HOW WE HANDLE YOUR DATA AND YOUR RIGHTS
1 Information pursuant to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)
With the following information, we would like to give you an overview of the processing activities of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Therefore, not all sections of this information will apply to you.
In addition, this data protection information may be updated from time to time. You will always find the latest version on this page.
Currently valid: Version from 08 August 2024 (für die deutsche Version hier klicken).
2 Person responsible
Responsible for the processing activity:
CCN Insurance Services AG
Richard-Reitzner-Allee 1
85540 Haar/Munich
Phone: 089 / 43 60 70
You can reach our data protection officer at
activeMind AG
Data Protection Officer CCN Insurance Services AG
Potsdamer Str. 3
80802 Munich
datenschutzbeauftragter@ccn-insurance.com
3 We process your data for the following purposes and on the following legal basis:
We process personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG):
3.1 For the fulfilment of contractual obligations (Art. 6 para. 1 letter b) GDPR)
The processing activity is necessary for the fulfilment of a contract with you. This may also include the sending of the newsletter, which constitutes a contractual service.
If you enquire about an offer, the data processing, including the forwarding of information to insurers, is carried out at your request and is necessary for the implementation of pre-contractual measures.
3.2 Due to legal requirements (Art. 6 para. 1 letter c) GDPR)
We are subject to various legal commitments that entail data processing. These include, for example, tax laws and statutory accounting, the fulfilment of requests and requirements from supervisory or law enforcement authorities and the fulfilment of tax control and reporting obligations.
In addition, the disclosure of personal data may become necessary in the context of official/judicial measures for the purposes of gathering evidence, criminal prosecution or the enforcement of civil law claims.
3.3 As part of the balancing of interests (Art. 6 para. 1 letter f) GDPR)
Where necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples of such cases are
If you contact us by e-mail or telephone, the data you enter will be stored for the purpose of personalised communication with you,
Assertion of legal claims and defence in legal disputes,
Storage of additional contact persons in the CRM system for communication.
4 Who receives your data?
Within our company, employees receive your data for contact with you and for contractual cooperation (including the fulfilment of pre-contractual measures).
Your data will only be passed on to service providers (data processors) if it is necessary for the fulfilment of our contractual tasks (e.g. support/maintenance of EDP/IT applications, accounting, data destruction). All service providers are committed to treating your data confidentially on the basis of a data processing agreement.
With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations.
Under these conditions, recipients of personal data may be, for example
public bodies and institutions (e.g. tax authorities, law enforcement authorities) in the event of a legal or official commitment,
Credit and financial services institutions (processing of payment transactions)
Tax consultant, business and payroll tax/company auditor (statutory audit mandate)
In addition, insurance companies may be added as recipients of personal data if you make enquiries regarding insurance benefits. In such cases, the data will be passed on in compliance with the applicable data protection regulations and to fulfil your insurance request.
5 Is data transferred to a third country or an international organisation?
Your data will only be processed within the European Union and states of the European Economic Area (EEA).
6 How long will your data be stored?
We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted.
There are exceptions to the above-mentioned deletion criteria for data,
required for the fulfilment of statutory retention obligations, e.g. German Commercial Code (HGB) and German Fiscal Code (AO). The retention and documentation periods specified there are generally six to ten years,
for the preservation of evidence within the framework of the statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
If the data processing is carried out in our legitimate interest or that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions apply.
7 What data protection rights do you have?
Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing activities under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR.
The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure.
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR). A list of supervisory authorities (for the non-public sector) with addresses can be found at
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
8 Do I have an obligation to provide data?
As part of the contractual relationship, you may provide the personal data that is necessary for the establishment, execution and termination of the contractual relationship and for the fulfilment of the associated contractual obligations or that we are legally committed to collecting. Without this data, we will not be able to contact you, conclude the contract with you or fulfil it.
9 Origin of the data in accordance with Art. 14 GDPR
We process personal data that we obtain from your legal notice on your company website.
The purpose is to contact you in connection with our marketing activities and to send you information about our products that may be of interest to your company. You can object to the processing activity at any time.
Information about your right to object pursuant to Art. 21 para. 1 sentence 1 GDPR
9.1 Right to object on a case-by-case basis
You have the right to object to the processing activity of your personal data by us at any time for reasons arising from your particular situation, provided that this is done on the basis of Art. 6 para. 1 letter f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing activity which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
9.2 Recipient of an objection
The objection can be made informally with the subject “Objection”, stating your name, address and date of birth, and should be addressed to:
activeMind AG
Data Protection Officer CCN Insurance Services AG
Potsdamer Str. 3
80802 Munich