Data protection
I. Responsible body
Responsible body pursuant to Art. 13 para. 1 lit a) GDPR
Ecclesia Gruppe Vorsorgemanagement GmbH
Ecclesiastraße 1 - 4
32758 Detmold
Phone +49 5231 603-0
Fax +49 5231 603-197
Email info@ecclesia-gruppe-vorsorge.de
(hereinafter referred to as "we" or "the broker")
II Contact details of the data protection officer
Ecclesia Gruppe Vorsorgemanagement GmbH
Data Protection Officer
Ecclesiastraße 1 - 4
32758 Detmold
Phone +49 5231 603-6129
Fax +49 5231 603-606129
E-mail dsb(at)ecclesia-gruppe-vorsorge(dot)de
III General information and responsible body
The following information serves to fulfill the obligation to provide information when collecting personal data from the data subject in accordance with Art. 13 GDPR.
This applies to the processing of personal data that takes place on the basis of the contractual relationship between the parties.
Personal data is any information relating to an identified or identifiable natural person.
Different categories of personal data are processed for the performance of our brokerage services. Examples include name, address, bank details, communication data, insurance policy numbers, etc.
Special categories of personal data are generally only processed with your consent. These include health data. The legal basis for this processing in this case is Article 9(2)(a) GDPR. In certain cases, the processing of special categories of personal data is necessary for the establishment, exercise or defense of legal claims. The corresponding legal basis for this processing is Article 9(2)(f) GDPR.
IV Information on the processing of your personal data
1. purpose of the processing of personal data and its legal basis, Art. 13 para. 1 lit. c) GDPR
We process your data exclusively for the purpose of fulfilling our brokerage services. This includes in particular the brokerage of insurance services and the associated requests for cover, conclusion of contracts, contract administration and handling of claims. The legal basis for data processing is Article 6(1)(b) GDPR.
Insofar as we have not collected your personal data directly from you (for example in connection with the processing of claims), the legal basis for data processing is Article 6(1)(f) GDPR, the legitimate interest of us or of third parties. The legitimate interest is to provide our customers with efficient support in connection with a claim and in all related insurance law matters. Without this data processing, claims cannot be processed or can only be processed with difficulty.
In the case of the processing of special categories of personal data, this processing takes place exclusively on the basis of your express consent. The legal basis for this processing is Article 9(2)(a) GDPR.
Otherwise, we process your personal data on the basis of your consent in accordance with Article 6(1)(a) GDPR for the purposes stated in the context of the consent.
Finally, some of the data may be processed automatically with the aim of evaluating certain personal aspects (profiling). Profiling is used in the following cases, for example:
Due to legal and regulatory requirements, we as insurance brokers are obliged to carry out a target market comparison in various product areas, in particular for investment and insurance investment products, in order to check whether the product is suitable or appropriate for the customer. Data evaluations are also carried out in the process. For example, your knowledge and experience with investment products, your financial circumstances, your loss-bearing capacity, your investment objectives and your risk tolerance are included in the assessment. These are automatically compared with the corresponding product specifications. These measures support us in the provision of our investment advice and brokerage services and also serve to protect the customer.
The necessity and scope of data processing depend on the advisory and brokerage services you require. Your consent is required for the processing of your personal data by the service providers we use if they are not acting as processors within the meaning of Art. 28 GDPR.
As part of the needs analysis in Ecclesia Vorsorge carried out voluntarily by you, your personal data will be processed automatically in order to assess your life situation with regard to possible gaps in cover or a need to optimize existing insurance cover (profiling). Data is analyzed in the process. The following data is included in the evaluation: Marital status, professional activity, remuneration, health insurance status (private or statutory health insurance), housing situation, other real estate situation, types of vehicle used, pet ownership and hobbies. This information is automatically compared with the assessment criteria in Ecclesia Vorsorge. The evaluation criteria in Ecclesia Vorsorge are not product-specific, but are based on generally applicable guidelines and recommendations from the insurance industry for covering insurance needs in a specific life situation. The result of the needs analysis is a non-binding proposal for taking out cover in a specific insurance class, without recommending a specific individual product. The needs analysis serves as a non-binding information service for you and supports us in providing our investment advice and brokerage services. The information provided in the needs analysis in Ecclesia Vorsorge and the result of the analysis are only made available by Ecclesia Vorsorge to you and the brokers providing support. No other data will be transferred to third parties. The processing of data as part of the needs analysis and the forwarding of data from Ecclesia Vorsorge to us is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Your consent also serves to transfer your data to third parties, such as broker pools, operators of comparison portals, etc., with whom we regularly work together to optimize our services for our customers as part of our activities as insurance brokers.
As part of the comparison calculations you voluntarily carry out in Ecclesia Vorsorge, the data you enter is collected, processed, stored and used for the purposes of preparing comparisons and offers and for further processing and support, in particular the fulfillment of the brokerage contract and the fulfillment of statutory consulting and brokerage obligations. The processing of data in the context of comparative calculations and the forwarding of data from Ecclesia Vorsorge to us is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR and Art. 6 para. 1 lit. b) and lit. c) GDPR. Your consent is also used to transfer your personal data to third parties, such as broker pools etc. with whom we regularly work together to optimize our services for our customers as part of our activities as insurance brokers.
2. data transfer and recipients or categories of recipients of personal data, Art. 13 para. 1 lit. e) GDPR
Your personal data will only be passed on to third parties on the basis of your consent or on the basis of a legal permission. Our employees are also obliged to maintain confidentiality and to comply with the provisions of data protection laws.
Your personal data will only be passed on to state institutions and authorities entitled to receive information within the framework of the relevant laws.
It may be necessary to pass on your data to other bodies or to receive data from them, particularly in connection with requests for cover, the conclusion of contracts, contract administration and the processing of claims and benefits. These are
- Broker pools
- insurance companies
- reinsurance companies
- service companies
- Insurance brokers (sub-brokers)
- Social insurance institutions
- Credit institutions and investment companies
- Appraisers
- Financial services institutions and securities trading companies
- Lawyers, tax consultants, auditors
- Insurance ombudsmen
- Federal Financial Supervisory Authority (BaFin)
- Underwriting agents
- Legal successors
We have commissioned Ecclesia Holding GmbH and Jung, DMS & Cie. AG to process your personal data on our behalf as part of an order processing contract for the technical implementation of broker services.
Data will only be transferred to countries outside the European Economic Area (third countries) if this is necessary for the performance of our activities or if you have given us your consent or if this is otherwise permitted by law. In this case, we take measures to ensure the protection of your data. We only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the GDPR for transfers to third countries (Articles 44 to 49 GDPR).
3. duration of the storage of your personal data, Art. 13 para. 2 lit. a) GDPR
Your personal data will be stored for the fulfillment of our brokerage services and the associated legal obligations. If your personal data is no longer required for this purpose, it will be deleted automatically.
Our brokerage services and the associated legal obligations include, in particular, the retention of documents and information within the statutory retention periods (up to ten years) as well as proof of proper advice and contract performance (in accordance with the statutory limitation periods of up to 30 years).
4. provision of your personal data
The fulfillment of our brokerage services is not possible without the processing of your personal data. It is therefore necessary for you to disclose personal data.
In certain cases, for example in the event of a claim, this may be voluntary information. Where this is the case, we will inform you accordingly. The personal data you provide will be processed exclusively for the purposes communicated to you.
5 Sources from which your personal data originates
Where we have not collected your personal data directly from you, this data comes from the following sources
- Insurers
- reinsurers
- Insurance intermediaries
- Social insurance institutions
- Lawyers
- appraisers
- Publicly accessible sources (e.g. official registers, address directories, Internet)
6. your security
We use technical and organizational measures to protect your data against unauthorized access, loss, manipulation or destruction. Our security measures are constantly updated in line with technological developments.
7. rights as a data subject of data processing
a. Information, Art. 13 para. 2 lit. b), Art. 15 GDPR
You have the right to request information from us about the personal data we have stored about you. We will be happy to provide you with this information on request. Furthermore, we will be happy to inform you on request to which third parties your personal data was transmitted during the fulfillment of the contractual relationship.
b. Rectification, Art. 13 para. 2 lit. b), Art. 16 GDPR
You have the right to request that we rectify or complete your personal data. If you do not notify us accordingly, this will be done immediately if we become aware that the data stored by us is incorrect or incomplete.
c. Deletion, Art. 13 para. 2 lit. b), Art. 17 GDPR
You have the right to demand that we delete the personal data stored by us. The possibility of an actual deletion is based on the requirements mentioned under the aforementioned point 3. The deletion of customer data is carried out in accordance with the rules described above under 3.
d. Restriction of processing, Art. 13 para. 2 lit. b), Art. 18 GDPR
You have the right to demand that we restrict processing. This is particularly relevant if there are reasons preventing erasure. From this point on, the personal data will only be processed with your consent.
e. Right to data portability, Art. 13 para. 2 lit. b), Art. 20 GDPR
You have the right to request that we transfer your personal data to you or a third party in a structured, commonly used and machine-readable format.
f. Revocation of consent, Art. 13 para. 2 lit. c) GDPR
You have the right to revoke the consent you have given us at any time. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
g. Right to lodge a complaint, Art. 13 para. 2 lit. d) GDPR
You have the right to lodge a complaint with the above-mentioned data protection officer or a data protection supervisory authority at any time.
PDF download: Data protection notices and information pursuant to Articles 13 and 14 GDPR