Privacy Policy
Controller
This privacy policy applies to the website www.pantaenius.de. The operator of the website is:
Pantaenius GmbH
Grosser Grasbrook 10
20457 Hamburg
Germany
Tel.: +49 40 37 09 10
Fax: +49 40 37 09 11 09
info@pantaenius.com
Introduction
This privacy policy is intended to provide you with information about the way we handle your personal data when you visit our website. Further information about what data concerning you we process and why if you contact us “off-line” can also be found on this website. In the following you will find general information in respect of our data protection and the information in accordance with Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR).
Information in accordance with Art. 13 GDPR Customers and interested parties
Information in accordance with Art. 13 GDPR Insurers, agents and brokers
Information in accordance with Art. 13 GDPR Service providers and suppliers
Information in accordance with Art. 13 GDPR Personal data, applications
General Information
Data processing on this website
The following generally applies: You can use this website without us knowing your identity or trying to gain knowledge of your identity. The personal data (the “digital tracks”) that are left when visiting a website do not only include any data provided in contact forms such as name and address, but also IP addresses. Personal data are all information that directly identify a person or that make a person identifiable by reference to other features. “Personal data” is referred to as “data” throughout this text.
IP adresses
An IP address is the number for a device (laptop, tablet, smartphone etc.) that allows the respective device to be identified on the internet. This means that the IP address of the computer accessing the website must be known when moving between websites on the internet. However, we do not know the identity of the respective user and we also do not attempt to gain knowledge of their identity. IP addresses are collected on this website for security-related assessments and are deleted after one year.
If you access our website www.pantaenius.de, your browser automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. Your full IP address is not collected or stored by us. This address is collected / stored exclusively in a truncated and therefore anonymised form.
The following information is collected when accessing our website without any further action on your part and is erased after one year:
- Date and time of access;
- Name and URL of the accessed website;
- Website from which the request originated (referrer URL);
- Browser used and, if applicable, your computer’s operating system and the name of your access provider.
We need these data because:
- the smooth establishment of a connection to the website must be ensured
- system security and stability needs to be assessed and monitored
- various other administrative purposes are handled in this way.
Sentence 1 of Art. 6 (1) (f) GDPR allows us to collect your data for these purposes (legal basis). Our legitimate interest is based on the purposes for data collection listed above. We also use so-called cookies and other services when you visit our website. You can find more details about this below under “Cookies“ and “Analytics Tools”.
If you send us an email, we store your contact data and the content of the email and use them to process your query. Please note that an unencrypted email is not sufficiently protected from third parties gaining knowledge of, making changes to or erasing such data. If you do not wish to take this risk, please contact us by telephone.
Legal basis: Art. 6 (1) (b) and Art. 6 (1) (f). Our legitimate interest in processing your data is to provide you the opportunity to contact us via email. For compliance purposes, your data remain stored in a restricted access archive in our system for 6 years to 30 years.
Newsletter
If you subscribe to the Pantaenius Newsletter, we will store your name and your e-mail address in order to provide you with our newsletter.
Legal basis for the data processing: Art. 6 (1) (a) GDPR (consent of the data subject)
For the purpose of continuously evaluating and improving the contents of our newsletter, we use a tool that shows us which contents have been opened and read. For this purpose, your e-mail address will be displayed with the contents you have read.
Legal basis for the data processing: Art. 6 (1) (f) GDPR (legitimate interest) Our legitimate interest in processing your data is in the evaluation and improvement of the newsletter content.
You can unsubscribe to the newsletter at any time, the corresponding link can be found in every e-mail with which you receive the newsletter. After a possible revocation, we will delete your name and e-mail address from the mailing list. The analyses of opened and read contents will be deleted automatically after 30 days.
Data transfer
Your data may be transferred if:
- you have given your express consent for this (sentence 1 of Art. 6 (1) (a) GDPR).
- such transfer is necessary for us because we wish to assert legal claims and we have no reason to assume that you have an overriding interest that requires your data not being transferred (sentence 1 of Art. 6 (1) (f) GDPR).
- we are obliged by law to transfer your data (sentence 1 of Art. 6 (1) (c) GDPR).
- you have chosen a payment method that requires the essential data to be transferred to an external payment service provider
- we are obliged by law to carry out a check on any existing embargoes and sanctions.
Cookies
Google Analytics
We use the analytics tool “Google Analytics” on our website in order to record and evaluate statistics regarding the use of our website and to continuously improve our offer on the basis of the results.
Google Analytics also uses cookies. The information about your use of our website obtained via the cookie is transferred to and stored on a Google server in the USA.
Google uses the information recorded in the cookies on our behalf in order to evaluate your use of our website. In this way we can, for example, compile reports about website activity and identify which pages are particularly accessed the most, where the access originates from and how long visitors spend on the pages. Pseudonymised user profiles can be created for the user from the processed data.We only use Google Analytics with IP anonymisation activated. This means that your IP address is truncated by Google. IP addresses are already usually truncated in Europe. Only in exceptional circumstances will the full IP address be transferred to a Google server in the USA and truncated there.
We also use the remarketing or “similar target groups” function of Google.
We use this function to place interest-based, personalised adverts on third-party websites in the Google Display Network.
The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest is the analysis, optimisation and the commercial operation of our website.
In order to enable this advertising service, Google stores a cookie on your device (e.g. your laptop) during your visit to our website via your web browser. This cookie collects details about your visit and use of our website (which pages you visited, how long you stayed on them, etc.) in an anonymised form. Personal data are not disclosed to third parties as a result of this. If, after visiting our website, you visit another website in the Google Display Network, you may see adverts that are connected to our website and that show the offers contained on our website.
Using cross-device marketing, Google can track your usage patterns, even across several devices, so that you may also be shown interest-related, personalised adverts if you change device, e.g. if you use your smartphone after using your laptop.
The data we send to Google and that is linked with cookies, user IDs or advertisement IDs are automatically deleted after 14 months. Data that have reached the end of the retention period are deleted automatically once a month.
Google provides more comprehensive information about Google Remarketing at http://www.google.com/privacy/ads/.
If you do not wish Google to collect and use your cookies, you have the following options:
You can prevent the storage of cookies using the appropriate settings on your browser software.
You can also prevent Google from collecting the data created by the cookies and relating to your use of the website and you can prevent Google from processing such data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Google itself provides further opportunities for settings and objections so that you can influence how the data you have left on the internet is processed.
https://policies.google.com/technologies/partner-sites?hl=en-GB (“How Google uses information from sites or apps that use our services”)
https://policies.google.com/technologies/ads?hl=en-GB (“Advertising”).
http://www.google.com/settings/ads (“manage information used by Google to display adverts”).
In order to prevent Universal Analytics from collecting data from several devices, you must opt out on all systems used.
On this website, we use so-called social plugins from the network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugin, also referred to as the “Facebook button” allows a direct link to be made from our website to the contents of Facebook.
Facebook is certified under the so-called privacy shield agreement. Companies with this certification are accepted in Europe as (non-European) companies who comply with European data protection law.
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
If you click on the Facebook plugin on our website, your device creates a direct link to the Facebook servers. This procedure allows data concerning you to be transferred to Facebook and user profiles to be created for you. We have no control over the extent of the data that Facebook collects using this plugin and therefore inform users in accordance with our state of knowledge.
By integrating the plugin on our website, Facebook obtains information that you have accessed one or more pages of our website. If you are also logged into Facebook, Facebook can allocate your visit to your Facebook account. If you, for example, click the Like button or leave a comment, your device transfers the relevant information directly to Facebook and stores it there. If you are not a Facebook member, there is still the possibility that Facebook will gain knowledge of and store your IP address. According to Facebook, only an anonymised IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of your data by Facebook and your rights and settings options for protecting your privacy can be found in the Facebook data protection policy. www.facebook.com/about/privacy/. If you are a Facebook member but do not wish Facebook to collect data concerning you via our website and to link the same to data concerning you stored by Facebook, first log out of Facebook, delete your cookies and then visit our website. Further settings and objections to the use of data for marketing purposes are available in your Facebook profile settings. https://www.facebook.com/settings?tab=ads
Facebook Pixel
In order to measure conversions (i.e. analysing the actions of visitors to the website), our website uses the visitor action pixel from Facebook, Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA, USA (“Facebook”). This pixel is invisibly integrated in the website you are viewing. It contains a program code which collects information about your user behaviour on the website. We use this to measure how effectively visitors to our website, including you, are enticed to perform the desired action.
If you visit one of our websites, this allows your behaviour to be tracked after you have been redirected to the seller’s website by clicking on a Facebook advertisement. In this way, the effectiveness of the Facebook advertisement can be evaluated for statistical and market research purposes and future advertising strategies can be optimised.
The collected data are anonymous for us as the operator of our websites; we cannot trace your identity as a user. However, the data are stored and processed by Facebook so that it is possible for there to be a connection to your user profile. Facebook may use the data for its own marketing purposes in accordance with the Facebook data use guidelines. In this way, Facebook is able to link advertisements on Facebook pages and outside of Facebook. As the website operator, we are unable to control this use of data.
Legal basis and purpose of the data processing
Data are processed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in displaying interest-based and relevant advertising and in monitoring its effectiveness.
Period of storage, right to object
You can find further information regarding the protection of your privacy in Facebook’s Data Protection Policy. https://www.facebook.com/about/privacy/.
You can also deactivate the “custom audiences” remarketing feature in the advert settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be registered with Facebook to be able to do this.
If you do not have a Facebook account, you can deactivate Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/uk/your-ad-choices.
In the same way that our website allows interaction with Facebook, functions and contents of the service Twitter are associated. Twitter is provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. If you are a Twitter member, Twitter can allocate visits to websites that enable an interaction with Twitter to your profile. You can find Twitter’s data protection policy here:
https://twitter.com/de/privacy#update
Just like Facebook, Twitter is certified under the Privacy Shield Agreement and is therefore accepted as a company that complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active)
Use of YouTube (with enhanced data protection mode)
We use embedded YouTube videos in enhanced data protection mode. YouTube is a service provided by Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
This enhanced data protection mode is provided by YouTube and ensures that YouTube does not store any cookies with personal data on your computer.
If you access pages on our website containing an embedded video, a connection is made to YouTube’s servers and your browser is instructed to display the content on the web page. The IP address is transferred when accessing the website and in order to embed the video. This cannot be allocated if you have not logged into YouTube or any other Google service before accessing the website or are not permanently logged into the same.
If you are logged into YouTube at the same time, this information is allocated to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
As soon as you play an embedded video by clicking on “start”, YouTube only stores cookies on your computer that do not contain any personally identifiable data when in enhanced data protection mode. You can prevent these cookies using the appropriate browser settings and extensions (source: YouTube “Activating enhanced data protection mode for embedded videos”).
Google provides further information regarding YouTube data protection via the following link: https://www.google.de/intl/de/policies/privacy/
Videochats
If needed, you can contact us via video chats. For video chats Pantaenius uses Microsoft Teams. Microsoft Teams is an offering of Microsoft Corporation.
The use of Microsoft Teams is subject to Microsoft's terms of use and privacy policy.
Privacy policy: privacy.microsoft.com/de-de/privacystatement
Terms of use: www.microsoft.com/de-CH/servicesagreement/
By using Microsoft Teams, you accept Microsoft's terms of use and privacy policy.
Data Protection officer
We have appointed a company data protection officer who provides us with constant support and advice in relation to compliance with data protection provisions:
PrivCom Datenschutz GmbH
Dr. Bettina Kähler
Rothenbaumchaussee 165 · 20149 Hamburg
E-Mail: info@privcom.de Web: www.privcom.de
Information in accordance with Art. 13 and Art. 14 GDPR
Information in accordance with Art. 13 and Art. 14 GDPR - customers and potential customers
Here you will find information in accordance with Art. 13 GDPR regarding how we handle your data if you are in a business relationship with us or are interested in entering into a business relationship with us. This may be the case if you conclude an insurance contract with us or if we handle a claim for you.
Controller
Purpose of data processing
- Providing all kinds of insurance services
- Performing insurance contracts
- Brokering insurance contracts
- Handling claims and investigating claims
- Complying with tax and company law obligations
- Complying with supervisory obligations
- Sales and marketing activities
Legal basis for the data processing
Art. 6 (1) (b) GDPR (contract, pre-contractual measures, taking steps at the request of the data subject)
Art. 6 (1) (c) GDPR (compliance with a legal obligation by the controller)
Art. 6 (1) (a) GDPR (consent of the data subject)
The controller’s legitimate interest
Not applicable.
Why do we need your data? (“Background for the provision of data”):
If you wish to conclude an insurance contract with us or we wish to broker insurance cover for you, we need not only your contact data, but also information about your personal circumstances. This is the only way in which we can provide you with a tailored offer and guarantee that it is the best for you. The same applies if we need to handle a claim for you. We also need a wide range of information in this case in order to be able to make the right decision for you.
Do we collect information about you from sources other than directly from you?
In connection with the settlement of a claim, we may refer to information from experts, consultants or even from hospitals and treating doctors. If there is any suspicion of insurance fraud, we may obtain data about you from other sources and not directly from you. These other sources include e.g. the police, witnesses or information about you that is publicly available (social networks, websites). In the event that you do not pay your premium on time, we may transfer the necessary data to external collection agencies in order to protect our rights. In individual cases, we may obtain a credit report on our customers for risk assessment and risk protection purposes.
Recipients of the data:
- Internal departments
- Pantaenius Group companies
- Insurance companies
- Insurance brokers
- Insurance agents
- Collection agencies
- Financing companies / financing agents
- Auditors and IT service providers
- Loss adjusters and lawyers
- Hospitals and doctors
- Courts and prosecution offices
- Supervisory authorities
Transfers to countries outside of the European Union
Depending on the place where the loss occurred and if necessary for handling a claim, we may transfer your data to countries outside of the European Union.
Period of storage
We store your data for as long as you have an insurance contract with us. At the end of a business relationship, we are subject to various national and international laws regarding the further retention of your data. We are currently developing an erasure concept allowing a systematic erasure of personal data.
Your rights in relation to your data:
Information in accordance with Art. 13 GDPR: Insurers, agents and brokers
Here you will find information about how we handle your data if you work with us as an insurer, agent or broker.
Controller
Purpose of data processing
- Brokering an insurance policy
- Performing insurance contracts
- Complying with tax and commercial law obligations
- Sales activities
- Performing bilateral contracts with insurance companies
- Performing brokerage contracts
- Complying with obligations imposed by supervisory authorities
Legal basis for the data processing
Art. 6 (1) (b) GDPR (contract, pre-contractual measures, taking steps at the request of the data subject)
Art. 6 (1) (c) GDPR (compliance with a legal obligation by the controller)
Art. 6 (1) (a) GDPR (consent)
The controller’s legitimate interest
Not applicable.
Recipients of the data
- Internal departments
- Pantaenius Group companies
- Auditors and IT service providers
- Hospitals and doctors
- Courts and prosecution offices
Transfers to countries outside the European Union
If necessary for processing or performing a contract or for handling a claim, we also transfer your data to countries outside of the EU in which Pantaenius has branches / subsidiaries or in which the loss occurred.
Period of storage
We store your data for as long as our business relationship with you as an insurer, agent or broker exists. At the end of a business relationship, we are subject to various national and international laws regarding the further retention of your data. We are currently developing an erasure concept allowing the systematic erasure of personal data.
Your rights in relation to your data
Information in accordance with Art. 13 and Art. 14 GDPR: Service providers and suppliers
Here you will find information about how we handle your data if you work with us as a service provider or supplier.
Controller
Purpose of data processing
- Providing all kinds of services
- Particularly providing services in the field of IT
Legal basis for the data processing
Art. 6 (1) (b) GDPR (contract, pre-contractual measures, taking steps at the request of the data subject)
Art. 6 (1) (c) GDPR (compliance with a legal obligation by the controller)
The controller’s legitimate interest
Not applicable
Recipients of the data
- Internal departments
Transfers to countries outside the European Union
If necessary, we will also transfer your data to Pantaenius branches / subsidiaries outside of the EU.
Period of storage
We store your data for as long as our contractual relationship with you exists. At the end of a business relationship, we are subject to various national and international laws regarding the further retention of your data. We are currently developing an erasure concept allowing the systematic erasure of personal data.
Your rights in relation to your data
Information in accordance with Art. 13 GDPR: Employee data, applications
Here you can find information about how we handle your data if you work for us or apply for a position with us.
Controller
Purpose of data processing
- Managing the employment relationship
- Conducting the application process
Legal basis for the data processing
§ 26 of the German Federal Data Protection Act (BDSG) in the version dated 5 July 2017.
Do we collect information about you from sources other than directly from you?
In relation to the regulatory burden of proof regarding the professional qualifications and personal repute (fit & proper requirements in accordance with Article 42 of the Solvency II Directive) of specific managers, information is collected from the following entities:
- Credit report (e.g. Schufa in Germany)
- Authorities (certificate of good conduct and excerpt from the commercial central register)
Recipients of the data
Usually we only process employee data and applicants’ data within the Pantaenius Group. Only the personnel department employees and the managers of the respective branch or subsidiary, or in the case of applicants, the respective cost centre manager after prior approval of the personnel department, shall have access to this data.
Under certain circumstances, you may be co-insured as an employee under the Pantaenius accident insurance. This is particularly the case if your employment entails increased travel activity. If you are co-insured under the Pantaenius Group Accident Insurance, we will forward the data necessary for contract conclusion and in the event of a claim to the respective insurer.
If there are statutory reporting obligations, we will also forward your data to the following parties:
- tax authorities
- professional association
- Federal Statistical Offices
- social insurance carriers
- health insurance companies
Transfers to countries outside the European Union Applications:
If you have made an application to a Pantaenius subsidiary outside of the EU, the data will be transferred to the managers of the respective subsidiary following the personnel department’s approval. We do not transfer any applicant data to countries outside of the EU in any other event. Employee data: We do not transfer any data to countries outside of the EU.
Period of storage
Employee data
We store your employee data for 10 years after the end of your employment relationship with us. We are obliged to do this by tax and commercial law provisions.
Applications
We store your data for as long as the application process continues. If we do not employ you, we will store your documents for a further 6 months after you have received notice of rejection. They are destroyed after this period. If we do not employ you but, on the basis of your documents, we believe that you may be appropriate for us at a later date, we will retain your application with your consent for a further 6 months.
Your rights in relation to your data
In accordance with Art. 15 GDPR, you can obtain information as to whether or not we store any personal data concerning you. If we store data concerning you, you have the right to obtain information regarding a range of further points relating to how we handle your data, such as which data we store, the reason we process them and how long they are stored.
If we have inaccurate or incomplete data concerning you, you can request that we rectify such data (Art. 16 GDPR).
You can also request the erasure of your data (Art. 17 GDPR). However, there may be reasons for which we are not permitted or not required to erase your data. These reasons are set out by law. If you request us to erase your data, we will check whether any such exceptions apply. If not, we will erase your data. The alternative to erasing your data is the restriction of processing your personal data in certain cases (Art. 18 GDPR). Let us know how you wish to proceed and we will check the statutory provisions to find a way that suits both your and our interests.
Art. 20 GDPR provides that, in certain circumstances, we must provide you with your personal data in a structured, commonly used and machine-readable format if you so request.
We have referred to our “legitimate interests” allowing us to process your data a few times in this privacy policy. If we process your data on the basis of our “legitimate interests”, you can object to such data processing (Art. 21 GDPR). To object, the above provision requires you to provide grounds “relating to your particular situation”.
If you wish to assert these rights, an email to dataprotection@pantaenius.com will suffice. Please be aware that we then need to verify your identity to ensure that we do actually only send information regarding your data or your data itself to you. After the identity check, we will deal with your request and contact you without delay.
If you believe that we do not comply with the data protection provisions regarding the processing of your data on this website, you can complain to a data protection supervisory authority.
You can find a list of competent data protection supervisory authorities in Germany here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Version of this privacy policy: December 2018
This data protection information is updated regularly.