Together
More Successful

Legal notice on the website of Credit Life.

I.    Name and address of the controller

The controller as defined in the General Data Protection Regulation and other national data protection legislation of the member states, as well as other miscellaneous provisions under data protection law:

Credit Life AG / RheinLand Versicherungs AG RheinLandplatz 41460 Neuss, Germany

Phone: + 49 (0) 2131 2010-0

Telefax    +49 (0) 2131 2010 - 13555 E-mail    info-it(at)creditlife.de or info-it(at)rheinland-versicherungen.de Website: www.creditlife.net


II.    Name and address of the data protection officer

The controller's data protection officer is:

Credit Life AG RheinLandplatz 41460 Neuss, Germany Germany

Phone: + 49 (0) 2131 2010-0

E-mail: datenschutz(at)creditlife.net Website: www.creditlife.net


III.    General Remarks on Data Processing

1.    Scope of the processing of personal data

We basically collect and use personal data of our users only to the extent required to provide a functioning website, along with our content and services. The collection and use of our users' personal data regularly occurs only after obtaining the user's consent. An exception applies in cases in which obtaining consent is not possible on factual grounds, and processing of the data is permitted by legal statutes.


2.    Legal ground for the processing of personal data

The extent that we obtain consent of the data subject for processing operations of personal data, Art. 6 Sect. 1 lit. a EU General Data Protection Regulation (GDPR) serves as a legal ground.

In processing personal data required for the fulfillment of a contract, the contractual party of which is the data subject, Art. 6 Sect. 1 lit. b GDPR serves as a legal ground. This also applies to processing operations required to carry out pre-contractual measures.

To the extent that processing of personal data is required for fulfilling a legal obligation to which our company is subject, Art. 6 Sect. 1 lit. c GDPR serves as a legal ground.

In the event that vital interests of the data subject or of another natural person require processing of personal data, Art. 6 Sect. 1 lit. d GDPR serves as a legal ground.

If the processing is required to preserve a legitimate interest of our company or of a third-party, and the interests, basic rights and basic freedoms of the data subject person do not take precedence over the aforementioned interest, Art. 6 Sect. 1 lit. f GDPR serves as a legal ground for the processing.


3.    Data erasure and storage period

The personal data of the data subject is erased or blocked as soon as the purpose for the storage no longer exists. Storage may occur beyond this period if this has been provided by European or national lawmakers in regulations, laws or other rules according to EU law, to which the controller is subject. Blockage or erasure of the data still occurs if the storage deadline expires through the standards specified, unless there is a necessity for storage to continue for the purpose of entering into a contract or for contract fulfillment.


IV.    Provision of the website and preparation of log files

1.    Description and scope of data processing

Each time users visit our website, our system automatically records data and information on the computer system of the requesting computer.

The following data is collected in the process:

  1. Information on the browser type and the version used
  2. The user's operating system
  3. The user's IP address
  4. Date and time of the access
  5. Websites from which the user's system reaches our website
  6. Device type, device brand, device model, screen resolution
  7. Browser plugins
  8. Country of origin, browser language

The data is also stored in the log files of our system. Storage of this data together with the user's other personal data does not occur.

 

2.    Legal ground for data processing

The legal ground for temporary storage of data and of the log files is Art. 6 Sect. 1 lit. f GDPR.

 

3.    Purpose of the data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To do so, the user's IP address must be stored for the duration of the session.

The storage in log files occurs in order to guarantee the functionality of the website. In addition, we use the data for the purpose of optimizing the website and for safeguarding the security of our IT systems. An analysis of the data for marketing purposes does not occur in this context.

Our legitimate interest in data processing according to Art. 6 Sect. 1 lit. f GDPR lies in these purposes.

 

4.    Duration of storage

The data is erased as soon as it is no longer required for the achievement of the purpose of its collection. With respect to the collection of data for providing the website, this is the case if the relevant session has ended.

In case the data is stored in log files, it is erased after seven days at the latest. Storage beyond that period is possible. In this case, the IP addresses of the users are erased or altered so that it is no longer possible to identify the client calling up the website.

 

5.    Option of objection and removal

The collection of data for providing the website and the storage of data in log files is indispensable for operating the website. Consequently, there is no objection option for the user.

 

V.    Use of cookies

1.    Description and scope of data processing

Our website uses cookies. Cookies involve text files that are stored in the web browser or by the web browser on the computer system of the user. If a user calls up a website, a cookie may be stored on the operating system of the user. This cookie contains a characteristic character string enabling a unique identification of the browser when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser calling up the website can also be identified after changing the page.

The cookies, the following data is stored and transmitted in the process:

  1. Language settings
  2. TYPO3 CMS (front-end session ID, anonymous) user identification
  3. Information as to whether cookie use has been accepted by the user

In addition, on our website, we use cookies that enable an analysis of the browsing behavior of users (Piwik/Matomo web tracking).

In this manner, the following data can be analyzed, without this type of data being stored in the cookie, however:

  1. Search terms entered
  2. Frequency of page views
  3. Utilization of website functions
  4. Clickpaths
  5. Etc. please complete as described below in the paragraph on Piwik/Matomo

The user data collected in this manner are pseudonymized using technical precautions. That is why identifying the data of the user calling up the website is no longer possible. The data are not stored together with the users' other personal data.

When calling up our website, the user is informed about the use of cookies for analysis purposes, and his or her consent is obtained to process the personal data used in this context. In this context, there is also a reference to this privacy statement.

 

2.    Legal ground for data processing

The legal ground for processing of personal data using technically necessary cookies is Art. 6 Sect. 1 lit. f GDPR.

The legal basis for processing of personal data using cookies for analysis purposes, provided that relevant consent of the user has been obtained, is Art. 6 Sect. 1 lit. a GDPR.

 

3.    Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for the user. Several functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser also be recognized again after changing the page.

We require cookies for the following applications:

  1. Adopting language settings
  2. TYPO3 CMS (front-end session ID, anonymous) user identification
  3. Information as to whether cookie use has been accepted by the user
  4. Security of access-protected newsletter content

The user data collected through technically necessary cookies are not used to create user profiles.

The use of analysis cookies occurs for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus continuously streamline our service.

Our legitimate interest in processing personal data according to Art. 6 Sect. 1 lit. f GDPR lies in these purposes.

 

4.    Duration of storage, option of objection and removal

Cookies are stored on the user's computer and from there, they are transmitted to our website. Therefore, you as the user also have complete control over the use of cookies. By modifying the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also occur automatically. If cookies are deactivated for our website, you possibly may no longer be able to have complete use of all the functions on the website.

 

VI.    Contact form and e-mail contact

1.    Description and scope of data processing

There is a contact form on our website which can be used for initiating contact electronically. If a user takes advantage of this opportunity, the data entered in the entry screen are transmitted to us and saved. This data involves the following:

  • You are the insured person/policyholder or intermediary
  • Form of address
  • First name
  • Last name
  • Company
  • Street address
  • House number
  • Post code
  • Town
  • Date of birth
  • Phone
  • E-mail address
  • Quotation number
  • Contract or financing number
  • Additional contract or financing number
  • Benefit number
  • Life insurance number
  • Claim number
  • Intermediary
  • Deceased on
  • Work disability since
  • Unemployed since
  • Debit number
  • Financial institution
  • BIC
  • IBAN
  • Account holder
  • Valid as of (new bank account)
  • Message

When the message is sent, the following data are saved:

  1. The user's IP address
  2. Date and time of the registration

For the processing of the data, your consent is obtained within the scope of sending the message, and reference is made to this privacy statement.

As an alternative, it is possible to initiate contact using the available e-mail address. In this case, the user's personal data transmitted with the email are saved.

Within this context, there is no forwarding of data to third parties. The data are used exclusively for processing the conversation.

 

2.    Legal ground for data processing

The legal ground for processing the data, provided that relevant consent of the user has been obtained, is Art. 6 Sect. 1 lit. a GDPR.

The legal ground for processing the data transmitted during the process of sending an e-mail, is Art. 6 Sect. 1 lit. f GDPR. If the objective of the e-mail contact is to conclude a contract, the additional legal ground for processing data is Art. 6 Sect. 1 lit. b GDPR.

 

3.    Purpose of data processing

The processing of personal data from the entry screen serves solely to handle the contact initiation. In case contact is initiated per e-mail, the required legitimate interest in the processing of data also lies here.

Other personal data processed when sending a message serve the purpose of preventing abuse of the contact form and safeguarding the security of our IT systems.

 

4.    Duration of storage

The data is erased as soon as it is no longer required for the achievement of the purpose of its collection. This is the case for the personal data from the entry screen of the contact form and data transmitted per e-mail if the relevant conversation with the user has ended. The conversation has ended if it can be concluded from the circumstances that the relevant matter has been conclusively resolved.

The personal data additionally collected when the message is sent are deleted after a period not exceeding seven days.

 

5.    Option of objection and removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can thus object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of initiating contact are erased in this case.

 

VII.    Web analysis through Matomo (formerly PIWIK)

1.    Scope of the processing of personal data

On our website, we use the open source software tool Matomo (formerly PIWIK) to analyze the browsing behavior of our users. The software places a cookie on the user's computer (see above section on cookies). If individual pages of our website are called up, the following data are stored:

  1. Two bytes of the IP address from the user's system calling up the website
  2. The website called up
  3. The website from which the user came to the website that has been called up (referrer)
  4. The sub-sites from which the current website was called up
  5. Time spent on the website
  6. The frequency of the website's being called up

In this, the software runs exclusively on the servers of our website. Storage of users' personal data only occurs there. There is no forwarding of data to third parties.

The software is configured so that the IP addresses will not be completely stored, rather 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this manner, linking the shortened IP address to the computer calling up the website is no longer possible.

 

2.    Legal ground for the processing of personal data

The legal ground for processing of users' personal data is Art. 6 Sect. 1 lit. f GDPR.

 

3.    Purpose of data processing

The processing of the users' personal data enables us to analyze the browsing behavior of our users. Through the analysis of the data derived, we are capable of assembling information on the use of individual components of our website. This helps us in constantly improving our website and its user-friendliness. Our legitimate interest in processing the data according to Art. 6 Sect. 1 lit. f GDPR also lies in these purposes. Through anonymous a description of the IP address, the interest of the users in protecting their personal data is sufficiently upheld.

 

4.    Rights of the user: Information, rectification and erasure

As a user, you shall receive free of charge upon your request information on the personal data concerning you that has been stored. Should your request conflict with a statutory duty to retain data (e.g. data retention), you have the right to rectification of incorrect data and to the blockage or erasure of your personal data.

 

5.    Option of objection and removal

Cookies are stored on the user's computer and from there, they are transmitted to our website. Therefore, you as the user also have complete control over the use of cookies. By modifying the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also occur automatically. If cookies are deactivated for our website, you possibly may no longer be able to have complete use of all the functions on the website.

On our website, we offer users the choice of opting out of the analysis process. To do so, it is necessary for you to follow the relevant link. In this matter, and additional cookie is placed on your system, which signals to our system to refrain from storing the user's data. If users delete the relevant cookie from their own systems in the meantime, they are required to place the opt-out cookie again.

You can find additional information on the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.

Disabling tracking

Disabling tracking

VIII. Google Analytics

This website uses the Google Analytics service, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the analysis of website usage by users. The service uses "cookies" - text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

This website uses IP anonymisation. The IP address of the user is shortened within the member states of the EU and the European Economic Area. This shortening means that your IP address does not have to be referred to a specific person. As part of the agreement on the order data agreement, which the website operators have concluded with Google Inc., the latter uses the information collected to compile an evaluation of website use and website activity and provides services associated with Internet use.

You have the option of preventing cookies from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you can access all functions of this website without restrictions if your browser does not allow cookies.

You can also use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link leads you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, by clicking on this link, you will prevent Google Analytics from collecting information about you from within this website. Click on the link above to download an "Opt-Out-Cookie". Your browser must therefore always allow the storage of cookies for this purpose. If you delete your cookies regularly, you will need to click the link again each time you visit this website.

Here you can find further information on data usage by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=en

 

IX.    Google Tag Manager

Our website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal information is collected. Google Tool Manager triggers other tags that may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.

 

X.    Google Search Console

This website uses the Google Search Console service provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to support search engine optimization (SEO). No personal data is processed here.

 

XI.    Rights of the data subject

If your personal data are being processed, you are a data subject as defined in the GDPR, and you have the following rights towards the controller:

1.    Right to information

You can demand a confirmation from the controller as to whether personal data concerning you are processed by us.

If data are being processed, you can demand the following information from the controller:

  1. the purposes for which the personal data are being processed;
  2. the categories of personal data processed;
  3. the recipients or the categories of recipients to whom the personal data concerning you were or will be disclosed;
  4. the planned term of storage of the personal data concerning you or, in case concrete details in this regard are not possible, criteria for the specification of the storage period;
  5. the existence of the right to request from the controller rectification or erasure of personal data, the right of restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22 Sect. 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you have been transmitted to a third country or to an international organization. In this context, you may request information on the adequate guarantees pursuant to Art. 46 GDPR in the context of the transmission.

 

2.    Right to rectification

You have the right to rectification and/or completion towards the controller, to the extent that the processed personal data concerning you are incorrect or incomplete. The controller is to perform rectification without delay.

 

3.    Right to restriction of processing

Under the following conditions, you may request a restriction of the processing of personal data concerning you:

  1. if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  4. if you have objected to processing pursuant to Article21 Sect. 1 GDPR, pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of the personal data concerning you has been restricted, such data – with the exception of storage – shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Where processing has been restricted according to the above conditions, you shall be informed by the controller before the restriction of processing is lifted.

 

4.    Right to erasure

a)    Duty to erase

You can request from the controller the erasure of personal data concerning you without undue delay, and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing was based according to Art. 6 Sect. 1 lit. a or Art. 9 Sect. 2 lit. a GDPR, and where there is no other legal ground for the processing.
  3. You submit an objection pursuant to Article 21 Sect. 1 GDPR against processing, and there are no overriding legitimate grounds for the processing, or you submit an objection against processing pursuant to Article 21 Sect. 2 GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8 Sect. 1 GDPR.

 

b)    Information to third parties

Where the controller has made public the personal data concerning you and is obliged pursuant to Art. 17 Sect. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as a data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

 

c)    Exceptions

The right to erasure shall not apply to the extent that processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with Article 9 Sect. 2 lit. h and i as well as Art. 9 Sect. 3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 Sect. 1 GDPR, in so far as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  5. for the establishment, exercise or defense of legal claims.


5.    Right to notification

If you have asserted the right of rectification or erasure of personal data or restriction of processing toward the controller, he is obliged to inform each recipient to whom the personal data have been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You shall be entitled to the right towards the controller to be informed about these recipients.

 

6.    Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. In addition, you shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. the processing is based on consent pursuant to Art. 6 Sect. 1 lit. a GDPR or Art. 9 Sect. 2 lit. a GDPR or on a contract pursuant to Art. 6 Sect. 1 lit. b GDPR and
  2. the processing is carried out by automated means.

In exercising this right, you shall further have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons are not allowed to be impaired by this.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7.    Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 Sect. 1 point lit. e or f GDPR; this also applies to profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You shall have the opportunity in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

 

8.    Right to withdrawal of the data protection declaration of consent

You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

9.    Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and the data controller,
  2. is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the your rights and freedoms and your legitimate interests or
  3. occurs with your express consent.

However, these decisions shall not be based on special categories of personal data referred to in Art. 9 Sect. 1 GDPR, unless Article 9 Sect. 2 lit. a or g GDPR applies and suitable measures to safeguard the your rights and freedoms and your legitimate interests are in place.

With respect to the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

 

10.    Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.