The english website is currently
under construction.

LinkedIn
DE|EN
 Menu

Data Protection Declaration

Privacy policy (valid since 09/12/2022)

This declaration applies to HANSEKONTOR Maklergesellschaft mbH, HANSEKONTOR Nord West Maklergesellschaft mbH, HANSEKONTOR West Maklergesellschaft mbH, HANSEKONTOR Mitte Maklergesellschaft mbH and HANSEKONTOR Süd Maklergesellschaft mbH.

The guidelines of the EU General Data Protection Declaration apply throughout the EU. We would like to inform you of the ways in which our companies process your personal data in accordance with the requirements of this regulation (see Art. 13 and 14 GDPR). If you have questions or comments about this data protection declaration, please feel free to contact via email the parties under items I. 2 and I. 3.

Content overview:

I. Overview
1. Scope
2. Data Controller
3. Data Protection Officer

II. Data Processing in Detail
1. General information on data processing
2. Using our website
3. Newsletter
4. Employment applications
5. Customer Service

III. Rights of data subjects
1. Right to object
2. Right to access
3. Right to rectification
4. Right to erasure (“right to be forgotten”)
5. Right to restriction of processing
6. Right to data portability
7. Right to withdraw consent
8. Right to appeal

I. Overview

In this section of the data protection declaration, you will find information regarding the scope of application, the controller, and the data protection officer.

1. Scope

On this page we would like to inform you about the type, scope and purpose of the personal data collected by the HANSEKONTOR Group. This data is processed both when you visit our homepage and during other processing activities that is not related to our homepage.

2. Data Controller

The Data Controller for data processing, i.e. the party that makes decisions with regard to the purpose for which and method with which personal data is processed by our company – is:

the relevant legal entity mentioned in the imprint (“Impressum”) of the website you are visiting.

3. Data protection officer

You may contact our data protection officer as follows:


DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22589 Hamburg
Germany
https://www.dsextern.de/anfragen

II. Data processing in detail

 In this section of the data protection declaration, we will inform you in detail about how your personal data is processed in the context of our services. In order to provide an overview, we have divided the corresponding items according to specific functions of our services. During normal use of our services, it may be the case that various functions – and the corresponding data processing – take place sequentially or simultaneously.

1. General information on data processing


a. No obligation to provide personal data

There is no contractual or legal obligation for the provision of personal data. You are not obliged to provide such data.


b. Consequences of non-provision

In the case of required data (data that is marked as mandatory when entered), failure to provide could result in the service in question not being able to be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.


c. Consent

In various cases, you have the option to grant us your consent to further process your personal data (or parts thereof) in the manners listed below. In such cases, we will inform you – in the context of the corresponding declaration of consent – of the modalities and extent of such consent, as well as of the purposes for which the processing will take place.


d. Transfer of personal data to third countries

If we transfer personal data third countries, i.e. countries outside the European Union, then such transmission shall take place exclusively in accordance with the legally established permissibility requirements. These permissibility requirements are defined in Art. 44 to 49 GDPR.


e. Hosting at external service providers

Our data processing takes place largely at hosting service providers that supply us with storage space and processing capacity in their data centres. These service providers also process personal data on our behalf upon our request to do so. Either these service providers process data exclusively within the EU, or we have guaranteed an appropriate degree of data protection based on the EU standard contractual clauses for the transfer of personal data.


f. Transmission to government agencies

We transmit personal data to government agencies (including law enforcement agencies) in case that such transfer is required for the fulfilment of our legal obligations [legal basis: Art. 6 para. 1 c) GDPR] or for the assertion, exercise, or defence of legal claims [legal basis: Art. 6 para. 1 c) GDPR].


g. Retention periods

We do not retain or store your data longer than strictly necessary for the relevant processing purposes. In case that such data is no longer needed for the fulfilment of contractual or legal obligations, the data is regularly deleted unless its limited retention is otherwise necessary. Grounds for such retention include:

  • The fulfilment of commercial and tax law-related retention obligations
  • The preservation of evidence for legal disputes in the context of statutes of limitation

It is additionally possible for us to continue to store your data, insofar as you have provided your explicit consent to us.

h. Data categories

  • Personal master data: title, salutation, gender, first name, last name, date of birth
  • Address data: street address, address suffix (if applicable), ZIP code, city, country
  • Contact data: telephone number(s), fax number(s), email address(es)
  • Registration data: Information about the service via which you have registered; time stamps and technical information relating to your registration, confirmation, and deregistration; data you provide during the registration process
  • Access data: Date and time of your visit to our service; the website from which the accessing system was referred to our website; accessed pages upon use; data for session identification (session ID); furthermore, the following information corresponding to the computer system accessing the services: internet protocol address used (IP address), browser type and version, type of device, operating system, and similar technical information
  • Employment application data: curriculum vitae, degrees, supporting documents, work samples, certificates, pictures
  • Business key figures: sales figures, balance sheet figures


2. Using our website

This section describes how we process your personal data when you use our websites.

a. Information on data processing

  • Data category: Access data
  • Purpose: Connection establishment, displaying service content, detection of attacks on our site based on abnormal activity, error diagnosis
  • Legal basis: Art. 6 para. 1 f) GDPR
  • Legitimate interest (if applicable): Proper functionality of services, security of data and company processes, misuse prevention, prevention of damages caused by incursions or attacks on information systems
  • Retention period: 7 days
  • Recipients of personal data: IT security service provider, hosting service provider, consent management platform provider, web design agency
  • Transfer of personal data to third countries: no


b. Friendly Captcha

We use the Friendly Captcha tool on our website. This tool is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee.

The tool is used to prevent automated and abusive requests by so-called "bots". As part of this process, your IP address is captured by Friendly Captcha in order to send a cryptographic task to your device. The task is solved in the background and once solved, a confirmation is sent by Friendly Captcha to the server that this is a natural person.

Friendly Captcha processes and stores the following data in the above process:

  • Anonymized IP address of the requesting computer.
  • Information about the used browser, as well as operating system
  • Anonymized counter per IP address to control the cryptographic tasks
  • Website from which the access has taken place (so-called referrer URL)

The data is used for protection against bots.

The legal basis for the processing is the legitimate interest within the meaning of Art. 6 para 1 lit. f GDPR to prevent abusive access or spam attacks by bots. If personal data is processed when using Friendly Captcha, it will be deleted after 30 days.

More information is available at https://friendlycaptcha.com/de/privacy .


c. Cookies

We use the following cookies on our website

Description of the cookie or the entry in the local or session memory.

Purpose

Party

Retention period

Required for technical reasons

PHPSESSID

Saves important settings for PHP session management.

Website owner

Browser session

Yes


d. External links

In order to provide our visitors with a more comprehensive service and additional information on specific services, laws or policies, we have integrated external links into our website.

These are identified with this symbol:  

Please note that different privacy policies may apply to these external websites and we do not accept any responsibility or liability for these policies. In particular, we would like to point out that your access data (including IP address) are processed by external website operators.

3. Newsletter

What happens to your personal data in connection with a subscription to our newsletter is described in the following paragraphs.


Information on data processing

  • Data category:
    1. Email address
    2. Personal master data
    3. Newsletter user profile data
    4. Registration data
  • Purpose:
    1. Registration verification (double opt-in process), newsletter distribution
    2. Newsletter personalisation
    3. Interest-based formulation of newsletter
    4. Traceability of successful newsletter subscription/ confirmation/ subscription
  • Legal basis:
    1. Art. 6 para. 1 a) GDPR
    2. Art. 6 para. 1 a) GDPR
    3. Art. 6 para. 1 a) GDPR
    4. Art. 6 para. 1 f) GDPR
  • Legitimate interest (if applicable):
    d) Evidence of successful newsletter subscription/confirmation/unsubscription
  • Retention period: Duration of newsletter subscription (Registration data will be retained for an unlimited amount of time in order to fulfil our legal obligations as per Art. 5 para. 2 GDPR)
  • Recipients of personal data: Newsletter service provider
    Transfer of personal data to third countries: no

4. Employment applications

During an ongoing application for employment, we process your personal data in the following way:

a. Information on data processing

Data categories

Purpose

Legal basis

Legitimate interest (if applicable)

Retention period

Address data, contact data

Identification, initial contact, communication for contract initiation

Art. 6 para. 1 b) GDPR

-

6 months after termination of the application process; upon written request of the applicant data may be stored longer

Personal master data

Identification, initial contact, communication for contract initiation, age verification

Art. 6 para. 1 b) GDPR

-

6 months after termination of the application process; upon written request of the applicant data may be stored longer

Application data

Applicant selection

Art. 6 para. 1 b) GDPR

-

6 months after termination of the application process; upon written request of the applicant data may be stored longer

 

b. Recipients of personal data

Category of recipients

Data categories

Transfer to non-EU countries

Job fairs

 

No

Martens & Prahl Versicherungskontor GmbH & Co. KG (Holding)

All categories mentioned under a.

No

5. Customer support

You can find out how your personal data may be processed when you contact our customer service

a. Information on data processing

Data categories

Purpose

Legal basis

Legitimate interest (if applicable)

Retention period

Personal master data, contact data, contents of inquiry or complaint

Handling customer enquiries and user complaints

Art. 6 para 1 f) GDPR

Customer loyalty, improving our service

Until inquiry has been sufficiently dealt with

 

b. Recipients of personal data

Category of recipients

Data categories

Transfer to non-EU countries

Insurance companies

All categories mentioned under a.

No

Cooperating agents/intermediaries

All categories mentioned under a.

No

Underwriters

All categories mentioned under a.

No

Reinsurance companies

All categories mentioned under a.

No

Broker pools

All categories mentioned under a.

No

Technical service providers

All categories mentioned under a.

No

Tipsters

All categories mentioned under a.

No

Social insurance agencies

All categories mentioned under a.

No

Insurance ombudsmen

All categories mentioned under a.

No

BaFin (Federal Financial Supervisory Authority)

 

All categories mentioned under a.

No

Lawyers

All categories mentioned under a.

No

Tax consultants

All categories mentioned under a.

No

Legal successors

All categories mentioned under a.

No

III. Rights of affected persons

1. Right to object

You have the right to object at any time and with future effect, for reasons arising from your particular situation to the processing of your personal data which occurs according to Art. 6 para. 1 e) or f) GDPR; the exercise of your right to objection carries no related monetary costs.
You can reach us using the contact data listed in I.2. This also applies to profiling based on these provisions.
You can exercise this right of objection free of charge.

2. Right of access by the data subject

You have the right to obtain from us confirmation as to whether we process or have processed your personal data in accordance with Art. 15 GDPR.

3. Right to rectification

You have the right to demand that we immediately rectify any of your personal data that is inaccurate (Art. 16 GDPR). Subject to consideration of the purposes of the processing, you have the right to demand the completion of any incomplete personal data, including by way of an amended declaration.

4. Right to erasure (“right to be forgotten”)

You have the right to demand that we immediately delete your personal data, so long as one of the grounds listed in Art. 17 para. 1 GDPR applies and the processing of such data is not required for the purposes listed in Art. 17 para. 3 GDPR.

5. Right to restriction of processing

You have the right to demand restriction of the processing of your personal data if one of the requirements listed in Art. 18 para. 1 a) to d) GDPR is met.

6. Right to data portability

You have the right to obtain the personal data you have made available to us in a structured, commonly available, and machine-readable format. Furthermore, you have the right to transfer or otherwise provide such data to another data controller, with no hindrance from us, such that we will undertake immediate transfer of said data to the party named, insofar as such transfer is technically possible. This provision shall apply in all cases in which the basis for data processing consists in a consent or contract and in which the data will be processed in an automated way. Accordingly, this provision shall not apply to data available solely in hard copy form.

7. Right to withdraw consent

You have the right to withdraw your consent at any time. However, any processing based on this consent prior to such withdrawal remains unaffected.

8. Right to appeal

You have the right to appeal to a supervisory authority.

Last Updated: December 2022

 

The privacy policy valid until then can be found here.