Data protection

reading time less than 74 minutes

The best possible protection for your data

reading time less than 74 minutes

The protection of your personal data is very important to us. This is why we consider the development of effective protective measures to be an important task, because we want you to be able to trust us. Our data protection declaration explains how we handle your personal data and what we do in order to protect it.

The protection of your personal data is very important to us. This is why we consider the development of effective protective measures to be an important task, because we want you to be able to trust us. Our data protection declaration explains how we handle your personal data and what we do in order to protect it.

This data protection policy dated 04.07.2021 is the currently valid version. Due to the further development of the services provided by Barmer, it may become necessary to amend this data protection declaration. You can access and print out the current data protection information at any time at www.barmer.de/datenschutz (German only).

On its website, Barmer informs you about services, insurance contributions and health-related topics. Insured persons can access the personal member area Meine Barmer via the website.

Insofar as personal data is collected on this website, this is done either on the basis of your express consent, Article 6 paragraph 1 sentence 1 lit. a GDPR (General Data Protection Regulation), for the compliance with legal obligations to which Barmer is subject, Article 6 paragraph 1 sentence 1 lit. c GDPR, for the performance of tasks carried out in the public interest or in the exercise of an official authority vested in Barmer, Article 6 paragraph 1 sentence 1 lit. e GDPR, or for the purposes of the legitimate interests pursued by Barmer, Article 6 paragraph 1 sentence 1 lit. f GDPR.

Visit to our website and use of it for information purposes

Every time our website is visited and used for information purposes, the browser used on your end device automatically sends data and information to the server of our website. The following data will be collected: 

  • IP address
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Volume of the data transferred in each case
  • Website from which the request originates (referrer URL)
  • User agent (operating system, browser, etc.)
  • Language and version of the browser software
  • Type of action or type of the request
  • Other similar data and information that serve to avert danger in the event of attacks on our information technology (IT) systems

These data are also temporarily stored on our system's log files. These data are not stored together with other personal data. The temporary storage of the IP address by the system is necessary to give you access to the website. For this purpose, the IP address must remain stored for the duration of the use of the website.

Storage of the aforementioned data in log files

The aforementioned data is stored in log files for the following purposes:

  • Provision of access to the website
  • Analysis and correction of any technical problems
  • Evaluation of system security and stability

 The legal basis for data processing is Article 6 paragraph 1 sentence 1 lit. b GDPR, insofar as the data processing is necessary for the provision of the website. Insofar as data processing is necessary for the evaluation of system security and stability, the legal basis is Article 6 paragraph 1 sentence 1 lit. f GDPR. The legitimate interest for data processing follows from the purpose of system security and stability listed above. Under no circumstances will we use the collected data for the purpose of drawing conclusions about the user's person.

The data that are collected to provide use of the website are deleted after the end of the respective browser session. The log files are deleted after 30 days at the latest.

The processing of the data described above and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

Use of cookies

We use cookies on our website. A cookie is a small file that is automatically generated by your browser and stored on your device each time you visit our website. Almost every website uses cookie technology. This technology is downloaded by your web browser on the first visit to a website. The next time this website is accessed using the same device, the cookie and the information stored in it are either returned to the website that generated it (first-party cookie) or sent to another website to which it belongs (third-party cookie). In this way, the website recognizes that you have already accessed it using this browser and changes the content displayed in some cases.

Some cookies are extremely useful as they can improve the user experience when you return to a website that you have already visited several times. Provided that you use the same device and browser as before, cookies can remember, for example, your preferences regarding the use of a page and adapt the content displayed to your personal interests and needs. Depending on their function and purpose, cookies can be divided into technically necessary cookies, analytical cookies and marketing cookies.

Technically necessary cookies are required to navigate between the pages and to use certain functions. They enable basic functions such as access to secure areas of the website.

Analytical cookies help us to better understand user behavior. Analysis cookies are used to determine usage of a site in so-called pseudonymous usage profiles. It is not possible to draw any direct conclusions about a person. In this way, we learn, for example, the number of views of an individual web article or the duration of a visit to www.barmer.de. These data help us to expand and improve the content according to user interests.

Marketing cookies are used to show promotional content that is relevant to you. Marketing cookies serve to display advertising contents that interest you (so-called remarketing cookies) and to measure the effectiveness of our campaigns (so-called conversion cookies). With remarketing, advertisements can be displayed on advertising partner sites. It is used to create an anonymous interest profile and to display relevant ads on other websites. It is not possible to draw any direct conclusions about a person. Marketing and remarketing cookies help us to display the most relevant advertising content to you. If you disable marketing cookies, you will still see Barmer advertising, but it may be less relevant to you.

Under Manage cookies (German only), you can subsequently view how you have decided to use cookies so far and make adjustments at any time.

Overview of all cookies:

Cookie nameDuration of storagePurposeLegal basisNecessity / type of integration

JSESSIONID2

End of session

Session handling

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

lbpersistence

End of session

Sticky session handling loadbalancer

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

bconnect
AccessToken

End of session

Single Sign On CM5 / CM7 / BAS

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

bgek_voting

End of session

Voting image gallery: For each image gallery with a voting function, the user can choose one image as a favorite. The IDs of the image gallery and the image are stored in the cookie.

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

bgek-artice
-toc-collapsed

End of session

Article table of contents initially collapsed: without cookie, the table of contents of an article is expanded initially. If the user collapses the table of contents of an article, this is recorded in the cookie (true). Then, the table of contents of this article and all other articles is collapsed initially.

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

gpc

Proactive chat closed

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

Barmer IDP

AUTH_
SESSION_ID

End of session

Keycloak session handling

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

KEYCLOAK_
IDENTITY

End of session

Keycloak session handling, contains the JWT for the user logged in

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

KEYCLOAK_
IDENTITY_LEGACY

End of session

Keycloak session handling, contains the JWT for the user logged in

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

KEYCLOAK_
SESSION

10 hours

Keycloak session handling

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

KEYCLOAK_
SESSION_LEGACY

10 hours

Keycloak session handling

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

OAuth_Token
_Request_State

End of session

Protection against cross-site request forgery (CSRF) attacks

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

KC_RESTART

End of session

Enables re-login

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

KEYCLOAK_
REMEBER_ME 

End of session

Enables the "Remember me" function (not used for the Barmer ID)

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

Genesys

_genesys.widgets.
app.autoLoadList

End of session

Enables Lazy Loading and the functionality of the Genesys components, see Genesys documentation
https://docs.genesys.com/Documentation/GWC/latest
/Deployment/GWCCookies

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

Genesys Chat

_genesys.widgets.
webchat.metaData

End of session

Enables Lazy Loading and the functionality of the Genesys components, see Genesys documentation
https://docs.genesys.com/Documentation/GWC/latest
/Deployment/GWCCookies

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

_genesys.widgets.
webchat.position

1 day

Enables Lazy Loading and the functionality of the Genesys components, see Genesys documentation
https://docs.genesys.com/Documentation/GWC/latest
/Deployment/GWCCookies

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

_genesys.widgets.
webchat.state.index

End of session

Enables Lazy Loading and the functionality of the Genesys components, see Genesys documentation
https://docs.genesys.com/Documentation/GWC/latest
/Deployment/GWCCookies

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

_genesys.widgets.
webchat.state.keys

End of session

Enables Lazy Loading and the functionality of the Genesys components, see Genesys documentation
https://docs.genesys.com/Documentation/GWC/latest
/Deployment/GWCCookies

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

_genesys.widgets.
webchat.state.last
MessageCountRead

End of session

Enables Lazy Loading and the functionality of the Genesys components, see Genesys documentation
https://docs.genesys.com/Documentation/GWC/latest
/Deployment/GWCCookies

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

_genesys.widgets.
webchat.state.open

End of session

Enables Lazy Loading and the functionality of the Genesys components, see Genesys documentation
https://docs.genesys.com/Documentation/GWC
/latest/Deployment/GWCCookies

Tealium Consent Manager

CONSENTMGR

90 days

Consent Manager

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

utag_main

12 months

Management of third-party providers and data privacy

Legitimate interest Art. 6 para. 1 sentence 1 lit. f GDPR

Technically necessary cookies

econda

emos_jcvid

24 months

Tracking/identification of the visitor

Consent

Analytical cookies

emos_jcsid

Session (jcsid)

Tracking/identification of visits

JCSID is a randomly generated, unique ID. This is generated anew in each technical session and has no reference to the visitor. It makes it possible to assign interactions with the website to a visit so that anonymized user journeys can be created.

Consent

Analytical cookies

Google

DSID

10 days to 2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

DIE

1 year

Google Ads Tracking & Retargeting

Consent

Marketing cookies

AID

1 year to 1.5 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

test_cookie

End of session

Google Ads Tracking & Retargeting

Consent

Marketing cookies

1P_JAR

1 month

Google Ads Tracking & Retargeting

Consent

Marketing cookies

NID

6 months

Google Ads Tracking & Retargeting

Consent

Marketing cookies

UULE

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

DV

5 minutes

Google Ads Tracking & Retargeting

Consent

Marketing cookies

IDE

1 year

Google Ads Tracking & Retargeting

Consent

Marketing cookies

__Secure-
3PAPISID

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

__Secure-3PSID

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

__Secure-APISID

1 month

Google Ads Tracking & Retargeting

Consent

Marketing cookies

__Secure-HSID

1 month

Google Ads Tracking & Retargeting

Consent

Marketing cookies

__Secure-SSID

1 month

Google Ads Tracking & Retargeting

Consent

Marketing cookies

ANID

1 year

Google Ads Tracking & Retargeting

Consent

Marketing cookies

APISID

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

CONSENT

Depending on browser, no specific limit

Google Ads Tracking & Retargeting

Consent

Marketing cookies

HSID

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

SAPISID

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

SEARCH_
SAMESITE

6 months

Google Ads Tracking & Retargeting

Consent

Marketing cookies

SID

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

SIDCC

1 year

Google Ads Tracking & Retargeting

Consent

Marketing cookies

SSID

2 years

Google Ads Tracking & Retargeting

Consent

Marketing cookies

Conversion

1 month

Google Ads Tracking & Retargeting

Consent

Marketing cookies

Bing

MUIDB

1 year

Used by Bing for advertising and analytical purposes (Visitor ID)

Consent

Marketing cookies

MUID

1 year

Used by Bing for advertising and analytical purposes (Visitor ID)

Consent

Marketing cookies

_uetvid

7 days

Used by Bing for advertising and analytical purposes (Visitor ID)

Consent

Marketing cookies

_uetsid

1 day

Used by Bing for advertising and analytical purposes (Visitor ID)

Consent

Marketing cookies


Overview of plugins:

Plugins

Purpose

Technology

Genesys plugins

Genesys Chat

Live contact to Barmer employee

JavaScript plugin

Genesys Co-Browsing

Live support by Barmer employee

JavaScript plugin

Genesys Video Chat

Live video contact to Barmer employee

JavaScript plugin

YouTube plugins

YouTube Videos

Integration of videos, for example, background on stages

JavaScript plugin


Analysis and tracking tools

In addition, we use cookies on our website that enable a pseudonymized analysis of surfing behavior (without being able to draw conclusions about the person of the visitor). The information gained in this way helps us to improve Barmer's web offering and carry out market analyses. Refer to "Overview of all cookies".

Web tracking

Barmer regularly analyzes user behavior to optimize the internet site. We use so-called "web tracking" to evaluate, for example, how frequently our websites are visited and what content is particularly valuable for the user. For this purpose, anonymized data are collected and saved, and usage profiles are created from these data using pseudonyms. For technical purposes, we use cookies that enable the re-recognition of an internet browser.

When implementing web tracking, we use the technologies of econda GmbH, which holds the TÜV Verified Data Protection certificate of TÜV Saarland for the field of web controlling.

In principle, you can object to the collection and storage of data on our websites. In order to make the exclusion from econda web controlling as easy and convenient as possible for you, a cookie with the name econdaNoTrack from the domain econda-monitor.de is set in your browser. Simply follow this link: Revocation for data storage

Tag management

With the Tealium iQ tag management system, pixels from the providers named in the data protection notice are loaded on the Barmer web pages. Tealium uses cookies to record exclusively non-personal data. This cookie becomes invalid after 12 months. The following information is stored in the Tealium cookie:

  • ID for the visitor
  • ID for the session

However, this information is not transmitted to Tealium and is therefore not stored in Tealium.

You can object to the use of the Tealium cookie. To do this, specify in your browser settings that cookies from the domain "tags.tiqcdn.com" are to be blocked.

This website uses Google Ads, an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In connection with Google Ads, we use conversion tracking to measure and evaluate how well and effectively our ad placements are working. When users click on a Barmer ad placed as part of Google Ads, a cookie for conversion tracking is placed and stored by the browser on the user's computer. The cookie becomes invalid after 30 days and is not used for the purpose of personal identification of users. Various analysis values are usually stored for this cookie: the ID of the cookie, the number of advertising displays, the last ad seen before the click to the website and a mark if the user no longer wishes to be addressed.

Google can recognize your internet browser by means of cookies that have been set. If a user visits certain pages of www.barmer.de and the cookie stored on their computer has not yet expired, Google and Barmer can recognize that the user has clicked on the ad and been redirected to this page. User behavior on the websites of other providers is not tracked in conversion tracking. We do not collect and process any personal data in advertising measures via Google Ads. We only receive statistical analyses from Google, which we can use to determine which advertising measures are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify the users on the basis of this information.

You can find more information about Google Ads and Google conversion tracking in Google's privacy policy.

If you do not wish to participate in conversion tracking, you can reject the setting of a cookie required for this – for example, by means of a browser setting that generally disables the automatic setting of cookies or by setting your browser in such a way that cookies from the domain "googleleadservices.com“ are blocked.

We use the Remarketing function of the Google Ads service. This enables us to remember which of our pages and articles you have visited.

Google uses cookies, which are stored in your browser and which enable an analysis of the website's visitor data. This information is used by us and Google to provide you with better offerings and targeted and better services. Google uses this information to analyze your use of the website, to compile reports about the web activities and to render other services related to the use of the website and the internet. We do not collect any personal information with our cookies and remarketing lists. For further information about Google Remarketing and Google's privacy policy, see.

If you do not wish to use the Google Remarketing function, you can disable the use:

  1. by setting your browser accordingly;
  2. by installing the Google plugin to disable personalized advertising;
  3. by disabling interest-based advertising of providers participating in the self-regulatory campaign "About Ads", this setting being deleted when you delete your cookies.

You can find more information about data protection at Google in Google's privacy policy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI).

Bing Ads Universal Event Tracking (UET)

On our website, we use technologies from Bing Ads to gather and store data and to create usage profiles based on this data using pseudonyms. This is a service provided by Microsoft Corporation, One Microsoft Way Redmond, WA 98052‐6399, USA. This service allows us to track the activity of users on our website if they access our website through ads delivered by Bing Ads. If you access our website through such ads, a cookie is placed on your computer. A Bing UET‐tag is integrated on our website. This is a code that is used in conjunction with the cookie to store non-personal data about website usage. No information about your identity is collected. The data collected are sent to Microsoft servers in the USA and stored there for a maximum period of 180 days. You can prevent the collection and processing of data generated by the cookie and related to your use of the website by disabling the use of cookies. In addition, Microsoft can use cross‐device‐tracking to track your usage across multiple electronic devices and is able to display personalized ads on Microsoft web pages and Microsoft apps. You can disable cross-device tracking here.

For more information about the analytics services provided by Bing, please visit the Bing Ads website.

Further information on data protection at Microsoft and in Bing can be found in the Microsoft privacy policy.

Reference to social media channels

Use of plugins

Plugins are dependent software modules that enable the integration of additional functionalities. These can be like and share buttons of social media providers and advertising networks.

Barmer has a presence on various social media networks in order to communicate with the users active there or to offer information. In addition, Barmer can be contacted via these online presences and is thus available for all social security-related questions.

Notes for visitors of our social media channels

  • Do not post any data or information on social media that you do not wish to make public. Think about what data you want to post there and with whom you want to share it. Check the privacy settings on your social media profiles. Your data may automatically be visible to all users.
  • Any questions you ask us on the social media channels may only be answered by us in a manner that complies with data protection regulations. Thus, we are allowed to provide general information on the topic of health, on our services and on insurance law. However, we are not allowed to discuss specific cases of insured persons or the cases of other persons. As a statutory health insurance fund, we must treat the data of our members confidentially. This excludes communication about personal matters on public channels.
  • Barmer does not store any personal data of individual visitors to the social media sites in its systems. The comments, contributions and notes are only intended to improve our advice and services.
  • If data are collected from participants in the context of contests, users will receive further information in the respective conditions of participation.
  • Observe the generally applicable principles for the use of social media portals and take into account copyright law and the netiquette of Barmer's social media channels. Discrimination, bullying and insults are not tolerated by Barmer on the internet, as in real life. In the event of violations of netiquette, Barmer reserves the right to delete such content.

Share buttons

If you click on a Facebook, Twitter, Instagram, YouTube, Xing or LinkedIn button on www.barmer.de, your browser will establish a direct connection with the respective service provider. During this process, the respective service provider will be informed that the corresponding internet site has been accessed from www.barmer.de or a specific service of www.barmer.de has been used. We have no control over the scope of the data collected by service providers using Share buttons.

Facebook and Instagram

Barmer uses the technical platform and services of Facebook Ireland for the information service offered here. Visitors to our pages on Facebook or Instagram are statistically evaluated (tracking). In "Insights", we as page operators can view these statistical data. The statistics related to the page to which Barmer has access as the page operator serve to evaluate reach and interaction as well as posts and do not allow any conclusions to be drawn about individuals or profiles. The joint responsibilities are regulated as follows: Data subjects can exercise their rights against Facebook Ireland as well as against Barmer. Facebook assumes primary responsibility under the GDPR for the processing of Insights data and complies with all applicable obligations under the GDPR with respect to the processing. Facebook Ireland will make the essence of the Page Insights Addendum available to data subjects. We do not implement any decisions about the processing of Insights data and any other information resulting from Article 13 GDPR, including the legal basis, identity of the data controller and duration of storage of cookies on user devices. Click here to go to the current Page Insights Controller Addendum with Facebook.

YouTube

Our website uses plugins from the website YouTube. The operator of the YouTube pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network. As soon as you start a YouTube video on our website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. Cookies remain on your device until you delete them. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 paragraph 1 sentence 1 lit. f GDPR.

For more information about data protection at YouTube, please refer to their privacy policy at https://www.youtube.com/t/privacy_at_youtube.

At various locations, you can subscribe to one or more email newsletters. By doing so, you give us your consent to use your email address for promotional purposes. The sender of the emails is always Barmer. The emails will contain information, offers and benefits provided by Barmer.

Registration for newsletters

For your registration to take effect, we need a valid email address. We use the "double opt-in" process to verify that the registration is in fact coming from the owner of the email address. For this purpose, we log the newsletter order, the dispatch of the confirmation email and the receipt of the requested reply. To log these events, we record the exact time and the IP address of your end device.

Basic newsletters and personalized newsletters

If you select a basic newsletter, we will not personalize the contents to reflect your interests. Accordingly, we do not require data from you to personalize the newsletter and instead only collect the data necessary for directly providing the newsletter. Typically, these are your email address and, if applicable, your name.

In addition, the newsletter content can be personalized to reflect your personal interests. For details on the personalization, see "Personalization and user profile".

Subscribers may also be informed by email of circumstances relevant to the service or registration (e. g., changes in the newsletter offers or technical issues).

Duration of storage

Your data will be stored when you subscribe to the newsletter and retained until you unsubscribe. Your registration will be successfully completed when you click the confirmation link in the email addressed to you.

If you do not confirm the subscription link in the email, we will store your data for up to 6 months. The link will then expire and it will no longer be possible to use it to confirm your subscription. After this period expires, your data will be immediately deleted. Of course, you can register again by repeating the subscription process.

When you cancel your subscription to a newsletter, e. g., by using the unsubscribe link included in every mailing, the unsubscribe process will be completed within 24 hours and your data will be fully deleted from all recipient lists.

Please note that a non-automated unsubscribe or data deletion process request may take up to two weeks to implement depending on internal processes.

The data for logging the unsubscribe process will be anonymized one year after you unsubscribe. They only document when an email address was unsubscribed and the relevant IP address. This serves for the documentation duty under the GDPR. Three years after anonymization, the whole transaction will be deleted.

Unsubscribing from newsletters

You can withdraw your consent to save your personal data and to use them for sending newsletters at any time. Every newsletter contains a link for that purpose. In addition, you can unsubscribe at any time using the following email address: datenschutz@barmer.de. The withdrawal of your consent has no effect on the lawfulness of the processing up to the time of withdrawal. Due to the lead times of the technical and organizational processes, in exceptional cases you may receive another newsletter after unsubscribing.

Legal basis

The legal basis for the data processing described in this section is Art. 6 paragraph 1 sentence 1 lit. a GDPR (consent).

Personalization and user profile

If you primarily wish to receive content relevant to you, then select personalized information. Please note that personalization is subject to your consent, which can be withdrawn at any time

Providers used

In the context of personalized marketing campaigns, we use the Dynacampaign campaign management system from Dymatrix, based in Stuttgart, and Inxmail, based in Freiburg, as our email service provider. Data processing takes place exclusively in Germany. For further information, please refer to the data protection declarations of the above-mentioned service providers.

User profile

To present content that is relevant to you, we need an optimal understanding of your interests. For this personalized information, we therefore create a personalized user profile for you.

In this personalized user profile, we save identifying characteristics such as salutation, first and last name or email address, date of birth together with your contractual and usage data. The contractual data only include the status of your membership, i.e. whether or not you are a Barmer member. The usage data include, in particular, your reaction to our advertising measures (e. g., the newsletters sent to you and opened, clicks on links within a newsletter). In this way, we can personalize our services provided to you. For example, in the newsletter you will receive information about services that are relevant to you or special offers that suit you – whichever applies to you.

Data sources

In the user profiles, we collect data from various Barmer sources as part of our mailing campaigns to arrive at the best possible overview of your interests. These sources are based on the declarations of consent submitted by you and may include the following data:

Email service provider:
Your registration information such as double opt-in consent given or your details in the registration form or a click within a newsletter.

Netigate (survey tool):
In some of our emails, we may give you the opportunity to answer a question. You are always free to answer. However, the answer can help us to send you suitable information or offers. For further information, please refer to the privacy policy of the service provider Netigate.

Barmer master data:
To be able to provide the best possible content for people interested in Barmer and those insured with Barmer, we can check whether you are already insured with us. In this way, we can inform people interested in our mailings about the advantages of membership with Barmer.

(Offline) entry cards for contests:
It is also possible that, for example, after participating in an offline contest (e. g., using an entry card), you will give us consent to use the data as part of marketing mailing campaigns. In this case, this information can be used for email marketing campaigns.

Data or usage data for personalization

  • Start and end time of use
  • Opening the newsletter
  • Clicking on newsletter content
  • Salutation
  • First name
  • Last name
  • Postcode
  • Address
  • Email address
  • Consents, e. g., to receive a newsletter
  • Date of birth
  • Membership status
  • Interests
  • Expected date of birth of a child
  • Gender
  • Information about children
  • Graduation year
  • Telephone number
  • Other information as part of a registration form

Withdrawal of personalization

You can withdraw your consent for the storage of your personal data at any time. In addition, you can unsubscribe at any time using the following email address: datenschutz@barmer.de. The withdrawal of your consent has no effect on the lawfulness of the processing up to the time of withdrawal. Due to the lead times of the technical and organizational processes, it is possible in exceptional cases that the personalization of content as described in this section will continue for up to two weeks after your withdrawal of consent.

Legal basis

The legal basis for the data processing described in this section is Art. 6 paragraph 1 sentence 1 lit. a GDPR (consent).

Barmer is responsible as the organizer for the contests that are available and offered in a wide variety of media.

Contact details of the data controller, the data protection officer and competent supervisory authorities can be found in the relevant section further down in this data protection statement.

In the context of participation in contests, Barmer will process the personal data as the organizer and store them for the duration of the statutory retention periods if this is necessary for the establishment of the legal relationship with the participant and for the subsequent implementation and processing of the contest (Article 6 paragraph 1 lit. b GDPR). Further declarations of consent for promotional purposes are made on the basis of Article 6 paragraph 1 sentence 1 lit. a GDPR.

Technically, the collection and processing of personal data is carried out using the double opt-in process. For sending emails and handling the double opt-in process, we use Inxmail, an email service provider based in Freiburg, Germany. Data processing is carried out exclusively in Germany and is limited to online contests only.

In particular, this involves the following personal data:

Depending on the contest, the postal address and/or the email address of the participant for the purpose of notification of the prize and/or delivery or provision of the prize as well as the participant's telephone number to be able to ensure notification of the prize in the event of accidentally incorrect data entries, and the date of birth for the purpose of age verification.

For detailed information on the individual contests, the relevant legal bases and the purposes of data processing, please refer to the respective conditions of participation.

Depending on the contest, the data may be transferred to service providers such as specialist retailers, tour operators or other third parties providing services on behalf of Barmer (processing, Article 28 GDPR).

Information about the rights of data subjects can be found in the relevant section further down in this data protection statement.

Chat in the public area of the website

See "Communication with members"

Login code processes (no Barmer user account required)

Via www.barmer.de, insured persons have the option of submitting selected feedback online to Barmer using a login code provided by Barmer or filing applications using the login code provided.

Further personal data are recorded for the use of the respective services. The personal data that are transmitted to Barmer in this process are shown in the respective input form. The relevant data protection information is also available in connection with the corresponding service.

All additional data created in connection with the other services will only be used for the relevant purpose and will not be passed on to third parties.

Reporting barriers to accessibility

The feedback mechanism is crucial for the continuous improvement of accessibility. Via the feedback mechanism, we as the operator of the website and/or the mobile application receive indispensable information for the further reduction of barriers. In addition, we receive information about how often problems are raised by users. Pursuant to Section 12b (2) no. 2 in conjunction with Section 1 (2) sentence 1 of the German Act on Equal Opportunities for Persons with Disabilities (BGG), we are obliged as a direct corporation under public law to provide users of our website and/or mobile application with the opportunity to contact us electronically, e. g., to report existing barriers to accessibility. Barmer is obliged to respond within a month to any reports. For this purpose, we process the data required to fulfill the relevant task. The personal data that are transmitted to Barmer in this process result from the feedback form. We receive the data to pursue the aforementioned purposes. Your data will not be forwarded to third parties. The data are stored for the duration of processing the query in accordance with the legally prescribed retention periods and then deleted. There is no obligation to enter any contact details in the feedback form. If you do not provide your contact details, we will not be able to respond to your feedback or tell you what action, if any, we have taken as a result of your report.


With the apps and skills of Barmer, you always have your health insurance with you. You can find an overview of Barmer's other digital services here: The apps and skills of Barmer

For more information about the processing of your personal data while using any other digital services, refer to the data protection information in the relevant app.

You have the option of using the personal member area Meine Barmer. You can access this area via the website www.barmer.de/meine-barmer (data protection information for the Barmer website) or via the Barmer app (data protection information for the Barmer app). First, you need to register and create a Barmer user account (data protection information for the Barmer user account).

When you create a Barmer user account, we collect and process personal data. You can find out more about this in the data protection information for the Barmer user account.

Through Meine Barmer, we offer services, applications and contents exclusively for BARMER policyholders. You can also communicate with us and send messages and mail to Barmer electronically.

During the process of registration and creation of a Barmer user account, the user's consent to the processing of such data is obtained. The additional legal basis for the processing of these data is Article 6 paragraph 1 sentence 1 lit. b GDPR. The purpose of the processing is to provide the services and content in Meine Barmer.

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. This applies to the data processed during the use of Meine Barmer as soon as the data are no longer required for the performance of the contract and the deletion no longer conflicts with any legal obligations to retain the data. This principle also applies to the deletion of the Barmer user account (data protection information for the Barmer user account). 

If you use the personal member area Meine Barmer, the data are processed for the following purposes:

  • Identification or determination of your membership with us or the family insurance with a relative who is a member of Barmer
  • Provision of services and content exclusively for Barmer policyholders in the personal member area Meine Barmer

The legal basis for the processing of these data based on your consent is Article 6 paragraph 1 sentence 1 lit. a GDPR. If the registration serves for the performance of a contract to which you as a user are a party or in order to take steps prior to entering into a contract, the additional legal basis for the processing of the data is Article 6 paragraph 1 sentence 1 lit. b GDPR.

The Barmer user account is used to login to the personal member area (data protection information for the Barmer user account). Information on data collection and processing within the framework of the Barmer user account can be found in section "Data protection information for the Barmer user account".

Scope of services in Meine Barmer

In the Meine Barmer area, you have the option of using services such as submitting applications for benefits. You can also initiate the change of personal data or manage them.

Individual services require additional information and data from the user. These are queried when the respective extended service is called, if necessary. These data are required by Barmer exclusively for the provision of the respective service.

Further personal data are recorded and processed for the use of the respective services. The personal data that are transmitted to Barmer in this process result from the input form of the relevant service. Likewise, if necessary, further data protection information is stored at the respective service.

All additional data created in connection with the other services will only be used for the relevant purpose and will not be passed on to third parties.

In the case of queries by the user, it may be necessary for Barmer employees to access the data of the user of the respective service in order to answer the queries, provided that this is permitted under data protection law. All employees involved in managing the services are subject to the duty of confidentiality and are obliged to comply with social security data protection.

You can deactivate or unsubscribe from individual services. If you deactivate or unsubscribe from a service, the data you have stored for this purpose will be deleted in compliance with the legal deletion requirements.

Mailbox

The mailbox is an integral part of the Barmer user account and cannot be deactivated. The mailbox serves for the secure communication between insured persons and Barmer in accordance with data protection regulations. Insured persons can use the mailbox to send or submit documents or information to Barmer. For cases where Barmer cannot process the submission, the mailbox is used as a return channel for this very information. Barmer posts information to the mailbox from various services.

Messages in the mailbox are kept there for 2 years and then deleted. If the user account is terminated by the insured, the mailbox messages are also deleted at the end of the user account.

Notification of incoming mail

Insured persons are notified by Barmer of incoming mail. Notification is made by email and/or SMS, linked to the information (email address) from the Barmer user account or telephone number, which can be stored by the insured specifically for these notifications.

For mailbox use via the Barmer app, there is also the option for insured persons to be notified of incoming mail via a push message on their mobile device. For more information on push messages, see the data protection information for the Barmer app.

Health Manager

Your customer and billing information will be used to use the Health Manager. This data is used to recommend preventive checkups and vaccinations that you have not yet completed and to calculate your current dental bonus. For full transparency, you can view all billing statements from doctors, pharmacies, etc. All additional data created in the Health Manager will not be used for any purpose other than health management and will not be forwarded to third parties. If you deactivate the Health Manager, the data you have filed will be automatically deleted and you will no longer receive notifications by email.

Notifications from the Health Manager

Persons insured will be notified of any messages sent from Health Manager. The notice is sent to the email address filed in the Barmer user account.

Compass

The Barmer Compass is an essential component of the Meine Barmer application. In the Compass, you will find all notifications of sickness submitted during the last three years with their respective processing status. For example, you can see when a notification of sickness was received and processed by Barmer. In addition, you will receive information on how your insurance benefit (e. g., sickness benefit, injury benefit) is calculated and when and in what amount it was paid.

The basis for the data displayed in the Barmer Compass is the data stored by Barmer in connection with notifications of sickness / calculation of various insurance benefits. Within the Compass in Meine Barmer, the data are only displayed but not stored.

Transmission of documents via upload in Meine Barmer and the Barmer app

If you use the file upload function to transmit documents digitally to Barmer (for example, when submitting an application), please keep the original documents for 1 year for legal reasons.

Service chat within Meine Barmer

Barmer offers a chat under Meine Barmer. This service is only available via Meine Barmer on the website and not via the Barmer app.

The Barmer service chat is an electronic communication service in the personal member area Meine Barmer, which you can use to talk to a Barmer advisor in real time via the internet. You can ask questions that you would have asked on the telephone or in person at one of our offices.

The Barmer service chat is offered in a separate window, which opens when you click on the corresponding button.

In order to use the service chat, you must agree to the terms of use and the declaration of consent.

If you use the Barmer service chat from the personal member area Meine Barmer, your name and insurance number will be displayed to our advisor.

If you have provided us with personal data, we will only use them to answer your queries, to process the contracts concluded with you and for technical administration purposes.

If the resulting personal data are no longer necessary to fulfill tasks under the provisions of the German Social Code (such as for granting benefits or assessing contributions), these chat data will be deleted after 12 months. If these data are required in accordance with the provisions of the German Social Code (SGB), then the retention period depends on the respective processing purpose. Different retention periods apply here, which are regulated in Section 110a SGB IV, Section 304 SGB V, Section 107 SGB XI and in the General Administrative Regulation on Social Insurance Accounting (SRVwV) for statutory health insurance funds. The personal data will not be disclosed to third parties.

At the end of the chat session, the chat log will be sent to the user's online mailbox at Meine Barmer.

Video telephony within Meine Barmer

Barmer offers the option of video telephony in Meine Barmer. The prerequisite is access to the personal member area Meine Barmer. This service is only available via Meine Barmer on the website and not via the Barmer app.

Barmer video telephony is an electronic communication service, which you can use to talk to and see a Barmer advisor in real time via the internet.

You can clarify questions with an advisor that you would otherwise have asked on the telephone or in person at one of our offices.

Barmer video telephony is offered in a separate window, which opens when you click on the corresponding button.

If you have accepted the terms of use and declaration of consent, you must allow access to your camera and microphone. If you click the "Share microphone and camera" button for this purpose, the browser you are currently using (e. g., Mozilla Firefox) will prompt you to allow access to your camera and microphone. After that, you can start video telephony by clicking the "Start video telephony" button. A video image of the Barmer advisor will be displayed, with whom you can speak personally.

Your name, policy number and your own video image will be transmitted to our advisor via your camera, and your voice via your microphone.

If you have provided us with personal data, we will only use them to answer your queries, to process the contracts concluded with you and for technical administration purposes.

If the resulting personal data are no longer necessary to fulfill tasks under the provisions of the German Social Code (such as for granting benefits or assessing contributions), these data will be deleted after the end of the video session. The personal data will not be disclosed to third parties.

JavaScript is required to use Barmervideo telephony.

Video telephony is supported by the following browsers:

  • Google Chrome (from version 33)
  • Mozilla Firefox (from version 26)
  • Opera (from version 20)
  • Safari (from version 11.2)
  • Microsoft Edge 

We want you to feel safe when using the Barmer app. Therefore, the protection of your personal data is very important to us. We tell you when we store which data and what we use them for.

Personal data are only collected on the Barmer website to the extent necessary for technical purposes. Under no circumstances will the collected data be sold or disclosed to third parties for other reasons without your consent. Barmer adheres strictly to regulations relating to data protection.

The provisions of the EU General Data Protection Regulation (GDPR), which came into force on 25 May 2018, provide for a strengthening of your rights and are intended to give you more sovereignty over your personal data. With our information on data processing, you can quickly and easily get an overview of what personal data and social data we collect from you and what we do with such data. We also inform you about your rights under applicable data protection legislation and whom you should contact if you have any questions.

What is the Barmer app?

The Barmer app represents the personal member area for insured persons in the form of an app. Accordingly, the scope of services is almost identical to the Meine Barmer service on the website.

To use the Barmer app, you need a Barmer user account for Barmer's digital services. You can register for these services via the app.

Who provides the Barmer app?

The data controller for the processing of personal data in connection with the Barmer app is Barmer, Axel-Springer-Str. 44, 10969 Berlin.

Contact details of the data protection officer

Barmer, Datenschutzbeauftragte [Data Protection Officer], Lichtscheider Straße 89, 42285 Wuppertal
Post address: Barmer, Datenschutzbeauftragte [Data Protection Officer], 42266 Wuppertal, Email: datenschutz@barmer.de

Is the use of the Barmer app voluntary?

Use of the Barmer app is voluntary for every Barmer policyholder. It is therefore solely your decision whether and how you use the Barmer app. Your Barmer user account will only be opened at your express request. If you decide to create a Barmer user account, you can also use the Barmer app as an option.

Even though the use of the Barmer app is voluntary, it requires your consent to the terms of use and consent to the transfer of personal data.

Your consent will be requested by the Barmer app as soon as this is necessary. This happens, for example, during registration or activation of the additional services.

Who is the Barmer app aimed at?

The Barmer app is available to all insured persons with an existing insurance relationship with Barmer.

Prerequisite for using the Barmer app is an activated Barmer user account for the digital service offerings of Barmer as well as the installation of the Barmer app.

What steps are required to successfully launch the Barmer app?

Download from the app stores

The Barmer app is available via distribution platforms operated by third parties, i.e. the app stores (Google Play Store and iOS App Store). The download may require prior registration with the relevant app store and installation of the app store software. When you download the app, the required information is transferred to the App Store, including but not limited to your user name, email address and customer number of your account, time of download, payment information, and individual device identification number. Barmer has no control over the collection, processing and use of personal data in connection with your registration and the provision of downloads in the respective app store and app store software. The operator of the respective app store is the sole controller in this respect. Please check directly with the respective app store provider if needed.

Registration process

To use the Barmer app, you need a Barmer user account for the digital services offered by Barmer (data protection information for the Barmer user account).

What permissions and functions does the Barmer app require on the device?

The Barmer app requires access to various functions and interfaces on your smartphone. This requires that you grant certain permissions to the Barmer app.

The Barmer app requires access to the internet connection. You do not have to explicitly grant this consent.

Furthermore, the Barmer app requires the following permissions for additional functions, which you can grant manually:

Access to the camera

  • Access is required for uploading documents.

Access to the gallery or to the files in the device memory

  • To upload images or documents from your device memory, the Barmer app needs access to this device memory.

Access to telephony (Android 8 to 9 only)

  • The Barmer app only works if you grant phone permission. The app uses this permission solely to recognize the device associated with your user account. If you grant permission, the app will not make calls, send SMS or access your contacts.

Technical prerequisites

To use the Barmer app, your device needs the following minimum technical requirements:

  • For devices with iOS operating system, at least version iOS 12 is required.
  • Devices with Android operating system require at least Android version 6.

Sign in with Touch ID and Face ID (iOS) or fingerprint and facial recognition (Android)

Signing in with Touch ID or Face ID (iOS) or fingerprint and face recognition (Android) can be used instead of logging in with username and password.

  • For this, your smartphone requires at least the entry of a code for unlocking and Touch ID or Face ID (iOS) or face recognition or fingerprint (Android). Only sufficiently secure devices from Android 9 are supported.
  • The biometric data used (fingerprint, face recognition) can only be accessed by the device's security mechanisms. Barmer does not have access to these data at any time. 
  • Your login data are stored encrypted on the relevant device. Access is only possible after successful recognition of the finger or face by the device. The login data are only available on this device and are excluded from backups and synchronization with other devices.
  • For your security, you should only use your own fingerprints and your own face on this device, and if you lose the device, you should immediately have your account blocked via the free telephone service 0800 333 10 10, have the SIM card blocked and ensure that your emails can no longer be accessed from the device.
  • After changing the password or the stored biometric data (fingerprint, face), a new login with password is required to use the function again.
  • You can change this function at any time in the app settings.

Notifications (so-called push messages)

The Barmer app notifies you of new events via local push notifications. These do not contain sensitive information in their text. The prerequisite for this is that you allow the app to send you messages (banners, sounds).

You can enable notifications of new events after logging into the Barmer app. For example, when a new message is available in your mailbox, you will be notified via a push message on the device.

Only identifiers generated for the app installation are transferred. No further features are transmitted for analysis purposes.

You can disable this function at any time in the app settings.

Android

  • Google Firebase Cloud Messaging is used to deliver the notifications.

iOS

  • On iOS, notifications are delivered via Google Firebase cloud messaging and the Apple Push Notification service.

Operating system security check (Android)

The security of your device may be compromised if the original operating system has been modified. The Barmer app therefore checks the integrity of the operating system installation when the app is started.

Affected users will be informed and should rule out a malicious and unwanted change to the operating system before continuing to use the BarmerR app.

However, the app can still be used without functional restrictions at the user's request after taking note of the displayed security notice.

The check is performed using Google SafetyNet Attestation. During the check, information about the hardware and software installed is sent to Google.

The check is performed immediately after the app is launched and cannot be turned off.

What types of data are processed automatically by the Barmer app?

Master data (Section 14 (1) of the German Telemedia Act)

For the use of the Barmer app, the data from the Barmer user account are transferred.

What data are stored in the device memory of the local end device?

What data are stored locally on the phone's internal device memory?

The Barmer app stores configuration information in encrypted form on devices with iOS or Android operating system.

When you download documents from your Barmer app to your device, they are stored locally on your device.

Is it possible to store documents on external storage media (SD cards) of the smartphone?

You can save the documents in your Barmer app to your device. Some devices with Android operating system support memory expansion with external storage media. In these cases, you can also save documents to your memory card on your own responsibility.

Are personal data only stored to the extent and for as long as it is necessary for the operation of the app?

In devices with:

  • Android operating system, the encrypted configuration data are deleted when the Barmer app is uninstalled.
  • iOS operating system, the configuration data stored and encrypted in Keychain are retained when the Barmer app is uninstalled.

Is usage behavior analyzed in the Barmer app?

Web tracking

Barmer regularly analyzes user behavior to optimize the Barmer app. We use so-called "web tracking" to evaluate, for example, how frequently our online services are visited and what content is particularly valuable for the user. For this purpose, anonymized data are collected and stored, and usage profiles are created from these data using pseudonyms. For technical purposes, we use cookies that enable the re-recognition of an internet browser.

When implementing web tracking, we use the technologies of econda GmbH, which holds the TÜV Verified Data Protection certificate of TÜV Saarland for the field of web controlling.

You can change your consent or objection to the analysis of usage behavior under "Analytics for improvements" in the app settings.

Tag management

With the Tealium iQ tag management system, pixels from the providers named in the data protection notice are loaded on the web pages of Barmer. Tealium uses cookies to record exclusively non-personal data. This cookie becomes invalid after 12 months. The following information is stored in the Tealium cookie: 

  • Time stamp of the website visit
  • ID for the page visit
  • ID for the visitor
  • ID for the session 

You can disable the sending of usage data (usage statistics) at any time in the app settings.

Error report

We use a tool (Google Firebase Crashlytics) to analyze app errors and fix problems. In the case of technical irregularities, the tool automatically collects data and information of the calling device as follows:

Scope of the processing of data 

  • Mobile device type
  • Operating system
  • App version
  • Screen resolution
  • Date and time
  • Contents and functions accessed 

These are sent to us by the tool in real-time crash reports and error reports, and then analyzed.

Legal basis for the processing of personal data

  • Article 6 paragraph 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below. 

Purpose of data processing

  • Logging serves to maintain compatibility and stability of the app for as many users as possible and to prevent abuse as well as for troubleshooting. For this purpose, it is necessary to log the technical data of the retrieving end device to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our app. In addition, we use the data to optimize the app and to generally ensure the security of our information technology systems.

Duration of storage

  • The aforementioned technical data are deleted as soon as they are no longer needed to ensure the compatibility of this app for all visitors, but no later than 90 days after using the app.

Right to object

  • You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Article 6(1)(f) GDPR.
  • The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
  • You can change your consent or objection to the analysis to ensure freedom from errors and demand-oriented further development at any time under "Analyses for improvements" in the app settings.

Feedback to the app

Another feature that contributes to the bug-free and user-oriented further development of the Barmer app is the feedback function. Under "Profile" and "Report a problem with the app“, you can report problems with the app to Barmer. To understand the context of your feedback, the following data are sent along with it: 

  • Insurance number
  • Device model and operating system version
  • Version of the Barmer app

What cookies are set by the app?

Cookies are small text files that are stored in the device memory of your mobile device and also assigned to the mobile app you are using. Through cookies, certain information can be sent to the entity that sets the cookie (here: us). Cookies cannot execute programs or transfer viruses to your mobile device. They serve to make mobile apps more user-friendly and effective overall.

We use cookies to implement important user functions. Whenever you use an online service, you simply receive an identification number contained in a cookie. Stored cookies thus contain no personal data. They are deleted after your visit. The cookies are stored neither on your local hard drive, nor on our server.

For more information about cookies, refer to the section on data protection for the Barmer website.

IP addresses

Barmer automatically collects and stores information transmitted to us by your browser in its server log files.

Your IP address is stored for a short period in connection with your access to our servers. This information is stored so that we can detect IT threats, such as spam, viruses, or attacks on our servers, or track them down later.

The requirements of the German Telemedia Act (Telemediengesetz, TMG) are fulfilled.

Scope of services

See data protection information for the personal member area Meine Barmer

How are your data protected?

Whenever you are asked to enter data about yourself, your data will be protected during the data transfer over the internet by means of TLS encryption, which means that your data cannot be read by unauthorized persons. We use TLS encryption with a 256-bit key.

All personal data entered by you are stored on a specially protected server. Access to this server is only granted to a small number of authorized Barmer employees and agents, who are entrusted with the technical and editorial maintenance of the Barmer websites.

Security is given top priority at Barmer. This we have had our web presence thoroughly tested by an independent body. Experts have confirmed to us that the Barmer system guarantees the highest-possible level of security.

Our data center, for example, is certified in accordance with ISO/IEC 27001, is subject to ongoing security checks, and is sealed off from the outside through various measures such as firewalls.

Are data disclosed to third parties?

Your data are treated strictly confidentially. Your data are not disclosed to third parties. The data generated when using the Barmer app are processed exclusively on servers in Germany or within the European Economic Area (EEA) or another EU or EEA member state.

What is the Barmer user account?

The Barmer user account is the prerequisite for insured persons to access and use the secure online services provided by Barmer. Registration (authentication, identification) is required for the user account.

The following steps are necessary to create the Barmer user account:

  • Selecting a username
  • Selecting a password.
  • Entry of an email address
  • Entry of a telephone number
  • Consent to the terms of use
  • Acceptance of the data protection declaration of consent
  • Verification of email address and telephone number
  • Entry of the activation code sent by mail

The following personal data are processed as part of the Barmer user account:

  • UUID
  • First and last name
  • Address (street, house number, postcode, city)
  • Date of birth
  • Username selected (display for support purposes)
  • Password selected
  • Insurance number
  • Email address
  • Telephone number
  • Electronic health insurance card (eGK)
  • Device binding
  • mobileTAN (mTan)
  • Activation code
  • One-time password

The user account is also a prerequisite for using the eCare app. This requires device binding of the Barmer app. From the Barmer user account, you can generate an activation code for using the eCare app. The activation code is automatically transferred to the eCare app so that you only need to enter your username and password to log in (data protection declaration for Barmer eCare and the Barmer eCare app).

In addition, the following data are transferred to the eCare app to enable your personal salutation in the eCare app and to technically check whether you have already agreed to the data protection provisions of the eCare app: display name (consisting of title, salutation, first name and last name) and health insurance card number.

Who provides the Barmer user account?

Data controller of the Barmer user account is Barmer, Axel-Springer-Str. 44, 10969 Berlin.

Barmer is responsible under data protection law for processing the personal data of the Barmer user account.

You can reach the Barmer data protection officer at the address Lichtscheider Straße 89, 42285 Wuppertal and by email at: datenschutz@barmer.de

Sign in with Touch ID and Face ID (iOS) or fingerprint and face recognition (Android)

See data protection information for the Barmer app

Logging in the event of incorrect entries or locking of the password

In order to prevent misuse of personal access data to Barmer, also in your interest, the following processes are logged: 

  • login processes,
  • failed login processes,
  • the transaction triggered

Here, the user ID, time, date, type of identification and a transaction identifier are logged. In the case of failed logins, the IP address is also stored.

The purpose of processing of these data is 

  • to prevent misuse of our services and
  • to clarify any crimes committed in case of need.

The legal basis for the processing of these data is Article 6 paragraph 1 sentence 1 lit. f GDPR. These purposes also represent our legitimate interest in the processing. The data are deleted if no longer required for the processing purposes.

Is the usage behavior analyzed in connection with the Barmer user account?

The last time you logged in is saved to your Barmer user account. To be able to check whether you have agreed to the most current version of the terms of use and data protection policy, this point in time is compared with the consents stored. If there have been any changes to the terms of use or data protection declaration since you last logged in, we will inform you about them in the login process.

See also: Data protection information for the website

The legal basis for the processing of data in the context of the creation of the Barmer user account is Article 6 paragraph 1 lit. a GDPR (consent).

Purpose of data processing

The purpose of data processing is the legally compliant authentication and identification of the insured person and to prevent the misuse of data and identity theft.

How are the data protected?

Whenever you are asked to enter data about yourself, your data will be protected during the data transfer over the internet by means of TLS encryption, which means that your data cannot be read by unauthorized persons. We use TLS encryption with a 256-bit key.

Are data disclosed to third parties?

The data will not be forwarded to third parties.

How long are the data in the Barmer user account stored?

The data are stored, as long as the Barmer user account is active or is locked. When the user deletes the Barmer user account, the data of the Barmer user account are deleted.

How can you delete your Barmer user account?

Users can delete the Barmer user account at any time in the personal member area Meine Barmer on the website or via the Barmer app under "Manage Barmer user account". Barmer may delete the Barmer user account on behalf of the user or the insured person.

You can read the data protection declaration for Barmer eCare and the eCare app here.

The guideline of the National Association of Statutory Health Insurance Funds "Contact with insured persons" defines minimum requirements for measures to be taken for secure identification.

With this in mind, Barmerhas developed customer-friendly solutions that simultaneously ensure appropriate protection of communications. In the following, we provide you with an overview of this.

Chat in the public area of the website

Barmer offers a chat function on its homepage. The user is not required to prove his or her identity.

The Barmer chat is an electronic communication service, which you can use to talk to a Barmer advisor in real time via the internet.

Please note that we can only provide general information and no binding information within the framework of this anonymous online service. The Barmer chat is a text-only chat where text characters are exchanged.

The Barmer chat is offered in a separate window, which opens when you click on the corresponding button.

If you use the chat without having logged in to Meine Barmer beforehand, no data will be transferred.

If you have provided us with personal data, we will only use them to answer your queries, to process the contracts concluded with you and for technical administration purposes.

If the resulting personal data are no longer necessary to fulfill tasks under the provisions of the German Social Code (such as for granting benefits or assessing contributions), these chat data will be deleted after 12 months. If these data are required in accordance with the provisions of the German Social Code (SGB), then the retention period depends on the respective processing purpose. Different retention periods apply here, which are regulated in Section 110a SGB IV, Section 304 SGB V, Section 107 SGB XI and in the General Administrative Regulation on Social Insurance Accounting (SRVwV) for statutory health insurance funds. The personal data will not be disclosed to third parties.

Service chat in the personal member area Meine Barmer

See data protection information for the personal member area Meine Barmer

Video telephony in the personal member area Meine Barmer

See data protection information for the personal member area Meine Barmer

Video telephony in the public area of the website

Barmer offers the option of using video telephony, provided this has been agreed in advance between the user and Barmer.

Barmer video telephony is an electronic communication service, which you can use to talk to and see a Barmer advisor in real time via the internet.

You can clarify questions with an advisor that you would otherwise have asked on the telephone or in person at one of our offices.

Barmer video telephony is offered in a separate window, which opens when you click on the corresponding button.

If you have accepted the terms of use and declaration of consent, you must allow access to your camera and microphone. If you click the "Share microphone and camera" button for this purpose, the browser you are currently using (for example, Mozilla Firefox) will prompt you to allow access to your camera and microphone. After that, you can start video telephony by clicking the "Start video telephony" button. A video image of the Barmer consultant will be displayed, with whom you can speak personally.

Your name and your own video image will be transmitted to our advisor via your camera and your voice via your microphone.

If you have provided us with personal data, we will only use them to answer your queries, to process the contracts concluded with you and for technical administration purposes.

If the resulting personal data are no longer necessary to fulfill tasks under the provisions of the German Social Code (such as for granting benefits or assessing contributions), these data will be deleted after the end of the video session. The personal data will not be disclosed to third parties.

Email

Unencrypted emails have the potential to be read by third parties. If you send us an email, your email address will only be used for general correspondence with you. We are not allowed to send any data protection-relevant content to you by email without encryption. Therefore, in your own interest, we respond to personal benefits inquiries containing sensitive social data via conventional mail or in the protected Barmer mailbox, provided you are registered for this service.

When sending emails to Barmer, please note that certain attachments (for example, password-protected ZIP files or signature files) cannot be delivered due to security requirements imposed by our systems.

In addition to communication via email, you have the option of using the online mailbox (registration required) or the contact form on our website for secure communication with Barmer.

Consultations

Please have an official identification document (e. g., your electronic health card (eGK) or your ID card) ready for identification for any consultations.

Telephone

On the telephone, we will ask you various data to ensure your identity.

Telefax

Sending faxes is not encrypted and is associated with risks. Barmer therefore does not transmit sensitive personal data by fax as a matter of principle.

Encryption

Whenever you are asked to enter data about yourself, your data will be protected during the data transfer over the internet by means of TLS encryption, so your data cannot be read by unauthorized persons. We use TLS encryption in the most recent version.

Information about data processing pursuant to Articles 13 and 14 GDPR

Data controller:

Barmer, Axel-Springer-Str. 44, 10969 Berlin
Telephone: 0800 333 10 10
Email: service@barmer.de

 

Contact details of the data protection officer:

Barmer, Datenschutzbeauftragte [Data Protection Officer], Lichtscheider Straße 89, 42285 Wuppertal
Postal address: Barmer, Datenschutzbeauftragte, 42266 Wuppertal
Email: datenschutz@barmer.de

 

Processing purposes and legal bases

The Barmer health and long-term care insurance fund processes personal data and social data to fulfill its statutory mandate. We process your data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and based on the provisions of the German Social Code (SGB) and all other applicable laws relevant to data protection. In the following, we inform you about the processing purposes and legal bases in both the health insurance and the welfare insurance:

Health insurance

  • Preservation, restoration and improvement of the state of health of our policyholders (Section 1 SGB V)
  • Financing of services and other expenses by collecting contributions from employers and members (Section 3 SGB V)
  • Verification of the existence of an insurance relationship and of membership, including the data required for initiating an insurance relationship (Section 284 (1) no. 1 SGB V)
  • Issuing vouchers and the electronic health insurance card (Section 284 (1) no. 2 SGB V)
  • Establishing the obligation to contribute and the amount of the contributions as well as responsibility for funding and payment of them (Section 284 (1) no. 3 SGB V)
  • Reviewing the obligation to provide benefits and the provision of such benefits to the policyholders, including the circumstances in which the provision of benefits may be restricted, as well as identification of the payment status and performance of the procedures relating to cost refunds, refund of contributions, and establishing the limits of capacity to pay (Section 284 (1) no. 4 SGB V)
  • Support for the policyholders in the event of medical treatment errors (Section 284 (1) no. 5 SGB V)
  • Cover of medical treatment costs in accordance with Section 264 SGB V (Section 284 (1) no. 6 SGB V)
  • Involvement of the German Health Insurance Medical Service (MDK) (Section 284 (1) no. 7 SGB V)
  • Accounting and settlement with care providers, including review of the lawfulness and plausibility of cost statements (Section 284 (1) no. 8 SGB V)
  • Monitoring the cost-effectiveness of service provision (Section 284 (1) no. 9 SGB V)
  • Accounting and settlement with other funding agencies (Section 284 (1) no. 10 SGB V)
  • Settlement of claims for reimbursement or compensation (Section 284 (1) no. 11 SGB V)
  • Preparation, agreement and execution of remuneration agreements in the sense of Section 87a SGB V (Section 284 (1) no. 12 SGB V)
  • Preparation and execution of pilot projects, care management in accordance with Section 11 (4) SGB V, contracts for integrated forms of care and for outpatient-based provision of highly specialized services, including the execution of performance and quality audits, provided that contracts have been concluded without involving the Association of Statutory Health Insurance Physicians (Kassenärztliche Vereinigung) (Section 284 (1) no. 13 SGB V)
  • Implementation of structural risk adjustment as well as preparation and implementation of structured treatment programs, including the recruitment of policyholders for participation in them (Section 284 (1) no. 14 SGB V)
  • Implementation of discharge management in accordance with Section 39 (1a) SGB V (Section 284 (1) no. 15 SGB V)
  • The selection of policyholders for measures in the sense of Section 44 (4) sentence 1 SGB V and Section 39b SGB V as well as their implementation (Section 284 (1) no. 16 SGB V)
  • Monitoring of compliance with the contractual and legal duties of the providers of medical aids pursuant to Section 127 (5a) SGB V (Section 284 (1) no. 16a SGB V)
  • Performance of the tasks of the health insurance funds as providers of rehabilitation services pursuant to SGB IX (Section 284 (1) no. 17 SGB V)
  • Recruitment of new members (Section 284 (4) SGB V)
  • Compensation for employer's expenses for continued pay pursuant to the Expenditure Compensation Act (AAG), Continued Remuneration Act (EntgFG) and Maternity Protection Act (MuSchG)

Long-term care insurance 

  • Support of people in need of care who are reliant on assistance due to the severity of their need (Section 1 (4) SGB XI)
  • Financing of benefits and other expenses by collecting contributions from employers and members (Section 1 (6) SGB XI)
  • Verification of the existence of an insurance relationship and of membership (Section 94 (1) no. 1 SGB XI)
  • Establishing the obligation to contribute and the amount of the contributions (Section 94 (1) no. 2 SGB XI)
  • Review of the obligation to provide benefits and the provision of such benefits to policyholders, as well as the settlement of claims for reimbursement or compensation (Section 94 (1) no. 3 SGB XI)
  • Involvement of the German Health Insurance Medical Service (MDK) (Section 94 (1) no. 4 SGB XI)
  • Accounting and settlement with service providers and associated cost refunding (Section 94(1) no. 5 SGB XI)
  • Monitoring the cost-effectiveness, billing and cost reimbursement of the care services provided (Section 94 (1) no. 6 SGB XI)
  • Conclusion and execution of daily rate agreements, remuneration agreements and service and quality agreements (Section 94 (1) no. 7 SGB XI)
  • Consultancy on participation and nursing care services and aids (Section 94(1) no. 8 SGB XI)
  • Coordination of nursing aids, nursing care consultancy and the performance of tasks at the long-term care nursing care operation centers (Section 94 (1) no. 9 SGB XI)
  • Statistical purposes (Section 94 (1) no. 10 SGB XI)
  • Assistance in the enforcement of claims for compensation (Section 94 (1) no. 11 SGB XI)

Furthermore, Barmer may process data if the data subject has given an express declaration of consent in accordance with Section 6 (1a) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 67b (2) of Book 10 of the German Social Code (SGB X). The declaration of consent is voluntary and can be revoked at any time for the future.

Notwithstanding the aforementioned purposes and legal bases, we may use your data for other purposes (change of purpose) without prior notice if the following conditions are met: 

  • It is a measure pursuant to Section 82 (2) SGB X.
  • Another legal basis allows the change of purpose without requiring notice in advance.
  • You have already given your express consent.
  • The data are pseudonymized.

Obligation to provide data and consequences of failure to do so

In order for Barmer to be able to perform its tasks, you must provide the personal data that are required in the individual case or that we are legally obligated to collect on the basis of your obligation to cooperate as specified in Sections 60 et seq. of the First Book of the German Social Code (SGB I). Without this data, we will generally not be able to fulfill our tasks fully or finally, which can result in disadvantages for you, such as in the context of granting benefits.

Voluntary information, such as your telephone number or email address, is expressly excluded from this data. If you do not provide these data, it will not be considered as non-compliance with the obligation to cooperate and it will not put you at any disadvantage.

Your social data, which are processed by Barmer, are subject to the data protection regulations of SGB I, X, the German Federal Data Protection Act [BDSG – Bundesdatenschutzgesetz] and the General Data Protection Regulation (GDPR). BARMER ensures that the confidentiality of social data is maintained in accordance with Section 35 SGB I.

Automated individual decision-making

We also use automated processes in decision-making processes to the extent permissible. However, Barmer does not make any decisions based solely on automated processing, including profiling, within the sense of Article 22 GDPR.

Categories of recipients

Within Barmer, data access is granted to those offices that require your data to fulfill our contractual and statutory obligations.

Barmer transfers data (personal data) to the following recipients on the basis of the legal provisions of the German Social Code (SGB) or other legal provisions: 

  • German pension insurance fund
  • German Federal Employment Agency
  • German Accident Insurance Fund
  • Financial institutions within the scope of payment transactions
  • Federal Insurance Office for the Health Fund
  • Employers and paying agents
  • Pension administration authorities
  • Military district administration authorities
  • Fiscal authorities
  • Service providers
  • German Health Insurance Medical Service
  • Transmission in individual cases pursuant to Sections 67d et seq. SGB X
  • External contractors according to Article 28 GDPR in conjunction with Section 80 SGB X

If your data are passed on to external contractors engaged by Barmer, we have taken technical and organizational measures to ensure that the data protection regulations are observed.

If data are transferred to a recipient within one of the categories, you will be informed about the recipient, unless one of the exceptions listed under Section 82 (1) and (2) of SGB X or the prerequisite specified in Article 13 paragraph 4 GDPR applies. This means that the obligation to provide information does not apply if the data subject already has the information, if the storage or disclosure of the personal data is expressly regulated by legal provisions, or if informing the data subject proves impossible or involves a disproportionate effort.

Data transfer to a third country

As a rule, Barmer does not transfer any personal data to locations in third countries (outside the EU or EEA) or to international organizations.

Duration of data storage

Generally, the personal data provided by a data subject are deleted:

  1. If they are no longer required to perform a contract or to meet other retention obligations or for any legal reasons
  2. Upon withdrawal of consent granted
  3. If data storage is impermissible for any other statutory reasons
  4. If the deletion is necessary to fulfill a legal obligation or statutory retention obligations or due to other legal reasons

Different retention periods apply to the various purposes for processing social data, which are regulated in Section 110a SGB IV, Section 304 SGB V, Section 107 SGB XI and in the German General Administrative Regulation on Social Insurance Accounting [SRVwV – Allgemeine Verwaltungsvorschrift über das Rechnungswesen in der Sozialversicherung]. If your personal data is no longer required for the above-mentioned purposes and if it must not be retained pursuant to legal provisions, it will be deleted on a regular basis.

We process your personal data exclusively in accordance with the statutory provisions. This includes the following categories of personal data/social data:

Social data of members and insured persons
Personal data:

• Identifiers (for example member number)
• Last name, first name
• Address
• Photograph
• Date of birth
• Place of birth
• Telephone number
• Email address
• Indicator for family members
• Bank details
• Marital status
• Gender
• Nationality
• Membership of any bodies of the insurance fund
• Pension insurance number
• Tax identification number

Data on membership:
• Preceding insurance periods
• Start and end
• Responsible offices
• Indicator for granting benefits (for example reimbursement of costs, participation in special forms of care)
• Indicator for supplementary insurance

Data on the insurance relationship:
• Type of insurance
• Start and end
• Reasons for registration
• Information on the activity
• Contribution groups
• Remuneration/income/pension payments
• Data on exemption from contributions/insurance
• Data on the pension application/pension payment
• Employer/paying agency

Contribution and payment data (self-payers):
• Contribution payable
• Contribution paid
• Party liable to pay
• Contribution collection data
• Data on dunning procedure
• Tax identification number

Data on benefits:
• Type of benefit
• Diagnosis
• Service prescribers
• Service providers
• Duration of the benefit receipt
• Expected date of delivery/date of delivery
• Costs
• Data on suspension, interruption, rejection, termination of benefits
• Data on other service providers
• Data on commissioned services
• Data on compensation claims
• Data on pension claims
• Co-payments/additional payments
• Data on structured treatment programs, integrated care, model projects, care management
• Data on bonus programs
• Data on optional tariffs
• In the case of receipt of compensation benefits and reimbursement of contributions to health and long-term care insurance: Tax identification number
• Data relating to the computation, amount and payment of insurance benefits
• Data on the processing status

Data on the caregiver
• Master data such as under "Personal data"
• Start and end of the care activity
• Reasons for registration and periods
• Information on the verification of the pension insurance obligation
• Information on collection and payment of contributions to the pension insurance fund
• Information on professional qualification
• Data for statistical reports pursuant to Section 109 SGB XI

Data on the legal representative
• Last name, first name
• Address
• Telephone number
• Email address

Social data of businesses
• Identifiers (such as employer number, company number)
• Name
• Address
• Telephone number
• Email address
• Bank details
• Contribution payable
• Contribution paid
• Party liable to pay
• Data for the collection of contributions
• Dunning procedure data
• Responsible offices
• Data for tax audits
• Data on billing types
• Data on the implementation of the Expenditure Compensation Act (AAG)

Data on service providers
• Identifiers (for example doctor number)
• Name
• Address
• Telephone number
• Email address
• Data on professional qualification

Data on business partners and suppliers
• Identifiers (for example institution number)
• Name
• Address
• Telephone number
• Email address
• Bank details
• Data on billing

Data on recipients of publications
• Identifiers (for example type, scope of publication and serial number)
• Last name, first name
• Address
• Email address

Data on prospects
• Identifiers
• Last name, first name
• Address
• Telephone number
• Email address

IT service providers

Data center operation (gkv informatik). Provision of IT and telecommunication services, including:
• Provision of hardware and software
• Telecommunication
• Consultancy and support
• Maintenance and support
• Billing service providers
• Audit of invoices of service providers

Telephone service providers

• Service telephony

Document and data carrier destruction companies

• Disposal of files and data carriers
Service providers for advertising and market analysis
• Customer satisfaction surveys
• Market research
• Marketing measures

Lettershops, postal and parcel services, print stores

• Preparation and dispatch of information documents
• Printing services
• Newsletter (email)

Providers of digital health services

Provision of digital health services for Barmer, including:
• Barmer apps
• Card producer and trust center
• Electronic health insurance card

Archiving services
• Archiving of files

Where processes personal data of you, you can exercise the following rights by using the contact details mentioned in section "Contact details of the data controller, the data protection officer and competent supervisory authorities" if the legal requirements are met:

  • In the case of data processing based on consent, you have the right to revoke that consent at any time with effect for the future.
  • The rights arising from Articles 15, 16, 17, 18, 20 and 21 of the GDPR (right of access by the data subject, right to rectification of inaccurate data, right to erasure, right to restriction of processing, right to data portability, right to object).
  • The right to contact the Barmer data protection officer to raise your concerns (Article 38 paragraph 4 GDPR).
  • The right to lodge a complaint with a competent supervisory authority for data protection. For this purpose, you can contact the competent supervisory authority for Barmer.

The aforementioned rights can only be fulfilled by Barmer if the data to which the claims made relate can be clearly assigned to your person.

If you have any technical questions or questions about the use of your personal data by Barmer, please contact us first – either by email to service@barmer.de or by telephone on 0800 333 1010 (calls from German landlines and mobile phones are free of charge). You can reach us by conventional mail at Barmer, 42266 Wuppertal.

In addition, you can contact our data protection officer by email at datenschutz@barmer.de. You can reach our data protection officer by mail at Barmer, Datenschutzbeauftragte, 42266 Wuppertal.

The contact details of our supervisory authorities are:

  • Der Bundesbeauftragte für Datenschutz und die Informationsfreiheit [Federal Commissioner for Data Protection and Freedom of Information]
    Graurheindorfer Str. 153, 53117 Bonn, email: zast@bfdi.bund.de.
  • Bundesamt für Soziale Sicherung [Federal Office for Social Security}, Friedrich-Ebert-Allee 38, 53113 Bonn, email: poststelle@bas.bund.de.

Manage cookies

Please refer to Cookie Management (German only) to see how you have decided to use cookies and what customization options are available.

Contact

members within Germany
0800 333 0060

members outside Germany
+49 202 568 333 0060

interested persons within Germany
0800 333004 996666

interested persons outside Germany
+49 202 568 996666

 

Chat for interested persons

I am not a customer of Barmer but I am interested in membership.

Chat for interested persons

Chat for customers

Take advantage of our data protection secure consultation.

Chat for members (only German)

members to service@barmer.de
interested persons to interest@barmer.de


Webcode: e020006 Last update on: 06.10.2021
To top