Is Snapchat secured by data protection law

One thing is for sure. Your data.

  1. Introduction and general information
  2. ottonova's principles for protecting your data
  3. Data protection in the ottonova app
  4. Handling emails
  5. Data protection guidelines for ottonova's service providers
  6. Open access and closed user groups
  7. Services used
  8. Information on further data processing methods
  9. Adaptation and update of the data protection principles
  10. Do you have any questions about our data protection or your data?

Version 9 from 02/02/2021

1. Introduction and general information

As a health insurance company, we rely on collecting and using personal data. These data are especially important for the health check before you conclude the insurance contract, for the implementation of the contractual relationship and in the event of a claim. We can only fulfill these tasks with the help of electronic data processing. The protection of your privacy and your personal rights is particularly important to us. We want to live up to the trust you place in us and ensure transparency in all areas.
Regardless of legal regulations, we therefore undertake to collect your personal data only for specified, clear and lawful purposes. We do not keep them longer than necessary and delete incorrect or incomplete data.

Details of the responsible body:

Dr. Roman Rittweger (CEO),
Jesko David Kannenberg,
Dr. Bernhard Brühl,
Peter Bauer
Ottostr. 4, 80333 Munich
Contact data data protection officer:

Insurance company:

Ottonova Krankenversicherung AG
Dr. Roman Rittweger (CEO), Dr. Bernhard Brühl, Jesko David Kannenberg
Ottostr. 4, 80333 Munich
Contact data data protection officer:

Affected data:

Personal data is only collected if you provide us with it yourself. In addition, no personal data is collected. Any processing of your personal data beyond the scope of the statutory permissions will only take place on the basis of your express consent.

for the assessment of the insurance risk before the conclusion of the insurance contract, for the implementation of the contractual relationship and in the event of a claim by ottonova Krankenversicherung AG.
Categories of recipients:
  • Public bodies in the event of overriding legal provisions.
  • External service providers or other contractors.
  • Other external bodies as far as the data subject has given his consent or a transmission is permitted due to an overriding interest.
We delete stored data using an automated process when the statutory or contractual retention period has expired or if the data is no longer required.

2. ottonovas principles for the protection of your data

The following principles are intended to ensure that we consider data protection and data security concerns in all of our products and services.

We make transparent which personal data we collect from you and how we use them.
When you visit the ottonova website, the following usage data is temporarily saved as a log on the web server:

  • IP address of your computer
  • Time (date and time) of the visit
  • Exit website
  • called URL
  • amount of data transferred
  • Status reports
  • browser and operating system used

ottonova uses this information to enable the website to be accessed, to control and administer the systems used for the website and to improve the design of the website. The non-anonymized version of your IP address is only used for security purposes. Otherwise, the data mentioned will only be evaluated in anonymised form for statistical purposes.
We delete stored data using an automated process when the statutory or contractual retention period has expired or if the data is no longer required.

You can move anonymously on the ottonova website.
Above all, you can also use the tools such as the life or contribution calculator anonymously and leave our site at any time. We only collect aggregated, anonymized data in order to learn from it and to tailor our offer even better to our customers. We use calculation data, for example in the contribution calculator, for calculations and statistical purposes. All you need to contact us is an email address. We will not determine the owner of this address.

You decide which data you share with us and what we can do with it.
Consent / voluntary: Without your express consent, no personal data will be automatically collected, stored, processed or used.

You are free to decide whether you want to allow ottonova cookies. The cookies are automatically deleted when you leave our site. We also use permanent cookies that expire after five years at the latest, for example to anonymously record how our users move around our site. If you do not want this, you can also prevent this by setting your browser accordingly.

We will not pass on your personal data to third parties without your consent.
An exception may be necessary if disclosure is required under applicable law or is ordered by a court or an authority. We do not sell or rent any personal data to persons or entities outside of ottonova. The data can be used in-house for advertising purposes. You can object to this use at any time: [email protected]

We protect your data with the best available technology.
Encryption: Access to our website, e.g. with your web browser, is secured by HTTPS with the current and strong TLS 1.2 transport encryption. We do not support older transport encryption methods. The SSL certificate has a 4096 bit long key and uses SHA256 as a hash algorithm. On the server side, too, we protect server-to-server communication with HTTPS ("Data in Transit Encryption"). Data and files on our servers and in our databases are encrypted with AES using a 256-bit key. Data communication between separate server locations takes place without exception via VPN tunnels, so that no data is routed over the public Internet.

Our entire team is subject to confidentiality obligations.
Employees of the ottonova companies have special confidentiality obligations, in particular the maintenance of insurance secrecy, data secrecy, telecommunications secrecy or business and company secrets. In addition, the data protection officer has to maintain a special professional secrecy.

3. Data protection in the ottonova mobile app

Your data is also safe in the app.

  • Access to the app is password-protected and also requires a confirmation code that is sent to your device via SMS (two-factor authentication).
  • The app only saves the data on your device that is necessary to restore your session. Data such as your access token and your selected profile are stored in encrypted form and deleted when you log out.
  • The app uses the device's fingerprint sensor (if available) every time it is used to unlock the app. Alternatively, you can unlock the app with a personal passcode.
  • Within the app, data that is loaded from the ottonova servers are only temporarily stored in order to make certain functions available to you (e.g. export of documents).
  • Communication between the app and the ottonova servers is encrypted (via SSL / TLS 1.2).
  • Anonymous usage data is collected to improve user-friendliness. The function can be deactivated in the app at any time.

4. Handling of emails

  • We do not send you any sensitive information by email - unless we are entitled or obliged to do so for legal reasons.
  • Emails that you send to [email protected] are only stored and processed on servers in Germany.
  • E-mails that you send via your internet provider are mostly unencrypted and therefore not well protected against unauthorized access. If you want to tell us something that nobody else should see, it is best to use our chat, which is developed in-house and encrypts your messages.

5. Data protection for service providers

For some services we work together with service providers. These include B. the health hotline, assistance services (international emergencies, rehabilitation, care and aids management) and customer care at certain times. This can lead to the use of health data. We guarantee that these service providers meet the highest standards of data protection internally. We have also concluded data protection agreements with them that ensure the greatest possible protection of your data.
We keep an up-to-date list of the bodies that collect and use health data and other personal data for us. You can find this service provider list here: Service provider list.

6. Open access and closed user groups

Every internet user has free access to the public areas of the ottonova website. However, certain areas require special authorization, for example the

  • Application process for which a user account is opened and
  • Applications for customers such as invoice management.

We collect data in the closed user groups in order to be able to process and use them in a personalized manner. We correct and complete stored data as soon as we become aware of a change.

7. Services Used

Google Analytics
We use Google Analytics to make your visit to the ottonova website even more user-friendly. Data on usage behavior - including origin and page views - are stored online and offline. Furthermore, data such as B. Gender, year of birth or zip code are collected in anonymised form without it being possible to draw any conclusions about you as a person. Your IP address is not processed, it is only saved in a shortened form. The storage takes place for a period of up to two years.
By using the ottonova website, you agree to the collection and storage of the data collected about you in the manner described and for the stated purpose. If you do not want to consent to the collection and storage of the data collected about you, you can object at any time by clicking on the following link and deactivating the service: Deactivate Google Analytics in data protection settings

You can find more information on terms of use and data protection at http://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/. We would like to point out that Google Analytics has been expanded to include the code "anonymizeIp" on this website in order to ensure an anonymous collection of IP addresses (so-called IP masking).

You can object to the use of Google Analytics separately in the ottonova iOS and Android apps.

Google Marketing Platform (formerly DoubleClick by Google)
This website continues to use the online marketing tool Campaign Manager from Google. Campaign Manager uses cookies to show ads that are relevant to users, to improve reports on campaign performance or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being displayed multiple times. In addition, Campaign Manager can use cookie IDs to record so-called conversions that relate to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and buys something there. According to Google, Campaign Manager cookies do not contain any personally identifiable information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data that is collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Campaign Manager, Google receives the information that you are viewing the corresponding part of our website have accessed or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and save it.
In addition, the Campaign Manager (DoubleClick Floodlight) cookies used enable us to understand whether you are performing certain actions on our website after you have accessed or clicked one of our display / video ads on Google or on another platform via Campaign Manager ( Conversion tracking). Campaign Manager uses this cookie to understand the content you have interacted with on our websites in order to be able to send you targeted advertising later.
You can prevent participation in this tracking process in various ways:
a) by setting your browser software accordingly, in particular by suppressing third-party cookies, you will not receive any advertisements from third-party providers;
b) by deactivating the cookies for conversion tracking by setting your browser so that cookies from the domain googleadservices.com are blocked, https://www.google.de/settings/ads, whereby this setting will be deleted if You delete your cookies;
c) by deactivating the interest-based advertisements of the providers who are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;
d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin

Google Remarketing or Similar Audiences
We use Google's remarketing technology. Users who have visited our website and online services are addressed again through targeted advertising on the pages of the Google Partner Network. The advertising is displayed through the use of cookies. With the help of these cookies, user behavior when visiting the website can be analyzed and then used for targeted product recommendations and interest-based advertising. If you do not want to receive interest-based advertising, you can deactivate the use of cookies by Google for these purposes by calling up this page: https://www.google.com/settings/u/0/ads/authenticated?hl=de

Youtube
We use embedded YouTube videos in the extended data protection mode. YouTube provides this extended data protection mode and thus ensures that YouTube does not store any cookies with personal data on your computer. When the website is called up and the videos are embedded, the IP address is transmitted. This cannot be assigned if you have not logged in to YouTube or another Google service or are permanently logged in before viewing the page. As soon as you start playing an embedded video by clicking on it, YouTube only saves cookies on your computer that do not contain any personally identifiable data thanks to the extended data protection mode. These cookies can be prevented by appropriate browser settings and extensions.

Facebook pixel
We use the "Facebook pixel". This enables us to track the actions of users after they have seen or clicked on a Facebook advertisement. This enables us to record the effectiveness of Facebook advertisements for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see any personal data from individual users. The data is stored and processed by Facebook, about which we will inform you according to our level of knowledge. Facebook can connect this data to your Facebook account and also use it for its own advertising purposes in accordance with Facebook's data usage guidelines (http://www.facebook.com/about/privacy).

We also use the remarketing or "Custom Audience" function of Facebook. This enables us to place individualized, interest-based advertising for visitors to the ottonova website when they are on Facebook or its partners. Facebook uses cookies to analyze website usage. This records the visitors to the website and anonymized data about the use of the website.

Facebook lead forms
We use “lead ads” from Facebook to advise users by phone and email. There is always a data transfer with Facebook. When registering, as a Facebook user, you give the following declaration of consent: "Yes, I revocably consent to ottonova advising me on insurance products by phone or email." Your data will not be transmitted to third parties. Access to your data is limited to ottonova employees.

Amazon Pixel
We use the analysis and conversion tracking technology from Amazon from Amazon.com, Inc., 410 Terry Ave. North Seattle, WA, USA. This enables us to use the so-called visitor interaction pixel to display relevant advertising based on your interests or your behavior. For example, you can see advertisements and references to our offers and content based on your demographic data or your interaction with our website and with Amazon.com. Only general and technical information about pages accessed and products purchased on amazon.com are evaluated. If you generally do not want Amazon to collect cookies, you can prevent the storage of cookies at any time through your browser settings, which could limit the functionality or adjust them directly at www.amazon.com at https://www.amazon.de/adprefs. You can find more information in Amazon's privacy policy. We have no influence on the data collected, nor are we aware of the full scope of the data collection. Further information on the purpose and scope of the data collection and its processing as well as further information on your rights in this regard and setting options to protect your privacy can be obtained from: Amazon EU S.à.rl, Amazon Services Europe S.à. .r. l. and Amazon Media EU S.à.r. l., all three located at 5, Rue Plaetis, L-2338 Luxembourg; Email: [email protected]

Hotjar
Our website uses Hotjar. Analysis software from Hotjar Ltd. is named under this name. designated. You can access the website at http://www.hotjar.com. The company is based in 3 Lyons Range- 20 Bisazza Street- Sliema SLM 1640 in Malta. The software enables us to analyze the usage behavior of our visitors by measuring and evaluating clicks, mouse movements and the like on our website. The information that a tracking code and cookies collect is transmitted to the Hotjar server. This information is primarily device-related data such as the IP address of your device and your e-mail address with your first and last name, provided that you have provided us with this information. The screen size of your device, the device type and browser information such as type and version, your geographical position and your preferred language are also recorded. Typical log file data such as the domain, pages visited and access date and time are also recorded via Hotjar. The software uses this data for evaluation and may use other services from third-party providers such as Google Analytics and others. These service providers can also process and save corresponding user data. By using our website, you consent to the use of Hotjar. You can use the link https://www.hotjar.com/opt-out to prevent Hotjar from collecting and using your data. Please also note the separate data protection declarations of other service providers such as Google Analytics in this data protection declaration.

Outbrain
We use the services of Outbrain UK Limited and for this purpose Outbrain sets a temporary cookie through the browser of your end device. According to Outbrain, no personal, but only technical data (e.g. about your operating system) is stored in this cookie as soon as you interact with the Outbrain network. Your IP address will be anonymized immediately.

You can object to the use of this cookie at http://www.outbrain.com/de/legal/privacy by clicking on the "Opt-Out" button at the end of the page. The site also provides you with additional information on data protection when using the Amplify and Engage technologies from Outbrain UK Limited.

PerformanceHub
We use the conversion tracking technology from PerformanceHub from a + s Online GmbH Stuttgarter Straße 41, 71254 Ditzingen. This enables us to use the so-called measurement pixel to measure when and how many browsers have downloaded this measurement pixel and visited a website. Further information about surfing and buying behavior can also be recorded. This process is made possible with the help of JavaScript. For such an integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address will therefore be transmitted to a + s Online GmbH. This data processing takes place on the basis of your consent on the legal basis of Art. 6 Paragraph 1 Letter a) GDPR. If you would like to object to the use of “PerformanceHub conversion tracking” for the future (“opt out”), you can do so at https://track.performancehub.de/opt-out. Further information on data protection from a + s Online GmbH can be found at as-dialoggroup.de/datenschutz/. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Such an extension is, for example, the matrix-based uMatrix firewall for the Firefox and Google Chrome browsers. Please note that this can lead to functional restrictions on the website.

LinkedIn Pixel
We use the analysis and conversion tracking technology of the LinkedIn platform on our website. With this technology from LinkedIn, you will be shown more relevant advertising based on your interests. We also receive aggregated and anonymous reports on ad activity and information about how you interact with our website from LinkedIn. You can find more information on data protection at LinkedIn here: https://www.linkedin.com/legal/privacy-policy#choices-oblig. You can object to the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations (“opt-out”); click on the field "Reject on LinkedIn (Opt out on LinkedIn on English)" (for LinkedIn members) or "Reject (Opt Out on English)" (for other users) under the following link: https: //www.linkedin. com / psettings / guest-controls / retargeting-opt-out

LinkedIn lead forms
We use “lead ads” from LinkedIn to advise users by phone and email. There is always a data transfer with LinkedIn. When registering, as a LinkedIn user, you give the following declaration of consent: "Yes, I revocably consent to ottonova advising me on insurance products by phone or email." Your data will not be passed on to third parties. Access to your data is limited to ottonova employees.

AdDefend
ottonova uses AdDefend, a service of AdDefend GmbH, Borselstrasse 3, 22765 Hamburg, to display advertising. This service uses cookies to determine whether you have visited a website before. You can object to the use of these cookies by AdDefend at any time by using the opt-out option at https://www.addefend.com/de/opt-out/.

Bing
Our online offers also use conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads will set a cookie on your computer if you accessed our website via a Microsoft Bing ad. Microsoft Bing and we can recognize in this way that someone clicked on an ad, was redirected to our website and reached a previously determined target page (conversion page). We only find out the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is communicated. If you do not want to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies. Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website: privacy.microsoft.com/de-de/privacystatement

Reddit
Reddit is a social news aggregator, a website on which registered users can post and offer content. A piece of content can consist of a link, an image or a text. Other users can judge the contributions as positive or negative. The ratings indicate which position the post occupies on the respective Reddit page as well as the home page. This service is provided by reddit, Inc., c / o Wired, 520 Third St., San Francisco, CA 94107. When you view our website, your browser automatically connects to Reddit to call up a pixel graphic. When the pixel is called up, cookies from the reddit.com domain are also transferred to Reddit. This data is used for visit analysis. The Reddit cookie data is owned by Reddit itself. If you are logged in to Reddit at this time, Reddit will be able to see which Reddit user is accessing which page. If you are not logged in to Reddit or logged out, Reddit is given the opportunity to see which IP address has visited our site. To the best of our knowledge, Reddit does not collect any other personal data. If you'd like to learn more about Reddit's data collection, visit the following URL: http://www.reddit.com/help/privacypolicy

Awin
As an advertiser, ottonova enables other site operators to incorporate advertising material provided by ottonova on their websites as a publisher by means of affiliate marketing. If a user arrives at ottonova via an advertising material provided by ottonova and this results in a sale or conclusion of an ottonova product, the publisher receives a commission. For this purpose, we process data with the help of the Awin affiliate network (AWIN AG, Eichhornstrasse 3, 10785 Berlin). This processing takes place on the basis of an agreement concluded with Awin under joint responsibility in accordance with Article 26 GDPR. The legal basis for processing is the legitimate interest in advertising our offers on the basis of Article 6 (1) (1) (f) GDPR for the purposes mentioned above. In some cases, Awin and the referring publisher may receive and process personal data in order to implement the affiliate marketing campaign together with ottonova. We also receive personal data of potential customers from Awin and the publishers, which can be divided into the following categories: cookie data, data relating to the website, app or technology from which a potential customer was referred to ottonova and technical information about the used device. In some cases, Awin can maintain a restricted user profile. However, this will not reveal the identity, online behavior or other personal characteristics of the user. The sole purpose of this profile is to determine whether a forwarding has started on one device and completed on another. The user data is always recorded pseudonymously. They are not used for any other purpose. This applies in particular to behavior-based user profiles or behavior profiles. Awin uses various technologies to determine the success of an advertising medium and for billing us: Cookies that Awin places on the device when the advertising medium is called up and which expire 90 days afterwards. In this respect, you can prevent cookies from being set in the settings of your Internet browser and delete cookies that have already been set. However, this may affect the appearance of the page. Awin also uses tags to receive transaction data and fingerprinting so that a device can be identified based on its properties. You can find detailed information from Awin here: https://www.awin.com/de/rechtliches.
You can use the link https://www.awin.com/de/rechtliches/cookieoptout to prevent the collection and use of your data by Awin and connected third parties.

Quora
We use Quora services. Quora is operated by Quora, Inc., 650 Castro Street, Suite 450, Mountain View, CA 94041 (“Quora”). We use the analysis and conversion tracking technology from Quora. This enables us to use the so-called visitor interaction pixel to display relevant advertising based on your interests or your behavior on our website. For example, you can see advertisements and references to our offers and content based on your demographic data or your interaction with our website. Only general and technical information about the pages accessed is evaluated. If you generally do not want the data to be recorded by Quora, you can prevent the storage of cookies at any time using your browser settings, which could limit functionality.
You can find more information about Quora in Quora's privacy policy.

FinanceAds
We participate in the partner program of financeAds GmbH & Co. KG, Karlstrasse 9, 90403 Nuremberg, Germany (hereinafter "FinanceAds"). FinanceAds is a German affiliate network that offers affiliate marketing. Affiliate marketing is an internet-based form of sales that enables commercial operators of internet sites to display advertisements on third-party websites that are mostly rewarded with click or purchase fees. An advertising medium is made available via the affiliate network, e.g. advertising banners or other suitable means of Internet advertising, which are then integrated by an affiliate on their own Internet pages. We use cookies from FinanceAds for this. FinanceAds can recognize, among other things, that a partner link that leads to our website has been clicked.
This information is required for payment processing between us and FinanceAds. If the information also contains personal data, the processing described takes place on the basis of our legitimate financial interest in processing payment claims with FinanceAds in accordance with Art. 6 Para. 1 lit. f GDPR. Further information on the use of data by FinanceAds can be found in the FinanceAds data protection declaration at https://www.financeads.net/aboutus/datenschutz/.
If you want to block the evaluation of user behavior via cookies, you can set your browser so that you are informed about the setting of cookies and individually decide whether to accept them or to exclude the acceptance of cookies for certain cases or in general.

Criteo
We use the online marketing service of the provider Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany.
Our website uses cookies / advertising IDs for advertising purposes. This enables us to show our advertising to visitors who are interested in our products on partner websites, apps and emails. Retargeting technologies use cookies or advertising IDs and display advertising based on your previous browsing behavior. To opt out of this interest-based advertising, please visit the following websites: http://www.networkadvertising.org/choices/, http://www.youronlinechoices.com/.
We can exchange information such as technical identifiers from your registration information on our website or our CRM system with reliable advertising partners. This allows your devices and / or environments to be linked and to offer you a seamless user experience with the devices and environments you use.
For more details on these linking capabilities, as well as the option to object (opt-out), please refer to the data protection guideline, which you can find on the aforementioned platforms or the explanations below: Criteo's data protection policy: http://www.criteo.com/de/privacy.

Snapchat pixels
Our website uses the so-called "Snapchat pixel" of the social network Snapchat, which is used by Snap Inc., 63 Market Street, Venice, CA 90291, USA. Snapchat is certified under the EU-U.S. Privacy Shield and guarantees compliance with the data protection level applicable in the EU (https://www.snap.com/de-DE/privacy/privacy-shield/). Further additional information for users in the European Union can be found here: https://www.snap.com/de-DE/privacy/privacy-policy/#european-union-users.
The processing of the data by Snap Inc. takes place within the framework of Snapchat's data usage guidelines. Accordingly, general information on the presentation of Snapchats ads in the data usage guidelines of Snapchat: https://www.snap.com/de-DE/privacy/privacy-by-product/. Special information and details about the Snapchat pixel and how it works can be found in the help section of Snapchat: https://businesshelp.snapchat.com/en-US/a/snap-pixel-about.

Purpose of data processing:

  • We use Snapchat pixels for the purpose of analyzing, optimizing and operating our website economically.
  • With the help of the Snapchat pixel, Snap Inc. is able to identify the visitors to our website as the target group for the presentation of advertisements (so-called “Snapchat ads”). Accordingly, we use the Snapchat pixel to show the Snapchat ads we have placed only to Snapchat users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are based on the visited Websites) that we transmit to Snapchat (so-called "Custom Audiences").
  • With the help of the Snapchat pixel, we also want to ensure that our Snapchat ads correspond to the potential interest of the users and are not annoying.
  • With the help of the Snapchat pixel, we can also understand the effectiveness of the Snapchat ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Snapchat ad (so-called "conversion").

Legal basis for data processing:

  • The legal basis for the processing of personal data using Snapchat pixels is Article 6 Paragraph 1 Letter f) GDPR, i.e. a legitimate interest on our part. Our legitimate interest lies specifically in the analysis, optimization and economic operation of our website and our online offers.

Opposition and removal option / opt-out:

  • You can object to the recording by the Snapchat pixel and use of your data to display Snapchat ads. In order to set which types of advertisements are shown to you within Snapchat, you can call up the function available in the Snapchat app. You can also use cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/ choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Taboola's Content Discovery data protection declaration
This website uses Taboola's content discovery technology to recommend other online content that may be of interest to you. In order to manage these recommendations, Taboola collects information about your device and your behavior on this website (and other partner sites) using cookies and similar technologies. For more information, see Taboola's data protection guidelines here or click here for the opt-out clause. The legal basis for the collection and transmission of data is Article 6, Paragraph 1, Letter a) GDPR.
Visitor pixel from Taboola
A visitor pixel and cookies Taboola Inc., 28 West 23rd St., 5th fl., New York, NY 10010, USA are used on our website to measure conversion. In this way, the behavior of users can be tracked after they have been forwarded to the provider's website by clicking on a Taboola advertisement. This procedure is used to evaluate the effectiveness of the Taboola advertisements for statistical and market research purposes and can help to optimize future advertising measures. The data collected is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. For more information, see Taboola's data protection guidelines here or click here for the opt-out clause.

TikTok Pixel
We use the TikTok Pixel on our website. The TikTok Pixel is a TikTok Advertiser Tool from the two providers

1. TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
2. TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both of which are hereinafter jointly referred to as “TikTok”).

The TikTok Pixel is a JavaScript code excerpt that enables us to understand and track the activities of visitors to our website. The Tiktok Pixel collects and processes information about the gifts on our website or the devices used (so-called event data).

The event data collected via the TikTok Pixel is used to target our advertisements and to improve the delivery of advertisements and for personalized advertising. For this purpose, the event data collected on our website using the TikTok pixel is transmitted to TikTok.

In part, this event data is information that is stored in the device you are using. In addition, the TikTok Pixel also uses cookies, which store information on the device you are using. Such storage of information by the TikTok Pixel or access to information that is already stored in your device only takes place with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Article 6 Paragraph 1 Letter a GDPR. You can revoke your consent at any time using our consent management tool.
For more information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights with TikTok, see TikTok's privacy policy at: https://www.tiktok.com/legal/privacy -policy? lang = de-DE.

Pinterest tag
We use the Pinterest tag of Pinterest Europe Limited (Pinterest Europe) on our website. Information on the contact details of Pinterest Europe and the contact details of the data protection officer of Pinterest Europe can be found in the data policy of Pinterest Europe at https://policy.pinterest.com/de/privacy-policy.

The Pinterest tag is a JavaScript code excerpt that enables us to track the activities of visitors on our website. The Pinterest tag collects information about the use (e.g. information about viewed items) in joint responsibility by us and Pinterest Europe and transmits it to Pinterest Europe

With the help of the Pinterest tag, Pinterest is able to determine the visitors to our online offer as a target group for the presentation of advertisements on the social media platform Pinterest (so-called “Pinterest ads”). Accordingly, we use the Pinterest tag in order to only display the Pinterest ads placed by us to those Pinterest users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are based on the visited Websites) that we transmit to Pinterest. With the help of the Pinterest tag, we also want to ensure that our Pinterest ads correspond to the potential interest of the users and are not annoying. With the help of the Pinterest tag, we can also understand the effectiveness of the Pinterest advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Pinterest advertisement.

In some cases, information is processed that is already stored in the device you are using, or additional information is stored on the device. Such storage of information by the Pinterest tag or access to information that is already stored in your device only takes place with your consent. The legal basis for the collection and transmission of personal data to Pinterest Europe is therefore Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent at any time using our consent management tool.

You can also deactivate behavior-controlled advertising on the Internet on Pinterest in your personalization settings or on the AdChoices website at optout.aboutads.info.

You can find more information on data protection at Pinterest Europe here: https://policy.pinterest.com/de/privacy-policy.

E-mail addresses and personal data for advertising purposes (e.g. newsletter)
You can order our free newsletter via our website, which informs you about ottonova and new offers. We use the so-called double opt-in procedure. After placing your order, you will first receive a message asking you to confirm the order by clicking on the link. When you register for our newsletter, you provide us with your email address and, optionally, other data. We use this information exclusively to send you the newsletter. The data you entered when registering for the newsletter will be stored by us until you unsubscribe from our newsletter. You can unsubscribe from the newsletter at any time. A message in text form to su[email protected] is sufficient for this.
Of course, there is also a corresponding unsubscribe link in every newsletter. By unsubscribing, you object to the use of your email address. In exceptional cases, the unsubscribe process can take a few days. In addition, your transmitted and automatically generated information will be used to design advertising tailored to you and your interests, provided you have selected this option in the double opt-in email. In order to be able to send you even more targeted offers and information tailored to you, we will also use the information you provided on our website if you have opted for personalized advertising. If you no longer want to receive personalized emails, you can object to this at any time. A message in text form to [email protected] is sufficient for this.
We also use your email address, which we receive in connection with the sale of our insurance products, exclusively for direct advertising in the form of our newsletter for our own similar insurance products and for customer surveys on our products and services, provided you have not objected to this use. You can object to the use of your email address at any time without incurring any costs other than the transmission costs according to the basic tariffs. Your objection (and thus the cancellation of our newsletter) can be exercised by sending a message to [email protected]

8. Information on further data processing methods

Information on the application process

Implementation of the application process
Implementation of the application process
Categories of recipients:
  • Public bodies in the event of overriding legal provisions.
  • External service providers or other contractors, e.g. for data processing and hosting.
Application data will usually be deleted within six months after notification of the decision, unless consent has been given to longer data storage within the framework of inclusion in the applicant pool.

Specific information on the processing of customer data / prospect data

data communicated to ottonova Krankenversicherung AG for the execution of the contract; Any additional data for processing on the basis of your express consent.
for the assessment of the insurance risk before the conclusion of the insurance contract, for the implementation of the contractual relationship and in the event of a claim by ottonova Krankenversicherung AG.
Categories of recipients:
  • Public bodies in the event of overriding legal provisions
  • External service providers or other contractors, e.g. for data processing and hosting, assistance services, for shipping, transport and logistics, service providers for printing and sending information and call centers.
  • Other external bodies as far as the data subject has given his consent or a transmission is permitted due to an overriding interest, e.g. for credit information.
Data from interested parties before the risk assessment is carried out will be deleted after 6 months. After the risk assessment, the data of interested parties will be stored for 3 years. We delete other data using an automated process when the statutory or contractual retention period has expired or if the data is no longer required.

Participation in the Payback program

ottonova Krankenversicherung AG, Ottostraße 4, 8033 Munich, phone: +49 89 26 2098 000, email: [email protected]
PAYBACK number, PAYBACK points, application and policy date, tariff concluded, start of insurance cover, contract termination / cancellation
Participation in the Payback program / crediting of points
Categories of recipients:
  • Public bodies in the event of overriding legal provisions.
  • Payback GmbH, Theresienhöhe 12, 80339 Munich
  • External service providers or other contractors who are involved in the data processing (e.g. hosting provider)
Until the point credit is processed (usually a maximum of 215 days).

Specific information on the processing of employee data

Data communicated for the execution of the contract in the context of the employment relationship; Any additional data for processing on the basis of your express consent.
Execution of the contract in the context of the employment relationship.
Categories of recipients:
  • Public bodies if there are priority legal provisions, including tax office, social security agency, professional association.
  • External service providers or other contractors, e.g. for data processing and hosting, for payroll accounting, for travel expense accounting.
  • Other external bodies as far as the data subject has given his consent or a transmission is permitted due to an overriding interest.
The duration of the data storage is based on the statutory retention requirements and is usually 10 years.

9. Adaptation and update of the data protection principles

If ottonova introduces new products or services or if the technologies for data protection and information security develop further, this can affect the data protection principles. We therefore reserve the right to change or add to the principles as required. We will publish every change here so that you can keep track of what data we collect, how we use it and under what circumstances we may disclose it. If we use personal data in a different way than when it was collected in the future, we will publish this here.

10. Questions about our data protection or your data?

You can contact the ottonova data protection officer at any time if you have any questions, suggestions or complaints about data protection issues, if you want to object or withdraw.
The ottonova data protection officer is lawyer Dr. Sebastian Kraska and you can reach him by email at [email protected] or at:

IITR GmbH
Marienplatz 2
80331 Munich
(089) 1891736 - 0

Right to information and correction of stored personal data
According to the General Data Protection Regulation (GDPR) you have the right to free information about your data stored by us and their use. In addition, you can assert your claims for correction or deletion or for restriction of processing or the exercise of your right to object to processing and the right to data portability at any time. Here you will find the possibility to contact us by email or letter. You also have the right to contact the data protection supervisory authority in the event of complaints.

Open data protection settings