Privacy policy pursuant to the GDPR

Information about the processing of your data by SIGNAL IDUNA 

If you have concluded an insurance contract with us, have reported a loss to us or have otherwise contacted us, we hereby inform you and any other data subjects about the processing of your personal data by SIGNAL IDUNA and your rights under data protection legislation.

» Selection of privacy information

Information about the processing of your data on this website 

This privacy statement explains the nature, scope and purpose of the processing of personal data within our online offering.


Section 1

Data controller

The data controllers responsible for compliance with the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, are the following SIGNAL IDUNA companies:

SIGNAL IDUNA Krankenversicherung a. G.
PVAG Polizeiversicherungs-Aktiengesellschaft
ADLER Versicherung Aktiengesellschaft

Joseph-Scherer-Straße 3
44139 Dortmund, Germany
Telephone: 0231 135-0
Fax: +49 (0) 231 135-4638

SIGNAL IDUNA Lebensversicherung a. G.
SIGNAL IDUNA Pensionskasse Aktiengesellschaft

Neue Rabenstraße 15-19
20354 Hamburg, Germany
Telephone: 040 4124-0
Fax: +49 (0) 40 4124-2958

DEURAG Deutsche Rechtsschutz-Versicherung AG

Abraham-Lincoln-Straße 3
65189 Wiesbaden, Germany
Telephone: 0611 771-0

DONNER & REUSCHEL Aktiengesellschaft

Ballindamm 27
20095 Hamburg, Germany
Telephone: 040 30217-5678

HANSAINVEST Hanseatische Investment-GmbH

Kapstadtring 8
22297 Hamburg, Germany
Telephone: 040 30057-0

SIGNAL IDUNA Bauspar Aktiengesellschaft

Kapstadtring 7
22297 Hamburg, Germany
Telephone: 040 4124-7128

SIGNAL IDUNA Asset Management GmbH

Kapstadtring 8
22297 Hamburg, Germany
Telephone: 040 4124-0

Contact details for the data protection officer

If you have any questions, suggestions, or complaints regarding the handling of your personal data at SIGNAL IDUNA, you can contact our corporate data protection officer, who will of course be pleased to assist you with information about or the correction, deletion and/or blocking of this data.

Data protection officer

Joseph-Scherer-Straße 3
44139 Dortmund, Germany

Telephone: 0231 135-4630
Fax: +49 (0) 231 135-134630

Section 2

General information on data processing

1. Scope of the processing of personal data

In principle, we collect and utilise our users' personal data only insofar as this is necessary for the provision of an operational site and of our content and services.


 “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation, or series of operations, that is carried out with or without the help of automated procedures in connection with person-specific data. The term is comprehensive and includes virtually any handling of data.

Any natural or legal person, authority, establishment or other institution that can, alone or in conjunction with others, decide upon the purposes and means of processing of person-specific data is referred to as the “data controller”.

With regard to further terms on the subject of data protection, we refer you to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Relevant legal bases

Pursuant to Article 13 GDPR, we hereby notify you of the legal basis of our data processing operations. Insofar as the legal basis is not identified in the privacy policy, the following applies:

The legal basis for obtaining consent is laid down in Article 6 para. 1 lit. a) GDPR; the legal basis for the processing in order to perform our services and the execution of contractual measures as well as the answering of inquiries is laid down in Article 6 para. 1 lit. b) GDPR; the legal basis for processing data in order to fulfil our legal obligations is laid down in Art. 6 para. 1 lit. c) GDPR and the legal basis for processing data in order to safeguard our legitimate interests is laid down in Art. 6 para. 1 lit. f) GDPR. In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 para. 1 lit. d) GDPR is the legal basis.

Transfer of data to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or Switzerland), or if we use third-party services, or disclose or transfer data to other persons or companies, this only occurs if we are required to do so in order to fulfil (pre-)contractual obligations, on the basis of your consent, on the basis of a statutory requirement or on the basis of our legitimate interests. Subject to express consent or communications required by the contract, we exclusively process or allow to be processed data in third countries with a recognised level of data protection, including the US-certified “Privacy Shield”, or on the basis of specific warranties e.g. contractual obligations through so-called standard EU Commission protection clauses, the existence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR).

Section 3

Provision of the website

Collection of access data and logfiles

Based on our legitimate interests pursuant to Article 6 para. 1 lit. f) GDPR, each time our website is accessed, our system automatically collects data and information from the computer system of the retrieving computer (so-called server log files).

The access data includes the name of the website retrieved, the file accessed, the date and time of retrieval, the amount of data transferred, notification of successful retrieval, the browser type and version, the operating system of the user, the IP address, the requesting provider, the referring URL (previously visited website), and websites that are retrieved by the user's system. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.

Deletion of data

Data processed by us is deleted or restricted in its processing. Unless expressly stated otherwise in this privacy policy, data we save is erased as soon as it is no longer required for their intended purpose, insofar as its deletion does not conflict with any statutory storage requirements. If data cannot be deleted because it is required for other and legally permissible purposes, its processing shall be restricted. This means that the data will be blocked and not processed for other purposes. This applies for example to data required to be retained for purposes relating to commercial or fiscal law.

Contact form

If you contact us via the contact form, the data you provide is processed pursuant to Article 6 para. 1 lit. f) GDPR in order to deal with your contact request, or if you have requested the conclusion of a contract, pursuant to Article 6 para. 1 lit. b) GDPR. If you send a message via the contact form, SSL (Secure Socket Layer) encryption technology with a key length of 128 bits is used to transmit this information. We delete requests insofar as they are no longer necessary, taking into account legal archiving obligations.

Section 4

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

Legal basis for data processing

The legal basis for processing personal data via technically necessary cookies is laid out in Article 6 para. 1 lit. f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user as laid out in Article 6 para. 1 lit. a) GDPR.

Purpose of the data processing

The processing of users' personal data enables us to analyse the surfing behaviour of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and to make it more user-friendly. For these purposes, we have a legitimate interest to process personal data pursuant to Article 6 para. 1 lit. f) GDPR. By anonymising the IP address, users' interest in protecting their personal data is sufficiently taken into account.

For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Article 6 para. 1 lit. f) GDPR.

Duration of storage, option to object and request removal

Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features.

We offer users of our website the possibility of an opt-out from the analysis procedure. For this you must follow the appropriate links. In this way, another cookie is placed on your system, which signals to our system not to store the user's data. If you delete the corresponding cookie from your system in the meantime, you must set another opt-out cookie.

Use of Google services

For the analysis of general usage behaviour, the presentation of personalised advertisements, as well as the evaluation of how our marketing channels are used, we use different services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google may transfer the data it collects in connection with the use of these services to a server in the USA for evaluation and storage there. In the event that personal data is transferred to the USA, Google has undertaken to comply with the EU-US Privacy Shield. However, your IP address is shortened before the usage statistics are evaluated, so that no conclusions can be drawn about your identity.

Google Analytics

We use the software tool Google Analytics on our website to analyse the surfing behaviour of our users. The software places a cookie on your computer (see above for cookies).

However, your IP address is shortened before the usage statistics are evaluated, so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended on our website by the code "anonymizeIP" to ensure anonymous collection of IP addresses.

Google will use this stored information to evaluate your use of the website, to compile reports on website activity for website operators, and for the provision of other services related to Internet use and use of the website.

Objection to and option to remove the Google Analytics cookie

You can configure your browser to reject cookies as shown above. Alternatively, you may prevent the collection of cookie-generated information related to your use of our sites in the cookie settings found in Google's privacy policy.

You can also prevent Google from processing this information by downloading and installing the browser add-on provided by Google. This does not work with mobile devices.

For more information, see the Google privacy policy.

Disable Google Analytics data collection for this website.

Google Tag Manager

Our website uses Google Tag Manager. This service allows website tags to be managed from an interface. Google Tool Manager only implements tags. This means: No cookies are used and no personal data are collected. Google Tool Manager triggers other tags, which may collect data. The Google Tag Manager does not access these data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.

Google Optimize

Our website uses Google Optimize. Google Optimize analyses the use of different variations of our website and helps us to improve usability according to our users’ behaviour on the website. Google Optimize is a Google Analytics integrated tool.

Google AdWords

Our websites use AdWords Conversion Tracking, AdWords Remarketing, Google Audiences, and Google Dynamic Remarking. AdWords Conversion Tracking records and analyses our customer actions related to our Google Ads (such as clicking an ad, viewing pages, downloads). We use AdWords Remarketing to show you individualised advertising messages in Google Search Ads and on Google's partner websites. With Google Audiences, we create pseudonymous, interest-based profiles based on the website usage of our users, which we use for the personalisation of advertising messages and advertisements via Google Dynamic Remarketing.

Options for objecting to the collection of your data and requesting its deletion

If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads. If you do not wish to be associated with your Google profile, you must log out of Google before accessing our contact page.

You can configure your browser to reject cookies as shown above. You can also use the cookie settings of Google's privacy policy to prevent Google from using cookies for advertising purposes.

For more information, see the Google privacy policy.

Facebook pixels

The SIGNAL IDUNA Group uses Facebook pixels on its websites. This is a website analysis service feature of Facebook Inc. (represented in Europe by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Hereinafter referred to as: “Facebook”).

Facebook pixels use cookies in the form of invisible graphic files which are stored on your browser and allow an analysis of your use of this website. The information generated by the cookie on how you use our website is usually transferred to a Facebook server in the USA and stored there.
The following data is transmitted to Facebook:

  • Information from HTTP header fields:

Everything contained in the HTTP header. A HTTP header is a standard web protocol that is sent between every browser request and server on the internet as standard. HTTP headers contain IP addresses, information about the web browser, site location, document, referrer and user agent.

  • Pixel-specific data:

These include the Pixel ID and Facebook cookie.

  • Optional: Data event values:

Nine standard events can be defined here (such as visiting a particular subpage), which are described here: 

  • Further information about the data collected by the Facebook tracking pixel can be found here or here and in the terms of use for Facebook Business Tools here

The SIGNAL IDUNA Group has no influence over Facebook’s data processing operations. Facebook uses data for the purpose of advertising, market research and optimising offers. Facebook’s data protection guidelines apply in this regard. Please note that the use of such tracking processes allows the identification of users across numerous websites. Please see the data protection declaration for further information and Facebook’s terms and conditions of use.
By using Facebook pixels, you may be shown related advertising content on your Facebook social network after visiting our website. It is in the interest of the SIGNAL IDUNA Group to tailor its advertising to you.
The legal basis for the processing and transmission of data is the provision of consent pursuant to Article 6 para. 1 lit. a) GDPR (see III. 2.).
If you have provided your consent to data processing in connection with participation in the aforementioned campaigns and competitions, you may revoke this consent at any time by contacting us on the details stipulated under I. and II. or using the following opt-out services: und

Section 5

Your rights as a data subject

Right to information: Pursuant to Article 15 of the GDPR, you can request information about the personal data stored about you by the SIGNAL IDUNA companies.

Right to rectification: Furthermore, pursuant to Article 16 GDPR, you are entitled to request the completion or rectification of data concerning your person.

Right to deletion and/or restriction of processing: Pursuant to Article 17 GDPR, you are entitled to demand the immediate deletion of relevant data, or, alternatively, pursuant to Article 18 GDPR, to request a limitation of data processing.

Right to data portability: Pursuant to Article 20 GDPR, you are entitled to request data relating to your person that you have provided to us and to request transfer thereof to other responsible persons.

Right of revocation: Pursuant to Article 7 para. 3 GDPR, you have the right to withdraw your consent with effect for the future.

Your consent remains in effect until revoked or until the end of your contract and the following statutory retention periods.

Right to object: Pursuant to Article 21 GDPR, you have the right to object to the processing of your personal data at any time. This also applies to profiling, or for automated decisions in individual cases.

Right to complain: You can address complaints about data protection to the above-mentioned data protection officer. Pursuant to Article 77 GDPR, you are furthermore entitled lo lodge an appeal with the competent authorities. The following data protection supervisory authorities are responsible for SIGNAL IDUNA.

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestraße 2-4
40213 Düsseldorf, Germany


The data protection authority in NRW is responsible for the following companies of the SIGNAL IDUNA Group:

  • SIGNAL IDUNA Krankenversicherung a. G.
  • SIGNAL IDUNA Unfallversicherung a. G.
  • SIGNAL IDUNA Allgemeine Versicherung AG
  • PVAG Polizeiversicherungs-Aktiengesellschaft
  • Adler Versicherung AG

The Hamburg Commissioner for Data Protection and Freedom of Information

Ludwig-Erhard-Straße 22
20459 Hamburg, Germany
7th floor


The data protection authority in Hamburg is responsible for the following companies of the SIGNAL IDUNA Group:

  • SIGNAL IDUNA Lebensversicherung a. G.
  • SIGNAL IDUNA Pensionskasse AG
  • SIGNAL IDUNA Asset Management GmbH
  • HANSAINVEST Hanseatische Investment-GmbH
  • DONNER & REUSCHEL Aktiengesellschaft

The Hesse Commissioner for Data Protection and Information Security

Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany


The data protection authority in Wiesbaden is responsible for the following companies of the SIGNAL IDUNA Group:

  • Deutsche Rechtsschutz-Versicherung Aktiengesellschaft (DEURAG)

Section 6

Code of conduct

Representatives of the data protection authorities, the Verbraucherzentrale Bundesverband e.V., and the insurance industry have negotiated the following code of conduct to promote the implementation of data protection regulations. The insurance companies of the SIGNAL IDUNA Group began following this code of conduct for the handling of personal data by the German insurance industry on 1 January 2013, the earliest possible date.

  • Download the Code of Conduct (pdf)

Section 7

List of SIGNAL IDUNA service providers

Pursuant to the German insurance industry's Code of Conduct for the processing of personal data, as well as the procedures for the use of consent and confidentiality waivers, we maintain a list of all service providers who cooperate with the various insurance companies of the SIGNAL IDUNA Group. However, this does not mean that your data will be shared with all service providers. Only in the context of processing applications, contracts and claims, as well as their supervision by responsible mediators, may it become necessary to transfer your personal data to these companies.

The list is constantly updated. Here you will find a list of the SIGNAL IDUNA Group’s service providers.

Changes to this privacy policy

This privacy policy is revised periodically, when changes are made to this website, and on other occasions that may require it. The current version can always be found on this website.



Contact us

It is the BVB fans and visitors of this website who breath life into the virtual SIGNAL IDUNA PARK – every day in a new way. This is why we always appreciate feedback!

We are looking forward to hear your ideas and suggestions but also your criticism concerning this website. So if you have a question or something to say, just fill out the contact form below!      

Hiermit willige ich ein, dass die SIGNAL IDUNA Gruppe zur Optimierung der Website und Marketingmaßnahmen Tracking-Cookies einsetzt und meine Daten gemäß der SIGNAL IDUNA Gruppe-Datenschutzerklärung verarbeitet werden. Meine Einwilligung kann hier jederzeit widerrufen werden.