PRIVACY POLICY
We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
This data protection declaration applies to the website of the WERK1.Bayern GmbH, which can be reached under the domain onemission.one as well as the various subdomains (“our website”).
Who is responsible and how do I contact you?
Responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
InsurTech Hub Munich e.V.
c/o WERK1.Bayern GmbH
Am Kartoffelgarten 14
81671 München
Mail: gdpr@insurtech-munich.com
What is this about?
This data protection declaration meets the legal requirements for transparency in the processing of personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or user behavior when visiting a website. Information with which we cannot (or only with disproportionate effort) relate to you personally, e.g. through anonymization, are not personal data. The processing of personal data (e.g. the collection, querying, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data are deleted as soon as the purpose of the Processing has been achieved and there are no legitimate reasons for further retention of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention requirements.
Who gets my data?
We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then e.g. Law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who, as part of order processing on our behalf, provide personal data in accordance with. Process Art. 28 GDPR, these recipients of your personal data can be. You can find more detailed information on the use of processors and web services in the overview of the individual processing operations.
Do you use cookies?
Cookies are small text files that we send to the browser of your device and store them as part of your visit to our website. As an alternative to using cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, allow us to perform various analyses, so that we are able, for example, to recognize the browser you use when you visit our website again and to transmit various information to us (not necessary cookies). Cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our website and by determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly through your browser. Cookies do not cause any damage to your device. You cannot run programs or contain viruses.
We inform you about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.
What rights do I have?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:
- Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
- Correction in accordance with Art. 16 GDPR of inaccurate or incomplete data stored by us;
- Deletion in accordance with Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Restriction of the processing in accordance with Art. 18 GDPR, insofar as the correctness of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it, because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- Data portability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data within the framework of consent pursuant to Art. 6 sec. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 sec. 1 lit.b GDPR and these were processed by us by means of automated procedures. You receive your data in a structured, common and machine-readable format or we transmit the data directly to another responsible person, as far as this is technically feasible.
- In accordance with Art. 21 GDPR, you object to the processing of your personal data, insofar as they are carried out on the basis of Art. 6 sec. 1 lit. e, f GDPR and there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. The right to object does not exist if overriding, overriding reasons for processing are proven or if the processing is carried out for the assertion, exercise or defence of legal claims. Insofar as there is no right to object in individual processing operations, this is indicated therein.
- Revocation in accordance with Art. 7 sec. 3 GDPR of your given consent with effect for the future.
- Complaint under Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
How will my data be processed in detail?
In the following we will inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
Type and scope of processing
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL the retrieved file
- website from which access is made (referrer URL)
- browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who for the purpose of the aforementioned data on our behalf in accordance with. Art. 28 GDPR processed.
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of the Art. 6 para. Lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21 Paragraph 1 GDPR. Insofar as the further storage of the log files is required by law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to call up our website without providing the data.
Storage duration
The aforementioned data are used for the duration of the display of the website and for technical reasons beyond that for a maximum of 7 days.
Contact Form
Type and scope of processing
On our website, we offer you the option of contacting us using a form provided. The information that is collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary to process the contact request.
When using the contact form, your personal data will not be passed on to third parties.
Purpose and legal basis
The processing of your data by using our contact form takes place for the purpose of communication and processing of your request on the basis of your consent in accordance with. Art. 6 para. 1 lit. a GDPR. If your request relates to an existing contractual relationship with us, processing for the purpose of fulfilling the contract is based on Art. 6 Para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not want to provide this data, please contact us by other means.
Storage period
If you use the contact form on the basis of your consent, we will save the data collected each request for a period of three years, starting with the handling of your request or until you withdraw your consent.
Newsletter
Type and scope of processing
If you register on our website to receive our newsletter, we collect your email address and your name and save this information together with the date of registration and your IP address. You will then receive an email in which you have to confirm your subscription to the newsletter (double opt-in).
To send the newsletter, we use a service provider who collects your personal data on our behalf in accordance with Process Art. 28 GDPR. Your data will not be passed on to third parties.
Purpose and legal basis
We process your data for the purpose of sending the newsletter on the basis of your consent in accordance with. Art. 6 para. 1 lit. a GDPR. By unsubscribing from the newsletter, you can withdraw your consent at any time with future effect. Declare Art. 7 Para. 3 GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.
Storage period
After successful confirmation, we will save your data until you withdraw your consent (unsubscribe from the newsletter) and for technical reasons beyond this for a maximum of 7 days.
Presences on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks and to offer you further ways to contact us and to find out about our offers. In the following, we inform you about what data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.
Data we process from you
If you wish to contact us via Messenger or Direct Message via the respective social network, we will normally process your username, through which you contact us and store any other data you provide if this is necessary to process/respond to your request.
The legal basis is Art. 6(1) sentence 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the controller).
(Static) Usage data we receive from the social networks
We receive automatically provided statistics about our accounts through Insights functionalities. The statistics include the total number of page views, likes, page activity and post interactions, reach, video views/views, and the proportion of men/women among our fans/followers.
The statistics contain only aggregated data which cannot be related to individuals. They are not identifiable to us.
What data you process social networks
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and no user account is required for the respective social network.
Please note, however, that when the respective social network is accessed, the social networks also collect and store data from website visitors without a user account (e..B. technical data in order to be able to view the website to you) and use cookies and similar technologies, which we have no influence on. Details can be found in the privacy policy of the respective social network (see the corresponding links above)
If you wish to interact with the content on our fan pages/accounts, e.B.g. comment, share or like our postings/posts and/or contact us via Messenger functions, prior registration with the respective social network and the provision of personal data is required.
We have no influence on the data processing by the social networks in the context of your use. To our knowledge, your data will be stored and processed in particular in connection with the provision of the services of the respective social network, furthermore for the analysis of the usage behaviour (using cookies, pixel/web beacons and similar technologies) on the basis of which advertising based on your interests is played out both within and outside the respective social network. It cannot be excluded that your data will be stored by the social networks outside the EU/EEA and will be passed on to third parties.
Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of the registration and use of social networks can be found in the social protection policy/cookie policy. There you will also find information about your rights and possibilities of objection.
Facebook page
When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is available in the form of cookies on your PC. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. For more information, please contact Facebook at the following link: https://facebook.com/help/pages/insights.
By means of the statistical information provided, it is not possible for us to draw conclusions about individual users. We only use them to respond to the interests of our users and to continuously improve our online presence and ensure the quality of these.
We only collect your data via our fan page in order to realize a possible provision for communication and interaction with us. This survey is typically carried out in the Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in the offer of an information and communication channel in accordance with Art. 6 sec. 1 f) GDPR. If you, as a user, have given consent to the respective provider of the social network in the processing of data, the legal basis of the processing extends to Art. 6 sec. 1 a), Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access possibilities are limited to your data. Only the provider of the social network is entitled to full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, requests for deletion, objection, etc.). The assertion of corresponding rights is therefore most effectively carried out directly against the respective provider.
Together with Facebook, we are responsible for the personal content of the fan site. Affected parties may be asserted by Facebook Ireland as well as with us.
The primary responsibility for the processing of Insights data lies with Facebook and Facebook in accordance with the GDPR fulfills all obligations under the GDPR with regard to the processing of Insights data, Facebook Ireland makes the essence of the Page Insights supplement available to the data subjects.
We do not make any decisions regarding the processing of Insights data and any other information resulting from Article 13 GDPR, including the legal basis, identity of the controller and storage period of cookies on user terminals.
Further information can be found directly on Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
Instagram page
When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is available in the form of cookies on your PC. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. For more information, please visit Instagram at the following link: https://facebook.com/help/pages/insights.
By means of the statistical information provided, it is not possible for us to draw conclusions about individual users. We only use them to respond to the interests of our users and to continuously improve our online presence and ensure the quality of these.
We only collect your data via our fan page in order to realize a possible provision for communication and interaction with us. This survey is typically carried out in the Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in the offer of an information and communication channel in accordance with Art. 6 sec. 1 f) GDPR. If you, as a user, have given consent to the respective provider of the social network in the processing of data, the legal basis of the processing extends to Art. 6 sec. 1 a), Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access possibilities are limited to your data. Only the provider of the social network is entitled to full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, requests for deletion, objection, etc.). The assertion of corresponding rights is therefore most effectively carried out directly against the respective provider.
Together with Instagram, we are responsible for the personal content of the fan site. Affected parties may be asserted by Facebook Ireland as well as with us.
The primary responsibility for the processing of Insights data is in accordance with the GDPR at Instagram and Instagram fulfils all obligations under the GDPR with regard to the processing of Insights data, Facebook Ireland makes the essence of the Page Insights supplement available to the data subjects.
We do not make any decisions regarding the processing of Insights data and any other information resulting from Article 13 GDPR, including the legal basis, identity of the controller and storage period of cookies on user terminals.
For more information, visit Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
CDNJS
Type and scope of processing
We use CDNJS to properly provide the content of our website. CDNJS is a Cloudflare, Inc. service that acts as the Content Delivery Network (CDN) on our website.
A CDN helps to deliver content from our online offering, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you connect to Cloudflare, Inc. servers, , transmitting your IP address and, if applicable, browser data such as your user agent. This data will be processed exclusively for the above purposes and for the maintenance of the security and functionality of CDNJS.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and the optimization of our online offer in accordance with Art. 6 sec. 1 lit. f. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Cloudflare, Inc.. For more information, see the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.
Cloudflare CDN
Type and scope of processing
We use Cloudflare CDN to properly provide the content of our website. Cloudflare CDN is a Cloudflare, Inc. service that acts as the Content Delivery Network (CDN) on our website.
A CDN helps to deliver content from our online offering, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you connect to Cloudflare, Inc. servers, , transmitting your IP address and, if applicable, browser data such as your user agent. This data will be processed exclusively for the above purposes and for the maintenance of the security and functionality of Cloudflare CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and the optimization of our online offer in accordance with Art. 6 sec. 1 lit. f. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Cloudflare, Inc.. For more information, see the privacy policy for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.
Google CDN
Type and scope of processing
We use Google CDN to properly provide the content of our website. Google CDN is a Google Ireland Limited service that acts as the Content Delivery Network (CDN) on our website.
A CDN helps to deliver content from our online offering, especially files such as graphics or scripts, faster with the help of regionally or internationally distributed servers. When you access this content, you connect to Google Ireland Limited servers, Gordon House, Barrow Street, Dublin 4, Irland, transmitting your IP address and, if applicable, browser data such as your user agent. This data will be processed exclusively for the above purposes and for the maintenance of the security and functionality of Google CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and the optimization of our online offer in accordance with Art. 6 sec. 1 lit. f. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Google Ireland Limited. For more information, see the privacy policy for Google CDN: https://policies.google.com/privacy.
Google Fonts
Type and scope of processing
We use Google Fonts of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, as a service to provide fonts for our online offering. To obtain these fonts, connect to servers from Google Ireland Limited, transferring your IP address.
Purpose and legal basis
The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision and the optimization of our online offer in accordance with Art. 6 sec. 1 lit. f. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Google Ireland Limited. For more information, see the privacy policy for Google Fonts: https://policies.google.com/privacy.
Google Maps
Type and scope of processing
We use the map service Google Maps to create directions. Google Maps is a service of the Google Ireland Limited, which represents a map on our website.
When you access this content of our website, you connect to servers of the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. These data are processed exclusively for the above purposes and to maintain the security and functionality of Google Maps.
Purpose and legal basis
The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the data protection declaration for Google Maps: https://policies.google.com/privacy.
Google reCAPTCHA
Type and scope of processing
We have integrated components from Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and allows us to distinguish whether a contact request originates from a natural person or is done automatically by means of a program. When you access this content, you connect to Google Ireland Limited servers, Gordon House, Barrow Street, Dublin 4, Irland, transmitting your IP address and, if applicable, browser data such as your user agent. Furthermore, Google reCAPTCHA records the user’s dwell time and mouse movements to distinguish automated requests from human ones. This data will be processed exclusively for the above purposes and for the maintenance of the security and functionality of Google reCAPTCHA.
Purpose and legal basis
The use of the service is based on our legitimate interests, i.e. for protection in the transmission of forms in accordance with Art. 6 sec. 1 lit. f. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Google Ireland Limited. For more information, see the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.