The best possible protection for your data
The protection of your personal data is very important to us. This is why we consider the development of effective protective measures to be an important task, because we want you to be able to trust us. Our data protection declaration explains how we handle your personal data and what we do in order to protect it.
The new regulations of the GDPR, effective from 25 May 2018, provide for a strengthening of your rights and are intended to give you more sovereignty over your personal data. For example, in the future, every EU citizen will have the right to find out what data about him/her is being saved and processed and in what manner. A further intention is for everyone to have the opportunity to object to the storage of his or her data and a right to have his or her data deleted if its storage is no longer necessary. Below, we will explain your rights of information and objection and whom you can contact if necessary.
Please find the following information:
Purposes of processing and legal basis:
As a provider of social health and welfare insurance, Barmer is responsible for keeping its policyholders in good health, nursing them back to health or improving their state of health (§1 of German Social Code Book V – Sozialgesetzbuch/SGB V), as well as providing assistance to persons requiring care who, due to the level of care needed, are dependent on social support (§1(4) of German Social Code Book XI – SGB XI).
The services and other expenses are financed by collecting contributions from employers and members (§3 of German Social Code Book V – SGB V – and §1(6) of German Social Code Book XI – SGB XI).
The processing purposes for health insurance arise from §284 of German Social Code Book V (SGB V), and for welfare insurance from §94 of German Social Code Book VI (SGB VI).
The following are examples of processing purposes:
- Determination of the insurance relationship
- Issuance of the health insurance card
- Implementation of matters relating to contributions
- Checking and granting of benefits
- Involvement of medical services
- Settling accounts with service providers
- Acquisition of members
In order to be able to fulfill our statutory duties and obligations, we process the data required in each case.
We also process your personal data where necessary to safeguard our legitimate interests or those of third parties (such as for guaranteeing IT security and the IT operations, for promoting our own products – provided you have not objected to the use of your data – or for business-control measures and the continued development of services and products).
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and based on provisions relevant to data protection of the German Social Code Books and all other applicable laws, such as the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). Where necessary, we obtain your consent first.
We also use automated processes in decision-making processes to the extent permissible. Furthermore, we use evaluation tools to advise and inform you about products in a targeted manner. These enable us to carry out communication and advertising as required, including market and opinion research.
Categories of recipients of personal data
Within Barmer, data access is granted to those offices that require your data to fulfill our contractual and statutory obligations.
Should your data be passed on to external service providers (such as for billing services, logistics, data destruction, IT services, printing services, telecommunications, advice, sales and marketing), we have ensured compliance with regulations relating to data protection by technical and organizational means.
With regard to the transfer of data to other recipients outside of Barmer, it should first be mentioned that, as a social service provider, we are obliged to maintain social confidentiality. We will only disclose information relating to you:
- if permitted or required by statutory provisions, or
- if you have granted us your consent to transfer data, or
- if you have released us from the confidentiality obligation as part of an agreement or your consent.
Data transfer to a third country or an international organization
Barmer does not generally transfer any personal body to locations in third countries (outside the EU or EEA) or to international organizations.
Duration of data storage
Should your personal data no longer be necessary for the purposes referred to above and also no longer need to be retained under statutory provisions, it will be erased on a regular basis.
Obligation to provide data and consequences of failure to do so
During the fulfillment of our tasks, your obligations to cooperate mean you must provide such personal data as is necessary for the individual case or as we are obliged to collect by law. Without this data, we would generally not be able to fulfill our tasks fully or finally, which can result in disadvantages for you, such as in the context of granting benefits.
Should the statutory requirements be met, you have the following rights:
- Right of information during the collection of data
- Right of information regarding your personal data
- Right to have your data corrected
- Right to have your data deleted
- Right to have the processing of your data restricted
- Right to data portability
- Right to object against processing
- For data processing based on consent, you always have the right to revoke that consent at any time with effect for the future.
In addition, you have the right to complain to the supervisory authority if you believe that your personal data is being processed in an unlawful manner.
Address of the competent supervisory authority for Barmer:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
[Federal Commissioner for Data Protection and Freedom of Information]
53117 Bonn, Germany
Data Protection Officer for Barmer
[Data Protection Officer]
Lichtscheider Straße 89
42285 Wuppertal, Germany
Please use our central postal addresses (german) for mailing letters to our Data Protection Officer.
Please also protect your health insurance data against criminal activity by storing your insurance card just a securely as you store your bank and credit cards. Do not disclose this information to third parties under any circumstances.
If your insurance card is lost or stolen, you must inform your health-insurance company immediately. You can contact Barmer 24 hours a day at +49 800 333 1010. In this way, you can help prevent unauthorized use.
If you subscribe to the Barmer newsletter, your email address, title, first name, surname, policy-holder number (if you are insured with us) and postcode will be stored on a secure Barmer server for event notifications and the newsletter topics you have selected. We use this data only to send the newsletter. We do not disclose your data to third parties, nor do we use it for other purposes.
In order to continually improve the newsletter service, we keep our own internal statistics, the contents of which are used in a preferential manner.
The registration system with an additional confirmation message containing a link to the final registration (double-opt-in procedure) ensures that you are explicitly requesting the newsletter.
At the end of every newsletter, you will find a link by means of which you can cancel your subscription to the newsletter at any time. You can also find an unsubscribe function in the newsletter window.
If you use the Barmer chat service, your name and policy number will be transferred to our advisor in encrypted form.
If you have made personal data available to us in the chat function, we will use it only to respond to your inquiries, to implement contracts concluded with you, and for technical administration.
If the personal data that arises is no longer necessary in order to fulfill tasks under the provisions of the German Social Code Book – such as for granting benefits or assessing contributions – it will be deleted at the end of the chat. The personal data will not be disclosed to third parties.
Barmer automatically collects and stores information transmitted to us by your browser in your server log files.
Your IP address is stored for a short period of time in connection with your access to our servers. This information is stored so that we can detect IT threats, such as spam, viruses, or attacks on our servers, or track them down later.
The requirements of the German Telemedia Act (Telemediengesetz, TMG) are fulfilled.
If you click on a Facebook, Twitter, Instagram, YouTube, Xing, LinkedIn, or Google+ button on barmer.de, your browser will establish a direct connection with the respective service provider. During this process, the respective service provider will be informed that the corresponding Internet site has been accessed from barmer.de or a specific service of barmer.de has been used.
We have no control over the scope of the data collected by service providers using share buttons.
A cookie is a small text file that is temporarily stored on our system by our web server each time you visit us.
When implementing web tracking, we use the technologies of econda GmbH, which holds the TÜV Verified Data Protection certificate of TÜV Saarland for the field of web controlling.
In principle, you can object to the recording and storage of data on our websites. In order to make the exclusion of econda web controlling as easy and convenient as possible for you, a cookie with the name econdaNoTrack from the domain econda-monitor.de will then be set in your browser. Simply follow this link: Object to data storage
Retargeting is a process by which visitors to an Internet site are marked so they can be addressed with targeted messages on other websites. With this method, measurement pixels are loaded on Internet sites, and these in turn are stored in cookies.
The Tealium cookies cease to be valid after 12 months.
You can object to the use of the Tealium cookies. To do this, specify in your browser settings that cookies from the domain tags.tiqcdn.com are to be blocked.
Method for opting out from the bid management product used
This website uses with web-analysis service with bid management of intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich, Germany. Anonymized usage data is collected, aggregated, and stored in order to match the website to requirements and to optimize it. Usage profiles are created from this data by means of the use of pseudonyms. There is a local storage of cookies when using intelliAd tracking. In accordance with §15 of the current version of the German Telemedia Act, as a website visitor, you have the right to object to the storage of data and the formation of profiles on the basis of your visitor data, even with effect for the future.
Use the intelliAd opt out function to do this: https://login.intelliad.com/optout.php
This is based on the legal provision set out in §13(1) of the German Telemedia Act.
All personal data entered by you is stored on a specially protected server. Access to this server is only granted to a small number of authorized Barmer employees and agents, who are entrusted with the technical and editorial maintenance of the Barmer websites.
Security is given top priority at Barmer. This we have had our web presence thoroughly tested by an independent body. Experts have confirmed to us that the Barmer system guarantees the highest-possible level of security.
Our data center, for example, is certified in accordance with ISO/IEC 27001, is subject to ongoing security checks, and is sealed off from the outside through various measures such as firewalls.