The english website is currently
under construction.

 Menu

Privacy policy (valid from 11/12/2020 until 08/12/2022)

This Privacy Policy applies to HANSEKONTOR Maklergesellschaft mbH, HANSEKONTOR Nord West Maklergesellschaft mbH, HANSEKONTOR West Maklergesellschaft mbH, HANSEKONTOR Mitte Maklergesellschaft mbH and to HANSEKONTOR Süd Maklergesellschaft mbH.

The General Data Protection Regulation (hereafter GDPR) applies EU-wide. This Privacy Policy will inform you about the processing of personal data at our company in compliance with this regulation (cf. Art. 13 & 14 GDPR). If you have any questions or comments about this Privacy Policy, please do not hesitate to contact us at the email address provided in Sections 2 & 3.

Contents:

  1. Overview
    1. Applicability
    2. Controller
    3. Data Protection Officer
    4. Data Security

  2. Data Processing Details
    1. Data Processing
    2. Visiting the Website/Application
    3. Newsletter
    4. Applications
    5. Customer Support

  3. Data Subject Rights
    1. Right to Object
    2. Right of Access
    3. Right to Rectification
    4. Right to Erasure ("Right to be Forgotten")
    5. Right to Restriction of Processing
    6. Right to Data Portability
    7. Withdrawal of Consent
    8. Right to Lodge a Complaint

  4. Glossary

I. Overview

This section of our Privacy Policy will inform you about the applicability of this Privacy Policy and about the data processing controller, the data protection officer and data security.

  1. Applicability

    Data processing can be divided into two categories:
    All the data necessary for the execution of a contract will be processed for this purpose. If external service providers are involved in the execution of a contract, your data will be transferred to them to the necessary extent.

    When you visit our website/applications, various information will be exchanged between your device and our server. This may include personal data.

  2. Controller

    The data controller—i.e., the person who decides on the purposes and means of personal data processing —for the services is the respective managing director of the individual company (see Imprint)
  3. Data Protection Officer

    You may contact our data protection officer as follows: Contact Form

    DS EXTERN GmbH
    Dipl.-Kfm. Marc Althaus
    Bredkamp 53a
    D-22589 Hamburg
    Germany

  4. Data Security

    To implement the measures required under Art. 32 GDPR and achieve a risk-adequate level of protection, we have established an information security management system at our company.

II. Data processing details

This section of our Privacy Policy will inform you in detail about the processing of personal data as part of our services. For the sake of clarity, we will structure this information according to the functionalities of our services. In the normal course of using the services, different functionalities and therefore different processing operations may take effect one after the other or simultaneously.

  1. Data Processing

    Unless otherwise stated, the following applies to the processing described hereafter:

    1. No Duty to Disclose

      There is no contractual or legal duty to disclose personal data. You are not required to provide personal data.
    2. Consequences of Non-Disclosure

      For necessary data (data marked as mandatory on the entry form), non-disclosure means that the respective service cannot be performed. Non-disclosure may also prevent our services from being provided in the same form or with the same quality.
    3. Consent

      In a number of cases you have the option of granting us your consent to further processing in connection with the processing operations described below (where applicable, for part of the data). In these cases we will inform you separately, in connection with the submission of the respective declaration of consent, about all the modalities and the scope of the consent and about the purposes that we pursue with these processing operations.

    4. Transmission of Personal Data to Third Countries

      We will only transmit data to third countries, i.e., countries outside of the European Union, in compliance with the applicable legal admissibility requirements.

      The admissibility requirements are regulated in Art. 44 – 49 GDPR.

    5. Hosting by External Service Providers

      To a large extent, we process data through so-called hosting service providers who provide memory and processing capacities to us at their data centers and process personal data on our behalf and according to our directives. These service providers either process data exclusively in the EU or we will guarantee an adequate level of data protection through EU standard data protection clauses.

    6. Transmissions to Public Authorities

      We will transmit personal data to public authorities (including law enforcement authorities) if required by law (legal basis: Art. 6(1) Letter c GDPR) or for the exercise, establishment or defense of legal claims (legal basis: Art. 6(1) Letter f GDPR).

    7. Storage Duration

      We will only store your data for as long as it is necessary for the respective processing purposes. If the data is no longer necessary for the fulfillment of legal or contractual obligations, the data will be erased, unless continued temporary storage is necessary. Reasons for this may include:

      - Commercial and tax law storage obligations
      - Maintaining evidence for legal disputes within limitation periods

      Likewise, we may continue to store your data with your express consent.

    8. Data Categories

      Personal master data: Title, gender, first name, last name, date of birth

      Address data: Street, house number, address additions if applicable, ZIP code, city, country

      Contact data: Telephone number(s), fax number(s), email address(es)

      Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration.

      Applicant data: CV, reports, certificates, work samples, images

      Company figures: Revenue, balance sheet

  2. Website/Application

    This section will inform you about how we process your personal data when you are using our services. Please note that, due to the nature of information transfer on the Internet, the transmission of access data to external content providers (see Letter b below) is unavoidable.

    a. Information about processing
    Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration
    Access data Connection, display of service content, discovery of attacks on our pages through suspicious activities, troubleshooting Art. 6(1) Letter f GDPR Proper service functionality, security of data and business processes, prevention of misuse, prevention of damage caused by information systems interference 7 days
    b. Personal Data Recipients
    Recipient category Data concerned Legal basis of transmission Legitimate interest, if applicable
    External content providers who provide contents (e.g., images, videos, embedded posts from social networks, advertising banners, fonts, update information) necessary for displaying our services Access data Commissioned processing (Art. 28 GDPR) Orderly functioning of services, (accelerated) content displays
    IT security service provider Access data Commissioned processing (Art. 28 GDPR) Preventing attacks and exploitation of security gaps/vulnerabilities
    c. External content providers who transfer personal data to third countries
    Service description Function Data transfer to third countries If applicable, adequacy decision (Art. 45 GDPR) If applicable, appropriate safeguards (Art. 46 GDPR)
    Google Maps Included to offer directions Yes Proper function of services, security of data and business processes, prevention of abuse and protection against damage caused by information system interreference EU-US Privacy Shield: www.privacyshield.gov/participant

     

  3. Newsletter

    This section describes what happens to your personal data when subscribing to our newsletter

    a. Information about processing
    Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration
    Email address Verification of registration (closed-loop authentication), sending the newsletter Art. 6(1) Letter b GDPR   Duration of newsletter subscription
    Personal master data Personalization of the newsletter Art. 6(1) Letter b GDPR   Duration of newsletter subscription
    Registration data Traceability of newsletter subscription/confirmation/unsubscription Art. 6(1) Letters b & f GDPR Proof of newsletter subscription/confirmation/unsubscription Duration of newsletter subscription
    Newsletter user profile data Interest aligned design of the newsletter Art. 6(1) Letter f GDPR Service improvement, advertising purposes Duration of newsletter subscription
    b. Personal Data Recipients
    Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable
    Newsletter sending service provider All data under “a” Commissioned processing (Art. 28 GDPR)  
  4. Applicants

    We will process your personal data as follows for application purposes:

    a. Information about processing
    Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration
    Address data, contact details Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR   6 months
    Personal master data Identification, contacting, age verification Art. 6(1) Letter b GDPR   6 months
    Applicant data Applicant selection Art. 6(1) Letter b GDPR   6 months
             
    b. Personal Data Recipients
    Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable
    Service provider/tools, if applicable      
    Job portals Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR  
    Martens & Prahl Versicherungskontor GmbH & Co. KG (Holding) Applicant selection, identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR  
  5. Customer Support

    This section describes how your personal data may be processed and how you may contact our customer support:

    a. Information about processing
    Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration
    Personal master data, contact details, contents of inquiries/complaints Customer inquiry and user complaint handling Art. 6(1) Letters b & f GDPR Customer loyalty, service improvement Inquiry handling
    b. Personal Data Recipients
    Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable
    Service providers: ID Netsolution GmbH, Segeberstr. 9 -13a, 23863 Kayhude, Germany, email: servicedesk@idmx.de Q-Data Service GmbH, Sachsenstraße 7, 20097 Hamburg, Germany, email: service@qds.de      
    Company name All data under Letter a Art. 6(1) Letters b & f GDPR  
    Insurance companies All data under Letter a Art. 6(1) Letters b & f GDPR  
    Cooperating brokers All data under Letter a Art. 6(1) Letters b & f GDPR  
    Underwriting agents All data under Letter a Art. 6(1) Letters b & f GDPR  
    Reinsurance companies All data under Letter a Art. 6(1) Letters b & f GDPR  
    Broker pools All data under Letter a Art. 6(1) Letters b & f GDPR  
    Technical service providers All data under Letter a Art. 6(1) Letters b & f GDPR  
    Tip providers All data under Letter a Art. 6(1) Letters b & f GDPR  
    Social insurance carriers All data under Letter a Art. 6(1) Letters b & f GDPR  
    Insurance ombudsmen All data under Letter a Art. 6(1) Letters b & f GDPR  
    BaFin [German Federal Financial Supervisory Authority] All data under Letter a Art. 6(1) Letters b & f GDPR  
    Attorneys All data under Letter a Art. 6(1) Letters b & f GDPR  
    Tax advisors All data under Letter a Art. 6(1) Letters b & f GDPR  
    Legal successors All data under Letter a Art. 6(1) Letters b & f GDPR  

III. Data Subject Rights

  1. Right to Object

    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

    You may exercise this right to object free of charge.

  2. Right of Access

    You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, which personal data this is.

  3. Right to Rectification

    You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

  4. Right to Erasure (“Right to be Forgotten”)

    You have the right to obtain from us the erasure of personal data concerning you without undue delay.

  5. Right to Restriction of Processing

    You have the right to obtain from us restriction of processing for personal data concerning you.

  6. Right to Data Portability

    You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to have the personal data transmitted directly from us to another controller.

  7. Withdrawal of Consent

    You have the right to withdraw your consent at any time for the future.

  8. Right to Lodge a Complaint

    You have the right to lodge a complaint with a competent supervisory authority.

IV. Glossary

Commissioned processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Browser: Computer program for accessing websites (e.g., Chrome, Firefox, Safari)

Cookies: In relation to the World Wide Web, cookies mean small text files that are saved locally on the user's computer when visiting a website. These files save data on the user's behavior. Opening one's browser and visiting the same website again will activate the cookie which will transmit information on the user's surfing behavior to the web server based on the data saved by the cookie.

In this regard, cookies are not edible, but information saved locally in a small text file on a user's computer when they visit a website. This may include the user's page settings or information on the user collected independently by the website. These locally saved text files may subsequently be read by the web server that installed them. Most browsers accept cookies automatically. You may manage cookies through your browser settings (usually under "Options" or "Settings"). This allows you to disable, limit or require your consent for the saving of cookies. You may also delete cookies at any time.

Third countries: Countries not bound to the legal requirements of the EU General Data Protection Regulation (a country outside of the EEA).

Personal data: Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pixel: Pixels are also referred to as tracking pixels, web beacons or web bugs. These are small non-visible graphics in HTML emails or on websites. When a document is opened, this small image is loaded by a server on the Internet where the download will be registered. This allows the server operators to see whether and when an email is opened or a website is visited. This is usually achieved by activating a small program (JavaScript). This enables certain types of information on your computer system to be recognized and transmitted, e.g., the contents of cookies, the time and date of page access or a description of the page featuring the tracking pixel.

Profiling: any automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or movements.

Services: Our offers subject to this Privacy Policy (see Applicability).

Tracking: Collection and assessment of data or user behavior when using our services.

Tracking technologies: Tracking may be performed through the log files saved on our web servers or through data collected from your device via pixels, cookies or similar tracking technologies.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The privacy policy valid until then can be found here.