Unless otherwise specified, is responsible for the data processing explained below: Insurfox GmbH (in the following: "we") Stadtdeich 5 20097 Hamburg, Germany E-mail: firstname.lastname@example.org Phone: +49 40 855986000
Contact details for data protection inquiries
For answers to questions about the processing of personal data, the exercise of your "data subject rights" and in case of revocation of consent granted, please contact us in writing to Insurfox GmbH Mr. Jürgen Sprang Stadtdeich 5, 20097 Hamburg, Germany or by e-mail to: E-mail: email@example.com If you contact us by e-mail, the communication will be unencrypted.
Processing of personal data when visiting our website
(1) If you call up our website merely to obtain information, the server of our website only records the data that your end device (computer, laptop, tablet, smartphone, etc.) sends to our server on the basis of the https Internet protocol. The assignment of the automatic requests and responses of the server are made on the basis of your IP address, through which a reference to your person may be established. The purpose of processing the connection data is to technically enable you to use our website. (2) When you call up our website, information is automatically sent to the server of our website by the browser of your respective end device and temporarily stored in log files ("log files"). The log files contain information such as your IP address, the URL of the accessed website, date and time of access, information about a successful page request, amount of data transferred, loading time, the website from which you accessed our website, type and version of your browser, operating system of your end device, name of your Internet service provider. (3) The technical data collected does not allow any direct conclusions to be drawn about your identity. We do not store the data together with other personal data about you. (4) The legal basis for data processing is our legitimate interest (Article 6 (1) sentence 1 lit. f GDPR). The data is technically necessary to display our website to you, to establish the connection smoothly, to ensure the stability and security of the system and to protect against misuse. (5) Since the processing of the data is absolutely necessary for the provision and operation of our website, you have no right to object. (6) The connection data will be deleted immediately after the execution of the https call. The log file data is automatically deleted after seven days.
Processing of personal data when contacting us
(1) If you contact us by mail, telephone, e-mail or via a contact form, we process the personal data you provide and the content of the communication only to process your request and, if necessary, to fulfill existing legal record-keeping obligations. (2) Data processing for the purpose of contacting us is generally carried out on a voluntary basis. The legal basis depends on the specific purpose of the communication. Frequently, the legal basis for data processing will be the protection of our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f GDPR (such as conducting business correspondence, responding to inquiries about data protection). Insofar as further processing is carried out to fulfill legal retention obligations, the legal basis is Article 6 (1) sentence 1 lit. c GDPR. (3) We delete the accruing communication data as soon as storage is no longer necessary to fulfill the purpose, unless legal retention obligations prevent deletion. Processing of personal data for applications (1) If you ("Applicant") apply to us electronically (e.g. by e-mail) and send us application documents electronically, we will process your personal data that you provide to us for the purpose of carrying out the application process. (2) If we conclude an employment contract with an applicant, we process the data for the purpose of handling the employment relationship in compliance with the statutory provisions. (3) If no employment relationship is established between an applicant and us, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part oppose deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). (4) The legal basis for data processing is Article 6 (1) Sentence 1 lit. b GDPR and Section 26 (1) Sentence 1 No. 1 BDSG (decision on the establishment of an employment relationship). Processing of personal data of business partners (1) In the context of cooperation with business partners, we process personal data of contact persons at interested parties, customers, sales partners, suppliers, service providers and other partners. The data include in detail: (i) Contact information such as surname, first name as well as (business) address, telephone number, mobile phone number, fax number, e-mail address, (ii) Information for processing payment transactions, such as bank details, account numbers, credit card information, (iii) information the processing of which is required in the context of the performance of a contractual relationship with us or which is voluntarily provided by business partners, (iv) personal data collected from publicly available sources, credit agencies or information databases, (v) possibly further personal data which are legally required for the identification of our business partner, such as date of birth, date of identification, identification number. (2) We process personal data for the following purposes: (i) Communication with business partners in the context of initiating, establishing, implementing and terminating business relationships, (ii) Implementation and administration of the business relationship (e.g. processing of orders for goods and services, accounting, billing), (iii) assertion of and defense against legal claims, (iv) Carrying out marketing activities (e.g. invitations to events, sending newsletters to existing customers), (v) Maintaining and protecting the security of our products and services, (vi) Preventing, preventing and detecting security risks and criminal acts, (vii) Compliance with legal requirements (e.g. tax and commercial law retention obligations), (viii) Compliance with legal obligations to investigate (e.g., under the Money Laundering Act). (3) We only disclose data to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations (e.g. to participating telecommunications, transport and other auxiliary service providers as well as to subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). We will inform you about further data transfers within the scope of this data protection declaration. (4) The processing of personal data is necessary to achieve the stated purposes. Unless expressly stated otherwise when collecting the personal data, the legal bases are: (i) the performance and fulfillment of a contract with you (Article 6 (1) sentence 1 lit. b GDPR), (ii) the fulfillment of legal obligations to which we are subject (Article 6 (1) sentence 1 lit. c GDPR), (iii) the protection of legitimate interests of us (Article 6 (1) sentence 1 lit. f GDPR), whereby our legitimate interest lies in the initiation, implementation, processing and support of the business relationship. If you have expressly given your consent to the processing of your personal data in individual cases, Article 6 (1) sentence 1 lit. a GDPR is the legal basis for the processing. (5) We delete the accruing personal data as soon as the storage is no longer necessary for the fulfillment of the purpose, unless statutory limitation periods or statutory retention obligations (e.g. up to 10 years in accordance with the German Commercial Code or the German Fiscal Code) prevent a deletion.
Processing of personal data for newsletter registration
(1) Insofar as we offer a newsletter, we will also send you our newsletter by e-mail upon request outside of a business relationship, with which we will inform you about news and current offers. The only mandatory data for sending our newsletter is your e-mail address. The provision of further data is voluntary; we use this to be able to address you personally if necessary. (2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided and ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your data will be blocked and automatically deleted after one month. When you register for the newsletter, we store your IP address used and the times of registration and confirmation in order to prove compliance with legal requirements during the registration process and to be able to clarify any possible misuse of your personal data. (3) We may pass on your data to a service provider who produces and sends the newsletter for us. This service provider is contractually obligated by us neither to use personal data for its own purposes nor to pass it on to third parties. (4) The legal basis for the processing of your data for our newsletter is Article 6 (1) sentence 1 lit. a GDPR. (5) You can object to the newsletter transmission as well as to the sending of e-mails at any time with effect for the future. To do so, it is sufficient to use the unsubscribe option at the end of the newsletter or to send a message in text form to the contact details provided in the imprint (e.g. by e-mail, postal letter). (6) We will only process the personal data until you unsubscribe from the newsletter. As soon as you revoke your consent or unsubscribe from the newsletter, we may store your data stored on the occasion of the registration process and your unsubscribed e-mail address for up to three years before we delete them. The storage is based on our legitimate interest in being able to prove the consent you originally gave. We will comply with a request for deletion before the expiry of three years if you confirm to us at the same time that you formerly consented to the data processing.
Transmission and sharing of personal data
(1) We only pass on personal data to third parties if (i) you have given your express consent (Article 6 (1) sentence 1 lit. a GDPR), or (ii) this is necessary to carry out a pre-contractual measure requested by you or to fulfill a contractual relationship with you (Article 6 (1) sentence 1 lit. b GDPR), or (iii) we are legally obliged to do so (Article 6 (1) sentence 1 lit. c GDPR), or (iv) the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Article 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data. (2) Personal data published by you via one of our online offers (e.g. in forums) may be accessible to other registered users of our online offer worldwide.
Payment and data transfer
Data transfer to third countries
In connection with the use of certain services and cookies, your data may be processed in individual cases in countries outside the scope of the GDPR ("third countries"). The level of data protection in third countries (such as the USA) may not correspond to the level within the European Union or the scope of the GDPR. This is regularly based on suitable guarantees within the meaning of Articles 44 et seq. GDPR (in particular standard contractual clauses). These guarantees are generally a means of ensuring that the conditions for permissible data processing are met within the meaning of Article 44 et seq. GDPR to create the conditions for a permissible transfer of data to third countries. However, this only applies if the recipient in the third country can actually comply with the conditions of the standard contractual clauses, which is usually the case. In view of any existing risks, we ask you for your express consent to the transfer of data to third countries (Article 49(1)(a) of the GDPR), insofar as a third country reference exists according to our explanations of individual processing operations.
When you visit our website, our web server sends so-called cookies. Cookies are very small text files that are stored on the hard drive of your end device (computer, laptop, tablet, smartphone, etc.) and assigned to the browser you use when you visit our websites. Cookies cannot execute programs or transfer viruses or Trojans to your end device. Personal data is not stored in a cookie.
Information about necessary cookies
(1) In order to simplify the use of our offer for you, we use absolutely necessary ("necessary") cookies. Necessary cookies ("temporary cookies") include, for example, session cookies, which store information about you during a single browser session, remain for each page change and are deleted when you close the browser, cookies that store certain settings on your part for a short time (e.g. log-in data, language settings or other settings on our website), cookies for even load distribution on the server, contact form cookies, which store the answer to a question via the contact form, multimedia cookies for the playback of media content (eg.E.g. Flash player), payment provider cookies set by integrated payment service providers (which do not analyze any specific usage behavior, but only serve to prepare possible payments or to check payment legitimacy), opt-out cookies with which cookie consent can be revoked, the cookie that records the consent status for other cookies, cookies from live chat systems and messenger services. (2) You can see which necessary cookies we use from the Cookie-Tracking (3) The use of the necessary cookies is based on legitimate interests (Article 6 (1) sentence 1 lit. f GDPR). Our legitimate interest is to ensure the functioning of our websites and their optimal usability.
Information about non necessary cookies
Information on the technical deactivation of cookies
You can allow or disallow cookies independently in your browser's security settings. Help menus for popular browsers can be found at the following links: - Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-inmicrosoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09 - Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen - Chrome: https://support.google.com/chrome/answer/95647 - Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac - Opera: https://help.opera.com/en/latest/web-preferences/#cookies With cookies disabled, you can browse our website without restriction. However, you may not be able to use all the features of our website if you disable the necessary cookies.
Use of Google Analytics
Use of Google Tag Manager
(1) We use the "Google Tag Manager" service on our website. The provider of the service is the third-party provider Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google"). (2) Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, the deactivation remains in place for all tracking tags that are integrated with Google Tag Manager. Information about the Tag Manager can be found at https://marketingplatform.google.com/about/analytics/tagmanager/use-policy/. (3) We use the Google Tag Manager to be able to make a simplified and clear integration of various services. In addition, the integration of the Tag Manager optimizes the loading times of the various services. The legal basis for the data processing is therefore our legitimate interest pursuant to Article 6 (1) sentence 1 lit. f GDPR.
Use of Freshdesk tool
Use of social media links
Your rights as a data subject
(1) Subject to the legal requirements, you have the following rights with regard to personal data concerning you: - Right to information (Article 15 GDPR) - Right to rectification (Article 16 GDPR) - Right to erasure (Article 17 GDPR) - Right to restriction of processing (Article 18 GDPR) - Right to object to processing (Article 21 GDPR) - Right to data portability (Article 20 GDPR) (2) If you have given us consent to process your personal data, you have the right to revoke the consent given at any time with effect for the future (Article 7(3) GDPR). The revocation does not affect the lawfulness of the processing in the past. After revocation, we may only further process your personal data to the extent that we can base the processing on another legal basis (e.g. for the performance of a contract). (3) You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Article 77 GDPR).
Within the website visit, we use the widespread TLS procedure in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This data protection declaration has the status stated at the end. Due to the further development of our website and the offers via the website or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be called up and printed out from our website at any time.
Status: September 2022