Data protection policy for the website www.ikk-suedwest.com
We appreciate your visit to our website www.ikk-suedwest.com and your interest in our health insurance company.
This data protection policy describes how our website and online services process the data you provide.
Responsible entity
The responsible entity as defined in Art. 4 No. 7 GDPR is the entity that solely or jointly with others decides on the purposes and means of processing personal data.
With regard to our website the responsible entity is:
IKK Südwest - KdÖR with self-management pursuant to Section 4 Para. 1 of the German Social Security Code (SGB) V
Europaallee 3 – 4, 66113 Saarbrücken, Germany
Email: info@ikk-suedwest.de
Tel.: +49 (0) 681 / 9 36 96-0
Fax: +49 (0) 681 / 9 36 96-9999
Contact information for the data protection officer
We have appointed a data protection officer pursuant to Art. 37 GDPR. You can reach our data protection officer using the following data.
Data protection officer (datenschutz@ikk-sw.de) Europaallee 3 – 4, 66113 Saarbrücken, Germany
Provision of website and creation of log files
Whenever our website is called up, our system automatically records data and information about the device (e.g. computer, mobile phone, tablet etc.) involved in the call-up.
• Which personal data do we collect and how is it used?
(1) Information on the browser type and version used;
(2) The operating system of the device used for the call up;
(3) Host name of the accessing computer;
(4) The IP address of the call up device;
(5) Date and time of the access;
(6) Websites and resources (images, files, other page content) that were called up in our website; (7) Websites from where the user's system reached our website (referrer tracking);
(8) Notification of whether the call-up was successful;
(9) Data volume transferred.
This data is stored in our system’s log files. This data is not stored alongside personal data of a specific user so individual page visitors are not identified.
After the deletion period has ended the data is anonymised so no conclusion can be made any more on the individual person. The anonymous data help us to observe and improve the stability and availability of our website over a longer period.
The temporary (automated) storage of data in the clear format is necessary for the website visit in order to enable the website to be provided. The website is also provided to ensure our disclosure duty as a service provider pursuant to the Social Security Code under Section 13 I SGB I, such that we can easily provide you with online information for our services.
The storage and processing of personal data also take place to maintain the compatibility of our website for as many visitors as possible, to combat abuse and resolve defects. This requires logging the technical data of the computer calling up the site in order to respond as quickly as possible to depiction errors, attacks on our IT systems and/or functional errors on our website. The data is used on the one hand to optimise the website and to generally ensure the security of our IT systems. This also protects the social data that we process which is a statutory obligation for us under Section 35 Para. 1 SGB I.
• What is the legal basis for the processing?
Art. 6 Para. 1 lit. e. GDPR in conjunction with Section 35 I SGB I (undertaking a task that is in the public interest or implementing public authority that was issued to the person responsible). This task is to undertake our public tasks as a service provider as defined by the German Social Code, in particular our disclosure duty pursuant to Section 13 SGB I. The website and the associated creation of server logs are used to depict the health insurance company externally and provide information to members on healthcare.
• For how long is my data stored?
The stated technical data is usually made anonymous after 7 days. Anonymisation takes place at the latest when the data is no longer required to ensure the compatibility of the website for all users. This is the case at the latest 3 months after the website has been called up.
• How can I object to the processing, delete or modify my data?
Pursuant to Art. 21 GDPR you can object to and pursuant to Art. 17 GDPR request the deletion of data at any time. You will find the rights to which you are entitled and how to assert them in the lower part of this data protection policy.
IKK Südwest info services
Our site offers you various information services which when used collect, process and store personal data. We describe what happens to this data below.
Medical service offers
Our site offers you various services relating to healthcare which when used collect, process and store personal data. We describe what happens to this data below.
Making contact with IKK Südwest
As part of our website we offer various options for making contact. The following section explains which data is collected, stored and processed there:
Online member applications
If you want to become a member of IKK Südwest you can make an appropriate application online at https://ikk-suedwest.com/online-becoming-a-member. Please note that the information from the membership application must be verified by us and membership only comes into force after we have explicitly confirmed this. If necessary we may contact you again later to process your membership application.
• Which personal data do we collect and how is it used?
The form collects a range of personal data that is compulsory. This includes data to uniquely identify you, such as your name, address, age, date of birth and nationality. All compulsory information is marked with a *.
In addition, an email address must be provided so that we can communicate with you quickly.
You can also provide voluntary information, such as who your current employer is. This is in particular required if you have to present the relevant membership certificate to your employer. You can also provide additional personal information such as your pension number or current insurance status including the current health insurance company. Stating whether you want insurance to cover your whole family is voluntary.
At the end of the form you can add free text in the “Note” field.
We will use the personal data you enter to process and check your membership application.
The voluntary information help us to determine information about your status to date such as pension or other health insurance company and to uniquely identify you. This is helpful to determine whether you can change insurance company or if there is still a waiting period.
• What is the legal basis for the processing?
The legal basis for processing is the fulfilment of our public tasks pursuant to Art. 6 Para. 1 lit. 3 GDPR in conjunction with Art. 6 Para. 3 S. 3 GDPR, Section 284 SGB V. The data is required to process your membership request and the associated request for insurance services.
The legal basis for processing the voluntary data is your consent to the collection, storage and processing. The legal basis for the voluntary information is therefore Art. 6 Para. 1 lit. a GDPR or Art. 6 Para. 1 lit. a GDPR in conjunction with Art. 9 Para. 2 lit. a GDPR if you enter personal data that is particularly worthy of protection under Art. 9 Para. 1 GDPR (e.g. health data) in the contact form.
• For how long is my data stored?
In general we will delete the collected data in particular social data under Section 284 SGB V if the storage is no longer required to fulfil the purpose and there is no reason to assume that the deletion of the data will adversely affect your interests that are worthy of protection. We will delete the data at the latest however after the end of the absolute deletion periods defined in Section 304 SGB V. The relevant deletion period starts at the end of the calendar year in which the membership application was approved. Longer processing only takes place in line with the statutory regulations (e.g. after anonymisation). In this case the data can be stored for an unlimited period of time (Section 304 Paragraph 1 Sentence 4 SGB V).
All data that is not social data is deleted after achieving its purpose if there are no statutory storage obligations.
• Need to state personal data
The use of the online member application is voluntary and not required by contract or law. You are not obligated to use the online form but rather can continue to use the declarations that can be called up at https://www.ikk-suedwest.de/mitglied-werden/mitglied-werden-so-einfach-gehts/download-mitgliedserklaerung/. If you want to use our online member form you must complete all of the fields that are marked compulsory. If you do not complete the information required on the online member form you either cannot send the request or we can unfortunately not process your request.
Contact form(s)
We offer you the opportunity to contact us via our contact form and provide further queries on the ongoing email communication. Please note that email communication usually takes place without end-to-end encryption. If the personal data requires protection (e.g. sickness notifications etc.) we recommend using alternative communication routes such as the post or making personal contact at our branches.
• Which personal data do we collect and how is it used?
Depending on whether or not you are insured by us, we collect various types of personal data. If you are not insured by us, we collect and process your name, postcode, email address and the message you have entered.
If you are insured by us in order to identify you personally in our list of insured people, we also request your date of birth and possibly your insurance number. But the insurance number is not essential to identify you.
We use the data to respond to your contact request.
We will use the personal data that you enter to respond to your contact request. Entering your first and last names enables us to address you personally and if necessary assign you in our system. Using the postcode we can find out who your local administrator is. We require the telephone number if we are to call you back.
The voluntary information helps us to uniquely identify you and to answer your query more quickly as we can find you in our system more easily.
• What is the legal basis for the processing?
The legal basis for processing your data is your consent to the collection, storage and processing. You can find out more information in the specific consent declaration without which we do not process your data. The legal basis is therefore Art. 6 Para. 1 lit. a GDPR or Art. 6 Para. 1 lit. a GDPR in conjunction with Art. 9 Para. 2 lit. a GDPR if you enter personal data that is particularly worthy of protection under Art. 9 Para. 1 GDPR (e.g. health data) in the contact form. For social data (e.g. your insurance number) that is not health data, the legal basis is the fulfilment of tasks under Art. 6 Para. 1 lit. e GDPR in conjunction with Art. 6 Para. 3 S. 3 GDPR, Section 284 SGB V.
• For how long is my data stored?
The deletion of the data depends on the specific enquiry you have made and whether or not you are insured by us.
In general we will delete the collected data in particular social data under Section 284 SGB V if the storage is no longer required to fulfil the purpose and there is no reason to assume that the deletion of the data will adversely affect your interests that are worthy of protection. We will delete the data at the latest however after the end of the absolute deletion periods defined in Section 304 SGB V.
The relevant deletion period starts at the end of the calendar year in which the service was granted or charged. Longer processing only takes place in line with the binding statutory regulations (e.g. after anonymisation). In this case the data can be stored for an unlimited period of time (Section 304 Paragraph 1 Sentence 4 SGB V). If data is collected that is required to implement structured treatment programmes (e.g. Section 137 f SGB V in conjunction with Section 5 Para. 2 DMP) the storage period for the health insurance company is 10 years.
All data that is not social data is deleted after achieving its purpose if there are no statutory storage obligations. If there is no storage obligation, it is deleted at the latest 6 months after the relevant conversation with you has ended or been completed. The conversation is over when it is understood from the circumstances that the relevant matter has been conclusively clarified.
• Need to state personal data
The use of the contact forms is voluntary and not required by contract or law. You are not obligated to make contact with us via the form but rather can also use the other contact options stated on our page. If you want to use our contact form you must complete all of the fields that are marked compulsory. If you do not complete the information required on the contact form you either cannot send the request or we can unfortunately not process your request.
Statistical evaluation of visits to this website - web tracker
We collect, process and save the following data when this website or individual files are accessed: IP address, website from which the file is accessed, name of the file, date and time of access, amount of data transferred and messages about the success of the access (so-called web log). This access data will be used exclusively in a non-personalised form for the ongoing improvement of our website and for statistical purposes. We also use the following web tracker to analyse visits to this website:
Civic UK
We use the service Civic UK by the company Civic UK, 12 South Charlotte Street, EH2 4AX Edinburgh, Scotland, United Kingdom, email: info@civicuk.com, Website: https://www.civicuk.com. The processing takes place in a third country outside the EU. The Commission has issued an appropriateness resolution for this third country. On the EU Commission website (link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de) you can find a current list of all appropriateness resolutions.
The legal basis is the fulfilment of legal obligations by IKK Südwest as defined by Art. 6 Para. 1 lit. c GDPR.
The service is a plug-in using which we can display a cookie banner on our site in order to obtain any necessary consents with regard to the cookies used.
You can find additional information on handling the data transferred in the data protection policy of the provider at: https://www.civicuk.com/privacy-statement.
• Google Ads
We use the Google Ads service from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, USA, email: support-de@google.com, Website: http://www.google.com/. The processing also takes place in a third country for which there is no appropriateness resolution from the Commission. Therefore with regard to the protection level common under GDPR, it cannot be ensured that access is not given to the collected and transmitted data in the third country, e.g. by authorities.
The legal basis for the transfer of personal data is your consent under Art. 6 Para. 1 lit.a GDPR or Art. 9 Para. 2 lit. a GDPR that you have provided on our website.
Google Ads is an advertising system that we use to provide adverts that reflect in particular the search results when using the company’s own services.
You can revoke your consent again at any time. You can find more information on revoking your consent either in the consent itself or at the end of this data protection policy.
You can find additional information on handling the data transferred in the data protection policy of the provider at: https://policies.google.com/privacy.
The provider also offers an opt-out option under https://policies.google.com/privacy.
• plyr.io
We use the plyr.io service by the company plyr.io.
The legal basis for the transfer of personal data is your consent under Art. 6 Para. 1 lit.a GDPR or Art. 9 Para. 2 lit. a GDPR that you have provided on our website.
This service is plug-in that we require to be able to show you all of the content of our website. The service may also be used for tracking and/or integrating advertising.
You can revoke your consent again at any time. You can find more information on revoking your consent either in the consent itself or at the end of this data protection policy.
• Google Analytics
• Scope of processing personal data
On our page we use the web tracking service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: Google Analytics). For web tracking Google Analytics uses cookies that are stored on your computer and enable the analysis of your use of our website and your surfing behaviour (so-called tracking). Based on the Google Analytics tracking service, we conduct this analysis in order to permanently optimise our website offering and increase its availability. When using our website data, such as in particular your IP Address and your user activities, is transferred to the server of Google Ireland Limited. Based on the Google tracking service, we conduct this analysis in order to permanently optimise our website offering and increase its availability. We also require web tracking for security reasons. Web tracking enable us to trace whether third parties are attacking our website. Using the web tracking information we can undertake effective countermeasures and protect the personal data we process from these cyber-attacks. By activating IP anonymisation with the Google Analytics tracking code on this website, your IP address is transferred by Google Analytics after having been made anonymous. This website uses a Google Analytics tracking code that was extended to include the operator gat._anonymizeIp(); to therefore only permit the anonymous recording of IP addresses (IP masking). The processing also takes place in a third country for which there is no appropriateness resolution from the Commission. Therefore with regard to the protection level common under GDPR, it cannot be ensured that access is not given to the collected and transmitted data in the third country, e.g. by authorities.
• Legal basis for processing personal data
The legal basis for data processing is pursuant to Art. 6 Para. 1 lit. a GDPR your consent in our note banner on the use of cookies and web tracking (consent through clear confirmation or behaviour).
• Purpose of data processing
On our behalf, Google uses this information to analyse your use of the website, create reports on the website activities and provide other services associated with the website and internet use by us. We also require web tracking for security reasons. Web tracking enable us to trace whether third parties are attacking our website. Using the web tracking information we can undertake effective countermeasures and protect the personal data we process from these cyber-attacks.
• Storage period
Google will store the provision of the data relevant for web tracking as required to fulfil the requested web service. Data collection and storage is anonymous. If there is still a personal connection, the data is deleted immediately if it is not subject to any statutory storage obligations. In all cases however, the deletion is after the end of the storage obligation.
• Objection and deletion options
You can prevent the recording and forwarding of the personal data to Google (in particular your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser or activating the “Do Not Track” setting in your browser. You can also prevent the recording of the data created by the Google cookie related to your use of the website (incl. your IP address) by Google and the processing of this data by Google by downloading and installing a browser plug-in available from the following link (http://tools.google.com/dlpage/gaoptout?hl=de). You can find the security and data protection principles of Google Analytics at https://policies.google.com/privacy?hl=de.
Integration of external web services and processing data outside the EU
On our website we use active content from external suppliers, so-called web services. When our internet site is accessed, these external providers may receive personal information regarding your visit to our website. It is possible that this data will be processed outside of the EU. You can prevent this by installing a corresponding browser plug-in or deactivate the execution of scripts in your browser. This may inhibit some of the functions on the internet sites which you visit.
We use the following external web services:
• Doubleclick
We use the Doubleclick service from the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, USA, email: support-de@google.com, Website: http://www.google.com/. The processing also takes place in a third country for which there is no appropriateness resolution from the Commission. Therefore with regard to the protection level common under GDPR, it cannot be ensured that access is not given to the collected and transmitted data in the third country, e.g. by authorities.
The legal basis for the transfer of personal data is your consent under Art. 6 Para. 1 lit.a GDPR or Art. 9 Para. 2 lit. a GDPR that you have provided on our website. DoubleClick is a service by Google that offers and provides digital advertising on the internet. It is used to display personal adverts to our site visitors.
You can revoke your consent again at any time. You can find more information on revoking your consent either in the consent itself or at the end of this data protection policy. You can find additional information on handling the data transferred in the data protection policy of the provider at: https://policies.google.com/privacy.
Information on using cookies
• Which personal data do we collect and how is it used?
We integrate and use cookies on various pages to enable certain functions for our website and integrate external web services. “Cookies” are small text files that your browser can store on your access device. These text files contain a characteristic chain of characters that uniquely identify the browser if you return to our website. The process of storing a cookie file is also called “setting a cookie”. Cookies can be set both by the website itself and also external web services.
The cookies are set by our website or the external web services in order to maintain the full functionality of our website, improve user-friendliness or track the purpose stated for your consent. The cookie technology also enables us to recognise individual visitors using pseudonyms, e.g. an individual or random ID, so that we can offer individual services. The details are described in the following table.
• What is the legal basis for the processing?
Art. 6 Para. 1 lit. e. GDPR in conjunction with Section 13 I SGB I (undertaking a task that is in the public interest or implementing public authority that was issued to the person responsible. This is to ensure the information obligations as a service provider under the German Social Code by operating our website) or Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR (consent). If cookies are processed based on consent, this consent is also consent as defined by Section 25 Para. 1 TTDSG (German Telecommunications and Telemedia Data Protection Act) and for setting cookies on the user’s device. If another legal basis under GDPR is stated, the storage and setting is made as an exception under Section 25 Para. 2 TTDSG. This occurs if the sole purpose of the cookie is to “store information from the user’s device or the sole purpose of the access is information already stored on the user’s device to implement the transfer of a message via a public telecommunication network” or “if the information is stored in the user’s device or the access to information already stored in the user’s device is absolutely essential for the supplier of a telemedia service to provide a telemedia service explicitly requested by the user”.
The relevant legal basis is shown in the cookie table below.
With the aid of cookie technology we can only identify, analyse and track individual website visitors if they consent to the use of the cookie under Art. 6 Para. 1 lit. a GDPR.
• For how long is my data stored in the cookies?
The cookies listed below are stored in your browser until they are deleted or, in the event of a cookie session until the session has ended. The details are listed in the following table:
Cookie name |
Server |
Supplier |
Purpose |
Legal basis |
Storage term |
Type |
|
PHPSESSID |
ikk-suedwest.com, .ikk-suedwest.com, .com, com |
Website operator |
Cookie that is required by applications that are based on the PHP language. The cookie is stored during the session. It is required to store certain website settings during the visit (session). |
Justified interests |
Session |
Configuration |
|
Analytics |
ikk-suedwest.com, .ikk-suedwest.com, .com, com |
Website operator |
Using this cookie the consent you have issued is stored with regard to analytics cookies. |
Legal obligation (Art. 6 Para 1 lit. c GDPR) |
3 months |
Cookie banner |
• Objection option, revocation of consent and deletion
You can set your browser as you wish such that it generally prevents cookies from being set. You can decide on accepting cookies on a case by case basis or accept all cookies. Cookies may be used for different purposes, e.g. to detect that your access device already had a connection to our website (permanent cookies) or to save the most recently viewed offers (session cookies). If you have explicitly given your consent to process your personal data, you can revoke this consent at any time. Please note that the legality of the processing undertaken based on consent until revocation is not affected by this.
Data security & protection, email communication
Your personal data is protected using technical and organisational measures so that the collection, storage and processing is not accessible to third parties. Where unencrypted communication is made via email, we cannot guarantee complete data security on the transmission route to our IT systems. We therefore recommend that all information with a high confidentiality requirement is sent by encrypted communication.
Automatic email archiving
• Scope of processing personal data
We explicitly inform you that our mail system has an automated archiving process. All incoming and outgoing emails are stored here digitally to ensure proper auditing.
• Legal basis for processing personal data
Art. 6 Para. 1 lit. c GDPR (legal obligation). The legal obligation is in complying with tax and commercial law regulations (e.g. Sections 146, 147 of the German Tax Code - AO; Sections 238, 257 of the German Commercial Code - HGB). As a health insurance company we also have the legal obligation with regard to storing and processing social data pursuant to Section 284 SGB V, Section 94 SGB XI.
• Purpose of data processing
The purpose of archiving is to comply with tax law (e.g. Sections 146, 147 AO - obligation to store emails relevant for tax law) and commercial law (e.g. Sections 238, 257 HGB - obligation to archive business correspondence). As a health insurance company there is also a legal obligation for us with regard to storing and processing social data pursuant to Section 284 SGB V, Section 94 SGB XI.
• Storage period
Our mail communication is stored until the end of the tax, commercial and social law storage obligations. The storage duration may be up to 15 years.
• Objection and deletion option
You can find more information on the revocation and deletion options in the “Your rights” point below in this data protection policy.
• Handling job application documents
If you have questions about our email archiving system, please contact our data protection officer. We also inform you that we only handle job application documents in the PDF file format. Zipped files (WinZip, WinRAR, 7Zip, etc.) are filtered out by our security systems and not delivered. Applications in Word and other formats are neither considered nor delivered. Please note that application documents transmitted by email without encryption may be opened by third parties before they arrive at our IT systems. We assume that we may answer application emails received without encryption in the same manner. If you do not wish this, please state this in your application email.
Your rights for personal data that is not social data
• Right to information
You have the right to request confirmation from us on whether we process your personal data. If this is the case, you have the right to receive notification of the information stated in Section 15 Para. 1 GDPR if this does not affect the rights and freedoms of other people (see Art. 15 Para. 4 GDPR). We are happy to provide you with a copy of the data.
• Right to correction
Under Art. 16 GDPR you have the right to correct any incorrectly stored personal data (such as address or name) at any time. You can also request that the data we have stored is supplemented. Any modification takes place without delay.
• Right to deletion
Under Art. 17 Para. 1 GDPR you have the right to delete the personal data we have collected if
Either the data is no longer needed;
The legal basis for processing has lapsed without replacement as a result of you revoking your consent;
You have objected to the processing and there are no justified reasons for the processing;
Your data was processed illegally;
A legal obligation requires this or collection has taken place under Art. 8 Para. 1 GDPR.
The right under Art. 17 Para. 3 GDPR does not exist if
the processing is required to exercise the right of one’s freedom to express an opinion and to provide information;
Your data was collected based on a legal obligation;
The processing is required for reasons in the public interest;
The data is required to assert, execute or defend legal claims.
• Right to restriction on processing
You have the right to request a restriction on the processing of your personal data under Art. 18 Para. 1 GDPR.
This is the case if
You dispute the correctness of the personal data;
The processing is illegal and you do not agree to deletion;
The data is no longer required for the processing purpose but the collected data is used to assert, execute or defend legal claims;
An objection has been raised against the processing under Art. 21 Para. 1 GDPR and it is not clear which interests have priority.
• Revocation right
If you have given your explicit consent to processing your personal data (Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR) you can revoke this at any time. Please note that the legality of the processing based on consent is not affected by this until revocation of the processing.
• How do you assert your rights?
You can assert your rights at any time by contacting us using the data shown below:
IKK Südwest - KdÖR with self-management pursuant to Section 4 Para. 1 of the German Social Security Code (SGB) V
Europaallee 3 – 4, 66113 Saarbrücken, Germany
Email: info@ikk-sw.de
Tel.: 06 81/38 76-1000
Your rights for social data
• Information right for social data under Section 83 SGB X
• Exclusion of information right
The right to information on the data subject under Article 15 GDPR does not apply to social data if:
The data subject dos not have to be informed under Section 82a Paragraph 1, 4 and 5 SGB X or
The social data is only stored because it cannot be deleted due to statutory storage obligations or those in the articles of association, or is exclusively used for the purposes of data backup or data protection control and in each case the issue of information would require a disproportional effort and processing for other purposes using suitable technical and organisational measures is excluded.
• Request for information under Article 15 GDPR in conjunction with Section 83 SGB X
We request that you state the type of social data on which information is to be issued in more detail in the request for information under Article 15 GDPR. This is envisaged in Section 83 SGB X.
• Issuing information
If the social data is not automated or stored in non-automated file systems, the information is only issued if you provide details that enable the data to be located and the effort required to issue the information is not disproportional to the information interest that you assert. If Article 15 and 12 Paragraph 3 GDPR do not contain provisions, we determine the process, in particular the form in which the information is provided, at our reasonable discretion. Section 25 Para. 2 SGB X applies accordingly.
• Refusing to provide information
We have documented the reasons for refusing information. The refusal to provide information does not require justification if the notification of the actual and legal reasons on which the information is based would put at risk the purpose of the refusal to provide the information. In this case we will make reference to you being able to contact the relevant authority that controls data protection.
If no information is issued to you, the responsible organisation for controlling data protection can check at your request whether the refusal to provide information is legal.
If the information provision refers to the transfer of social data by public authorities to prosecutors and courts as part of a criminal investigation, police, constitutional protection authorities, Federal Intelligence Service and military counter-intelligence, it is only permitted with the agreement of these organisations.
• Right to correct, delete, restrict the processing and objection for social data under Section 84 SGB X
• Deletion of social data
If it is not possible to delete social data in the event of automated data processing due to the special type of storage or only with disproportionate effort and your interest in the deletion is viewed as low, you do not have the right to or our obligation to delete the social data under Article 17 GDPR and also the exceptions stated in Article 17 Paragraph 3 GDPR.
• Restriction of social data
If a deletion is not possible due to the regulations stated above, in place of the deletion there will be a restriction to the processing under Article 18 GDPR.
If social data was illegally processed the right to deletion remains in place.
• Right to correct social data
• If you dispute the correctness of the social data and it cannot be determined if the data is correct or incorrect, in addition to Section 18 Paragraph 1 lit. a GDPR, there is no restriction on processing if this concerns the fulfilment of social tasks; the unclear situation must be recorded appropriately.
• We will only process the disputed data with a reference to the correction of the social data.
• In addition to Article 18 Para. 1 lit. b and c GDPR, the provisions stated above on deleting and restricting the social data apply accordingly in the event of a case covered by Article 17 Para. 1 lit. a and d GDPR if and for as long as we have a reason to accept that deletion would adversely affect your interests worthy of protection. In this case we will inform you about restricting the processing if the notification proves to be possible or would not require disproportionate effort.
• Duration of storage of social data
If social data processed for the purposes for which it was collected or by other means is no longer required, in addition to Art. 17 Para. 3 lit. b GDPR the provision stated above applies on deleting and restricting social data accordingly if deletion is contrary to storage periods stated in the articles of association or contract.
• Right to object to the processing of social data
The right to object under Art. 21 Para. 1 GDPR does not apply to a public authority if there is a binding public interest in the processing that exceeds your interests or a legal regulation obliges the processing of the social data.
• How do you assert your rights?
You can assert your rights at any time by contacting us using the data shown below:
IKK Südwest - KdÖR with self-management pursuant to Section 4 Para. 1 of the German Social Security Code (SGB) V
Europaallee 3 – 4, 66113 Saarbrücken, Germany
Email: info@ikk-sw.de
Tel.: 06 81/38 76-1000
Transfer of social data to fulfil special statutory obligations and notification rights under Section 71 SGB X
The transfer of social data is also permissible to ensure special statutory obligations. Section 71 SGB X shows which social data can be transferred from which statutory obligations and notification rights.
Complaint right for the processing of social data
Federal Office for Social Security (BAS)
Friedrich-Ebert-Allee 38
53113 Bonn
Tel: 0228 / 619-0
Fax: 0228 / 619-1870
Internet: www.bundesamtsozialesicherung.de
Email: poststelle@bmg.bund.de
Right to data transfer
Under Art. 20 GDPR you have a right to transfer your personal data. We will provide the data in structured, common and machine-readable format. We can send the data either to yourself or a responsible party that you have stated to us.
On request we will provide the following data to you under Art. 20 Para. 1 GDPR:
Data that was collected due to explicit consent under Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR;
Data that we have received as part of contracts that exist with you under Art. 6 Para. 1 lit. b GDPR;
For data that we have processed as part of an automated process.
We will undertake the transfer of personal data directly to a responsible party that you have requested if this is technically feasible. Please note that cannot transfer data that affects the rights and freedoms of other people under Art. 20 Para. 4 GDPR.
Right to complain to a supervisory authority under Art. 77 Para. 1 GDPR or Section 81 SGB X
If you suspect that we have processed your data illegally on our website, you can of course at any time arrange clarification of the issue in the courts. You are also entitled to use any other legal remedy. Notwithstanding, you have the option under Art. 77 Para. 1 GDPR to contact a supervisory authority. Of course this option also exists for social data (Section 81 SGB X). The complaint right under Art. 77 GDPR is available to you in the EU member state of your place of residence, work and/or the place of apparent infringement, i.e. you can select the supervisory authority to contact at the places stated above. The supervisory authority to whom a complaint was submitted will inform you about the status and results of your entry, including the option of court-based legal assistance under Art. 78 GDPR.
Developed by:
© DURY LEGAL Rechtsanwälte – www.dury.de