Delvag Versicherungs-AG, Linnicher Straße 48, 50933 Köln (hereinafter also referred to as "Delvag", "we", "us") a company of the Lufthansa Group, attaches great importance to your privacy when processing personal data in our daily business processes.
We process personal data that is collected when you visit our website in accordance with the legal provisions. Our data protection policy is also based on the data protection guidelines applicable to the Lufthansa Group. Below we inform you about the processing of your personal data in the context of the use of our website www.delvag.de ("website").
Should you have any further questions regarding data protection in connection with our website or the services offered, please contact our data protection officer:
Lufthansa Group Privacy – Representative
Dr. Barbara Kirchberg-Lennartz
Deutsche Lufthansa AG
Abt. FRA DSB
Lufthansa Aviation Center
2. Scope, purpose and legal basis of processing personal data
We collect and use personal data directly from our users and other sources (mentioned below) in the following situations:
2.1. Provision of the website and log file creation
By visiting our website the system automatically records data and information about the user’s computer system each time the website is accessed. The following data (“technical information”) are collected:
Information on the browser type and version used
The user’s operating system
The user’s Internet service provider
The user’s IP address
Date and time of access
Websites from which the user’s system accesses our website
Websites accessed by the user’s system via our website
The log files contain IP addresses and other data which can be attributed to a user. This might be the case if, for example, the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data. The data are also saved in our system’s log files. These data are not stored together with other personal data of the user.
We collect and use this technical information for the purposes of (network) security (to for example ward off cyber-attacks), marketing and to better understand our users’ needs as well as to continuously improve our website and enable users to access the website from their computers.
The data are saved to log files to ensure website functionality. The data also help us improve the website and safeguard our information technology systems. The data are not analysed for marketing purposes in this context.
Art. 6 (1) (f) GDPR forms the legal basis for the temporary storage of the data and log files.
2.1.2. Tracking tools
We use the following tracking and (re)marketing tools on our website:
- Google Remarketing
- Google Adwords
- Matomo Version 3.5.0
Our legitimate interest pursuant to Art. 6 (1) (f) GDPR for the purposes of increasing the efficiency of our website and (direct) marketing is the legal basis for the use of the tools listed. For further information on the individual tools, please check Tracking Tool Policy.
2.1.3. Social media plugins
On our website, we use a “two-click solution” for the following social media plugins:
With the two-click solution, your data are only transmitted to the relevant social networking provider after initial activation (approval) of the respective plugin button, Art. 6 (1) (a) GDPR. The basic provision of the plugin on our website is based on our legitimate interest for marketing purposes, Art. 6 (1) (f) GDPR.
For further information on individual plugins, please check Tracking Tool Policy.
2.2. Use of the services offered on our website
We offer a range of different services on our website. We must collect and process user or customer personal data in order to perform these.
2.2.1. Contact form
By filling out the contact form on our website, you provide us with your personal data. This information includes, for example, your name, contact details such as e-mail address, telephone number and your personal wishes. We use this personal data to process your inquiries and/or to provide the requested services or to provide the requested information. The data will be processed for the purpose of contacting us in accordance with Art. 6 (1) (a) GDPR on the basis of your voluntary consent.
2.2.2 L.I.O. and T.I.O.
By filling in the contact fields of our online calculators, L.I.O. (Luftfahrt Insurance Online) and T.I.O. (Transport Insurance Online), you provide us with your personal data. We use this personal data for the purpose of fulfilling the contract. The conclusion or execution of the insurance contract is not possible without the processing of your personal data. The legal basis for such processing of personal data for pre-contractual and contractual purposes is Art. 6 (1) (b) GDPR.
2.2.3 Statistical analysis
There is a possibility that your data may be analysed in a data warehouse to evaluate the preferences of our registered customers (“statistical analysis”) for the purposes of interest-led marketing, individual approaches and continuous optimisation of our business processes. We undertake this processing in order to acquire a better understanding of what our customers expect from us and to allow us to offer you communication that is tailored to you personally. This analysis also helps us with fraud detection, auditing and safeguarding security, which is why we perform this processing to protect our legitimate interests, Art. 6(1)(f) GDPR.
2.3. Our legitimate interest in processing personal data
If Art. 6 (1) (f) GDPR forms the legal basis for the processing, our legitimate interests are, in addition to the purposes listed above:
- To protect the company against material and immaterial damage
- Professionalism (of our products and services)
- Cost optimisation (control and minimisation)
2.4. Conclusion or execution of the insurance contract
The conclusion or execution of the insurance contract is not possible without the processing of your personal data. The legal basis for such processing of personal data for pre-contractual and contractual purposes is Art. 6 (1) (b) GDPR. Insofar as special categories of personal data (e.g. your health data when concluding an accident insurance contract) are required, we will obtain your consent in accordance with Art. 9 (2) (a) in conjunction with Art. 7 GDPR.
2.5. Other processing commitments
If obliged to do so by law, we process personal data in order to meet duties of retention under commercial or tax law or to meet legal security requirements (such as Section 7 of the Aviation Security Act [LuftSiG]). For further information on retention periods, please refer to “Duration of the data processing”.
2.6. Obligation to provide personal data
The input fields which are mandatory to be filled out for performing the requested service are marked accordingly on the website. The input is either mandatory because of legal or contractual requirements.
3. Duration of the data processing
Your personal data are deleted as soon as they are no longer needed for the specified purposes. In certain circumstances, personal data are kept for the period of time during which claims against Delvag may be enforced (statutory limitation period of three to thirty years). Personal data are also saved to the extent that and for so long as Delvag is legally obliged to do so. Corresponding burdens of proof and duties of retention arise from, among others, the Commercial Code, Tax Code and Money Laundering Act. These prescribe retention periods up to ten years.
4. SSL - Secure Socket Layer Method
To ensure the most secure transmission of your data between your web browser and our Internet system, we use Secure Socket Layer (SSL) encryption technology. SSL enables encrypted communication or document transmission via the Internet between web browsers and web servers. The URL of a web page with SSL connection to your browser starts with https://.
If your current browser is not SSL-enabled, you can download the latest version of the most widely used web browsers.
5. Right to object pursuant to Art. 21 GDPR
You have the right to object, on reasons relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is necessary for the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
6. Disclosure of personal data to third parties
In order to offer you our products and services, based on our contractual obligations or in accordance with our legitimate interests, we may have to disclose your personal data to third parties internal or external to the Lufthansa Group. These recipients can be categorised as follows:
- External service providers
- Data processing within the Delvag Group
- External contract processors (service companies according to Art. 28 GDPR)
- Cooperating insurers
- Governmental bodies and authorities (including the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin)
Personal data may be transmitted to third countries or international organisations as part of this. For your protection and the protection of your personal data, appropriate safeguards are provided for such data transmissions as per and in accordance with legal requirements (particularly, the use of EU standard contractual clauses) or an adequacy decision has been issued by the EU Commission (Art. 45 GDPR).
A copy of the security precautions used may also be requested from email@example.com .
We are also legally obliged to provide personal data to German and international authorities, Art. 6 (1) (c) GDPR together with local and international regulations and agreements.
7. Rights of the data subject
Delvag is committed to ensuring fair and transparent processing. That is why it is important to us that data subjects can not only exercise their right to object but also the following rights where the respective legal requirements are satisfied:
- Right of access, Art. 15 GDPR
- Right to rectification, Art. 16 GDPR
- Right to erasure (“right to be forgotten”), Art. 17 GDPR
- Right to restriction of processing, Art. 18 GDPR
- Right to data portability, Art. 20 GDPR
To exercise your right, please email firstname.lastname@example.org . In order to process your request and for identification purposes, please note that we will process your personal data in accordance with Art. 6(1)(c) GDPR.
You also have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority for Delvag is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
If you give your consent to us for processing your personal data, please note that you may withdraw this consent at any time.
In order to withdraw consent, you can contact: email@example.com
Please note that your consent can only be withdrawn with future effect and such a withdrawal does not have any influence on the lawfulness of past processing. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis – e.g. to perform a contract.
9. Disclaimer and limitations of these data protection notices
These data protection notices only apply to processing for the website www.delvag.de .Other websites are not covered by these data protection notices and provide their own specific data protection notices.
10. Data protection information of our partners
The GDPR stipulates that at the time of the collection of personal data from third parties, the person in charge discloses certain information to the subject. For the partners listed below, we meet our information obligations (Art. 14 GDPR) on a voluntary basis:
General Reinsurance AG
Theodor-Heuss-Ring 11, 50668 Köln
GenRe Privacy Notice
11. Data protection information - Information on the use of your data
You can find our data protection information here.