SCHUNCK GROUP

Privacy policy

1. Information on the collection of personal data

Notes on data processing

We hereby inform you about the collection of personal data when using our offers and our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour, license plate number. We process personal data in accordance with the provisions of the EU Basic Data Protection Regulation (DS-GVO) and the Federal Data Protection Act (BDSG) exclusively to fulfil contractual obligations (Art. 6 (1) b DS-GVO), on the basis of your consent (Art. 6 (1) a DS-GVO) or on the basis of legal requirements (Art. 6 (1) c DS-GVO). Data other than personal data is not covered by this declaration.

Responsible body and who you can contact

The person responsible in accordance with Art. 4 (7) EU Data Protection Basic Regulation (DS-GVO) is Oskar Schunck GmbH & Co. KG, Englschalkinger Str. 12, 81925 Munich, represented by the managing directors Mr Albert K. O. Schunck, Mr Peter Kollatz, Mr Klaus Rückel and Mr Thomas Wicke (see our imprint). You can contact our Data Protection Officer by e-mail: datenschutzbeauftragter@schunck.de, telephone number: +49 (89) 38177-0; or by post at our postal address (see Imprint) with the addition “the Data Protection Officer”.

The processing of personal data depends on the respective initial situation:

a. When you visit our website, the presentation below under points 6 to 10 of this declaration applies.

b. If there is an agreement between you and us for the brokerage of insurance contracts or the provision of insurance advice to companies, personal data arising from the application documents, the implementation of contracts and the adjustment of insurance contracts (e.g. premiums, insured events, risk/contract changes) as well as other contracts, and which are necessary for the performance of the agreement will be stored, processed and then forwarded to insurers, underwriters and/or Group companies and cooperation partners (e.g. experts, appraisers and lawyers). This applies in particular to application, product and insurance documents, health data, property and company data as well as the turnover figures, income and tax data relevant for insurance policies and data on claims to be settled by the insurance company, recourse and corresponding proceeds.

All data received is stored exclusively on the Group’s own servers for processing and is not passed on to external service providers or any clouds on external servers.

Health data (Art. 4 point 15 DS-GVO) are not processed.

c. If there is an agreement between you and us other than an agreement for the mediation of insurance policies or insurance advice from companies, the processing depends on the respective agreement. As a rule, the names, telephone numbers, addresses and e-mail addresses of contact persons are processed so as to provide or receive contractual services.

We process the following categories of data depending on the requirements: name, address, telephone, e-mail, IP address, social security data, license plate number, account data, and, if applicable, other data provided by you within the scope of the individual fulfilment of the agreement.

If we wish to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes below.

2. Rights of data subjects

We would like to inform you about your rights as a person affected by data processing:
Existence of a right to information in accordance with the requirements of Art. 15 DS-GVO, correction in accordance with Art. 16 DS-GVO, deletion in accordance with Art. 17 DS-GVO, restriction of processing in accordance with the requirements of Art. 18 DS-GVO or a right to object to processing in accordance with Art. 21 DS-GVO in the case of a justified interest, as well as the right to data transferability in accordance with the requirements of Art. 20 DS-GVO.
The existence of a right to revoke consent under data protection law within the meaning of Art. 6 (1) a or Art. 9 (2) a at any time without giving reasons and without formality, without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Every data subject shall have the right to complain to the competent authority in the event of breaches of data protection law by the controller or by one of its appointed data processors.
This is the Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach
Telephone: +49 (0)981 53-1300, Fax: +49 (0)981 53-5300, E-mail: poststelle@lda.bayern.de
In addition, those affected may contact the supervisory authority at their usual place of residence (domicile).

3. Security measures

We use organisational, contractual and technical security measures in accordance with the state of the art to ensure that the regulations of the data protection laws are observed and thus to protect the data processed by us against manipulation, loss, destruction or unauthorised access.

The security measures include especially the encrypted transmission of data between your browser and our server, and the waiving of storing insured data in cloud software Solutions.

4. Processors

When providing our services, we are supported by companies with which agreements on order processing have been concluded. These are, for example, insurers, underwriting agents, insurance brokers, insurance consultants and claims handling companies.

5. Deletion concept

We process and store your personal data for as long as the insurance relationship exists through us or another contractual relationship, and as long as claims can be made on it, to the extent necessary for the processing of the agreement (e.g. within the framework of the processing of the insurance agreement including claims processing).

Personal data from general correspondence, telefax messages, e-mails, letters and appointment notes will be stored in accordance with § 257 IV Clause 2 HGB for 6 calendar years after the end of the agreement or termination of the intended business relationship.

Personal data of employees (e.g. application documents, appraisals etc.) will be kept in the personnel department during the period of affiliation with the company and, if necessary, for processing by the employee’s superior and, after termination of the employment relationship, will be restricted so that only the personnel department has access to it. If necessary, this data must be disclosed to the authorised authorities during audits by social insurance agencies (for example, German pension insurance). This personal data will be deleted after 10 calendar years after the employee has left the company, unless special circumstances arise from ongoing proceedings (e.g. legal proceedings) or to enforce legal titles, which require its retention in order to defend e.g. against liability claims or to enforce their claims until the corresponding proceedings are concluded). Thereafter, any remaining personal data will also be deleted with an appropriate waiting period of no more than one calendar month. Personal data of company pension scheme members are retained until the end of the pension payment plus an appropriate retention period of 10 years and deleted thereafter.

Personal data of applicants (electronic application documents, e-mails and other contact/appointment data) are generally deleted immediately after completion of the application procedure if the applicant was not hired. Applicants will be informed of this immediately. If there are indications of a possible procedure according to the AGG, the correspondence necessary for the processing will be kept until the expiry of the statutory period according to § 15 AGG (2 months) and deleted if a procedure according to the AGG can no longer be pursued because the statutory periods have expired.

The periods begin at the end of the calendar year in which the contractual service has been fully rendered.

In the event of doubts about the assignment of personal data to the above-mentioned items, the 10-year retention period shall apply.

If the contractual service has been fully rendered and the deletion period of 10 years has begun, their retrieval options will be selectively limited after 6 calendar years at the latest and can no longer be retrieved by users in an administrative capacity, even in the case of selections, unless their -limited- further processing is necessary for the following purposes: preservation of evidence (claims for restitution, legally established claims, claims from enforceable documents, claims that have become enforceable due to the determination made in the insolvency proceedings, claims for reimbursement of the costs of the execution) within the framework of the statute of limitations regulations according to § 197 (1) BGB (German Civil Code) for 30 years.

6. Collection of personal data when visiting our website

When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security (legal basis is Art. 6 (1) p. 1 lit. f DS-GVO, the interest lies in advertising via the website):

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status / HTTP status code
– Amount of data transferred in each case
– Website from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us so that we can respond to your questions. We delete the data arising in this connection after storage is no longer necessary or restrict processing if there are legal storage obligations.

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information is transmitted to the site that sets the cookie (in this case, by us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer generally more user-friendly and effective.

Use of cookies:

a) This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies (see b)
Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. This particularly includes session cookies. These store a so-called session ID with which various requests from your browser can be assigned to the common session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that in this case you may not be able to use all functions of this website.

7. Google web fonts

This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. The use of Google web fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest as defined by Art. 6 (1) lit. f DS-GVO.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google web fonts can be found at https://developers.google.com/fonts/faq and in the Google data protection declaration: https://www.google.com/policies/privacy/.

8. Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how you use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.

The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. This enables IP addresses to be further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded, and the personal data is immediately deleted.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained can be applied to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) Clause 1 lit. f DS-GVO.
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

User conditions: https://marketingplatform.google.com/about/analytics/terms/de/
Overview of data protection: https://policies.google.com/?hl=de&gl=de as well as the data protection declaration: www.google.de/intl/de/policies/privacy.

9. Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us so that we can process the enquiry and for any follow-up questions. We will not pass on this data without your consent. You can revoke your consent at any time with effect for the future.

10. Plug-ins

On the Internet pages as well as for our own apps we use so-called software plug-ins. These extend the provided range of functions for our users with services offered by other manufacturers.

The plug-ins used include Google Maps, for example, for displaying digital maps, but also Google Recaptcha. Both plug-ins are products of Google Inc (1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA). Recaptcha serves to protect against misuse of our offers by checking and preventing interactions on the respective website by automated access, e.g. by so-called bots. For this purpose, Google processes your IP address and, if necessary, other data that may indicate the presence of human action and which are collected during website access. The processing is carried out both within Europe and in the USA, the latter based on the “US-Privacy-Shield”. The data protection regulations of Google, available at https://www.google.com/intl/de/policies/privacy/, apply to this. The data processing for the plug-ins described above is based on legal regulations which allow the processing of personal data because the companies of the SCHUNCK GROUP have a predominant legitimate interest in the protection of your IT systems (Art. 6 (1) lit. f DS-GVO). Specifically, ensuring the functionality of our offers is to be regarded as a legitimate interest within the meaning of the law.

It is only when the plug-ins are activated by you that your Internet browser establishes a direct connection to the servers of the respective plug-in provider. This informs the plug-in provider that your Internet browser has called up the corresponding SCHUNCK GROUP website. Log files (including the IP address) are transmitted by your Internet browser directly to a server of the respective plug-in provider and stored there if necessary. This server may be located outside the EU or the EEA (e.g. in the U.S.A.) If you do not want the plug-in providers to receive the data collected via this website and, if necessary, to store or further use it, you should not use the respective plug-ins.

You can also prevent the loading of the plug-ins by using add-ons for your browser, so-called script blockers.
Further information about the purpose and scope of the collection and the further processing and use of your data by plug-in providers as well as your rights and setting options for the protection of your data can be found in the privacy policy of the respective providers.
We do not use social media plug-ins.

11. Miscellaneous

This privacy policy does not regulate the processing of data by insurers or other intermediaries. Therefore, reference is made to their separate declarations.
We reserve the right to continuously update and improve the data protection declaration in connection with legal regulations and requirements in the event of changes in processes or otherwise.

Notes on data processing for third party data can be found here.