- Home
- Privacy policy old
Privacy policy (valid from 11/12/2020 until 08/12/2022)
This Privacy Policy applies to HANSEKONTOR Maklergesellschaft mbH, HANSEKONTOR Nord West Maklergesellschaft mbH, HANSEKONTOR West Maklergesellschaft mbH, HANSEKONTOR Mitte Maklergesellschaft mbH and to HANSEKONTOR Süd Maklergesellschaft mbH.
The General Data Protection Regulation (hereafter GDPR) applies EU-wide. This Privacy Policy will inform you about the processing of personal data at our company in compliance with this regulation (cf. Art. 13 & 14 GDPR). If you have any questions or comments about this Privacy Policy, please do not hesitate to contact us at the email address provided in Sections 2 & 3.
Contents:
- Overview
- Applicability
- Controller
- Data Protection Officer
- Data Security
- Data Processing Details
- Data Processing
- Visiting the Website/Application
- Newsletter
- Applications
- Customer Support
- Data Subject Rights
- Right to Object
- Right of Access
- Right to Rectification
- Right to Erasure ("Right to be Forgotten")
- Right to Restriction of Processing
- Right to Data Portability
- Withdrawal of Consent
- Right to Lodge a Complaint
- Glossary
I. Overview
This section of our Privacy Policy will inform you about the applicability of this Privacy Policy and about the data processing controller, the data protection officer and data security.
-
Applicability
Data processing can be divided into two categories:
All the data necessary for the execution of a contract will be processed for this purpose. If external service providers are involved in the execution of a contract, your data will be transferred to them to the necessary extent.When you visit our website/applications, various information will be exchanged between your device and our server. This may include personal data.
-
Controller
The data controller—i.e., the person who decides on the purposes and means of personal data processing —for the services is the respective managing director of the individual company (see Imprint) -
Data Protection Officer
You may contact our data protection officer as follows: Contact Form
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Bredkamp 53a
D-22589 Hamburg
Germany -
Data Security
To implement the measures required under Art. 32 GDPR and achieve a risk-adequate level of protection, we have established an information security management system at our company.
II. Data processing details
This section of our Privacy Policy will inform you in detail about the processing of personal data as part of our services. For the sake of clarity, we will structure this information according to the functionalities of our services. In the normal course of using the services, different functionalities and therefore different processing operations may take effect one after the other or simultaneously.
-
Data Processing
Unless otherwise stated, the following applies to the processing described hereafter:
-
No Duty to Disclose
There is no contractual or legal duty to disclose personal data. You are not required to provide personal data. -
Consequences of Non-Disclosure
For necessary data (data marked as mandatory on the entry form), non-disclosure means that the respective service cannot be performed. Non-disclosure may also prevent our services from being provided in the same form or with the same quality. -
Consent
In a number of cases you have the option of granting us your consent to further processing in connection with the processing operations described below (where applicable, for part of the data). In these cases we will inform you separately, in connection with the submission of the respective declaration of consent, about all the modalities and the scope of the consent and about the purposes that we pursue with these processing operations.
-
Transmission of Personal Data to Third Countries
We will only transmit data to third countries, i.e., countries outside of the European Union, in compliance with the applicable legal admissibility requirements.
The admissibility requirements are regulated in Art. 44 – 49 GDPR.
-
Hosting by External Service Providers
To a large extent, we process data through so-called hosting service providers who provide memory and processing capacities to us at their data centers and process personal data on our behalf and according to our directives. These service providers either process data exclusively in the EU or we will guarantee an adequate level of data protection through EU standard data protection clauses.
-
Transmissions to Public Authorities
We will transmit personal data to public authorities (including law enforcement authorities) if required by law (legal basis: Art. 6(1) Letter c GDPR) or for the exercise, establishment or defense of legal claims (legal basis: Art. 6(1) Letter f GDPR).
-
Storage Duration
We will only store your data for as long as it is necessary for the respective processing purposes. If the data is no longer necessary for the fulfillment of legal or contractual obligations, the data will be erased, unless continued temporary storage is necessary. Reasons for this may include:
- Commercial and tax law storage obligations
- Maintaining evidence for legal disputes within limitation periodsLikewise, we may continue to store your data with your express consent.
-
Data Categories
Personal master data: Title, gender, first name, last name, date of birth
Address data: Street, house number, address additions if applicable, ZIP code, city, country
Contact data: Telephone number(s), fax number(s), email address(es)
Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration.
Applicant data: CV, reports, certificates, work samples, images
Company figures: Revenue, balance sheet
-
-
Website/Application
This section will inform you about how we process your personal data when you are using our services. Please note that, due to the nature of information transfer on the Internet, the transmission of access data to external content providers (see Letter b below) is unavoidable.
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Access data Connection, display of service content, discovery of attacks on our pages through suspicious activities, troubleshooting Art. 6(1) Letter f GDPR Proper service functionality, security of data and business processes, prevention of misuse, prevention of damage caused by information systems interference 7 days b. Personal Data Recipients Recipient category Data concerned Legal basis of transmission Legitimate interest, if applicable External content providers who provide contents (e.g., images, videos, embedded posts from social networks, advertising banners, fonts, update information) necessary for displaying our services Access data Commissioned processing (Art. 28 GDPR) Orderly functioning of services, (accelerated) content displays IT security service provider Access data Commissioned processing (Art. 28 GDPR) Preventing attacks and exploitation of security gaps/vulnerabilities c. External content providers who transfer personal data to third countries Service description Function Data transfer to third countries If applicable, adequacy decision (Art. 45 GDPR) If applicable, appropriate safeguards (Art. 46 GDPR) Google Maps Included to offer directions Yes Proper function of services, security of data and business processes, prevention of abuse and protection against damage caused by information system interreference EU-US Privacy Shield: www.privacyshield.gov/participant -
Newsletter
This section describes what happens to your personal data when subscribing to our newsletter
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Email address Verification of registration (closed-loop authentication), sending the newsletter Art. 6(1) Letter b GDPR Duration of newsletter subscription Personal master data Personalization of the newsletter Art. 6(1) Letter b GDPR Duration of newsletter subscription Registration data Traceability of newsletter subscription/confirmation/unsubscription Art. 6(1) Letters b & f GDPR Proof of newsletter subscription/confirmation/unsubscription Duration of newsletter subscription Newsletter user profile data Interest aligned design of the newsletter Art. 6(1) Letter f GDPR Service improvement, advertising purposes Duration of newsletter subscription b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Newsletter sending service provider All data under “a” Commissioned processing (Art. 28 GDPR) -
Applicants
We will process your personal data as follows for application purposes:
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Address data, contact details Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR 6 months Personal master data Identification, contacting, age verification Art. 6(1) Letter b GDPR 6 months Applicant data Applicant selection Art. 6(1) Letter b GDPR 6 months b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Service provider/tools, if applicable Job portals Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR Martens & Prahl Versicherungskontor GmbH & Co. KG (Holding) Applicant selection, identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR -
Customer Support
This section describes how your personal data may be processed and how you may contact our customer support:
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Personal master data, contact details, contents of inquiries/complaints Customer inquiry and user complaint handling Art. 6(1) Letters b & f GDPR Customer loyalty, service improvement Inquiry handling b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Service providers: ID Netsolution GmbH, Segeberstr. 9 -13a, 23863 Kayhude, Germany, email: servicedesk@idmx.de Q-Data Service GmbH, Sachsenstraße 7, 20097 Hamburg, Germany, email: service@qds.de Company name All data under Letter a Art. 6(1) Letters b & f GDPR Insurance companies All data under Letter a Art. 6(1) Letters b & f GDPR Cooperating brokers All data under Letter a Art. 6(1) Letters b & f GDPR Underwriting agents All data under Letter a Art. 6(1) Letters b & f GDPR Reinsurance companies All data under Letter a Art. 6(1) Letters b & f GDPR Broker pools All data under Letter a Art. 6(1) Letters b & f GDPR Technical service providers All data under Letter a Art. 6(1) Letters b & f GDPR Tip providers All data under Letter a Art. 6(1) Letters b & f GDPR Social insurance carriers All data under Letter a Art. 6(1) Letters b & f GDPR Insurance ombudsmen All data under Letter a Art. 6(1) Letters b & f GDPR BaFin [German Federal Financial Supervisory Authority] All data under Letter a Art. 6(1) Letters b & f GDPR Attorneys All data under Letter a Art. 6(1) Letters b & f GDPR Tax advisors All data under Letter a Art. 6(1) Letters b & f GDPR Legal successors All data under Letter a Art. 6(1) Letters b & f GDPR
III. Data Subject Rights
-
Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
You may exercise this right to object free of charge.
-
Right of Access
You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, which personal data this is.
-
Right to Rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
-
Right to Erasure (“Right to be Forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay.
-
Right to Restriction of Processing
You have the right to obtain from us restriction of processing for personal data concerning you.
-
Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to have the personal data transmitted directly from us to another controller.
-
Withdrawal of Consent
You have the right to withdraw your consent at any time for the future.
-
Right to Lodge a Complaint
You have the right to lodge a complaint with a competent supervisory authority.
IV. Glossary
Commissioned processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Browser: Computer program for accessing websites (e.g., Chrome, Firefox, Safari)
Cookies: In relation to the World Wide Web, cookies mean small text files that are saved locally on the user's computer when visiting a website. These files save data on the user's behavior. Opening one's browser and visiting the same website again will activate the cookie which will transmit information on the user's surfing behavior to the web server based on the data saved by the cookie.
In this regard, cookies are not edible, but information saved locally in a small text file on a user's computer when they visit a website. This may include the user's page settings or information on the user collected independently by the website. These locally saved text files may subsequently be read by the web server that installed them. Most browsers accept cookies automatically. You may manage cookies through your browser settings (usually under "Options" or "Settings"). This allows you to disable, limit or require your consent for the saving of cookies. You may also delete cookies at any time.
Third countries: Countries not bound to the legal requirements of the EU General Data Protection Regulation (a country outside of the EEA).
Personal data: Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pixel: Pixels are also referred to as tracking pixels, web beacons or web bugs. These are small non-visible graphics in HTML emails or on websites. When a document is opened, this small image is loaded by a server on the Internet where the download will be registered. This allows the server operators to see whether and when an email is opened or a website is visited. This is usually achieved by activating a small program (JavaScript). This enables certain types of information on your computer system to be recognized and transmitted, e.g., the contents of cookies, the time and date of page access or a description of the page featuring the tracking pixel.
Profiling: any automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or movements.
Services: Our offers subject to this Privacy Policy (see Applicability).
Tracking: Collection and assessment of data or user behavior when using our services.
Tracking technologies: Tracking may be performed through the log files saved on our web servers or through data collected from your device via pixels, cookies or similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The privacy policy valid until then can be found here.