Privacy Policy of ARAG Versicherungen
Today, financial services companies such as insurance companies can only efficiently and economically perform the tasks associated with their services with the help of electronic data processing (EDP). EDP is necessary in order to manage insurance contracts quickly and economically. The improved protection of the community of policyholders against misuse through the use of EDP is far superior to the manual procedures used in this respect and ultimately benefits every policyholder in the calculation of premiums.
Introduction
With this declaration, the ARAG insurance companies
- ARAG SE, Düsseldorf
- ARAG Allgemeine Versicherungs-AG, Düsseldorf
- ARAG Krankenversicherungs-AG, München
undertake to comply carefully with the statutory provisions on data protection and data security when you visit their own websites. In particular, we commit ourselves to applying the General Data Protection Regulation (GDPR) and other relevant data protection regulations. Insofar as you transmit data and, above all, personal data to ARAG insurance companies via our website, we ensure that this data is protected against inspection by means of encryption.
You can and should feel secure when visiting our Web pages, because
- Your data will be treated as confidential.
- Your data are not covertly registered or evaluated and
- Your privacy, personal rights and data protection rights are respected.
This is particularly essential in the insurance and financial sector.
Data protection information
Specifically, we pledge to observe the following principles:
Our claim
As an internationally active insurance group, we attach the utmost importance to the protection and security of personal data. For us, respect for personal rights is the basis for trusting cooperation with customers, partners and employees.
We want ARAG Group companies not only to stand for excellent insurance protection, but also to lead the way in privacy protection in times of digitization. It is therefore a matter of course for us to meet the legal requirements for the collection and processing of personal data. These include in particular the provisions of the EU General Data Protection Regulation and all other applicable data protection regulations.
This guideline on data protection describes the principles and measures for protecting the rights and freedoms of natural persons with regard to the processing of their personal data. These apply to all ARAG Group companies.
Our Principles for Data Processing
The processing of personal data is based on the following principles:
- Legality: The processing of personal data always requires a legal basis.
- Transparency: Every data subject must be able to trace the processing of his or her personal data.
- Data minimization: The processing of personal data must be limited to what is appropriate, objective, relevant and necessary for the purpose of data processing. The same applies to access possibilities.
Admissibility of data processing
Any processing of personal data is subject to the principle of "prohibition subject to permission". Accordingly, the processing of personal data is inadmissible if there is no legal basis for it. In the ARAG Group companies, personal data is processed (legally) for the following reasons in particular:
- Fulfillment or preparation of a contract, e.g. processing of address data for the purpose of postal communication.
- Fulfillment of a legal obligation, e.g. storage of documents in accordance with financial/commercial law retention obligations.
- Legitimate interests, e.g. postal self-advertising (provided there is no objection).
Special categories of personal data, e.g. on ethnic origin or religious convictions or in relation to health, may only be processed with express consent or legal permission.
Rights of data subjects
Protecting the rights and freedoms of natural persons when processing personal data is a top priority for ARAG Group companies. In order to guarantee this, the data subject is entitled to the following rights, among others:
- Information: Data subjects are informed transparently and at an early stage as to whether and how their data will be processed. This applies in the event that personal data is collected directly from the data subject and in the event that data is collected from other parties (third-party collection).
- Information: Data subjects may at any time request information on their stored and/or processed personal data and a copy of the stored and/or processed personal data.
- Correction and completion: Affected parties can request the correction or completion of false or incomplete personal data at any time, e.g. if a name or address is incorrect.
All information relating to the processing of personal data shall be easily accessible to the data subject and communicated in clear and simple language.
In the event of a data protection incident, data subjects will be informed of such events as soon as the legal requirements with regard to risks to their rights and freedoms are met.
The data subject is free to complain to the company, to the responsible data protection officer, to the data protection supervisory authority or to a court of law in order to exercise his or her rights and freedoms in the processing of personal data. Legal rights and claims of data subjects remain unaffected.
Order processing & data transmission
If personal data is processed by external service providers or partners on behalf of ARAG, appropriate data protection measures will be taken - depending on the constellation - to safeguard the processing, e.g:
- Order processing: If the service provider processes personal data on instruction, agreements on order processing are concluded with the service provider in order to safeguard this. Only those service providers are commissioned who take appropriate technical and organizational protection measures. The same applies in the case of data access within the scope of service and maintenance activities.
- Transfer of functions: If external providers are commissioned to render additional services other than the processing of personal data and require own decision-making authority with regard to the data use, then - similar to order processing - data protection agreements are concluded with them which provide for appropriate technical and organizational measures.
- Confidentiality agreement: If in specific cases limited disclosure of personal data cannot be excluded, a confidentiality agreement is concluded to ensure confidentiality.
If personal data is processed outside the EU or can be accessed from there, this is only done if there are suitable guarantees and proofs for the security of the processing, e.g. by concluding standard data protection rules.
Data security, impact assessment and technology design
We take appropriate technical and organizational measures to protect the processing of personal data. These include, in particular, measures to ensure the confidentiality, integrity and availability of personal data, including the resilience of systems and services.
For the selection of technical and organizational measures, the risks to the rights and freedoms of data subjects are taken into account in all processing operations. In the case of high risks, processing operations shall undergo an additional risk and policy review.
When processing personal data, the principle of "data protection through technology design and data protection-friendly pre-settings" is observed, e.g. through pseudonymization or the minimization of personal data.
Technical and organizational measures are regularly checked for their effectiveness and adapted as necessary in line with the state of the art. This also applies to technical and organizational measures when external service providers or partners are commissioned.
Responsibilities and data protection organization
The respective ARAG Group companies are responsible for implementing the data protection regulations. As the responsible body, the company management creates the necessary conditions for the implementation of the data protection requirements by the employees of the specialized departments. This also applies to branches of the Company outside its country of domicile. In addition to the requirements specified in this guideline, supplementary data protection requirements apply - depending on the business activity of the respective company - in Germany, for example, the voluntary commitment in accordance with the Code of Conduct for handling personal data of the German insurance industry (Code of Conduct).
- Our employees are obliged to observe data secrecy in accordance with Art. 29 in conjunction with Art. 32 of the General Data Protection Regulation.
- To the extent required by law, we collect, process and use your data only with your consent.
- We will not pass on your personal data to third parties unless we are legally obliged to do so or you have given us your prior consent.
- We only transmit personal data in cases where this is compatible with the intended purpose.
- If we make use of service providers for the execution and handling of certain processing operations, the integration is based on the provisions of the General Data Protection Regulation.
- We ensure the necessary transparency of data processing.
- Visiting our website is secured by state-of-the-art protection.
- In particular, personal data transmitted by you to us and, when necessary, back from us to you will be encrypted sufficiently against unauthorized access without exception, provided that you use the contact forms offered on our Internet pages for this purpose. You can display our key certificate for a secure connection by double-clicking on the lock symbol in the status bar of your browser.
- Compliance with this data protection declaration is continuously monitored by our data protection officer and the internal audit department.
When you visit our websites, our computers automatically record this information so that we can keep track of the number of visitors. This data collection is completely anonymous. A personal reference is not established.
We will inform you about further data collection in the course of the page.
The personal data that you transmit to us via a website (for example: your name and address or your e-mail address) is used by us only for correspondence with you or only for the purposes for which you make the data available to us and for no other purposes. However, we would also like to use your address data to inform you from time to time about our products and services as well as new features. However, we will obtain your consent in advance for the use of your data for purposes of advertising or market and opinion research.
As stipulated in the General Data Protection Regulation, you can also object to this ARAG advertising at any time. Please simply send us a short message.
Information on cookies
We also use different types of cookies to provide you with the best possible service.
What are cookies?
Cookies are small files stored by your browser. These files control, for example, the device-specific display and operation of the page. In addition, they are used to obtain information about the use of our pages. Some cookies are only stored temporarily and are deleted when the browser is closed. Other cookies (so-called "persistent cookies") are stored for a longer period of time or permanently or until an expiration date is reached or until manual deletion from your browser cache.
Why do we use cookies?
We mainly use cookies
- to enable you to use our website,
- to analyze and understand how our website is used,
- to improve the usability of the website for you and thus optimally adapt it to your user needs,
- in order to play out only relevant advertising for you.
What types of cookies do we use?
We distinguish and use two categories of cookies:
1) Technical and functional cookies
2) Marketing and advertising cookies
1) Technical and functional (required) cookies
Processing is performed on the basis of Art. 6 Para. 1 lit f GDPR, e.g. to analyze our website (technical cookies) or to provide you with our tariff calculator to create an offer (functional cookies).
- Technical cookies are required so that our website is displayed correctly to you and so that we can, among other things, recognize possible attempts to attack our website in good time and defend ourselves against them. Without these cookies, certain functionalities cannot be used, such as maintaining actions taken during a visit (e.g. text input), even if you navigate between the individual pages. In addition, these cookies help us to recognize any errors that occur and to correct them as quickly as possible.
- Functional cookies enable us to offer you certain comfort functions when you visit our website, e.g. to reuse information you have already provided (such as language selection or your location) and thus offer you an improved user experience. These cookies cannot track your movements on other websites.
We do not use technical or functional cookies to play out personal advertising to you.
2) Marketing and promotional cookies
Processing here is based on your consent in accordance with Art. 6 Para. 1 lit a GDPR, i.e. only if you have explicitly consented to the use of these cookies by clicking on "I agree".
-
Marketing and advertising cookies
Cookies for marketing purposes such as Google Analytics - advertising function, Google Remarketing etc. are used to display advertisements online that are relevant to you and adapted to your interests. They are also used to limit the frequency with which an ad appears. -
Third-party cookies
There are also cookies that are set by other providers, e.g. Google or Facebook, based on your personal browser settings or logins. We have no influence on these cookies. Information about these third-party cookies can be found at the respective providers. You can manage these cookies in the settings of your browser. Further information on these third-party cookies, in particular on the legal basis for processing them, can be found at the respective provider.
How do you manage cookies?
Change cookie settings
To keep track of your selection, we save your settings together with the complete IP address.
In addition, there is the possibility in the current Internet browsers to customize the use of cookies of your own browser. You can read more about how this is done at Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, among others.
Google Tag Manager
We use the Google Tag Manager to manage our cookies. This tool implements so-called tags. This means that the Google Tag Manager itself does not set any cookies and does not collect any personal data. The tags implemented by Google Tag Manger may subsequently collect data that Google Tag Manger does not access. If a deactivation has been made at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.
For more information about Google Tag Manager, please visit the Google Tag Manager User Policy and Google Privacy Policy pages under the heading "Information we collect as you use our services”.
Right of objection
If we base the processing of personal data on the legal basis of Art. 6 para. 1 lit f GDPR (legitimate interests of us or a third party), you have the right to object pursuant to Art. 21 GDPR:
Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data. In this case, we will no longer process your personal data unless we can prove compelling grounds for processing worthy of protection which serve your interests, rights and freedoms or for the processing of our assertion, exercise or defense of legal claims.
You may send your objection at any time, for example by e-mail to
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; "Google").
Google Analytics uses "cookies", which are files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers located in the United States or other countries.
We have activated the IP anonymization function for Google Analytics on our website. As a result, your IP address will be shortened by Google by the last octet within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA.
The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
The knowledge gained in this way helps us to constantly improve our website and carry out market analyses. Until 25 May 2018, the legal basis for the use of Google Analytics was Art. 15 Para. 3 TMG, now Art. 6 Para. 1 lit. f GDPR. This evaluation represents our legitimate interest within the meaning of the latter provision.
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. Further information on terms of use and data protection can be found here or here.
You can also prevent the storage of cookies by setting your browser software accordingly (see above under "How do you manage cookies"); however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Opt-out cookies also prevent the future collection of your data when you visit this website. These must be set separately for each device and browser used. If you click here the opt-out cookie for your currently used browser will be set on your currently used device.
The opt-out cookie is only effective until you delete your cookies. You must then click on the link again.
Our website also uses Google Analytics' "demographic features". This function can be used to generate reports that contain information about the age, gender and interests of our website visitors. This data is not personal.
You can find more information about Demographics here.
By clicking on the "I agree" button, you give us your consent - within the meaning of Art. 6 para. 1 lit. a GDPR - to the use of the following tools, possibly operated by means of cookies:
Google Analytics advertising functions
If you consent to the use of Google Analytics advertising features, this website will use the enhanced features of Google Analytics in addition to the standard features.
We use first-party cookies (e.g., Google Analytics cookies) and third-party cookies (e.g., DoubleClick cookies) together to analyze, in an anonymous and aggregated form, which demographic characteristics and interests visitors to our website typically exhibit. We use this information to improve our Web offerings.
You can opt out of participating in this tracking process in a number of ways:
- by setting your browser software accordingly,
- via the Google ad settings at https://www.google.com/ads/preferences/?hl=de
- using the appropriate cookie setting.
We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.
AdWords
We use the online advertising program "Google AdWords" and conversion tracking as part of Google AdWords. Google Conversion Tracking is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an ad placed by Google, a conversion-tracking cookie is placed on your computer ("Conversion Cookie"). These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification.
If you visit certain pages on our website and the cookie has not expired, Google and we may recognize that you clicked on the ad and were directed to that page. Each Google AdWords customer receives a different cookie.
The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. This tells customers the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users.
If you do not wish to participate in tracking, you can object to this use by setting your browser to prevent the installation of cookies (deactivation option). You will then not be included in the conversion tracking statistics.
Further information and Google's privacy policy can be found here.
Google Remarketing
We use the Remarketing or "Similar Target Groups" feature of Google Inc. on our website. ("Google"). This function enables us to target visitors to the website specifically with advertising by placing personalized, interest-related advertising ads for visitors to the ARAG SE website when they visit other websites in the Google Display Network. Google uses cookies to analyze website usage, which forms the basis for creating interest-related advertisements. In this way, anonymous data about the use of the website is collected. There is no storage of personal data of the visitors of the website. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas.
You can permanently deactivate the use of cookies by Google by downloading and installing the provided plug-in. Alternatively, you may opt-out of the use of cookies by third parties by visiting the Network Advertising Initiative's opt-out page and implementing the opt-out information provided there.
You can find further information and Google's privacy policy here.
Doubleclick by Google
Doubleclick by Google is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to show you advertisements that are relevant to you.
A pseudonymous identification number (ID) is assigned to your browser to check which ads were displayed in your browser and which ads were viewed. The cookies do not contain any personal information.
The use of DoubleClick cookies only allows Google and its affiliates to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transferred by Google to a server in the USA for evaluation and stored there. A transmission of the data by Google to third parties takes place only on the basis of legal regulations or in the context of order data processing. Under no circumstances will Google combine your data with other data collected by Google.
By using our website, you consent to the processing of data about you by Google and the manner of data processing and purpose set out above. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. In addition, you can prevent Google from collecting the data generated by the cookies and related to your use of the websites and Google from processing this data by downloading and installing the browser plug-in available under the following Link under the DoubleClick deactivation extension. Alternatively, you can opt-out of DoubleClick cookies by visiting the Digital Advertising Alliance page at the Link below.
Google reCAPTCHA
In certain cases, this website uses Google's reCAPTCHA service (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to support data security and to protect against spam. This serves primarily to differentiate whether the input is made by a human being or (abusively) by mechanical and automated processing. The service includes sending the IP address and any other data required by Google to Google. By using this website, you consent to the processing of data by Google when using this service.
Further information on this can be found in Google's privacy policy.
Google Maps
For reasons of user-friendliness, in certain cases the Google Maps service is used on this website to display a map section of Google (Goolge Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The service includes the transmission of the IP address and any other data required by Google for the service to Google. By using this website, you consent to the processing of data by Google when using this service.
Further information on this can be found in Google's privacy policy.
You may revoke any consent you may have given to the collection, storage, processing and use of your personal data at any time with effect for the future. In addition, you have the following rights:
- Pursuant to Art. 15 GDPR you have the right to request information free of charge about the data processed by us.
- According to Article 16 GDPR, you also have the right to demand the correction of inaccurate data.
- Art. 17 GDPR gives you the right to erasure of personal data.
- According to Art. 18 GDPR you have the right to limit the processing.
- Your right to data portability arises from Art. 20 GDPR
- Art. 21 GDPR gives you the right to object to the processing.
In all these cases, please contact the ARAG Group Privacy Officer directly.
Detailed information on your rights can be found here.
If you provide ARAG with an e-mail address, ARAG will use it to send you the requested information. ARAG currently only sends personal data or other confidential information by post, however. E-mail messages relating to a contractual relationship are archived in accordance with the statutory retention obligations. Otherwise, we will only use the e-mail address you provide for correspondence with you. ARAG will not disclose your e-mail address to third parties. ARAG will also not send you any unsolicited e-mail. If you receive unsolicited e-mails that appear to originate from ARAG, these are forged e-mail messages that can be deleted.
Please bear in mind that e-mails and their contents are far less protected against unauthorized access and falsification than postcards. Therefore, if you wish to provide ARAG with confidential data, we recommend that you use the appropriate ARAG contact forms on our website.
ARAG will also use your e-mail address to send you the "ARAG Newsletter" if you have given us the necessary consent to do so as part of your newsletter request.
When processing your data, ARAG Versicherungen will observe, among other things, the provisions of the General Data Protection Regulation. We use your data to conclude insurance contracts with you and, if necessary, also for other purposes, e.g. to protect legitimate interests. This includes, for example, advertising. If it is necessary to pass on the data to other parties in order to take out an insurance policy, ARAG SE and ARAG IT GmbH are the recipients, for example.
The General Data Protection Regulation also regulates your rights, including the right to lodge complaints with us or the data protection supervisory authority.
You can find detailed information pursuant to Art. 13 GDPR here.
You can also request a printout of this information under (0211) 98 700 700 or
Together with the Federation of German Consumer Organisations (Verbraucherzentrale Bundesverband e.V.) and the umbrella organization of German insurers, the German Insurance Association (Gesamtverband der Deutschen Versicherungswirtschaft e.V., GDV), the representatives of the German data protection supervisory authorities have established and coordinated new rules of conduct for dealing with the personal data of policyholders.
This so-called data protection code creates largely uniform standards for the insurance industry and promotes compliance with data protection regulations. It is intended to guarantee policyholders that data protection and data security issues are taken into account in the design and processing of products and services.
By joining on 1 July 2013, the insurance companies of the ARAG Group have recognized the German insurance industry’s code of conduct for the handling of personal data as binding. As of 1 July 2013, the processing of your personal data has been governed by this Code of Conduct.
This means that in many cases the declarations of consent previously used are no longer required.
Particularly sensitive personal data, e.g. your health data, are still an exception. For the collection and processing of such sensitive data, we continue to require a declaration of confidentiality and data protection consent from you.
In health and accident insurance it is necessary for us to collect and process your health data and other particularly protected personal data, some of which fall under the protection of § 203 StGB. In order to create more transparency for you, the highest data protection supervisory authorities and representatives of the insurance industry have agreed on a new declaration of consent and release from the duty of confidentiality, which applies as of 1 January 2013. This declaration ensures an optimized and thus even more effective protection of your data.
After consultation with the data protection supervisory authorities, this new declaration of consent and release from the duty of confidentiality also applies retroactively to existing insurance contracts concluded before 1 January 2013.
The new declaration of consent and release from confidentiality has no influence on the scope of benefits of your existing insurance policy and replaces the declarations of consent and release from confidentiality previously used in the area of health and accident insurance.
Please find the complete content and structure of the new rules by insurance line in their current version under:
In the declarations of consent and release from the duty of confidentiality, as well as in the "Code of conduct for the handling of personal data by the German insurance industry" (data protection code), reference is made to the list of service providers. You can read and download the current version of the list here:
Contact
If you have any questions regarding the processing, transmission and use of your data, you can contact the data protection officer of ARAG Versicherungen in writing. You can also address your requests for information, suggestions or possible data protection complaints to this person.
ARAG Versicherungen
Data Protection Officer
AKB 105D
ARAG Platz 1
40472 Düsseldorf
Alternatively, you can use one of the following contact channels:
E-Mail-contact form (secure transmission of your data with SSL encryption)
E-Mail:
Telefax: 0211 963-2813
Scope
This privacy policy applies to all websites for which ARAG insurance companies are responsible.
ARAG websites may contain links to websites of other companies. This declaration does not apply to their websites.
Currency of this Privacy Policy
This data protection declaration is currently valid and dated 10 September 2020. Improvements to this declaration will be published here and apply from the respective publication date.