days at the latest.
Data protection for applications and in the application process
The Data Controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the Data Controller by electronic means, for example by E-mail or via a web form on the website. If the Data Controller concludes an employment contract with an applicant, the data transferred will be stored for the purposes of processing the employment relationship in compliance with the statutory provisions. If the Data Controller does not conclude an employment contract with the applicant, the application documents are automatically deleted within a period of one month after notification of the decision of refusal, provided that no other legitimate interests of the Data Controller stand in the way of such erasure. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).
The hosting services used by us serve the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services which we use for the purpose of operating this online service.
For the above, we and our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this online content on the basis of our legitimate interests in the efficient and reliable provision of this online content according to Art. 6 para. 1 f of the GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing agreement).
Collection of access data and log files
We, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6, para. 1 f. of the GDPR. The access data includes the name of the website accessed, the file, date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraudulent activities) for the maximum duration of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from the deletion process until the respective incident has been finally clarified.
Performance of contractual services
We process inventory data (e.g. the names and addresses as well as contact data of users), contract data (e.g. the services used, the names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 b GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
When our online services are used, we store the IP address and the time of the respective user action. The storage referred to above is based on our legitimate interests, as well as the user's interests in being protected against abuse and other unauthorized use. These data will not be passed on to third parties unless this is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 c GDPR.
The data are deleted after the expiry of legal warranty and comparable obligations and the necessity of data storage has been checked; in the case of legal archiving obligations, the deletion is carried out after these obligations have expired. Information contained in any customer account is retained until its deletion.
Use of social media plug-ins
We use the following social media plug-ins on our site:
Facebook, Twitter, Instagram
We use the two-click solution for this. When you visit our site, no personal data are initially passed on to the plug-in providers. Only if you click on the corresponding button of the provider on our website will the information that you have called up the corresponding website of our online service be transmitted to the provider. In addition, the data referred to in Art. 3 is transmitted to the provider. In the case of Facebook and Xing, your IP address is anonymized immediately after collection in accordance with the details submitted by the respective provider in Germany. When the respective button of the provider is clicked, personal data are therefore transmitted to the provider and stored there. We advise you to delete all your cookies before clicking on the button, as the plug-in provider collects the data mainly via cookies.
We cannot influence the data processing procedures or the data that are collected. We are not aware of the full scope of the data collection, the purposes of its processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
The data collected about you are stored by the plug-in provider as usage profiles. These are used for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles; in order to do so you have to contact the provider of the respective plug-in. The purpose of the plug-ins is to improve our offering and your user experience by enabling you to interact with the social networks and other users through the plug-ins. The legal basis for the use of the plug-ins is Art. 6, para. 1, clause 1 f of the GDPR.
The data are passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in, the data collected by us are directly assigned to your account with the plug-in provider. We therefore recommend that you log out regularly after using social networks, especially before activating the button, in order to prevent the direct assignment of your profile to the plug-in provider.
For further information about the purpose and extent of the data collection and their processing by the plug-in provider, please see the data protection declarations of these providers which are referred to below. There you will also find further information on your rights in this respect and settings options for protecting your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
https://help.instagram.com/519522125107875. Instagram has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Integration of YouTube Videos
We have integrated YouTube videos into our website which are stored at http://www.YouTube.com and can be played directly from our website. [These are all integrated in "Extended Privacy Mode", i.e. no data about you as a user are transferred to YouTube if you do not play the videos. Only when you play the videos are the data referred to in paragraph 2 transmitted. We have no influence on this data transmission.]
When you visit our website, the information that you have visited the corresponding page is transmitted to YouTube. In addition, the data referred to in Art. 3 of this declaration are transmitted. It does not matter whether you are logged in to a user account provided by YouTube or not. If you are logged in to Google, these data will be assigned directly to your account. If you want to prevent this assignment, you must log out before clicking on the button. YouTube creates a user profile with your data and uses them for advertising purposes, market research and/or for the need-based design of its website. You have the right to object to the creation of these user profiles, although in order to do so you have to contact YouTube directly.
Google also processes your personal data in the USA and has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Famework.
Collection of access data and log files
We, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6, para. 1 f. of the GDPR. The access data include the name of the website accessed, the file, date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraudulent activities) for the maximum duration of 7 days and then deleted. Data whose further storage is required for evidentiary purposes are excluded from the deletion process until the respective incident has been finally clarified.
Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Integration of third-party services and content
Within the framework of our online offering – based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6, para. 1 f of the GDPR) – we make use of the content or service offerings of third parties so that we can incorporate their content and services, such as videos or fonts (hereafter uniformly referred to as "content").
This always assumes that the third-party providers of this content can see the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required for the display of this content. We make every effort to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Through these "Pixel-Tags", information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may include – among other things – technical information about the browser and operating system, the referring websites, the visiting time and other information about the use of our online offering. It may also be linked to such information from other sources.
If we process your personal data on the basis of consent that has been submitted, you have the right to revoke the consent at any time without affecting the legality of the processing carried out on the basis of the consent up to the time of revocation in accordance with Art. 7, para. 3 of the GDPR.
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
You can submit this, for example, to the following supervisory authority: