The responsible party in terms of the General Data Protection Regulation and other national data protection acts of the member state as well as other statutory regulations regarding data protection is:
c/o InsurLab Germany GmbH
Schanzenstr. 6-20 (Building 3.09)
Managing Director: Michael Dreiner
Tel.: +49 (0) 221 677 78 85 – 0
Fax: +49 (0) 221 677 78 85 – 9
Principally, we process personal data of our users only when it is a requirement for providing a functioning website along with our contents and services. The processing of personal data of our users takes place periodically and exclusively after the consent of the user. An exemption is in force for such cases, where a prior obtaining of a consent is not possible for actual reasons and where the processing of the data is permitted by law.
When we obtain a consent from the person in question to process their personal data, art. 6 par. 1 lit. a European General Data Protection Regulation (GDPR) serves as the legal basis.
In terms of processing personal data, which are necessary to fulfill a contract, whose signatory party is the person in question, art. 6 par. 1 lit. b GDPR serves as the legal basis. This applies also to processes, that are necessary to execute pre-contractual measures.
As far as processing of personal data is necessary to execute legal obligations, art. 6 par. 1 lit. c serves as the legal basis.
In case that vital interests of the person in question or any natural person require to process personal data, art. 6 par. 1 lit. d GDPR serves as the legal basis.
As far as the processing is necessary to protect a legitimate interest of our company or of a third party and the interests, civil rights and fundamental liberties of the person in question outweigh the first-mentioned interest, art. 6 par. 1 lit. f GDPR serves as the legal basis for processing.
The personal data of the person in question will be erased or restricted, as far as the purpose of the storage lapses. A storage can take place further, if it is required by the European or national legislator in European legal regulations, laws or other regulations, the person responsible is subject to. A restriction or erasure of data takes place even if a deadline prescribed by the mentioned norms expires, unless there is a requirement to save data for a contract closing or a fulfillment of a contract.
With every view of our website, our system automatically collects data and information of the computer system of the viewing device.
The following data will be collected:
(1) Information about the type of browser and the used version
(2) The operating system of the user
(3) The internet service provider of the user
(4) The IP address of the user
(5) Date and time of day of the access to the website
(6) Websites, from which the user is forwarded to our website
(7) Websites that are viewed by the system of the user via our website
The data will be stored in the logfiles of our system as well. A storage of these data, along with other personal data, does not take place.
Legal basis for the temporary storage of data and the logfiles is art. 6 par. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable a distribution from the website to the computer of the user. For this purpose, the IP address from the user needs to be stored.
The storage in logfiles takes place, to ensure operability of the website. Furthermore, the data serve us for optimization of our website and for securing safety of our information technology systems. An analysis of data for marketing purposes does not take place.
In these purposes lays our legitimate interest for data processing in accordance with art. 6 par. 1 lit. f GDPR.
The data will be erased, once they are obsolete for the achievement of the purpose of their collection. In case of the collection of data to provide the website, it is the case when the respective session is over.
In case of storage of data in logfiles, it is the case after no later than seven days. In this case, the IP addresses of the users will be erased, or defamiliarized, so that an attribution of the viewing Client is not possible anymore.
The collection of data in displaying the website and the storage of data in logfiles is necessary to operate the website. Hence, there exists no possibility to withdraw from that, on behalf of the customer.
In the cookies the following data are stored and transferred:
(1) Language setting
(2) Login information
Hereby the following data can be transferred:
(1) Frequency of website views
(2) Utilisation of website functions
The data collected are pseudonymised through technical arrangements. Hence, an attribution of the data to the viewing user is no longer possible. The data will not be stored along with personal data of the users.
The legal basis for processing personal data using cookies is art. 6 par. 1 lit. f GDPR.
The purpose of using technical necessary cookies, is to simplify the use of the website for users. Several functions of our website cannot be provided without using cookies. For these functions it is essential that the browser is recognized after a change of website page.
We need cookies for the following applications:
(1) Adoption of language settings
(2) Login information (Email address and password)
The user data collected by technical required cookies are not used to build a user profile.
The use of analysis cookies takes place for the purpose to improve our website and its contents. Through the analysis cookies we get to know, how our website is used and are able to optimize our services.
For these purposes lays our legitimate interest to process personal data in accordance with art. 6 par. 1 lit. f GDPR.
On our website, we offer users the possibility to register with addition of personal data. The data are keyed in through an input mask and are transferred to us and stored. A transfer of data to third parties does not take place. The following data are collected in the process of registration:
(1) First- and surname
(2) E-mail address
(3) Phone number
At the time of the registration, the following data are stored.
(1) Date and time of day during registration
As part of the registration progress, a consent of the user to process these data will be obtained.
Legal basis for processing data in case of a consent of the user is art. 6 par. 1 lit. a GDPR.
A registration of the user is necessary to keep available certain contents and services.
The registration is necessary to display the entire functionality of the website (E-Mail notifications). Registrations enable firstwire to verify the identity of the users and when necessary to exclude users. After the registration of the user, either follows i) the erasure of the data from demo-app.firstwire.market if the user does not obtain access to firstwire, or ii) the anonymization of personal data like first- and surname and company. The email address and phone longer remain, in addition to date and time of the day and last login (Date and time of the day). After the user tested the system (usu. 30 days or longer as requested from the customer or firstwire), the data including email address, phone number, company (anonymized), first- and surname (anonymized) as well as the last activities, date of the registration and the last login at demo-app.firstwire.market are erased.
The data are erased, as soon as they are a no longer necessary to their purpose of collection.
This is the case for the collected data during the process of registration, if the registration on our website is abolished or altered.
As a user you have at any time the possibility to withdraw registration. The data, which are stored about you, can be altered anytime.
Anytime, the users can make a written application to firstname.lastname@example.org or to the above mentioned address for erasure of their account and/or for alteration of their data.
At our website exists a contact form, which can be used for electronic contacting. If a user takes advantage of this possibility, the data keyed in the input mask are transferred to us and stored. These data are:
(1) First- and surname
(2) Email address
(4) Content of the message
At the time of the sending of the message, the following data are stored:
(1) The IP address
(2) Date and time of the day of the registration
For processing data in the context of the process of sending, your consent is obtained and referenced to this Data Security Policy.
Alternatively, a contacting via the provided E-mail address is possible. In this case, the personal data of the user transferred via E-mail are stored.
Alternatively, a contacting is possible via a set up call-back.
(1) First- and surname
(2) Email address
(3) Phone number
(5) Date and time of the day of the wished call-back
In this context, a transfer of data to third parties does not take place. The data are exclusively used for processing the conversation.
The legal basis for data processing in case of a consent of the customer is art. 6 par. 1 lit. a GDPR. The legal basis for the processing of data, transferred as part of an E-Mail is art. 6 par. 1 lit. f GDPR. If the E-Mail contact is targeting a contract closing, art. 6 par. 1 lit. b is an additional legal basis for the processing.
The processing of personal data from the input mask serves exclusively to handle the contacting. In case of a contacting via E-mail, here lays the required justified interest to process the data.
The other personal data, processed during the process of sending, serve to prevent an abuse of the contact form and to secure safety of our information technology systems.
The data are erased, as long as they are no longer necessary to their purpose of collection. This applies to personal data from the input mask from the contact form and to the data send via E-Mail, as long as the certain conversation with the user is ended. The conversation is ended, if it arises from the circumstances, that the affected issue is completely clarified. The additional data, collected during the procedure of the sending, are erased after a period of maximum 7 days.
Anytime, the user has the possibility to withdraw his consent for processing the personal data. If the user contacts us via E-Mail, he is able to withdraw the storage of his personal data anytime. In this case, the conversation cannot be continued.
Anytime, the users can withdraw their consent for the storage via E-Mail to email@example.com.
All personal data, collected as a part of the contacting are erased in this case.
If personal data from you are processed, you are the person in question for the purpose of GDPR and the following rights appertain to you:
You can require a confirmation from the person in authority, if personal data, which are affecting you, are processed by us.
If such a processing is existing, you can require to obtain information about:
(1) The purpose, on which personal data can be processed;
(2) The categories of personal data, which are processed;
(3) The recipient e.g. the categories of recipients, towards which the data relating to you got revealed, or will be revealed;
(4) The planned length of storage of the personal data relating to you, or, if concrete statements regarding that are not possible, criteria for the determination of the length of storage;
(5) The existence of a right to correct or to erase the personal data relating to you, a right of restriction of processing through the person in authority or a right to withdraw this processing;
(6) The existence of a right of complaint at a regulating authority;
(7) All available information about the origin of the data, if the personal data are not collected at the person in question;
(8) The existence of an automatized decision making including profiling in accordance with art. 22 par. 1 and 4 GDPR and – at least in these cases – comprehensive information about the involved logic as well as the scope and the intended consequences of such a processing for the person in question;
You have the right, to require information, if the personal data relating to you are transferred to a third-party country or to an international organization. In this context, you can require to be briefed about the suitable guarantees in accordance with art. 46 GDPR.
You have the right of correction and/ or completion towards the person in authority, as long as the personal data processes, which are relating to you, are incorrect or incomplete. The person in authority is obliged to do the correction immediately.
Under the following requirements, you can require to restrict the processing of data relating to you:
(1) If you deny the correctness of the personal data relating to you, which enables the person in authority to verify the correctness of the personal data;
(2) the processing is illegitimate and you decline the erasure of the personal data and instead require a restriction of the use of the personal data;
(3) the person in authority no longer needs the personal data for the purpose of processing, however you need those data to raise a claim, to execute or to defend titles or
(4) when you withdraw the processing in accordance with art. 21 par. 1 GDPR, without certainty, whether the justified reasons of the person in authority outweigh yours.
If processing the data relating to you was restricted, these data, apart from your storage – can be only processed with your consent, or to raise a claim, to execute or to defend titles or to protect the rights of another natural or legal person, or for reasons of an important public interest of the union or a member state.
If the restriction of processing was restricted in accordance with the above mentioned requirements, you will be briefed before the restrictions will be overturned.
You can require to erase the relevant personal data relating to you of the person in authority immediately, and the person in authority is obliged to erase these data immediately, as long as one of the following reasons is accurate:
(1) The personal data relating to you are no longer necessary for purposes they have been collected or processes in any way.
(2) You withdraw your consent in accordance with art. 6 par. 1 lit. a or art. 9 par. 2 lit. a GDPR, where processing relied in, and an otherwise legal basis for processing is absent.
(3) You withdraw processing in accordance with art. 21 par. 1 GDPR and no prior justified reason for processing exist. Or you withdraw processing, in accordance with Art. 21 par. 2 GDPR.
(4) The personal data relating to you was processed illegitimate.
(5) The erasure of the personal data relating to you is necessary to fulfil a legal obligation in accordance with European legislation or the legislation of the member states, is subject to the person in authority.
(6) The personal data relating to you were collected in terms of offered services of an information society in accordance with art. 8 par. 1 GDPR.
As long as the person in authority made the relevant personal data public and as long as he is obliged to the erasure of those, in accordance with art. 17 par. 1 GDPR, he takes appropriate measures, also in a technical way, with reference to the available technology and the costs of implementing, to inform the person in authority of the data processing, that you as the person in question required the erasure of all links to these personal data or of all copies and replications.
The right to erasure does not exist as long as processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation, that is subject to processing in accordance with the legislature of the European union or the member states, the person in authority is subject to, requires, or, to exercise a task, that is in the public interest or to exercise public legislature, that was brought forward to the person in authority;
(3) for reasons of the public interest in regarding public health in accordance with art. 9 par. 2 lit. h and as well as art. 9 par. 3 GDPR;
(4) on behalf of the public interest arising purposes of archiving, scientific research purposes or for statistical purposes in accordance with art. 89 par. 1 GDPR, as long as the right mentioned in section a) probably rules out the achievement of the goals of processing or impacts them seriously, or
(5) to enforce, exercise, or defend titles.
If you exercised the right to instruction, erasure or restriction of processing towards the person in authority, this person is obliged to make the correction or erasure of the data or the restrictions of processing, to all recipients, where the relevant personal data were published, unless this is unachievable or with disproportionate effort.
Towards the person in authority, you have the right to be briefed about these recipients.
You have the right to receive the relevant personal data relating to you, that was provided to the person in authority, in a structured, on machine-readable format.
Furthermore, you have the right to transfer these data to another person in authority, without being impeded by the person in authority, you provided the personal data, as long as
(1) Processing is based on a consent in accordance with art. 6 par. 1 lit. a GDPR or art. 9 par. 2 lit. a GDPR or on a contract in accordance with art. 6 par. 1 lit. b GDPR
(2) Processing takes place along with automatized procedures.
In exercising this right, you have further the right to obtain, that the relevant personal data will be transferred directly form one person in authority to another person in authority, as long as this is feasible. Liberties and rights of other persons are not allowed to be affected negatively.
The right of transfer of data holds not for processing personal data, which are required to exercise a task for the public interest or takes place in exercising public legislature, that was transferred to the person in authority.
Anytime, you have the right, for reasons that result from special situations, to withdraw the processing of personal data relating to you, that occurred in accordance with art. 6 par. 1 lit. e or f GDPR; this also applies for profiling based on these regulations.
The person in authority processes the relevant personal data no longer, unless he can prove reasons worth being protected, which outweigh your interest, rights and liberties, or the processing serves to raise of a claim, to exercise or to defend a claim.
If the relevant personal data are processed to operate direct marketing, you have the right at any time, to withdraw the processing of the personal data relating to you for marketing purposes; this also applies for profiling as long as it is connected with direct marketing.
If you withdraw the processing for purposes of direct marketing, the personal data relating to you will be processed no longer. You have the possibility, in context of the use of Services of information societies – regardless of guideline 2002/58/EG – to exercise your right to withdraw through automatized procedures, where technical specifications are used.
Anytime, you have the right to withdraw your declaration of consent to the data Security Policy. Through withdrawing the declaration of consent, the processing until the withdraw is not affected.
You have the right not to be exclusively subject to an automatized processing – including profiling – depending decision, that develops legal impact for you or heavily affects you negatively in a similar way. This does not apply if the decision
(1) is necessary for closing or fulfilling a contract between you and the person in authority,
(2) is legitimate on the ground of the legislation of the European union or the member states, the person in authority is subject to and the legislation contains appropriate measures to protect their rights and liberties as well as their justified interest or
(3) which take place with your explicit consent.
Nevertheless, these decisions are not permitted to depend on special categories in accordance with art. 9 par. 1 GDPR, as long as art. 9 par. 2 lit. a or g GDPR does not hold and appropriate measures to protect the rights and liberties as well as their justified interests took place.
Concerning to the cases mentioned in (1) and (3), the person in authority takes appropriate measures, to protect the rights and the liberties as well as their justified interests, wherefore at least the right to obtain the intervention of a person on behalf of the person in authority, to demonstrate the own stance and to refute the decision, belongs to.
Regardless of alternative redress procedure in terms of administrative or judicial law, you have the right to complaint at a regulating authority, especially in the member state of your location of residence, your job, or the location of the suspected violation, if you have the view, that the processing of the personal data relating to you violates the GDPR.
The regulating authority, where the complaint was filled, briefs the appellant about the stage and the results of the complaint including the possibility of a judicial redress procedure.