The following provisions governing our privacy policy apply to the KA Koeln.Assekuranz Agentur GmbH website as well as to its apps for mobile end devices. This website contains links to third-party websites (external links). These websites are subject to the liability of the respective operator. Should you discover that any link on our website links to content that violates governing law, please inform us at info@koeln-assekuranz.com. We will then delete these links from our website without delay.
KA Koeln.Assekuranz Agentur GmbH shalls not accept any liability for ensuring that the information is up to date, accurate, complete and of high quality.

Herewith we inform you about the processing of your person-related data when using the internet websites including its apps and your rights according to the data protection law.

 

2.1. Who is responsible for the data processing and who is the data protection officer?

Responsible for the data processing is

KA Köln.Assekuranz Agentur GmbH
Scheidtweilerstr. 4
50933 Cologne
E-mail: info@koeln-assekuranz.com

You can contact our data protection officer Mr. Constantin Wirtz at the above address with the addition of – data protection officer or under the email address datenschutz@koeln-assekuranz.com.

 

2.2. What data categories do we use and where do they originate from?

Basically, you have the possibility to use our internet offer anonymously. We do not store any person-related or person-obtainable data (e.g. IP addresses) of users of our website. When visiting our internet sites data (date, time, viewed sites, navigation, applied software) is collected by us for an anonymous analysis via an anonymisation by an external service provider. The anonymisation occurs before the storage of the data by the service provider.

Further references to our internet presence can be found under paragraph 7.   

 

2.3. For what purpose does the processing of the data serve?

Should you communicate your personal data under certain circumstances to us, we will treat them confidentially in accordance with the valid data protection regulations of the place of business. When you send us an e-mail or you fill in an online form on our website and send it to us, then we process your stipulated personal data (e.g. your name or e-mail address) exclusively for our correspondence with you in order to send the required documents or information or for such other purpose which has been stated on any one form. 

If we want to process your person-related data for any other purpose, we will inform you thereof beforehand.

 

2.4. On what legal basis will your person-related data be processed?

We process your person-related data according to the regulations of the European General Data Protection Regulation (GDPR), the Federal Data Protection Act NEW (BDSG) together with any other related laws regarding the processing of person-related data.

The concrete legal basis for the data processing is dependent on the background and for what purpose we receive your data. We will therefore inform you specifically of each application should it be necessary.

Usually the legal basis is necessary on the request of the person concerned either in “legitimate interests of the person(s) responsible for the carrying out of the communication” or within the process of a job application in order to carry out measures precedent to the contract. This could occur especially where registered users are involved (e.g. applicants' portal) where the consent of the user or the person concerned is necessary.

 

2.5. Who has access to your data?

Among the people responsible only those people and areas have access to the data concerned who are responsible for that particular process: in this regard there is a clear allocation of duties and authorisation scheme. Data can also be transferred to service providers for the above-mentioned purposes. The inclusion of service providers is necessary e.g. within the management and maintenance of IT systems. A list of all service providers who carry out data processing by order can be viewed or downloaded from paragraph 5 or can be mailed if requested.

In addition, person-related data can be communicated to further recipients should this be necessary in order to fulfil contractual or legal obligations (e.g. regulatory authorities).

Also a transfer of data to affiliated companies may occur e.g. within the scope of business communication or corporate control services.

2.6. Is your data communicated to a third party country?

Currently such a transfer to service providers in a third party country does not occur.
Should person-related data be communicated to a service provider or a company outside the European Economic Area (EEA) , this occurs only when the third country has been confirmed by the EU commission to having an adequate data protection level or some other adequate data protection guarantees (e.g. the acknowledgement of EU standard contract clauses) is in place. You can also request the information under the above-mentioned contact data.

 

2.7. What measures do we undertake to protect your data?

We take appropriate technical and organisational security precautions according to the current level of technology to protect data from random or wilful manipulation, loss, destruction or access by unauthorised persons. We implement an SSL (Secure-Socket-Layer) on the supplied dialogue forms on our internet sites to protect your information. This SSL connection protects your data when transmitted from being seen by a non-authorised third party. If you send us a normal, unsecured email containing unencrypted data, there is a chance, during the transmission of your data via the internet, that this can be seen or altered by unauthorised persons.

 

2.8. What data protection rights can you as the person concerned assert?

You can request information regarding the stored data about your person from the above-mentioned address. In addition, under certain circumstances, you may request the correction or the deletion of your data. You also have the right to a restriction on the processing of your data as well as a right regarding the issuing of the data you provided to be in a structured, current and machine legible form.

2.9. Right of objection

If we process your data for the protection of legitimate rights, you may object to this processing for reasons which relate to your special situation. We then no longer process your person-related data unless we can prove compulsory legitimate reasons for the processing that outweigh your interests, rights and freedom or the processing serves the enforcement, the exercising or defence of legal claims.

If we process your data on the basis of your given consent, you can at any time withdraw this consent effective for the future.

2.10. Where can you complain?

You have the possibility to contact the above-mentioned data protection officer or a data protection regulatory authority. The data protection regulatory authority responsible for us is:

Landesbeauftragte fur Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Kavalleriestrasse 2-4
40213 Duesseldorf

2.11. How long is your data stored?

We delete your person-related data as soon as it is no longer necessary for the above-mentioned purpose. This occurs regularly through legal burden of proof and legal obligation to retain data, which are regulated amongst others in the code of commercial law, tax laws and the fiscal code. According to these the period of data retention is normally up to ten years. In addition it can occur that person-related data is stored for the time within which claims against us can be made (legal statutory limitation of between three and  thirty years). Further information can be found, if relevant, under each single case of data processing.

2.12. Are you obliged to disclose your data?

You are not obliged to disclose person-related data when using the website. However, there are certain services for which we require person-related data from you, e.g. in order to send you the desired newsletter for example or to consider you in an application process. Without this data the desired services cannot be fulfilled. We only collect the really necessary data in each case.

2.13. To what extent do automated decisions on a by-case basis or automated measures for profiling exist?

Such measures do not currently exist in our company.
Should we ever use purely automated processing procedures to come to a decision – including profiling – we will inform of such in the respective application.

2.14. Usage of your data

According to the General Data Protection Regulation (GDPR) there will be, in the future, legally binding obligations to inform you, as soon as and so far as your person-related data is collected for processing. Therefore, respective information will be included particularly in insurance applications in the future regarding the actual usage of your person-related data. You can access a few selected versions of information regarding the usage of data under: Informationsblatt zur Datenverwendung

Please note: our company does not take part in the “Instructions and Information Systems of the German Insurance Business”

 

2.15. Amendments to this declaration

The advancement of our websites and development in technology lead now and then to amendments to our data privacy statement. Please be aware of the current version of our data privacy statement when viewing our sites.

On 1 March 2013, the German companies of the ERGO Group signed up to “Code of Conduct for handling personal data by the German insurance industry" (Data Privacy Code of Conduct). The Data Privacy Code of Conduct governs the collection, processing and use of your personal data.
This Code of Conduct was agreed between the German Insurance Association (GDV) and the German data protection supervisory authorities. The Data Protection Officer in Berlin examined the Data Privacy Code of Conduct and determined that the provisions are compliant with the current law on data protection.
The companies that have signed up agree to adhere to the stipulated requirements and, if applicable, implement any regulations still outstanding by the due date. For the first time, a data privacy standard has been drawn up that is applicable throughout the industry. Previous federal data protection regulations have now been specified in more detail and concerns about data protection have been taken into consideration beyond the legally prescribed standards.
Additional consent is no longer necessary in many instances as a result of the Code of Conduct. In cases of highly sensitive data – such as, for instance, health data – we still require consent to record and use the data, as well as a statement providing permission to disclose confidential information.

You can download the German Insurance Association’s Code of Conduct for handling personal data here.
Code of Conduct (in German, PDF file)

You can also request the German text as a hard copy. Please request a copy by sending us an email to info@koeln-assekuranz.com.

The companies of the ERGO Group in Germany have been using new consent forms and statements providing permission to disclose confidential information for their applications, requests and membership applications since 1 January 2013. The statements were agreed between the German Insurance Association (GDV) and the data protection supervisory authorities. They provide even more transparency concerning the handling of your personal data. Consent form for the permission to collect and proceed health data and the disclosure of confidential information (in German, PDF file)

We maintain a list of all service providers who are able to work for KA Koeln.Assekuranz Agentur GmbH within the framework of a contract. The duty to maintain this list is the result of the new consent forms and statements providing permission to disclose confidential information, as well as the new rules (Data Privacy Code of Conduct) agreed between the German Insurance Association (GDV) and the data protection supervisory authorities.
The list aims to create transparency with regard to processing your data. It features service providers that collect, process or utilise health data and/or other personal details on behalf of German companies belonging to the ERGO Group as agreed in the respective contract.
The service providers are named specifically if their main task is to record, process or utilise personal data. As regards service providers where the processing of personal data is not their main task, such as waste disposal companies for paper and electronic storage media, these are only named in the service categories. The same is true for service providers that only work for KA Koeln.Assekuranz Agentur GmbH on a temporary basis. You may object to your data being transmitted to any particular service provider on the list by stating your reasons. We will then check whether, as a result of your own particular personal situation, the protection of your interests precludes your data from transmission.
Please note that all service providers working for KA Koeln.Assekuranz Agentur GmbH are named in the list. This does not, however, mean that your data will be forwarded to all our service providers. List of service providers (in German, PDF file)

6.1. Transferring information and encryption

If you choose to send a message to KA Koeln.Assekuranz Agentur GmbH by way of the contact form, the information is sent using an encryption technique known as SSL (secure socket layer) with a key length of at least 128 bit.

 

6.2. Cookies

During an online session cookies are stored on your computer. These are small files that control the presentation and operation of our website. We use cookies to give you the best possible result on our website. Therefore, we store these small files - which you do not personally identify - and evaluate the data. This improves the usability of our website. Statistical evaluations of these websites are carried out anonymously. We do not provide a personal reference to you.
The cookies do not contain any personal information.
Note: The setting for cookies varies from browser to browser.

 

6.3. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer to help the website analyse how visitors use the site. This website uses Google Analytics with the extension "_anonymizeIp()". This shortens the processing of IP addresses and, according to Google, virtually excludes the possibility of personal references. So far as the data collected about you are related to a person, this should therefore be excluded immediately and the personal data deleted immediately. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By pushing the button "agree", you consent to the processing of data about you by Google in the manner and for the purposes set out above. By pushing the button "decline" no processing of date by Google takes place.

 

6.4. Social networks

Our websites and our apps both use plug-ins of several social networks: LinkedIn, Xing and youtube. The plug-ins are marked with a logo.
If you access one of our website pages or apps containing such a plug-in, these plug-ins can create a direct link with the social network and could transmit data. The plug-in, your browser and the social network will then all communicate with one another. Due to the incorporated plug-ins, the social networks will be informed that you have accessed a particular page on our website. If you are logged into the social network at the time, it can attribute the visit to your social network account.
If you interact with the plug-ins, e.g. by clicking the “Like” button or making a comment, this information is transmitted directly to the social network and stored there in accordance with the guidelines of the relevant social network. For information on the purpose and scope of collecting this data and its subsequent processing and utilisation by the social network, as well as your rights in this regard and the settings available to protect your private sphere, please refer to the data privacy information available from the social network in question.
If you do not wish social networks to collect data about you via our website, you will need to log out of all social networks before visiting our website or using our app.

KA Koeln.Assekuranz Agentur GmbH uses the e-mail address provided in order to send you a reply with the details requested. However, we only send personal or confidential information once it has been encrypted, or, should this not be possible, by post. If the contents of your message relate to a contract, KA Koeln.Assekuranz Agentur GmbH will archive the e-mail. The e-mail address will only be used to correspond with you and will not be forwarded to any third parties. You will not receive any unsolicited e-mails from us. If, however, you do receive an unsolicited e-mail which states that it has been sent by us, it has been sent fraudulently and should be deleted immediately.
Before sending KA Koeln.Assekuranz Agentur GmbH an e-mail that has not been encrypted, please remember that its contents are not safeguarded against other people viewing them or using them fraudulently. Consequently, we would recommend that you send any message to KA Koeln.Assekuranz Agentur GmbH using the contact form.

If you cooperate with our company within the framework of the K.A.R.L.^® services offered by us as well as other services provided by our company (in particular in the context of risk service services), the above statements shall apply mutatis mutandis.

We process and store your data exclusively within the framework of and for the fulfilment of the existing K.A.R.L.^® contractual relationship or other service contractual relationship. This includes the LOG-IN data that we have received from you and your mail signature, which we use for correspondence with you.

The location coordinates and other location data disclosed to us as part of a location assessment will be used exclusively for the fulfilment of the natural hazard assessment contractually promised by us. A use for other purposes (e.g., marketing, research of natural persons or similar) does not take place.

The same applies mutatis mutandis in the context of another service contractual relationship.