The General Data Protection Regulation (GDPR) requires that all responsible bodies shall maintain a record of all categories of processing activities under their responsibility. The records of processing activities include the following information:
53819 Neunkirchen Seelscheid
Commercial register: Siegburg HRB 4701
USt.-Id-Nr.: DE 212252105
DR-WALTER Versicherungsmakler GmbH
Commercial register: Siegburg HRB 14554
USt.-Id-Nr.: DE 314696745
Dipl.-Kfm. Reinhard Bellinghausen (CEO)
Angelika V. Kolmer (COO)
Operation of insurance business; distributing, selling, managing and processing insurance contracts in Germany and abroad along with any related ancillary business. Data processing and storage of personal data for our own purposes and on behalf of the involved insurance companies.
The legal basis for the processing of personal data for contractual and pre-contractual purposes is Article 6 Paragraph 1 (b) of the EU General Data Protection Regulation (GDPR). Should this require specific personal data (e.g. health data), DR-WALTER will obtain consent in accordance with Article 9 Paragraph 2 (j) GDPR in connection with Section 27 Federal Data Protection Act (BDSG). Once given, consent can be withdrawn at any time in accordance with Article 21 GDPR.
The data being collected, processed and used concern the following groups of individuals:
This is an overview of the technical and organizational measures we have taken to protect your data.
Physical access to data processing equipment, which is used to process or use personal data, shall be denied to unauthorized persons.
REFERENCE TO THE RIGHTS OF THE DATA SUBJECTS REGARDING VIDEO SURVEILLANCE
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the contents of Article 15 GDPR.
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and (if applicable) to have incomplete personal data completed (Article 16 GDPR).
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds stipulated in Article 17 GDPR applies, e.g. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right to erasure).
The data subject shall have the right to obtain from the controller restriction of processing where one of the requirements stipulated in Article 18 GDPR is met, e.g. when the data subject has objected to processing for a period enabling the controller to verify the accuracy of the personal data.
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Article 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Article 77 GDPR). The data subject can assert this right with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement.
The contact data of the responsible supervisory authority are:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Ms. Helga Block
Kavalleriestrasse 2 - 4
System access and therefore use of the data processing systems shall be denied to unauthorized persons.
Measures ensuring that persons authorized to use a data processing system can only access data covered by their data access permission and that no personal data can be read, copied, altered or removed by unauthorized persons while they are processed, used and after they were stored.
Measures ensuring that data collected for different purposes can be processed separately.
Measures ensuring that personal data cannot be read, copied, altered or removed during electronic transmission or during transport or storage on data carriers by unauthorized persons and that it can be checked and verified to whom a transmission of personal data through data transmission devices is intended.
Measures ensuring that it can be subsequently checked and verified whether and by whom personal data were entered, altered or removed in/from data processing systems.
Measures ensuring that personal data are protected against accidental destruction or loss.
Measures ensuring that personal data can be immediately recovered in case of a physical or technical incident.
Measures ensuring that personal data, which is processed on order, can only be processed in accordance with the principal’s directives.
Various record retention obligations and periods have been laid down by law. Upon expiry of these periods, the respective data is deleted as a matter of routine if it is no longer required for the performance of the contract. Where data is not affected by these regulations, it will be deleted once the purpose and objective specified under No. 4 have ceased to exist.
A data transfer to third countries will take place. (Google Analytics, https://www.google.de/policies/privacy/ (German))
If you have any questions or comments, please contact our Data Protection Officer directly: