RVM logo in red with the lettering “A PASSION FOR SAFETY” - More information and service contents
Directions
Contact us

Data protection

The protection of personal data is important to us. We therefore process the personal data of our employees, customers and business partners in accordance with the applicable legislation on the protection of personal data and data security. This Privacy Policy describes the types of personal data we collect, how this data is used, to whom it is transmitted and what rights data subjects have in connection with our processing of the data. We also describe the measures we take to ensure data security and how data subjects can contact us if they have any questions about our data protection practices.

For questions, complaints, information and advice on data protection at RVM, please contact datenschutz@rvm.de or the external data protection officer named in the policy.

PRIVACY POLICY

RVM Versicherungsmakler GmbH
Arbachtalstraße 22, 72800 Eningen
Telephone 07121 923-0, datenschutz@rvm.de

A. DATA PROTECTION ORGANISATION

RVM has appointed an external data protection officer (DPO) in accordance with Art. 37 – 39 GDPR / § 38 BDSG:

Tabea Knabe, phone 07121 923-1364, datenschutz.extern@rvm.de

The DPO shall perform the tasks assigned to him/her under this Directive, applying his/her expertise without being bound by instructions. The DPO is responsible for notifications, information, etc. to the data protection supervisory authorities.

The corporate departments provide the necessary information, documents etc. for this purpose. The same applies to enquiries, complaints or requests for information. Any employee of our company can contact the DPO directly with information, suggestions or complaints; absolute confidentiality will be maintained on request.

If RVM is unable to resolve an enquiry or complaint, data subjects have the right to lodge a complaint with the supervisory authority in whose federal state the company is based. For RVM, this is the Baden-Württemberg State Commissioner for Data Protection (https://www.baden-wuerttemberg.datenschutz.de/).

RVM transfers data to insurers and service providers in order to provide the insurance cover you have requested. Furthermore, to public bodies and institutions if there is a legal obligation to do so. We will provide you with an overview of our business partners on request.

B. SCOPE OF APPLICATION

This policy regulates data protection-compliant information processing and the corresponding responsibilities at the above-mentioned company (and its branch(es)) on the basis of the legal regulations of the European Data Protection Basic Regulation (GDPR) and the Federal Data Protection Act (BDSG). All employees are obliged to comply with this policy.

It is aimed in particular at:

  • Employees
  • Customers
  • Interested parties
  • Insurer
  • Service provider

The following principles apply:

  • Protection of personal rights
  • Purpose limitation of personal data
  • Transparency
  • Data avoidance and data minimisation
  • Factual accuracy/up-to-dateness of the data
  • Confidentiality in data processing
  • Security in data processing
  • Erasure and restriction of processing of data on request

C. DEFINITIONS OF TERMS (ART. 4 GDPR)

Personal data is individual information about the personal or factual circumstances of a natural person (data subject). Examples: Surname, first name, date of birth, address data, contract data, e-mail content.

Special personal data includes information about racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life, as well as financial circumstances.

The controller is any person or organisation that collects, processes or uses personal data for itself or has this carried out by others on its behalf.

D. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA (ART. 5 + 6 GDPR)

The collection, processing and storage of personal data in our company takes place on the basis of the brokerage mandate used by us and the applicable documents (such as brokerage authorisation, consent to data processing, which are signed separately). We do not act without a specific mandate and a declaration of consent under data protection law from our clients (in the case of children and young people, consent is given by their legal guardians). We document our activities extensively via our broker management programme and maintain specific procedural instructions for the execution of our orders. Profiling does not take place in our company. The data is processed exclusively for the agreed purposes.

The data of our customers will be deleted after cancellation of the brokerage contract in accordance with the statutory provisions, in particular the provisions on statutory retention periods . The periods may be extended accordingly for the defence of possible legal claims. Restriction of processing takes the place of erasure.

E. COMMITMENT TO CONFIDENTIALITY

All employees are obliged to maintain confidentiality and to comply with the work instructions and this guideline when they take up their duties. The obligation is renewed annually and remains in force even after the end of their employment.

F. PROCESSING OVERVIEWS (ART. 30 GDPR)

We use internal process overviews (register of processing activities) to create transparency within the company and check whether our processes pose particular risks to the rights and freedoms of data subjects and are therefore subject to a prior check / data protection impact assessment. There is an obligation to keep these overviews available for inspection by the authorities.

G. PROCUREMENT OF HARDWARE AND SOFTWARE

All hardware required for our work processes (computers, monitors, keyboard, mouse and peripheral devices such as scanners or printers) is controlled according to internal guidelines. The computers are already configured for the employees and equipped with the corresponding programmes that we use as standard.

H. PASSWORD GUIDELINES

Individual authentication is necessary to ensure secure access to our systems. Internal regulations have been drawn up for this, which all those involved must adhere to.

I. TECHNICAL AND ORGANISATIONAL MEASURES

We take all possible measures that are suitable in accordance with the current state of the art and organisationally to prevent unauthorised persons from gaining access to the personal data stored by us. To this end, we keep separate records to document the requirements for the security of data processing.

A transfer to third countries is currently not planned.

J. RIGHTS OF DATA SUBJECTS (ARTICLES 12 – 23 GDPR)

The data subject may request information about which personal data of which origin is stored about him/her and for what purpose. If the employment relationship provides for further rights of access to the employer’s documents (e.g. personnel file) in accordance with the applicable labour law, these remain unaffected.

If personal data is transferred to third parties, information must also be provided about the identity of the recipient or the categories of recipients.

If personal data is incorrect or incomplete, the data subject may request that it be corrected or completed.
The data subject may object to the processing of their personal data for the purposes of advertising or market and opinion research. For these purposes, the data must be restricted (blocked) for processing.

The data subject is entitled to request the erasure of their data if the legal basis for the processing of the data is missing or has ceased to exist. The same applies in the event that the purpose of the data processing no longer applies due to the passage of time or for other reasons. Existing retention obligations and interests worthy of protection that conflict with erasure must be observed.

The data subject has a fundamental right to object to the processing of their data with effect for the future, which must be taken into account if their legitimate interest outweighs the interest in processing due to a particular personal situation. This does not apply if there is a legal obligation to carry out the processing.

The data subject has the right to data portability. This means the right to receive the personal data in a structured, commonly used and machine-readable format. The freedoms and rights of other persons must not be affected by this.

The data subject has the right to lodge a complaint with the supervisory authority in whose federal state the company is based. The supervisory authority responsible for RVM can be found at the beginning of the description of our data protection organisation.

K. PROCEDURE IN THE EVENT OF “DATA BREACHES” (ARTICLE 33 GDPR)

Every employee should immediately report cases of violations of this Data Protection Policy or other regulations for the protection of personal data (data protection incidents) to their respective supervisor, the management or the DPO. The responsible manager is obliged to inform the DPO immediately of data protection incidents.

In cases of unlawful transfer of personal data to third parties, unlawful access to personal data by third parties or loss of personal data, the reports provided for in the company must be made immediately so that existing reporting obligations for data protection incidents under national law can be fulfilled.

L. COOKIES WHEN USING THE WEBSITE

So-called temporary cookies (session cookies) are used on the www.rvm.de website to facilitate navigation. These session cookies do not contain any personal data and expire at the end of the session.

Technologies that make it possible to track the access behaviour of users are not used.

M. SSL ENCRYPTION OF THE WEBSITE

This site uses SSL encryption for security reasons and to protect the transmission of confidential content. You can easily recognise the use of encryption by the fact that https:// is displayed in your browser line and by the lock symbol. Data encrypted via SSL cannot be read by third parties. Only send your confidential information when SSL encryption is activated and contact us if you are in any doubt.

N. USE OF THE CONTACT FORMS

When using the contact forms, the data you enter will only be used to answer your enquiry. We will contact you on the basis of your enquiry. The data will not be used for other purposes or passed on to third parties.

O. ONLINE CLAIMS PROCESSING

We use AI-supported systems to process claims, which assist us in analysing and evaluating claims reports. Processing is carried out exclusively in accordance with applicable data protection laws, in particular the GDPR. Personal data is only used to the extent necessary for processing the respective claim. No automatic decisions with legal effect are made; our employees review all results. All data is processed securely and stored for no longer than required by law.

When using the online claims centre, a login with access data is required, which you will receive from RVM. The data collected as part of a claims notification is only used to process the claim. The legal basis for this data processing is the contract concluded between you as the customer and RVM.

P. ONLINE APPLICATION

When using the online application form, only the data required to process the application will be collected and processed. The data will not be used for other purposes or passed on to third parties.

Q. VIDEO APPLICATION TO TALENTCUBE

Please note the data protection information on the provider’s website.

R. USE OF THE RVM PENSION PORTAL

Please note the data protection information in the pension portal.

S. NEWSLETTER

You can register on our website to receive our newsletter. We need your e-mail address for this. In addition, we must check, in compliance with the relevant legal regulations, whether you are actually the owner of the e-mail address provided and would like to receive the newsletter. We therefore collect information that makes such verification possible.

The data collected in this context is used to send and receive the newsletter. They have no other purpose and are not passed on to third parties.

Apart from the information required for sending the newsletter, no other data is collected by us. As sending and receiving the newsletter is dependent on your consent, you can revoke this consent to the collection and storage of your data at any time without giving reasons. To do so, use the “unsubscribe link” provided in the newsletter.

T. SOCIAL MEDIA

We have a presence on various social networks. These are listed in detail below. Customers, interested parties and users can use them to communicate with us and find out about our activities and products.

In this context, we would like to point out that user data may also be processed outside the European Union. This may result in risks for the users of our social network pages.

Social networks generally also use user data for the purposes of market research and advertising. For example, user behaviour is used for personalised advertisements. The interests of users are taken into account. To achieve this, cookies are stored on users’ devices, which allow conclusions to be drawn about user behaviour and their interests.

The processing of personal data in social networks is carried out by us on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. Our aim is to ensure effective communication with users and to inform you about our services and products. If consent to data processing is required, the processing is carried out in accordance with Art. 6. para. 1 sentence 1 lit. a. and Art. 7 GDPR.

It is not possible for us to track all processing operations of the social networks. Therefore, please address requests for information directly to the individual operators of the social networks. Only the provider has access to the user data and can therefore provide information or take appropriate measures in the event of the assertion of user rights. However, you can also contact us or our data protection officer if you have any questions regarding data protection law.

Please refer to the individual pages for further details and objection options.

LinkedIn:

The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be found at:

https://www.linkedin.com/legal/privacy-policy?_l=de_DE

YouTube:

YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find Google’s privacy policy at https://policies.google.com/privacy.

Instagram:

The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.

You can find Instagram’s privacy policy at

https://help.instagram.com/519522125107875

XING

The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. You can find XING’s privacy policy at

https://privacy.xing.com/de/datenschutzerklaerung

Status: 01.01.2023 / Eningen