Data Protection Policy
Updated: February 2025
- Introduction
Protecting personal and company data is of particular importance to us. We process data exclusively based on legal regulations (GDPR, DSG, VVG). This Data Protection Policy summarizes the key aspects of data processing in the course of our activities as an insurance broker. - Collection and Processing of Personal Data
We collect, process, and use personal data only to the extent necessary for initiating, executing, and terminating insurance contracts. This includes, in particular:- Name, address, and contact details
- Date of birth and marital status
- Occupation and employer
- Financial information (e.g., proof of income)
- Health data (only as required for specific insurance products)
- Purpose of Data Processing
Personal data is processed for the following purposes:- Advising on and brokering insurance products
- Managing and servicing insurance contracts
- Claims handling
- Compliance with legal obligations
- Legal Basis for Processing
The processing of personal data is based on the following legal grounds:- Fulfillment of a contract or pre-contractual measures (Art. 6/1 lit. b GDPR)
- Compliance with legal obligations (Art. 6/1 lit. c GDPR)
- Legitimate interests of the data controller (Art. 6/1 lit. f GDPR)
- Explicit consent, particularly for processing health data (Art. 6 /1 lit. a, Art. 9/2 lit. a GDPR)
- Disclosure of Data to Third Parties
Personal data is only disclosed to third parties if necessary to fulfill the contractual relationship or due to legal obligations. This includes, in particular:- Insurance companies or brokers commissioned by them
- Reinsurers
- Claims adjusters and appraisers
- Tax advisors and lawyers
- Regulatory authorities and other public bodies
- Data Retention Period
Personal data is stored only as long as necessary for the purposes mentioned above or as required by statutory retention obligations. Once the processing purpose no longer applies or the retention period has expired, the data will be deleted. - Customer Rights
Customers/insured persons have the right to:- Access their stored data (Art. 15 GDPR)
- Rectify incorrect data (Art. 16 GDPR)
- Delete their data (Art. 17 GDPR)
- Restrict data processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Object to data processing (Art. 21 GDPR
If data processing is based on consent, it can be withdrawn at any time. The legality of the processing carried out until the withdrawal remains unaffected. - Right to Lodge a Complaint with the Supervisory Authority
If there is suspicion of violations of data protection law, a complaint can be filed with the Austrian Data Protection Authority:
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at - Ongoing Updates
This Data Protection Policy is reviewed at least once a year and updated as necessary to reflect the current legal situation or to address any changes in circumstances.