Data Privacy Statement
Privacy policy for social media channels
The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
CCN Insurance Services AG
Richard-Reitzner-Allee 1
85540 Haar/München
E-Mail: kontakt@ccn-insurance.com
1. Your data subject rights
You can exercise the following rights at any time using the contact details provided for our data protection officer:
• Right to access (Art. 15 GDPR),
• Right to rectification (Art. 16 GDPR),
• Right to erasure (Art. 17 GDPR),
• Right to restriction of processing (Art. 18 GDPR),
• Right to object (Art. 21 GDPR) and
• Right to data portability (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future.
In addition, you can lodge a complaint with a supervisory authority at any time, e.g. with the competent supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG) in the federal state of your place of residence or with the authority responsible for us as the controller.
A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
2. Collection of general information when visiting our website
2.1 Type and purpose of processing
When you access our website, i.e. if you do not register or otherwise submit information, of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar.
They are processed for the following purposes in particular:
• Ensuring a smooth connection to the website,
• Ensuring the smooth use of our website,
• Ensuring and evaluating system security and stability,
• for other administrative purposes.
We do not use your data to draw conclusions about your person. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
2.2 Legal basis
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.
2.3 Recipients
We use service providers for the operation and maintenance of our website, who act as our data processors.
2.4 Storage duration
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for the data used to provide the website when the respective session has ended. The storage period may also extend beyond the session if it is used to analyse system security and stability.
2.5 Third Country Transfer
There is no third country transfer.
2.6 Providing prescribed or required
The providing of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be limited.
2.7 Right to object
Please read the information on your right to object under Art. 21 GDPR below.
3. Cookies
No cookies are used on this website.
4. Contacting us
4.1 Type and purpose of processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
The data you enter will be stored for the purpose of personalised communication with you. This requires you to provide a valid e-mail address and your name. This is used to allocate the enquiry and subsequently answer it. The provision of further data is optional.
Alternatively, you can contact us via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.
In addition, you can contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. As a matter of principle, we do not record conversations. Regardless of the type of communication you choose, we collect the content of your inquiry. Your data is stored for the purpose of individual communication with you.
4.2 Legal Basis
Your data is processed on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR).
By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions.
If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
4.3 Recipients
The recipient of the data is your insurer and, if applicable, your bank. The processing may also include the transfer of data to processors if this is necessary for the processing of your request.
4.4 Storage duration
Data will be deleted no later than 6 months after the enquiry has been processed.
If there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired.
4.5 Third Country Transfer
There is no third country transfer.
4.6 Providing prescribed or required
The providing of your personal data is voluntary. However, we can only process your enquiry if you provide us with your name, e-mail address and the reason for the enquiry.
4.7 Right to object
Please read the information on your right to object under Art. 21 GDPR below.
5. Complaints management
5.1 Purpose, legal basis and legitimate interest
If you are dissatisfied with our service as an insurance intermediary, you have the option of submitting a complaint by post, telephone or e-mail.
If you send us a complaint by post, your name and address will generally be processed.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.
You can also contact us via the telephone number provided. We collect log data that includes your telephone number and the duration of the call. We do not record conversations.
Regardless of the type of communication chosen, we collect the content of your complaint.
Your data will be processed for the purpose of handling your complaint and providing an appropriate solution.
Your data is processed on the basis of a legitimate interest (Art. 6 para. 1 lit f GDPR). Our legitimate interest in processing your data is to respond appropriately to your complaint.
5.2 Recipient of the data
Your personal data will only be passed on to those employees and departments of our company who are involved in processing your complaint.
5.3 Storage duration
Your data will be deleted no later than 6 months after your complaint has been processed.
5.4 Providing prescribed or required
The providing of your personal data is voluntary. However, we can only process your complaint if you provide us with the necessary data and the reason for the complaint.
5.5 Right to object
Please read the information on your right to object under Art. 21 GDPR below.
6. “Matomo” web analysis (based on log files)
6.1 Type and purpose of processing
This website uses Matomo, an open-source software for the statistical analysis of visitor access. The provider of the Matomo software is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.
We use the locally installed analysis tool Matomo to evaluate user behaviour locally on our server. We have configured Matomo so that it does not store any cookies in your browser. Matomo does not collect the data itself but accesses the database of our web server. The web server truncates every requesting IP address before storing it in the log file. The web server truncates every IP address requested before storing it in the log file. This means that the database is sufficiently anonymised and no conclusions can be drawn about individual persons.
Matomo is used for the purpose of improving the quality of our website and its content. By analysing log files, we learn how the website is used and can thus constantly optimise our Internet offering.
You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/.
6.2 Legal Basis
The processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in improving our offer on the website.
6.3 Recipients
The recipients of the data are our employees and technical service providers who act as processors for the operation and maintenance of our website.
6.4 Storage duration
IP addresses are anonymized before storage. Consequently, we are not able to draw conclusions about individual users of the Platform.
The data stored by Matomo is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. In our case, this is done automatically after 6 months.
6.5 Third Country Transfer
There is no third country transfer.
6.6 Providing prescribed or required
The providing of data is neither legally nor contractually required.
6.7 Right to object
Please read the information on your right to object in accordance with Art. 21 GDPR above under point 2.
7. TLS Encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., TLS) via HTTPS.
8. Order processors used
We use service providers for the maintenance/hosting of the website who act as our processors. Your data will not be passed on beyond this. All service providers are contractually obliged to treat your data confidentially.
9. Changes to our privacy policy
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
10. Questions to the data protection officer
If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organisation directly:
activeMind AG
Data Protection Officer CCN Insurance Services AG
Potsdamer Str. 3
80802 München
E-Mail: ccn-insurance@activemind.de
Information about your right to object in accordance with Art. 21 GDPR
Right to object on a case-by-case basis
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Recipient of an objection
The objection can be made informally with the subject “Objection”, stating your name, address or other identifying features to: ccn-insurance@activemind.de
The last update of the privacy policy took place on 13.02.2024.