Best possible protection for your data

Barmer's website provides information on benefits, contributions and health topics. Insured persons can access the personal member area Meine Barmer via the website.

What is the legal basis for the processing?

Insofar as personal data is collected on this website, this is done either on the basis of your express consent, Art. 6 (1) p. 1 lit. a GDPR, to fulfill legal obligations which BARMER is subject to, Art. 6 (1) p. 1 lit. c GDPR, to perform tasks in the public interest or in the exercise of official authority vested in BARMER, Art. 6 (1) p. 1 lit. e GDPR, or to safeguard the legitimate interests of BARMER, Art. 6 (1) p. 1 lit. f GDPR.

Retrieval and informative use of our website

Every time our website is retrieved and used for informative purposes, the browser used on your end device automatically sends data and information to the server of our website. The following data is collected:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Contents of the request (specific page)
• Access status/HTTP status code
• Data volume transferred
• http-Referrer
• User agent (operating system, browser,...)
• Browser software language and version
• Action type or the type of call
• Other similar data and information that serve to avert danger in the event of attacks on our information technology (IT) systems

This data is also temporarily stored in so-called log files in our system. This data is not stored together with your personal data. The temporary storage of the IP--Internet Protocol address by the system is necessary to provide you with the website. The IP--Internet Protocol address must remain stored for the duration of the use of the website to serve this purpose.

The storage of the aforementioned data in log files

The storage of the aforementioned data in log files takes place for the following purposes:

• Provision of the website visit
• Analysis and elimination of possible technical problems
• Evaluation of system security and stability

The legal basis for the data processing is Art. 6 (1) p. 1 lit. b) GDPR, insofar as the data processing is necessary for the provision of the website. The legal basis is Art. 6 (1) p. 1 lit. f) GDPR insofar as data processing is necessary for the evaluation of system security and stability. The legitimate interest for data processing follows from the purpose of system security and stability listed above. Under no circumstances are the data collected used for the purpose of drawing conclusions about you personally.

The data collected to provide the website is deleted when the session on the website ends. The log files are deleted after 30 days at the latest.

The processing of the data described above and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

Use of cookies

We use cookies on our website. A cookie is a small file that your browser automatically creates and stores on your terminal device when you visit our website. Almost every website uses cookie technology. This technology is downloaded by your internet browser during your first visit to a website. The next time you visit this website with the same terminal device, the cookie and the information stored in it is either be sent back to the website that generated it (first-party cookie) or sent to another website to which it belongs (third-party cookie). As a result, the website recognises that it has been retrieved with this browser before and, in some cases, varies the content displayed.

Some cookies are extremely useful, as they can improve the user experience when you return to a website that you have already visited several times. Provided you use the same terminal device and the same browser as before, cookies remember, for example, your preferences for how you use a page and adapt the offers displayed more relevantly, to your personal interests and needs. Depending on their function and purpose, cookies can be divided into technically necessary cookies, analytical cookies and marketing cookies.

Technically necessary cookies are necessary for you to navigate through the pages and use essential functions. They enable basic functions, such as access to secured areas of the website.

Analytical cookies help us to better understand user behaviour. Analysis cookies enable the collection of usage behaviour in so-called pseudonymous usage profiles. It is not possible to draw any direct conclusions about a person. We thereby learn, for example, the number of views of a single web article or the duration of a visit to the www.barmer.de. This data helps us to expand and improve the content in accordance with user interests.

Marketing cookies are used to show you relevant promotional content. Marketing cookies are used to display interesting advertising content (so-called remarketing cookies) and to measure the effectiveness of our campaigns (so-called conversion cookies). Remarketing may involve the display of advertisements on advertising partner sites. It is used to create a pseudonymous interest profile and to place relevant advertising on other websites. It is not possible to draw any direct conclusions about a person. Marketing and remarketing cookies help us display the most relevant advertising content for you. Suppressing marketing cookies allows you to continue to see BARMER advertising, but it may be less relevant to you.

The cookie banner allows you to agree to the use of analytics cookies and marketing cookies, or to adjust your cookie settings.

Overview of all cookies:

Overview of plugins:

Analysis and tracking tools

We also use cookies on our website that enable a pseudonymised analysis of surfing behaviour (without being able to draw conclusions about the visitor). The insights gained in this way help us to improve BARMER's Web offering and conduct market analyses. See also our overview of all cookies. 

Web tracking

Barmer regularly analyses user behaviour in order to optimise the internet pages. We use the method of so-called web tracking to evaluate, for example, how often our websites are visited and which content is particularly valuable for the user. Anonymised data is collected and stored, and usage profiles are created from this data using pseudonyms for this purpose. Technically, we use cookies that allow the recognition of an internet browser.

We implement web tracking using the technologies of econda GmbH, which holds the TÜV certificate "Geprüfter Datenschutz" from TÜV Saarland for the area of web controlling.

You are entitled to object to the collection and storage of data on our websites as a matter of principle. A cookie named econdaNoTrack from the domain econda-monitor.de is then set in your browser to make this exclusion from econda Web-Controlling as simple and convenient as possible for you. Just follow this link: Objection to data storage

Tag management

The tag management system Tealium iQ is used to load pixels from the providers named in the privacy statements on BARMER's websites. Tealium collects some non-personal data for this purpose by using a cookie. This cookie loses its validity after 12 months. The following information is stored in the Tealium cookie:

• ID for the visitor
• ID for the session

This data is not however transmitted to Tealium and is therefore not stored in Tealium. You can object to the use of the Tealium cookie. To do this, please ensure that cookies from the domain "tags.tiqcdn.com" are blocked in your browser preferences.

Adtelligence Platform

On our website, we use the software "Adtelligence Platform", from ADTELLIGENCE GmbH, to personalise our online business through group-specific targeting. Selected data on website visitors is collected and assigned to specific target groups with the help of cookies and pixel counters for this purpose. The target group-specific characteristics are logged by "Adtelligence Platform", transmitted anonymously to the system and stored on servers in Germany. On this basis, websites or content from websites that are displayed to you are controlled in order to present you with optimised and relevant website content. This information is not transmitted by us to any third party. The data processing is conducted on the basis of the legal provisions of Art. 6 para.1 lit f (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our concern in terms of the GDPR (legitimate interest) is the optimisation of our online offer and our web presence.

If you do not wish cookies to be stored on your computer, you can prevent their installation by setting your browser software accordingly or delete cookies that have already been stored. In this case, however, it is possible that not all of the website's functions are available for you to use.

Google Ads | Conversion

This website uses Google Ads, an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

We use so-called conversion tracking within the framework of Google Ads to measure and evaluate how well and effectively our ad placements are working. When users click on a Barmer ad placed as part of Google Ads, a cookie for conversion tracking is set and stored by the browser on the user's computer. The cookie loses its validity after 30 days and is not used to personally identify users. Various analytical values are usually stored for this cookie: the ID of the cookie, the number of times the ad was played, the last ad seen before the user clicked to the website, and a marker if the user no longer wishes to be addressed.

Google can recognise your internet browser by means of cookies that have been set. If a user requests certain pages from www.barmer.de and the cookie stored on his or her computer has not yet expired, Google and Barmer can recognise that the user has clicked on the ad and been redirected to this page. User behaviour on the websites of other providers is not tracked in conversion tracking. We ourselves do not collect and process any personal data during advertising measures via Google Ads. We only receive statistical evaluations from Google, which we can use to determine which advertising measures are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

You can find more information about Google Ads and Google Conversion Tracking in the Google's privacy policy.

If you do not wish to participate in conversion tracking, you can refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies or set your browser so that cookies from the domain "googleleadservices.com“ are blocked.

Google Ads | Remarketing

We use the remarketing function within the Google Ads service. This allows us to remember which of our pages and articles you have visited.

Google uses cookies, which are stored in your browser and which allow an analysis of the visit data of the website. This data is used by us and Google to provide you with better offers and targeted and better service. Google uses this information to evaluate your use of the website, compile reports on website activity and provide other services relating to website activity and internet usage. We do not collect any personal information with our cookies and remarketing lists. Further information on Google Remarketing and Google's privacy policy is available here.

If you do not wish to use the Google remarketing function, you can deactivate it:

1. by an appropriate setting of your browser;
2. by installing the plug-in provided by Google Plugin to disable personalized advertising;
3. by Deactivation of interest-based advertisments the providers that are part of the self-regulatory campaign "About Ads", this setting being deleted when you delete your cookies.

More information on data protection at Google is available from the Google Privacy Policy. Alternatively, you can visit the Network Advertising Initiative (NAI) website.

Bing Ads Universal Event Tracking (UET)

On our website, data is collected and stored using technologies from Bing Ads, from which usage profiles are created using pseudonyms. This is a service of Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA. This service makes it possible to track the activity of users on our website when they have arrived on our website via ads from Bing Ads. If you access our website via such an advertisement, a cookie is set on your computer. A Bing UET tag is integrated on our website. This is a piece of code that, in conjunction with the cookie, is used to store some non-personal information about how the website is used. Information about your identity is not collected. The information collected is transferred to Microsoft's server in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data, by deactivating the setting of cookies. In addition, Microsoft may be able to track your usage patterns across multiple of your electronic devices through so-called cross-device tracking and is thus able to display personalised advertisements on Microsoft websites and in Microsoft apps. You can disable this tracking here.

You can find more information about Bing's analytics services on the Bing Ads website.

For more information about privacy at Microsoft and Bing, please see the Microsoft Privacy Policy.

Reference to social media channels

Use of so-called plugins

As a rule, plug-ins are dependent software modules that enable the integration of additional functionalities. The so-called like and share buttons of social media providers and advertising networks are also examples of this.

Barmer maintains various online presences within social networks in order to communicate with users active there or to offer information. In addition, Barmer can be contacted via these online presences and is thus available for all social security-related questions.

Information for visitors to our social media channels

• Do not post data and information on social media that you do not want to make public. Think about what data you want to put there and with whom you want to share it. Review the privacy preferences on your social media profiles. Your data may be automatically visible to all users.
• Any questions you ask us on the social media channels may only be answered by us in compliance with data protection laws. We are therefore allowed to provide general information about health, our services and insurance law. We are not however allowed to address specific cases of those insured or the cases of others. As a statutory health insurance company, we must treat insured data confidentially. This excludes communication about personal matters on public channels.
• Barmer does not store any personal data of individual visitors to the social media sites in its systems. The commentary, contributions and hints are only for the improvement of consultation and service.
• If data is collected from participants as part of sweepstakes, users receive further information in the respective conditions of participation.
• Observe the generally applicable principles for the use of social media portals and take into account copyright law and the netiquette of Barmer's social media channels. Discrimination, bullying and insults are not tolerated by Barmer on the internet, as in real life. Barmer reserves the right to delete any content that violates these principles of netiquette.

Share buttons

If you visit www.barmer.de on a Facebook, Twitter, Instagram, YouTube, Xing or LinkedIn button, your browser establishes a direct connection with the respective service provider. In doing so, the information is transmitted to the respective service provider that the corresponding internet page of www.barmer.de or that a certain service of www.barmer.de was used. We have no influence on the scope of the data that the service providers collect with the help of the share buttons.

Facebook and Instagram

Barmer uses the technical platform and services of Facebook Ireland for the information service offered here. Visitors to our page on Facebook or Instagram are statistically evaluated (tracking). The “Insights” feature allows us, as the page operator, to view this statistical data. The statistics on the page, to which Barmer has access as the page operator, are used to evaluate reach and interaction as well as posts and do not allow any conclusions to be drawn about individuals or profiles. The joint responsibilities are as follows: Data subject rights can be asserted with Facebook Ireland as well as with us. The primary responsibility under the GDPR for the processing of Insights Data lies with Facebook and Facebook complies with all obligations under the GDPRwith respect to the processing. Facebook Ireland provides the essence of the Page Insights supplement to data subjects. We do not make any decisions regarding the processing of Insights data and any other information resulting from Art. 13 GDPR, including legal basis, identity of the controller, and storage period of cookies on user terminals. Click here for the latest Page-Insights supplement regarding the responsible person with Facebook.

YouTube

Our website uses plugins for the website YouTube. The operator of the YouTube pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. We use YouTube in privacy-enhanced mode. This mode, according to YouTube, results in YouTube not storing any information about the visitors on this website before they watch the video. Privacy-enhanced mode, however, does not necessary exclude data being shared with YouTube partners. For example, YouTube – irrespective of whether you play a video – connects to the Google DoubleClick network. A connection to YouTube's servers is established as soon as you start a YouTube video on our website. The YouTube server is thereby notified about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to link your browsing behaviour directly with your account. You prevent this by signing out of your YouTube account. YouTube may, in addition, store various cookies on your end device after starting a video. These cookies enable YouTube to obtain information about visitors to our website. This information is used to e.g. collect statistics, improve user-friendliness and prevent fraud attempts. These cookies remain on your device until deleted by you. After starting a YouTube video, other data processing operations beyond our control may be triggered. YouTube is used in the interest of making our online service appealing. This constitutes a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR.

More information about YouTube's privacy policy is available from their privacy statements at https://www.youtube.com/t/privacy_at_youtube.

General information

There are several points where you have the option of subscribing to one or more email newsletters. By doing so, you give us permission to use your email address for promotional purposes. The sender of the emails is always BARMER. The content of the emails is information, offers and benefits from Barmer.

Newsletter registration

A valid email address is required for an effective registration. The "double opt-in " procedure is used to verify that the registration is actually undertaken by the owner of the email address. We record the order for the newsletter, the sending of a confirmation email and the receipt of the response requested for this purpose. We log the exact time and the IP address of your end device for the record of the respective process.

Themed newsletter and personalised newsletter

If you select a newsletter, we do not tailor the content to your interests. Accordingly, we do not require any data from you for profiling purposes, but limit ourselves to that data for the immediate provision of the newsletter. Typically, this is your email address and, if applicable, other individual information such as name or the date of delivery in the case of the pregnancy newsletter due to technical processes.

In addition, the content of the newsletter is personalised so that the content corresponds to your personal interests. See the chapter on Personalisation through Prospect Profiles for details on this profiling.

Subscribers may additionally be informed by email about circumstances relevant to the service or registration (for example, changes to the newsletter offer or technical circumstances).

Storage period and deletion periods

Your data is stored when you register for the newsletter until revoked. Successful registration takes place when you click on the confirmation link in the email addressed to you.

If you do not confirm the newsletter registration link in your email, we store your data for up to 6 months. After that, the link becomes invalid and registration via the link is no longer possible. A new registration is of course possible via a new registration.
As soon as you unsubscribe from our newsletter, for example by using the unsubscribe link included in each mailing, a complete unsubscribe from the respective (topic-related) newsletter takes place within 24 hours. Your data is transferred to the unsubscribe list, where it is stored for up to 6 months for static purposes and then automatically deleted.

Revocation topic specific newsletter

You can revoke your consent to the storage of your personal data and its use for the newsletter dispatch at any time. There is an unsubscribe link at the end of each newsletter. The revocation of your consent does not affect the lawfulness of the processing conducted on the basis of the consent until the revocation. Technical and organisational processing times mean that in exceptional cases you may receive the respective newsletter a second time after you have unsubscribed.

Legal basis

The legal basis for the data processing described in this section is Article 6 (1) (a) GDPR (consent of the data subject).

Personalisation and prospect profiles

If you mainly want to receive content that is relevant to you, then give consent to profile building using a prospect profile. Please note that profiling only takes place with your consent and that consent to profiling given once applies to all Barmer newsletter offers already or subsequently subscribed to for the future until revoked. You can revoke your consent at any time by unsubscribing from the newsletter offer.

Providers used

As part of personalised marketing campaigns, we use the campaign management of a service provider based in Germany. Data processing takes place exclusively in Germany.

Prospect party profile

We need to understand your interests as best we can in order to show you content that is relevant to you. We therefore create a prospect profile of you for the personalised information.

In this prospect profile, we store identifying characteristics such as salutation, first and last name or email address, date of birth together with your contract and usage data. The contract data only includes the status of your membership, i.e. whether you are a Barmer member. The usage data includes in particular your reaction to our advertising measures (for example, the newsletters sent to you and opened, clicks on links within a newsletter). This enables us to personalise our services for you. For example, in the newsletter you receive information about services that are relevant to you, or special offers that suit you - whichever applies to you.

Data sources

We combine data from various Barmer sources in prospect profiles as part of our mailing campaigns to get the best possible picture of your interests. These sources are determined by the consent form you voluntarily provide and may include the following data:

Email Service Provider:

Your registration information such as double opt-ins granted or your information in the registration form or click within a newsletter. The clicks within the newsletter are measured by the email service provider. Specifically, this includes data such as openings of a mailing, clicks on text and image links, and, if applicable, downloads within an email. This information is linked to a unique identifier of the recipient. This identifier can then be used, for example, to create target groups for recipients who have clicked on a particular link. 
If there is no consent for profiling, the click behaviour is only measured anonymously.

Barmer inventory data:

We can check whether you are already insured with us so that we are able to provide the best possible content for those interested in Barmer and for those insured with Barmer. This allows us to inform prospective parties interested in our mailings about the benefits of membership with Barmer.

(Offline) Entry cards, e.g. for sweepstakes:

In addition, it is possible that, for example, after participating via offline sweepstakes (for example, via a card), you give us consent to use the data in marketing mailing campaigns. This information is then available for use in email marketing campaigns.

Data or usage data in the case of personalisation

• Start and end time of a usage
• Newsletter opening
• Click on the content of a newsletter
• Title
• First name
• Last name
• Postal code
• Address
• Language
• Country
• Application source
• Email address
• Consent, for example to receive a newsletter
• Date of Birth
• Insured status
• Interests
• Delivery date
• Gender
• Information about children
• Graduation class
• Telephone number
• Information on the use of other Barmer services, such as: App, digital surveys, online seminars, competitions
• Other information within a registration form

Profiling storage period and deletion periods

Barmer uses your data to provide you with personalised information and offers tailored to your needs. This consent to profiling is revocable at any time. Your profiling consent no longer applies if you have actively unsubscribed from all subscribed newsletters via the respective unsubscribe link. When you unsubscribe completely from the newsletter service, your profile data is still stored for statistical purposes and automatically deleted within 6 months.

Impact of unsubscribing from the newsletter and profiling

You can unsubscribe from a newsletter at any time. Click on the unsubscribe link at the end of each newsletter to do so. Other subscribed newsletters are not affected and continues to be sent to you.
Your profiling consent no longer applies if you have actively unsubscribed from all subscribed newsletters via the respective unsubscribe link.

Legal basis

The legal basis for the data processing described in this section is Article 6 (1) (a) GDPR (consent of the data subject).

Barmer is responsible as the organiser for the competitions that are made available and offered in a wide range of media.
Contact details for the data controller, the data protection officer and our supervisory authorities, is available in the relevant section further down in this privacy policy.

In the context of participation in sweepstakes, Barmer processes personal data as organiser and stores it within the statutory retention periods, insofar as this is necessary for the establishment of the legal relationship with the participant as well as for the subsequent implementation and processing of the sweepstakes (Article 6 (1) lit. b GDPR). Further declarations of consent for advertising purposes are made on the basis of Art. 6 (1) p. lit. a GDPR.

Technically, the collection and processing of personal data is conducted using the double opt-in procedure. When sending the emails and handling the double opt-in process, we use Inxmail, an email service provider based in Freiburg, Germany. Data processing is conducted exclusively in Germany and is limited to online competitions only.

In particular, this involves the following personal data:

Depending on the competition, the postal address and/or the email address of the participant for the purpose of prize notification and/or delivery or provision of the prize, as well as the participant's telephone number in order to be able to ensure as far as possible that the prise is notified in the event of accidentally incorrect data entries, as well as the date of birth for the purpose of age verification.
Please refer to the respective conditions of participation for detailed information on individual competitions, the relevant legal basis and the purposes of data processing.

The data may, depending on the competition, be transferred to service providers such as specialist retailers, tour operators or other third parties who provide services on behalf of Barmer (commissioned processing, Art. 28 GDPR).

Information on data subject rights is available in the corresponding section further down in this privacy policy.

Chat in the public area of the website

See the chapter on insured persons communication.

Login code processes (no BARMER user account necessary)

Insured persons have the option of submitting selected feedback to Barmer through www.barmer.de using a login code provided by Barmer or submitting applications using the login code provided as well.

Further personal data is used for the use of the respective services. The personal data that is transmitted to Barmer in the process is derived from the respective input mask. Likewise, the respective privacy statements are stored at the corresponding service.

All additional data created in the other services are only used for the respective purpose and not passed on to third parties.

Report barrier

The feedback mechanism is critical to the continuous improvement of accessibility. The feedback mechanism provides us, as the operator of the website and/or mobile application, with indispensable information to further reduce barriers. In addition, we receive information about how often problems are raised by users. Pursuant to § 12b (2) no. 2 in conjunction with § 1 (2) sentence 1 of the Federal Disability Equality Act (BGG), we are obliged as a direct public corporation to provide users of our website and/or mobile application with the opportunity to contact us electronically, for example to report existing barriers. Barmer is obliged to respond to the feedback within one month. We process the data required to perform the task for this purpose. The personal data that is transmitted to Barmer in this process results from the form of the feedback mechanism. We receive the data for the pursuit of the aforementioned purposes. Transmission to third parties does not take place. The data is stored for the duration of the task performance in accordance with the legally prescribed retention periods and then deleted. There is no obligation to enter contact data in the feedback form. If you do not provide your contact information, we are not able to respond to your feedback or tell you what action, if any, we have taken as a result of your report.

The Barmer apps and skills ensure that you always have your health insurance with you. An overview of Barmer's other digital offerings is available here: The Barmer apps and skills

Please refer to the information on data protection of the respective app for information on the processing of your personal data when using the other digital offers.

You have the possibility to use the personal member area Meine Barmer. This is available via the Barmer-App (privacy statements for the Barmer-App). This requires registration and the creation of a Barmer user account (privacy statements for the Barmer user account).

Personal data is collected and processed as part of the creation of a Barmer user account. More information is available about this in the privacy statements for the Barmer user account.

Through Meine Barmer, we offer services, applications and content exclusively for Barmer policyholders. In addition, it is possible to communicate with each other, so that messages and mail in particular are addressed to Barmer electronically.

Consent to the processing of this data is obtained from the user as part of the registration and creation of a Barmer user account. Additional legal basis for the processing of the data Art. 6 (1) p. 1 lit. b) GDPR. The purpose of the processing is to provide the services and content in Meine Barmer.

The data is erased when it is no longer necessary for the purposes for which it is collected. This is the case for the data processed during the use of Meine Barmer as soon as the data is no longer required for the performance of the contract and the deletion no longer conflicts with any legal obligations to retain the data.

This principle also applies to the deletion of the Barmer user account (privacy statements for the Barmer user account).

If you use the personal member area Meine Barmer, the data is processed for the following purposes:

• Identification or determination of your membership with us or family insurance with a relative who is a member of Barmer
• Offer services and content exclusively for Barmer policyholders in the personal member area Meine Barmer

The legal basis for this processing of this data based on your consent is Art. 6 (1) p. 1 lit. a) GDPR. If the registration serves the fulfillment of a contract to which you as a user are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) p. 1 lit. b) GDPR.

The Barmer user account is used to register (login) to the personal member area (privacy statements for the Barmer user account). Information on data collection and processing within the framework of the Barmer user account is available in the chapter on privacy statements for the Barmer user account.

Scope of services in Meine Barmer

In the Meine Barmer area, you have the option of using services such as submitting benefit applications. Likewise, there is the option of initiating the change of personal data or managing them.

Individual services require additional information and data from the user. These are queried when the respective extended service is called, if necessary. This data is required by Barmer exclusively for the provision of the respective service.

Further personal data is used and processed for the use of the respective services. The personal data that is transmitted to Barmer in the process is derived from the respective input mask of the corresponding service. Likewise, if necessary, further privacy statements are stored at the respective service.

All additional data created in the other services are only used for the respective purpose and not passed on to third parties.

In the case of inquiries by the user, it may be necessary for Barmer employees to access the data of the user of the respective service in order to answer the inquiries, provided that this is permitted under data protection law. All employees involved in the support of the services are subject to the duty of confidentiality and are obliged to comply with social data protection.

Individual services can be deactivated or logged off. If you deactivate or unsubscribe from a service, the data you have stored for this purpose is deleted in compliance with the legal deletion requirements.

Mailbox

The mailbox is an integral part of the Barmer user account and cannot be deactivated. The mailbox is used for data protection secure communication between insured persons and Barmer. Insured persons can transmit or submit documents or information to Barmer via the mailbox. For cases where Barmer cannot process the submission, the mailbox is used as a return channel for this very information. Barmer posts information to the mailbox from various services.

Messages in the mailbox are kept for 2 years and then deleted. If the user account is terminated by the insured, the mailbox messages are also deleted at the end of the user account.

Notification of mailbox receipt

Insured persons are notified of arrivals in the mailbox by Barmer. Notification is made by email and/or SMS, linked to the information (email address) from the Barmer user account or telephone number, which is stored specifically for these notifications by the insured person.

When using the mailbox via the Barmer-App, insured persons also have the option of being notified of incoming mail via a push message on their mobile device. See privacy statements for the Barmer-App for more information on push messages.

Notification about digital letter delivery in the mailbox

You are notified about each letter placed in the mailbox by email or SMS. The email address or telephone number stored in the user account is used for this purpose.

Gesundheitsmanager

The Barmer Gesundheitsmanager provides you with individual preventive care and vaccination recommendations as well as an overview of your dental bonus. You can also view all statements from doctors, pharmacies, etc. for full transparency. We use your customer and billing information to provide you with these personalized services as part of the Gesundheitsmanager. All additional data created in the Gesundheitsmanager is not used for any purpose other than health management and is not disclosed to third parties.

Notification from the Gesundheitsmanager

Insured persons are notified of important events related to the Gesundheitsmanager. Notification is sent to the email address stored in the Barmer user account.

Bonus program

The BARMER bonus program is part of Meine Barmer and a free additional offer. In principle, all Barmer policyholders are entitled to participate in the Barmer bonus program. The consent of an additional privacy policy is required for the use.

Kompass

The Barmer Kompass is a systemic component of Meine Barmer. Here you find selected benefit claims submitted over the last up to ten years with their respective processing status. For example, you can see when a sick note, prescription or birth certificate was received and processed by Barmer. In addition, you receive information on how your earnings replacement benefit (e.g. sick pay, injury benefit) is calculated and when and in what amount it was paid.

The basis for the data displayed in the Barmer Kompass is the data stored at Barmer. The data is displayed but not saved within Kompass in Meine Barmer.

Transmission of documents via upload in Meine Barmer and the Barmer-App

If you use the file upload function to transmit documents digitally to Barmer (e.g. as part of an application), please keep the original documents for 1 year for legal reasons.

Service chat under Meine Barmer

Barmer offers a chat under Meine Barmer. This offer exists exclusively via Meine Barmer on the website and not via the Barmer-App.

The Barmer Service Chat is an electronic communication service in the personal member area Meine Barmer, where you can talk to a Barmer consultant in real time via the internet. You can ask questions that you would have asked on the phone or in person at one of our offices.

The Barmer Service Chat is offered in a separate window that opens when you click on a corresponding button.

Use of Service Chat requires that you agree to the Terms of Use and the Consent Form.

If you use the Barmer Service Chat from the personal member area Meine Barmer, your name and insurance number is displayed to our consultant.

If you have provided us with personal data, we only use it to respond to your inquiries, to process contracts concluded with you and for technical administration.

Insofar as the personal information is not required for the fulfillment of tasks in accordance with the provisions of the German Social Security Code (for example, the granting of benefits or the assessment of contributions), this chat data is deleted after 12 months. If this data is required in accordance with the German Social Security Code, then the retention period depends on the respective processing purpose. Different retention periods apply here, which are regulated in § 110a SGB IV, § 304 SGB V, § 107 SGB XI and in the General Administrative Regulation on Accounting in Social Insurance (SRVwV) for statutory health insurance funds. Personal information is not passed on to third parties.

Consent forms related to customer satisfaction surveys are voluntary and do not affect the benefits you receive as a covered person. The surveys are used to further improve Barmer's service and align it with the wishes and needs of customers. Your consent remains valid and stored until you revoke it with effect for the future vis-à-vis Barmer. The data is then deleted immediately. See the chapters "Your data protection rights" and "Contact details of the data controller, the data protection officer and our supervisory authorities" for more information. The satisfaction survey refers to your impressions and satisfaction with Barmer during your contact with a Barmer consultant. Any feedback submitted by you is anonymous. Direct and indirect references to your person or third parties are made unrecognisable when stored.

The chat transcript is posted to the user's online mailbox under Meine Barmer after the chat.

Video telephony under Meine Barmer

Barmer offers the option of video telephony under Meine Barmer. The prerequisite is access to the personal member area Meine Barmer. This offer exists exclusively via Meine Barmer on the website and not via the Barmer-App.

Barmer video telephony is an electronic communication service that allows you to talk to and see a Barmer consultant in real time via the internet.

Clarify questions with a consultant that you would otherwise have asked on the phone or in person at one of our offices.

Barmer video telephony is offered in a separate window that opens when you click on a corresponding button.

If you have accepted the terms of use and consent form, you must allow access to your camera and microphone. If you click the "Share microphone and camera" button for this purpose, the browser you are currently using (e.g. Mozilla Firefox) prompts you to allow access to your camera and microphone. After that you can start video telephony by clicking the "Start video telephony" button. A video image of the Barmer consultant is displayed, enabling you to speak with him or her in person.

Your name, policy number and video are transmitted to our consultant via your camera, and your voice via your microphone.

If you have provided us with personal data, we only use it to answer your inquiries, to process contracts concluded with you and for technical administration.

Insofar as the personal information is not required for the fulfillment of tasks in accordance with the provisions of the German Social Security Code (for example, the granting of benefits or the assessment of contributions), it is deleted after the video telephony is completed. Personal information is not passed on to third parties.

JavaScript is required to use Barmer video telephony.

Video telephony is supported by the following browsers:

• Google Chrome (from version 33)
• Mozilla Firefox (from version 26)
• Opera (from version 20)
• Safari (from version 11.2)
• Microsoft Edge

We want you to feel safe when using the Barmer-App. The protection of your personal data is therefore very important to us. We tell you when we store which data and what we use it for.

Personal data is only collected via the Barmer-App to the extent technically necessary. Under no circumstances is the data collected sold or passed on to third parties for any other reason without your consent. Barmer strictly adheres to data protection regulations.

The provisions of the EU General Data Protection Regulation (GDPR), which took effect on May 25, 2018, provide for a strengthening of your rights and are intended to give you more sovereignty over your personal data. Our information on data processing provides you with a quick and easy overview of what personal data and social data we collect from you and what we do with it. We also inform you about your rights under applicable data protection law and tell you who to contact should you have any questions.

What is the Barmer-App?

The Barmer-app represents the personal member area for insured persons in the form of an app. In this respect, the scope of services is almost identical to the Meine Barmer offer on the website.

Use of the Barmer-App requires a Barmer user account for Barmer's digital offerings. You can simply register for this via the app.

Who provides you with the Barmer-App?

The responsible party for the processing of personal data in connection with the Barmer-App is Barmer, Axel-Springer-Str. 44, 10969 Berlin.

Contact details of the data protection officer:

Barmer, Data Protection Officer, Lichtscheider Straße 89, 42285 Wuppertal, Germany, postal address: Barmer, Data Protection Officer, 42266 Wuppertal, email: datenschutz@barmer.de

Is the use of the Barmer-App voluntary?

Use of the Barmer-App is voluntary for every Barmer policyholder. It is therefore solely your decision whether and how you use the Barmer-App. Your Barmer user account are only opened at your express request. If you decide to create a Barmer user account, you can also voluntarily use the Barmer-App.

Even though the use of the Barmer-App is voluntary, it requires your agreement to the terms of use and consent to the transfer of personal data.

Your consent is requested by the Barmer app as soon as this is necessary. This happens, for example, during registration or activation of the additional services.

Who is the Barmer-App aimed at?

The Barmer-App is available to all insured persons with an existing insurance relationship with Barmer.

The prerequisite for using the Barmer-App is an activated Barmer user account for the digital offers of Barmer as well as the installation of the Barmer-App.

What steps are required to successfully launch the Barmer-App?

Download from the app stores

The Barmer-App is available via distribution platforms operated by third parties, so-called app stores (Google Play Store and iOS App Store). Your download may require prior registration with the relevant app store and installation of the app store software. When you download the app, the required information is transferred to the App Store, including, but not limited to, your account username, email address and customer number, time of download, payment information, and individual device identification number. Barmer has no influence on the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely the operator of the respective app store. Please check directly with the respective app store provider if needed.

Registration procedure

You need a Barmer user account for the Barmer digital offers to use the Barmer-App (privacy statements for the Barmer user account).

What authorisations and functions does the Barmer-App require on the device?

The Barmer-App requires access to various functions and interfaces on your smartphone. This requires that you grant certain authorisations to the Barmer-App.

The Barmer-App requires access to the internet connection. You do not have to explicitly release this authorisation.

Furthermore, the Barmer-App requires the following authorisations for additional functions, which you can grant manually:

Access to your camera

• Access is required for uploading documents.

Access to the gallery or to the files in the device memory

• The Barmer-App needs access to your device memory so that you can upload images or documents from your device memory.

Access to telephony (Android 8 to 9 only)

•  The Barmer-App only works if you give it the so-called phone authorisation. It uses this permission solely to recognise the device associated with your user account. If you grant authorisation, the app does not make calls, send SMS or access your contacts.

Technical prerequisites

The minimum technical requirements needed to use the BARMER-App is available in the respective app store:

•    iOS App Store: https://apps.apple.com/us/app/barmer-app/id956752981
•    Google Play Store https://play.google.com/store/apps/details?id=de.barmergek.serviceapp

Sign in with Touch ID and FaceID (iOS) or fingerprint and facial recognition (Android)

The login with Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) can be used instead of a login with username and password.

• The prerequisite is that your smartphone requires at least the entry of a code for unlocking and Touch ID or Face ID (iOS) or facial recognition or fingerprint (Android). Only sufficiently secure devices from Android 9 are supported.
• The biometric data used (fingerprint, facial recognition) can only be accessed by the device's security mechanisms. Barmer does not have access to this data at any time.
• Your credentials are stored encrypted on this device. Access is only possible after successful recognition of the finger or face by the device. The credentials are only available on this device and are excluded from backups and synchronisation with other devices.
• For your security, you should only use your own fingerprints and face on this device, and if you lose the device, you should immediately have your account blocked via the free telephone service 0800 333 10 10, have the device's SIM card blocked, and ensure that your emails can no longer be accessed from the device.
• After changing the password or the stored biometric data (finger, face), a new login with password is required to use the function again.
• You can change this function at any time in the app settings.

Notifications (so-called push messages)

The Barmer-App notifies you of new events via local push notifications. These do not contain sensitive information in the notification texts. The prerequisite for this is that you allow the app to send you messages (banners, sounds).

You can enable notifications of new events after logging in to the Barmer-App. For example, when a new message is available in your inbox, you are notified via a push message on the device.

Only generated identifiers for the app installation are transferred. There is no transfer of further characteristics for analysis purposes.
You can disable this feature at any time in the app settings.

Android

• Google Firebase Cloud Messaging is used to deliver the notifications.

iOS

• On iOS, notifications are delivered via Google Firebase cloud messaging and the Apple Push Notification service.

Operating system security check (Android)

The security of your device may be compromised if the original operating system has been modified. The Barmer-App therefore checks the integrity of the operating system installation when the app is started.

Affected users are informed and should exclude a malicious and unwanted change to the operating system before continuing to use the Barmer-App.

However, the app can still be used without functional restrictions at the user's request after taking note of the displayed security notice.
The verification is performed using Google SafetyNet Attestation. Information about the hardware and installed software is sent to Google during the verification process (details about the transmitted data are available here: https://developer.android.com/training/safetynet/attestation#safetynet-data-safety

The check is performed immediately after the app is launched and cannot be turned off.

What types of data are automatically processed by the Barmer-App?

Inventory data (§ 14 (1) TMG)

The data from the Barmer user account is transferred for the use of the Barmer-App.

What data are stored in the device memory of the local end device?

What data is stored locally on the phone's internal device memory?

The Barmer-App stores configuration information encrypted on the device for devices with iOS and Android operating systems.

When you download documents from your Barmer-App to your device, they are stored locally on your device.

Is there a possibility of storage on external storage media (SD cards) of the cell phone?

You can save the documents in your Barmer-App to your device. Devices with Android operating system partially support memory expansion with external storage media. In these cases, you can also save documents to your memory card on your own responsibility.

Is personal data only stored to the extent and for as long as it is necessary for the operation of the app?

For devices with the:

• Android operating system, the deinstallation of the Barmer app also deletes the encrypted configuration data.
• iOS operating system, the configuration data stored and encrypted in Keychain is retained when the Barmer-App is deinstalled.

Is usage behaviour evaluated in the Barmer-App?

Web tracking

To optimise the Barmer-App, Barmer regularly analyses usage behaviour. We use the method of so-called web tracking to evaluate, for example, how often our online services are visited and which content is particularly valuable for the user. Anonymised data is collected and stored, and usage profiles are created from this data using pseudonyms for this purpose. Technically, we use cookies that allow the recognition of an internet browser.

We use the technologies of econda GmbH, which holds the TÜV certificate "Geprüfter Datenschutz" (“Certified Data Protection") from TÜV Saarland for the area of web controlling.

You can change your consent or refusal to analyse usage behaviour under "Analytics for improvements" in the app settings.

Tag management

The tag management system Tealium iQ is used to load pixels from the providers named in the privacy statements on Barmer's websites. Tealium collects some non-personal data for this purpose by means of a cookie. This cookie loses its validity after 12 months.

The following information is stored in the Tealium cookie:

• Timestamp of the website visit
• ID Identifier for the page retrieval
• ID Identifier for the visitor
• ID Identifier for the session

You can disable the sending of usage data (usage statistics) at any time in the app settings.

Error report
We use a tool (Google Firebase Crashlytics) to analyse app errors and fix problems. The tool automatically collects data and information from the retrieving device in the event of technical irregularities to the following scope:

Scope of the data processing

• Mobile device
• Operating system
• App version
• Screen resolution
• Date and time
• Retrieved content and functions

These are sent to us by the tool in real-time crash reports and error reports and then analysed.

Legal basis for the processing of personal data

• Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.

Purpose of data processing

• Logging is done to maintain compatibility and stability of the app for as many users as possible and for abuse prevention and troubleshooting. It is necessary to log the technical data of the retrieving end device in order to be able to react to display errors, attacks on our IT systems and/or errors in the functionality of our app as early as possible. In addition, we use the data to optimise the app and to generally ensure the security of our information technology systems.

Retention period

• The deletion of the aforementioned technical data takes place as soon as it is no longer needed to ensure the compatibility of this app for all visitors, but no later than 90 days after using the app.

Possibility of objection

• You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is conducted on the basis of Article 6(1)(f) GDPR.
• The controller will no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
• You can change your consent or rejection to the analysis to ensure freedom from errors and demand-oriented further development at any time under "Analyses for improvements" in the app settings.

App feedback

The feedback function is another feature that contributes to the error-free and user-oriented further development of the Barmer app. You can individually report problems with the app to Barmer under "Profile" and "Report a problem with the app". The following data is sent along with your feedback in order to understand its context:

• Insured person number
• Device model and operating system version
• Version of the Barmer-App

What cookies are set by the app?

Cookies are small text files that are stored in the device memory of your mobile device and also assigned to the mobile app you are using. Cookies enable the body that sets the cookie (here: us) to obtain certain information. Cookies cannot execute programs or transfer viruses to your mobile device. They serve to make mobile apps more user-friendly and effective overall.

We use cookies to realise important user functions. Whenever you use an online service, you simply receive an identification number that is logged in a cookie. The stored cookies therefore do not contain any personal data. They are deleted after your visit. The cookies are not stored on your local hard drive or on our server.

More information is available about cookies in the chapter on privacy statements for the Barmer website.

IP addresses

Barmer automatically collects and stores in its server log files information that your browser sends to us.

Your IP address is stored for a short period of time in connection with your access to our servers. The storage serves to detect IT threats such as spam, viruses or attacks on our servers or to be able to track them retrospectively.

The requirements of the Telemedia Act (TMG) are met.

Scope of service

See privacy statements for the personal member area Meine Barmer.

How is the data protected?

Whenever you are asked to enter data about yourself, your data is protected for transmission over the internet using TLS encryption so that it cannot be read by unauthorised persons. We use TLS encryption with a 256-bit key.

All personal data entered by them is stored on a specially protected server. Access to this data is only permitted to a few authorised Barmer employees and Barmer authorised persons who are entrusted with the technical and editorial support of the Barmer websites.

Safety is the top priority at Barmer. That is why we have had our internet offering put through its paces by an independent body. Experts have been able to confirm that the BARMER system guarantees the highest possible level of safety.

Our data center, for example, is certified according to ISO/IEC 27001, undergoes ongoing security audits, and is sealed off from the outside world by various measures such as firewalls.

Is data passed on to third parties?

Your data is treated with strict confidentiality. Your data is not disclosed to third parties. The data generated when using the Barmer app is processed exclusively on servers in Germany or within the European Economic Area (EEA) another EU or EEA member state.

What is the Barmer user account?

The Barmer user account is used for access and a prerequisite for insured persons to use protected online offers of Barmer. Registration (authentication, identification) is required for this purpose.

The following steps are necessary to create the Barmer user account:

• Logging of surname, first name, date of birth, insured person number
• Setting a user name
  - We reserve the right to delete user accounts where an illegal user name is chosen
• Setting a password
• Logging an e-mail address
• Logging a phone number
• Agreement to the Terms of Use
• Agreement to the declaration of consent under data protection law
• Verification of email address and phone number
• Identification and device binding / establishment of a strongly authenticated telephone number through
  - Entering the activation code sent by mail (for identification at a low level of protection. This level of protection can be increased by personal identification at a Barmer office) or alternatively
  - Digital identification via an identification service provider (for immediate identification at a higher level of protection, which is required to access the Barmer electronic patient file (eCare) or, in the future, the e-prescription).

The following steps are required for digital identification:

• Select digital identification → case number is requested from the identification service provider
• Switch from the Barmer-App to the identification app of the identification service provider (if necessary, download the identification app) → only case number is transferred
• Agree to terms and conditions, data protection and terms of use of the identity service provider
• Process as specified by the identity service provider with presentation of identification document, verification of the person and, if necessary, presentation of the health card
• Service provider reports back the ID card data, the person's match with the ID card and, if applicable, the number of the presented health card
• Barmer checks the match of identified person with insured person and completes verification
• Insured person receives success message in Barmer-App and via preferred notification channel

The following personal data is processed within the Barmer user account:

• UUID
• First and last name
• Address (street, no, postal code, city)
• Date of Birth
• Gender
• Self-selected user name (display for support purposes)
• Self-selected password
• Insured person number
• Email address
• Telephone number
• Electronic Health Card (eGK)
• device binding
• MobileTAN (mTan)
• Activation code
• One-time password

eCare app

The user account is also a prerequisite for using the eCare app. This requires a device binding of the Barmer-App. You can generate an activation code for using the eCare app from your Barmer user account. The activation code is automatically transferred to the eCare app, so that you only need to enter your user name and password to log in (privacy policy for Barmer eCare and eCare app).

In addition, the following data is transferred to eCare and stored. These are needed to technically check whether you have already agreed to eCare's Privacy Policy:

• Personal identification number
• Health insurance number
• Display name (consisting of title, name prefix, name suffix, first name and last name) - to enable your personal address in the eCare app
• Email address - for notifications

Teledoktor app

The user account is also a prerequisite for using the Teledoktor app. The consent of an additional privacy policy is required for the use. The Teledoktor app is a free offer from Barmer. In principle, all insured persons of Barmer are entitled to use the services of the Teledoktor app. The prerequisite for using the Teledoktor app is an activated Barmer user account and the installation of the Teledoktor app. The Teledoktor app is also the access to the video consultation (remote medical treatment). This is special care pursuant to § 140a SGB V, for which a separate declaration of consent for participation and data processing within the Teledoktor app can be submitted. The declarations and use are voluntary and represent an optional offer.

Who provides the Barmer user account?

The responsible body for the Barmer user account is Barmer, Axel-Springer-Str. 44, 10969 Berlin.

Barmer is responsible under data protection law for processing the personal data of the Barmer user account.

You can contact the Barmer data protection officer at Lichtscheider Straße 89, 42285 Wuppertal and by email at: datenschutz@barmer.de

Sign in with Touch ID and Face ID (iOS) or fingerprint and facial recognition (Android)

See privacy statements for the Barmer-App.

Logging in the event of incorrect entry or blocking of the password

The following processes are logged in order to prevent misuse of your personal access to BARMER, also in your interest:

• Registration processes (login)
• failed login operations
• the processing operation (transaction) triggered in each case

The user ID, time, date, type of identification and a transaction identifier are logged for this purpose. The IP address is also stored in the case of failed logins.

• The purpose of the processing of these data is
• the prevention of misuse of our services and
• clarification of crimes committed, if necessary.

The legal basis for the processing of this data is Art. 6 (1) p. 1 lit. f) GDPR. The purposes also include our legitimate interest in the processing. The data is deleted when it is no longer necessary for processing purposes.

Is usage behaviour evaluated in connection with the Barmer user account?

The last time you logged in is saved with your Barmer user account. This point in time is compared with the stored declarations of consent in order to verify whether you have consented to the most current version of the terms of use and privacy statements. If there have been any changes to the terms of use or privacy statements since you last logged in, we inform you about them in the login process.

Moreover: See privacy statements for the website

What is the legal basis for the processing?

The legal basis for the processing of data in the context of the creation of the Barmer user account is Art. 6 (1) lit. a GDPR (consent).

Purpose of data processing

The purpose of the data processing is the legally secure authentication and identification of the insured person and the prevention of data and identity misuse.

How is the data protected?

Whenever you are asked to enter data about yourself, your data is protected for transmission over the internet using TLS encryption so that it cannot be read by unauthorised persons. We use TLS encryption with a 256-bit key.

Is data passed on to third parties?

Data is not disclosed to third parties.

Only a case number generated by the identity service providers themselves is passed on to them.

How long is the data on the Barmer user account stored?

As long as the Barmer user account is active or locked, the data is stored. When the Barmer user account is deleted by the user, the Barmer user account data is deleted.

How can you delete your Barmer user account?

Users can delete the Barmer user account at any time in the personal member area Meine Barmer on the website or via the Barmer-App under "Manage Barmer user account". Barmer may delete the Barmer user account on behalf of the user or insured person.

The guideline of the GKV-Spitzenverband "Contact with insured persons" defines minimum requirements for measures to be taken for secure identification.

With this in mind, Barmer has developed customer-friendly solutions that simultaneously ensure appropriate protection of communications. The following provides you with an overview of this.

Chat in the public area of the website

Barmer offers a chat on its website. The identification of the user does not need to be proven.

Barmer Chat is an electronic communication service that allows you to talk to a Barmer consultant in real time via the internet.

Please understand that we can only provide general information and no binding information within the framework of this anonymous online offer. The Barmer chat is a text-only chat where text characters are exchanged.

The Barmer chat is offered in a separate window that opens when you click on a corresponding button.

If you use the chat without having logged in to My Barmer beforehand, no data is transferred.

If you have provided us with personal data, we only use it to respond to your inquiries, to process contracts concluded with you and for technical administration.

Insofar as the personal information is not required for the fulfillment of tasks in accordance with the provisions of the German Social Security Code (for example, the granting of benefits or the assessment of contributions), this chat data is deleted after 12 months. If this data is required in accordance with the German Social Security Code, then the retention period depends on the respective processing purpose. Different retention periods apply here, which are regulated in § 110a SGB IV, § 304 SGB V, § 107 SGB XI and in the General Administrative Regulation on Accounting in Social Insurance (SRVwV) for statutory health insurance funds. Personal information is not passed on to third parties.

Service chat in the personal member area Meine Barmer

See privacy statements for the personal member area Meine Barmer

Video telephony in the personal member area Meine Barmer

See privacy statements for the personal member area Meine Barmer

Video telephony in the public area of the website

Barmer offers the option of video telephony, provided this is agreed in advance between the user and Barmer.

Barmer video telephony is an electronic communication service that allows you to talk to and see a Barmer consultant in real time via the internet.

Clarify questions with a consultant that you would otherwise have asked on the phone or in person at one of our offices.

Barmer video telephony is offered in a separate window that opens when you click on a corresponding button.

If you have accepted the terms of use and consent form, you must allow access to your camera and microphone. If you click the "Share microphone and camera" button for this purpose, the browser you are currently using (e.g. Mozilla Firefox) prompts you to allow access to your camera and microphone. After that you can start video telephony by clicking the "Start video telephony" button. A video image of the Barmer consultant is displayed, enabling you to speak with him or her in person.

Your name, as well as your video via your camera and your voice via your microphone are transmitted to our consultant.

If you have provided us with personal data, we only use it to answer your inquiries, to process contracts concluded with you and for technical administration.

Insofar as the personal information is not required for the fulfillment of tasks in accordance with the provisions of the German Social Security Code (for example, the granting of benefits or the assessment of contributions), it is deleted after the video telephony is completed. Personal information is not passed on to third parties.

Email

Unencrypted emails can be read by bystanders. If you send us an email, your email address is only used for general correspondence with you. We are not allowed to send any content relevant to data protection to you by email in an unencrypted form. We therefore answer personal benefit inquiries containing sensitive social data in your own interest by conventional mail or in the protected Barmer mailbox, provided you are registered for this service.

When sending emails to Barmer, please note that certain attachments (e.g. password-protected ZIP files or signature files) cannot be delivered due to security requirements imposed by our systems.

In addition to communication via email, you have the option of using the online mailbox (registration required) or the contact form on our website for secure communication with Barmer.

Customer consultation

Please have an official identification document (e.g. your electronic health card (eGK) or your ID card) ready for identification in the customer consultation.

Telephone

We ask you to provide various data on the phone to ensure your identity.

Fax

Sending faxes is not encrypted and is associated with risks. Barmer therefore does not transmit sensitive personal data by fax as a matter of principle.

Encryption

Whenever you are asked to enter data about yourself, your data is protected for transmission over the internet using TLS encryption so that it cannot be read by unauthorised persons. We use TLS encryption in the current version.

Information on data processing pursuant to Art. 13 and 14 GDPR

Responsible office:

Barmer, Axel-Springer-Str. 44, 10969 Berlin
Telephone: 0800 333 10 10
Email: service@barmer.de

Contact details of the data protection officer:

Barmer, Data Protection Officer, Lichtscheider Straße 89, 42285 Wuppertal
Postal address: Barmer, Datenschutzbeauftragte, 42266 Wuppertal
Email: datenschutz@barmer.de

Processing purposes

We use your data to fulfill our legal mandate. We provide information in the following about the individual processing purposes in health and long-term care insurance.

Health insurance (§ 284 SGB V)

• Determination of the insurance relationship and membership, including the data required for the initiation of an insurance relationship
• Issuance of entitlement certificates and the electronic health card
• Determination of the obligation to contribute and the contributions, their bearing and payment
• Examination of the obligation to provide benefits and the provision of benefits to insured persons, including the conditions of benefit limitations, determination of co-payment status and implementation of procedures for reimbursement of costs, repayment of contributions and determination of the burden limit
• Support for insured persons in the event of treatment errors
• Assumption of treatment costs in cases covered by § 264 German Social Security Code Vol.V (SGB V)
• Involvement of the medical service or expert opinion procedure pursuant to § 87 (1) c SGB V
• Billing with the service providers including checking the legality and plausibility of billing
• Monitoring the efficiency of service provision
• Billing with other service providers
• Implementation of reimbursement and replacement claims
• Preparation, agreement and implementation of compensation contracts
• Preparation and implementation of model projects, implementation of care management pursuant to § 11 (4) SGB V, implementation of contracts for family doctor-centered care, special forms of care and outpatient provision of highly specialised services, including performance and quality audits
• Implementation of risk structure compensation pursuant to §§ 266 and 267 German Social Security Code, Vol. V (SGB V), as well as for recruiting insured persons for the programs pursuant to § 137g German Social Security Code, Vol. V (SGB V) and for preparing and implementing these programs
• Implementation of discharge management pursuant to § 39 (1a) SGB V
• Selection of insured persons for measures pursuant to § 44 (4) p. 1 SGB V and § 39b SGB V and their implementation
• Monitoring of compliance with the contractual and legal obligations of the service providers of medical aids pursuant to § 127 (7) SGB V (Social Code)
• Fulfillment of the tasks of the health insurance funds as rehabilitation providers pursuant to SGB IX
• Preparation of care innovations, information of the insured and submission of offers pursuant to § 68b (1) and (2) SGB V
• Administrative provision of the electronic patient file and for the offer of additional applications within the meaning of § 345 (1) Sentence 1 SGB V
• Recruitment of members
• Compensation of employer expenses for continued remuneration pursuant to the Continued Remuneration Act (AAG), the Continued Remuneration Act (EntgFG) and the Maternity Protection Act (MuSchG)

Long-term care insurance (§ 94 SGB XI)

• Determination of the insurance relationship and membership
• Determination of the obligation to contribute and the contributions, their bearing and payment
• Examination of the obligation to pay benefits and the provision of benefits to insured persons, as well as the implementation of reimbursement and compensation claims
• Involvement of the medical service
• Billing with service providers and reimbursement of costs
• Monitoring the efficiency, billing and quality of service provision
• Conclusion and implementation of care rate agreements, remuneration agreements and contracts for integrated care
• Clarification and information
• Coordination of nursing care assistance, nursing care consultation, issuance of consultation vouchers, and performance of tasks in the nursing care support centers
• Billing with other service providers
• Statistical purposes
• Support for insured persons in the pursuit of claims for damages

In addition, data may be processed by BARMER on the basis of express declarations of consent pursuant to Art. 6 (1a) GDPR in conjunction with § 67b (2) German Social Security Code Vol. X (SGB X). Consent is voluntary and can be revoked at any time with effect for the future.

We are only allowed process your data for other purposes if

1. the data is required for the fulfillment of tasks under other legal provisions of the German Social Security Code than those for which it was collected,
2. it is required to carry out a specific project of scientific research or planning in the field of social services and the requirements of § 75 (1), (2) or (4a) sentence 1 SGB V are met.

Obligation to provide and consequences of non-provision

In the course of fulfilling our tasks, you are obliged to provide us with the personal data that is required in the individual case or that we are legally obliged to collect, based on your duty to cooperate pursuant to §§ 60 ff Social Code Vol. I (SGB I). As a rule, we are not able to fulfill our tasks conclusively or comprehensively without this data, which may result in disadvantages for you, for example in the context of the granting of benefits.

Voluntary information, such as telephone number or email address, is expressly excluded from this data. Should you not provide this data, there is no breach of a duty to cooperate and you do not suffer any disadvantage as a result. If data is included on submitted verification documents that is not required, it may be redacted.

Your social data, which Barmer processes, is subject to the data protection requirements of SGB I, X, the Federal Data Protection Act (BDSG) and additionally the General Data Protection Regulation (GDPR). Barmer ensures that the social secrecy requirements pursuant to § 35 SGB I are maintained.

Automated individual case decision including profiling

We make decisions in certain business processes that are based solely on automated processing. In doing so, we comply with Art. 22 of the General Data Protection Regulation (GDPR).

In the case of simply structured administrative procedures that can be checked and decided on by machine in accordance with a certain scheme, we are permitted to make decisions (administrative acts) fully automatically (§ 31a Social Code Vol. X - SGB X). We take into account all information that is relevant to the decision, i.e. that can affect the outcome of the decision. Insofar as information provided by the party involved requires, we review the decision in person.

We decide on the application after the fully automated check of the legal requirements. In doing so, we state the main reasons that led to the decision. If you do not agree with the decision, you can have it reviewed by Barmer employees. You are entitled to provide your own point of view and you are entitled to challenge the decision.

In some cases, we also process data automatically with the aim of evaluating certain personal aspects to the extent permitted by law (profiling). We use profiling, for example, to be able to inform and advise you about products in line with your needs. You can object to the processing for purposes of advertising. We do not use profiling for the implementation of membership, the granting of benefits or the assessment of contributions in accordance with the provisions of the SGB.

Recipient categories

Access to your data within Barmer is granted to those departments that need it to fulfill our contractual and legal obligations.
Barmer transmits social data on the basis of statutory provisions of the SGB or other legal provisions to the following recipients if necessary:

• State Pension Insurance,
• Federal Employment Office,
• statutory accident insurance,
• to financial institutions in the context of payment transactions,
• Federal Insurance Office for the Health Fund,
• employers and paying agencies,
• Social benefits administration,
• Defense Area Administration,
• tax office,
• service providers,
• medical service of the health insurance,
• transfer in individual cases pursuant to §§ 67d ff. SGB X,
• contracted service provider pursuant to Art. 28 GDPR in conjunction with § 80 SGB X.

Insofar as your data is passed on to contract service providers of Barmer, we have taken technical and organisational measures to ensure that the data protection regulations are observed.

If a transfer is made to a recipient within a category, you are informed of the recipient unless one of the exceptions under § 82 (1) and (2) SGB X or the requirement of Article 13 (4) GDPR applies. This means the obligation to provide information does not apply if the data subject already has the information, if the storage or disclosure of the personal data is expressly regulated by legal provisions, or if informing the data subject proves impossible or involves a disproportionate effort.

Data transfer to a third country

As a matter of principle, Barmer does not transfer personal data to entities in third countries (outside the EU or EEA) or international organisations.

Duration of data storage

The deletion of the data provided by a data subject usually takes place:

1. If they are not required for contract fulfillment or other retention obligations and legal reasons
2. When revoking granted consent
3. If the data storage is inadmissible for other legal reasons
4. If the deletion is necessary to fulfill a legal obligation, statutory retention obligations or other legal reasons

There are different retention periods for social data depending on the purpose of processing, which are regulated in § 110a SGB IV, § 304 SGB V, § 107 SGB XI and in the General Administrative Regulation on Accounting in Social Insurance (SRVwV). If your personal data is no longer required for the above-mentioned purposes and is also not required to be retained on the basis of legal provisions, it is deleted on a regular basis.

We process your personal data exclusively within the framework of the statutory provisions. This includes the following categories of personal data / social data:

Social data of members and insured persons

Personal data:

• Classification characteristics (e.g. health insurance number)
• Name, first name
• Address
• Photo
• Date of birth
• Place of birth
• Telephone number
• Email address
• Family member license plate
• Bank information
• Marital status
• Gender
• Nationality
• Membership in bodies of the insurance fund
• Pension insurance number

Membership data:

• Pre-insurance periods
• Start and end
•  Supporting agencies
• Indicator for granting benefits (e.g. reimbursement, participation in special forms of care)
•  Supplementary insurance indicator

Data on the insurance relationship:

• Type of insurance
• Start and end
• Reasons for reporting
•  Activity data
• Contribution groups
• Compensation for work/income/pension payments
• Data on exemption from contributions/insurance
• Data on pension application/retirement
• Employer/paying agency

Contribution data (direct payer):

• Contribution target
• Contribution actual
• Payer
• Data for the collection of contributions
• Dunning procedure data
• Tax identification number

Performance data:

• Type of service
• Diagnostics
• Service prescriber
• Service provider
• Period/benefit receipt
• Expected date of delivery/delivery
• Costs
• Data on suspension, interruption, failure, discontinuation of benefits
• Data about other service providers
• Data on contract services
• Data on compensation claims
• Data on pension entitlements
• Co-payments/deductibles
• Data on structured treatment programs, integrated care, model projects, care management
• Data on bonus programs
• Data on elective tariffs
• Tax identification number
• Data on / about calculation, amount and payment amounts of compensation benefits
• Data on the processing status

Caregiver data:

• Master data as under "Personal data”
• Start and end of the care activity
• Reasons for reporting, time periods
• Information on the verification of the pension insurance obligation
• Information on collection and payment of contributions to the pension insurance institution
• Qualification details
• Data for statistical reporting

Data on authorised persons / legal representatives:

• Name, first name
• Address
• Telephone number
• Email address

Social data of corporate customers

• Classification criteria (e.g. employer number, company number)
• Surname
• Address
• Telephone number
• Email address
• Bank information
• Contribution target
• Contribution actual
• Payer
• Data for the collection of contributions
• Dunning procedure data
• Supporting agencies
• Data for company audits
• Data for settlement types
• Data for the implementation of the Expenditure Compensation Act - AAG

Data of the service providers

• Allocation details (e.g. physician number)
• Surname
• Address
• Telephone number
• Email address
• Data on professional qualification

Data on contractors and suppliers

• Allocation details (e.g. institution identifier)
• Surname
• Address
• Telephone number
• Email address
• Bank information
• Data on clearing and settlement operations

Publication subscriber data

• Allocation details (e.g. type, volume of publications and serial number)
• Name, first name
• Address
• Email address

Data from interested parties

• Allocation details
• Name, first name
• Address
• Telephone number
• Email address 

IT service provider

Data Center Operations (gkv informatik). Provision of IT and telecommunications services, including:

• Provision of hardware and software
• Telecommunications
• Consultation and support
• Maintenance and support

Billing service provider

• Verification of billing from service providers
• Telephone service provider
• Service telephony

File and data media destruction companies

• Disposal of files and data media

Service provider for advertising and market analysis

• Customer satisfaction survey
• Market research
• Marketing measures

Lettershops, postal and parcel services, print stores

• Preparation and dispatch of information material
• Printing services
• Newsletter (email)

Digital health provider

Providing digital health offerings for Barmer, including:

Barmer apps

• Card producer and trust center
• Electronic health card

Archiving services

• File archiving

Identification services

• Identify individuals for substantial or higher levels of protection

In so far as Barmer processes personal data from you, you are entitled to exercise the following rights via the contact details listed in the chapter "Contact details of the person responsible, the data protection officer and our supervisory authorities" if the legal requirements are met:

• When data is processed on the basis of consent, the right exists to revoke this at any time with effect for the future.
• The rights arising from Articles 15, 16, 17, 18, 20 and 21 GDPR (right of access, right to rectify inaccurate data, right to erasure, right to restriction of processing, right to data portability, right to object).
• The right to contact the Barmer data protection officer to raise your concerns (Article 38(4) GDPR).
• The right to complain to a competent supervisory authority for data protection. Please contact the responsible Barmer supervisory authority for this purpose.

The aforementioned rights can only be fulfilled by Barmer insofar as the data to which the asserted claims relate can be clearly assigned to your person.

Should you have technical questions or questions about BARMER's use of your personal data, it is best to contact us first - either by email at service@barmer.de or by telephone on 0800 333 1010 (calls from landlines and mobile phones are free of charge for you.). You can reach us by post at BARMER, 42266 Wuppertal.

In addition, you can contact our data protection officer by email at datenschutz@barmer.de. You can reach our data protection officer by post at BARMER, Data Protection Officer, 42266 Wuppertal.

The contact details of our supervisory authorities are:

• The Federal Commissioner for Data Protection and Freedom of Information Graurheindorfer Str. 153, 53117 Bonn, email: zast@bfdi.bund.de.
• •    Federal Social Security Office, Friedrich-Ebert-Allee 38, 53113 Bonn, email: poststelle@bas.bund.de.