1. Which personal data do we collect, for which purposes and on which legal basis do we process it?
When you contact us via e-mail, we process the data you provided us with (for example name, address or e-mail address) solely on a voluntary basis.
We process this data solely for handling your enquiry or to get in contact with you if desired and to provide you with the requested information. This data processing is therefore necessary for the fulfillment of our (pre)contractual obligations.
Access data and log files
The following data about the access to our Website and views of files stored there will be collected and processed: the time and duration of your visit, the IP address of your device and the pages visited within our Website.
This data is generated automatically through our servers. This processing serves internal system-related and statistical purposes. This data processing is necessary to ensure our legitimate interests in operating a user friendly and secure Website.
Based on your consent declaration, we collect and process the following data about your use and interaction with our Website: IP-address of your device, the used internet browser, the browser language, your operating system, the requested files from our Website, your settings regarding Java, screen resolution, colour depth, your click behaviour on the Website (time of access, clicks) as well as the internet site from which you visit us (referrer URL).
“Necessary Cookies” and “Functionality Cookies” are necessary to be able to provide you with our Website and the connected services, to operate our Website and serve for the proper functionality and security of our Website.
Most of the cookies that are used by us are so called “session cookies” that are stored on your device for the time of your current visit of our Website, only. This temporary cookies make a conformable use of our Website possible for you (e.g. through adaptation of user settings for the sorting of references and choice of language according to your needs). Session cookies are just valid for the duration of your specific visit of our Website and are subsequently erased automatically. Moreover, we also use “persistent cookies” that stay on your device and are not erased automatically when you close your browser. You can erase these cookies yourself at any time. With persistent cookies we especially pursue the purpose to improve your user experience by customising the Website to your personal needs and thus to optimise the loading time accordingly.
Cookies with obligatory consent
“Web-Analysis Cookies” record your user behaviour and your interactions with our Website. Through these Cookies, we can adapt our Website specifically to you. We place such cookies only on the basis of your consent that you can withdraw at any time.
Usage of Google Analytics: Provided that you have given your consent to cookies, this Website uses Google Analytics, a web analytics service of Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. The information generated thorough Google Analytics cookies is usually transmitted to a Google server in the United States and stored there.
However, if IP anonymisation is activated on this Website, your IP address will be shortened by Google within member states of the European Union or other contractual states of the agreement of the European Economic Area prior to transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. Google will use this information on our behalf to evaluate your use of the Website, to compile reports on Website activity and to provide services associated with use of the Website and the internet to the Website operator. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The IP address provided by your browser and transmitted to Google Analytics will not be combined with any other data held by Google.
In addition, you may disable the acquisition and transmission of data generated by the cookie and related to your use of the Website (including your IP address) to Google, and the processing of this data by Google, by downloading and installing the browser add-on available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Some users do not want a Website to store data on their computer – especially if these data are collected and used by third parties without their knowledge – even if this does not normally have any further consequences. If this is the case, you have the option of blocking individual or all cookies or removing cookies that have already been stored. However, we would like to point out that this could impair your surfing experience on our Websites.
- Blocking Third Party Cookies
Cookies from third parties are not normally required to use the internet offers you have requested. If you want to leave fewer traces on the internet, you should generally reject these cookies.
- Prevent the Installation of the Tracking Tools
Some websites use sharing buttons of social networking sites that include Facebook, Twitter and Co. about your visit. With the help of (e.g. the free extension “Share me not”) you can prevent this in a very simple way.
- Delete unwanted cookies
If you do not want cookies, you can set your browser in such a way that you will be notified as soon as a cookie is to be set or that cookies are automatically rejected. However, if cookies are automatically rejected by the browser settings you have made, you will no longer be able to use certain functions of the Website.
However, please note that case you disable or delete cookies, you may not be able to use all features of our Website.
3. Links to third party websites
Our web pages may contain links to web pages of other providers to which this data protection declaration does not extend. As far as the use of the websites of other providers is connected with the collection, processing or use of personal data, please note the data protection information of the respective provider. Openinsuranceplatform.org is not responsible for the content of these sites.
4. Do we transmit your data to third parties?
We entrust your personal data in the extent necessary to the following external service providers (data processors) that support us with the performance of our services:
- IT-service providers including providers of data hosting or similar services;
- Other service providers, providers of tools and software solutions that support us with the performance of our services as well and operate on our behalf.
All our data processors process your personal data only on our behalf and on the basis of our instructions.
Furthermore, we transmit your personal data in the necessary extent to the following recipients (controllers)
- Potential third parties that are participating in the provision of services to you for the fulfilment of our contractual obligations (e.g. banks for processing of the payment, payment service providers);
- External third parties on the basis of our legitimate interests in the extent necessary (e.g. auditors and tax consultants, insurances in case of insured events, legal representatives in case of incidents);
- Authorities and other public entities in the extent legally necessary (e.g. financial authorities).
5. How long do we store your personal data?
We store your personal data just as long as necessary for the above-mentioned purposes. In addition, we are potentially obligated to store your data for a longer period in accordance to legal retention periods.
Especially, we store your data which you provide in connection with establishing contacts and concluding contracts in accordance with legal retention periods for a time period of three or a maximum seven years after fulfilment of the contract.
Access data and log files are stored for a maximum of [please complete time period] and are erased subsequently. We store the data about your user behavior no longer as [please complete time period] or respectively at the latest until the withdrawal of your consent.
Beyond that, we also store your personal data after an incident beyond the above-mentioned time periods as long as legal claims out of our relationship can be enforced, or respectively until the definite clarification of an incident or legal dispute. This longer storage occurs for the ensuring of our overriding legitimate interests to the enforcement, clarification and defence of our legal claims.
6. How do we protect your data?
We comply with appropriate technical and organisational security measures pursuant to Art 32 GDPR to, considering the risks, guarantee an appropriate data protection level, especially to protect your personal data against accidental or unlawful destruction, alteration or against loss and against unauthorised disclosure or unauthorised access.
Moreover, openinsuranceplatform.org and its members and employees are obliged to comply with data secrecy according to Sec 6 DSG.
This Website uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us. You can recognize an encrypted connection by the change in the address line of your browser from “http: //” to “https: //” and the lock symbol in your browser bar.
If SSL encryption is enabled, third parties are not able to read the data you submit to us.
7. What rights do you have as a data subject?
Data subject has the right to obtain information about personal data processed concerning him as well as about its rights in a clear and transparent manner (Art 13 et seg GDPR).
You have the right to access your personal data that we process (Art 15 GDPR). In addition, you have the right to rectification of inaccurate or incomplete data and the right to erasure under certain circumstances (Art 16 and 17 DGPR). Further, you have the right to restriction of processing (Art 18 GDPR) as well as the right to data portability concerning the data you have provided us (Art 20 GDPR).
Additionally, you have the right to object the processing of personal data on grounds relating to your particular situation and the right to withdraw your given consent at any time with effect for the future (Art 21 DGPR).
Finally, you have the right to lodge a complaint with the responsible supervisory authority (Art 77 GDPR). The responsible authority for Austria is the Österreichische Datenschutzbehörde, Wickenburggasse8, 1080 Vienna.
Vienna, July 2019