The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

CCN Insurance Services AG

Richard-Reitzner-Allee 1

85540 Haar/München

E-Mail: kontakt@ccn-insurance.com

1 Your data subject rights

You can exercise the following rights at any time using the contact details provided for our data protection officer:

If you have given us your consent, you can revoke it at any time with effect for the future.

In addition, you can lodge a complaint with a supervisory authority at any time, e.g. with the competent supervisory authority in the federal state of your place of residence or with the authority responsible for us as the controller.

A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

2 Collection of general information when visiting our website

2.1 Type and purpose of processing 

When you access our website, i.e. if you do not register or otherwise submit information, of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar.

They are processed for the following purposes in particular:

We do not use your data to draw conclusions about your person. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 Legal basis

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.

2.3 Recipients

We use service providers for the operation and maintenance of our website, who act as our data processors. All service providers are contractually obligated to treat your data confidentially.

2.4 Storage duration

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for the data used to provide the website when the respective session has ended. The storage period may also extend beyond the session if it is used to analyse system security and stability.

2.5 Third Country Transfer

There is no third country transfer.

2.6 Providing prescribed or required

The providing of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be limited.

2.7 Right to object

Please read the information on your right to object under Art. 21 GDPR below.

3 Social Media Channels

3.1 Who is responsible?

The joint controllers for the operation of the social media channels are the respective social media provider and

CCN Insurance Services AG
Richard-Reitzner-Allee 1
85540 Haar/Munich
Email: kontakt@ccn-insurance.com

We have appointed a data protection officer:

c/o activeMind AG Management- und Technologieberatung
Potsdamer Str. 3
80802 Munich
Telephone: +49 (0)89 91 92 94 900
E-mail: datenschutzbeauftragter@ccn-insurance.com

3.2 Which social media channels do we use?

LinkedIn

Our presence on LinkedIn is intended to increase the visibility of our company and to be perceived as an attractive employer.

When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data; in particular, data that you have already provided to LinkedIn via the information in your profile, including, for example, data on function, country, industry, seniority, company size and employment status.

You can find more information on data processing by LinkedIn in LinkedIn’s privacy policy

If you wish to deactivate LinkedIn advertising cookies, please use the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

LinkedIn Insights: In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our page.

This data is processed in anonymised form, in particular in the form of statistics. This gives us insights into the behaviour of people who are interested in our page (so-called page insights). With the Page Insights, LinkedIn only provides us with summarised Page Insights – i.e. it is not possible for us to use this information to draw conclusions about individual persons.

We have entered into an agreement with LinkedIn Ireland Unlimited Company on processing as joint controllers, which sets out the distribution of data protection obligations between CCN Insurance Services AG and LinkedIn. You can access this agreement here https://legal.linkedin.com/pages-joint-controller-addendum

Google My Business

Purpose of Data Processing: We utilize the Google My Business function provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). Google My Business is a platform that consolidates various services of the Google conglomerate, granting users direct access via a dashboard. The Google My Business product enables businesses to showcase themselves in Google search results.

We use Google Business Profile so that our profile is displayed in Google searches. This info box contains our company, our services, our contact details and the user rating.

Legal Basis: Data processing is conducted in accordance with Article 6(1)(f) of the GDPR, based on the legitimate interests of enhancing our visibility to potential customers.

Recipients of the Data: The data collected is processed by Google and may be transferred to other companies within the Google conglomerate or to third parties, as required by law or as part of the processing activities.

Third-Country Transfer: Processing also occurs outside the EU, particularly in the USA. However, Google ensures compliance with adequate data protection standards in accordance with EU regulations.

Data Retention Period: Google retains the data in accordance with the storage periods specified in
Google’s privacy policy. These periods may vary depending on the nature of the processed data and the applicable legal requirements.

For further details regarding the purpose and scope of data collection, as well as the further processing and use of data by Google, please refer to Google’s privacy policy.

YouTube

Type and purpose of processing: We maintain a company profile on YouTube to provide videos. The operator is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as ‘YouTube’). This is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter ‘Google’). When you access YouTube, a connection to the YouTube or Google servers is established. Depending on the settings, various data is transmitted (e.g. your IP address). If a YouTube video is started, the provider sets cookies that store your IP address and URL, for example.

If you are logged into your Google or YouTube account, YouTube can assign your surfing behaviour to you personally. If you are not logged into a Google or YouTube account, less data will be stored. Nevertheless, Google stores data with a unique identifier that is linked to your device, browser or app.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: Privacy Policy.

Legal basis: The processing of your personal data is based on the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest exists exclusively for marketing purposes such as better accessibility of target groups, increasing visibility, image building, user information and employer branding.

Recipient: The recipient of the data is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider.

Third country transfer: As Google is headquartered in the USA, it cannot be ruled out that the data will be processed on Google servers in the USA. There are standard contractual clauses of the European Commission with Google.

Storage period: YouTube retains your personal data until you close your account. YouTube may also store certain data beyond this time in an anonymous form.

Mandatory or required provision: The provision of your personal data is not required by law or contract. However, you will not be able to interact with us or our content on YouTube without providing your personal data.

3.3 Legal basis

Our legitimate interest pursuant to Art. 6 para. 1 f) GDPR in the operation of our company pages on the social media channels listed here and the use of Insights is to conduct effective marketing via frequently used platforms.

We process personal data in this context in order to increase awareness of our company and to protect our legitimate interests in providing up-to-date information and opportunities for interaction with users.

If you use our company pages to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us solely for the purpose of contacting you. We delete stored data as soon as its storage is no longer required or you request us to delete it; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.

3.4 What data protection rights do you have?

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR.

In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

In principle, you can assert your rights as a data subject both against us and against the operator of the respective social media channel.

Please note that we have no influence on the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options. In the event of the assertion of data subject rights, we would only be able to forward these requests to the operator of the social network.

For more information on how you can assert your data subject rights against the social media channels used in accordance with Chapter V GDPR, please refer to the linked data usage guidelines or data protection declarations in the section of the respective providers.

3.5 Data security

We only handle personal data to the extent that this is possible in accordance with data protection regulations. We also take all necessary technical and organisational security measures to adequately protect your personal data from unauthorised access and misuse at all times.

Insofar as we store or process personal data, this takes place within a high-security data centre. To protect the security of your data during transmission, we use encryption methods (e.g. TSL) via HTTPS. Our servers are protected by firewalls and virus protection. Back-up and recovery procedures as well as role and authorisation concepts are a matter of course for us.

Our employees are obliged to comply with the provisions of the GDPR and the BDSG when handling data.

3.6 Changes to our privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to the privacy policy, e.g. when introducing new social media channels. The new privacy policy will then apply to your next visit.

3.7 Information about your right to object in accordance with Art. 21 GDPR

Right to object on a case-by-case basis

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

3.8 Recipient of an objection

The objection can be made informally with the subject ‘Objection’, stating your name, address or other identifying features, to

CCN Insurance Services AG
Richard-Reitzner-Allee 1
85540 Haar/Munich
Email: kontakt@ccn-insurance.com

4 Cookies

No cookies are used on this website.

5 Contacting us

5.1 Type and purpose of processing

There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

The data you enter will be stored for the purpose of personalised communication with you. This requires you to provide a valid e-mail address and your name. This is used to allocate the enquiry and subsequently answer it. The provision of further data is optional.

Alternatively, you can contact us via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.

In addition, you can contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. As a matter of principle, we do not record conversations. Regardless of the type of communication you choose, we collect the content of your inquiry. Your data is stored for the purpose of individual communication with you.

5.2 Legal Basis

Your data is processed on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR).

By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions.

If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

5.3 Recipients

The recipient of the data is your insurer and, if applicable, your bank. The processing may also include the transfer of data to processors if this is necessary for the processing of your request.

5.4 Storage duration

Data will be deleted no later than 6 months after the enquiry has been processed.

If there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired.

5.5 Third Country Transfer

There is no third country transfer.

5.6 Providing prescribed or required

The providing of your personal data is voluntary. However, we can only process your enquiry if you provide us with your name, e-mail address and the reason for the enquiry.

5.7 Right to object

Please read the information on your right to object under Art. 21 GDPR below.

6 Complaints management

6.1 Type and purpose of processing

If you are dissatisfied with our service as an insurance intermediary, you have the option of submitting a complaint by post, telephone or e-mail.

If you send us a complaint by post, your name and address will generally be processed.

Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.

You can also contact us via the telephone number provided. We collect log data that includes your telephone number and the duration of the call. We do not record conversations.

Regardless of the type of communication chosen, we collect the content of your complaint. Your data will be processed for the purpose of handling your complaint and providing an appropriate solution.

6.2 Legal basis

Your data is processed on the basis of a legal obligation (Art. 6 para. 1 lit c GDPR). The legal obligation to provide an option to lodge a complaint arises from Section 17 VersVermV.

6.3 Recipient of the data

Your personal data will only be passed on to those employees and departments of our company who are involved in processing your complaint.

6.4 Storage duration

Your data will be deleted no later than 6 months after your complaint has been processed. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

6.5 Providing prescribed or required

The providing of your personal data is voluntary. However, we can only process your complaint if you provide us with the necessary data and the reason for the complaint.

7 Partner login

7.1 Type and purpose of processing

You have the option of creating a partner account on our website. For this purpose, we collect your contact details and link your purchases to your account. In addition to the data you provide, the following data is stored at the time the customer account is created

Your registration is required for the provision of certain content and services on our website.

7.2 Legal Basis

The data entered during registration is processed to carry out contractual and pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

7.3 Recipients

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

7.4 Third country transfer

There is no third country transfer.

7.5 Storage duration

As there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired.

7.6 Providing prescribed or required

The providing of your personal data is voluntary. However, we can only create your partner login account if you provide us with the necessary data.

8 Web analysis (Matomo based on log files)

8.1 Type and purpose of processing

This website uses Matomo, an open-source software for the statistical analysis of visitor access. The provider of the Matomo software is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.

We use the locally installed analysis tool Matomo to evaluate user behaviour locally on our server. We have configured Matomo so that it does not store any cookies in your browser. Matomo does not collect the data itself but accesses the database of our web server. The web server truncates every requesting IP address before storing it in the log file. The web server truncates every IP address requested before storing it in the log file. This means that the database is sufficiently anonymised and no conclusions can be drawn about individual persons.

Matomo is used for the purpose of improving the quality of our website and its content. By analysing log files, we learn how the website is used and can thus constantly optimise our Internet offering.

You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/

8.2 Legal basis

The processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in improving our offer on the website.

8.3 Recipients

The recipients of the data are our employees and technical service providers who act as processors for the operation and maintenance of our website.

8.4 Storage duration

IP addresses are anonymized before storage. Consequently, we are not able to draw conclusions about individual users of the Platform.

The data stored by Matomo is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. In our case, this is done automatically after 6 months.

8.5 Third country transfer

There is no third country transfer.

8.6 Providing prescribed or required

The providing of data is neither legally nor contractually required.

8.7 Right to object

Please read the information on your right to object under Art. 21 GDPR below.

9 TLS encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., TLS) via HTTPS.

10 Changes to our privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

11 Questions to the data protection officer

If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organisation directly:

activeMind AG
Data Protection Officer CCN Insurance Services AG
Potsdamer Str. 3
80802 München

E-Mail: ccn-insurance@activemind.de

12 Information about your right to object in accordance with Art. 21 GDPR

Right to object on a case-by-case basis

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Recipient of an objection

The objection can be made informally with the subject „Objection“, stating your name, address or other identifying features to: ccn-insurance@activemind.de

The last update of the privacy policy took place on 31.07.2024.