§ 1 Information regarding the collection of personal data
Below, we provide information on the collection of personal data when using this website. Personal data is all data that relates to you personally, e.g. your name, address, email address, user behaviour.
(2) The data controller, in accordance with Article 6 para. 1 and 2 of the Data Protection Act 2018, is:
The Carriage House, Mill Street, Maidstone, ME15 6YE, England
Tel.: 0800 / 3581084 (toll free | Mon. – Fri 9:00 a.m. – 5:00 p.m., except bank holidays)
simplesurance is an Appointed Representative of Richdale Brokers and Financial Services Ltd., who can be contacted by post at: 1 Cornhill, London, EC3V 3ND or by email at firstname.lastname@example.org.
(3) When you contact simplesurance by email or using a contact form, the data you provide (mandatory information is: your email address, the content of your message) will be stored by us in order to answer your questions. We may also process the data you provide in order to inform you of other interesting and similar offers from our own portfolio or to send you emails containing technical information (Article 8 of the Data Protection Act 2018). You may object to this processing at any time by emailing email@example.com without incurring any costs other than the transmission costs according to the basic tariffs. We will delete the data collected within this context as soon as processing is no longer necessary, or alternatively, if any obligation of statutory retention exists, processing will be limited.
(4) In case we employ contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes. We will also specify the defined criteria for the storage period.
§ 2 Your rights
According to the Data Protection Act 2018, you have the following rights:
- To request information on the categories of the processed data, processing purposes, any data recipients, the planned storage period (Article 45 of the Data Protection Act 2018);
- to request the correction or completion of incorrect or incomplete data (Article 46 of the Data Protection Act 2018);
- to revoke provided consent at any time with effect for the future (Article 7, para. 3 of the Data Protection Act 2018);
- to request the deletion of data in certain cases within the framework of Article 47 of the Data Protection Act 2018 – in particular, if the data is no longer required for the intended purpose or is processed unlawfully, or you revoke your consent in accordance with Article 7 para. 3 of the Data Protection Act 2018.
- to request the restriction of data under certain conditions if deletion is not possible or the obligation to delete is in dispute (Article 47 of the Data Protection Act 2018);
- to complain to the Information Commissioner, the responsible supervisory authority about data processing in the UK. To make a complaint before the Information Commissioner’s Office, please visit the following website and follow the instructions set forth therein: https://ico.org.uk/make-a-complaint/
Please send all information, deletion and correction requests, requests for information, inquiries about data portability or objections to data processing by email or post to:
The Carriage House, Mill Street, Maidstone, ME15 6YE, England
Tel.: 0800 / 3581084 (toll free | Mon. – Fri 09:00 a.m. – 5:00 p.m., except bank holidays)
We would also like to draw your attention to the fact that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Article 99 of the Data Protection Act 2018 at any time. The objection may be lodged in particular against processing for direct advertising purposes.
§ 3 Collection of your personal data when you visit our website
(1) If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee stability and security (Legal basis is Art. 8 of the Data Protection Act 2018):
- IP address
- Date and time of request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Request status/HTTP status code
- The amount of data transferred in each case
- The website making the request
- Operating system and its interface
- Language and version of the browser software.
We use technically necessary cookies.
- 4 Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
- you have given your express consent pursuant to Art. 2 subsection (a), of the of the Data Protection Act 2018;
- the disclosure pursuant to Art. 8 of the Data Protection Act 2018, is necessary to safeguard our legitimate interests or to safeguard the legitimate interests of third parties and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation for disclosure in accordance with Article 60 para. b) of the Data Protection Act 2018, and
- this is legally permissible and required in accordance with Article 74A, para. 6, subsection b) of the Data Protection Act 2018, for the processing of contractual relationships with you.
§ 5 Use of our online shop
(1) If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order and to fulfil the contract. The information required for processing the contract is marked separately; any further information is voluntary. We use the data you provide to process your order. For settlement of payment we forward your payment data to our bank. The legal basis for this is Article 60 para. b) of the Data Protection Act 2018
(2) We may also process the data you provide in order to inform you of other interesting and similar offers from our own portfolio or to send you emails containing technical information (Art. 122, para. 5) of the Data Protection Act 2018). You can object to this processing at any time by emailing firstname.lastname@example.org without incurring any costs other than the transmission costs according to the basic tariffs.
(3) There is no risk involved in paying for your insurance policies. simplesurance transfers your contact details as well as the ordered insurance to the partners Saferpay (www.saferpay.com, SIX Payment Services AG, Hardturmstrasse 201, CH-8005 Zurich), Stripe (www.stripe.com, Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA), Klarna (www.Klarna.com, Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden) or PayPal (www.paypal.com, PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) in separate, specially encrypted forms. You will then be automatically forwarded to the partner’s secure server, where you can enter the required payment information. Payment-relevant data is only entered with certified external payment providers. Simplesurance does not save any payment-related data, such as credit card or account information.
(4) We are obligated by commercial and tax law to store your address, payment, and order data for a period of ten years. However, after two years we limit the processing of your data, that is, your data will only be used to comply with legal obligations.
(5) To prevent unauthorised access to your personal data by third parties, especially financial data, the order process is encrypted using TLS technology.
§ 6 Online social media presence
Fan pages on Xing and LinkedIn
simplesurance GmbH, simplesurance’s parent company, operates fan pages on Xing and LinkedIn. These pages are operated on the basis of our legitimate interests in providing up-to-date and supportive information and interaction options for and with our users and visitors in accordance with Article 132, para. 2, subsection (f) of the Data Protection Act 2018.
The technical access as well as the further use of this data, which arise in the context of fan- page access, generally lie with the operator of the social network. simplesurance GmbH and simplesurance have neither access to the usage data collected, nor can we determine how this data is used by the network operator.
Furthermore, we would like to point out that the data processing by social networks may occur outside the EU or the European Economic Area. For further details on the handling of data collected by social networks, please contact the respective operator of the social network itself.
The respective Privacy Policies can be found at:
The data transfer to the USA is based on EU standard contractual clauses.
At https://www.facebook.com/Simplesurance/ we operate an official company page, a “fan page”, on the social network Facebook.
The protection of your personal data is of particular concern to us. We, therefore, process your data exclusively on the basis of the statutory provisions and in compliance with the relevant data protection regulations.
- The joint controllers responsible for operating this Facebook page are:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)
Simplesurance GmbH, Am Karlsbad 16, 10785 Berlin Germany
You can view the agreement on joint responsibility under this link: https://www.facebook.com/legal/terms/page_controller_addendum.
According to this agreement, Facebook Ireland assumes primary responsibility for the processing of the Insights data and undertakes to fulfil all obligations under the General Data Protection Regulation with regard to the processing of the Insights data.
- Data protection officer:
The data protection officer of Facebook Ireland Ltd. can be reached under the following link: https://www.facebook.com/help/contact/540977946302970
You can reach our data protection coordinator by post at our postal address with the addition “[confidential] to the data protection coordinator”, or by emailing: email@example.com
- Purposes of processing
According to its own information, Facebook uses the information to provide and support
- Processing of data 4.1 Cookies
The fan page operator can access statistical data of various categories via the so-called “Insights” of the Facebook page. Facebook generates statistics and makes them available to us. This function cannot be switched off nor can the generation and processing of the data be prevented. Further information is available at the following link:
For a selectable period as well as for each of the categories fans, subscribers, people reached and interacting individuals the following data is provided by Facebook:
Total number of page views, “Like” – information, page activities, post interactions, range, video views, post range, comments, shared content, answers, proportion of men and women, country and city of origin, language, views and clicks in the shop, clicks on route planners, clicks on telephone numbers. In addition, data is thereby provided about the Facebook groups that are linked with our Facebook page.
- Legal basis
These pages are operated on the basis of our legitimate interests in providing up-to-date and supportive information and interaction options for and with our users and visitors in accordance with Article 6, para. f) and Article 132, para. 2, subsection (f) of the Data Protection Act 2018
- Transfer of data abroad
According to its own statements, Facebook shares information received both internally between the Facebook companies and with external partners. For this purpose, the information provided is transferred by Facebook Ireland to the USA and other third countries. Transfers to so-called third countries are made, according to Facebook’s own information, on the basis of the standard contractual clauses approved by the European Commission and, if applicable, on the adequacy decisions issued by the European Commission.
- 8 Integration of Vimeo videos
(1) We use Vimeo to integrate videos from the provider, which are stored on http://www.vimeo.com and can be played directly from our website. These are all integrated and embedded in the “Extended Privacy Mode”, i.e. no data about you as a user are transferred to Vimeo if you do not play the videos. Only when you play the videos will the data referred to in para. 2 be transmitted. We have no influence on this data transfer.
(2) When you visit this website, Vimeo is notified that you have accessed the corresponding sub-page of our website. Furthermore, the data mentioned under § 3 of this declaration will be transmitted. This takes place, regardless of whether Vimeo makes a user account available, via which you are logged in, or whether no user account exists. Vimeo stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform us about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Vimeo to exercise this right.
§ 9 Use of Plausible Analytics
(1) Since data protection is important to us, we refrain from using invasive web tracking tools such as Google Analytics. Plausible Analytics takes a particularly privacy-friendly approach to analysing your visit.
(2) We use Plausible Analytics to continuously optimise our offer both technically and in terms of content, in particular to understand and improve the use of our website by users. Plausible Analytics does not set any cookies and does not store any information in the browser.
(4) You are not tracked across devices and websites with this, unlike many other analytics tools. Also, all data collected per day is isolated and accumulated. Plausible Analytics collects the following information, among others, for this purpose:
- Date and time of your visit
- title and URL of the pages visited
- incoming links
- the country you are in
- the user agent of your browser software
Plausible Analytics does not use or store cookies on your terminal device. All data is stored completely anonymized in the form of a so-called hash. A hash is an encryption of data that is not reversible, i.e. cannot be decrypted. In this way, we can analyse your visit without storing personal data that would be readable by us, Plausible Analytics or third parties.
§ 10 Use of Google Fonts
(1) On our website we use Google Fonts. These are the “Google Fonts” of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
(2) No cookies are stored in your browser. The files are requested via Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data, while using Google Fonts will be transmitted to Google. The data is only stored locally on our servers, so that a data transfer to third countries is excluded.
(3) Google Fonts is an important component to ensure the quality of our website. All Google Fonts are automatically optimised for the web. This saves data volume and is a great advantage especially for use on mobile devices. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts.
Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We therefore use Google Fonts so that we can present our entire online service as uniformly as possible.
(4) Your data is not transmitted to external Google servers. If you have consented to Google Fonts being used, the legal basis for the corresponding data processing is this consent.
- 11 Use of Hotjar
The legal basis for the use of Hotjar is your consent in accordance with Article 4 para. 11, Article sentence 6, para. 1, and Article 7, para. 1 of the Data Protection Act 2018, which you can provide via our cookie banner. We have concluded an order processing agreement with Hotjar in accordance with Article 35, para. 2, subsection a) of the Data Protection Act 2018.
§ 12 Customer inquiries via Zendesk
We use the Zendesk Support Widget, a customer service platform from Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA, to process customer inquiries. For this purpose, necessary data such as last name, first name, postal address, telephone number, email address are recorded via our website in order to be able to answer your questions.
If you contact us by email or using a form, we will only use the personal data you provide to process the specific request. All details will be treated confidentially. The data provided and the message history with our service desk will be saved for follow-up questions and subsequent contact. We have concluded an order processing agreement with Zendesk in accordance with Article 59 of the Data Protection Act 2018. The data transfer to the USA takes place on the basis of EU standard contractual clauses.
§ 13 Use of review portals eKomi and Trustpilot
After you have reported a claim to us and this has been processed, we may ask you to evaluate our services. This is done entirely voluntarily and only after you click on the link sent. With Trustpilot (Trustpilot A/S, Pilestraede 58, 5. Floor, 1112 Copenhagen K, Denmark), you will be asked to give your name (alias without personal reference possible) and email address to provide a general assessment of our company. We cannot assign your rating to the claim you reported and we cannot identify you if you do not use any personal data that we already know.
After you have concluded an insurance contract with us or after processing your claim report, you will automatically be asked to rate our services. This is done entirely voluntarily and only after you click on the link sent. Your data (email address and order ID or name) will only then be forwarded to the independent service provider eKomi (www.ekomi.co.uk, eKomi Holding GmbH., Zimmerstrasse 11, 10969 Berlin). eKomi then only receives your data to obtain ratings via simplesurance. The processing of your data by eKomi is automated. We can assign the evaluation submitted to eKomi to the concluded contract or to the claim you reported. Obtaining ratings through our service provider is carried out at our behest and in accordance with an order processing contract (Article 59 of the Data Protection Act 2018).
These contacts are based on Article 132, para. f) of the Data Protection Act 2018 (direct advertising as a legitimate interest of simplesurance GmbH, parent company of simplesurance). You may object to the processing of your data for advertising purposes at any time by email to firstname.lastname@example.org without incurring any costs other than the transmission costs according to the basic tariffs.
You can find the privacy policies of our service providers at:
§ 14 Use of Friendly Captcha
(1) Our website uses the “Friendly Captcha” service (www.friendlycaptcha.com). This service is an offer of Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha follows a particularly data protection-friendly approach to protect websites and online services from spam and bots.
(2) Friendly Captcha generates a unique crypto puzzle (puzzle request) for each user. As soon as the user starts to fill in a form, it is done fully automatically. This task is solved in the background and as soon as it is solved, a confirmation is sent by Friendly Captcha to the server that this is a natural person.
(3) Friendly Captcha processes and stores the following data in the above-mentioned process (puzzle request) following personal data:
- Browser, operating system, domain name and the path name of the website in question.
- The puzzle itself, which contains information about the account and the website key to which the puzzle relates.
- A timestamp.
In addition, Friendly Captcha processes and stores anonymised via one-way hashing IP addresses that cannot be personally identified.
(4) The personal data mentioned in point 3 will be deleted after 30 days.
(6) The legal basis for the processing of the data is our legitimate interest (within the meaning of Art. 2 subsection (a), of the Data Protection Act 2018) in the protection of our website against abusive access by bots, i.e. spam protection and protection against attacks such as mass requests.
§ 15 Data protection for applications and the application process
You can apply exclusively via our online portal https://www.simplesurance.com/en/careers. To be able to view our vacancies there, you will reach the website of our service provider Greenhouse. The transmission of your applicant data to us is encrypted.
We process your data in our IT systems as part of the application process. The legal basis for this is Article 6, para. c) and Article 132, para. f) of the Data Protection Act 2018.
If you provide us with your application documents (for example as an unsolicited application) and your personal data by unencrypted email or by post, you consent to this transmission method. You also consent to us communicating with you in the application process by unencrypted email, for example, to confirm receipt of your application by unencrypted email. The legal basis for the communication channel is Article 6, para. b), Article 7, para. 1, and Article 132, para. f) of the Data Protection Act 2018.
You may revoke your consent to unencrypted email communication at any time by sending an email to email@example.com with effect for the future.
We collect and process the personal data of applicants for the purpose of facilitating the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends us corresponding application documents, for example by email or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions and transferred to HR. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision or the completion of the application process for this position, provided that the deletion does not conflict with any other legitimate interests on our part (e.g. statutory retention periods). The legal basis for this is Article Article 6, para. 1, subsection f), and Article 132, para. f) of the Data Protection Act 2018. If you have consented to your data being stored in the Talent Pool for a longer period of time, your data will be stored for a further 2 years.
The further application process is handled by our service provider Greenhouse Software, Inc., i.e. all your communicated data will be transmitted to Greenhouse Software, Inc.
Management of application data and procedures by Greenhouse
We use the services of Greenhouse (www.greenhouse.io, Greenhouse Software Inc., 455 Broadway, New York NY, 10013 USA) for our application management and the associated processes.
Personal data that is made available to us as part of the online application process is stored and processed on Greenhouse’s servers in the USA. The storage and processing take place on the basis of EU model contractual clauses, which also guarantee an adequate level of data protection. If necessary, we will process your data in order to process your application. We will not pass on your application data to other companies or third parties for any other use of the data, except for processing your application.
Rights of the data subject
In accordance with the Data Protection Act 2018, you have the right to information, correction, deletion, restriction of processing and data transfer. If you want to assert your rights, you may contact our HR department directly at firstname.lastname@example.org.
§ 16 Data security
We use the most common TLS protocol (Transport Layer Security)/SSL (Secure Socket Layer) protocol together with the highest level of encryption supported by your browser. Usually, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.
The transmission of a single page of our website in encrypted form is indicated on our website by the display of a closed key or lock icon in the bottom status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved corresponding to technological developments.
§ 17 Deletion periods
Your personal data will be deleted, provided that statutory retention obligations do not preclude this, if you have made use of your right to have the data deleted, if the data is no longer required for the purpose for which it was saved, or if its storage is inadmissible for other legal reasons.
To view this content you need the Adobe Acrobat Reader, which is freely available for download using the following link: Download page of Adobe