Privacy Policy
General Information
The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.
Data Collection on This Website
Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the section “Note on the Responsible Entity” in this privacy policy.
How do we collect your data?
Your data are collected firstly by you providing us with it. This might be data you enter into a contact form.
Other data are collected automatically or after your consent when you visit the website by our IT systems. These are mainly technical data (e.g., internet browser, operating system, or time of page view). The collection of this data is automatic as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure a flawless provision of the website. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to obtain information about the origin, recipient, and purpose of your stored personal data free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke this consent at any time for the future. You also have the right, under certain circumstances, to request that the processing of your personal data be restricted. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time for further questions on the subject of data protection.
Analysis Tools and Third-party Tools
When visiting this website, your surfing behavior can be statistically analyzed. This is primarily done with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
Hosting
We host the content of our website with the following provider:
Hetzner
The provider of our website hosting services is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter referred to as Hetzner). When you visit our website, Hetzner collects various log files including your IP addresses. Further details on the data collected and their processing can be found in Hetzner’s privacy policy at https://www.hetzner.com/rechtliches/datenschutz.
The use of Hetzner is based on Article 6(1)(f) GDPR. We have a legitimate interest in a reliable and secure presentation of our website. If the appropriate consent has been obtained, data processing is carried out solely on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g., device fingerprinting). The consent can be revoked at any time.
Data Processing Agreement
We have concluded a data processing agreement with Hetzner. This agreement is required under data protection law and ensures that Hetzner processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
General Notes and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g., when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.
Note on the Responsible Entity
The responsible party for data processing on this website is:
Calvin Boschetto
ARAG HGST Oberland
Hans-Urmiller-Ring 35
82515 Wolfratshausen
Phone: 08171-9082930
Email: calvin.boschetto@arag-partner.de
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a justified request for deletion or revoke consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will occur after these reasons cease to apply.
General Notes on the Legal Basis for Data Processing on This Website
If you have consented to data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if special categories of data according to Art. 9 para. 1 GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to access to information in your end device (e.g., via device fingerprinting), data processing is additionally based on § 25 para. 1 TTDSG. Consent can be revoked at any time. If your data is necessary for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f GDPR. The respective legal bases in individual cases are informed in the following paragraphs of this privacy policy.
Note on Data Transfer to the USA and Other Third Countries
We use, among others, tools from companies based in the USA or other third-party countries that are not considered secure under data protection law. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no comparable level of data protection can be guaranteed in these countries. For example, US companies are obliged to release personal data to security authorities without you as the data subject being able to take legal action against this. It is therefore not excluded that US authorities (e.g., intelligence agencies) process, evaluate, and permanently store your data on US servers for surveillance purposes. We have no influence over these processing activities.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Consent with Borlabs Cookie
Our website uses the consent technology of Borlabs Cookie to obtain your consent to store certain cookies in your browser or to use specific technologies and to document this consent in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, which records the consents you have given or the revocation of these consents. This data is not shared with the provider of Borlabs Cookie.
The data collected is stored until you request us to delete it, delete the Borlabs cookie yourself, or the purpose for data storage is no longer applicable. Mandatory statutory retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/which-data-does-borlabs-cookie-store/.
The use of Borlabs Cookie consent technology is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address
• This data is not merged with other data sources.
The collection of this data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – for this, the server log files must be recorded.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer pertains (e.g., after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Request by E-Mail, Telephone, or Fax
If you contact us by e-mail, telephone, or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of these data is based on Art. 6 Para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data sent by you to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer pertains (e.g., after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
Analysis Tools and Advertising
Meta Pixel (formerly Facebook Pixel)
This website uses the visitor action pixel from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement, however, the collected data is also transferred to the USA and other third countries.
This allows the behavior of page visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous for us as the operator of this website; we cannot draw conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). This allows Facebook to enable the placement of ads on pages of Facebook as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
The use of this service is based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. The consent can be revoked at any time.
We use the Advanced Matching feature within the Meta Pixel.
Advanced Matching allows us to transmit various types of data (e.g., location, state, ZIP code, hashed email addresses, names, gender, date of birth, or telephone number) of our customers and prospects, which we collect through our website, to Meta (Facebook). By activating this, we can tailor our advertising campaigns on Facebook more precisely to people who are interested in our offers. In addition, Advanced Matching improves the assignment of web page conversions and expands Custom Audiences.
As far as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing that occurs after the data has been forwarded to Facebook is not part of the joint responsibility. The obligations incumbent upon us jointly have been specified in an agreement regarding joint processing. You can find the text of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. Data subject rights (e.g., requests for information) concerning data processed by Facebook can be asserted directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.
In Facebook’s privacy notices, you can find more information on protecting your privacy: https://www.facebook.com/about/privacy/.
You can also deactivate the remarketing feature “Custom Audiences” in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
LinkedIn Ads and Pixel
Our website utilizes LinkedIn Ads and its conversion tracking technology, provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. With LinkedIn Ads, we can target ads to users who have visited our site, through the use of LinkedIn’s conversion tracking pixel. This tool helps us measure the effectiveness of our advertising by tracking actions visitors take after viewing those ads. The data collected remains anonymous to us but can be used by LinkedIn for their own advertising purposes according to LinkedIn’s Data Privacy Policy.
Reddit Ads and Pixel
We use Reddit Ads to place targeted advertisements on Reddit platforms. Reddit uses cookies and tracking pixels to track the behavior of users who click on ads, providing analytics and effectiveness metrics to us. The data collected through Reddit’s tracking technologies is subject to Reddit’s privacy policy, and helps in optimizing our advertising strategies.
Google Ads and Conversion Tracking
Google Ads, a service by Google Inc., uses cookies and tracking pixels to serve ads based on someone’s past visits to our website. Google uses this data to track conversions and to measure the performance of our ads. The information collected may include navigation paths, dwell time, and other information about how the site is used, all of which are used for analytical purposes as per Google’s privacy policy.
TikTok Ads and Pixel
TikTok Ads, provided by TikTok Technology Limited, uses tracking pixels to monitor the actions users take after interacting with our ads on TikTok. This helps in tracking conversions and the effectiveness of the ads presented. Data collected by TikTok remains under the protection of TikTok’s privacy guidelines, which manage the use and sharing of such information.
Microsoft Ads and UET Tag
Microsoft Ads uses Universal Event Tracking (UET) to track user behavior on our website after they click on one of our ads. This data is used to assess the quality and effectiveness of our advertising campaigns through metrics like clicks, impressions, and conversion rates. The data collected is handled according to Microsoft’s privacy policy, which ensures the confidentiality and integrity of the data.
Data Handling and Consent
All these technologies collect data that may include personal details like IP addresses and cookie identifiers to track user interactions and conversions. The use of these tools is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG. You can revoke your consent at any time, affecting the further use of data collected during your visits to our website.
Data Transfer and Security
For services based outside the EU, such as LinkedIn and Google, data transfer is based on Standard Contractual Clauses approved by the European Commission, ensuring compliance with European data protection standards despite the geographical location of data processing.
Plugins and Tools
Google Fonts (Local Hosting)
This site uses so-called Google Fonts provided by Google for the uniform display of fonts. The Google Fonts are locally installed. There is no connection to Google servers.
More information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.
Chatbot
What are chatbots?
You can also communicate with us via chatbots or similar chat functions. A chat offers the possibility to write or speak to each other with very little time delay. A chatbot is software that tries to answer your question and may inform you about news. By using these communication means, personal data about you can also be processed and stored.
Why do we use chatbots?
Communication possibilities with you are important to us. After all, we want to talk to you and answer all possible questions about our service as best as possible. Well-functioning communication is an important part of our service. Chatbots have the great advantage that we can answer frequently asked questions automatically with the help of this software. This saves us time, and you still receive detailed and helpful answers. If the chatbot cannot help further, you always have the option to contact us personally.
Please note that when using our integrated elements, data about you can also be processed outside the European Union, as many providers are American companies. This may make it more difficult for you to assert or enforce your rights concerning your personal data.
What data is processed?
It may happen that you also use the chat services on other websites/platforms. In this case, your user ID will also be stored on the servers of this website. We can also be informed about which user used the chat at what time. The contents are also stored. What data exactly is stored depends on the respective service. Usually, it includes contact details such as email address or phone number, IP address, and various usage data.
If you have consented to the chat function being used, this consent and a possible registration are also stored or logged. We do this so that we can also present the registration.
Health Data and Confidentiality
Important Declarations on Consent for the Collection and Use of Health Data and Release from Confidentiality Obligation
Collection, Storage, and Use of Health Data by ARAG Krankenversicherungs-AG
I consent to ARAG Krankenversicherungs-AG, located at Hollerithstraße 11, 81829 München, collecting, storing, and using the health data provided by me in this application and subsequently as necessary for the assessment of the application and for the establishment, execution, or termination of this insurance contract. I consent to ARAG Krankenversicherungs-AG transmitting my health data to the entities listed in the above-mentioned list, and that the health data may be collected, processed, and used at these entities for the same purposes to the same extent as ARAG Krankenversicherungs-AG could. Where necessary, I release the employees of the ARAG Group and other entities regarding the transfer of health data and other data protected under § 203 StGB from their confidentiality obligations.
Disclosure of Your Health Data and Other Data Protected Under § 203 StGB to Entities Outside ARAG Krankenversicherungs-AG
We obligate the following entities contractually to comply with data protection and data security regulations.
• Medical Assessment: For assessing the risks to be insured and for examining the obligation to provide benefits, it may be necessary to involve medical assessors. Your consent and release from confidentiality are required if, in this context, your health data and other data protected under § 203 StGB are transmitted. You will be informed about each specific data transmission.
• Reinsurance: To secure the fulfillment of your claims, we may engage reinsurers who take over the risk entirely or partially. Reinsurers may also use further reinsurers for this purpose, to whom they also transmit your data. Data may be shared with reinsurers to assess the risk or the insurance event, especially when the insurance sum is particularly high or the risk is difficult to categorize. Additionally, reinsurers may support us with their expertise in risk or benefit assessment and in evaluating procedural workflows. Data about your existing contracts and applications may be shared with reinsurers to a necessary extent to check whether and to what extent they can participate in the risk.
• Task Transfer to Other Entities (Companies or Individuals): We do not conduct certain tasks, such as risk assessment, claim processing, or telephone customer service, ourselves but transfer these tasks to another company of the ARAG Group or another entity. If this involves transferring your data protected under § 203 StGB, we need your release from confidentiality for us and, as necessary, for the other entities.
Storage and Use of Your Health Data If the Contract Does Not Conclude
If the contract with you does not conclude, we store your health data collected during the risk assessment in case you apply for insurance protection again. We also store your data to respond to possible inquiries from other insurers. Your data will be stored at ARAG Krankenversicherungs-AG, Hollerithstraße 11, 81829 München, until the end of the third calendar year following the year of application.
Address
Hans-Urmiller-Ring 35
82515 Wolfratshausen
Phone
+49-(0)176-83087851