Information about the processing of your data by SIGNAL IDUNA
If you have concluded an insurance contract with us, have reported a loss to us or have otherwise contacted us, we hereby inform you and any other data subjects about the processing of your personal data by SIGNAL IDUNA and your rights under data protection legislation.
Information about the processing of your data on this website
This privacy statement explains the nature, scope and purpose of the processing of personal data within our online offering.
- Section 1. Data controller
- Section 2. General information on data processing
- Section 3. Provision of the website
- Section 5. Rights of data subjects
- Section 6. Data processing code of conduct in the German insurance industry
- Section 7. List of SIGNAL IDUNA Group service providers
The data controllers responsible for compliance with the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, are the following SIGNAL IDUNA companies:
SIGNAL IDUNA Krankenversicherung a. G.
SIGNAL IDUNA Allgemeine AG
ADLER Versicherung Aktiengesellschaft
SIGNAL IDUNA Sterbekasse VVaG
44139 Dortmund, Germany
Telephone: 0231 135-0
Fax: +49 (0) 231 135-4638
SIGNAL IDUNA Lebensversicherung a. G.
SIGNAL IDUNA Pensionskasse Aktiengesellschaft
Neue Rabenstraße 15-19
20354 Hamburg, Germany
Telephone: 040 4124-0
Fax: +49 (0) 40 4124-2958
DEURAG Deutsche Rechtsschutz-Versicherung AG
65189 Wiesbaden, Germany
Telephone: 0611 771-0
DONNER & REUSCHEL Aktiengesellschaft
20095 Hamburg, Germany
Telephone: 040 30217-5678
HANSAINVEST Hanseatische Investment-GmbH
22297 Hamburg, Germany
Telephone: 040 30057-0
SIGNAL IDUNA Bauspar Aktiengesellschaft
SIGNAL IDUNA Asset Management GmbH
22297 Hamburg, Germany
Telephone: 040 4124-0
Contact details for the data protection officer
If you have any questions, suggestions, or complaints regarding the handling of your personal data at SIGNAL IDUNA, you can contact our corporate data protection officer, who will of course be pleased to assist you with information about or the correction, deletion and/or blocking of this data.
Data protection officer
44139 Dortmund, Germany
Telephone: 0231 135-4630
Fax: +49 (0) 231 135-134630
General information on data processing
1. Scope of the processing of personal data
In principle, we collect and utilise our users' personal data only insofar as this is necessary for the provision of an operational site and of our content and services.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation, or series of operations, that is carried out with or without the help of automated procedures in connection with person-specific data. The term is comprehensive and includes virtually any handling of data.
Any natural or legal person, authority, establishment or other institution that can, alone or in conjunction with others, decide upon the purposes and means of processing of person-specific data is referred to as the “data controller”.
With regard to further terms on the subject of data protection, we refer you to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Relevant legal bases
The legal basis for obtaining consent is laid down in Article 6 para. 1 lit. a) GDPR; the legal basis for the processing in order to perform our services and the execution of contractual measures as well as the answering of inquiries is laid down in Article 6 para. 1 lit. b) GDPR; the legal basis for processing data in order to fulfil our legal obligations is laid down in Art. 6 para. 1 lit. c) GDPR and the legal basis for processing data in order to safeguard our legitimate interests is laid down in Art. 6 para. 1 lit. f) GDPR. In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 para. 1 lit. d) GDPR is the legal basis.
Transfer of data to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or Switzerland), or if we use third-party services, or disclose or transfer data to other persons or companies, this only occurs if we are required to do so in order to fulfil (pre-)contractual obligations, on the basis of your consent, on the basis of a statutory requirement or on the basis of our legitimate interests. Subject to express consent or communications required by the contract, we exclusively process or allow to be processed data in third countries with a recognised level of data protection, including the US-certified “Privacy Shield”, or on the basis of specific warranties e.g. contractual obligations through so-called standard EU Commission protection clauses, the existence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR).
Provision of the website
Collection of access data and logfiles
Based on our legitimate interests pursuant to Article 6 para. 1 lit. f) GDPR, each time our website is accessed, our system automatically collects data and information from the computer system of the retrieving computer (so-called server log files).
The access data includes the name of the website retrieved, the file accessed, the date and time of retrieval, the amount of data transferred, notification of successful retrieval, the browser type and version, the operating system of the user, the IP address, the requesting provider, the referring URL (previously visited website), and websites that are retrieved by the user's system. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.
Deletion of data
If you contact us via the contact form, the data you provide is processed pursuant to Article 6 para. 1 lit. f) GDPR in order to deal with your contact request, or if you have requested the conclusion of a contract, pursuant to Article 6 para. 1 lit. b) GDPR. If you send a message via the contact form, SSL (Secure Socket Layer) encryption technology with a key length of 128 bits is used to transmit this information. We delete requests insofar as they are no longer necessary, taking into account legal archiving obligations.
Description and scope of data processing
Legal basis for data processing
The legal basis for processing personal data via technically necessary cookies is laid out in Article 6 para. 1 lit. f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user as laid out in Article 6 para. 1 lit. a) GDPR.
Purpose of the data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and to make it more user-friendly. For these purposes, we have a legitimate interest to process personal data pursuant to Article 6 para. 1 lit. f) GDPR. By anonymising the IP address, users' interest in protecting their personal data is sufficiently taken into account.
For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Article 6 para. 1 lit. f) GDPR.
Duration of storage, option to object and request removal
We offer users of our website the possibility of an opt-out from the analysis procedure. For this you must follow the appropriate links. In this way, another cookie is placed on your system, which signals to our system not to store the user's data. If you delete the corresponding cookie from your system in the meantime, you must set another opt-out cookie.
Use of Google services
For the analysis of general usage behaviour, the presentation of personalised advertisements, as well as the evaluation of how our marketing channels are used, we use different services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google may transfer the data it collects in connection with the use of these services to a server in the USA for evaluation and storage there. In the event that personal data is transferred to the USA, Google has undertaken to comply with the EU-US Privacy Shield. However, your IP address is shortened before the usage statistics are evaluated, so that no conclusions can be drawn about your identity.
We use the software tool Google Analytics on our website to analyse the surfing behaviour of our users. The software places a cookie on your computer (see above for cookies).
However, your IP address is shortened before the usage statistics are evaluated, so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended on our website by the code "anonymizeIP" to ensure anonymous collection of IP addresses.
Google will use this stored information to evaluate your use of the website, to compile reports on website activity for website operators, and for the provision of other services related to Internet use and use of the website.
Objection to and option to remove the Google Analytics cookie
You can also prevent Google from processing this information by downloading and installing the browser add-on provided by Google. This does not work with mobile devices.
Disable Google Analytics data collection for this website.
Google Tag Manager
Our website uses Google Tag Manager. This service allows website tags to be managed from an interface. Google Tool Manager only implements tags. This means: No cookies are used and no personal data are collected. Google Tool Manager triggers other tags, which may collect data. The Google Tag Manager does not access these data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.
Our website uses Google Optimize. Google Optimize analyses the use of different variations of our website and helps us to improve usability according to our users’ behaviour on the website. Google Optimize is a Google Analytics integrated tool.
Our websites use AdWords Conversion Tracking, AdWords Remarketing, Google Audiences, and Google Dynamic Remarking. AdWords Conversion Tracking records and analyses our customer actions related to our Google Ads (such as clicking an ad, viewing pages, downloads). We use AdWords Remarketing to show you individualised advertising messages in Google Search Ads and on Google's partner websites. With Google Audiences, we create pseudonymous, interest-based profiles based on the website usage of our users, which we use for the personalisation of advertising messages and advertisements via Google Dynamic Remarketing.
Options for objecting to the collection of your data and requesting its deletion
If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to personalise ads. If you do not wish to be associated with your Google profile, you must log out of Google before accessing our contact page.
The SIGNAL IDUNA Group uses Facebook pixels on its websites. This is a website analysis service feature of Facebook Inc. (represented in Europe by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Hereinafter referred to as: “Facebook”).
The following data is transmitted to Facebook:
- Information from HTTP header fields:
Everything contained in the HTTP header. A HTTP header is a standard web protocol that is sent between every browser request and server on the internet as standard. HTTP headers contain IP addresses, information about the web browser, site location, document, referrer and user agent.
- Pixel-specific data:
These include the Pixel ID and Facebook cookie.
- Optional: Data event values:
Nine standard events can be defined here (such as visiting a particular subpage), which are described here:
The SIGNAL IDUNA Group has no influence over Facebook’s data processing operations. Facebook uses data for the purpose of advertising, market research and optimising offers. Facebook’s data protection guidelines apply in this regard. Please note that the use of such tracking processes allows the identification of users across numerous websites. Please see the data protection declaration for further information and Facebook’s terms and conditions of use.
By using Facebook pixels, you may be shown related advertising content on your Facebook social network after visiting our website. It is in the interest of the SIGNAL IDUNA Group to tailor its advertising to you.
The legal basis for the processing and transmission of data is the provision of consent pursuant to Article 6 para. 1 lit. a) GDPR (see III. 2.).
If you have provided your consent to data processing in connection with participation in the aforementioned campaigns and competitions, you may revoke this consent at any time by contacting us on the details stipulated under I. and II. or using the following opt-out services:
http://www.aboutads.info/choices und http://www.youronlinechoices.eu/
Your rights as a data subject
Right to information: Pursuant to Article 15 of the GDPR, you can request information about the personal data stored about you by the SIGNAL IDUNA companies.
Right to rectification: Furthermore, pursuant to Article 16 GDPR, you are entitled to request the completion or rectification of data concerning your person.
Right to deletion and/or restriction of processing: Pursuant to Article 17 GDPR, you are entitled to demand the immediate deletion of relevant data, or, alternatively, pursuant to Article 18 GDPR, to request a limitation of data processing.
Right to data portability: Pursuant to Article 20 GDPR, you are entitled to request data relating to your person that you have provided to us and to request transfer thereof to other responsible persons.
Right of revocation: Pursuant to Article 7 para. 3 GDPR, you have the right to withdraw your consent with effect for the future.
Your consent remains in effect until revoked or until the end of your contract and the following statutory retention periods.
Right to object: Pursuant to Article 21 GDPR, you have the right to object to the processing of your personal data at any time. This also applies to profiling, or for automated decisions in individual cases.
Right to complain: You can address complaints about data protection to the above-mentioned data protection officer. Pursuant to Article 77 GDPR, you are furthermore entitled lo lodge an appeal with the competent authorities. The following data protection supervisory authorities are responsible for SIGNAL IDUNA.
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
40213 Düsseldorf, Germany
The data protection authority in NRW is responsible for the following companies of the SIGNAL IDUNA Group:
- SIGNAL IDUNA Krankenversicherung a. G.
- SIGNAL IDUNA Unfallversicherung a. G.
- SIGNAL IDUNA Allgemeine Versicherung AG
- PVAG Polizeiversicherungs-Aktiengesellschaft
- Adler Versicherung AG
The Hamburg Commissioner for Data Protection and Freedom of Information
20459 Hamburg, Germany
The data protection authority in Hamburg is responsible for the following companies of the SIGNAL IDUNA Group:
- SIGNAL IDUNA Lebensversicherung a. G.
- SIGNAL IDUNA Bauspar AG
- SIGNAL IDUNA Pensionskasse AG
- SIGNAL IDUNA Asset Management GmbH
- HANSAINVEST Hanseatische Investment-GmbH
- DONNER & REUSCHEL Aktiengesellschaft
The Hesse Commissioner for Data Protection and Information Security
65189 Wiesbaden, Germany
The data protection authority in Wiesbaden is responsible for the following companies of the SIGNAL IDUNA Group:
- Deutsche Rechtsschutz-Versicherung Aktiengesellschaft (DEURAG)
Code of conduct
Representatives of the data protection authorities, the Verbraucherzentrale Bundesverband e.V., and the insurance industry have negotiated the following code of conduct to promote the implementation of data protection regulations. The insurance companies of the SIGNAL IDUNA Group began following this code of conduct for the handling of personal data by the German insurance industry on 1 January 2013, the earliest possible date.
- Download the Code of Conduct (pdf)
List of SIGNAL IDUNA service providers
Pursuant to the German insurance industry's Code of Conduct for the processing of personal data, as well as the procedures for the use of consent and confidentiality waivers, we maintain a list of all service providers who cooperate with the various insurance companies of the SIGNAL IDUNA Group. However, this does not mean that your data will be shared with all service providers. Only in the context of processing applications, contracts and claims, as well as their supervision by responsible mediators, may it become necessary to transfer your personal data to these companies.
The list is constantly updated. Here you will find a list of the SIGNAL IDUNA Group’s service providers.
It is the BVB fans and visitors of this website who breath life into the virtual SIGNAL IDUNA PARK – every day in a new way. This is why we always appreciate feedback!
We are looking forward to hear your ideas and suggestions but also your criticism concerning this website. So if you have a question or something to say, just fill out the contact form below!