Privacy Policy

A. Privacy Policy

For any questions regarding the protection of your data, please contact our management. You can reach us via the contact details provided.

You have the right to lodge a complaint with the supervisory authority in the federal state where the company is based. For our company, this is:

Bavarian State Office for Data Protection Supervision

Promenade 27 (Schloss), 91522 Ansbach

Tel. 0981 53-1300

Fax 0981 53-5300

http://www.lda.bayern.de


Data may be transmitted to insurers/service providers in order to provide the requested insurance coverage. Additionally, data may be shared with public authorities and institutions if legally required. A list of business partners and insurers can be provided upon request.

1. Scope

This policy governs the compliant processing of information and the associated responsibilities within the above-mentioned company (and its branches) based on the legal provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-new). All employees are obliged to comply with this policy.

This policy is particularly aimed at:


Employees, Customers and prospects, Insurers and service providers.

The following principles apply:


  • Protection of personal rights
  • Purpose limitation of personal data
  • Transparency
  • Data minimization and avoidance
  • Accuracy/upto-dateness of data
  • Confidentiality in data processing
  • Security in data processing
  • Deletion and restriction of data processing upon request

2. Definitions (Art. 4 GDPR)

Personal data refers to individual details about the personal or material circumstances of a natural person (data subject). Examples include name, first name, birth date, address data, contract data, and email contents.

Sensitive personal data refers to information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life, and financial circumstances. A responsible party is any person or entity that collects, processes, or uses personal data for its own purposes or on behalf of others.

3. Collection, Processing, and Storage of Personal Data (Art. 5 & 6 GDPR)

The collection, processing, and storage of personal data in our company is based on the brokerage agreement and related documents (e.g., power of attorney, consent for data processing, which are signed separately).

We will not take action without a specific order and a data protection consent declaration from our customers (for minors, consent is provided by the legal guardians). We comprehensively document our activities via our broker management system and maintain specific procedural instructions for fulfilling our orders. No profiling takes place in our company. Data is processed solely for the agreed purposes.

Customer data is deleted after the termination of the brokerage contract in accordance with legal requirements, particularly the provisions on statutory retention periods. These periods may be extended to defend against potential legal claims. Instead of deletion, data processing may be restricted.

4. Confidentiality Obligation

All employees are required, upon starting their employment, to maintain confidentiality and comply with work instructions and this policy. This obligation is renewed annually.

5. Processing Records (Art. 30 GDPR)

We create internal procedural records (processing activity registers) to ensure transparency within the company and assess whether our procedures pose special risks to the rights and freedoms of the data subjects, requiring a preliminary check or data protection impact assessment. These records are maintained for inspection by authorities.

6. Acquisition of Hardware and Software

All hardware necessary for our workflows (computers, monitors, keyboards, mice, and peripherals such as scanners or printers) is managed according to internal guidelines. Computers are pre-configured for employees with the standard programs we use. Additional software may only be installed with the approval of management.

7. Password Policies

To ensure secure access to our systems, individual authentication is required. Internal rules have been established that all parties must adhere to.

8. Technical and Organizational Measures

We take all possible measures, in line with the current state of technology and organizational capabilities, to prevent unauthorized access to the personal data stored with us. We maintain separate records to document compliance with data processing security requirements. Data transmission to third countries is currently not planned.

9. Rights of Data Subjects (Art. 12-23 GDPR)

  1. The data subject can request information on which personal data is stored, its origin, and the purpose of its processing.
  2. If personal data is transferred to third parties, information must also be provided about the recipient or the categories of recipients.
  3. If personal data is incorrect or incomplete, the data subject can request its correction or completion.
  4. The data subject can object to the processing of their personal data for purposes of advertising, market research, or opinion polling. In these cases, the data must be restricted (blocked).
  5. The data subject can request the deletion of their data if the legal basis for its processing is missing or has ceased to exist. The same applies if the purpose of the data processing no longer exists due to time lapse or other reasons. Existing retention obligations and any overriding legitimate interests must be considered.
  6. The data subject has a fundamental right to object to data processing for future purposes, which must be considered if their legitimate interest outweighs the interest in processing due to a specific personal situation. This does not apply if a legal provision requires the processing.
  7. The data subject has the right to data portability, meaning the right to receive the personal data in a structured, commonly used, and machine-readable format. The freedoms and rights of other persons must not be affected by this.
  8. The data subject has the right to lodge a complaint with the supervisory authority of the federal state in which the company is based. The contact details can be found at the beginning of this data protection policy.

10. Procedure for "Data Breaches" (Art. 33 GDPR)

Every employee must promptly report any breaches of this data protection policy or other data protection regulations (data protection incidents) to their respective supervisor, management, or the data protection officer. The responsible supervisor is required to inform the data protection officer immediately about such incidents.

In cases of unlawful transmission of personal data to third parties, unauthorized access by third parties, or loss of personal data, the company must promptly make the necessary notifications to comply with legal reporting obligations for data protection incidents.

B. Changes within the Privacy Policy

We reserve the right to adjust the privacy policy as necessary to meet current legal and technical requirements. These changes will apply upon your next visit. Any changes will be indicated by a revision date.

Data Protection at a Glance

General Information
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data includes all data that can personally identify you. Detailed information on the topic of data protection can be found in our privacy policy listed below this text.


Data Collection on Our Website
Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

How do we collect your data?
Your data is collected in two ways. Firstly, when you provide it to us, for example, by entering data into a contact form. Secondly, data is collected automatically by our IT systems when you visit the website. This includes technical data (e.g., internet browser, operating system, or the time of page access). This data is collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to obtain information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking, or deletion of this data. For this and any other questions about data protection, you can contact us at any time at the address provided in the imprint. Additionally, you have the right to lodge a complaint with the competent supervisory authority.


Analysis Tools and Third-Party Tools
When visiting our website, your browsing behavior may be statistically analyzed. This happens primarily with cookies and so-called analysis programs. The analysis of your browsing behavior is usually anonymous; the browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

General Information and Mandatory Notices
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the internet (e.g., communication via email) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the Responsible Entity
The responsible entity for data processing on this website can be found in the imprint of this website.

The responsible entity is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent that you have already given at any time. An informal email notification to us is sufficient for this. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority in data protection matters is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to Data Portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another responsible entity, this will only be done to the extent technically feasible.

SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and by the lock symbol in your browser's address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, Blocking, Deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to correct, block, or delete this data. For further information on personal data, you can contact us at any time at the address given in the imprint.

Objection to Promotional Emails
We hereby object to the use of contact data published as part of the imprint obligation for sending unsolicited advertising and informational materials. The operators of the site expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.


Data Collection on Our Website
Cookies
Some of the websites use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offering more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser during your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary for the electronic communication process or to provide certain functions you desire (e.g., shopping cart function) are stored based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services. Insofar as other cookies (e.g., cookies for analyzing your browsing behavior) are stored, they will be treated separately in this privacy policy.

Server Log Files
The provider of these pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:


  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address
    This data is not merged with other data sources.

    The basis for the data processing is Art. 6(1)(b) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.

    Contact Form
    If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

    The processing of the data entered in the contact form is, therefore, exclusively based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. An informal email notification to us is sufficient for this. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation.

    The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

    Processing of Data (Customer and Contract Data)
    We collect, process, and use personal data only to the extent necessary for the establishment, content design, or modification of the legal relationship (inventory data). This is done based on Art. 6(1)(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures. We collect, process, and use personal data about the use of our internet pages (usage data) only to the extent necessary to enable the user to use the service or bill them.

    The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.


Data Transfer upon Conclusion of a Contract for Online Shops, Merchants, and Shipment of Goods
We transmit personal data to third parties only if this is necessary within the framework of contract processing, for example, to the company entrusted with the delivery of the goods or the financial institution responsible for payment processing. No further transmission of the data takes place unless you have explicitly consented to the transmission. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.

The basis for the data processing is Art. 6(1)(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures.

Data Transfer upon Conclusion of a Contract for Services and Digital Content
We transmit personal data to third parties only if this is necessary within the framework of contract processing, for example, to the financial institution responsible for payment processing.

No further transmission of the data takes place unless you have explicitly consented to the transmission. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.

The basis for the data processing is Art. 6(1)(b) GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures.


Analysis Tools and Advertising
Matomo
This website uses the open-source web analytics service Matomo. Matomo uses so-called "cookies." These are text files stored on your computer that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its web offering and its advertising.

The information generated by the cookie about the use of this website will not be passed on to third parties. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.

If you do not agree with the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser that prevents Matomo from saving usage data. If you delete your cookies, this will also delete the Matomo opt-out cookie. The opt-out will have to be reactivated when you visit our site again.


Newsletter
If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered into the newsletter subscription form is based solely on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example, by using the "unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. Data that has been stored by us for other purposes (e.g., email addresses for the members' area) remains unaffected.


Plugins and Tools
YouTube
Our website uses plugins from the YouTube website, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed about which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an attractive presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/en/policies/privacy/.