PRIVACY POLICY

Privacy policy pursuant to the GDPR SIGNAL IDUNA Group

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations are the companies of the:

SIGNAL IDUNA Group
Joseph-Scherer-Strasse 3
44139 Dortmund
Telephone: 0231 135-0
Fax: 0231 135-4638

Neue Rabenstrasse 15-19
20354 Hamburg
Telephone: 040 4124-0
Fax: 040 4124-2958

The list of the companies of the SIGNAL IDUNA Group can be found in the imprint below

https://www.signal-iduna.de/anbieter.php

Email: info@signal-iduna.de
Internet: http://www.signal-iduna.de/


Contact information of the data protection officer

If you have any questions, suggestions or complaints regarding the handling of your personal data at SIGNAL IDUNA, you can contact our Corporate data protection officer, who will of course be pleased to assist you in case of information, correction or deletion/blocking of these data.

Corporate data protection officer for the SIGNAL IDUNA Group

Joseph-Scherer-Strasse 3
44139 Dortmund
Germany
Telephone: 0231 135-4630
Fax: 0231 135-134630
Email: datenschutz@signal-iduna.de
Website: www.signal-iduna.de


General information on data processing


Scope of the processing of personal data

In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 para. 1 lit. a of the General Data Protection Regulation (GDPR) is the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 para. 1 lit. b of the GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as the processing of personal data is required to fulfil a legal obligation which our company is subject to, Article 6 para. 1 lit. c of the GDPR is the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the data subject do not prevail, Article 6 para. 1 lit. f of the GDPR is the legal basis for processing.

Data erasure and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage no longer exists. In addition, such storage may be carried out if it is provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of the data shall also take place when a storage period prescribed by the regulations mentioned expires, unless there is a need for further storage of the data for the conclusion of a contract or the fulfilment of the contract.

Provision of the website and creation of log files

Description and scope of the data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer.

The following data can be collected in such cases:

  • Information about the browser type and version used
  • The operating system of the user
  • Date and time of access
  • Websites from which the system of the user is referred to our website
  • Websites that are accessed by the system of the user through our website

These data are stored in our system log files. Not affected by this are the complete IP addresses of the user or other data that allow the assignment of the data to a user. These data are not stored together with other personal data relating to the user.

Legal basis for data processing

The legal basis for the temporary storage of data is Article 6 para. 1 lit f of the GDPR.

Purpose of data processing

The temporary storage of IP addresses by the system is necessary to enable delivery of the website to the computer of the user. To do this, the IP address of the user must be stored for the duration of the session.
For these purposes, our legitimate interest in processing the data is also pursuant to Article 6 para. 1 lit f of the GDPR.

Storage period

The data shall be deleted as soon as it is no longer necessary for the purposes for which it was collected. In the case of data collection for the provision of the website, this is when the respective session ends.

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.

Use of cookies

Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or placed on your computer system by the Internet browser. When a user visits a website, a cookie may be stored on the operating system of the user. This cookie contains a string of characters that allow the browser to be uniquely identified when the website is revisited.

On our website we use the following cookies

  • econda
    From these data, usage profiles for statistical purposes are created under a pseudonym.

For more information, see the relevant section below.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 para. 1 lit. f of the GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user pursuant to Article 6 para. 1 lit. a of the GDPR.

Purpose of data processing

The processing of user personal data enables us to analyse the navigation behaviour of our users. By analysing the data obtained, we are able to compile information concerning the use of the individual components of our website. This helps us to improve our website and its user friendliness constantly. For these purposes, our legitimate interest in processing the data is also pursuant to Article 6 para. 1 lit. f of the GDPR. The anonymisation of the IP address takes sufficiently into account the interest of users in the protection of their personal data.
 
For these purposes, our legitimate interest in processing the personal data is also pursuant to Article 6 para. 1 lit. f of the GDPR.

Storage duration, objection and elimination possibility

Cookies are stored on the computer of the user and are transmitted by it to our website. Therefore, as a user, you have full control over the use of cookies. You can disable or restrict the transmission of cookies by changing your Internet browser settings. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to make full use of all its functions.

We offer our users the option of opting out of the analysis process on our website. For this you must follow the appropriate links. In this way, another cookie is set on your system, which signals our system not to save the data of the user. If the user deletes the corresponding cookie in the meantime from his or her own system, he or she must set the opt-out cookie again.

Web analysis with econda

On our website we use the software tool econda to analyse the navigation behaviour of our users. The software sets a cookie on the computer of the user (for cookies see above). If individual pages of our website are accessed, the following data are stored:

(1) Two bytes of the IP address of the requesting system of the user
(2) The name of your internet service provider,
(3) The website from which you visit our website,
(4) the websites you visit as well as
(5) the date and duration of your visit

The software is configured so that the IP addresses are not completely stored but rather 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). Accordingly, an assignment of the shortened IP address to the requesting computer is no longer possible
 
Objection to the econda cookie (do-not-track)

Please click here to exclude yourself from tracking and profiling.

Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights with regard to the controller:

Right to information

You have the right to obtain information from the controller about the extent to which your personal data are being processed by us.

If processing is taking place, you can request the following information from the controller:

(1) the purposes for which personal data is processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom your personal data have been or will be disclosed;

(4) the planned duration of the storage of your personal data or, if specific information is not available, the criteria for determining the duration of storage;

(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of your personal data, or to object to such processing;

(6) the right to lodge a complaint with a supervisory authority;

(7) all available information regarding the source of the data if the personal data have not been collected from the data subject;

(8) the existence of automated decision making including profiling according to Article 22 para. 1 and 4 of the GDPR and, at least in these cases, meaningful information regarding the logic involved and the scope and intended effect of such processing with respect to the data subject.

You also have the right to be informed whether your personal data have been transferred to a third country or to an international organisation. In this respect, you can request the appropriate guarantees in accordance with Article 46 of the GDPR and be informed in connection with the transmission.

Right to rectification

You have a right to request the rectification and/or completion of your personal data by the controller if the personal data being processed is incorrect or incomplete. The controller must make the rectification without delay.

Right to restriction of processing

Under the following conditions, you may request the restriction of processing of your personal data:

(1) if you contest the correctness of your personal data for a period of time that enables the controller to verify the correctness of the personal data;

(2) if the processing is unlawful, you decline your right to the erasure of your personal data and instead demand that the use of your personal data be restricted;

(3) if the data controller no longer needs your personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims, or

(4) if you have objected to the processing pursuant to Article 21 para. 1 of the GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh yours.

If the processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing of your personal data has been restricted pursuant to the above conditions, you shall be notified by the controller before the restriction is lifted.

Right to erasure

Erasure obligation

You may demand the controller to delete your personal data without delay, and the controller shall be required to delete that information immediately if one of the following is true:

(1) If your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(2) You revoke your consent to the processing pursuant to Article 6 para. 1 lit. a or Article 9 para. 2 lit. a of the GDPR and there is no other legal basis for processing.

(3) You object pursuant to Article 21 para. 1 of the GDPR and there are no overriding legitimate reasons for processing, or you object to the processing pursuant to Article 21 para. 2 of the GDPR.
(4) if your personal data have been unlawfully processed;

(5) if your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(6) The personal data were collected in relation to the information society services offered in accordance with Article 8 para. 1 of the GDPR.

Information to third parties

If the controller has made the personal data concerning you public and pursuant to Article 17 para. 1 of the GDPR is obligated to the erasure of personal data, it shall take appropriate measures also of a technical nature taking into account the available technology and implementation costs, in order to notify data controllers who process the published personal data, in particular to delete all links to such personal data or copies or replications of such personal data, insofar as the processing is not required.

Exceptions

You do not have the right to erasure if processing of your data is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfil a legal obligation requiring the data to be processed under the law of the Union or the Member States to which the controller is subject, or to perform a task in the public interest, or in the exercise of official authority delegated to the controller;

(3) for reasons of public interest in the field of public health, pursuant to Article 9 para. 2 lit. h and i and Article 9 para. 3 of the GDPR;

(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 para 1 of the GDPR, to the extent that the law referred to in section (a) is likely to render impossible or seriously prejudice the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defence of legal claims.

Right to information

If you have asserted your right to rectification, erasure or restriction of processing with the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

With regard to the controller, you have a right to be informed about these recipients.

Right to data portability

You have the right to receive the personal data you made available to the data controller in a structured, common and machine readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, insofar as

(1) the processing is based on a consent pursuant to Article 6 para 1 lit. a of the GDPR or Article 9 para 2 lit. a of the GDPR, or on a contract pursuant to Article 6 para. 1 lit. b of the GDPR and

(2) processing is carried out by automated means.

Furthermore, when exercising this right, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This should not affect the rights and freedoms of other persons.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority delegated to the controller.

Right to object

You have the right at any time, for reasons that arise from your particular situation, to prevent the processing of your personal data, which, pursuant to Article 6 para. 1 lit. e or f of the GDPR takes place, this also applies to profiling based on these provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

Notwithstanding the Directive 2002/58/EC, you also have the possibility, in connection with the use of information society services, to exercise your right of opposition by means of automated procedures using technical specifications.

Right to revoke consent under data protection law

You have the right to revoke your consent to data processing at any time. The revocation of consent does not affect the legality of processing carried out prior to the revocation on the basis of your consent.

Automated individual decision making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3) is made with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 para 1 of the GDPR, unless Article 9 para. 2 lit. a or g of the GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestrasse 2-4
40213 D√ľsseldorf
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de/

The data protection authority in NRW is responsible for the following companies of the SIGNAL IDUNA Group:
- SIGNAL IDUNA Krankenversicherung a. G.
- SIGNAL Unfallversicherung a. G.
- SIGNAL IDUNA Allgemeine Versicherung AG
- PVAG Polizeiversicherungs-Aktiengesellschaft
- Adler Versicherung AG

Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI)

Klosterwall 6 (Block C)
20095 Hamburg
from 5 June 2018
Kurt-Schumacher-Allee 4
6. Upper floor
20097 Hamburg, Germany
Email: mailbox@datenschutz.hamburg.de

The data protection authority in Hamburg is responsible for the following companies of the SIGNAL IDUNA Group:
- SIGNAL IDUNA Lebensversicherung a. G.
- SIGNAL IDUNA Bauspar AG
- SIGNAL IDUNA Pensionskasse AG
- SIGNAL IDUNA Asset Management GmbH
- HANSAINVEST Hanseatische Investment-GmbH
- DONNER & REUSCHEL Aktiengesellschaft

Hessen Data Protection Officer
Gustav-Stresemann Ring 1
65189 Wiesbaden
Email: poststelle@datenschutz.hessen.de

The data protection authority in Wiesbaden is responsible for the following companies of the SIGNAL IDUNA Group:
- Deutsche Rechtsschutz-Versicherung Aktiengesellschaft (DEURAG)

Privacy Information

The European General Data Protection Regulation (GDPR) and the Federal Data Protection Act regulate the handling of your personal data. To comply with the extended information requirements according to Article 13 of the EU-GDPR and Article 14 of the EU-GDPR contract related information and information sheets are available to you.
¬Ľ Selection of privacy Information


Consent and confidentiality release

For the handling of particularly sensitive personal data such as health data, sample clauses for consent and confidentiality obligations for the collection, processing and use of such data have been developed between the German Insurance Association (GDV) and the data protection supervisory authorities. These apply to all companies in health, life and accident insurance. The processing of the contracts in the companies of the SIGNAL IDUNA Group, which make use of health data or such data, which are subject to confidentiality pursuant to § 203 of the German penal code, has been carried out since 2013 on this basis

Below is an example of the new declaration of consent and confidentiality as a sample:
Informed consent SIGNAL IDUNA Krankenversicherung a.G. (pdf document)
Informed consent SIGNAL IDUNA a. G. (pdf document)
Informed consent SIGNAL IDUNA Allgemeine Versicherung A.G. (pdf document)

 
SITE NOTICE | PRIVACY POLICY

Contact us

It is the BVB fans and visitors of this website who breath life into the virtual SIGNAL IDUNA PARK ‚Äď every day in a new way. This is why we always appreciate feedback!

We are looking forward to hear your ideas and suggestions but also your criticism concerning this website. So if you have a question or something to say, just fill out the contact form below!      

 
 
Hiermit willige ich ein, dass die SIGNAL IDUNA Gruppe zur Optimierung der Website und Marketingmaßnahmen Tracking-Cookies einsetzt und meine Daten gemäß der SIGNAL IDUNA Gruppe-Datenschutzerklärung verarbeitet werden. Meine Einwilligung kann hier jederzeit widerrufen werden.