Privacy statement

Status as of August 2018

Hereinafter, we inform you about the handling of personal data at SÜDVERS.

The new EU General Data Protection Regulation (GDPR) has become applicable since 25.05.2018. With this new data protection foundation, the relationship between the customer and the insurance broker does not change in principle, and the rights and obligations of transparency have emerged stronger with regard to privacy.

Overview:

  1. Collection of personal data in the framework ofbroker activity
  2. Collection of personal data upon visiting our website
  3. Collection of personal data in the framework of events and webinars
  4. Security measures
  5. Updates
  6. Responsibilities

 

1. Collection of personal data in the framework of broker activity 

Object of data protection

Object of data protection is personal data This is all the information related to an identified or identifiable natural person. This also includes information that (at least indirectly) allows the identification of a natural person. This information could be, for example, the name or contact data (e.g. telephone number, postal and e-mail address). Even the IP address can represent personal data in this sense.

Possible sources of personal data:

  • Persons and their family members – online, telephonic or in written communication
  • Employers of persons
  • Through insurance claims by third parties including the counterparty, experts, lawyers and adjusters, loss adjusters, witnesses
  • Other insurance market participants such as insurance companies, reinsurance companies and other intermediaries
  • Credit agencies (in case of credit risks)
  • Fraud prevention databases and other databases of third parties. including sanction lists
  • Authorities, e.g. vehicle registration offices and tax offices
  • Claim/damage report forms

SÜDVERS collects and processes the following personal data:

  • Personal data: name, address, other contact data (e.g. e-mail address and telephone number), gender, family data, marital status, date and place of birth, relationship with policyholder, insured person, beneficiary or claimant, employer, professional designation and professional career, if necessary,
  • Identification data: Identification numbers issued by authorities or government agencies (e.g. (Travel) passport number, personal identification number, tax identification number, social insurance number, driving license number
  • Financial data, card number (EC card, credit card, etc.) and bank details, income and other financial data
  • Insured risk: Information about the insured risk, which may include personal data if it is relevant to the risk to be insured:

Health information: health status, previous medical history (anamnesis), information on current or past physical or mental illness, injuries or disabilities, medical treatment, relevant personal habits (e.g. smoking or alcohol consumption), information about prescribed medication,

Data about criminal record: criminal convictions including traffic offences

Other specific categories of personal data: racial or ethnic origin, political opinions, religious or philosophical beliefs, affiliation with a trade union, genetic data, biometrics, data about sex life or sexual orientation

  • Policy data: Information about insurance offerings and policies
  • Credit and anti-fraud data: Financial standing or credit history and credit score, information on convictions for fraud, allegations of criminal offenses, and details of penalties and sanctions from various anti-fraud and sanction databases or regulatory or law enforcement authorities
  • Current insurance claims: Information on current insurance claims that may include health information, criminal history data and other special categories of personal data (as described above under the definition for “Insured Risk”)
  • Previous insurance claims: Information on previous insurance claims that may include health information, criminal history data and other special categories of personal data (as described above under the definition for “Insured Risk”)
  • Marketing data: The fact of whether the person has consented to receive marketing communication from SÜDVERS. Contact persons of potential customers.

Purpose of processing and legal basis 

In brokering or managing insurance contractual relationships and accompanying claims, the broker requires the personal data of his clients, which come under consideration during the contract implementation. The legal basis in order to be able to process, receive, use, store, transmit and disclose the necessary personal data in this case is the brokerage contract relationship, partially supplemented by declarations of consent. Declarations of consent issued prior to the entry into force of the GDPR continue to apply. In addition, the processing of personal data (including special data categories) is permissible if it is necessary for asserting, exercising or defending legal claims or court cases within the scope of judicial activity.

It is imperative to forward data to insurers, reinsurers, underwriting agencies, experts, etc. for the purpose of fulfillment of the contract, for example to solicit offers.

Insofar as processing is based on your consent, you have the right to revoke it with effect for the future.

As a result, however, SÜDVERS can no longer provide services to the customer concerned. If a person revokes their consent to the processing of special categories of personal data by an insurer or reinsurer, the continuation of the insurance cover may no longer be possible.

Data usage

Insurers may keep general contractual, billing and performance data in common databases and pass them on to the broker, to the extent necessary for the proper performance of his or her insurance matters.

As before, health-related data may only be transmitted by the insurers to affected persons and reinsurers. They may only be passed on to brokers insofar as these are required for contract management or if a declaration of consent is available.

Personal data transmitted in the context of support are used for our customers for customer care, e.g. for birthday letters and invitations. 

If you do not want this, please send a brief message to:

datenschutz@suedvers.de or the employee looking after you.

If data is made available to SÜDVERS via a third person, the notifier agrees to inform these third persons, by naming the source, about the usage and, if necessary, to obtain their consent.

Rights of persons affected 

According to the new GDPR, you have the right to information, correction, deletion, limitation of processing, the right to object and the right to data portability. If you wish to exercise these rights, please contact the Data protection officer listed below.

As an insurance broker, we are not data processing companies within the meaning of Art. 28 GDPR. Similar to tax consultants and lawyers, we provide services of a higher kind and work with the data independently and not as directed. As a person/ company, you are therefore not required to conclude a data protection agreement with us.

Right to information and disclosure

You have the right to request a confirmation from us about whether we are processing personal information concerning you. You can request information about the data about you that is stored with us. We shall provide access to the requested personal information, subject to reasonable legal restrictions, unless this violates the privacy of others.

In case we cannot grant you access, we shall give you the reason for this and let you know about the enforced exceptions.

Right of appeal to the supervisory authority

You have the right to file a complaint with a data protection authority. You can also contact the data protection authority, which is responsible for your place of residence or your state, or the data protection authority responsible for us:

The State Representative for Data Protection Baden-Württemberg

Königstraße 10a

70173 Stuttgart

Phone no. 0711/615541-0

Fax no. 0711/615541-15

E-mail: poststelle@lfd.bwl.de

Homepage: www.baden-wuerttemberg.datenschutz.de

Right to rectification and right to erasure

If your information is incorrect or incomplete, you have the right to request that your information be corrected or completed. If we have shared your information with a third party, we shall inform it about the correction, as far as this is required by law.

If the legal requirements are fulfilled, you can request immediate erasure of your personal data by us. This is particularly the case if your personal data is no longer needed for the purposes for which it was collected; the sole legal basis for the processing was your consent and you have revoked it; you have objected to processing for commercial purposes, your personal data has been unlawfully processed, you have objected to processing on the basis of the legal basis “balance of interests” for personal reasons and we cannot prove that there are legitimate reasons for processing; or your personal information needs to be erased to comply with legal requirements. If we have shared your information with third parties, we will inform you about the erasure, as far as this is required by law. Please note that your right to erasure may be subject to restrictions. For example, we may not or must not delete data that we still need to retain due to legal retention periods. Even data that we need to assert, exercise or defend legal rights are excluded from your right to erasure.

Right to object

You have the right to object to the processing of data by us as long as you have a legitimate interest in it for special reasons. You can object at any time to the processing of your data for advertising purposes.

Right to limitation of the processing

Within the legal requirements, you may require us to restrict the processing of your data. This is especially the case if the accuracy of your personal data is disputed by you. Until we have had the opportunity to verify the allegation that

the processing is not lawful, you may request that we limit its use instead of erase it.

If there is a right to limit processing, we shall mark the affected data to ensure that it will only be processed in the narrow limits that apply to such limited data (in particular to defend legal claims or with your consent).

Data processing in the company group 

Some data processing tasks are pooled intragroup within the SÜDVERS GROUP. This concerns e.g. IT, personnel administration, personnel development, controlling, finances, the telephone exchange, mail processing, as well as the support of the units by national departments and department heads. In addition, our customers are looked after across various divisions and companies by a contact person, and our trainees receive various insights. Manche Datenverarbeitungsaufgaben werden innerhalb der SÜDVERS-GRUPPE kon-zernintern gebündelt. Dies betrifft z.B. IT, Personalverwaltung, Personal-entwicklung, Controlling, Finanzen, die Telefonzentrale, Postbearbeitung, sowie die Unterstützung der Einheiten durch überregionale Stabsstellen und Fachbereichsleiter. Zudem werden unsere Kunden über verschiedene Sparten und Gesellschaften von einem Ansprechpartner betreut und unsere Auszubildenden erhalten verschiedene Einblicke. In these cases, we transfer personal data within the affiliated companies listed on the website in the company business cards in the Imprint section. This takes place within the permitted limits if it is necessary to fulfill the purposes mentioned. In these cases, the processing of your personal data takes place on order. Corresponding order processing contracts are concluded within the group.

External processors and service providers

SÜDVERS partly uses external contractors to fulfill its contractual and legal obligations. This concerns, for example, document shredding or IT support services. We have listed all contractors and have concluded corresponding order processing contracts.

Duration of data storage

We delete the personal data as soon as it is no longer required for the purposes to be fulfilled or is required by law (generally 10 years). It may happen thereby that personal data is kept for the time in which claims against our company can be asserted (up to 30 years).

Data transfer to a third party

Data transfer to non-member countries (states outside the EU and the European Economic Area) only takes place insofar as this is necessary for the execution of the order or brokerage contract. Basically, SÜDVERS works together with the trusted partners of the World Wide Broker Network (WBN) to serve international clients.

Right to appeal

Your contact person for appeals regarding data protection is available at the following address:

SÜDVERS Group Data Protection officers

Nina Hartmann
Am Altberg 1-3
79280 Au bei Freiburg
datenschutz@suedvers.de

2. Collection of personal data upon visiting our website

As the operator of our websites, we take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy statement.

The use of our website is generally possible without providing personal information. As far as personal data (for example name, address or e-mail addresses) are collected on our sites, this always takes place, as far as possible, on a voluntary basis. This data will not be disclosed to third parties without your explicit consent.

Please note that data transmission over the Internet (for example, when communicating via e-mail) may have security loopholes. A complete protection of the data from access by third parties is not possible.

Application

You can make an application electronically, for example via e-mail, to our company. Of course, we will only use your information to process your application and will not pass it on to third parties. Please note that e-mails transmitted in an unencrypted manner are not transmitted with access protection.

If you have applied for a specific position in one of our units and it has already been occupied or if we consider you to be better qualified for another position as well as or still better qualified, we will inform you about this opportunity and obtain your consent to be transferred to the other unit.

Your personal data will be deleted after completing the application process, unless you have given us your explicit consent for a longer storage of your data or a conclusion of contract has occurred.

Cookies

We do not use any cookies. These are files that the web server stores on the PC of the user, through which the user, if the cookies have not been deleted, can be identified in the subsequent visit; the data stored there is mostly information about the visited WWW sites; they primarily serve to facilitate navigation, but also to explore user behavior.

Server log files

The provider of the sites automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • used operating system
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request

This data cannot be assigned to specific persons. Merging of this data with other data sources will not be carried out. We reserve the right to check this data retrospectively, if we become aware of concrete indications for illegal use.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.

Newsletter data

If you would like to receive the newsletter offered on the website, we need an e-mail address from you, as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. Further data shall not be collected. We use this data exclusively for the delivery of the requested information and do not share it with third parties.

The consent given for the storage of the data, the e-mail address and their use for sending the newsletter can be revoked at any time, for example via the “unsubscribe here” link in the newsletter.

Google Analytics

This website does not use any function of the web analytics service Google Analytics.

Google reCAPTCHA

To ensure sufficient data security when submitting forms, we may use the reCAPTCHA service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) in certain cases. This is primarily used to distinguish whether the input is made by a natural person or has been improperly made through machine and automated processing. The query includes the sending of the IP address and any other data required by Google for the reCAPTCHA service to Google. This is subject to the deviating privacy policies of Google Inc. For more information about the Google Inc. Privacy Policy, see https://www.google.com/intl/de/policies/privacy/.

Google Maps

This website uses the Google Maps product of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) to visually display geographic information. By using this website, you consent to the collection, processing and use of the automatically collected data by Google Inc., its agents and third parties.

You can find the terms of use of Google Maps under “Google Maps Terms of Service”.

https://www.google.com/intl/de_de/help/terms_maps.html

SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as a website operator. You can recognize an encrypted connection through the address line of the browser changing from “http://” to “https://” and from the lock symbol in your browser line.

If SSL encryption is activated, the data you submit to us cannot be read by third parties.

Right to information, erasure, blocking

You have the right, at any time, to gain free-of-charge information about your stored personal data, its origin and recipient and the purpose of the data processing as well as a right to correct, block or erase this data. For further information on personal data, you can contact us at datenschutz@suedvers.de at any time.

Objection to advertising mails

The use of contact data published in the context of the imprint obligation for sending advertising and information material that are not expressly requested is hereby rejected. The operators of the sites expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails.

Source in part: eRecht24

Social networks

Facebook

This website offers a link to Facebook. If you click on this link, your browser establishes a connection with the Facebook servers.

So-called plug-ins that transmit data in the background are not used by us.

If you are logged in to Facebook, Facebook may recognize that you have come from our site and link this information to your user account. If you do not want this, you must log out of Facebook.

For information about the privacy policy of Facebook, see: https://www.facebook.com/privacy/explanation.

XING

This website offers a link to XING. If you click on this link, your browser establishes a connection with the XING servers.

So-called plug-ins that transmit data in the background are not used by us.

If you are logged in to XING, XING may recognize that you have come from our site and link this information to your user account. If you do not want this, you must log out of XING.

For information about the privacy policy of XING, see: https://privacy.xing.com/de/datenschutzerklaerung.

Twitter

This website offers a link to Twitter. If you click on this link, your browser establishes a connection with the Twitter servers.

So-called plug-ins that transmit data in the background are not used by us.

If you are logged in to Twitter, Twitter may recognize that you have come from our site and link this information to your user account. If you do not want this, you must log out of Twitter.

For information about the privacy policy of Twitter, see: https://twitter.com/de/privacy#update.

Google+

This website offers a link to Google+. If you click on this link, your browser establishes a connection with the Google+ servers.

So-called plug-ins that transmit data in the background are not used by us.

If you are logged in to Google+, Google+ may recognize that you have come from our site and link this information to your user account. If you do not want this, you must log out of Google+.

For information about the privacy policy of Google+, see: https://policies.google.com/privacy?hl=de.

LinkedIn

This website offers a link to LinkedIn. If you click on this link, your browser establishes a connection with the LinkedIn servers.

So-called plug-ins that transmit data in the background are not used by us.

If you are logged in to LinkedIn, LinkedIn may recognize that you have come from our site and link this information to your user account. If you do not want this, you must log out of LinkedIn.

For information about the privacy policy of LinkedIn, see: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

3. Collection of personal data in the framework of events and webinars

Registration for events

You have the opportunity to register with us for various events. The registration requires certain personal details. The voluntary disclosure of additional data enables us to respond to your wishes and to align future offers accordingly. We process your data only as far as it is necessary for the registration and execution of the respective event.

Depending on the event, there are different possibilities for registration. The registration can take place by e-mail or via a registration form. Depending on the event, the following information may be required for registration:

Company; Position; First name; Last name; Address; Zip code; Location; Phone no.; Fax no.; e-mail address

Following the registration, you will always receive an e-mail as a reminder, confirming the registration as well as an e-mail immediately before the event. We delete the data that arises in this context once the storage is no longer required, or limit the processing if there are statutory retention obligations.

Registration for webinars

You have the opportunity to register with us for various webinars. The registration requires certain personal details. It is necessary to provide your first and last name, the company and your e-mail address. The voluntary disclosure of additional data enables us to improve our service and to provide you with specific services tailored to your needs. We process your data only as far as it is necessary for the registration and execution of the respective webinar.

As part of webinar registrations, you may be directed to the site of an external service provider who technically operates the webinar for us. This service provider collects, stores and uses your data exclusively for the implementation of the webinar on our behalf and not for his own purposes. Data is not transferred to third countries (non-EU or non-EEA countries).

4. Security measures 

SÜDVERS has taken extensive technical and operational protective measures to protect the data, for which we are responsible, from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The safety procedures are regularly reviewed and adapted according to technological advancements

5. Updates

We will update this privacy statement from time to time. We shall inform you on this website and, if necessary, also separately about significant changes. We request that you read this privacy statement regularly. The current status of the privacy statement is shown on the first page.

6. Responsibilities 

According to your brokerage contract or cooperation agreement, the company looking after you is responsible.  The complete company data can be found in our Imprint or in our broker visiting card.

Group Data Protection officers

Your contact person regarding data protection will be glad to help you at the following address:

SÜDVERS

Nina Hartmann

Am Altberg 1-3

79280 Au bei Freiburg

datenschutz@suedvers.de

IT security officer

Your contact person regarding IT security will be glad to help you at the following address:

SÜDVERS Service und Management GmbH

Dirk Wenning

Am Altberg 1-3

79280 Au bei Freiburg

it-sicherheit@suedvers.de