Privacy information

Data protection officer
No data protection officer has been appointed.

We process your personal data. This data falls into the following categories:
Data management of policyholders and insurance contracts:

Individuals:

• First name, last name, title
• Date of birth
• Address data
• Contact details (telephone number, , email address)
• Proof of identity (passport, driver’s license, identity card)
• Bank details
• Nationality
• the following personal data if required:
  • Social insurance number
  • Health data

Legal persons:

• Company name
• Date of foundation
• Contact person
• Business address
• Company contact details (telephone number, e-mail address, website)
• Bank details
• Contact details of the contact person (telephone number, fax number, e-mail address)
• Identification: extract from the company register, passport, driver’s license, identity card
• Purposes and legal bases of data processing:

Legal basis – fulfillment of the contract (Art. 6 para. 1b GDPR):
The data provided by you is required to fulfill the contract or to carry out pre-contractual measures. Without this data, we cannot conclude the contract with you. The processing of personal data for pre-contractual and contractual purposes is based on Art. 6 para. 1 b) GDPR. If special categories of personal data (e.g. your SVA number or your health data) are required for this, we will first obtain your consent in accordance with Art. 9 para. 2 a) in conjunction with Art. 7 GDPR. Art. 7 GDPR.

Legal basis – Legal obligation (Art. 6 para. 1c GDPR):
Measures to prevent money laundering and terrorist financing:
We must process data that we have received from you on the basis of a legal obligation, namely for the purpose of verification in accordance with Sections 365m et seq. GewO on measures to prevent money laundering and terrorist financing.
Without the provision of your data, we cannot comply with the legal obligations for risk assessment to prevent money laundering and terrorist financing.

Processor:

According to Art. 28 GDPR 2016, it is possible to transfer the processing of data to so-called processors. The obligations of data processing (Art. 32-36 GDPR) are thus transferred to the respective processor.

We work together with the following processors:

• ARCHANconsulting-Philip Archan:
  Customer master data management, insurance contract management, claims management, data cloud
• Together CCA GmbH:
  Insurance contract management, risk analysis, data cloud.
• CO-x Media KG: Advertising agency, web hosting
• Selsa Intelligence AG: Comparison calculator chegg.net
• Independent insurance brokers and partner companies as cooperation partners:
  Processing and invoicing of customer orders.
• Tax consultant:
  Accounting, balance sheet preparation.
• Insurance companies and banks:
  In the course of insurance and loan advice and brokerage

Categories of recipients:

Wir geben Ihre Daten an folgende Empfänger bzw. Empfängerkategorien weiter:

Insurance companies:
If we arrange insurance contracts for you, your personal data or that of your company and your contact person named in the company for insurance contracts will be made available to the respective insurance companies.

Registration offices:
If we arrange motor vehicle insurance contracts for you, your personal data or that of your company and your contact person named for insurance contracts in the company will be transmitted to registration offices.

Cooperation workshops:
Insofar as we arrange insurance contracts for you that offer you the option of having certain types of damage repaired at cooperation workshops in the event of a claim.

Experts:
Insofar as we arrange insurance contracts for you for which the expertise of an expert is appropriate for the valuation of an insured sum, your personal data or that of your company and your contact person in the company named for insurance contracts will be passed on to experts.

Data transfer to a third country

Your data will also be processed, at least in part, outside the EU or the EEA, namely in the USA and all countries in which Google LLC operates data centers. The appropriate level of data protection results from standard data protection clauses in accordance with Art. 46 para. 2 lit. c and d GDPR. A copy of these standard data protection clauses is available at https://gsuite.google.com/terms/mcc_terms.html.

Storage period/deletion period:

We block or delete your personal data as soon as it is no longer required for the above-mentioned purposes. Personal data may be stored for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
We store your personal data if there are legal obligations to provide evidence and retain data. These arise, among others, from the UGB, the VersVG and the Money Laundering Act. They amount to seven to ten years.

Information on legal remedies

As we process the data in our legitimate interests, you generally have the right to object if you have reasons arising from your particular situation that speak against this processing.
As we (also) process the data for direct marketing purposes, you can object to this processing for direct marketing purposes at any time.
In principle, you have the rights to information (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection (Art. 21 GDPR). Please contact us for this.
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, the data protection authorit (http://www.dsb.gv.at/) is responsible.

Contact address of the data protection authority:

Supervisory authority for compliance with data protection regulations in Austria:
Austrian Data Protection Authority
Wickenburggasse 8-10
1080 Vienna
Phone: +43 1 531 15-202525
Fax: +43 1 531 15-202690
E: dsb@dsb.gv.at
W: http://www.dsb.gv.at/