- Data Protection Officer
- Data Security
- Data Processing Details
- Data Processing
- Visiting the Website/Application
- Customer Support
- Data Subject Rights
- Right to Object
- Right of Access
- Right to Rectification
- Right to Erasure ("Right to be Forgotten")
- Right to Restriction of Processing
- Right to Data Portability
- Withdrawal of Consent
- Right to Lodge a Complaint
Data processing can be divided into two categories:
All the data necessary for the execution of a contract will be processed for this purpose. If external service providers are involved in the execution of a contract, your data will be transferred to them to the necessary extent.
When you visit our website/applications, various information will be exchanged between your device and our server. This may include personal data.
ControllerThe data controller—i.e., the person who decides on the purposes and means of personal data processing —for the services is the respective managing director of the individual company (see Imprint)
Data Protection Officer
You may contact our data protection officer as follows: Contact Form
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
To implement the measures required under Art. 32 GDPR and achieve a risk-adequate level of protection, we have established an information security management system at our company.
II. Data processing details
Unless otherwise stated, the following applies to the processing described hereafter:
No Duty to DiscloseThere is no contractual or legal duty to disclose personal data. You are not required to provide personal data.
Consequences of Non-DisclosureFor necessary data (data marked as mandatory on the entry form), non-disclosure means that the respective service cannot be performed. Non-disclosure may also prevent our services from being provided in the same form or with the same quality.
In a number of cases you have the option of granting us your consent to further processing in connection with the processing operations described below (where applicable, for part of the data). In these cases we will inform you separately, in connection with the submission of the respective declaration of consent, about all the modalities and the scope of the consent and about the purposes that we pursue with these processing operations.
Transmission of Personal Data to Third Countries
We will only transmit data to third countries, i.e., countries outside of the European Union, in compliance with the applicable legal admissibility requirements.
The admissibility requirements are regulated in Art. 44 – 49 GDPR.
Hosting by External Service Providers
To a large extent, we process data through so-called hosting service providers who provide memory and processing capacities to us at their data centers and process personal data on our behalf and according to our directives. These service providers either process data exclusively in the EU or we will guarantee an adequate level of data protection through EU standard data protection clauses.
Transmissions to Public Authorities
We will transmit personal data to public authorities (including law enforcement authorities) if required by law (legal basis: Art. 6(1) Letter c GDPR) or for the exercise, establishment or defense of legal claims (legal basis: Art. 6(1) Letter f GDPR).
We will only store your data for as long as it is necessary for the respective processing purposes. If the data is no longer necessary for the fulfillment of legal or contractual obligations, the data will be erased, unless continued temporary storage is necessary. Reasons for this may include:
- Commercial and tax law storage obligations
- Maintaining evidence for legal disputes within limitation periods
Likewise, we may continue to store your data with your express consent.
Personal master data: Title, gender, first name, last name, date of birth
Address data: Street, house number, address additions if applicable, ZIP code, city, country
Contact data: Telephone number(s), fax number(s), email address(es)
Registration data: Information about the service you have registered for; times and technical information about registration, confirmation and cancellation; data provided by you during registration.
Applicant data: CV, reports, certificates, work samples, images
Company figures: Revenue, balance sheet
This section will inform you about how we process your personal data when you are using our services. Please note that, due to the nature of information transfer on the Internet, the transmission of access data to external content providers (see Letter b below) is unavoidable.
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Access data Connection, display of service content, discovery of attacks on our pages through suspicious activities, troubleshooting Art. 6(1) Letter f GDPR Proper service functionality, security of data and business processes, prevention of misuse, prevention of damage caused by information systems interference 7 days b. Personal Data Recipients Recipient category Data concerned Legal basis of transmission Legitimate interest, if applicable External content providers who provide contents (e.g., images, videos, embedded posts from social networks, advertising banners, fonts, update information) necessary for displaying our services Access data Commissioned processing (Art. 28 GDPR) Orderly functioning of services, (accelerated) content displays IT security service provider Access data Commissioned processing (Art. 28 GDPR) Preventing attacks and exploitation of security gaps/vulnerabilities c. External content providers who transfer personal data to third countries Service description Function Data transfer to third countries If applicable, adequacy decision (Art. 45 GDPR) If applicable, appropriate safeguards (Art. 46 GDPR) Google Maps Included to offer directions Yes Proper function of services, security of data and business processes, prevention of abuse and protection against damage caused by information system interreference EU-US Privacy Shield: www.privacyshield.gov/participant
This section describes what happens to your personal data when subscribing to our newsletter
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Email address Verification of registration (closed-loop authentication), sending the newsletter Art. 6(1) Letter b GDPR Duration of newsletter subscription Personal master data Personalization of the newsletter Art. 6(1) Letter b GDPR Duration of newsletter subscription Registration data Traceability of newsletter subscription/confirmation/unsubscription Art. 6(1) Letters b & f GDPR Proof of newsletter subscription/confirmation/unsubscription Duration of newsletter subscription Newsletter user profile data Interest aligned design of the newsletter Art. 6(1) Letter f GDPR Service improvement, advertising purposes Duration of newsletter subscription b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Newsletter sending service provider All data under “a” Commissioned processing (Art. 28 GDPR)
We will process your personal data as follows for application purposes:
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Address data, contact details Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR 6 months Personal master data Identification, contacting, age verification Art. 6(1) Letter b GDPR 6 months Applicant data Applicant selection Art. 6(1) Letter b GDPR 6 months b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Service provider/tools, if applicable Job portals Identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR Martens & Prahl Versicherungskontor GmbH & Co. KG (Holding) Applicant selection, identification, contacting, communication for contract conclusion Art. 6(1) Letter b GDPR
This section describes how your personal data may be processed and how you may contact our customer support:
a. Information about processing Data category Intended purpose Legal basis Legitimate interest, if applicable Storage duration Personal master data, contact details, contents of inquiries/complaints Customer inquiry and user complaint handling Art. 6(1) Letters b & f GDPR Customer loyalty, service improvement Inquiry handling b. Personal Data Recipients Recipient category Data concerned Legal basis for transmission Legitimate interest, if applicable Service providers: ID Netsolution GmbH, Segeberstr. 9 -13a, 23863 Kayhude, Germany, email: email@example.com Q-Data Service GmbH, Sachsenstraße 7, 20097 Hamburg, Germany, email: firstname.lastname@example.org Company name All data under Letter a Art. 6(1) Letters b & f GDPR Insurance companies All data under Letter a Art. 6(1) Letters b & f GDPR Cooperating brokers All data under Letter a Art. 6(1) Letters b & f GDPR Underwriting agents All data under Letter a Art. 6(1) Letters b & f GDPR Reinsurance companies All data under Letter a Art. 6(1) Letters b & f GDPR Broker pools All data under Letter a Art. 6(1) Letters b & f GDPR Technical service providers All data under Letter a Art. 6(1) Letters b & f GDPR Tip providers All data under Letter a Art. 6(1) Letters b & f GDPR Social insurance carriers All data under Letter a Art. 6(1) Letters b & f GDPR Insurance ombudsmen All data under Letter a Art. 6(1) Letters b & f GDPR BaFin [German Federal Financial Supervisory Authority] All data under Letter a Art. 6(1) Letters b & f GDPR Attorneys All data under Letter a Art. 6(1) Letters b & f GDPR Tax advisors All data under Letter a Art. 6(1) Letters b & f GDPR Legal successors All data under Letter a Art. 6(1) Letters b & f GDPR
III. Data Subject Rights
Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
You may exercise this right to object free of charge.
Right of Access
You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, which personal data this is.
Right to Rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
Right to Erasure (“Right to be Forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to Restriction of Processing
You have the right to obtain from us restriction of processing for personal data concerning you.
Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to have the personal data transmitted directly from us to another controller.
Withdrawal of Consent
You have the right to withdraw your consent at any time for the future.
Right to Lodge a Complaint
You have the right to lodge a complaint with a competent supervisory authority.
Commissioned processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Browser: Computer program for accessing websites (e.g., Chrome, Firefox, Safari)
Cookies: In relation to the World Wide Web, cookies mean small text files that are saved locally on the user's computer when visiting a website. These files save data on the user's behavior. Opening one's browser and visiting the same website again will activate the cookie which will transmit information on the user's surfing behavior to the web server based on the data saved by the cookie.
In this regard, cookies are not edible, but information saved locally in a small text file on a user's computer when they visit a website. This may include the user's page settings or information on the user collected independently by the website. These locally saved text files may subsequently be read by the web server that installed them. Most browsers accept cookies automatically. You may manage cookies through your browser settings (usually under "Options" or "Settings"). This allows you to disable, limit or require your consent for the saving of cookies. You may also delete cookies at any time.
Third countries: Countries not bound to the legal requirements of the EU General Data Protection Regulation (a country outside of the EEA).
Personal data: Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: any automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or movements.
Tracking: Collection and assessment of data or user behavior when using our services.
Tracking technologies: Tracking may be performed through the log files saved on our web servers or through data collected from your device via pixels, cookies or similar tracking technologies.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.