PRIVACY POLICY
General
Your privacy is important to us. Below, we explain how we collect your personal data whenever you use our website. Personal data are all data that relate to you personally, for example your name, address, email address, user behaviour. We have implemented comprehensive technical and operational security measures to protect your data from accidental or intentional tampering, loss, destruction or access by unauthorised persons. Our security procedures are reviewed on a regular basis and adapted in accordance with technological advances.
CONTROLLER FOR DATA PROCESSING
The Controller in accordance with Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is SG IFFOXX Assekuranzmaklergesellschaft mbH, Galgenbergstraße 2c 93053 Regensburg - see our Legal Notice.
HOW TO CONTACT THE DATA PROTECTION OFFICER
If you have any queries about privacy, please contact our data protection officer:
Maximilian Mertin
intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
E-Mail: MMertin@intersoft-consulting.de
PURPOSE AND LEGAL BASIS FOR THE PROCESSING
Personal data are only collected if you have provided them yourself, for example by completing the contact form. We use these data exclusively for the purpose for which you have provided your data. For other purposes, your data will only be used after providing express notice or after obtaining your consent, Art. 6 (1) (a) GDPR. In certain cases, personal data are [processed] on the basis of a legitimate interest in accordance with Art. (6) (1) (f) GDPR (see Clause 4). Processing on the basis of a legitimate interest is governed by Art. 6 (1) (f) GDPR.
PERSONAL DATA ARE PROCESSED ON THE BASIS
OF ART. 6 (1) (f) GDPR IN THE FOLLOWING CASES:
If you use our website purely for information purposes, we only collect the personal data that your browser transfers to our server. If you wish to access our website, we collect the following data that is technically necessary for us in order to present our website to you and to guarantee stability and security.
- IP address
- Date and time of access
- Time zone difference in relation to Greenwich Mean Time (GMT)
- Content of the request (specific site)
- Access status / HTTP status code
- Respective volume of data transferred
- Website the request has come from
- Browser
- Operating system and interface
- Language and version of the browser software
The legitimate interest of the controller lies in displaying its website free of errors and guaranteeing the website’s stability and security.
Registration and use of the portal
You can register with us and set up a customer account. During registration, we collect and store the following information from you:
- Email (user name)
- Password
For registration, we use the “double opt-in process”. This means that your registration is only complete once you have provided confirmation before registering by clicking on the link contained in a confirmation email sent to you for this purpose. If you have not provided this confirmation within [24 hours], your registration will be automatically deleted from our database. Provision of the above data is mandatory; you can provide all other information on a voluntary basis by using our portal. Following successful registration, you will obtain personal, password-protected access and will be able to view and manage the data you have provided. Registration is voluntary, but it may be a condition if you wish to use our services. If you use our portal, we will store any personal data needed in order to perform the contract and, where applicable, information regarding the payment method until you permanently delete your access. We also store the data you have provided voluntarily for the time that you use the portal unless you have already deleted such data. You can manage and amend all information in the protected customer area. The legal basis is Art. 6 (1) (a), (b) and (f) GDPR.
Data transfer and recipients or categories of recipients
Your data will not generally be transferred to third parties unless we are obliged to do so by law, if the data transfer is necessary in order for us to perform the contract or if you have previously given your express consent to the transfer of your data.
Period for which data are stored
Personal data that we collect shall be deleted once the purpose for the processing no longer applies or within statutory retention periods.
Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling
Eine automatisierte Entscheidungsfindung inkl. Profiling gem. Art. 22 DSGVO findet nicht statt.
YOUR RIGHTS
General rights
You have a right of access to, rectification and erasure of data, the right to restrict processing, the right to object to processing and a right to data portability. If we process data on the basis of your consent, you have the right to revoke such consent from us with future effect.
Rights in relation to data processing for legitimate interests
In accordance with Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of Art. 6 (1) (e) GDPR (data processing in the public interest) or Art. 6 (1) (f) (data processing for the purposes of legitimate interests), including profiling based on those provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.
Rights in relation to direct marketing
If we process your personal data for direct marketing purposes, you have the right in accordance with Art. 21 (2) GDPR to object at any time to the processing of personal data concerning you for the purposes of such marketing, including profiling to the extent that it is related to such direct marketing. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.
Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a relevant data protection supervisory authority about the processing of your personal data by us.
Contact via email or contact form
If you contact us by email or by using a contact form, we will store the data you provide (your email address, your forename and surname) so that we can respond to your query. The online contact form for a security confirmation contains the following information: title, name, email address, date of birth, telephone number and address. If we request information in our contact forms that is not necessary for making contact, we always mark these entries as optional. This information helps us to refine your query and to handle your request more efficiently. This information is provided on an expressly voluntary basis and with your consent (Art. 6 (1) (a) GDPR). If the information relates to methods of communication (e.g. email address, telephone number), you also give your consent for us to contact you using these methods of communication to respond to your query. You can, of course, revoke this consent at any time with future effect. We erase data obtained in this way when storage is no longer necessary, or we restrict processing if there are statutory retention obligations.
Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint to a relevant data protection supervisory authority about our processing of your personal data.
Data transfer and intended data transfer to a third country (Non Member State) or an international organisation
Your data will not generally be transferred to third parties unless we are obliged to do so by law, if the data transfer is necessary in order for us to perform the contract or if you have previously given your express consent to the transfer of your data.
Data security
We have implemented comprehensive technical and organisational security measures to protect your data from accidental or intentional tampering, loss, destruction or access by unauthorised persons. Our security procedures are reviewed on a regular basis and adapted in accordance with technological advances.
January 2019
