Privacy Policy

Information on data protection 

In a nutshell

This privacy policy informs you about how we handle your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The controller for data processing (unless otherwise stated below) is the Euro-Aviation Versicherungs-Aktiengesellschaft (hereinafter referred to as “Euro-Aviation”, “we” or “us”).

We care about your personal data. Our privacy policy consists of two parts. Part A provides you with general information on data protection at Euro-Aviation and explains, among other things, what rights you have and where you can assert them. Part B is dedicated to the various groups of data subjects and explains in detail what data we collect and process about you. We address you in your role as:

  1. Visitors to our website;
  2. Persons involved in a claim;
  3. Co-insured persons and premium payers;
  4. Contact persons at service providers, suppliers and business partners;
  5. Applicants.

 

  1. General information

 

  1. Our contact details

If you have any questions or suggestions regarding this information or would like to assert your rights, please send your enquiry to

 

Euro-Aviation Versicherungs-Aktiengesellschaft

Hochallee 80

20149 Hamburg, Germany

info@euroaviation.de

+49 [40] 44 59 41

 

  1. On what basis do we process your data?

The data protection term “personal data” refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal authorisation. We only process personal data with your consent (Art. 6 para. 1 lit. a GDPR), for the fulfilment of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR), for the fulfilment of a legal obligation (Art. 6 para. 1 lit. c GDPR) or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms that require the protection of personal data prevail (Art. 6 para. 1 lit. f GDPR).

 

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 para. 1 sentence 1 BDSG and Art. 6 para. 1 lit. b GDPR).

 

  1. Your rights

You decide on your data! As a data subject, you therefore have the right to assert your data subject rights against us. You have the following rights under the data protection laws applicable to you:

 

  • In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to request access as to whether or not we process personal data relating to you and, if so, to what extent.
  • You have the right to demand that we rectify your data in accordance with Art. 16 GDPR.
  • You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and Section 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
  • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
  • If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
  • If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

 

In accordance with Art. 21 para. 1 GDPR, you have the right to object to processing based on the legal basis of Art. 6 para. 1 lit. e or f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 para. 2 and 3 GDPR.

 

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.

 

This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with Art. 15 to 22 GDPR and Section 34 para. 2 BDSG.

 

  1. Where do we process your data?

In principle, we process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we send your data. Some data processing operations may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permitted if the European Commission has determined that an adequate level of data protection is required in such a third country. This applies to all transfers to countries in this list: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

 

If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are appropriate safeguards in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR are met.

 

If there is no adequacy decision and unless otherwise stated below, we use the EU Standard Contractual Clauses as appropriate safeguards for the transfer of personal data from the scope of the GDPR to third countries. You have the option of obtaining or viewing a copy of these EU Standard Contractual Clauses. Please contact us at the address given under the contact details above. 

 

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 lit. a GDPR.

 

  1. To whom and why do we transfer your personal data?

In order to provide our services and operate economically as a company, we use various external service providers to whom we transfer personal data in certain cases. There may also be other data transfers to external recipients. If other specific recipients contain personal data for some groups of data subjects, we will inform you about this in Part B.

 

  • Hosting provider: We commission certified service providers to host our data.
  • IT service providers, SaaS providers, web agency: We use the services of various service providers who support us as processors and simplify and optimise our processes.
  • Public authorities: Data transfers may take place to comply with legal regulations or to respond to court orders or other similar official requests.
  • Reinsurance companies: We work together with reinsurance companies to protect against high financial losses. In certain cases, your personal data may be passed on to a small extent for this purpose.
  • Other insurance companies: In certain cases, we transfer personal data to other insurers. This is the case, for example, if the insured risk is not only borne by us but is spread across several insurance companies. We also transfer personal data of policyholders to following insurance companies if certain conditions are met.
  • Experts: We work together with external experts (e.g. lawyers, experts) to assess claims and sums insured. If necessary, your personal data will be passed on in this context.
  • Insurance brokers, insurance intermediaries, underwriting agents and broker pools: We may pass on data relevant to contracts and claims to these persons and bodies.
  • Other recipients: We may also transfer your personal data to organisations such as postal and delivery services, house banks, document destruction service providers, lawyers, debt collection service providers and tax consultancy/auditing firms.

 

How long do we store your data?

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting data for eight or ten years and personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

 

How do we use “cookies” and other tracking technologies?

We use cookies and similar technologies on our website. We have summarised more information about how we use these technologies in our cookie banner. The banner can be accessed via the button at the bottom left of our website. There you will also find a list of other companies that place cookies on our website and process data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, a list of cookies that we place and an explanation of how you can refuse certain types of cookies.

 

How can you contact our Data Protection Officer?

You can reach our data protection officer using the following contact details

 

Email: datenschutzbeauftragter@euroaviation.de

Herting Oberbeck Datenschutz GmbH

Startseite

 

 

Special information – How and why we process your data

 

Visitors to our website

 

We process data that you provide about yourself in contact forms, such as your name, e-mail address, content data and, if applicable, your telephone number for the following purpose:

 

Support and communication: answering enquiries.

 

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit.  f GDPR in responding to incoming enquiries. If your enquiry relates to the conclusion or performance of a contract between you and us, the legal basis is Art. 6 para. 1 lit. b GDPR.

 

We process pseudonymised information about the device and browser you are using, server log files, your network connection and your IP address for the following purposes:

 

Ensuring the security, operability and stability of our website, including defence against attacks.

 

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the flawless functionality and stability of the website.

 

We process information about your behaviour on the website. This includes the IP address and user IDs, some of which are assigned by third-party providers. This is done for the following purposes:

 

Reach measurement and analysis of visitor behaviour to optimise our website, increase customer satisfaction and error analysis.

 

Legal basis: Consent in accordance with Art. 6 para. 1 lit. a GDPR, which we obtain via the consent banner on our website and which you can withdraw or adjust at any time via the button at the bottom left of our website.

 

Persons involved in a claim

 

We process data that is shared with us about you as an involved participant in a claim, such as your name, your contact details, your master data and information about a claim. This may also include health data and thus special categories of personal data within the meaning of Art. 9 para. 1 GDPR. We process this data for the following purposes:

 

Fulfilment of insurance contracts;
Review and fulfilment of claims arising from insurance contracts.

Legal basis: Art. 6 para. 1 lit. c GDPR in conjunction with Section 100 VVG or Art. 6 para. 1 lit. b GDPR or, if you are not a party to the contract yourself, our legitimate interest in the performance of the contract pursuant to Art. 6 lit. f GDPR. In the case of the processing of health data, Art. 9 para. 2 lit. f GDPR in conjunction with Section 100 VVG is the legal basis. If we obtain your consent, Art. 6 para. 1 lit. a GDPR and Art. 9 para. 2 lit. a GDPR constitute the legal basis.

Your personal data may be transferred to experts, other insurance companies, reinsurance companies, insurance brokers, insurance intermediaries, underwriting agents, broker pools, authorities and service providers. Further information on data recipients can be found under point A.5.

 

Co-insured persons and premium payers;

 

We process data that you or others, in particular the policyholders, provide to us about you (e.g. name, contact details, master data). We also process data of persons who are not policyholders or co-insured persons but who pay the insurance premiums for other persons. This processing is carried out for the following purposes

 

Execution of insurance contracts;
Claims processing;
Processing of payments.

 

Legal basis: The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the performance of contracts and the processing of payments.

 

To comply with legal regulations and retention obligations.

 

Legal basis: Compliance with legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.

 

Contact persons of service providers, suppliers and business partners

 

We process data that you provide to us about yourself and, if applicable, the company you work for, such as your name, email address and telephone number, for the following purposes

 

Fulfilment of the contract between us and you or with the company in which you work (this includes contract administration, documentation for ongoing cooperation, invoicing and communication).

 

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the fulfilment of the contract between the company in which you work and us. If you yourself are a party to the contract, the legal basis is Art. 6 para. 1 lit. b GDPR.

 

Applicants

 

Data that you provide to us in the course of your application or that a recruitment agency transmits to us. This is information about your CV, your previous career and other data that we process for the following purposes:

 

Determining whether employment is possible;
Initiation of an employment relationship.

 

Legal basis: Contract initiation in accordance with Art. 6 para. 1 lit. b GDPR and Section 26 para. 1 sentence 1 BDSG.

 

Fulfilment of statutory retention obligations or defence against legal claims.

 

Legal basis: Compliance with legal obligations pursuant to Art. 6 para. 1 lit. c GDPR or legitimate interest in the defence of legal claims pursuant to Art. 6 para. 1 lit. f GDPR.

 

Inclusion in our talent pool to be contacted again later if no employment relationship materialises for the time being.

Legal basis: Consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can withdraw at any time by contacting us using the contact details above.

If we are unable to offer you employment, we will retain the application documents you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.