DATA PROTECTION INFORMATION
The privacy of your data is very important to us!
We would like to inform you below about the processing of personal data within the context of the use of our Internet pages. This data protection information informs you about the type, scope and purpose of the processing of personal data in conjunction with our online services and the associated websites, functions and content, as well as external online sites such as our social media profiles.
With regard to the terms used, such as “processing” or “Data Controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
The Data Controller – according to Art. 4, para. 7 of the EU General Data Protection Regulation GDPR – for these Internet pages is:
45128 Essen Deutschland
Further information about our company can be found in our Publishing Information.
When you visit our website, personal data are also processed.
In order for the pages to be displayed in your browser, the IP address of the terminal device you are using needs to be processed. Further information about the browser of your terminal device is also required.
We are also obliged under data protection law to guarantee the confidentiality and integrity of the personal data which are processed with our IT systems.
The purposes for which we collect data (purpose of the processing) and the legal basis for this
We process the above-mentioned personal data in accordance with the provisions of the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”).
a. For the fulfilment of contractual obligations (Art. 6 para. 1b GDPR)
This includes, for example, the provision of insurance services or the implementation of pre-contractual measures, in particular risk assessment. The submission and processing of claims upon the occurrence of an insured event and the review of the preconditions of the insured event, as well as for the charging and settlement of your brokerage fee claims, must also be listed here.
b. On the basis of legal requirements (Art. 6 para. 1c GDPR) or in the public interest (Art. 6 para. 1e GDPR)
As an underwriting agent, we are subject to various legal obligations (e.g. insurance contract law, tax laws etc.) as well as regulatory requirements (e.g. trade supervision, the Chamber of Commerce and Industry and the Federal Financial Supervisory Authority). The purposes of the processing include, for example, the obligation to keep records, the prevention of fraud and terrorism, as well as the review of sanctions.
c. Within the framework of the balancing of interests (Art. 6, para. 1f GDPR)
We partly process data which are not necessary for the fulfilment of the contract in order to protect the legitimate interests of ourselves or third parties. This includes the assertion of legal claims and defense in the case of legal disputes, as well as the prevention of criminal offences.
d. On the basis of consent (Art. 6, para. 1a GDPR)
The processing of your personal data is also lawful if you have given your consent to this (e.g. site inspection, forwarding of data for the risk assessment etc.). You can revoke this consent at any time. However, this revocation then only applies to the future – the previous processing is not affected by it.
Information about the collection of personal data
(1) We provide information below on the collection of personal data when you use our website. Personal data means individual pieces of information regarding personal or factual conditions of a specific or identifiable natural person (data subject), e.g. name, address, E-mail addresses, user behavior).
(2) When we are contacted by you via E-mail or via a contact form, the data you provide (your E-mail address and – if applicable – your name and telephone number) will be stored by us in order to answer your questions. We will delete the data collected within this context after their storage is no longer required, or otherwise limit their processing if retention obligations exist according to the law.
(1) You have the following rights toward us with regard to the personal data relating to you:
— right to information,
— right to correction or deletion,
— right to the restriction of processing,
— right to object to their processing,
— right to withdraw consent,
— right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Personal data collection when visiting our website
(1) If you only wish to use our website for information purposes, i.e. if you do not register or otherwise provide us with information, only the personal data transmitted by your browser to our server will be collected. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and guarantee its stability and security (the legal basis is Art. 6, para. 1, sentence 1 (f) of the General Data Protection Regulation (GDPR):
— IP address
— date and time of the query
— time zone difference compared to Greenwich Mean Time (GMT)
— contents of the request (specific page)
— access status/HTTP status code
— amount of data transmitted in each case
— the website from which the request comes
— operating system and its interface
— language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and associated with the browser you are using and by means of which the party which sets the cookie (in this case us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make our site more user-friendly and effective.
a) This website uses the following types of cookies, the scope and functions of which are explained below:
Duty to provide information when collecting personal data
Transient cookies (see b)
Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to the site. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings in accordance with your wishes and refuse to accept third-party cookies or any cookies, for example. However, please note that if you do so, you may not be able to use all the functions of this website.
Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if interested. For this purpose, you must provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
Objection to or revocation of the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such revocation affects the admissibility of the processing of your personal data after you have submitted it to us.
(2) You have the right to object to the processing, insofar as we base the processing of your personal data on the balancing of interests. This is the case if the processing is not necessary in particular for the fulfilment of a contract with you, as stated by us in each case with the following description of the functions. Should you submit an objection, we ask you to explain the reasons why we should not process your personal data in the manner that we have. In the case of your justified objection, we will examine the circumstances and either discontinue or adjust the data processing or inform you of our compelling reasons which are worthy of protection and on the basis of which we are continuing the processing; if the processing does not serve the purpose of asserting, exercising or defending against legal claims.
(3) You can of course object to the processing of your personal data for advertising and data analysis purposes at any time.
You can inform us of your objection to advertising at the following address: firstname.lastname@example.org
Establishment of contacts
When you contact us (e.g. via a contact form or E-mail), we process the data provided by you in order to handle the inquiry or in the event that follow-up queries are submitted. If the data processing is carried out in conjunction with contractual or pre-contractual relationships, the legal basis for this data processing is Art. 6, para. 1, clause 1 b of the GDPR. We will only process further personal data with your consent (Art. 6, para. 1, clause 1 a) of the GDPR) or if we have a legitimate interest in the processing of your data (Art. 6, para. 1, clause 1 f) of the GDPR). A legitimate interest would be, for example, to respond to your inquiry.
(1) We send newsletters, E-mails and other electronic notifications with advertising information only with the consent of the recipient. The declaration of consent lists the goods and services advertised.
(2) For the dispatch of the newsletter it is only necessary to provide your E-mail address. All other information is voluntary and will be used to personalize the newsletter. After your registration we also store your E-mail address for the purpose of sending you the newsletter. The legal basis for this is Art. 6 para. 1 as of the GDPR.
(3)You can revoke your consent to the dispatch of the newsletter at any time and cancel the newsletter. You can declare your revocation by sending an E-mail to email@example.com or a message to the contact address stated in the publishing information.
Data protection for applications and in the application process
The Data Controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the Data Controller by electronic means, for example by E-mail or via a web form on the website. If the Data Controller concludes an employment contract with an applicant, the data transferred will be stored for the purposes of processing the employment relationship in compliance with the statutory provisions. If the Data Controller does not conclude an employment contract with the applicant, the application documents are automatically deleted within a period of seven month after notification of the decision of refusal, provided that no other legitimate interests of the Data Controller stand in the way of such erasure. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).
The hosting services used by us serve the purpose of providing the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services which we use for the purpose of operating this online service.
For the above, we and our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this online content on the basis of our legitimate interests in the efficient and reliable provision of this online content according to Art. 6 para. 1 f of the GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing agreement).
Collection of access data and log files
We, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6, para. 1 f. of the GDPR. The access data includes the name of the website accessed, the file, date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraudulent activities) for the maximum duration of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from the deletion process until the respective incident has been finally clarified.
Performance of contractual services
We process inventory data (e.g. the names and addresses as well as contact data of users), contract data (e.g. the services used, the names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 b GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
When our online services are used, we store the IP address and the time of the respective user action. The storage referred to above is based on our legitimate interests, as well as the user’s interests in being protected against abuse and other unauthorized use. These data will not be passed on to third parties unless this is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 c GDPR.
The data are deleted after the expiry of legal warranty and comparable obligations and the necessity of data storage has been checked; in the case of legal archiving obligations, the deletion is carried out after these obligations have expired. Information contained in any customer account is retained until its deletion.
Use of social media plug-ins
(1) We use the following social media plug-ins on our site: Facebook, Twitter, Instagram, Pinterest
We use the two-click solution for this. When you visit our site, no personal data are initially passed on to the plug-in providers. Only if you click on the corresponding button of the provider on our website will the information that you have called up the corresponding website of our online service be transmitted to the provider. In addition, the data referred to in Art. 3 is transmitted to the provider. In the case of Facebook and Xing, your IP address is anonymized immediately after collection in accordance with the details submitted by the respective provider in Germany. When the respective button of the provider is clicked, personal data are therefore transmitted to the provider and stored there. We advise you to delete all your cookies before clicking on the button, as the plug-in provider collects the data mainly via cookies.
(2) We cannot influence the data processing procedures or the data that are collected. We are not aware of the full scope of the data collection, the purposes of its processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
(3) The data collected about you are stored by the plug-in provider as usage profiles. These are used for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles; in order to do so you have to contact the provider of the respective plug-in. The purpose of the plug-ins is to improve our offering and your user experience by enabling you to interact with the social networks and other users through the plug-ins. The legal basis for the use of the plug-ins is Art. 6, para. 1, clause 1 f of the GDPR.
(4) The data are passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in, the data collected by us are directly assigned to your account with the plug-in provider. We therefore recommend that you log out regularly after using social networks, especially before activating the button, in order to prevent the direct assignment of your profile to the plug-in provider.
(5) For further information about the purpose and extent of the data collection and their processing by the plug-in provider, please see the data protection declarations of these providers which are referred to below. There you will also find further information on your rights in this respect and settings options for protecting your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection information:
a) Facebook Inc., 1601 California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php ; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://www.twitter.com/privacy. Twitter has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Instagram Inc., 200 Jefferson Dr, Menlo Park, CA 94025, USA;
https://help.instagram.com/519522125107875. Instagram has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland;
Integration of YouTube Videos
(1) We have integrated YouTube videos into our website which are stored at http://www.YouTube.com and can be played directly from our website. [These are all integrated in “Extended Privacy Mode”, i.e. no data about you as a user are transferred to YouTube if you do not play the videos. Only when you play the videos are the data referred to in paragraph 2 transmitted. We have no influence on this data transmission.]
(2) When you visit our website, the information that you have visited the corresponding page is transmitted to YouTube. In addition, the data referred to in Art. 3 of this declaration are transmitted. It does not matter whether you are logged in to a user account provided by YouTube or not. If you are logged in to Google, these data will be assigned directly to your account. If you want to prevent this assignment, you must log out before clicking on the button. YouTube creates a user profile with your data and uses them for advertising purposes, market research and/or for the need-based design of its website. You have the right to object to the creation of these user profiles, although in order to do so you have to contact YouTube directly.
Google also processes your personal data in the USA and has committed itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Famework.
Collection of access data and log files
We, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6, para. 1 f. of the GDPR. The access data include the name of the website accessed, the file, date and time of access, the amount of data transferred, notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraudulent activities) for the maximum duration of 7 days and then deleted. Data whose further storage is required for evidentiary purposes are excluded from the deletion process until the respective incident has been finally clarified.
Use of analysis tools
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called cookies, text files which are stored on your computer, enabling them to analyse your use of the website. The information generated by the cookie about your use of this website will generally be transmitted to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide further services relating to website activity and Internet usage to the website operator on the website operator’s behalf.
(2) The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
(3) You may refuse the storage of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension „_anonymizelp()”. This processes shortened IP addresses, thus excluding direct references to an individual. If the data collected about you relates to an individual, it is excluded immediately and the corresponding personal data deleted immediately.
(5) Google Analytics uses the following cookies for analysis:
a) _ga: This cookie is used to analyse your user behaviour. You can be distinguished from other users by means of randomly generated values. Thus, this cookie is not used to identify individuals and expires after two years.
b) _gid: This cookie is used to analyse your user behaviour. You can be distinguished from other users by means of randomly generated values. Thus, this cookie is not used to identify individuals and expires after 24 hours.
c) _gat: This cookie is used to analyse the request rate/quantity. It contains the ID of the linked “Google Analytics” accounts, but is not used to identify individuals and expires after one minute.
(6) We use Google Analytics to analyse the use of our website in order and enable us to improve it regularly. The statistics obtained let us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Googly Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR.
[(8) This website also uses Google Analytics for a cross-device analysis of visitor flows, using a User-ID. You can deactivate the cross-device analysis of your usage in your customer account under “My Data”, “Personal Data”.]
Adobe Typekit Webfonts
For the design of our website, we integrate the fonts (“Adobe Typekit Webfonts”) of the provider Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). The purpose and, at the same time, our legitimate interest in using Typekit is to be able to use certain fonts. As part of providing the Typekit service, no cookies are placed or used to provide the font. The following information is collected by Adobe to provide the Typekit service: fonts provided, set ID, account id, service providing the fonts, application requesting the fonts, server providing the fonts, hostname of the page the fonts are loaded.
EU-U.S. Privacy Shield/European data transfers:
Adobe is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Activ.
Integration of third-party services and content
Within the framework of our online offering – based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6, para. 1 f of the GDPR) – we make use of the content or service offerings of third parties so that we can incorporate their content and services, such as videos or fonts (hereafter uniformly referred to as “content”).
This always assumes that the third-party providers of this content can see the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required for the display of this content. We make every effort to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through these “Pixel-Tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may include – among other things – technical information about the browser and operating system, the referring websites, the visiting time and other information about the use of our online offering. It may also be linked to such information from other sources.
If we process your personal data on the basis of consent that has been submitted, you have the right to revoke the consent at any time without affecting the legality of the processing carried out on the basis of the consent up to the time of revocation in accordance with Art. 7, para. 3 of the GDPR.
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
You can submit this, for example, to the following supervisory authority:
Bayrisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision)
Promenade 27 (Schloss), 91522 Ansbach, Germany
Website with further contact data: http://www.ida.bayern.de
Der Hessische Datenschutzbeauftragte (The Hessian Data Protection Commissioner)
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
Website with further contact data: http://www.datenschutz.hessen.de
Die Landesbeauftragte für den Datenschutz Niedersachsen (The State Commissioner for Data Protection in Lower Saxony)
Landschaftstrasse 5, 30159 Hannover, Germany
Website with further contact details: http://www.lfd.niedersachsen.de
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia)
Kavalleriestr. 2-4, 40213 Düsseldorf, Germany
Website with further contact details: http://www.ldi.nrw.de
State Commissioner for Data Protection in Saxony-Anhalt (Landesbeauftragte für Datenschutz Sachsen-Anhalt)
Leiterstr. 9, 39194 Magdeburg, Germany
Website with further contact details: https://datenschutz.sachsen-anhalt.de
You can find a list of all supervisory authorities under the following link:
We have a Data Protection Officer.
We have set up an E-mail address for questions which are relevant to data protection and any reports of data protection infringements:
or by mail to the address stated under the contact data of the Data Controller:
Abteilung Datenschutz (Data Protection Department)
45128 Essen, Deutschland
Date: July 30, 2019