Data protection of the Funk Gruppe GmbH

Below you will find information about how we collect personal data when you use our website, the Funk Group and other companies within the Funk Group.

Data protection statement for the use of our websites Privacy policy of the Funk Group Privacy policy of Funk Vorsorgeberatung GmbH

Data protection information of the Funk Group according to Art.13 GDPR as PDF

Read PDF

 

Data protection statement for the use of our websites

(Last updated: 06/2023)

Below, we have provided you with information about how we collect personal data when you use our website. Personal data is all data which concerns you personally, such as your name, address, email addresses and user behaviour. We have taken extensive technical and operational protective measures to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorised individuals. Our security procedures are regularly reviewed and adjusted in line with technological progress.

Funk Gruppe GmbH

International Insurance Brokers and Risk Consultants
Valentinskamp 20
20354 Hamburg
Tel. +49 40 35914-0
Fax +49 40 35914-407

Email: welcome@funk-gruppe.de

You can contact our data protection officer on datenschutz[at]funk-gruppe.de or by using our postal address with the add-on “FAO Data Protection Officer”.

The subject of data protection is personal data under the terms of Art. 4, Para. 1 of the GDPR. This is all information which relates to an identified or identifiable natural person. It generally includes all information which could be used to identify a natural person (indirectly at least). This could be, for example, a person’s name or contact details (e.g. telephone number, postal address and email address). The IP address can also represent personal data in this sense.

Funk only collects, processes and uses your personal data insofar as this is permitted or required by the GDPR, the German Federal Data Protection Act or another piece of legislation or insofar as you, as a user of our website, have consented to such collection, processing and use.

You have the following rights vis-à-vis us with regard to the personal data concerning you:

 

5.1 General rights
You have a right of access, correction, deletion, restriction of processing, objection to processing and data portability. Insofar as processing is based on your consent, you have the right to revoke this consent you gave us with effect for the future.

 

5.2 Rights with regard to data processing according to a legitimate interest
According to Art. 21, Para. 1 of the GDPR, you have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6, Para. 1 e) of the GDPR (data processing in the public interest) or based on Art. 6, Para. 1 f) of the GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this regulation. If you object, we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.

 

5.3 Rights with regard to direct advertising
Insofar as we process your personal data for the purpose of carrying out direct advertising, you have, at any time, the right according to Art. 21, Para. 2 of the GDPR to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising.
If you object to processing for the purposes of direct advertising, we shall no longer use your personal data for these purposes.

 

5.4 Right to lodge complaints with a supervisory authority
You also have the right to lodge complaints regarding our processing of your personal data with a responsible data protection supervisory authority.

When you are merely using the website for information purposes, i.e. if you do not register or otherwise transfer information to us, we only collect the personal data which your browser transfers to our server. When you visit our website, we collect the following data, which is technically necessary for us to enable you to view the website and to guarantee stability and security. The legal basis for this is Art. 6, Para. 1 f) of the GDPR:

IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status / HTTP status code, and the amount of data transferred.

If you contact us by email or using the contact form, the data you share (your email address and possibly your name and telephone number) shall be stored by us for the purpose of answering your questions. If we request that you use our contact form to input information which is not necessary for contact, we have always marked this as being optional. We use this information to substantiate your enquiry and to improve handling of your request. This information is communicated exclusively on a voluntary basis and with your consent as per Art. 6, Para.1 a) of the GDPR. If this information relates to communication channels (e.g. your email address or telephone number), you are also consenting to the fact that we may, if necessary, contact you using these communication channels to respond to your request. You may naturally revoke this consent at any time with effect for the future.

We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.

You can request publications (information brochures, studies, magazines or press releases) on our website. For these functions and services, we require certain personal information from you. The voluntary provision of additional data allows us to improve our website and provide you, on request, with targeted offers specifically tailored to meet your needs. You can enter this data in the designated places on the website. We process your data for the purpose of responding to your enquiry and providing you with the requested publication. If data is exceptionally processed for other purposes, this only takes place if you have given your consent to this effect.

 

If you request publications (e.g. studies or information brochures) by email, you need to provide your first name, surname and email address. If you request publications by post, you need to provide your first name, surname and postal address. We may also collect and process additional voluntary data from you in both cases (to send you publications by post and by email).

 

When requesting publications, you can provide the following data:

Title
First name
Surname
Company
Email address

 

The legal basis for processing your data is Art. 6, Paras. 1 a) and b) of the GDPR. We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.

If you would like to receive email invitations from us to seminars or webinars on topics which you are free to select, you need to provide your first name, surname and email address. You can opt to provide additional data (e.g. title and company). We process your data for the purpose of sending you invitations relating to your selected seminar or webinar topics. The legal basis for processing your data is Art. 6, Para. 1 a) of the GDPR. You can revoke your consent to receiving invitations and unsubscribe from the invitation service at any time. You can revoke your consent by clicking on the link provided in each invitation email or by sending a contact request to the data protection officer mentioned above.

If you have provided us with your consent to this effect, we use the data collected for the purposes described under 9, 10, 11 and 12 for customer service purposes too. This means that we store your data for information purposes and use the same to be able to respond to your enquiries in the event that repeated contact is made or a business relationship is initiated.

The legal basis for processing your data is Art. 6, Para. 1 a) of the GDPR. We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.

You can apply to our company electronically, particularly by email. We will naturally only use your information for the purpose of processing your application and will not disclose the same to third parties. Please note that unencrypted emails are not transferred in an access-protected manner. 

If you have applied for a specific post and it has already been filled, or if we believe that another position is also suitable for or even better suited to you, we would be more than happy to forward your application within the company. Please let us know if you do not agree to your email being forwarded. 

Your personal data is deleted immediately once the application process is closed, or at most after six months, unless you have given us your express consent to store your data for longer or a contract has been concluded. The legal basis is Art. 6, Paras. 1 a), b) and f) of the GDPR and Section 26 of the German Federal Data Protection Act.

We use the button of the service Twitter on our website. This button is provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Using this button allows you to follow our company on Twitter or share our posts, among other things. 

When you access our website as a user, your browser establishes a direct connection with Twitter’s servers. Twitter transmits the content of this button directly to your browser. We have no influence over the amount of data that Twitter collects using this plugin. We would like to inform you of this wherever it is possible for us to do so. As far as we are aware, only your IP address and the web page URL are transmitted when the button is clicked, but the data is not used for any purposes other than displaying the button. You will find further information at: http://twitter.com/privacy

When you use our website, cookies are stored on your computer. Cookies are small text files that are saved on your hard drive, are assigned to the browser you use and through which the party that sets the cookie receives certain information. Cookies cannot run any programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective on the whole.

 

This website uses the following types of cookies, the scope and functions of which are explained below:

 

13.1 Transient cookies 

These cookies are automatically deleted when you close the browser. They particularly include session cookies. These save a ‘session ID’ which can be used to assign various requests from your browser to the same session. Your computer can therefore be recognised if you return to our website. The session cookies are deleted if you log out or close the browser.

 

13.2 Persistent cookies 

These cookies are automatically deleted after a specified period of time, which can vary depending on the cookie in question. You can delete the cookies at any time in your browser’s security settings.

 

13.3 Flash cookies

The flash cookies used are not recorded by your browser, but rather by your Flash plugin. We also use HTML5 storage objects, which are stored on your terminal device. These objects store the data required regardless of the browser you use and do not have an automatic expiry date. If you do not want the flash cookies to be processed, you must install a corresponding add-on, such as ‘Better Privacy’ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in Private mode. We also recommend manually deleting your cookies and browser history on a regular basis.

 

13.4 Preventing cookies

You can configure your browser settings in line with your requirements and refuse to accept third-party cookies or all cookies, for example. Please note that if you do so, you may not be able to use all the functions of this website.

 

13.5 Legal bases and duration of storage

The legal bases for potential processing of personal data and the data storage durations vary, and are described in the sections below.

We use various services for the purposes of analysing and optimising our website; these services are described below. We can use them, for example, to analyse how many users visit our page, what information is desired most or how users discover our offering. We collect data that includes the website from which a data subject has arrived at another (called the ‘referrer’), the pages that are accessed on a website and how often and for how long a page is viewed. This helps us to make our website user-friendly and also to improve it. The data collected in this way is not used to identify individual users personally. Data is collected anonymously or, at most, under pseudonyms. The legal basis for this is GDPR Art 6(1). 

 

14.1 Google Analytics

If you give your consent, this website will use Google Analytics, a Web analytics service from Google LLC. The relevant service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).

Scope of processing

We use the ‘anonymizeIP’ function (i.e. IP masking), enabling IP anonymisation on this website. Accordingly, Google truncates your IP address within member states of the European Union or in other countries party to the Agreement on the European Economic Area. Only in exceptional cases is your full IP address transmitted to a Google server in the United States and truncated there. The IP address transmitted by your browser through Google Analytics is not combined with any other data held by Google.

The following data, among other things, is collected during your visit to this website:

  • the pages you have viewed, i.e. your ‘click path’
  • your usage patterns (e.g. clicks, dwell time and bounce rates)
  • your approximate location (region)
  • your IP address (truncated)
  • technical details about your browser and the devices you use (e.g. language settings, screen resolution)
  • your Internet service provider
  • the referrer URL (the website/advertisement from which you arrive at this website)

Purposes of processing

Google uses this information on behalf of the website operator to analyse how you (under a pseudonym) use the website and to compile reports about the website’s activities. The reports supplied by Google serve the purpose of analysing the performance of our website.

Recipient of the data

  • The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In this context, the recipient acts as a processor. To this end, we have signed a data processing agreement with Google. Google LLC, based in California in the United States, and potentially American authorities may have access to the data stored at Google.

Length of storage

Data that is sent by us and linked with cookies is automatically deleted after fourteen months. Data for which the storage period has expired is automatically deleted once per month.

Furthermore, you can stop Google from storing and processing the cookie-generated data concerning your use of the website (including your IP address) by:

a. not giving your consent to cookies, or

b. downloading and installing the browser add-on HERE that deactivates Google Analytics

You can also prevent cookies being stored by configuring the relevant settings in your browser. However, if you set your browser to reject all cookies, you may experience restrictions in the functionality of this and other websites.

Legal grounds and option to withdraw consent

Your consent represents the legal grounds for this data processing in accordance with German Telemedia Act (TMG) s 15(3) in conjunction with GDPR Arts 4(11) and 7. You may at any time withdraw your consent with effect for the future by accessing the cookie settings and changing your choices there. You can find the cookie settings under the fingerprint icon at the bottom left of our website. 

Further information about the Google Analytics terms of service and Google’s privacy policy can be found at https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/?hl=en.

A browser add-on that deactivates Google Analytics has been developed for website visitors who do not want their data to be used in Google Analytics. https://tools.google.com/dlpage/gaoptout?hl=en

 

We use cookies for marketing purposes to address our users with interest-based advertising. We also use cookies to restrict the likelihood of ad playback and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6, Paras. 1 a) and f) of the GDPR. We have a legitimate interest in direct marketing for the purposes pursued with data processing. You have the right, at any time, to object to processing of your data for the purposes of such advertising. To this end, we provide you with the respective services’ opt-out options below. Alternatively, you can prevent the setting of cookies in your browser settings.

 

15.1 Google DoubleClick

We use DoubleClick, a service provided by Google Inc. DoubleClick uses cookies to place user-based adverts. The cookies recognise which ads have already been placed in your browser and whether you have called up a website via a placed ad. In doing this, the cookies do not collect any personal information and also cannot be linked with the same.

If you do not want to receive any user-based advertising, you can deactivate the placement of ads using Google’s ad setting.

Please refer to Google’s privacy policy for further information on how Google uses cookies.

We provide social media buttons so that the content of our website can be shared on social networks. We use data-secure ‘Shariff’ buttons on our website. ‘Shariff’ was developed by specialists from the computer magazine c’t to enhance online privacy and prevent the unwanted transfer of data to social network operators. More information on the Shariff project can be found here.

The buttons offered directly by the operators of social networks generally transfer personal data such as IP addresses to the social network in question even just when a website with these integrated buttons is loaded. As a result, social network operators automatically receive precise information about your internet surfing. You do not have to be logged in to the network in question for this to occur; you do not even need to be a member of said network. By contrast, a Shariff button only establishes direct contact between a social network and the website visitor when the visitor actively clicks on the share button. Shariff thus prevents you from leaving a digital trace on every page you visit and enhances data protection. By using Shariff, we are protecting your personal data while also integrating buttons on our website for sharing our content on social media.

Funk discloses personal data within the Group’s companies (as listed on the website in the company profiles found under the section ‘Legal information’) within permissible limits, if such data is required for the purposes listed under Sections 8 to 13. Your personal data is processed on behalf of Funk in these cases as per Art. 28 of the GDPR.

To the extent required, we also disclose personal data to companies outside of the Funk Group in exceptional circumstances if we use these companies to process your data. In these cases, however, the amount of data transferred is restricted to the minimum required. Insofar as recipients outside of the Funk Group come into contact with your personal data, we ensure in the context of processing as per Art. 28 of the GDPR that these parties comply with the regulations set down in data protection legislation in the same way. Please also note the providers’ respective privacy policies. The respective service provider is responsible for the contents of external services, whereby we check, within reasonable limits, that the services comply with the legal requirements.

Insofar as no deviating regulations result from this privacy policy, in principle your data is not transferred to third parties unless we are obligated to this effect by law, or if the data needs to be disclosed to implement the contractual relationship, or you have previously given your express consent to your data being disclosed.

We never transfer any personal data which we collect on this website to countries outside the European Union or the European Economic Area – unless such transmission is expressly stated.

We have taken extensive technical and operational protective measures to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorised individuals. Our security procedures are regularly reviewed and adjusted in line with technological progress.




Privacy policy of the Funk Gruppe GmbH

Data protection information of the Funk Group according to Art.13 GDPR as PDF

Information about the collection and processing of your personal data

Conscientiousness and transparency are the foundations for trust-based collaboration with our clients. For this reason, we would like to inform you of how we process your data and how you can exercise the rights afforded to you under the General Data Protection Regulation. The personal data we process and the purposes for this depend on the specific contractual relationship in each case.

The controller for data processing is:

Funk Gruppe GmbH
Valentinskamp 20
20354 Hamburg, Germany
Tel. +49 (0)40 359 140
Fax +49 (0)40 3591 4407
Email: welcome[at]funk-gruppe.de

You can contact our Data Protection Officer at datenschutz[at]funk-gruppe.de or by using our postal address with the add-on ‘FAO Data Protection Officer’.

We process your personal data if you have sent us a query, asked us for a quote or concluded a contract with us. 

Among other reasons, we also process your personal data in order to fulfil legal requirements, to protect a legitimate interest or because you have given us your consent to do so. 

Depending on the legal basis for data processing, the following categories of personal data are processed:

 

3.1 Personal data

  • First name, last name
  • Address
  • Communication data (e.g. telephone, email)
  • Date and place of birth, nationality
  • Gender, marital status, other family data
  • Employer, occupation and job history, certificates and references
  • Relationship to policy holder, insured party, beneficiary or claimant 

 

3.2 Identification data

  • Social security number
  • Passport number
  • Personal identification number
  • Tax identification number
  • Tax class
  • Driving licence data
  • Health insurance number
  • Vehicle identification number
  • Vehicle registration number

 

3.3 Information about insurance offers and contracts 

  • Contract master data, specifically the contract number, contractual term, termination notice period, type of contract
  • Information about the insured risk

 

3.4 Financial data

  • Bank details/account information
  • Payment data 
  • Invoice data
  • Income 
  • Company figures (e.g. turnover figures, annual financial statements)
  • Vehicle and property ownership, land register entries
  • Information on creditworthiness
  • Other financial data

 

3.5 Health data

  • Information about current or prior physical or mental illnesses
  • Health status, injuries or disabilities, type and duration of medical treatments, relevant personal habits (e.g. smoking or consuming alcohol)
  • Information about prescribed medications, previous illnesses (medical history)

 

3.6 Information about current and prior insurance claims

  • This includes the aforementioned categories of personal data and may also include the aforementioned health data.

 

3.7 Information about court rulings

 

3.8 Information about rental contracts

  • Content of the rental contract (lessor, lessee, rent amount)
  • Lease duration

 

3.9 Data on criminal convictions

 

3.10 Account information, especially registration and logins

 

3.11 Videos or images

We process personal data that we received from our (prospective) clients.

In individual cases, we also receive personal data from:

  • Insurers and reinsurers 
  • Cooperating insurance brokers and other intermediaries (including partners in the ‘Funk Alliance’ broker network, insurance representatives, insurance agents, ‘underwriting agents’ and ‘referrers’)
  • Family members of a (prospective) client 
  • Employers (especially in the case of workplace pensions or group accident insurance) 
  • Support and pension funds (for workplace pensions)
  • Claimants and other third parties such as witnesses, experts (including medical experts) and lawyers 
  • Financial/credit agencies
  • Databases for the purposes of observing sanctions and combating fraud 
  • Authorities such as vehicle registration bodies and tax authorities 
  • Publicly accessible sources, such as commercial or association registers, debtor lists, last registers, websites
  • Other companies of the Funk Group 

We process your personal data especially in accordance with the General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG) as well as all other applicable laws.

 

5.1 Due to consent provided by you (Art. 6 Para. 1 a) GDPR, Art. 9 Para. 2 a) GDPR)

If you have given us your voluntary consent to collect, process and/or transfer certain personal data, this consent constitutes the legal basis for processing this data. 

We process your personal data on the basis of your consent in the following cases:

  • To process special categories of personal data (e.g. health data in the course of brokering insurance contracts and processing payouts or other insurance claims) 
  • To send an email newsletter
  • Personalised newsletter tracking
  • Market research (e.g. customer satisfaction surveys)
  • Marketing and advertising
  • To create customer profiles
  • To publish a client testimonial (name and picture) or use a client reference in tendering processes

 

5.2 For the performance of a contract (Art. 6 Para. 1 b) GDPR)

We use your personal data to perform our contractual obligations as an insurance broker and/or consultant. 

As part of this contractual relationship, we process your data especially to perform the following tasks:

  • Set up a client relationship
  • Provide ongoing support and communicate with our clients 
  • Assess risks to be insured 
  • Obtain insurance offers 
  • Manage contracts
  • Make contact in relation to a contract
  • Carry out ongoing risk checks
  • Fulfil reporting obligations in relation to an insurance contract (e.g. to assess risk and calculate premiums)
  • Record and pass on claims reports
  • Add clients to the Funk client portal (overview of individual insurance programme) 
  • Process insurance claims, especially compensation and payouts (including pension and other benefit claims) 
  • Collect premiums
  • Reimburse insurance premiums 
  • Make insurance payouts
  • Defend or pursue legal claims 

More information on the purposes of data processing can be found in the relevant contract documents, insurance terms and General Terms and Conditions.

 

5.3 To fulfil legal obligations (Art. 6 Para. 1 c) GDPR) or for the public interest (Art. 6 Para. 1 e) GDPR)

As an insurance broker and/or consultant we have different legal obligations. To fulfil these obligations, it may be necessary to process personal data. 

  • Checks and reporting to insurance, data protection and other authorities as well as external auditors
  • Credit, age and identification checks
  • Prevention/interception of criminal acts
  • Data reconciliation to combat money laundering and/or terrorist financing (e.g. due to EU sanctions)

 

5.4 For the purposes of a legitimate interest (Art. 6 Para. 1 f) GDPR)

In certain cases we process your data to protect our legitimate interest or that of a third party.  

  • Central client data administration within the Funk Group 
  • Assurance of IT security and IT operations
  • Direct advertising or market and opinion research
  • Measures for building and asset security
  • Video surveillance to protect our domestic authority
  • Consultation and data exchange with information agencies

 

5.5 For the exercise or defence of legal claims (Art. 9 Para. 2 f) GDPR)

In certain cases we process your health data to exercise or defend legal claims.

  • To process insurance claims, especially liability insurance compensation and payouts

To fulfil our contractual and legal obligations your personal data is disclosed to different internal and external offices and service providers as well as public agencies.

  • Companies within the Funk Group

The Funk Group maintains a central client database to which the employees of all affiliated companies have access, in order to offer our clients the entire spectrum of the services we provide from a single source. The companies of the Funk Group can be found at this link. 

  • Insurers and reinsurers
    Information on data processing at insurers and reinsurers can be found on their websites
  • Cooperating insurance brokers and other intermediaries (including partners in the ‘Funk Alliance’ broker network, insurance representatives, insurance agents, ‘underwriting agents’ and ‘referrers’)
  • Employers (especially in the case of workplace pensions or group accident insurance) 
  • Support and pension funds (for workplace pensions)
  • Courts (especially family courts in the case of a maintenance adjustment)
  • External service providers
    We also work with selected external service providers to fulfil our contractual and legal obligations:
    • Experts (especially in the assessment of claims and payouts)
    • IT service providers (e.g. maintenance service providers, hosting providers)
    • Service providers for file and data destruction
    • Service providers for telecommunications
    • Banks and other payment service providers
    • Service providers for advice and consultancy
    • Service providers for public relations, marketing or sales
    • Financial/credit agencies
    • Service providers for telephone support (call centres)
    • Printing service providers, letter shops
    • Tax advisers and accountants

  • Public bodies
    We may also be required to transfer your personal data to other recipients, such as authorities, for the purposes of fulfilling legal reporting obligations:
  • Supervisory and approval authorities (e.g. the German Federal Financial Supervisory Authority)
    • Insurance ombudsmen
    • Financial authorities
    • Customs authorities
    • Social security providers 
    • Databases for the purposes of observing sanctions and combating fraud 
    • Vehicle registration bodies 

If you have any questions about the individual recipients, contact us at datenschutz[at]funk-gruppe.de or by using our postal address with the add-on ‘FAO Data Protection Officer’.

Countries outside of the European Union (and the European Economic Area ‘EEA’) handle the protection of personal data differently than countries within the European Union. To process your data we may employ service providers located in third countries outside of the European Union. There is currently no ruling by the EU Commission that these third countries offer an adequate level of protection in general. 

For this reason we have employed special measures to ensure that your data is processed as securely in third countries as it is within the European Union. We conclude agreements containing the standard data protection clauses provided by the European Union Commission with service providers in third countries. These clauses stipulate suitable guarantees for the protection of your data when handled by service providers in third countries.

We store your personal data as long as it is required in order to fulfil our legal and contractual obligations.

If the data is no longer necessary in order to fulfil legal or contractual obligations, your data is deleted, unless further processing is necessary for the following purposes:

  • To fulfil retention obligations set out in commercial and tax law, such as the retention periods stipulated in the German Commercial Code (HGB) or German Revenue Code (AO), which call for retention periods up to ten years.
  • To retain evidence under legal regulations governing limitation periods. According to the limitation regulations set out in the German Civil Code (BGB), these limitation periods can run up to 30 years in some cases, but the regular limitation period is three years.

According to the GDPR, every data subject has the right of access (Art. 15), the right of rectification (Art. 16), the right of erasure (Art. 17), the right to restrict processing (Art. 18), the right of objection (Art. 21) and the right of data portability (Art. 20). The restrictions set out in Sections 34 and 35 of the BDSG apply to the right of access and right of erasure.

 

9.1 Right of objection

You can object to the use of your data for advertising purposes without incurring any charges, with the exception of the transmission fees under the basic tariff.

  • What are your rights concerning data processing due to your legitimate or the public interest?
    According to Art. 21, Para. 1 of the GDPR, you have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6, Para. 1 e) of the GDPR (data processing in the public interest) or based on Art. 6, Para. 1 f) of the GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this regulation.
    If you object, we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.

  • What are your rights concerning data processing for the purposes of direct advertising?
    Insofar as we process your personal data for the purpose of carrying out direct advertising, you have, at any time, the right according to Art. 21, Para. 2 of the GDPR to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising.
    If you object to processing for the purposes of direct advertising, we shall no longer use your personal data for these purposes.

 

9.2 Withdrawal of consent

You can withdraw your consent for us to process your personal data at any time. Please note that this withdrawal of consent only affects future processing. 

 

9.3 Right of access

You can demand information from us as to whether we have stored your personal data. Upon your request, we will inform you of what type of data we have, the purposes for which the data is being processed, the parties to which this data has been disclosed, how long the data has been and will be stored and what further rights you have in relation to this data. 

 

9.4 Other rights

You also have the right to rectify incorrect data or erase your data. If there is no reason to continue storing your data, we will delete it. Otherwise we will restrict its processing. You can also request that we provide all of the personal data you have given us in a structured, conventional, machine-readable format either to you or to a person or company of your choice.

Furthermore, you have the right to lodge a complaint with the responsible data protection supervisory authority (Art. 77 GDPR in connection with Section 19 BDSG).

 

9.5 Exercising your rights

You can contact the data controller or the Data Protection Officer using the aforementioned contact details in order to exercise your rights. We will process your query immediately and in accordance with legal requirements.

In order for use to fulfil our obligations as an insurance broker and/or consultant, especially when obtaining insurance offers and assessing risks to be insured, you must provide us with the personal data we require for the performance of the contract or that we are compelled to collect for legal reasons (e.g. due to stipulations of the German Money Laundering Act). If you do not provide us with this data, we will not be able to execute and process the contract.

We do not use any automated decision-making processes and no profiling takes place.

If the purpose for or the manner and method of processing your personal data substantially change, we will update this information and inform you of the changes in due course.

 

Last updated September 2018




Privacy policy of Funk Vorsorgeberatung GmbH and Funk Pensionsmanagement GmbH

Conscientiousness and transparency are the foundations for trust-based collaboration with our clients. For this reason, we would like to inform you of how we process your data and how you can exercise the rights afforded to you under the General Data Protection Regulation. The personal data we process and the purposes for this depend on the specific contractual relationship in each case.

Data protection information of the Funk Vorsorgeberatung GmbH according to Art.13 GDPR as PDF

Data protection information of the Funk Pensionsmanagement GmbH according to Art.13 GDPR as PDF

The controller is:

Funk Vorsorgeberatung GmbH
Funk Pensionsmanagement GmbH
Valentinskamp 20
20354 Hamburg
Germany
Tel. +49 (0)40 359 140
Fax +49 (0)40 3591 4407
Email: datenschutz[at]funk-gruppe.de

You can contact our Data Protection Officer at datenschutz[at]funk-gruppe.de or by using our postal address with the add-on ‘FAO Data Protection Officer’.

We process your personal data if you have sent us a query, asked us for a quote, if we have concluded a contract with your employer for your benefit or if you have concluded a contract with us directly. 

Among other reasons, we also process your personal data in order to fulfil legal requirements, to protect a legitimate interest or because you have given us your consent to do so. 

Depending on the legal basis for data processing, the following categories of personal data are processed:

 

3.1 Personal data

  • First name, surname and title
  • Address (home/work)
  • Telephone no, email address and other communication data (private/business)
  • Date and place of birth, nationality
  • Gender, marital status, other family data
  • Signature (including digital)
  • Personnel number
  • Employer, occupation and job history, certificates and references
  • Relationship to policy holder, insured party, beneficiary or claimant

 

3.2 Identification data

  • Social security number
  • Passport number
  • ID card number
  • Tax identification number
  • Tax class
  • Driving licence data
  • Health insurance number

 

3.3 Information about insurance offers and contracts 

All contract master data, specifically the contract number, contractual term, termination notice period, type of contract, cash value 

Information about the insured risk

 

3.4 Financial data

  • Bank details/account information
  • Payment data
  • Invoice data
  • Income 
  • Company figures (e.g. turnover figures, annual financial statements)

 

3.5 Health data

To enable the conclusion and fulfilment of certain (employee benefit) contracts, it may be necessary to process your health data, such as when assessing risk or handling a claim. This data may include 

Information about current or prior physical or mental illnesses

Health status, injuries or disabilities, type and duration of medical treatments, relevant personal habits (e.g. smoking or consuming alcohol)

Information about prescribed medications, previous illnesses (medical history)

 

3.6 Information about current and prior insurance claims

This includes the aforementioned categories of personal data and may also include the aforementioned health data.

 

3.7 Information about court rulings

e.g. rulings by family courts in maintenance adjustment proceedings

 

3.8 Data on criminal convictions

 

3.9 Account information, especially registration and logins

 

3.10 Videos or images

We process personal data that we receive from our (prospective) clients.

In individual cases, we also receive personal data from:

  • Insurers and reinsurers
  • Cooperating insurance brokers and other intermediaries (including partners in the ‘Funk Alliance’ broker network)
  • Family members of a (prospective) client
  • Employers 
  • Support and pension funds
  • Claimants and other third parties, e.g. medical experts
  • Databases for the purposes of observing sanctions and combating fraud
  • Official agencies and courts
  • Publicly accessible sources, such as commercial or association registers, debtor lists, websites
  • Other companies within the Funk Group

We process your personal data especially in accordance with the General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG) as well as all other applicable laws.

 

5.1 Due to consent provided by you (Article 6 [1a] GDPR)

If you have given us your voluntary consent to collect, process and/or transfer certain personal data, this consent constitutes the legal basis for processing this data. 

We process your personal data on the basis of your consent in the following cases:

  • To process special categories of personal data (e.g. health data in the course of brokering insurance contracts and processing payouts or other insurance claims) 
  • To send an email newsletter
  • Personalised newsletter tracking
  • Market research (e.g. customer satisfaction surveys)
  • Marketing and advertising
  • To create customer profiles
  • To publish a client testimonial (name and picture) or use a client reference in tendering processes

 

5.2 For the performance of a contract (Article 6 [1b] GDPR)

We use your personal data to perform our contractual obligations as an insurance broker and/or consultant. 

As part of this contractual relationship, we process your data especially to perform the following tasks:

  • Setting up a client relationship
  • Providing ongoing support and communicating with our clients and insurers
  • Assessing risks to be insured, including on an ongoing basis
  • Obtaining insurance offers
  • Managing contracts
  • Fulfilling reporting obligations in relation to insurance contracts 
  • Adding clients to the Funk client portal
  • Processing insurance claims (including pension and other benefit claims)
  • Defending or pursuing legal claims 

More information on the purposes of data processing can be found in the relevant contract documents, insurance terms and General Terms and Conditions.

 

5.3 To fulfil legal obligations (Article 6 [1c] GDPR) or for the public interest (Article 6 [1e] GDPR)

As an insurance broker and/or consultant we have different legal obligations. To fulfil these obligations, it may be necessary to process personal data.

  • Checks and reporting to insurance, data protection and other authorities as well as external auditors
  • Age and identity checks
  • Prevention/interception of criminal acts
  • Data checks for the purpose of combating money laundering and/or the financing of terrorism (e.g. as a result of EU sanctions)

 

5.4 For the purposes of a legitimate interest (Article 6 [1f] GDPR)

In certain cases we process your data to protect our legitimate interest or that of a third party. 

  • Central client data administration within the Funk Group
  • Assurance of IT security and IT operations
  • Direct advertising or market and opinion research
  • Measures for building and asset security
  • Video surveillance to protect our domestic authority
  • Consultation and data exchange with information agencies
  • Establishing, exercising and defending against legal claims 


To fulfil our contractual and legal obligations your personal data is disclosed to different internal and external offices and service providers as well as public agencies.

Companies within the Funk Group

  • Via Funk Gruppe GmbH, Funk Vorsorgeberatung GmbH/Funk Pensionsmanagement GmbH maintains a central client database to which the employees of all affiliated companies also have access, in order to offer our clients the entire spectrum of the services we provide from a single source. The companies of the Funk Group can be found via this link.
  • Insurers and reinsurers
  • Cooperating insurance brokers and other intermediaries (including partners in the ‘Funk Alliance’ broker network)
  • Employers 
  • Support and pension funds 
  • Courts (especially family courts in the case of a maintenance adjustment)
  • External service providers


  • We also work with selected external service providers to fulfil our contractual and legal obligations:
    • Experts (especially in the assessment of claims and payouts)
    • IT service providers (e.g. maintenance service providers, hosting providers)
    • Service providers for file and data destruction
    • Service providers for telecommunications
    • Banks and other payment service providers
    • Service providers for advice and consultancy
    • Service providers for public relations, marketing or sales
    • Financial/credit agencies
    • Service providers for telephone support (call centres)
    • Printing service providers, letter shops
    • Tax advisers and accountants
    • Public bodies

  • We may also be required to transfer your personal data to other recipients, such as authorities, for the purposes of fulfilling legal reporting obligations:
    • Supervisory and approval authorities 
    • Insurance ombudsmen
    • Financial authorities
    • Customs authorities
    • Social security providers 
    • The Pension Assurance Association (PSVaG)
    • Databases for the purposes of observing sanctions and combating fraud

 

Should you have any questions about the individual recipients, contact us at datenschutz[at]funk-gruppe.de or by using our postal address with the add-on ‘FAO Data Protection Officer’.

     

Countries outside of the European Union (and the European Economic Area ‘EEA’) handle the protection of personal data differently than countries within the European Union. To process your data we may employ service providers located in third countries outside of the European Union. There is currently no ruling by the EU Commission that these third countries offer an adequate level of protection in general. 

For this reason we have employed special measures to ensure that your data is processed as securely in third countries as it is within the European Union. We conclude agreements containing the standard data protection clauses provided by the European Union Commission with service providers in third countries. These clauses stipulate suitable guarantees for the protection of your data when handled by service providers in third countries.

We store your personal data as long as it is required in order to fulfil our legal and contractual obligations.

If the data is no longer necessary in order to fulfil legal or contractual obligations, your data is deleted, unless further processing is necessary for the following purposes:

  • To fulfil retention obligations set out in commercial and tax law, such as the retention periods stipulated in the German Commercial Code (HGB) or German Revenue Code (AO), which call for retention periods up to ten years.
  • To retain evidence under legal regulations governing limitation periods. According to the limitation regulations set out in the German Civil Code (BGB), these limitation periods can run up to 30 years in some cases, but the regular limitation period is three years.

According to the GDPR, every data subject has the right of access (Art. 15), the right of rectification (Art. 16), the right of erasure (Art. 17), the right to restrict processing (Art. 18), the right of objection (Art. 21) and the right of data portability (Art. 20). The restrictions set out in Sections 34 and 35 of the BDSG apply to the right of access and right of erasure.

 

9.1 Right of objection

You can object to the use of your data for advertising purposes without incurring any charges, with the exception of the transmission fees under the basic tariff.

  • What are your rights concerning data processing due to your legitimate or the public interest? 
    According to Art. 21 (1) of the GDPR, you have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on Art. 6 (1e) of the GDPR (data processing in the public interest) or based on Art. 6 (1f) of the GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this regulation.

    If you object, we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.

  • What are your rights concerning data processing for the purposes of direct advertising?  
    Insofar as we process your personal data for the purpose of carrying out direct advertising, you have, at any time, the right according to Art. 21 (2) of the GDPR to object to processing of the personal data concerning you for the purposes of such advertising; this also applies to profiling if it is in conjunction with such direct advertising.

    If you object to processing for the purposes of direct advertising, we shall no longer use your personal data for these purposes.

 

9.2 Withdrawing consent

You can withdraw your consent for us to process your personal data at any time. Please note that this withdrawal of consent only affects future processing.

 

9.3 Right of access

You can demand information from us as to whether we have stored your personal data. Upon your request, we will inform you of what type of data we have, the purposes for which the data is being processed, the parties to which this data has been disclosed, how long the data has been and will be stored and what further rights you have in relation to this data.

 

9.4 Further rights

You also have the right to rectify incorrect data or erase your data. If there is no reason to continue storing your data, we will delete it. Otherwise we will restrict its processing. You can also request that we provide all of the personal data you have given us in a structured, conventional, machine-readable format either to you or to a person or company of your choice.

Furthermore, you have the right to lodge a complaint with the responsible data protection supervisory authority (Article 77 of the GDPR in connection with Section 19 of the BDSG).

 

9.5 Exercising your rights

You can contact the data controller or the Data Protection Officer using the aforementioned contact details in order to exercise your rights. We will process your query immediately and in accordance with legal requirements.

In order for us to fulfil our obligations as an insurance broker and/or consultant, especially when obtaining insurance offers and assessing risks to be insured, you must provide us with the personal data we require for the performance of the contract or that we are compelled to collect for legal reasons (e.g. due to stipulations of the German Money Laundering Act). If you do not provide us with this data, we will not be able to execute and process the contract.

We do not use any automated decision-making processes and no profiling takes place.

If the purpose for or the manner and method of processing your personal data substantially change, we will update this information and inform you of the changes in due course.

 

Last updated: May 2019