In the information that follows, we inform you about how your personal data are processed by Envivas Krankenversicherung AG and about your rights under data-protection law.
Envivas Krankenversicherung AG
Gereonswall 68, 50670 Cologne
Telephone: 0800 – 425 25 25
Fax: 02 21 16 36- 25 61
e-mail address: firstname.lastname@example.org
You can contact our Data Protection Officer by post at the above address by adding "Datenschutzbeauftragter" (Data Protection Officer) or by sending an e-mail to: email@example.com
We process your personal data in compliance with the EU General Data Protection Regulation (“GDPR”), the Federal Data Protection Act (Bundesdatenschutzgesetz, hereinafter “BDSG”), those provisions of the German Insurance Contract Act (Versicherungsvertragsgesetz (“VVG”)) that govern data protection and all other pertinent statutes. Moreover, our company has undertaken to comply with the code of conduct for the handling of personal data by the German insurance sector (“Verhaltensregeln für den Umgang mit personenbezogenen Daten durch die deutsche Versicherungswirtschaft”) (in German only) which explains the application of the aforementioned statutes to the insurance sector in more detail. You can retrieve this code of conduct (available in German only) under www.envivas.de/datenschutz.
If you request information e.g. about our company, or about products or services of our company, we need the information provided by you to process your request. If you require advice, we need your details for forwarding to one of our sales partners. If you make an application for insurance cover, we require the information provided by you to conclude the contract and to estimate the risk to be assumed by us. If the insurance contract comes into being, we process these data in order to perform the contractual relations; e.g. to decide whether to accept the application for insurance and, if so, subject to what conditions. We require details about the scope of medical treatment in order to check whether an insured claim has arisen and the extent to which there is a right to insurance payments.
It is not possible to process your application or to conclude and perform the insurance contract without processing your personal data.
Moreover, we require your personal data in order to prepare insurance-specific statistics, e.g. to develop new rates or to comply with supervisory-law requirements. We use the data to analyse the entire customer relationship, for example, to advise on any adaptations or additions to the contract, to decide on goodwill gestures or to provide detailed information.
The legal basis for the processing of personal data for pre-contractual and contractual purposes is Art. 6, 1. (b) GDPR. Where specific categories of personal data are required (e.g. your health data upon conclusion of a health-insurance contract), we obtain your consent under Art. 9, 2. (a) in conjunction with Art. 7 GDPR. If we prepare statistics using these data categories, this is done on the basis of Art. 9, 2. (j) GDPR in conjunction with section 27 BDSG.
We also process your data in order to protect legitimate interests of our own or of third parties (Art. 6, 1. (f) GDPR). This may be required, in particular:
Moreover, we process your personal data to meet our statutory obligations such as supervisory-law requirements, filing and storage requirements for commercial-law and tax-law purposes or our duty to provide advice. The relevant statutory provisions apply in conjunction with Art. 6, 1. (c) GDPR as the legal basis for the processing.
If we should wish to process your personal data for any purpose not mentioned above, we will inform you previously in accordance with the statutory provisions.
If there is a need to involve a broker in the processing your application, your broker processes the application data and contract data required to conclude and perform the contract. The same applies if you have a broker who looks after your insurance contracts.
Our company also transmits these data to the brokers responsible for you if they require this information for your support and to advise you on matters of insurance and on financial services.
Data processing within the group of undertakings:
Specialised companies or departments within our group of undertakings undertake certain data-processing duties centrally on behalf of the group undertakings. If there is an insurance contract between you and one or more undertakings of our group, your data may be processed centrally by an undertaking of the group e.g. for the central management of address data, for the customer telephone service, for the processing of contracts and payments, for receiving and making payments or for mutual processing for mailing purposes. The undertakings participating in centralised data processing can be found in our list of service-providers on the Internet www.envivas.de/Datenschutz (available in German only).
We use the services of external service-providers in some cases to perform our contractual and statutory duties.
You may consult a list of the contractors and service-providers whom we assign not merely for temporary business relations in the overview in the appendix to our application form and in the relevant applicable version on our website at www.envivas.de/datenschutz. We will be happy to send you a printout of the lists or of the code of conduct (in German only) by post on request.
Moreover, we may transmit your personal data to other recipients such as public authorities to comply with statutory duties of information (e.g. social-insurance funds, tax and social-insurance authorities or criminal-prosecution authorities, courts).
We erase your personal data as soon as they are no longer required for the aforementioned data purposes. But, for this reason, it is possible that personal data are stored for the period during which claims can be brought against our company (statutory limitation period of three years or up to thirty years). Moreover, we also store your personal data to the extent to which we are obliged to do so by law. Duties of verification and storage of this nature arise, inter alia, under the German Commercial Code (Handelsgesetzbuch (hereinafter “HGB”)) The storage periods thereunder last up to ten years.
You can request information about the data stored on your person from the above address. Moreover, you can require the rectification or erasure of your personal data under certain circumstances. You may also have a right to restrict the processing of your data and a right to receive the data you have provided in a structured, commonly used and machine-readable format.
You have the right to object to the processing of your personal data for purposes of direct advertising.
If we process your data to protect legitimate interests, you can object to this processing if there are reasons arising from your particular situation which oppose the data-processing.
You have the possibility of contacting the above Data Protection Officer or a data-protection supervisory authority with a complaint. The data-protection supervisory authority responsible for our company is:
Regional Officer for Data Protection and Freedom of Information for North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen)
Kavalleriestrasse 2 - 4
If we transmit personal data to service-providers outside the European Economic Area (EEA), transmission takes place only if EU Commission has confirmed that the third country has an adequate level of data protection or other adequate data-protection guarantees are available (e.g. binding corporate rules or EU standard contract clauses).
Our security precautions conform to the current state of the art:
Transmission of sensitive data
If you call up pages on our website in which it is possible to enter data and you are asked to enter data about yourself and to send off the same, we use the encryption technology SSL (Secure Socket Layer) with a key length of at least 128 bits to transmit these data via the Internet. Until the present day, no possibilities for analytical decryption of such 128-bit encryption are known.
The use of SSL is visible, inter alia, in the address (which begins in that case with https) or by the padlock in the status line of your web browser.
We do not send unencrypted messages containing personal data by e-mail. If you send us unencrypted e-mails yourself, please note that these are not protected during transmission on the Internet against unauthorised third parties gaining knowledge of, or falsifying them.
For this reason, it is recommended that you use a Contact form if you wish to send a message to Envivas.
Fraudsters use phishing to falsify e-mails and websites in order to gain access to your confidential data like passwords or other sensitive data. Please note that we never send e-mails or SMS in which you are asked, in some cases for strange reasons (e.g. end of insurance cover), to enter strictly confidential personal data like, for example, your bank account data, your credit-card number or your password. You will find more detailed information on phishing e-mails and how to protect yourself (in German only) e.g. on the pages of the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) Bundesamtes für Sicherheit in der Informationstechnik.
Further information about the technologies we use for marketing and statistical evaluation of our websites.
Other active contents (Java applets and ActiveX controls) are not used on our websites.
Our data-processing systems are protected against the outside world by firewalls. Registration procedures and authentication systems ensure that internal applications are accessible to authorised persons only.
We use the technologies of the following providers for marketing and for the statistical evaluation of our websites:
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
If you object to participation in the aforementioned procedures, you can refuse the setting of cookies in the settings of your browser software. One possibility is to change your browser settings so that the setting of cookies is automatically disabled. Another possibility is to disable cookies of the “www.googleadservices.com” domain in your browser software. The installation of corresponding browser plugins can also prevent information being sent by the cookie.
Microsoft Bing Ads (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA)
If you should arrive at our website via a Microsoft Bing advertisement, a cookie is stored in your browser software. These cookies are not used for personal identification. The information collected by the cookie serves only the purpose of preparing statistics on the use of the website. This enables us to evaluate and improve our marketing measures.
If you object to participation in the aforementioned procedures, you can refuse the setting of cookies in the settings of your browser software. One possibility is to change your browser settings so that the setting of cookies is automatically disabled. The installation of corresponding browser plugins can also prevent information being sent by the cookie. You can refuse the use of such cookies by Microsoft directly on the following website:
You can find further information on data protection and on the cookies used by Microsoft Bing on the Microsoft website:
The objection or disabling takes place via the link:
Confirming the link causes a so-called opt-out cookie to be set on your data carrier. Please note that if you delete all cookies on your terminal device, these opt-out cookies are also deleted; that means that if you continue to object to anonymised data collection, you must set the opt-out cookies again. The opt-out cookies are set per browser and terminal device. If you use different browsers to visit our website at home and at work, you must enable the opt-out cookies in the different browsers or on the different terminal devices.
metapeople Germany, Philosophenweg 21, D-47051 Duisburg
Our website, Envivas.de, uses the campaign tracking system metalyzer of metapeople GmbH (http://www.metapeople.com). Our website collects and processes data for marketing and optimisation purposes. These data can be used to issue pseudonymised user profiles. However, unless the data subject separately grants consent, there is no identification of the person and collected data are not merged into a personal profile. For each visitor to Envivas.de, the webserver of Metapeople stores the name of the Internet service-provider, the website used to visit our website and the websites visited together with the date and the length of the visit. We also use the service-providers assigned by us to this purpose. The data collected do not include your name or address or e-mail address and, therefore, allow no personal identification.
Data collection and storage may be objected to at all times with effect for the future.
Webtrekk GmbH, Boxhagener Str. 76-78, 10245 Berlin,
So that we can constantly optimise what we offer and eliminate faults more quickly, we use web-analysis technologies of the company Webtrekk GmbH, Boxhagener Str. 76-78, 10245 Berlin. Webtrekk GmbH was certified for data protection by the TÜV Saarland technical inspectorate. In particular, the collection and processing of tracking data for conformity with data protection and data security was examined and certified.
During the use of this website, information transmitted by your browser is collected in pseudonymised form and evaluated exclusively in aggregated form.
This takes place using a cookie technology and so-called pixels which are incorporated into every website. Data are collected such as browser type and version, operating system, screen resolution, IP address (collected exclusively after deleting the end digits and pseudonymised
for the purpose of session identification and, if appropriate, geolocalisation merely as far as city level and deletion directly after use), the website that you use to visit our website, and the pages of our website that you visit. There is no further issue of user profiles or evaluation of the same.
Under the German Telemedia Act (Telemediengesetz, “hereinafter TMG”), you have the right, as visitor to the contact page, to object to your visitor data being stored (collected in pseudonymised form) for the future, so that you are no longer recorded in future. You can object to data collection and storage by Webtrekk at all times with effect for the future. To do so, please use the relevant opt-out function of our service-provider Webtrekk. To do so, please click on the following link: I would like to be excluded from tracking by Webtrekk
Your successful opt-out from tracking will be confirmed. The opt-out is maintained by a cookie called “webtrekkOptOut”. If you accept this cookie and do not delete it, you need not opt-out from tracking again.
AB Tasty of AB TASTY SAS, 38 rue du sentier, 75002, Paris, France
This website uses the services of AB Tasty of AB TASTY SAS, 38 rue du sentier, 75002, Paris, France. This service is used for AB testing and for continuous improvement of the website. The cookies used make it possible to change the websites on a case-by-case basis and to analyse changes in order to structure them better for customers. Customers can object to data processing by AB Tasty on the websites by clicking on the following link: http://www.abtasty.com/#abtastyoptout=1 . The cookie thereby enabled ensures that AB Tasty is no longer executed. The objection is stored in a special cookie and remains valid as long as the cookie is not deleted. We draw your attention to the fact that the website can, in this case, no longer be used to the full extent.
Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA
We use the remarketing or "Website Custom Audience” technology of Facebook Inc. The use of this technology enables us to show interest-related advertising to visitors to our website when they visit Facebook again at a later date. For the use of this technology, Facebook pixels, i.e. small HTML elements, are integrated on our pages which Facebook can use to allocate visitors to our website to a specific target group on the basis of an anonymous identification number (“Custom Audience List”). As a result, we receive information which we use to issue and analyse lists of target groups for Facebook advertising (“Facebook Ads”), e.g. on the basis of the previously visited areas on our website.
The information generated by Facebook pixels is normally transmitted to a Facebook server in the USA where it is stored and processed. On our website, Facebook pixels are called up inside an iFrame, an HTML element which is used to structure websites. This ensures that Facebook does not extend existing user profiles with data on the use of our website or with personal data records.
If you wish to object to the use of the "Website Custom Audience”, you can do so under https://www.facebook.com/ads/website_custom_audiences. You will find further information about the purpose and scope of data collection and the further processing and use of the data by Facebook and the settings available to you to protect your privacy in the data-protection guidelines of Facebook which can be found, inter alia, on https://www.facebook.com/ads/website_custom_audiences and https://www.facebook.com/privacy/explanation