1. Overview and scope of application

Below you will find information on the scope of application, the person responsible for data processing and we will give you an overview of the type, scope and purpose of the personal data collected by GGW Group GmbH, which is collected both when you visit this website and during other processing under our responsibility that is not related to the website.

1.1 The person responsible for
data processing – i.e. the person who decides on the purposes and means of processing personal data – is

novitas special risk Versicherungsmakler GmbH
Hamburger Street 50
D – 22926 Ahrensburg
E-mail: info@novitas-hamburg.de

1.2 Data protection officer
You can contact our data protection officer as follows:

Johannes Dahmlos
Willhorner Heide 17
25474 Ellerbek

  1. Data processing

2.1 Information on data processing
Care and transparency are the basis for a trusting working relationship. We therefore inform you here about how we process your data and how you can exercise
the rights to which
you are entitled
under the General Data Protection Regulation (GDPR).

2.1.1 Scope of the processing of personal data
We only process the personal data of our users insofar as this is necessary to provide and optimise a functional website and our content and services.
 The processing of our users’ personal data only takes place regularly with your consent. An exception applies in cases where the processing of data is permitted
by law or on the basis of another legal basis.

2.1.2 Legal basis for the processing of personal data
Insofar as we obtain
consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract to which you are a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to pre-contractual measures. Insofar as the processing of personal data is necessary to safeguard our legitimate interests, Art. 6 para. 1 lit. f GDPR serves as the legal basis.

2.1.3 Data erasure and storage duration
We do not store your data for longer than we need it for the respective processing purposes. If the data is no longer required because the purpose for which it was stored no longer applies, it is regularly erased unless it is still necessary to store it for a limited period of time. Reasons for this may include the following:

  • The fulfilment of retention obligations under commercial and tax law.
  • Obtaining evidence for legal disputes within the scope of the statutory limitation period.

It is also possible for us to continue to store your data if you have expressly given us your consent to do so.

2.1.4 No obligation to provide There is neither a contractual nor a legal obligation to provide personal data.
 In the case of required data (data that is labelled as mandatory when it is entered), failure to provide it means that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.

2.1.5 Transmission to state authorities
We only transmit personal data to state authorities (including law enforcement authorities) if this is necessary
to fulfil a legal obligation (legal basis: Art. 6 para. 1 lit. c GDPR) or to assert, exercise or defend legal claims (legal basis Art. 6 para. 1 lit. f GDPR).

2.1.6 Hosting with external service providers
Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centres and also process personal data on our behalf in accordance with our instructions. These service providers process the data exclusively in the EU.
We use within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). GDPR) content or service offers from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always presupposes that the third-party providers of this content recognise the IP address of the user as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as being linked to such information from other sources.

2.1.7 Categories of recipients
In order to fulfil our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies and external service providers.
Data may be exchanged
within the companies of GGW Group GmbH. We will provide a current overview of the GGW Group GmbH companies on request.

2.1.8 Data categories
When you contact us, we process your personal data. In addition, we also process your personal data to fulfil legal obligations, to protect a legitimate interest or on the basis of your consent. For all tasks, we may also use data provided to us by third parties.
 Depending on the legal basis, we process the following categories of personal data:

  • Personal master data: Title, form of address/gender, first name, surname, date of birth
  • Address data: Street, house number, postcode, city, country
  • Communication data: Telephone, e-mail address, fax
  • Nationality
  • Application data: Profession, career path, proof of qualifications, CV, certificates, pictures
  • Marital status
  • Access data: Date and time of the visit to our service; the page from which the accessing system reached our site; pages accessed during use; data for session identification (session ID); also the following information of the accessing computer system: internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

2.2 Accessing the website
This section describes how we process your personal data when you access the website. In particular, we would like to point out that the transmission of access data to external content providers is unavoidable due to the technical functioning of information transmission on the Internet.

 Information on processing
When you visit our website www.ggwgroup.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted.

This may include, for example, the following data: a) IP address of the requesting computer, b) date and time of access, c) name and URL of the file accessed, d) website from which access is made (referrer URL), e) browser used and, if applicable, the operating system of your computer and the name of your access provider. The aforementioned data is processed by us for the following purposes: a) to ensure a smooth connection to the website, b) to ensure convenient use of our website, c) to analyse system security and stability and for other administrative purposes. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above.

  • Data category: Access data
  • Purpose: Connection establishment, display of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosis
  • Legal basis : Protection of legitimate interests (Art. 6 para. 1 lit. f GDPR)
  • Where applicable, legitimate interest: proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems
  • Storage period: 7 days
  • Recipient: IT security service provider, hosting service provider

2.3 Application
In an ongoing application process, we process your personal data in the following ways:

2.3.1 Information on processing

  • Data category:
    a. Personal master data
    b. Address data
    c. Contact data
    d. Application data
  • Intended purpose:
    a Identification, establishment of contact, age verification
    b. Identification, establishment of contact, communication for contract initiation
    c Identification, contact
    , communication for contract initiation
    d. Applicant selection
  • Legal basis: Section 26 BDSG-new in conjunction with Art. 88 GDPR
  • Storage period: 6 months
  • Recipient: HR department
  1. Rights of data subjects

3.1 Right to information
You have the right to know whether personal data concerning you is being processed by us, what personal data this may be, and to receive further information in accordance with Art. 15 GDPR.

3.2 Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration

3.3 Right to object
You have the right to object, on grounds relating to your particular situation, at any time with future effect to processing of personal data concerning you which is based on point (e) or (f) of
Article 6(1) GDPR.
 You can exercise your right to object free of charge.

3.4 Right to erasure (“right to be forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds specified in Art. 17 (1) GDPR applies and the processing is not necessary for one of the purposes specified in Art. 17 (3) GDPR.

3.5 Right to restriction of processing
You are entitled to request a restriction on the processing of your personal data if one of the conditions set out
in Art. 18 para. 1 lit. a to d GDPR is met.

3.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us or to have it transmitted directly by us, where technically feasible. This should always apply if the basis for data processing is consent or a contract and the data is processed automatically. This therefore does not apply to data held only in paper form.

3.7 Right to withdraw consent/
If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3.8 Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. The
following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Status: 14.11.2023