- Data Protection Officer
- Data Security
- Data Processing Details
- Data Processing
- Visiting the Website/Application
- Customer Support
- Social Media Plugins
- Data Subject Rights
- Right to Object
- Right to Information
- Right to Information
- Right to Rectification
- Right to Erasure ("Right to Be Forgotten")
- Right to Processing Restriction
- Right to Data Portability
- Right to Withdraw Consent
- Right to Lodge a Complaint
Data processing can be divided into two categories:
All the data necessary for the execution of a contract will be processed for this purpose. If external service providers are involved in the execution of a contract, your data will be transferred to them to the necessary extent.
When you visit our website/applications, various information will be exchanged between your device and our server. This may include personal data.
ControllerThe data controller—i.e., the person who decides on the purposes and means of personal data processing —for the services is the respective managing director of the individual company (see Imprint)
Data Protection Officer
You may contact our data protection officer as follows: Contact Form
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
To implement the measures required under Art. 32 GDPR and achieve a risk-adequate level of protection, we have established an information security management system at our company.
Data processing details
Unless otherwise stated, the following applies to the processing described hereafter:
No Duty to DiscloseThere is no contractual or legal duty to disclose personal data. You are not required to provide personal data.
Consequences of Non-DisclosureFor necessary data (data marked as mandatory on the entry form), non-disclosure means that the respective service cannot be performed. Non-disclosure may also prevent our services from being provided in the same form or with the same quality.
In a number of cases you have the option of granting us your consent to further processing in connection with the processing operations described below (where applicable, for part of the data). In these cases we will inform you separately, in connection with the submission of the respective declaration of consent, about all the modalities and the scope of the consent and about the purposes that we pursue with these processing operations.
Transmission of Personal Data to Third Countries
We will only transmit data to third countries, i.e., countries outside of the European Union, in compliance with the applicable legal admissibility requirements.
The admissibility requirements are regulated in Art. 44 – 49 GDPR.
Hosting by External Service Providers
To a large extent, we process data through so-called hosting service providers who provide memory and processing capacities to us at their data centers and process personal data on our behalf and according to our directives. These service providers either process data exclusively in the EU or we will guarantee an adequate level of data protection through EU standard data protection clauses.
Transmissions to Public Authorities
We will transmit personal data to public authorities (including law enforcement authorities) if required by law (legal basis: Art. 6(1) Letter c GDPR) or for the exercise, establishment or defense of legal claims (legal basis: Art. 6(1) Letter f GDPR).
We will only store your data for as long as it is necessary for the respective processing purposes. If the data is no longer necessary for the fulfillment of legal or contractual obligations, the data will be erased, unless continued temporary storage is necessary. Reasons for this may include:
- Commercial and tax law storage obligations
- Maintaining evidence for legal disputes within limitation periods
Likewise, we may continue to store your data with your express consent.
Personal master data: Title, gender, first name, last name, date of birth
Address data: Street, house number, address additions if applicable, ZIP code, city, country
Contact data: Telephone number(s), fax number(s), email address(es)
Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration.
Applicant data: CV, reports, certificates, work samples, images
Company figures: Revenue, balance sheet
This section will inform you about how we process your personal data when you are using our services. Please note that, due to the nature of information transfer on the Internet, the transmission of access data to external content providers (see Letter b below) is unavoidable.
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Access data Connection, display of service content, discovery of attacks on our pages through suspicious activities, troubleshooting Art. 6(1) Letter f GDPR Proper service functionality, security of data and business processes, prevention of misuse, prevention of damage caused by information systems interference 7 days b. Personal Data Recipients Recipient category Data concerned Legal basis of transmission Legitimate interest, if applicable External content providers who provide contents (e.g., images, videos, embedded posts from social networks, advertising banners, fonts, update information) necessary for displaying our services Access data Commissioned processing (Art. 28 GDPR) Orderly functioning of services, (accelerated) content displays IT security service provider Access data Commissioned processing (Art. 28 GDPR) Preventing attacks and exploitation of security gaps/vulnerabilities
This section describes what happens to your personal data when subscribing to our newsletter
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Email address Verification of registration (closed-loop authentication), sending the newsletter Art. 6(1) Letter b GDPR Duration of newsletter subscription Personal master data Personalization of the newsletter Art. 6(1) Letter b GDPR Duration of newsletter subscription Registration data Traceability of newsletter subscription/confirmation/unsubscription Art. 6(1) Letters b & f GDPR Proof of newsletter subscription/confirmation/unsubscription Duration of newsletter subscription Newsletter user profile data Interest aligned design of the newsletter Art. 6(1) Letter f GDPR Service improvement, advertising purposes Duration of newsletter subscription b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Newsletter sending service provider All data under “a” Commissioned processing (Art. 28 GDPR)
We will process your personal data as follows for application purposes:
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Address data, contact details Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR 6 months Personal master data Identification, contacting, age verification Art. 6(1) Letter b GDPR 6 months Applicant data Applicant selection Art. 6(1) Letter b GDPR 6 months b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Service provider/tools, if applicable Job portals Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR Martens & Prahl Versicherungskontor GmbH & Co. KG (Holding) Applicant selection, identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR
This section describes how your personal data may be processed and how you may contact our customer support:
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Personal master data, contact details, contents of inquiries/complaints Customer inquiry and user complaint handling Art. 6(1) Letters b & f GDPR Customer loyalty, service improvement Inquiry handling b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Service providers: ID Netsolution GmbH, Segeberstr. 9 -13a, 23863 Kayhude, Germany, email: email@example.com Q-Data Service GmbH, Sachsenstraße 7, 20097 Hamburg, Germany, email: firstname.lastname@example.org Company name All data under Letter a Art. 6(1) Letters b & f GDPR Insurance companies All data under Letter a Art. 6(1) Letters b & f GDPR Cooperating brokers All data under Letter a Art. 6(1) Letters b & f GDPR Underwriting agents All data under Letter a Art. 6(1) Letters b & f GDPR Reinsurance companies All data under Letter a Art. 6(1) Letters b & f GDPR Broker pools All data under Letter a Art. 6(1) Letters b & f GDPR Technical service providers All data under Letter a Art. 6(1) Letters b & f GDPR Tip providers All data under Letter a Art. 6(1) Letters b & f GDPR Social insurance carriers All data under Letter a Art. 6(1) Letters b & f GDPR Insurance ombudsmen All data under Letter a Art. 6(1) Letters b & f GDPR BaFin [German Federal Financial Supervisory Authority] All data under Letter a Art. 6(1) Letters b & f GDPR Attorneys All data under Letter a Art. 6(1) Letters b & f GDPR Tax advisors All data under Letter a Art. 6(1) Letters b & f GDPR Legal successors All data under Letter a Art. 6(1) Letters b & f GDPR
How your personal data is processed using tracking technologies to analyze and optimize our services and for promotional purposes.
The description of the tracking processes includes information on how to prevent or object to data processing. Please note that the so-called "opt out," i.e., processing rejection, is usually saved through cookies. If you use our services on another device or browser or if you delete the cookies saved by your browser, you must declare your rejection again.
This data is not linked to a specific, identified natural person, i.e., the data is not combined with information about the bearer of the pseudonym.
Tracking is used to analyze and optimize our services and their usage and to measure the success of advertising campaigns and to optimize the display of advertisements.
Using tracking to analyze user behavior helps us review the effectiveness of, optimize and adjust our services to the needs of our users and correct errors. It also serves to statistically determine characteristic values about the use of our services (reach, intensity of use, user surfing behavior) – on the basis of uniform standard procedures – and thereby obtain market-wide comparable values.
The purpose of tracking to measure the success of advertising campaigns is to optimize our advertisements for the future and to enable marketers and advertisers to optimize their advertisements accordingly. The purpose of tracking to optimize the display of advertising is to show users advertising tailored to their interests, to increase the success of advertising and thereby increase advertising revenues.
Legal basis for processing
Services that study data subject behavior on the Internet and the creation of user profiles require informed consent in the sense of the GDPR.
Social Media Plugins
This website may feature additional programs (plugins) from social networks, e.g., Facebook, Google+, Twitter or Pinterest, operated by third parties that allow messages to be sent to the respective social network through an interface to, e.g., evaluate, recommend or share contents. This is done in pursuit of our legitimate interest in increasing recognition of our services. Our services are configured to only perform data transmissions after the respective interface is activated. In this case, the legal basis for data transmission is Art. 6(1) Letter f GDPR. The respective providers are responsible for processing transmitted data in compliance with the applicable data protection regulations.
III. Data Subject Rights
Right to Object
If we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for direct marketing purposes at any time effective for the future; this also applies to profiling if related to direct marketing.
You also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6(1) Letters e or f GDPR; this also applies to profiling based on these provisions.
You may exercise your right to object free of charge.
You may contact us at the contact details provided under I.2
Commissioned processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Browser: Computer program for accessing websites (e.g., Chrome, Firefox, Safari)
Cookies: In relation to the World Wide Web, cookies mean small text files that are saved locally on the user's computer when visiting a website. These files save data on the user's behavior. Opening one's browser and visiting the same website again will activate the cookie which will transmit information on the user's surfing behavior to the web server based on the data saved by the cookie.
In this regard, cookies are not edible, but information saved locally in a small text file on a user's computer when they visit a website. This may include the user's page settings or information on the user collected independently by the website. These locally saved text files may subsequently be read by the web server that installed them. Most browsers accept cookies automatically. You may manage cookies through your browser settings (usually under "Options" or "Settings"). This allows you to disable, limit or require your consent for the saving of cookies. You may also delete cookies at any time.
Third countries: Countries not bound to the legal requirements of the EU General Data Protection Regulation (a country outside of the EEA).
Personal data: Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: any automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or movements.
Tracking: Collection and assessment of data or user behavior when using our services.
Tracking technologies: Tracking may be performed through the log files saved on our web servers or through data collected from your device via pixels, cookies or similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.