This notice informs you about the processing of your personal data by Newline Europe Versicherung AG and the rights to which you are entitled under data protection law.
Data Controller for Data Processing
Newline Europe Versicherung AG
Schanzenstr. 38
Gebäude 81
51063 Köln
Phone: +49 (0) 221 9669 4510
E-Mail: info@newlinegroup.de
(hereinafter referred to as “we”, is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”)).
You can reach our data protection officer by post at the above addresses with the addition – data protection officer – or by e-mail at: datenschutz@newlinegroup.de.
Purposes and Legal Bases of Data Processing
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the provisions of the German Insurance Contract Act (VVG) relevant to data protection and all other applicable laws.
In the course of claims processing, we have received your personal data directly from you or from a party involved in the claim. This information about the claim is processed by us. This is necessary, for example, to be able to check whether an insured event has occurred and the amount of the claim.
A decision on asserted claims or the processing of a claim is not possible without processing your personal data.
The legal basis for this processing of personal data in the processing and settlement of claims is Article 6(1) c) EU-DSGVO.
In addition, we need your personal data to compile insurance-specific statistics, e.g. for the development of new tariffs or to meet regulatory requirements. The legal basis for this processing of personal data for pre-contractual and contractual purposes is Article 6 para 1 b) GDPR. If special categories of personal data (e.g. your health data when concluding an accident insurance contract) are required for this purpose, we obtain your consent in accordance with Article 9 para 2 a) in conjunction with Article 7 GDPR. If we compile statistics with these data categories, this is done on the basis of Article 9 para 2 j) GDPR in conjunction with Article 89 para 1 GDPR and Section 27 BDSG.
We also process your data in order to protect legitimate interests of us or of third parties (Article 6 para 1 f) GDPR). This may be necessary in particular:
- to ensure IT security and IT operations,
- to advertise our own insurance products and other products of the group of companies.
In addition, we process your personal data to fulfil legal obligations such as regulatory requirements, commercial and tax retention obligations or our duty to provide advice. In this case, the legal basis for the processing is provided by the respective legal regulations in conjunction with Article 6 para 1 c) GDPR. Should we wish to process your personal data for a purpose not mentioned above, we will inform you of this beforehand within the framework of the legal provisions.
Reinsurer
We insure risks assumed by us with special insurance companies (reinsurers). For this purpose, it may be necessary to transmit your contract and, if applicable, claims data to a reinsurer so that they can form their own picture of the risk or the insured event. Furthermore, it is possible that the reinsurer supports our company due to its special expertise in the risk or benefit assessment as well as in the evaluation of procedures. We only transfer your data to the reinsurer to the extent that this is necessary for the performance of our insurance contract with you or to the extent necessary to protect our legitimate interests.
Intermediary
If an intermediary looks after our policyholder and is involved in the claims settlement process, we transmit personal data to this intermediary if the information is required for the settlement of the claim. The intermediary is legally and contractually obliged to observe the provisions of the GDPR and other relevant data protection regulations and its special confidentiality obligations (professional and data secrecy).
Data Processing in the Group of Companies
Specialised companies or divisions of our group of companies (Newline Group and Odyssey Group) perform certain data processing tasks centrally for the companies affiliated in the group. If an insurance contract exists between you and one or more companies of our group, your data may be processed centrally by a company of the group, for example, for the central administration of address data, for telephone customer service, for contract and benefit processing, for collection and disbursement or for joint mail processing.
External Service Provider
We sometimes use external service providers to fulfil our contractual and legal obligations. We will be happy to provide you with a list of the contractors and service providers we use with whom we have more than temporary business relationships on request.
Other Recipients
In addition, we may transfer your personal data to other recipients, such as authorities for the fulfilment of statutory notification obligations (e.g. social insurance institutions, tax authorities or law enforcement agencies).
Data Transfer to a Third Country
If we transfer data to service providers or internal group companies outside the European Economic Area (EEA) after 25.05.2018, the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. EU standard contractual clauses) are in place. You can then request these at one of the above-mentioned contact addresses.
Duration of Data Storage
We keep your data for as long as it is required for the above-mentioned purposes. In this context, personal data may be retained for the time during which claims can be asserted against our company (e.g. statutory limitation period of three or up to thirty years). In addition, we store your personal data insofar as we are legally obliged to do so. Corresponding obligations to provide proof and to store data result, among other things, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act. The storage periods are then up to ten years.
Data Subjects’ Rights
You can request information about the data stored about you at the above addresses. In addition, you can request the correction or deletion of your data under certain conditions. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, common and machine-readable format.
Right of Objection
You have the right to object to the processing of your personal data for direct marketing purposes.
If we process your data to protect legitimate interests, you can object to this processing if reasons arise from your particular situation that speak against the data processing.
Right of Appeal
You have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority with a complaint. The data protection supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
The laws mentioned in this information (DSGVO and BDSG) came into force on 25.05.2018.
Last updated: 05.09.2023