Privacy Policy

1. Scope

This guideline regulates data protection-compliant information processing and the corresponding responsibilities at the above-mentioned company (and its branch(s)) based on the legal regulations of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSGnew). All employees are required to comply with this policy.
It is aimed in particular at:
Employees, customers and interested parties, insurers and service providers.

The following principles apply here:

• Protection of personal rights
• Purpose limitation of personal data
• Transparency
• Data avoidance and data economy
• Factual accuracy/currentness of the data
• Confidentiality in data processing
• Security in data processing
• Deletion and restriction of processing of data upon request

2. Definitions of terms (Art. 4 GDPR)

Personal data is individual information about the personal or factual circumstances of a natural person (data subject). Examples: Last name, first name, birthday, address details, contract details, email content.
Special personal data includes information about racial, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life, and economic circumstances.
The responsible body is any person or body that collects, processes or uses personal data for itself or has this done by others on behalf of others.

3. Collecting, processing and storing personal data

Art. 5 + 6 GDPR – The collection, processing and storage of personal data in our company is based on the brokerage order we use and the applicable documents (such as broker power of attorney, consent to data processing, which are signed separately).
We will not take action without a specific order and a declaration of consent under data protection law from our customers (for children and young people, consent is given by their legal guardian).
We document our activities extensively via our broker management program and provide specific procedural instructions for executing our orders. Profiling does not take place in our company. The data will be processed exclusively for the agreed purposes. Our customers’ data will be deleted after termination of the brokerage contract in accordance with the legal requirements, in particular the provisions on statutory retention periods. The deadlines can be extended accordingly to defend possible legal claims. Instead of deletion, processing is restricted.

4. Processing overviews (Art. 30 GDPR)

By means of internal process overviews (list of processing activities) we create transparency within the company and check whether our processes pose particular risks to the rights and freedoms of those affected and are therefore subject to a prior check/data protection impact assessment. There is an obligation to keep these overviews available for inspection by the authorities.

5. Procurement of hardware and software

All hardware necessary for our work processes (computers, screens, keyboard, mouse and peripheral devices such as scanners or printers) is controlled according to internal guidelines. The computers are already configured for the employees and equipped with the corresponding programs that we use as standard. Additional software may only be installed in consultation with management.

6. Password Policies

In order to ensure secure access to our systems, individual authentication is necessary. Internal regulations have been made for this, which everyone involved must adhere to.

7. Technical and organizational measures

We take all possible measures, based on the current state of technology and organizationally appropriate, to prevent unauthorized persons from accessing the personal data we store. For this purpose, we keep separate records to document the security requirements for data processing. A transfer to third countries is currently not planned.

8. Rights of those affected (Art. 12 -23 GDPR)

• The person affected can request information about which personal data of which origin is stored about them and for what purpose. If the employment relationship provides for further rights of inspection of the employer’s documents (e.g. personnel files) under the applicable labor law, these remain unaffected.
• If personal data is transmitted to third parties, information must also be provided about the identity of the recipient or the categories of recipients.
• If personal data is incorrect or incomplete, the person concerned can request that it be corrected or supplemented.
• The person concerned can object to the processing of their personal data for advertising purposes or market and opinion research. For these purposes, the data must be restricted (blocked) for processing.
• The data subject is entitled to request the deletion of his or her data if the legal basis for processing the data is missing or has ceased to apply. The same applies if the purpose of data processing no longer applies due to the passage of time or for other reasons. Existing retention obligations and legitimate interests that conflict with deletion must be taken into account.
• The data subject has a fundamental right to object to the processing of their data with future effect, which must be taken into account if their legitimate interest due to a particular personal situation outweighs the interest in the processing. This does not apply if a legal regulation requires the processing to be carried out.
• The data subject has a right to data portability. This means the right to receive personal data in a structured, commonly used and machine-readable format. The freedoms and rights of other people must not be affected by this.
• The person concerned has the right to lodge a complaint with the supervisory authority in whose federal state the company is based. You can find the contact details at the beginning of the description of our data protection organization.

9. Procedure in the event of “data breaches” (Art. 33 GDPR)

Each employee should immediately report any violations of this Privacy Policy or other regulations regarding the protection of personal data (data protection incidents) to their respective supervisor, management or the DPO. The responsible manager is obliged to inform the DPO immediately about data protection incidents.
In cases of unlawful transfer of personal data to third parties, unlawful access by third parties to personal data, or loss of personal data, the company’s required reports must be made immediately so that existing reporting obligations of data protection incidents under state law can be fulfilled.

1. Forms

You can use the contact form on our website to make electrical contact. If you enter your personal data such as name, date of birth, address, bank details or other data into a form, for example to create an offer or report damage, we will save it and process it exclusively for these purposes.
We knowingly only collect personal data about minors from legal guardians and only if and to the extent that personal processing and use is necessary to fulfill a contractual relationship.

2. Integration and use of third-party content

Our website may contain content from third parties, in particular offer programs, comparison calculators and product offers, e.g. B. be involved by insurers. This content can be in the design of our website.
The third party’s data protection declarations apply to this content, which are linked at the relevant location or can be seen on the third party’s website.

3. Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• operating system used
• Referrer URL
• Host name of the accessing computer
• Time of server request
• IP address

This data will not be merged with other data sources. The basis for data processing is Article 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

4. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Browser plugin

You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: deactivate Google Analytics. You can find more information about how Google Analytics handles user data in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de

Order data processing

We have concluded a data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

5. Google Web Fonts

This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f of the GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
Further information about Google Web Fonts can be found at: https://developers.google.com/fonts/faq
and in Google’s privacy policy: https://www.google.com/policies/privacy/

6. Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an attractive presentation of our online offerings and to make it easy to find the places we indicate on the website. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.
You can find more information on how to handle user data in Google’s privacy policy: https://www.google.de/intl/policies/privacy/

In order to act for you, we need to collect, store and pass on your data to third parties. We do this, for example, when we record your risk situation and pass this data on to various insurers in order to receive offers that are suitable for you. We also use so-called broker service providers for this purpose. It is often necessary for us to request data concerning you from third parties. These are primarily insurers, but data from doctors, tax advisors or lawyers and credit agencies, for example, may also be required.

Health data is only collected to the extent that it is necessary for arranging life, health or accident insurance (personal insurance) or when processing benefits and claims. You can grant this consent individually and revoke it at any time with future effect. Please note that we may then no longer be able to work for you.

Consent to collect and request data

You agree that we may collect data from you and request it from third parties. If we request health information from doctors, we will inform you in advance.

Consent to store data

You agree that we store and process the collected and requested data to the extent necessary or have them stored and processed by authorized third parties.

Consent to sharing data

You agree that we pass on data to third parties as necessary within the scope of our brokerage activities. Third parties here include, for example, insurers, broker service providers, workshops, appraisers or other service providers. You can find an overview of potential recipients in the business partner overview. Upon request, you will of course also receive information to whom we have actually transmitted data concerning you.

Consent to contact

Customer information is part of our work. You have used the option of contacting us electronically via the forms and expect to receive feedback on your request, for which we will use the contact details provided. Therefore, we need your consent to be able to carry out our activities.