[Printable version]

Privacy policy

T-Systems

§ 1 General data protection information about processing personal data


(1) Data protection as well as the secure and safe handling of your personal data are of great importance for simplesurance. In order to meet the continuously increasing requirements, simplesurance has mandated T-Systems Multimedia Solutions GmbH as external data protection officer. Taking into account new regulatory obligations as well as new technological developments, T-Systems MMS will assist us with their many years of experience and know how in all relevant aspects of data protection.


We process your personal data on the basis of applicable data protection law, in particular the General Data Protection Regulation (“GDPR”) and respectively Artt. 12 and 13 GDPR.


In the following privacy statement we would like to inform you about how we process your personal data and which rights you are entitled to. In general, personal data concerns all data that can be linked to you individually, e.g. name, address, email address and usage behavior.


(2) The data controller pursuant to Art. 4 para. 7 GDPR is:


simplesurance GmbH

Am Karlsbad 16

10785 Berlin

Germany


Phone: 0800 724 88 95 (free of charge | Mo. - Fr. 09:00 - 19:00)

E-Mail: [email protected]


You can reach our external data protection officer at [email protected].


(3) This website contains information and the possibility enabling a quick electronic, direct contact with us. If you contact us by email or via a contact form, the personal data transmitted by you (obligatory are email address and content of your message) are automatically stored. Such personal data transmitted on a voluntary basis by you to us are stored for the purpose of processing or contacting you and answering your questions. Furthermore, we can process this data to inform you about interesting products of our portfolio or in order to send you emails with technical information (Art. 6 para. 1 lit. f GDPR). The personal data relevant for this purpose will be deleted as soon as the storage is no longer necessary due to the fulfilment of the purpose or will be limited in terms of processing in case of an applicable legal obligation to preserve records.


(4) Eventually, we will pass on your data to third-party service provider or public authorities in compliance with privacy laws when we are legally entitled or required to do so. If we do share personal data with a third-party service provider that processes the data solely on our behalf and under our instructions. In that regard you can find below further and detailed information about the individual processes and the fixed criteria for storing your personal data.


§ 2 Your rights under the GDPR


You have the following rights under the GDPR in connection with the processing of your personal data which, however, might be limited under the applicable national data protection law:


  • Right to information whether or not personal data concerning you is processed, including the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed as well as regarding the planned duration of storage (Art. 15 GDPR);
  • Right to have your personal data corrected or supplemented (Art. 16 GDPR);
  • Right to withdraw your consent at any time with future effect (Art. 7 para. 3 GDPR);
  • Right to be forgotten, meaning under certain circumstances you have the right to request erasure of your personal data - in particular in case the purpose of the processing is not necessary or permissible anymore or you have with withdrawn your consent pursuant to Art. 7 para. 3 GDPR or you have objected pursuant to Art. 21 GDPR;
  • Right to request a restriction on the processing of your personal data under certain circumstances (Art. 18 GDPR);
  • Right to data portability, meaning you can receive your personal data, that you have provided to us, in a structured, commonly used and machine-readable format, e.g. CSV, and you have the right to transmit those data to a third-party (Art. 20 GDPR);
  • Right to lodge a complaint with the competent data protection supervisory authority regarding the processing of your personal data.

To exercise the above rights, please (if possible) send us an email to [email protected] or contact us at


simplesurance GmbH

personal/confidential

Data Protection Officer

Am Karlsbad 16

10785 Berlin

10785 Berlin


E-Mail: [email protected]

Phone: 0800 724 88 95 (free of charge | Mo. - Fr. 09:00 - 19:00)


Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, or where personal data are processed for direct marketing purposes at any time to the processing of your personal data by us and we can be required to no longer process your personal data, pursuant to Art. 21 GDPR.

§ 3 Collection of data during the visit of our website


(1) The use of our website is - with the exception of personal data transmitted from your browser - possible without providing personal data. To the extent that personal data (e.g. email address) is requested, providing such information is always voluntary. In case you are solely visiting our website, the following data is collected, that is necessary in order to technically visualize the website and guarantee its stability and security (legal basis according to Art. 6 para. 1 s. 1 lit. f GDPR):


  • IP address
  • Date and time of server access
  • Name and URL of the accessed file
  • Time zone difference to Greenwich Mean Time (GMT)
  • Transferred amount of data
  • Access status/HTTP-status code
  • Referrer URL (the webpage previously visited)
  • Browser type, version and language
  • Operating system
  • (2) In addition the above-mentioned data, cookies are saved during the use of our website. A cookie is a small text file that a website saves on your computer or mobile device when you visit a website. It enables the website to remember your actions and preferences (e.g. login, language, font size and other display preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies cannot execute programs or infect your device with a virus. They solely serve to increase your experience of the website.


    (3) Application of cookies

    a) This website is using the following types of cookies, which scope and functionality will be explained in the following:

    • Persistent cookies (see b).


    b) Persistent cookies are deleted automatically after a designated period of time that can differ depending on the specific kind of cookie. You can delete the cookies in the security settings of your browsers at any time.


    c) You can configure your browser settings according to your own preferences. For example, this can include accepting third-party cookies or the rejection of all cookies. In that case, we want to inform you that possibly some of the functions of this website cannot be used.


    d) The use of cookies allows us to recognize you as a user for following website visits, in case you are registered with us. Otherwise you would have to register at each visit of our website.


    § 4 Sharing of data with third-parties


    Sharing your personal data with third-parties only occurs in the following cases and based on the following purposes:


    • You have given your explicit consent pursuant to Art. 6 para. 1 lit. a GDPR,
    • It is based on legitimate interests for either us or a relevant third-party without reason to believe that prevailing interests worth protecting of yourself for the non-transmission of your data pursuant to Art. 6 para. 1 f GDPR,
    • It is based on a statutory obligation pursuant to Art. 6 para. 1 s. 1 lit. c GDPR,
    • It is legally permissible and required for the performance of a contract pursuant to Art. 6 para. 1 s. lit. b GDPR.

    § 5 Data protection for applications and the application procedures


    We shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If we conclude an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG).


    Administration of application data and procedures with Greenhouse


    Applications and the entailing processes will be administered with the Service Provider Greenhouse (www.greenhouse.io, Greenhouse Software Inc., 455 Broadway, New York NY, 10013 USA).


    Personal data that we are provided with during the online application process will be stored and processed on Greenhouse’s servers in the USA. Any storage and processing is taking place based on EU model contract clauses that is also establishing an adequate level of data protection. We will process your data, if necessary, in order to take care of your application. We will not share your application data with other entities or third-parties for any other use of data except for the handling of your application.


    § 6 Use of our webshops


    n case you want to order something at our webshop, we need the respective personal data from you necessary for the conclusion and the fulfilment of your order as well as the contract. Obligatory data required for processing the contract are marked accordingly. All other information can be provided on a voluntary basis. Any data provided by you will be processed for processing your order. In the process thereof, we can share your payment information with our bank. The legal basis for such transfer is Art. 6 para. 1 s. 1 lit. b GPDR.


    (2) Furthermore, we can process this data to inform you about interesting products of our portfolio or in order to send you emails with technical information (Art. 6 para. 1 lit. f GDPR).

    (3) Based on statutory retention requirements, we are obliged to store your address, bank and payment information for the period of ten years. However, after two years we are limiting the processing of your data to only meet the statutory retention requirements.

    (4) In order to prevent unauthorized access to your personal data, especially bank information, the order process is encrypted with TLS-methods.


    § 7 Application and use of social media plug-ins


    (1) We are using the following social media plug-ins: Facebook, Google+, Twitter, Xing, LinkedIn, Instagram. For such plug-ins we are using a two-click-solution, meaning that when you are visiting our website, generally, no personal data will be shared with the providers of the plug-ins. The respective provider you can recognize by the branding of the respective button or logo. Through the button we are providing the possibility to directly communicate with the provider of the social media plug-in and share content on the respective platform. If usage information should not be transferred to a social media network, the user should refrain from pressing the respective button. Only by clicking thereon, the provider is receiving information about having visited our website. In addition to that, the data listed in § 3 of this policy is shared. According to Facebook and Xing in Germany the IP address is anonymized immediately after collection. By activation of the plug-ins your personal data will be shared with the plug-in provider and stored there (for US providers in the USA). Due to the fact that the plug-in provider is collecting data especially through cookies, we recommend to delete all cookies in the security settings of your browser before clicking on the respective button or logo.


    (2) The social media plug-in provider is responsible for further treatment of your data. We are neither responsible, nor able to influence the collection and processing of your data after activation of the plug-in. Also, we are not aware of the full scope of the processing, the purposes thereof or the periods for storing your data. Further, we are not aware of the periods when any (automatic) deletion takes place.


    (3) The social media plug-in provider stores your personal data as profiles of usage and uses these for advertising purposes, market research and/or the individual design of a website. The processing is being done (also when not logged in) to display need-based advertisement and to inform other users of the social network about the activities on our website. You have the possibility to object to the creation of such profiles of usage. However, in order to execute the objection, you need to contact the respective provider directly. With the help of the plug-ins we are enabling you to share content in your network and other users, so that we can improve our products and services and to make them even more interesting. Legal basis for the use of social media plug-ins is Art 6 para. 1 s. 1 lit. f GDPR.


    (4) Any transfer of your personal data is taking place without the necessity of you having an account with the respective provider and being logged in. In case you are logged in with the respective provider, the data collected on our website will be associated with the provider’s account you are logged in to and will potentially also be shared publicly in your network and with your contacts. We recommend that after using of a social network to regularly log out, especially before activation of the plug-in/clicking on the button in order to avoid the mentioned association with your social media provider’s account.


    (5) Further information regarding the purpose and scope of data collection and the processing by the provider can be obtained from the provider. There you can also find further information about your rights and potential setting options to protect your privacy:


    a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php ; further information to the collection of data: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other - applications as www.facebook.com/about/privacy/your-info - everyoneinfo. Facebook is subject to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.


    b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/?hl=de. Google is subject to the EU-US-Privacy, www.privacyshield.gov/EU-US-Framework.


    c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is subject to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.


    d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; www.xing.com/privacy.


    e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; www.linkedin.com/legal/privacy-policy . LinkedIn is subject to the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.


    f) Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; https://help.instagram.com/155833707900388 ; Facebook is subject to the EU-US-Privacy-, www.privacyshield.gov/EU-US-Framework. Data privacy policy at https://instagram-basics.de/datenschutzerklaerung abrufbar.


    § 8 Application and use of YouTube videos


    (1) On this website, components of YouTube are integrated. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.


    (2) The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.


    (3) With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under www.youtube.com/intl/en/yt/about. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.


    (4) If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject. YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.


    (5) YouTube's data protection provisions, available at www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google. Google is processing your personal data in the USA and is subject to EU-US-Privacy Shield.


    § 9 Application and use of Google Analytics


    (1) This website uses the component of Google Analytics (with the anonymizer function). The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics is a web analytics service collecting, gathering, and analyzing data about the behavior of visitors to a website. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed.


    (2) Google Analytics places a cookie on your information technology system. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this website, into which a Google Analytics component was integrated, the internet browser on your information technology system will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of your personal information, such as the IP address, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements. The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by you. With each visit to our internet site, such personal data, including the IP address of the internet access used by you, will be transmitted to Google in the USA. These personal data are stored by Google in the USA. Google may pass these personal data collected through the technical procedure to third-parties.


    (3) The IP address transmitted by your browser and processed by Google Analytics will not be combined with other data collected by Google.


    (4) You have the possibility of objecting to a collection of data generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. In that case, we want to inform you that possibly some of the functions of this website cannot be used. For the purpose of objecting, you have to download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. The installation of the browser add-ons is considered an objection by Google and precludes the processing of cookies and data related to the use of the website (incl. your IP address).


    (5) For the web analytics through Google Analytics this website uses the application "_anonymizeIp()". By means of this application your IP address of the internet connection is abridged by Google and anonymised when accessing this website.


    (6) We are using Google Analytics in order to analyze and regularly optimize of our website. By using the data collected we are able to improve our services and make those even more attractive for you as a user. In case of exceptional transmission of personal data to the USA, Google is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is Art 6 para. 1 s. 1 lit. f GDPR.


    (7) Further Information about Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information and the applicable data protection provisions of Google may be retrieved under www.google.com/intl/en/policies/privacy and under www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link www.google.com/analytics/.


    (8) This website uses Google Analytics to analyze stream of visitors across multiple devise based on a designated user-ID. You can object to the cross-device analysis in your account.


    § 10 Application and use of Bing Ads


    (1) On this website, Bing Ads is integrated. The operating company of Bing Ads is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Through Bing Ads we are conducting conversion tracking.


    (2) The purpose of Bing Ads is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Bing and an insertion of third-party advertising on our website.


    (3) If you are reaching our website via a Bing ad, a conversion cookie is filed on your information technology system through Microsoft. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g. the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Microsoft and we can understand whether a person who reached an Bing Ad on our website generated sales via a Bing Ad, that is, executed or canceled a sale of goods.


    (4) The conversion cookie is used to create statistics evaluating in anonymized form whether a sale has been generated through Bing Ads. This evaluation serves the purpose of settlement and assessment of ads and does not contain personal data.


    § 11 Application and use of Google Adwords


    (1) On this website, Google AdWords is integrated. The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google's search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.


    (2) The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website.


    (3) If a data subject reaches our website via a Google ad, a conversion cookie is filed on your information technology system through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g. the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and we can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods.


    (4) The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.


    (5) The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Each time you visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the USA. These personal data are stored by Google in the USA. Google may pass these personal data collected through the technical procedure to third parties.


    (6) The data subject may, at any time, prevent the setting of cookies by our website, as stated above, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.


    (7) You have the possibility of objecting to the interest based advertisement of Google. Therefore, the data subject must access from each of the browsers in use the link www.google.de/settings/ads and set the desired settings.


    (8) Legal basis for the use of Google Analytics is Art 6 para. 1 s. 1 lit. f GDPR. Further information and the applicable data protection provisions of Google may be retrieved under www.google.com/intl/en/policies/privacy, www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html . Alternatively, you can visit the website of Network Advertising Initiative (NAI) at www.networkadvertising.org.


    § 12 Application and use of Google Remarketing


    On this website, Google Remarketing services are integrated. The operating company of Google Remarketing services is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Remarketing is a feature of Google AdWords, which allows us to display advertising to Internet users who have previously resided on our wesbite. The integration of Google Remarketing therefore allows us to create user-based advertising and thus shows relevant advertisements to interested Internet users. The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and matched to the interests of Internet users. Google Remarketing sets a cookie on your information technology system. The definition of cookies is explained above. With the setting of the cookie, Google enables a recognition of the visitor of our website if he calls up consecutive web pages, which are also a member of the Google advertising network.


    According to Google, the data transmitted to and processed by Google Remarketing will not be combined with other data collected by Google and the data is also pseudonymized.


    § 13 Application and use of Facebook Ads


    (1) On this website, Facebook Ads is integrated. The operating company of Facebook Ads is Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA. Facebook Ads is a social plugin of Facebook for conversion and audience tracking.


    (2) Social Plugins are small programs or package integrated on a website to connect with social networks, in this case Facebook. Social plugins are establishing a direct connection between the servers of the respective social media provider when a website is called-up. The data of the website user is collected from the server of the social media provider who is receiving various information about the user and enables the provider to analyze the behavior of website usage.


    (3) In case you have reached our website via Facebook Ads, a cookie with a validity of 30 days will be set. During this period of time, both Facebook and we can identify that the specific user has visited our website.


    (4) This cookie is used to create statistics evaluating in anonymized form whether a sale has been generated through Facebook Ads. This evaluation serves the purpose of settlement and assessment of ads and does not contain personal data. The cookie does not contain personal data. You can object to the collection of data by Facebook by logging out of your Facebook account before visiting our website.


    § 14 Newsletter


    On this website, users are given the opportunity to subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted as well as when the newsletter is ordered. In the following we want to inform you about all information around the newsletter including content, registration, transmission and the statistical analysis as well as your rights to object. By registration to our newsletter, you are consenting to the receipt and the processes described in the following.


    Content


    The simplesurance GmbH informs its customers and business partners regularly by means about offers and information about insurances (hereafter “newsletter”).


    Registration, double-opt-in procedure and protocolling


    The newsletter may only be received by the data subject if the data subject has a valid email address, registers for the newsletter transmission or in case of a statutory permission. Only the email address is required for the registration. A confirmation email will be sent to the email address registered by a data subject for the first time for newsletter shipping, in the double opt-in procedure. This confirmation email is used to prove whether the owner of the email address as the data subject is authorized to receive the newsletter. Such confirmation will be protocolled by us for legal reasons.

    During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the email address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller. Furthermore, any changes to the data stored with MailChimp will be protocolled.


    Application and use of MailChimp and Mandrill


    The transmission of the newsletter is conducted by MailChimp, a platform to send out newsletters of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

    The email addresses of our newsletter recipients as well as the data further mentioned in this privacy policy will be stored on the servers of MailChimp in the USA. MailChimp is using these information for the transmission and evaluation of the newsletters on our instructions. Furthermore, according to MailChimp these information can be used for the optimization or improvement of their services, e.g. technical optimization of the transmission and displaying of the newsletters or for economic purposes in order to determine from which countries the recipients are coming from. MailChimp does not use the data of our newsletter subscribers to contact them on their own and does not share the data with third-parties.

    We are counting on the reliability, IT as well as data security of MailChimp. MailChimp is subject to the EU-US Privacy Shield and commits to adhere to applicable EU data protection laws. In addition to that, we have concluded a data processing addendum with MailChimp. This is a contract obligating MailChimp to protect the data of our users according to applicable data protection laws based on our instructions and without sharing the data with any third-party. The privacy policy of MailChimp can be found here.


    Collection for statistical analysis and collection purposes


    The newsletter contains so-called “web-beacon” as a tracking pixel. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an email was opened by a data subject, and which links in the email were called-up by data subjects. During this process, technical information about the browser, the operating system, the IP address and the time of call-up will be collected. This data will be used to technically improve our services based on technical information or the target groups and their reading behavior including their call-up location (which can be identified by the IP address) or the time of access.

    The personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third-parties. The collected information can technically be associated to individual newsletter subscribers. However, it is neither our intend nor MailChimp’s intend to watch individual users. The evaluations of the newsletter enable us to identify the reading habits and preferences of our users and to adjust or differentiate the content of the newsletter accordingly


    Online retrieval and management of data


    In some cases we direct newsletter recipients to the websites of MailChimp by for instance sending out newsletters including a link, which enables the subscribers to retrieve the newsletter online (.e.g in case of issues with the display in the email program). Furthermore, newsletter recipients can correct their data (e.g. email address) retroactively. MailChimp’s privacy policy is also only available on their website.

    In that context we want to inform about the fact that on MailChimp’s websites cookies are used and personal data will be processed by MailChimp, its partners as well as applicable service providers (e.g. Google Analytics). We cannot influence this collection and processing of data. Further information can be found in MailChimp’s privacy policy. Additionaly, we want to inform about additional options to object to the collection and processing of data for advertisement purposes on the websites www.aboutads.info/choices and www.youronlinechoices.com (for the European area).


    Revocation


    Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller and the consent for the use of MailChimp ends accordingly as well. Unfortunately, a detached revocation to the transmission via MailChimp or the statistical evaluation is not possible.

    Each newsletter contains a link at the very end the email to revoke the recipient’s consent. Alternatively, you can unsubscribe here.


    Legal basis according to GDPR


    According to the GDPR provisions applicable since 25 May 2018, we want to inform you that any consent to the shipping of newsletters via email are based on Art. 6 para. 1 lit. a, 7 GDPR as well as § 7 para. 2 No. 3 or para. 3 Act Against Unfair Competition. The application and use of the service provider MailChimp, conduct of statistical evaluations and analysis as well as the protocolling of the registration process are legally based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our interests are focussed on the use of user-friendly and secure newsletter systems which serves our business needs as well as the expectations of users.

    Application and use of Emarsys

    Emarsys eMarketing Systems AG (www.emarsys.com/de, Stralauer Platz 34, 10243 Berlin, Germany) is also used for the technical execution of the newsletter shipping which provides software and infrastructure for the shipping of consent-based electronic messages. Emarsys is aware of its responsibility towards recipients of those messages and does not tolerate any kind of spam messages. In case you have consented accordingly, Emarsys uses the pseudonymized user profiles including personal preferences to combine it with the email address in order to personalize the content and design of the newsletter including the personalized shipping.

    Additionally, Emarsys offers various options for analysis about how the newsletters are viewed and used, e.g. how many users have received an email, if the email was rejected and if the user has unsubscribed after receiving the email. These analysis are only conducted on a group basis and will not be used by us for individual analysis and identification purposes.

    After registration Emarsys will send you an email to confirm the registration via double-opt-in. In case you do not want to receive our newsletter anymore, you can unsubscribe at any time via the respective link in each email.

    Further information about data protection at Emarsys can be found here.


    Furthermore, we want to inform you that you can revoke your consent to the future processing of your personal data based on statutory provisions according to Art. 21 GDPR at any time. The revocation can in particular refer to the processing of personal data for purposes of direct marketing.


    § 15 Affiliate Marketing


    On this website, the affiliate networks offering affiliate marketing by belboon (www.belboon.de, belboon GmbH, Weinmeisterstr. 12-14, D-10178 Berlin), AWIN (www.awin.com, AWIN AG, Eichhornstraße 3, D-10785 Berlin) and Affilinet (www.affili.net, affilinet GmbH, Sapporobogen 6-8, D-80637 München). are used. In this context, the respective conversion trackings are used.


    Affiliate marketing is an Internet-based sales form that enables commercial operators of Internet sites, the so-called merchants or advertisers, to place advertising that is usually paid via click or sale commissions on third-party websites, also called affiliates or publishers (e.g. sales partners). The merchant provides, through the affiliate network, an advertising medium, e.g. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on their own Internet pages or promoted via other channels, such as keyword advertising or e-marketing.


    The affiliate sets a cookie on your information technology system. The definition of cookies is explained above. The tracking cookie does not store any personal data and loses its validity after 90 days. Only the identification number of the affiliate, that is, the partner mediating the potential customer, as well as the ordinal number of the visitor of a website and the clicked advertising medium are stored. The purpose of storing this data is the processing of commission payments between a merchant and affiliate, which are processed via the respective affiliate network.


    In the course of the tracking, the affiliate network collects information about the respective device used, from which a transaction has been conducted, e.g. IP address, operating system and browser.


    The affiliate network does not collect, process or use any personal data.


    The data subject may prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent the affiliate networks from setting a cookie on your information technology system. In addition, cookies already in use by may be deleted at any time via a web browser or other software programs.


    § 16 Application and use of Salesforce


    For the administration of customer service requests, for any communication with customers via email or telephone as well as with existing and potential business clients, personal data collected will be stored and processed in our CRM system. We are using Salesforce Service Cloud & Salesforce Marketing Cloud. Legal basis for such is Art. 6 para. 1 lit. f GDPR. The CRM system is operated by Salesforce Inc.


    Your data (company, contact information, address, telephone number, email address, for application users (name/email address) and marketing permissions) is first encrypted in an unchanged way (i.e. neither anonymized nor pseudonymized) and will afterwards be stored in Europe, Canada and USA by Salesforce. With the help of the encryption your data is not accessible by Salesforce. Salesforce is subject to EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The privacy policy of Salesforce can be found at www.salesforce.com/de/company/privacy .


    § 17 Customer service via Zendesk


    For the administration and handling of customer requests, we are using the support widget by Zendesk, a customer care platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. The necessary information for the processing of customer requests are for instance full name, address, email address, telephone number, which are collected via our website in order to deal with a request.


    In case you should have contacted us as a customer via email or contact form, we will use the personal data provided by you solely for the handling of your specific request. Any given personal data will be treated confidential and stored together with the communication history with our customer care team for follow-up questions and any subsequent contact. Legal basis for this processing is a data processing agreement pursuant to Art. 6 para. 1 lit. b GDPR with Zendesk, which is also subject to EU-US Privacy Shield www.privacyshield.gov/EU-US-Framework. Further information regarding the processing of personal data can be found in Zendesk’s privacy policy at www.zendesk.com/company/privacy.


    § 18 Secure payment


    There are no risks involved when you pay for your insurance policies. simplesurance transmits your contact details and the ordered policies to our partners Saferpay (www.saferpay.com, SIX Payment Services AG, Hardturmstrasse 201, CH-8005 Zürich), PayPal (www.paypal.com, PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) or PayCo (www.pay-co.de, PayCo GmbH, Lottbeker Weg 176, D-22395 Hamburg) in separate, specially encrypted forms. Then you will be automatically forwarded to the partner's secure server, where you enter the required payment details. Any payment details will be entered exclusively on pages hosted by certified external payment service providers. simplesurance does not save any payment-relevant data, such as e.g. credit card or bank account details.


    § 19 Data security


    During your visit and use of our website, we are using the common methods of TLS (Transport Layer Security) / SSL (Secure Socket Layer) in connection with the respective highest level of encryption supported by your browser. Usually, this results in the use of 256 bit encryption. In case your browser does not support 256 bit encryption, a 128 bit v3 technology applies. You can check the status bar of your browser for a key or lock symbol that is in a locked stated, whether an individual page of our website is transmitted in an encrypted way.


    We provide security for our website with suitable technical and organizational measures against loss, destruction, access, and alteration or distribution of your data by unauthorized persons. Based on further technical developments, we constantly improve our security measures.


    § 20 Period of storage and deletion


    The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract or in case you request a deletion of your data.


    § 21 Validity and changes of this privacy statement


    This privacy policy is from May 2018.


    This privacy statement may require an update from time to time - e.g. due to the implementation of new technologies or the introduction of new services. We reserve the right to change or supplement this privacy statement at any time. We will publish the changes on this website and/or inform you accordingly (e.g. via email).



Download privacy policy(PDF document)*


*Note:
To view this content you need the Adobe Acrobat Reader, which is freely available for download using the following link.
Download page of Adobe

Payment Methods:

Secure Purchase: