Information on data storage and disclosure

Privacy

Privacy at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is any data with which you can be personally identified. Detailed information on data protection can be found in our full privacy policy listed below this text.

Data collection on our website

Who is responsible for data collection?

We, as the website operator, are responsible for data collection when you visit this website, as we decide which techniques are used on our website and for what purposes.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page access).

This data is collected automatically as soon as you visit our website.

What do we use your data for?

Data is collected to ensure error-free provision of the website.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. You also have the right to lodge a complaint with the competent supervisory authority. For further information on this and on data protection, you can contact us at any time at the address given in the legal notice.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

General notes and mandatory information

The operators of these pages take the protection of your personal data very seriously. When you use this website, various personal data is collected with which you can be personally identified. We treat your personal data (as defined in Art. 4 (1) GDPR) confidentially and in accordance with statutory data protection regulations. This privacy policy explains which data we collect, what we use it for, and how and for what purpose this is done. We point out that data transmission over the Internet may have security gaps even with the best possible protection (e.g. when communicating by e-mail). Complete protection of data against access by third parties is not possible.

Note on the responsible body

Please refer to our legal notice for the controller (Art. 4 (7) GDPR) responsible for data processing on this website.

Contacting our data protection officer

We have appointed mb-datenschutz GmbH (www.mb-datenschutz.de)

as our data protection officer.

Please send data protection enquiries to datenschutz@aic-international.de.

Privacy information on the collection of personal data in applicant management

Under the EU General Data Protection Regulation (GDPR), we as the controller for the processing of personal data are subject to corresponding information obligations.

Pursuant to Art. 13 & 14 GDPR, we inform you about the following points:

Controller:

AIC International Insurance and Reinsurance Brokers

Tucholskystr. 18-20, D-10117 Berlin-Mitte

Tel. +49 (0)30 2100 2960; e-mail info@aic-international.de

Authorised representative: Alexander Köhler

Data protection officer / contact:

datenschutz@aic-international.de

Purpose of processing your personal data:

Applicant management

Legal bases for processing employee personal data:

Section 26 BDSG (1) covers data processing required for establishing, carrying out and terminating an employment relationship, as well as for detecting criminal offences in the employment relationship.

Section 26 BDSG (2) allows us to process your data on the basis of your voluntary, written consent that can be revoked at any time for the future, from which you suffer no disadvantages in our employment relationship, e.g. inclusion of your application documents in our applicant pool.

Section 26 BDSG (3) allows us to process your sensitive data (e.g. health data, trade union membership) if this is required for exercising rights or fulfilling legal obligations under employment law, social security law and social protection law and does not conflict with your legitimate interests.

Art. 6 (1) lit. f GDPR allows us to process your personal data if we or a third party have legitimate interests in this processing and your interests, fundamental rights or freedoms do not override them, e.g. assertion, exercise or defence of legal claims.

Duration of data storage:

In general: Once the purpose of data processing no longer applies and statutory retention periods have expired, your personal data will be deleted. As a rule, companies have retention obligations of 6 or 10 years (if employment is offered).

Application documents are deleted no later than 6 months after rejection.

If storage is based on your consent, we will delete your personal data when you withdraw your consent or when we clean up or fully dissolve our applicant pool.

Recipients of your personal data:

Within our company, only employees who need your personal data to perform their duties receive access to it, and only to the extent required.

Service providers engaged by us may receive your data to fulfil the purposes described, provided they meet the confidentiality requirements under data protection law.

Your data is not transferred outside the EU/EEA.

Data we receive about you from third parties:

If you were referred to us as a potential employee by a recruitment service provider, we receive your application documents from that provider.

If you have created profiles about yourself on business networks such as XING or LinkedIn, we may review them.

Your data protection rights:

You have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, and the right to object under Article 21 GDPR. You also have the right to lodge a complaint with a data protection supervisory authority under Article 77 GDPR.

Privacy information on the collection of personal data in prospect, customer and supplier relationships

Under the EU General Data Protection Regulation (GDPR), we as the controller for the processing of personal data are subject to new information obligations. Pursuant to Art. 13 and 14 GDPR, we therefore inform you about the following points:

Controller:

AIC International Insurance and Reinsurance Brokers

Tucholskystr. 18-20, D-10117 Berlin-Mitte

Tel. +49 (0)30 2100 2960; e-mail info@aic-international.de

Authorised representative: Alexander Köhler

Data protection officer / contact:

datenschutz@aic-international.de

Purpose of processing your personal data:

Answering enquiries, contract processing, sending relevant promotional offers, credit checks, customer service, logistics, market and opinion research, supplier management

Legal bases for processing your data:

  • GDPR Art. 6 (1) (a) allows us to process your data based on your consent for specific purposes, e.g. subscribing to our newsletter.
  • GDPR Art. 6 (1) (b) covers data processing required for the performance of a contract and for pre-contractual measures.
  • GDPR Art. 6 (1) (c) allows us to process your data on the basis of a legal obligation, e.g. retention obligations under tax and finance law.
  • Art. 6 (1) (f) GDPR allows us to process your personal data if we or a third party have legitimate interests in this processing and your interests, fundamental rights or freedoms do not override them, e.g.:
    • E-mail marketing in connection with Section 7 (3) UWG
    • Preventing harm and/or liability to the company through appropriate measures
    • Assertion, exercise or defence of legal claims

Duration of data storage:

In general: Once the purpose of data processing no longer applies and statutory retention periods have expired, your personal data will be deleted. As a rule, companies have retention obligations of 6 or 10 years.

Special retention period for: insurance data within the statutory follow-up liability period: 30 years

If storage is based on your consent, we will delete your personal data when you withdraw your consent.

Recipients of your personal data:

Within our company, only employees who need your personal data to perform their duties receive access to it, and only to the extent required. All employees are bound by confidentiality and data protection obligations.

Service providers engaged by us may receive your data to fulfil the purposes described, provided they meet the confidentiality requirements under data protection law. These may include companies in categories such as: IT services, print and mailing services, market research companies, call centres, logistics companies, data destruction. These service providers are so-called processors who are subject to special contractual obligations under statutory requirements.

Banks / banking service providers, credit check service providers:

Public bodies, e.g. tax offices, receive your personal data only where statutory obligations require this.

Your data is transferred outside the EU/EEA exclusively in the context of contract performance for our customers.

Data we receive about you from third parties:

We may receive data about you from insurers, opposing insurers, lawyers, auditors, tax advisers, insolvency administrators, property managers and others.

Your data protection rights:

You have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, as well as the right to object under Article 21 GDPR. You also have the right to lodge a complaint with a data protection supervisory authority under Article 77 GDPR.