Data protection

Data protection


CG Car-Garantie Versicherungs-Aktiengesellschaft

DSGVO_en

Our data protection representative:
CG Car-Garantie Versicherungs-Aktiengesellschaft
Udo Strittmatter
Gündlinger Straße 12
D-79111 Freiburg i. Breisgau

Phone +49 (0)761 4548 0
Fax +49 (0)761 4548 685
Email: datenschutz@cargarantie.com

Notification
In accordance with Sect. 4g of Germany's data protection act (Bundesdatenschutzgesetz - BDSG), the data controller shall make the following data available to everyone in the appropriate manner:

1. Name of responsible office:
CG Car-Garantie Versicherungs-AG

2. Members of the Board:
Axel Berger (Chairman)
Wolfgang Bach
Dr. Marcus Söldner

3. Chairman of the Supervisory Board:
Dr. Mathias Bühring-Uhle

4. Appointed IT Manager:
Steffen Bayer

5. Address of the responsible office:
CG Car-Garantie Versicherungs-AG
Gündlinger Straße 12
D- 79111 Freiburg
Germany

6. Purpose of recording, processing or utilising data:
To conduct insurance transactions; to distribute, sell, manage and handle insurance policies in the field of warranty and repair cost insurance and all new business related to this, as well as the placement of products and services offered by associated partners. The saving and processing of personal data for the company's own purposes and for and on behalf of consolidated companies shall be performed on the basis of intra-group service agreements.

7. Description of groups of people concerned and data or data categories relating thereto:
Client data, employee data as well as data relating to suppliers and, where applicable, interested parties, provided that such data is required in order to meet the purposes stated under 6.

8. Recipients or categories of recipients entitled to receive data:
Public authorities where overriding statutory regulations apply; external contractors within the meaning of Sect. 11 BDSG as well as external offices and authorities and internal departments required to meet the purposes stated under 6.

9. Standard deadlines for deleting data:
Lawmakers have issued numerous obligations and deadlines relating to the preservation of records. Upon expiry of the deadlines, the corresponding data will be deleted automatically provided that it is no longer required for the purpose of fulfilling a contract. Should certain data not be affected by this, it will be deleted as soon as the aforementioned purposes cease to exist.

10. Envisaged data transmission to third countries:
Unless required for the purpose of meeting the aims outlined under 6., no data will be transmitted to the Swiss branch of CG Car-Garantie Versicherungs-AG. No data transmissions to other third countries are envisaged.

11. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States .

In case IP-anonymisation is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transfered to a Google server in the USA and truncated there. The IP-anonymisation is active on this website.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser.

As an alternative to the browser Addon or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this website in the future (the opt-out applies only for the browser in which you set it and within this domain). An opt-out cookie will be stored on your device, which means that you'll have to click this link again, if you delete your cookies.

Data Protection Statement
With these statements, we give you information on the processing of your personal data by CG Car-Garantie Versicherungs-AG and your rights under data protection law.

Party responsible for data controlling
CG Car-Garantie Versicherungs-AG
Gündlinger Strasse 12
79111 Freiburg
Tel. +49 761 4548 0)
Fax +49 761 4548 248)
E-mail address: info@cargarantie.com

You can contact our data protection officer by post to “Data Protection Officer” at the address provided above, or by e-mail at: datenschutz@cargarantie.com

Purposes and legal foundations of data processing
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR) as well as all additional relevant laws.
The vehicle warranty received from your dealer is insured with us. In order to conclude the insurance agreement and assess the risk that we are to take on, we need the information provided by you in the warranty agreement. If the insurance agreement comes into effect, we will process this data in order to implement the contractual relationship. We require information regarding claims, for example, in order to be able to check whether an insurance case has occurred and the level of the claim.
It is not possible to conclude and/or implement the warranty insurance agreement without processing your personal data.
In addition, we need your personal data in order to create insurance-specific statistics, e.g. for developing new tariffs or to fulfil supervisory requirements.
The legal foundation for this processing of personal data for pre-contractual and contractual purposes is Article 6 Para. 1 b), GDPR.
We also process your data in order to protect our justified interests or those of third parties (Article 6, Para. 1) GDPR). Specifically, this may be necessary:

  • to guarantee IT security and IT operation,
  • to advertise our own insurance products,
  • to prevent and clarify criminal offences; in particular, we use data analysis to identify information that may indicate insurance fraud.

In addition, we process your personal data to fulfil statutory duties such as supervisory requirements, business and fiscal legal duties to preserve records, and our advisory duty. In this case, the respective statutory regulations, in conjunction with Article 6 Para. 1 c) GDPR, serve as the legal foundation for processing.
If we wish to process your personal data for a purpose not specified above, we will inform you of this in advance within the framework of the statutory provisions.

Categories of recipients of personal data
Reinsurers:
We insure the risks that we take on through special insurance companies (reinsurers). In order to do this, it may be necessary to transfer your agreement data and, where applicable, claims data to a reinsurer so that the reinsurer is able to gain its own understanding of the risk or insurance case.

Vehicle manufacturers/importers:
In the event of warranty and/or insurance programs coordinated with vehicle manufacturers and/or vehicle importers, your agreement data and, where applicable, claims data are forwarded to vehicle manufacturers and/or vehicle importers for inclusion in statistics, for example.

External service providers:
In order to fulfil our contractual and statutory obligations, we procure some services from external service providers. The latest version of the list of contractors and service providers we use, and with which we have business relationships that are not solely temporary, can be viewed on our website at www.cargarantie.com/datenschutz

Additional recipients:
In addition, we may transfer your personal data to additional recipients such as authorities, in order to fulfil statutory disclosure obligations (e.g. financial authorities or law enforcement agencies).

Duration of data storage
We delete your personal data as soon as it is no longer required for the purposes specified above. In this process, it may be the case that personal data is stored for the period during which claims may be asserted against our company (statutory limitation period of three to thirty years). In addition, we store your personal data insofar as we are legally required to do so. Corresponding duties to the production of proof and retention are based, among other instruments, on the German Commercial Code, General Fiscal Law, and Money Laundering Act. In accordance with these, storage periods last up to ten years.

Rights of affected persons
You may demand disclosure of the data stored about your person by contacting the address provided above. In addition, under certain conditions you may demand the correction or deletion of your data. Furthermore, you may be due a right to restrict the processing of your data, as well as a right to the return – in a structured, established and machine-readable format – of the data provided by you.

Right of objection
You have the right to object to the processing of your personal data for the purposes of direct advertising.
To assert this, please contact info@cargarantie.com
If we process your data to protect justified interests, you may object to this processing if your particular situation gives rise to reasons that exclude data processing.

Right of complaint
You are able to contact the data protection officer specified above, or a supervisory authority for data protection, if you have a complaint.

Data transfer to a third country
If we transfer your personal data to service providers outside the European Economic Area (EEA), this transfer only occurs if the third country has been confirmed by the EU Commission to have an appropriate level of data protection.

Automated decisions on a case-by-case basis
Based on your information on the insurance case, the data saved regarding your agreement and where applicable information in this respect received from third parties, we will in some cases make a fully automated decision about our liability. The fully automated decisions are based on regulations defined in advance by the company, regarding the weighting of information.

Data Protection Statement
With these statements, we give you information on the processing of your personal data by CG Car-Garantie Versicherungs-AG and your rights under data protection law.

Party responsible for data processing
CG Car-Garantie Versicherungs-AG
Gündlinger Strasse 12
79111 Freiburg
Tel. +49 761 4548 0)
Fax +49 761 4548 248)
E-mail address: info@cargarantie.com

You can contact our data protection officer by post to “Data Protection Officer” at the address provided above, or by e-mail at: datenschutz@cargarantie.com

Purposes and legal foundations of data processing
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR) as well as all additional relevant laws.
If you make an application for insurance protection, we need the information you have provided in this process in order to conclude the agreement and assess the risk that we are to take on. If the insurance agreement comes into effect, we will process this data in order to implement the contractual relationship, e.g. for issuing a policy or invoicing. We require information regarding claims, for example, in order to be able to check whether an insurance case has occurred and the level of the claim.
It is not possible to conclude and/or implement the insurance agreement without processing your personal data.
In addition, we need your personal data in order to create insurance-specific statistics, e.g. for developing new tariffs or to fulfil supervisory requirements.
The legal foundation for this processing of personal data for pre-contractual and contractual purposes is Article 6 Para. 1 b), GDPR.
We also process your data in order to protect our justified interests or those of third parties (Article 6, Para. 1) GDPR). Specifically, this may be necessary:

  • to guarantee IT security and IT operation,
  • to advertise our own insurance products,
  • to prevent and clarify criminal offences; in particular, we use data analysis to identify information that may indicate insurance fraud.

In addition, we process your personal data to fulfil statutory duties such as supervisory requirements, business and fiscal legal duties to preserve records, and our advisory duty. In this case, the respective statutory regulations, in conjunction with Article 6 Para. 1 c) GDPR, serve as the legal foundation for processing.
If we wish to process your personal data for a purpose not specified above, we will inform you of this in advance within the framework of the statutory provisions.

Categories of recipients of personal data
Reinsurers:
We insure the risks that we take on through special insurance companies (reinsurers). In order to do this, it may be necessary to transfer your agreement data and, where applicable, claims data to a reinsurer so that the reinsurer is able to gain its own understanding of the risk or insurance case.

Vehicle manufacturers/importers:
In the event of warranty and/or insurance programs coordinated with vehicle manufacturers and/or vehicle importers, your agreement data and, where applicable, claims data are forwarded to vehicle manufacturers and/or vehicle importers for inclusion in statistics, for example.

External service providers:
In order to fulfil our contractual and statutory obligations, we procure some services from external service providers.
The latest version of the list of contractors and service providers we use, and with which we have business relationships that are not solely temporary, can be viewed on our website at www.cargarantie.com/datenschutz

Additional recipients:
In addition, we may transfer your personal data to additional recipients such as authorities, in order to fulfil statutory disclosure obligations (e.g. financial authorities or law enforcement agencies).

Duration of data storage
We delete your personal data as soon as it is no longer required for the purposes specified above. In this process, it may be the case that personal data is stored for the period during which claims may be asserted against our company (statutory limitation period of three to thirty years). In addition, we store your personal data insofar as we are legally required to do so. Corresponding duties to the production of proof and retention are based, among other instruments, on the German Commercial Code, General Fiscal Law, and Money Laundering Act. In accordance with these, storage periods last up to ten years.

Rights of affected persons
You may demand disclosure of the data stored about your person by contacting the address provided above. In addition, under certain conditions you may demand the correction or deletion of your data. Furthermore, you may be due a right to restrict the processing of your data, as well as a right to the return – in a structured, established and machine-readable format – of the data provided by you.

Right of objection
You have the right to object to the processing of your personal data for the purposes of direct advertising.
To assert this, please contact info@cargarantie.com
If we process your data to protect justified interests, you may object to this processing if your particular situation gives rise to reasons that exclude data processing.

Right of complaint
You are able to contact the data protection officer specified above, or a supervisory authority for data protection, if you have a complaint.
Data transfer to a third country
If we transfer your personal data to service providers outside the European Economic Area (EEA), this transfer only occurs if the third country has been confirmed by the EU Commission to have an appropriate level of data protection.

Automated decisions on a case-by-case basis
Based on your information on the insurance case, the data saved regarding your agreement and where applicable information in this respect received from third parties, we will in some cases make a fully automated decision about our liability. The fully automated decisions are based on regulations defined in advance by the company, regarding the weighting of information.

Who is responsible for the processing of my data and who is the data protection ­officer?
The person responsible for the data processing in the CarGarantie Group is the corresponding company, where you will be applying for the job. You can find the contact data of our data protection officer under “Data Protection” / “Public procedure directory / Data protection” on our website.

Which data categories are used and from where do they originate?
The categories of personal data (data which refer to you personally) which are processed on the occasion of the application process in particular include your master data (personal details such as first name, family name, name affixes), contact data (home address, mobile phone / phone number, e-mail address) as well as other data, which you provided us (e.g. curriculum vitae, professional career, etc.). In most cases, your personal data are directly collected from you during the application process. Additionally, we may have received data from third parties (e.g. job placements), who received your permission for data forwarding.

We also process personal data, which we have permissibly gained from publicly available sources (e.g. professional social networks such as Xing or LinkedIn). We will contact you through the corresponding source of your data (e.g. Xing), in order for you to be able to identify the source we retrieved your data from. That way, we assume, you agree that we contact you, since you have published your data. You have the right to revoke this consent at any time. It would be enough to just send an e-mail to datenschutz@cargarantie.com.

For which purposes and on which legal basis will my data be processed?
We process your personal data based on the provisions of the General Data Protection Regulation (GDPR) of the EU, of the Data Protection Act, as well as any other applicable laws (e.g. Holiday Act, Working Hours Act, general equal treatment law). The data processing serves to perform and handle the application process and to evaluate, to what extent you are suitable for the corresponding job. The processing of your applicant details is required in order that we may decide upon the justification of an employment relationship. The predominant legal basis for this is the art. 6 para. 1 b) GDPR In addition, it is possible to use consents according to art. 6 para. 1 a), 7 GDPR as a permission regulation in accordance with data protection law.

However, in individual cases we only process your data after their anonymization, in order to maintain our legitimate interests. This way, the data will possibly only be processed for statistical purposes (e.g. research about applicant behaviour). The creation of such statistics is only performed for our own purposes and is in no way personalised, but anonymized. Insofar as special categories of personal data are processed according to art. 9 para. 1 GDPR (e.g. health data) this is based on your consent according to art. 9 para. 2 a DS-GVO unless otherwise allowed by pertinent statutory licensing laws such as art. 9 para. 2 b. If we would like to process your personal data for a purpose not mentioned above, we will inform you beforehand. 

Who receives your personal data?
Within our group of companies, only persons and posts will receive your personal data, who need them within frame of the application process and the related statutory (pre-) contractual obligations. Within our group of companies, your data will be transmitted to certain companies, if they centrally use data processing tasks for the companies affiliated in the group (e.g. groupwide application management).

In addition, we can transmit your personal data to other recipients outside the company, if this is necessary for the initiation of the employment relationship. 

Which data protection laws can I claim as concerned person?
You can request information about the saved personal data according to art. 15 GDPR. Additionally, under certain conditions, you can request the rectification, erasure and limitation of the processing of your data according to art. 16, art. 17 and art. 18 GDPR. You may have a right to receive the data which you have made available in a structured, common and machine-readable form according to art. 20 GDPR. If we process your data in order to maintain legitimate interests (article 6 paragraphs 1 e and f), you can contradict to this processing according to art. 21 GDPR. If you would like to exercise your right of objection, it would be enough to send an e-mail to datenschutz@cargarantie.com with the subject “Data protection”. We will no longer process your personal data, unless we provide compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or the processing serves the assertion, exercise or defending of legal claims.

According to art. 7 para. 3 GDPR you have the right, to revoke a given consent regarding the processing of personal data e.g. according to art. 6 para. 1 item a or art. 9 para. 2 at any time without giving reasons, at which the lawfulness of the processing performed with your consent until the revocation remains unaffected. In addition, according to art. 77 GDPR, you have the right of appeal with the responsible data protection supervisory authority.

How long will my data be saved?
We will delete your personal data 6 months after the application process is completed. This will not apply if any legal provisions are opposed to the deletion or if it is necessary to save the data further on for the purpose of proof. If an employment relationship has been established, then we will take your data over to our digital human resources system. 

Are you obliged to make your data available?
During your application, we depend on the availability of personal data which are necessary to perform the application process and the appraisal of aptitude. Without such data, we are not able to perform the application process nor to take a decision on the justification of an employment relationship.

To what extent do automated case-by-case decisions or measures for profiling take place?
In particular cases we use automated processing operations and / or profiling to support the decision making during the application process. In this case, you will receive separate information according to article 13 para. 2 item f GDPR.

The following list identifies the contractors, service providers and recipients or categories of contractors, service providers and recipients who process personal data for CG Car-Garantie Versicherungs-AG in accordance with existing agreements, including the tasks assigned.

This list serves to create transparency about the processing of your data and in particular about who processes your data for which purposes, as far as CG Car-Garantie Versicherungs-AG does not undertake the data processing itself. However, this does not mean that your data will be shared with all companies on this list.

CarGarantie companies that process master data (e.g. last name, first name, CarGarantie number, etc.) in shared databases and data processing procedures:

  • CAR-GARANTIE GMBH, Gündlinger Str. 12, 79111 Freiburg
  • Garantie-Service-GMBH, Gündlinger Str. 8, 79111 Freiburg

Contractors, service providers or recipients who carry out data processing as the main subject of the contract:

Company Subject and purpose of the commission
CAR-GARANTIE GMBH Sales
Garantie-Service-GMBH Sales
Meisterdruck GmbH Printing services
Burger Druck GmbH Printing services
Dinner Druck GmbH Printing services

 

Contractors, service providers or recipients who do not make data processing the main subject of the contract and are grouped into categories, i.e. are not named individually. This also includes contractors, service providers or recipients who work with CarGarantie only once or not permanently:

Category Subject and purpose of the commission
Financial / supervisory authorities Reports, audits according to legal requirements
Auditors Auditing (annual accounts)
Reinsurance Reinsurance business (monitoring / revision)
Bankruptcy Trustee Insolvency cases
Lawyers Litigation
IT companies Maintenance and support of hardware and software etc.
Assessors Technical assessment of damage cases
Workshops Repairs in connection with the settlement of claims
Disposal service providers Destruction of documents and other data carriers (hard disk, etc.)

 

Please note that our service list is updated regularly.

1. Who is responsible for data processing and whom can you contact?
CG Car-Garantie Versicherungs-AG
Gündlinger Straße 12
79111 Freiburg, Germany
PHONE +49 761 4548 0
FAX +49 761 4548 248
info@cargarantie.com

2. Contact details of the data protection officer:
CG Car-Garantie Versicherungs-Aktiengesellschaft
Udo Strittmatter
Gündlinger road 12
D-79111 Freiburg i. Breisgau
Phone: +49 (0)761 4548 0
Fax: +49 (0)761 4548 685
E-mail: datenschutz@cargarantie.com

3. Processing purposes and legal bases
The personal data collected by us from suppliers and other business partners and interested parties are used exclusively for the purpose of initiating, establishing and processing contracts and delivery relationships, including delivery, payment.
The personal data collected from you are necessary for the conclusion and execution of a contract. You are not obliged to provide this data, but we cannot conclude a contract with you without this data.
The processing of your data is based on Art. 6 Para. 1 Letter b DSGVO.
Your personal data will not be processed for advertising purposes.

4. Categories of personal data processed by us
The personal data is collected in the context of our customers and business relationships. In addition, we process the personal data entered into our systems by the contact persons of their companies. The following data can be processed:

  • Contact data (e.g. first and last name, address, email address, address, telephone number, mobile phone number, fax number)
  • Other information required to process our contractual relationship or a project with our customers or sales partners (such as payment data, customer numbers, order and delivery data, contact details of contact persons, etc.)

4.1 Fulfilment of legal obligations (Art. 6 para. 1 letter c DSGVO)
We process your personal data, if this is necessary for the fulfilment of legal obligations. Furthermore, we process your data to fulfill fiscal control and reporting obligations and the archiving of data for purposes of data protection and data security, as well as the audit by tax and other authorities.

5. Who receives the data?
We pass on your personal data within our company to those areas which require this data to fulfil the above-mentioned purposes. In addition, the following bodies may receive your data:

  • Contract processors used by us (Art. 28 DSGVO), in particular in the area of e.g. auditing services, credit institutions, etc.
  • We may disclose information to public bodies and institutions where there is a legal or official obligation under which we are obliged to provide information, report or disclose data or where the disclosure of data is in the public interest.
  • We are not responsible for any contents linked or referred to from his pages - unless he has full knowledge of illegal contents and would be able to prevent the visitors of his site fromviewing those pages.
  • Other places for which you have given us your consent for data transmission.

6. How long do we store your data?
If necessary, we process your personal data for the duration of our business relationship. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the legal framework conditions.

7. Your data protection rights
You have the right of access pursuant to Art. 15 DSGVO, the right of rectification pursuant to Art. 16 DSGVO, the right of deletion pursuant to Art. 17 DSGVO, the right of restriction of processing pursuant to Art. 18 DSGVO and the right of data transfer pursuant to Art. 20 DSGVO. In addition, there is a right of appeal to a data protection supervisory authority under Art. 77 DSGVO. In principle, pursuant to Art. 21 DSGVO, we have the right to object to the processing of personal data by us.

8. Your right of appeal to the competent supervisory authority
They have the right to appeal to the data protection supervisory authority (Art. 77 DSGVO). The supervisory authority responsible for us is:
Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Königstraße 10a
70173 Stuttgart