Data protection

A Privacy policy

Revision status 08/2018

HABEKO Pensions & Benefits GmbH

Stahltwiete 16 | 22761 Hamburg

T +49 40 180 740 – 0
F +49 40 180 740 – 24

For all questions about the protection of your data, you will receive information from our management, you can reach us via the above contact information.You have the right of appeal to the supervisory authority in whose state the company is based. For our company this is:

The State Commissioner for Data Protection of Hamburg

Prof. Dr. Johannes Caspar
Ludwig-Erhard-Str 22
20459 Hamburg

Phone:. 040 428 54 – 4040
Fax: 040 4279 – 11 811

The attachment to this policy provides an overview of the business partners as well as the insurers we usually work with.
At this a data transmission takes place to the fulfillment of our order or legal obligations.

1. Scope

This guideline regulates the data protection compliant information processing and the corresponding responsibilities at the above mentioned company (and its subsidiary (s)) on the basis of the statutory provisions of the European General Data Protection Regulation (DS-GVO) and Federal Data Protection Act (BDSGnew). All employees are required to comply with this policy.

It is aimed in particular at:
Employees, customers and interested parties, insurers and service providers.

The following principles apply here:
‚• Preservation of personal rights
• Purpose limitation of personal data transparency
• Data avoidance and data economy
• Objectual accuracy / timeliness of the data
• Confidentiality in data processing
• Security in data processing
• Deletion and restriction of processing of data on request

2. Definitions (Art. 4 DS-GVO)

Personal data are individual details about personal or factual circumstances of a natural person (affected person). Examples: name, first name, Birthday, address data, contract data, e-mail content. Special personal data are indications of racial, ethnic origin, political Opinions, religious or philosophical beliefs, trade union affiliation, health or sex life, as well as economic circumstances. Responsible body is any person or entity that collects, processes or uses personal information for itself or through others on behalf of it

3. Raise, process and save personal dataraise, process and save personal data (Art.5 + 6 DS-GVO)

The collection, processing and storage of personal data in our company is based on the brokerage contract we use and
the other applicable documents (such as broker authority, consent to data processing, which are signed separately).
Without a specific order and a data protection agreement by our customers, we do not act (in children and
Young people are given the consent of their legal guardians). We document our activities extensively about ours
Broker management program and provide specific procedural instructions for the execution of our orders. Profiling takes place in our company not held. The data is processed exclusively for the agreed purposes.

The data of our customers are after termination of the brokerage contract according to the legal requirements, in particular the provisions to legal Retention periods deleted. The deadlines may be extended accordingly in defense of possible legal claims. Instead of Deletion occurs limitation of processing.

4. Commitment to confidentiality

All employees are required to observe secrecy and to comply with the work instructions and this guideline when starting their work. The commitment is renewed annually.

5. Processing reports (Art. 30 DS-GVO)

By means of internal process overviews (list of processing activities) we create transparency within the company and check whether our procedures present particular risks to the rights and freedoms of those affected and thus to a prior check / privacy impact assessment subject. It is a duty to keep these overviews for inspection by the authorities.

6. Purchase of hardware and software

All hardware necessary for our workflows (computers, screens, keyboard, mouse and peripherals such as scanners or printers) will be replaced controlled by internal policies. The computers are already configured for the employees and with the corresponding programs that we use in the standard, fitted. Additional software may only be installed in consultation with the management.

7. Password guidlines

In order to secure access to our systems, an individual authentication is necessary. For these internal regulations were made which all involved must hold.

8. Technical and organizational measures

We take all possible measures that are state-of-the-art as well as organisationally suitable for unauthorized persons
Grant access to the personal data stored by us. To do this, we keep separate records to meet the requirements of the
To document the security of data processing.

A transfer to third countries is currently not planned.

9. Rights of affected (Art. 12 -23 DS-GVO)

The data subject can request information about which personal data of which origin are stored about him for which purpose. If in the Employment relationship according to the respective applicable labor law further inspection rights provided in documents of the employer (for example, personal file) are, they remain untouched. If personal data are transmitted to third parties, information must also be provided on the identity of the recipient or on the categories of recipients are given.

If personal data is incorrect or incomplete, the person concerned may request their correction or supplement.
The data subject can object to the processing of his personal data for purposes of advertising or market research and opinion polling. For these purposes, the data must be restricted (blocked) for processing. The data subject is entitled to request the deletion of his data if the legal basis for the processing of the data is missing or has been removed. The same applies in the event that the purpose of the data processing by time expiration or for other reasons is omitted. Existing storage requirements and interests that are contrary to a cancellation must be respected.

The person concerned has a fundamental right to object to the processing of his data with effect on the future, which must be taken into account when his legitimate interest due to a particular personal situation outweighs the interest in processing. This does not apply if one Legislation required to carry out the processing. The person concerned has a right to data portability. That means the right to personal information in a structured, common and machine-readable format. Freedoms and rights of other persons may not be affected. The person concerned has a right of appeal to the supervisory authority in whose state the company has its headquarters. The contact details can be found at start of description of our privacy organization.

10. Procedure for “Datenpannen” (Art. 33 DS-GVO)

Each employee should immediately report violations of this privacy policy to their respective supervisor, management or DSB or other rules for the protection of personal data (privacy incidents). The responsible manager is obliged to the DSB
to inform immediately about data protection incidents.

In cases of unlawful transfer of personal data to third parties, unlawful access by third parties to personal data, or in case of Loss of personal data must be reported to the company without delay, in order to comply with national law
Reporting obligations of privacy incidents can be met.

B Statement on the protection of your data when visiting our homepage

1. Forms

On our website you can use the contact form for electronic contact. Enter your personal information such as
name, date of birth, address, bank details or other data e.g. to make an offer or report a claim in a form,
These are stored by us and processed exclusively for these purposes. Personal information about minors, we knowingly only with parents and only if and as far as the personal processing and use to fulfill a contractual relationship is required.

2. Connection and use of content of third parties

In our website content from third parties, in particular offer programs, comparison calculator and product offers z. From insurers to be involved. These contents may be in the design of our website. For this content, the privacy statements of the third party, which are linked to the appropriate place, or the website of the third party are apparent.

3. Server-Log-Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:
• Browser type and browser version used operating system
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

A merge of this data with other data sources will not be done.
The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which involves the processing of data to fulfill a contract or pre-contractual measures allowed.

C Informed consent to data processing and contact

In order to work for you, we must collect, store and pass on data to third parties. For example, when we do yours
Record the risk situation and pass on this data to various insurers in order to receive suitable offers for you. We also use this so-called broker service providers. It is also often necessary for us to request your data from third parties. First and foremost, these are insurers, but also data from doctors, for example, tax advisers or lawyers and credit bureaus may be required. Health data are collected exclusively, as far as it is for the mediation of life, health or accident insurance (personal insurance) required, or in the settlement of claims and claims.

You can grant these consents individually andrevoked at any time with effect for the future. Please note that we may then no longer be able to work for you. For more detailed information, please refer to our Privacy Policy with Business Partner List.

Confirmation for collecting and requesting data
You agree that we collect information from you and request it from third parties. If we request health data from doctors, we will ask you about it first inform.

Consent to data storage
You agree that we store and process the collected and requested data to the required extent or store it by authorized third parties and process.

Consent to the distribution of data
You agree that we may disclose data to third parties within the scope of our brokerage activities. Third parties are, for example, insurers, Brokerage service providers, workshops, appraisers or other service providers. You can view an overview of potential recipients in the Business Partner Overview remove. On request, you will of course also be provided with information to whom you have actually transmitted data relating to us.

Consent to contact
Customer information is an integral part of our work. You have used and expect the possibility of electronic contact via the forms a response to your inquiry, for which we will use the transmitted contact data. Therefore, we need your consent to our activities to be able to exercise.

D Changes within the privacy policy
We reserve the right to change the privacy policy if necessary to comply with current legal and technical requirements.
These are then valid for a new visit. We indicate a change by the revision level.

E Annex

• Business Partners List
• insurers list