The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
CCN Insurance Services AG
Richard-Reitzner-Allee 1
85540 Haar/München
E-Mail: kontakt@ccn-insurance.com
1 Your data subject rights
You can exercise the following rights at any time using the contact details provided for our data protection officer:
- Right to access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object (Art. 21 GDPR) and
- Right to data portability (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future.
In addition, you can lodge a complaint with a supervisory authority at any time, e.g. with the competent supervisory authority in the federal state of your place of residence or with the authority responsible for us as the controller.
A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
2 Collection of general information when visiting our website
2.1 Type and purpose of processing
When you access our website, i.e. if you do not register or otherwise submit information, of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar.
They are processed for the following purposes in particular:
- Ensuring a smooth connection to the website,
- Ensuring the smooth use of our website,
- Ensuring and evaluating system security and stability,
- for other administrative purposes.
We do not use your data to draw conclusions about your person. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.
2.2 Legal basis
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.
2.3 Recipients
We use service providers for the operation and maintenance of our website, who act as our data processors. All service providers are contractually obligated to treat your data confidentially.
2.4 Storage duration
The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for the data used to provide the website when the respective session has ended. The storage period may also extend beyond the session if it is used to analyse system security and stability.
2.5 Third Country Transfer
There is no third country transfer.
2.6 Providing prescribed or required
The providing of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be limited.
2.7 Right to object
Please read the information on your right to object under Art. 21 GDPR below.
3 Social Media Channels
3.1 Who is responsible?
The joint controllers for the operation of the social media channels are the respective social media provider and
CCN Insurance Services AG
Richard-Reitzner-Allee 1
85540 Haar/Munich
Email: kontakt@ccn-insurance.com
We have appointed a data protection officer:
c/o activeMind AG Management- und Technologieberatung
Potsdamer Str. 3
80802 Munich
Telephone: +49 (0)89 91 92 94 900
E-mail: datenschutzbeauftragter@ccn-insurance.com
3.2 Which social media channels do we use?
Our presence on LinkedIn is intended to increase the visibility of our company and to be perceived as an attractive employer.
When you visit our LinkedIn company page, follow this page or engage with the page, LinkedIn processes personal data; in particular, data that you have already provided to LinkedIn via the information in your profile, including, for example, data on function, country, industry, seniority, company size and employment status.
You can find more information on data processing by LinkedIn in LinkedIn’s privacy policy
If you wish to deactivate LinkedIn advertising cookies, please use the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
LinkedIn Insights: In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our page.
This data is processed in anonymised form, in particular in the form of statistics. This gives us insights into the behaviour of people who are interested in our page (so-called page insights). With the Page Insights, LinkedIn only provides us with summarised Page Insights – i.e. it is not possible for us to use this information to draw conclusions about individual persons.
We have entered into an agreement with LinkedIn Ireland Unlimited Company on processing as joint controllers, which sets out the distribution of data protection obligations between CCN Insurance Services AG and LinkedIn. You can access this agreement here https://legal.linkedin.com/pages-joint-controller-addendum
Google My Business
Purpose of Data Processing: We utilize the Google My Business function provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). Google My Business is a platform that consolidates various services of the Google conglomerate, granting users direct access via a dashboard. The Google My Business product enables businesses to showcase themselves in Google search results.
We use Google Business Profile so that our profile is displayed in Google searches. This info box contains our company, our services, our contact details and the user rating.
Legal Basis: Data processing is conducted in accordance with Article 6(1)(f) of the GDPR, based on the legitimate interests of enhancing our visibility to potential customers.
Recipients of the Data: The data collected is processed by Google and may be transferred to other companies within the Google conglomerate or to third parties, as required by law or as part of the processing activities.
Third-Country Transfer: Processing also occurs outside the EU, particularly in the USA. However, Google ensures compliance with adequate data protection standards in accordance with EU regulations.
Data Retention Period: Google retains the data in accordance with the storage periods specified in
Google’s privacy policy. These periods may vary depending on the nature of the processed data and the applicable legal requirements.
For further details regarding the purpose and scope of data collection, as well as the further processing and use of data by Google, please refer to Google’s privacy policy.
YouTube
Type and purpose of processing: We maintain a company profile on YouTube to provide videos. The operator is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as ‘YouTube’). This is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter ‘Google’). When you access YouTube, a connection to the YouTube or Google servers is established. Depending on the settings, various data is transmitted (e.g. your IP address). If a YouTube video is started, the provider sets cookies that store your IP address and URL, for example.
If you are logged into your Google or YouTube account, YouTube can assign your surfing behaviour to you personally. If you are not logged into a Google or YouTube account, less data will be stored. Nevertheless, Google stores data with a unique identifier that is linked to your device, browser or app.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: Privacy Policy.
Legal basis: The processing of your personal data is based on the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest exists exclusively for marketing purposes such as better accessibility of target groups, increasing visibility, image building, user information and employer branding.
Recipient: The recipient of the data is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider.
Third country transfer: As Google is headquartered in the USA, it cannot be ruled out that the data will be processed on Google servers in the USA. There are standard contractual clauses of the European Commission with Google.
Storage period: YouTube retains your personal data until you close your account. YouTube may also store certain data beyond this time in an anonymous form.
Mandatory or required provision: The provision of your personal data is not required by law or contract. However, you will not be able to interact with us or our content on YouTube without providing your personal data.
We operate a business page on Facebook. The service provider is the American company Meta Platforms Inc. For the European region, the responsible company is Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
You, as a user, use the Facebook business page and its features at your own risk. This applies especially to interactive features (e.g., comment, share, like). Facebook processes personal data regarding your account, your IP address, as well as the devices you use. Cookies are also used for data collection. These are small data sets stored on your devices. Facebook describes which data it receives and how it processes them in its data usage policies.
There, you will also find more information about the legal basis for data processing and how you can exercise your rights as a data subject under Chapter V of the GDPR against Facebook.
Facebook does not clearly and conclusively disclose how it uses the data from visiting Facebook pages for its own purposes, to what extent activities on the Facebook business page are attributed to individual users, how long Facebook stores this data, and whether data from a visit to the Facebook business page is shared with third parties. Therefore, we are unaware of these specifics.
When accessing a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized and deleted after 90 days. Facebook also stores information about the devices its users use (e.g., through the „login notification“ feature); it is possible that Facebook can associate IP addresses with individual users.
If you are currently logged in to Facebook, a cookie with your Facebook ID is stored on your device. In this way, Facebook can track that you visited this page and how you used it. This also applies to all other Facebook pages. Through Facebook buttons embedded in websites, Facebook can capture your visits to these websites and link them to your Facebook profile. Based on this data, content or advertisements can be tailored and offered to you.
If you wish to avoid this, you should log out of Facebook, deactivate the „stay logged in“ function, delete the cookies on your device, and close and restart your browser. In this way, Facebook information that could directly identify you will be deleted. You can use our Facebook business page without revealing your Facebook ID. If you access interactive features of the page, a Facebook login screen will appear. After logging in, Facebook will recognize you again as a specific user. Alternatively, you can use a different browser than usual to visit our Facebook business page.
If you have a user account, you can continue to adjust your ad settings yourself. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Facebook Insights
Facebook processes a range of personal data from page visitors for its own purposes through its so-called Page Insights. This processing occurs regardless of whether page visitors are logged in to Facebook or not, and whether they are members of the Facebook network.
Page Insights are summarized statistics created based on specific „events“ logged by Facebook servers when individuals interact with pages and their associated content. We do not have access to the personal data processed within these „events,“ but only to the aggregated, anonymized page insights.
Further information on this is provided by Facebook at the following link: https://de-de.facebook.com/help/268680253165747.
Facebook acknowledges joint responsibility and assumes primary responsibility, see: https://www.facebook.com/legal/terms/page_controller_addendum https://www.facebook.com/legal/controller_addendum.
Instagram is an online service for sharing photos and videos, which is owned by Meta (formerly Facebook). We use the technical platform and services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, for the provided information service.
You use the Instagram business page and its features at your own risk. This applies especially to interactive features (e.g., comment, share, like).
When visiting our Instagram business page, Instagram collects, among other things, your IP address and other information stored as cookies on your computer. This information is used to provide us, as the operator of the Instagram business page, with statistical information about the usage of the Instagram page.
Instagram describes which information it receives and how it is used in its general data usage policy.
Instagram does not clearly state how it uses the data from visiting Instagram pages for its own purposes, to what extent activities on the Instagram business page are attributed to individual users, how long Instagram stores this data, and whether data from a visit to the Instagram page is shared with third parties. Therefore, we are unaware of these specifics.
When accessing an Instagram business page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymized and deleted after 90 days. Instagram also stores information about users‘ devices (e.g., through the „login notification“ feature); it is possible that Instagram can associate IP addresses with individual users.
If you are currently logged in to Instagram, a cookie with your Instagram ID is stored on your device. In this way, Instagram can track that you visited this page and how you used it. This also applies to all other Instagram pages. Through Instagram buttons embedded in websites, Instagram can capture your visits to these websites and link them to your Instagram profile. Based on this data, content or advertisements can be tailored and offered to you.
If you wish to avoid this, you should log out of Instagram or deactivate the „stay logged in“ function, delete the cookies on your device, and close and restart your browser. This will delete Instagram information that could directly identify you. You can use our Instagram business page without revealing your Instagram ID. If you access interactive features on the page (like, comment, message, etc.), an Instagram login screen will appear. After logging in, Instagram will recognize you again as a specific user.
For Instagram Insights, we refer to the information provided under the „Facebook Insights“ section.
3.3 Legal basis
Our legitimate interest pursuant to Art. 6 para. 1 f) GDPR in the operation of our company pages on the social media channels listed here and the use of Insights is to conduct effective marketing via frequently used platforms.
We process personal data in this context in order to increase awareness of our company and to protect our legitimate interests in providing up-to-date information and opportunities for interaction with users.
If you use our company pages to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us solely for the purpose of contacting you. We delete stored data as soon as its storage is no longer required or you request us to delete it; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.
3.4 What data protection rights do you have?
Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
In principle, you can assert your rights as a data subject both against us and against the operator of the respective social media channel.
Please note that we have no influence on the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options. In the event of the assertion of data subject rights, we would only be able to forward these requests to the operator of the social network.
For more information on how you can assert your data subject rights against the social media channels used in accordance with Chapter V GDPR, please refer to the linked data usage guidelines or data protection declarations in the section of the respective providers.
3.5 Data security
We only handle personal data to the extent that this is possible in accordance with data protection regulations. We also take all necessary technical and organisational security measures to adequately protect your personal data from unauthorised access and misuse at all times.
Insofar as we store or process personal data, this takes place within a high-security data centre. To protect the security of your data during transmission, we use encryption methods (e.g. TSL) via HTTPS. Our servers are protected by firewalls and virus protection. Back-up and recovery procedures as well as role and authorisation concepts are a matter of course for us.
Our employees are obliged to comply with the provisions of the GDPR and the BDSG when handling data.
3.6 Changes to our privacy policy
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to the privacy policy, e.g. when introducing new social media channels. The new privacy policy will then apply to your next visit.
3.7 Information about your right to object in accordance with Art. 21 GDPR
Right to object on a case-by-case basis
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
3.8 Recipient of an objection
The objection can be made informally with the subject ‘Objection’, stating your name, address or other identifying features, to
CCN Insurance Services AG
Richard-Reitzner-Allee 1
85540 Haar/Munich
Email: kontakt@ccn-insurance.com
4 Cookies
No cookies are used on this website.
5 Contacting us
5.1 Type and purpose of processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
The data you enter will be stored for the purpose of personalised communication with you. This requires you to provide a valid e-mail address and your name. This is used to allocate the enquiry and subsequently answer it. The provision of further data is optional.
Alternatively, you can contact us via the e-mail addresses provided. In this case, the user’s personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.
In addition, you can contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. As a matter of principle, we do not record conversations. Regardless of the type of communication you choose, we collect the content of your inquiry. Your data is stored for the purpose of individual communication with you.
5.2 Legal Basis
Your data is processed on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR).
By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions.
If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
5.3 Recipients
The recipient of the data is your insurer and, if applicable, your bank. The processing may also include the transfer of data to processors if this is necessary for the processing of your request.
5.4 Storage duration
Data will be deleted no later than 6 months after the enquiry has been processed.
If there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired.
5.5 Third Country Transfer
There is no third country transfer.
5.6 Providing prescribed or required
The providing of your personal data is voluntary. However, we can only process your enquiry if you provide us with your name, e-mail address and the reason for the enquiry.
5.7 Right to object
Please read the information on your right to object under Art. 21 GDPR below.
6 Complaints management
6.1 Type and purpose of processing
If you are dissatisfied with our service as an insurance intermediary, you have the option of submitting a complaint by post, telephone or e-mail.
If you send us a complaint by post, your name and address will generally be processed.
Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, e-mail address, IP addresses and information on the servers involved in the e-mail communication.
You can also contact us via the telephone number provided. We collect log data that includes your telephone number and the duration of the call. We do not record conversations.
Regardless of the type of communication chosen, we collect the content of your complaint. Your data will be processed for the purpose of handling your complaint and providing an appropriate solution.
6.2 Legal basis
Your data is processed on the basis of a legal obligation (Art. 6 para. 1 lit c GDPR). The legal obligation to provide an option to lodge a complaint arises from Section 17 VersVermV.
6.3 Recipient of the data
Your personal data will only be passed on to those employees and departments of our company who are involved in processing your complaint.
6.4 Storage duration
Your data will be deleted no later than 6 months after your complaint has been processed. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.
6.5 Providing prescribed or required
The providing of your personal data is voluntary. However, we can only process your complaint if you provide us with the necessary data and the reason for the complaint.
7 Partner login
7.1 Type and purpose of processing
You have the option of creating a partner account on our website. For this purpose, we collect your contact details and link your purchases to your account. In addition to the data you provide, the following data is stored at the time the customer account is created
- IP address
- Logging data (e-mail address, name, password)
- Access log
- Change log for data changes (journal)
Your registration is required for the provision of certain content and services on our website.
7.2 Legal Basis
The data entered during registration is processed to carry out contractual and pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
7.3 Recipients
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.
7.4 Third country transfer
There is no third country transfer.
7.5 Storage duration
As there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code (HGB) and delete your data after these periods have expired.
7.6 Providing prescribed or required
The providing of your personal data is voluntary. However, we can only create your partner login account if you provide us with the necessary data.
8 Web analysis (Matomo based on log files)
8.1 Type and purpose of processing
This website uses Matomo, an open-source software for the statistical analysis of visitor access. The provider of the Matomo software is InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.
We use the locally installed analysis tool Matomo to evaluate user behaviour locally on our server. We have configured Matomo so that it does not store any cookies in your browser. Matomo does not collect the data itself but accesses the database of our web server. The web server truncates every requesting IP address before storing it in the log file. The web server truncates every IP address requested before storing it in the log file. This means that the database is sufficiently anonymised and no conclusions can be drawn about individual persons.
Matomo is used for the purpose of improving the quality of our website and its content. By analysing log files, we learn how the website is used and can thus constantly optimise our Internet offering.
You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/
8.2 Legal basis
The processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in improving our offer on the website.
8.3 Recipients
The recipients of the data are our employees and technical service providers who act as processors for the operation and maintenance of our website.
8.4 Storage duration
IP addresses are anonymized before storage. Consequently, we are not able to draw conclusions about individual users of the Platform.
The data stored by Matomo is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. In our case, this is done automatically after 6 months.
8.5 Third country transfer
There is no third country transfer.
8.6 Providing prescribed or required
The providing of data is neither legally nor contractually required.
8.7 Right to object
Please read the information on your right to object under Art. 21 GDPR below.
9 TLS encryption
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., TLS) via HTTPS.
10 Changes to our privacy policy
We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
11 Questions to the data protection officer
If you have any questions about data protection, please send us an e-mail or contact the person responsible for data protection in our organisation directly:
activeMind AG
Data Protection Officer CCN Insurance Services AG
Potsdamer Str. 3
80802 München
E-Mail: ccn-insurance@activemind.de
12 Information about your right to object in accordance with Art. 21 GDPR
Right to object on a case-by-case basis
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
Recipient of an objection
The objection can be made informally with the subject „Objection“, stating your name, address or other identifying features to: ccn-insurance@activemind.de
The last update of the privacy policy took place on 03.12.2024.