supported and reviewed by:
§ 1 Information regarding the collection of personal data
(1) We take data protection and the safe handling of your data seriously. To meet constantly growing requirements, T-Systems Multimedia Solutions GmbH has been mandated as an external data protection officer. In all issues regarding data protection, we are supported by the many years of expertise from T-Systems MMS, allowing us to fulfil legal and technological requirements.
Below, we provide information on the collection of personal data when using this website. Personal data is all data that relates to you personally, e.g. your name, address, email address, user behaviour.
(2) The data controller in accordance with Article 4 para. 7 GDPR is
Hallesches Ufer 60
Tel.: 0800 / 3581084 (toll free | Mon. – Fri 9:00 a.m. – 5:00 p.m.)
Email: [email protected]
You can contact our data protection officer at [email protected].
(3) When you contact us by email or using a contact form, the data you provide (mandatory information is: your email address, the content of your message) will be stored by us in order to answer your questions. We may also process the data you provide in order to inform you of other interesting and similar offers from our own portfolio or to send you emails containing technical information (Article 6 para. 1 lit. f GDPR). You may object to this processing at any time by emailing [email protected] without incurring any costs other than the transmission costs according to the basic tariffs. We will delete the data collected within this context as soon as processing is no longer necessary, or alternatively, if any obligation of statutory retention exists, processing will be limited.
(4) In case we employ contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes. We will also specify the defined criteria for the storage period.
§ 2 Your rights
According to the GDPR, you have the following rights:
● To request information on the categories of the processed data, processing purposes, any data recipients, the planned storage period (Article 15 GDPR);
● to request the correction or completion of incorrect or incomplete data (Article 16 GDPR);
● to revoke provided consent at any time with effect for the future (Article 7 para. 3 GDPR);
● to request the deletion of data in certain cases within the framework of Article 17 GDPR – in particular, if the data is no longer required for the intended purpose or is processed unlawfully, or you revoke your consent in accordance with Article 7 para. 3 GDPR or object in accordance with Article 21 GDPR;
● to request the restriction of data under certain conditions if deletion is not possible or the obligation to delete is in dispute (Article 18 GDPR);
● to data portability, i.e. you can receive the data you have provided to us in a common machine-readable format such as CSV and, if necessary, transmission to other parties (Article 20 GDPR);
● to complain to the responsible supervisory authority about data processing
Please send all information, deletion and correction requests, requests for information, inquiries about data portability or objections to data processing by email or post to
Hallesches Ufer 60
Email: [email protected]
Tel.: 0800 / 3581084 (toll free | Mon. – Fri 09:00 a.m. – 5:00 p.m.)
We would also like to draw your attention to the fact that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Article 21 GDPR at any time. The objection may be lodged in particular against processing for direct advertising purposes.
§ 3 Collection of your personal data when you visit our website
(1) If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee stability and security (Legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
● IP address
● Date and time of request
● Time zone difference from Greenwich Mean Time (GMT)
● Content of the request (specific page)
● Request status/HTTP status code
● The amount of data transferred in each case
● The website making the request
● Operating system and its interface
● Language and version of the browser software.
We use technically necessary cookies.
§ 4 Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if
● you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,
● the disclosure pursuant to Art. 6 para. 1 sentence 1 (f) GDPR is necessary to safeguard our legitimate interests or to safeguard the legitimate interests of third parties and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
● in the event that there is a legal obligation for disclosure in accordance with Article 6 para. 1 sentence 1 lit. c, and
● this is legally permissible and required in accordance with Article 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.
§ 5 Use of our online shop
(1) If you would like to order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order and to fulfil the contract. The information required for processing the contract is marked separately; any further information is voluntary. We use the data you provide to process your order. For settlement of payment we forward your payment data to our bank. The legal basis for this is Article 6 para. 1 Sentence 1 lit. b GDPR.
(2) We may also process the data you provide in order to inform you of other interesting and similar offers from our own portfolio or to send you emails containing technical information (Article 6 para. 1 lit. f GDPR). You can object to this processing at any time by emailing [email protected] without incurring any costs other than the transmission costs according to the basic tariffs.
(3) There is no risk involved in paying for your insurance policies. Schutzklick transfers your contact details as well as the ordered insurance to the
partners Saferpay (www.saferpay.com, SIX Payment Services AG, Hardturmstrasse 201, CH-8005 Zurich), Stripe (www.stripe.com, Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA), Klarna (www.Klarna.com, Klarna Bank AB, Sveavägen 46, 11134 Stockholm, Sweden) or PayPal (www.paypal.com, PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) in separate, specially encrypted forms. You will then be automatically forwarded to the partner’s secure server, where you can enter the required payment information. Payment-relevant data is only entered with certified external payment providers. Simplesurance does not save any payment-related data, such as credit card or account information.
(4) We are obligated by commercial and tax law to store your address, payment, and order data for a period of ten years. However, after two years we limit the processing of your data, that is, your data will only be used to comply with legal obligations.
(5) To prevent unauthorised access to your personal data by third parties, especially financial data, the order process is encrypted using TLS technology.
§ 6 Online social media presence
Fan pages on Xing and LinkedIn
simplesurance GmbH operates fan pages on Xing and LinkedIn. These pages are operated on the basis of our legitimate interests in providing up-to-date and supportive information and interaction options for and with our users and visitors in accordance with Article 6 para. 1 lit. f GDPR.
The technical access as well as the further use of this data, which arise in the context of fan- page access, generally lie with the operator of the social network. simplesurance GmbH has neither access to the usage data collected, nor can we determine how this data is used by the network operator.
Furthermore, we would like to point out that the data processing by social networks may occur outside the EU or the European Economic Area. For further details on the handling of data collected by social networks, please contact the respective operator of the social network itself.
The respective Privacy Policies can be found at:
The data transfer to the USA is based on EU standard contractual clauses.
At https://www.facebook.com/Simplesurance/ we operate an official company page, a “fan page”, on the social network Facebook.
The protection of your personal data is of particular concern to us. We, therefore, process your data exclusively on the basis of the statutory provisions and in compliance with the relevant data protection regulations.
1. The joint controllers responsible for operating this Facebook page are:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)
Simplesurance GmbH, Hallesches Ufer 60, 10963 Berlin Germany
You can view the agreement on joint responsibility under this link: https://www.facebook.com/legal/terms/page_controller_addendum.
According to this agreement, Facebook Ireland assumes primary responsibility for the processing of the Insights data and undertakes to fulfil all obligations under the General Data Protection Regulation with regard to the processing of the Insights data.
2. Data protection officer:
The data protection officer of Facebook Ireland Ltd. can be reached under the following link: https://www.facebook.com/help/contact/540977946302970
You can reach our data protection officer by post at our postal address with the addition “persönlich/vertraulich an die Datenschutzbeauftragte” (personal/confidential to the data protection officer) or by emailing: [email protected]
3. Purposes of processing
According to its own information, Facebook uses the information to provide and support
4. Processing of data 4.1 Cookies
The fan page operator can access statistical data of various categories via the so-called “Insights” of the Facebook page. Facebook generates statistics and makes them available to us. This function cannot be switched off nor can the generation and processing of the data be prevented. Further information is available at the following link: https://www.facebook.com/business/help/144825579583746?helpref=search&sr=15&query=insights
For a selectable period as well as for each of the categories fans, subscribers, people reached and interacting individuals the following data is provided by Facebook:
Total number of page views, “Like” – information, page activities, post interactions, range, video views, post range, comments, shared content, answers, proportion of men and women, country and city of origin, language, views and klicks in the shop, clicks on route planners, clicks on telephone numbers. In addition, data is thereby provided about the Facebook groups that are linked with our Facebook page.
5. Legal basis
These pages are operated on the basis of our legitimate interests in providing up-to-date and supportive information and interaction options for and with our users and visitors in accordance with Article 6 para. 1 lit. f GDPR.
6. Transfer of data abroad
According to its own statements, Facebook shares information received both internally between the Facebook companies and with external partners. For this purpose, the information provided is transferred by Facebook Ireland to the USA and other third countries. Transfers to so-called third countries are made, according to Facebook’s own information, on the basis of the standard contractual clauses approved by the European Commission and, if applicable, on the adequacy decisions issued by the European Commission.
§ 8 Integration of YouTube videos
(1) We have integrated YouTube videos into our online offer, which are stored on www.youtube.com and can be played directly from our website if you have given your consent to this via our cookie banner.
(2) When you visit this website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This takes place, regardless of whether YouTube provides a user account, via which you are logged in, or if no user account exists. If you are logged into Google, your information will be directly associated with your account. If you do not wish to be associated with your profile when using YouTube, you must first log out before clicking the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
§ 9 Integration of Vimeo videos
(1) We use Vimeo to integrate videos from the provider, which are stored on http://www.vimeo.com and can be played directly from our website. These are all integrated and embedded in the “Extended Privacy Mode”, i.e. no data about you as a user are transferred to Vimeo if you do not play the videos. Only when you play the videos will the data referred to in para. 2 be transmitted. We have no influence on this data transfer.
(2) When you visit this website, Vimeo is notified that you have accessed the corresponding sub-page of our website. Furthermore, the data mentioned under § 3 of this declaration will be transmitted. This takes place, regardless of whether Vimeo makes a user account available, via which you are logged in, or whether no user account exists. Vimeo stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customised advertising and to inform us about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Vimeo to exercise this right.
§ 10 Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. As a rule, the cookie-generated data regarding your use of this website will be forwarded to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states that are contracting parties to the agreement in the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide the website operator with further services associated with the use of the website and the Internet.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
(3) This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are only processed in truncated form in order to prevent Google from identifying specific individuals’ use of the site. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.
(4) We use Google Analytics to analyse and regularly improve the function of our website. With the statistics that are gained, we can improve our offering and make it more interesting for you as a user. The legal basis for the use of Google Analytics is your consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR, which you can provide via our cookie banner. The data transfer to the USA takes place on the basis of EU standard contractual clauses.
(5) Third-party provider information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
User conditions: www.google.com/analytics/terms/de.html, Overview of
(6) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Information”.
§ 11 Use of Hotjar
The legal basis for the use of Google Analytics is your consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR, which you can provide via our cookie banner. We have concluded an order processing agreement with Hotjar in accordance with Article 28 GDPR.
§ 12 Customer inquiries via Zendesk
We use the Zendesk Support Widget, a customer service platform from Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA, to process customer inquiries. For this purpose, necessary data such as last name, first name, postal address, telephone number, email address are recorded via our website in order to be able to answer your questions.
If you contact us by email or using a form, we will only use the personal data you provide to process the specific request. All details will be treated confidentially. The data provided and the message history with our service desk will be saved for follow-up questions and subsequent contact. We have concluded an order processing agreement with Zendesk in accordance with Article 28 GDPR. The data transfer to the USA takes place on the basis of EU standard contractual clauses.
§ 13 Use of review portals eKomi, Trustpilot and opineo.pl
After you have reported a claim to us and this has been processed, we may ask you to evaluate our services. This is done entirely voluntarily and only after you click on the link sent. With Trustpilot (Trustpilot A/S, Pilestraede 58, 5. Floor, 1112 Copenhagen K, Denmark) and opineo.pl – only for claims reported in Poland – (Ringier Axel Springer Polska sp. z.o.o., ul. Domaniewskiej 49, 02-627 Warszawa, you will be asked to give your name (alias without personal reference possible) and email address to provide a general assessment of our company. We cannot assign your rating to the claim you reported and we cannot identify you if you do not use any personal data that we already know.
After you have concluded an insurance contract with us or after processing your claim report, you will automatically be asked to rate our services. This is done entirely voluntarily and only after you click on the link sent. Your data (email address and order ID or name) will only then be forwarded to the independent service provider eKomi (www.ekomi.de, eKomi Ltd., Zimmerstrasse 11, 10969 Berlin). eKomi then only receives your data to obtain ratings via simplesurance. The processing of your data by eKomi is automated. We can assign the evaluation submitted to eKomi to the concluded contract or to the claim you reported. Obtaining ratings through our service provider is carried out at our behest and in accordance with an order processing contract (Article 28 GDPR).
These contacts are based on Article 6 para. 1 lit. f GDPR in conjunction with Recital 47 GDPR (direct advertising as a legitimate interest of simplesurance GmbH). You may object to the processing of your data for advertising purposes at any time by email to [email protected] without incurring any costs other than the transmission costs according to the basic tariffs.
You can find the privacy policies of our service providers at:
§ 14 Data protection for applications and the application process
You can apply exclusively via our online portal https://www.simplesurance.com/de/karriere. To be able to view our vacancies there, you will reach the website of our service provider Greenhouse. The transmission of your applicant data to us is encrypted.
We process your data in our IT systems as part of the application process. The legal basis for this is Article 6 para. 1 lit. b GDPR.
If you provide us with your application documents (for example as an unsolicited application) and your personal data by unencrypted email or by post, you consent to this transmission method. You also consent to us communicating with you in the application process by unencrypted email, for example, to confirm receipt of your application by unencrypted email. The legal basis for the communication channel is Article 6 para. 1 lit. a and f GDPR.
You may revoke your consent to unencrypted email communication at any time by sending an email to [email protected] with effect for the future.
We collect and process the personal data of applicants for the purpose of facilitating the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends us corresponding application documents, for example by email or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions and transferred to HR. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision or the completion of the application process for this position, provided that the deletion does not conflict with any other legitimate interests on our part (e.g. statutory retention periods). The legal basis for this is Article 6 para. 1 lit. b GDPR. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). If you have consented to your data being stored in the Talent Pool for a longer period of time, your data will be stored for a further 2 years.
The further application process is handled by our service provider Greenhouse, i.e. all your communicated data will be transmitted to Greenhouse.
Management of application data and procedures by Greenhouse
We use the services of Greenhouse (www.greenhouse.io, Greenhouse Software Inc., 455 Broadway, New York NY, 10013 USA) for our application management and the associated processes.
Personal data that is made available to us as part of the online application process is stored and processed on Greenhouse’s servers in the USA. The storage and processing take place on the basis of EU model contractual clauses, which also guarantee an adequate level of data protection. If necessary, we will process your data in order to process your application. We will not pass on your application data to other companies or third parties for any other use of the data, except for processing your application.
Rights of the data subject
In accordance with the GDPR and the BDSG (Federal Data Protection Act), you have the right to information, correction, deletion, restriction of processing and data transfer. If you want to assert your rights, you may contact our HR department directly at [email protected].
§ 15 Data security
We use the most common TLS protocol (Transport Layer Security)/SSL (Secure Socket Layer) protocol together with the highest level of encryption supported by your browser. Usually, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead.
The transmission of a single page of our website in encrypted form is indicated on our website by the display of a closed key or lock icon in the bottom status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved corresponding to the technological developments.
§ 16 Deletion periods
Your personal data will be deleted, provided that statutory retention obligations do not preclude this, if you have made use of your right to have the data deleted, if the data is no longer required for the purpose for which it was saved, or if its storage is inadmissible for other legal reasons.
To view this content you need the Adobe Acrobat Reader, which is freely available for download using the following link.
Download page of Adobe