1. Preliminary remark
From 25 May 2018, the General Data Protection Regulation (GDPR) and the revised Federal Data Protection Act (BDSG-neu) will apply. These regulate the processing of personal data and, in particular, provide for extended information obligations for the processing of data. These information obligations also apply to the processing of intermediaries’ personal data by insurance companies. The data of legal entities is not subject to these regulations. In order to simplify implementation and improve transparency, the companies of the Newline Group provide their intermediaries with the necessary information on data processing in this information sheet, regardless of whether the respective intermediary operates as a legal entity, partnership or natural person.
The following information does not affect the intermediaries’ own information obligations. Under the GDPR, intermediaries are obliged to ensure that their companies process data properly.
2. Data controller
Newline Europe Versicherung AG
Schanzenstr. 38, Building 81
51063 Cologne
info@newlinegroup.de
(hereinafter referred to as “we”) is the controller within the meaning of the EU General Data Protection Regulation (“GDPR”).
You can contact our data protection officer by post at the above address, adding “Data Protection Officer” or by email at:datenschutz@newlinegroup.de .
3. Purpose of data processing and legal basis
The processing of personal agent data serves to conclude and fulfil the brokerage agreement. This includes, among other things, commission statements, reliability checks, production statistics and production control. The legal basis for data processing is Art. 6 (1) (a) and (b) GDPR.
If a brokerage agreement does not yet exist or is not concluded, the processing of personal data for pre-contractual and contractual purposes is based on Art. 6 (1) b) and, where applicable, also on (1) a) GDPR.
4. Categories of data processed and recipients of the data
We process the following categories of data:
- Master data (name/company, address)
- Bank details
- Communication data
- IHK registration
- Tax number
- Commission details
- AVAD information
The recipients of this data are companies belonging to the Newline Group and the Odyssey Group (including Newline Insurance Company Limited, Newline Underwriting Management Limited, Odyssey Reinsurance Company) and service companies/service providers as well as authorities within the scope of existing reporting and notification obligations. If we transfer data to group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g. EU standard contractual clauses) are in place. You can request these from one of the above contact addresses.
5. Credit information
We also request information from the Verband der Vereine Creditreform Boniversum e. V., Hellersbergstraße 12, 41460 Neuss, Germany, to assess the solvency or general payment behaviour of intermediaries. For this purpose, we provide Creditreform with the name and address of the respective intermediaries. We then usually receive information from Creditreform on bank details, shareholdings, turnover and employee numbers, an assessment of the business relationship and a credit rating index. If an affidavit has been requested or submitted, or if insolvency proceedings have been requested or opened, we will also be notified of this. The credit rating index is based on the Basel II criteria. The index ranges from 100 to 600 points. 500 and 600 points are considered a default, while an index of up to 250 points indicates good creditworthiness. The credit rating information is provided on the basis of written consent, which can be revoked at any time. Refusal or revocation of consent may result in a brokerage/agency agreement not being concluded or having to be terminated. Further details can be found in the information provided in the declaration of consent.
With regard to the rights of intermediaries, section 7 below applies accordingly, whereby the contact person in this respect is also the data protection officer of the Verband der Vereine Creditreform e. V. (Association of Creditreform Associations) at the above address.
6. Storage period
We delete your personal data as soon as it is no longer required for the above-mentioned purposes. In doing so, it may happen that personal data is stored for the period during which claims can be asserted against our company (statutory limitation period of three years or, in the case of titled claims, up to thirty years, for example). In addition, we store your personal data for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and retain data, which are regulated, among other things, in the German Commercial Code, the German Fiscal Code and the German Money Laundering Act. The storage periods are up to ten years.
7. Your rights
You may request information about the data stored about you. In addition, under certain circumstances, you may request the correction or deletion of your data.
You may also have the right to restrict the processing of your data and the right to have the data you have provided released in a structured, commonly used and machine-readable format. To assert these rights and in the event of a complaint, please contact the offices listed above under 2.
8. Supervisory authority
You can contact our data protection supervisory authority, the State Commissioner for Data Protection in North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.
9. Provision of data
The provision of your data is mandatory. Without the provision of your data, a brokerage agreement cannot be concluded and fulfilled.