Data protection information for Customers and Interested Parties
This notice informs you about the processing of your personal data by Newline Europe Versicherung AG and your rights under data protection laws and regulations.
Data controller for data processing
Newline Europe Versicherung AG
Schanzenstrasse 38
Gebäude 81
DE-51063 Köln
Phone +49 (0) 221 9669 4510
E-Mail info@newlinegroup.de
(hereinafter referred to as “we”, is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”)).
You can reach our data protection officer by post at the above addresses with the addition – data protection officer – or by e-mail at: datenschutz@newlinegroup.de.
Purposes and legal basis of data processing
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the provisions of the German Insurance Contract Act (VVG) relevant to data protection and all other applicable laws.
If you apply for insurance cover, we need the information you provide for the conclusion of the contract and to assess the risk to be assumed by us. If the insurance contract is concluded, we process this data to execute the contractual relationship, e.g. for policy issuance or invoicing. We need information on the claim, for example, in order to be able to check whether an insured event has occurred and how high the claim is.
The conclusion respectively the execution of the insurance contract is not possible without the processing of your personal data.
In addition, we need your personal data to compile insurance-specific statistics, e.g. for the development of new tariffs or to meet regulatory requirements. The legal basis for this processing of personal data for pre-contractual and contractual purposes is Article 6 para 1 b) GDPR. If special categories of personal data (e.g. your health data when concluding an accident insurance contract) are required for this purpose, we obtain your consent in accordance with Article 9 para 2 a) in conjunction with Article 7 GDPR. If we compile statistics with these data categories, this is done on the basis of Article 9 para 2 j) GDPR in conjunction with Article 89 para 1 GDPR and Section 27 BDSG.
We also process your data in order to protect legitimate interests of us or of third parties (Article 6 para 1 f) GDPR). This may be necessary in particular:
- to ensure IT security and IT operations,
- to advertise our own insurance products and other products of the group of companies.
In addition, we process your personal data to fulfil legal obligations such as regulatory requirements, commercial and tax retention obligations or our duty to provide advice. In this case, the legal basis for the processing is provided by the respective legal regulations in conjunction with Article 6 para 1 c) GDPR. Should we wish to process your personal data for a purpose not mentioned above, we will inform you of this beforehand within the framework of the legal provisions.
Reinsurer
We insure risks assumed by us with special insurance companies (reinsurers). For this purpose, it may be necessary to transmit your contract and, if applicable, claims data to a reinsurer so that they can form their own picture of the risk or the insured event. Furthermore, it is possible that the reinsurer supports our company due to its special expertise in the risk or benefit assessment as well as in the evaluation of procedures. We only transfer your data to the reinsurer to the extent that this is necessary for the performance of our insurance contract with you or to the extent necessary to protect our legitimate interests.
Intermediary
Insofar as you are looked after by an intermediary with regard to your insurance contracts, your intermediary processes the application, contract and claims data required for the conclusion and implementation of the contract. Our company also transmits this data to the intermediaries looking after you, insofar as they require the information to look after you and advise you in your insurance and financial services matters.
Data processing in the group of companies
Specialised companies or divisions of our group of companies (Newline Group and Odyssey Group) perform certain data processing tasks centrally for the companies affiliated in the group. If an insurance contract exists between you and one or more companies of our group, your data may be processed centrally by a company of the group, for example, for the central administration of address data, for telephone customer service, for contract and benefit processing, for collection and disbursement or for joint mail processing.
External service provider
We sometimes use external service providers to fulfil our contractual and legal obligations. We will be happy to provide you with a list of the contractors and service providers we use with whom we have more than temporary business relationships on request.
Other recipients
In addition, we may transfer your personal data to other recipients, such as authorities for the fulfilment of statutory notification obligations (e.g. social insurance institutions, tax authorities or law enforcement agencies).
Data transfer to a third country
If we transfer data to service providers or internal group companies outside the European Economic Area (EEA) after 25.05.2018, the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. EU standard contractual clauses) are in place. You can then request these at one of the above-mentioned contact addresses.
Duration of data storage
We keep your data for as long as it is required for the above-mentioned purposes. In this context, personal data may be retained for the time during which claims can be asserted against our company (e.g. statutory limitation period of three or up to thirty years). In addition, we store your personal data insofar as we are legally obliged to do so. Corresponding obligations to provide proof and to store data result, among other things, from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act. The storage periods are then up to ten years.
Data subjects’ rights
You can request information about the data stored about you at the above addresses. In addition, you can request the correction or deletion of your data under certain conditions. You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, common and machine-readable format.
Right to object
You have the right to object to the processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you may object to such processing if your particular situation gives rise to reasons against data processing.
Right of appeal
You have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority with a complaint.
The data protection supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
DE-40102 Düsseldorf
The laws mentioned in this information (DSGVO and BDSG) came into force on 25.05.2018.
Last updated: 18 July 2024