Protection of personal data and responsible handling of information that you entrust to us are important and special concerns for us. Junge & Co. Versicherungsmakler GmbH (Junge & Co.) processes personal data only in accordance with legal requirement, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The subject of data protection is personal data. This means any information relating to an identified or identifiable natural person, such as name, address, e-mail address or telephone number.
1. Controller and Data Protection Officer
Controller in the meaning of data protection law: Junge & Co. Versicherungsmakler GmbH.
2. Processing of your personal data: Purposes, legal bases and recipients
a) Website Visit
When you visit our website, we collect personal data to enable your use (“Usage Data”; server log files). This includes your IP address and information start, end and subject of your use of the website. It also includes the technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type), etc. This data is used for the provision and demand-oriented design of this website in our legitimate interest, Art. 6 (1) (f) GDPR.
b) Our Contact Form
If you send us enquiries via the contact form, your details from the enquiry form including the contact data you provided there will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. These data will not be passed on without your consent. This data is processed on the basis of Art. 6 (1)(b) GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR).
The data you enter in the contact form will remain with us until the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
c) Inquiry by E-Mail or Telephone
If you contact us by e-mail, telephone or fax – including applications – your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. This data is processed on the basis of Art. 6 (1) (b) GDPR if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In the case of applications, processing takes place on the basis of § 26 (1), (8) s. 2 BDSG or § 26 (2), (8) s. 2 BDSG. In all other cases, processing is based on our legitimate interests (Art. 6 (1) (f) GDPR), as we have a legitimate interest in the effective processing of enquiries addressed to us.
The data sent to us by you via contact requests will remain with us until the purpose for data storage no longer applies (e.g. after the processing of your request has been completed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
d) Google Maps
On the page of the contact form there is a plugin which shows a map of Google Maps. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Using this service will show you our location and make it easier for you to find us.
This is done by connecting your browser to Google’s servers as if you were visiting the Google search engine’s website. If you are logged into Google, your information will be directly linked to your account. If you do not wish to be linked to your profile on Google, you must log out before activating the button. Google is responsible for data processing by Google. There is no tracking by Google on our website.
The certification of Google according to the EU-U.S. Privacy Shield Framework ensures that the level of protection of natural persons guaranteed by the GDPR is not impaired by data transfers.
e) Yoast SEO
We use Yoast SEO on this website. Provider is Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands, Tel: +31 (0)24 82 00 337 (Chamber of Commerce / KvK: 55404367, VAT Number: NL851692540B01).
We use WPML on this website. Provider is OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong.
3. Transfer to Third Parties
We only pass on the personal data described here insofar as this is necessary for the provision of our service or legally required within this framework (see Art. 6 (1) (a) (c) GDPR). Within the scope of the purposes mentioned here, personal data is forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 (3) GDPR.
In particular, we have passed on personal data to the following categories of service providers:
– Accounting, Financial Institutions, Tax and Legal Advisors;
– IT services and infrastructure, e.g. for the application process;
– IT support and maintenance;
– Data destruction and facility services;
– In addition to the categories already mentioned, further categories of service providers may exist or be added.
Otherwise, we will only transfer personal data to third parties if you have given us legal permission to do so or have given your prior consent. You may revoke any consent you may have given at any time with effect for the future. We will only pass on your data to government agencies within the scope of legal obligations or on the basis of an official order or court decision and only to the extent that this is permissible under data protection law.
4. Transfer to countries outside the EEA
In individual cases we may also transfer your personal data to recipients outside the EEA. This is in particular the case if we have to transfer this data to recipients in third countries as part of contract processing or due to statutory regulations.
Otherwise, we only transfer data to third countries if it is ensured that the recipient of the data has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46 (2), (3) GDPR and no other interests worthy of protection speak against the data transfer. Google is certified in accordance with the EU-U.S. Privacy Shield Framework, which ensures that the level of protection of natural persons guaranteed by the GDPR is not impaired by data transfers (https://www.privacyshield.gov/participant?id=a2zt0000000000001L5AAI&status=Active).
We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for Junge & Co. to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
6. Data Security
Junge & Co. has taken the necessary technical and organisational measures to protect the personal data you provide against loss, manipulation and unauthorised access. Our employees are obliged to handle personal data confidentially and are trained accordingly. Both internal and external audits ensure compliance with all processes relevant to data protection at Junge & Co.
7. Your Rights
Data protection law grants you a number of rights with regard to data relating to your person (so-called data subject rights). In general these are
– the right to request information about the personal data we have stored about you,
– the right to rectification of your incorrect data,
– the right to delete data that may no longer be stored,
– the right to restrict the processing in certain cases,
– the right to object to the processing if it is based on legitimate interests and if you assert justified contrary interests in your situation (Art. 21 (1) GDPR),
– the right to object to processing for the purposes of direct marketing (Art. 21(2) GDPR),
– the right to data transfer, i.e. the right to transfer data that you have provided to you or to a third party in electronic form, and
– the right to revoke any consent given with effect for the future.
Whether and to what extent these rights exist in the individual case and which conditions apply, is determined by the law, i.e. by the GDPR and the BDSG. You also have the right to complain to the competent data protection supervisory authority.
For the exercise of these rights and for other questions regarding data protection, please contact us or our company data protection officer (see section 1). In order to process your request promptly, we recommend that you provide us with your name and, if available, your e-mail address.
8. No automated individual Decision-Making
We do not use your personal data for automated individual decisions within the meaning of Art. 22 (1) GDPR.
Date of last revision: 30.09.2019