Privacy policy

We are aware that the protection of your privacy is important to you when using our Internet pages. At this point we would like to inform you about our principles for processing data.


Please note, that only the german version of this website ist legally binding.

In the interest of both parties, we take our task of ensuring the confidentiality of your data within the framework of the applicable provisions of data protection law very seriously. We use modern techniques to conduct the dialogue with you via the Internet and to secure your data. 

For us, the Internet is an important sales, information and contact channel to our customers, business partners and, via the career site, also to our applicants. Nevertheless, many users of the Internet are still very often uncertain and distrustful about whether and which of their personal data is being processed by whom. We would like to dispel these reservations. The protection of the personal rights of our customers and business partners and the security of your personal data is of utmost importance to us. You can rely on this. Accordingly, the principle of data avoidance and data security has top priority for us.

With the help of the following guidelines, we would like to make the subject of data collection, processing, use and storage transparent to you and answer as many questions as possible about data protection in connection with our Internet presence.

If you are interested in our company as an employer and apply for a job advertisement via our applicant portal, supplementary data protection regulations apply, which are automatically made available to you during the application process.  

Should any questions remain unanswered or if you would like to find out about specific individual questions, please send us an e-mail to or

This declaration on data protection applies to all our Internet pages. Insofar as legally binding declarations are made in the name of the ALTE LEIPZIGER - HALLESCHE Group in the following, they apply equally to all companies belonging to the ALTE LEIPZIGER - HALLESCHE Group. Insofar as our Internet pages contain hyperlinks or references to other Internet pages, no responsibility is assumed for the data protection principles and possible breaches of data protection that occur when visiting and using these Internet pages.

Our Internet presence may contain links to websites of other providers (external links) to which this data protection declaration does not apply. These websites are subject to the liability of the respective operators. Should you notice that links on our Internet presence refer to websites whose contents violate applicable law, please notify us by sending an e-mail to or We will then immediately remove these links from our Internet presence. The companies in the ALTE LEIPZIGER - HALLESCHE Group accept no responsibility for the topicality, correctness, completeness or quality of the information provided.

The person responsible in accordance with Art. 4 section 7 DSGVO and other national data protection laws of the member states of the European Union and other data protection regulations is


for the ALTE LEIPZIGER companies
ALTE LEIPZIGER Lebensversicherung a.G.

Alte Leipziger-Platz 1
61440 Oberursel
tel. 06171 66-00
fax 06171 24434

     for the HALLESCHE
HALLESCHE Krankenversicherung a.G. 
Reinsburgstra├če 10
70178 Stuttgart
tel. 0711 6603-0
fax 0711 6603-333



1. What are the relevant legal bases for the protection of your personal data?


The processing of personal data during your visit to our website is always based on data protection regulations. These include in particular the EU-Datenschutz-Grundverordnung (DSGVO) (= EU General Data Protection Regulation as well as the Bundesdatenschutzgesetz (BDSG) (= Federal Data Protection Act) and the Versicherungsvertragsgesetz (VVG) (= Insurance Contract Act). Insofar as the Internet is also used to offer products, the provider as a teleservice provider is also subject to the legal provisions of the e-Privacy-Verordnung und des Telemediengesetzes (TMG) (= e-Privacy Regulation and the Telemedia Act) within the framework of the provider-user relationship. The legal requirements of these legal provisions in the currently valid version are also taken into account within the framework of the Internet presence of the ALTE LEIPZIGER - HALLESCHE Group - insofar as they are relevant
2. Which personal data is collected and how is it processed?
2.1 Informational use of our Internet pages

During your visit to our website, you can navigate freely on our generally accessible web pages without disclosing any personal information. When you visit our website for purely informational purposes, only the data that your browser transmits to our servers is collected. This includes the domain name and the IP address assigned to you by your Internet provider, the operating system of your PC and your browser type. The website from which you visit us, the websites that you visit on our site and the time of access are also automatically stored for a maximum of seven days. The legal basis for the temporary storage of this data in log files is Art. 6 section 1 lit. f DSGVO and is for the purpose of maintaining IT security. This data processing is absolutely necessary for the operation of our Internet pages, and in this respect there is no possibility of objection. Conclusions about your person and the creation of user profiles are not possible. In particular, you can make use of our tariff and premium calculators without providing personal data. In order to receive an individual product offer, to make a purchase or a contract or to contact us via a contact form, we need your personal data. You provide this information voluntarily and it will only be forwarded to us with your express consent. Areas of our website where personal data is collected are secured by SSL encryption. If you use this opportunity to contact us, your details will be processed and automatically stored for the purpose of answering your inquiry in accordance with Art. 6 section 1 lit. c DSGVO. We will delete the inquiries if they are no longer necessary and no legal archiving obligations apply.


2.2 Special access data

When you use one of our various service offers, such as changing your address, reporting a claim or other ways of contacting us, the personal data entered in these forms is transmitted from your PC in encrypted form according to internationally recognized security standards (SSL) to protect it against misuse by third parties.

In addition, certain Internet pages that are not generally accessible require personal authorization with an individual user ID and password in order to be able to access the data relating to their respective business area.

You have the possibility to cancel your user account at any time. In this case, your data will be deleted, unless we are obliged to keep it for reasons of commercial or tax law. The legal basis for the processing of the data is Art. 6 section 1 lit. a DSGVO, if you have given your consent. If the registration serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 section 1 lit. b DSGVO.
3..Why is your personal data collected?


We process the data provided by you exclusively for the intended purpose, on the basis of Art. 6 section 1 lit. f DSGVO. You decide which personal data we receive and for what purpose we may process it. The data will only be passed on to third parties within the framework of mandatory legal regulations or under the conditions mentioned under 5.

4. When is your personal data collected?


The DSGVO always requires your consent as the basis of legitimacy for the processing of personal data, unless other admissibility requirements specified in Article 6 of the DSGVO are met. Personal data will only be collected and processed during and after your visit to the Internet with your express consent. This consent or declaration of consent can be revoked at a later date at any time with future effect without giving reasons to the ALTE LEIPZIGER - HALLESCHE Group. Our contact details can be found in the impressum of our website.
5. To whom are your personal data made accessible?
Our employees have access to your data when they process and manage your affairs. They are obliged to observe data secrecy. This means that they may only process personal data for the purpose of fulfilling their respective legitimate duties and that this obligation continues after the end of their employment. The obligation also extends to the observance of banking secrecy, telecommunications secrecy, business and trade secrecy and professional secrecy in accordance with § 203 StGB. Our employees have been informed in detail about data protection regulations and have been instructed about the criminal consequences of violations. Insofar as personal data is made available to other group companies on the basis of common data systems of the ALTE LEIPZIGER - HALLESCHE Group or is passed on to third parties for the purpose of the proper fulfillment of contractual relationships or due to organizational processing, they are obligated to maintain data secrecy and strict compliance with data protection regulations.

Insofar as data is processed by external service providers within the scope of order processing, these are not considered third parties under data protection law. With regard to data processing, they are nevertheless obliged to comply with the provisions of Art. 28 DSGVO and are subject to our right to issue instructions. Personal data will only be passed on to intermediaries for the purpose of processing your inquiries or to support and advise you on insurance matters. Every agent is legally and contractually obliged to observe the provisions of the DSGVO and the obligations of confidentiality. Health data will only be passed on after their prior consent. You will be informed of the agent responsible for your care. If his activity for our company ends (e.g. by termination of the brokerage contract or by leaving the company), the company will reorganize your support; you will be informed accordingly. Otherwise, personal data will only be passed on to third parties in the narrow cases prescribed by law or if you have given us your express permission to do so.

In the above-mentioned cases of passing on your personal data to third parties, we naturally respect your right to object to this at any time.

We only pass on data to service providers within the EU in the context of order processing. We only allow your data to be processed in a third country if the special requirements of Art. 44 ff. DSGVO are fulfilled. The data may then only be processed on the basis of special guarantees, such as the EU Commission's officially recognized determination of a level of data protection corresponding to that of the EU or compliance with officially recognized special contractual obligations, the so-called "standard contractual clauses". We require U.S. service providers to use these standard clauses or to comply with the "privacy shield", the data protection agreement negotiated between the European Union and the United States (
6. What happens to your personal data after collection?


The legislator has standardized a wide range of obligations and periods of storage for personal data. After these periods have expired, the corresponding data is routinely deleted. If data is not affected by this, it is deleted when the purposes mentioned under No. 3 cease to apply. If data has been passed on to other bodies in a permissible manner, they will be informed of this and advised of the obligation to delete it. Insofar as deletion is contrary to legal, statutory or contractual retention periods or the deletion conflicts with the interests of the person concerned that merit protection, such data will be blocked. Data is blocked by marking stored personal data in order to restrict its further processing or use.

In this respect, the stored personal data is regularly checked to determine whether it is still necessary for the specific purpose of storage.

7. What rights do you have with regard to your personal data?


7.1 Rights on information

You have the right to receive information free of charge about the data stored about you. On request, we will provide you with information about your personal data in writing - also online if you wish - to the extent permitted by law. This information includes in particular whether personal data has been stored. If this is the case, the information extends to the processing purposes, the categories of personal data processed, the data recipients, the storage period, the origin of the data and the reference to existing rights (see following sections). If an automated decision making process exists, information must be provided on the logic involved, the scope and the intended consequences of the processing for the data subject The right of access can only be exercised by the data subject himself and exclusively with regard to data collected, processed or used by him. 

7.2 Right of Rectification

If the personal data processed are incorrect or incomplete, the data subject shall have the right to rectify or complete them.

7.3 Right to erasure ("right to be forgotten")

Under the conditions stated in Article 17 DSGVO (§ 35 BDSG) you can request the deletion of personal data. Accordingly, personal data must be deleted if, among other things, the purpose of processing no longer applies, the data has been processed unlawfully or the previously granted consent is revoked. The precondition for this is, however, that the deletion is not contrary to public interests or legal obligations. If we have made public the personal data concerning you and we are obliged to delete them, we will take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested them to delete all links to these personal data or copies or replications of these personal data.

7.4 Right to limit processing

If the person concerned by the processing of his personal data disputes the accuracy of the data, he has the right to request a restriction of the processing for the duration of the verification. This also applies if the processing was carried out unlawfully and the data subject refuses the deletion. A further case of application arises if the purpose of processing no longer applies, but legal claims still stand in the way of deletion. After a processing restriction has been imposed, the data subject must be informed before the restriction is lifted. If you have any further questions regarding the processing of your personal data, you can contact the contact point listed under 9.2 at any time, in particular our company data protection officer.

7.5 Right to data transferability

Every person concerned, has the right to obtain from the person, responsible for the processing of his personal data, the data relating to him, which he has previously made available to the responsible person, in a structured, standard and machine-readable format, and to have it transmitted to another responsible person. Where technically possible, direct transfer from one responsible person to another may also be obtained.

7.6 Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is carried out on the basis of Art. 6 paragraph 1 lit. e or f DSGVO. If we process your data for the purpose of direct advertising, you may object to the processing of your data for the purpose of such advertising at any time if reasons arise from your particular situation that speak against data processing.

7.7 Automated decisions in individual cases including profiling

You have the right, not to be subject to a decision based solely on automated processing - including profiling - which has legal effect on you or which significantly affects you in a similar way. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and us, is permitted by law or is made with your express consent.

7.8 Right to appeal to a supervisory authority

You have the right to complain to a supervisory authority, in particular in the member state of your residence, your place of work or the place of the suspected violation, if you believe that the processing of personal data concerning you is in violation of the DSGVO.

8. Which technical and organizational measures do we take to protect your personal data?
In order to be able to guarantee protection of your personal data against unauthorized or abusive knowledge and alteration in line with technological development and organizational possibilities, we use SSL encryption for data transmission via our Internet pages.

Furthermore, the data processing network of the ALTE LEIPZIGER - HALLESCHE Group is protected by a firewall system according to the current state of the art from and to the outside. This ensures sufficient access, entry and access control to protect your inventory, usage and content data against manipulation, loss and destruction.

Data security is an important concern for us, which we ensure by continuous support of the systems used and by qualified personnel. In particular, we adapt our protective measures to further developed or new reliable security systems according to our possibilities. In this respect, we reserve the right to make changes and additions. In view of the many risks associated with the use of the Internet, there can be no completely unlimited security.
9. How do we ensure compliance with data protection regulations and other relevant legislation?

9.1 Monitoring

 The ALTE LEIPZIGER - HALLESCHE Group undertakes to comply with the above-mentioned principles of data protection and data security as described. We regularly monitor compliance with these data protection principles within the Group and their conformity with the requirements of data protection law. In addition, we ensure, both through our company data protection officer and our internal organization, that personal data is only used to the extent permitted by law.

However, the ALTE LEIPZIGER - HALLESCHE Group reserves the right to change these data protection principles if necessary. We will indicate the status of the changes or revision at the beginning of our data protection declaration.

9.2 Data Protection Officer, Information and Complaints Office in the Group

If you have any further questions, please do not hesitate to contact the ALTE LEIPZIGER - HALLESCHE Group, which will be happy to assist you with its expert team.

As contact person for data protection, you can also contact the responsible data protection officer, who is not bound by instructions in the fulfilment of his duties. His tasks include in particular monitoring compliance with the DSGVO and other regulations on data protection. You can contact our data protection officer at the e-mail address or

10. How is your data handled when using an online application?

The ALTE LEIPZIGER - HALLESCHE Group also offers various applications for you online (e.g. video consulting, software application [Apps]). In addition to the general data protection provisions, the following provisions apply to these applications.

When you visit our websites, data about the websites you visit are generated by the web server and sent to the web browser/app and stored (so-called web cookies). This is done in order to optimize and further develop the web applications and to constantly improve our communication with you according to your usage behavior. Only data that originates from you and that you generate yourself during your communication with the respective server is collected. Web cookies are not hidden and can be viewed by the user. Other data is not spied out. Personal data is not stored. Your privacy remains protected.

10.1 What is stored in cookies?

In order to improve the quality and security of our service, we store for statistical purposes the data about each access to the pages of our online applications that your browser/app transmits whenever you visit the website/app. These server logs include information such as your web request/usage request, your IP address, browser type, browser language, date and time of your request and one or more cookies that can uniquely identify your browser, general information such as when errors occur, and information from security events (change password, password recovery, change email address, change cell phone number) as required for use. The IP address is stored in a shortened form in accordance with data protection regulations.

When you visit our website, as well as in the course of providing services, the website sends one or more cookies to your computer or other terminal device, which uniquely identifies the browser. We use cookies to improve the quality of the website, including for storing user preferences and tracking user trends. We may place one or more cookies in your browser when you visit the website or subsites. You can set your browser to notify you when a cookie is sent. This gives you the opportunity to either accept or reject a cookie. The information we collect and analyze is used to improve services and the website, to personalize the web experience, and to allow easy login with persistent login cookies.

We use the services of third parties to evaluate the effectiveness of our Apps and the Services and to determine how you use the App and/or the Services. For this purpose, we may use web beacons on the App pages that third parties provide to our analysis systems for this purpose. The information we collect includes, for example, the number of pages visited, navigation patterns and similar data. This statistically collected data enables us to find out which services within the app are most interesting to users and which offers users prefer to view. Although the provider logs the data coming from our website on our behalf, we have control over how this data may or may not be used. The cookie itself contains no personal data. Even if you provide personal data (such as your user ID) when you visit the website and do not delete the cookie from your browser after providing this data, the provider only collects the non-personal data stored in the cookie (such as the number of visits) and stores it anonymously.

When you visit our websites, a cookie notice is displayed to inform users that cookies are being set. If you confirm this message, the cookie will be set in your browser for one year and you will no longer see the cookie message. To be able to assign the geographical origin of the visitor, the IP address is checked. Neither the IP address nor any other personal data is stored in this step. We use CookieConsent from Silktide Insites for this service. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.

10.2 Avoidance/deletion of cookies

Most browsers accept cookies, but it is possible to set the browser to refuse all cookies. However, you can delete cookies at any time. 

Of course you can object to the use of our cookies and also the cookies of third parties at any time by setting your Internet browser so that it does not accept cookies. Please refer to the help function of your Internet browser for details. We would like to point out, however, that in this case it may not be possible for the app/services to function properly. 

10.3 Use of the "visitor action pixel" of Facebook

To evaluate and support online marketing activities, we use the "visitor action pixel" of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Facebook is certified under the Privacy Shield Agreement and thus offers a sufficient guarantee to comply with European data protection law. The Facebook pixel enables us to track users' actions after they have seen or clicked on a Facebook advertisement. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which we will inform you about according to our state of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's Data Usage Policy ( You can enable Facebook and its partners to place advertisements on and outside of Facebook. A cookie may also be stored on your computer for these purposes. Please change your ad settings on Facebook if you wish to withdraw your consent ( This consent may only be given by users who are older than 13 years. If you are younger, please ask your legal guardian for advice. 

10.4 Use of Facebook Website Custom Audiences

On our website we also use communication tools of the social network Facebook, especially the remarketing or "custom audience" function. This feature allows us to target visitors to our website with targeted advertising by displaying personalized, interest-based ads to visitors to our website when they visit Facebook. Facebook uses so-called cookies to perform the analysis of website usage, which forms the basis for the creation of interest-based advertisements. For this purpose, Facebook stores a small file with a sequence of numbers in the browsers of visitors to our website. This number is used to record visits to the website as well as anonymized data on the use of the website. No personal data of website visitors is stored.

If you no longer wish to receive interest-based advertising within Facebook, you can change your settings in your Facebook account. To do so, please follow the instructions under the link

We use the data processing described under 10.3 and 10.4 because of our legitimate interest in the analysis, optimization and economic operation of our website in accordance with Art. 6 para. 1 lit f DSGVO.

10.5 Use of Google Adwords conversion tracking

We use the online advertising program "Google AdWords" and within Google AdWords the conversion tracking. Google Conversion Tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies expire after 30 days and are not used for personal identification.

If you visit certain pages on our site and the cookie has not expired, Google and we may recognize that you have clicked on the ad and been directed to that page. Each Google AdWords customer receives a different cookie. As a result, there is no way that cookies can be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted in to conversion tracking. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking, which tells them the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you may opt-out of this use by preventing the installation of cookies through an appropriate setting in your browser software (deactivation option). You will then not be included in the conversion tracking statistics. You can find further information and the Google privacy policy at,

10.6 Use of the remarketing or "Similar Target Groups" feature of Google Inc.

The provider uses on the website the remarketing or "similar target groups" function of Google Inc. ("Google"). This feature allows the provider to target visitors to the website with advertisements by displaying personalized, interest-based ads to visitors to the provider's website when they visit other websites in the Google Display Network. Google uses cookies to help the website analyze how users use the site, which is the basis for creating interest-based advertisements. For this purpose, Google stores a small file with a sequence of numbers in the browsers of the visitors to the website. This number is used to record visits to the website and anonymous data on the use of the website. There is no storage of personal data of the visitors of the website. If you visit another website in the Google Display Network, you will be shown advertisements that most likely include previously visited product and information areas. You can permanently deactivate the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: Alternatively, you can opt-out of third party cookie use by visiting the Network Advertising Initiative opt-out page at and following the opt-out instructions provided there. Further information about Google Remarketing and Google's privacy policy can be found at:

The data processing described under 10.5 and 10.6 takes place for users of a Google account exclusively on the basis of the consent given to Google, which you can also revoke at Google. The legal basis results from Art. 6 Para. 1 lit. a DSGVO. In the case of data collection processes that are not merged in your Google Account (e.g. because you do not have a Google Account or have objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.

10.7 Web analysis by Webtrends

We use Webtrends Analytics, a web analysis service on our website. Webtrends uses so-called "cookies", text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie (including your IP address) about your use of this website is stored exclusively on servers of the ALTE LEIPZIGER - HALLESCHE Group. No data is transferred to servers of Webtrends. We set Webtrends on the basis of our legitimate interests in the analysis of our website in terms of Art. 6 para. 1 lit. f. DSGVO. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

10.8 Use of Google Analytics

The website uses Google Analytics, a network analysis service provided by Google, Inc. ("Google"). Google Analytics uses "cookies". These are text files that are installed on your computer and contribute to the analysis of the website with regard to its use by the user. The data stored by the cookies about your use of the website is transferred to Google and stored on its servers in the United States.

If IP anonymization is activated on this website, your IP address will be shortened in the member states of the European Union or with other contracting parties in the European Economic Area. Only in exceptional cases will the entire IP address first be transferred to a Google server in the USA and shortened there. IP anonymization is active on this website. Google will use this information on behalf of the website provider to evaluate your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The IP address that your browser transmits within Google Analytics is not combined with any other data held by Google. You can refuse the use of cookies by adjusting your browser settings accordingly. Please note, however, that you may not be able to use all functions of this website.

You can also opt-out of Google Analytics tracking for the future by downloading and installing the Google Analytics Opt-out Browser Add-on for your current web browser (click here

10.9 Web analysis service Matomo

1. Scope of the processing of personal data
Some of our websites use Matomo (formerly Piwik), an open source software for statistical analysis of visitor access. Matomo uses cookies, which are stored on your computer and which enable an anonymized analysis of your use of the website. It is not possible to draw conclusions about a specific person, as your IP address is anonymized immediately after processing and before storage.
2 Legal basis for the processing of personal data
The legal basis for the processing of personal data using cookies is Art. 6 section 1 letter f DSGVO.
3. Purpose of data processing
Matomo is used for the purpose of improving the quality of our website and its contents. Thereby we learn how the website is used and can optimize our offer constantly.
4. duration of storage, possibility of objection and removal
The cookies used by Matomo are stored on the user's computer and transmitted by the user to our site. Therefore you as a user have full control over the use of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. On the corresponding web pages you can disagree to the storage and evaluation of this data by Matomo by clicking the indicated opt-out links. In this case a so-called opt-out cookie will be permanently stored in your browser, which causes Matomo not to collect any data for storage and evaluation. However, if you delete this cookie intentionally or unintentionally, the disagreement against the data storage and evaluation is also removed and can be renewed via the above mentioned link.
Alternatively, most modern browsers have a so-called "Do Not Track" option, by which they tell websites not to track your user activities. Matomo respects this option.


All data stored on Facebook can be requested. Your request will be sent to Facebook. If an request occurs, we will research the user data for our site. You must do the same from your page. We will then send the request to Facebook via the link (

11.1 Social Bookmarks

 So-called social bookmarks (e.g. from Facebook, Google, Twitter and Xing) are integrated on our website. Social bookmarks are Internet bookmarks that allow users of such services to collect links and news items. These are only integrated on our website as links to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective data protection regulations of the providers.

11.2 Social plugins (Facebook, Twitter, Google+)

So-called "Social Plugins" are used on our websites. Currently these are the plugins of the services Facebook, Twitter, Google+. Via these plugins, data, including personal data, can be sent to the US service providers and used by them if necessary.

11.3 Shariff protection tool

The ALTE LEIPZIGER - HALLESCHE Group itself does not collect any personal data by means of the social plugins or through their use. To prevent data from being transferred to service providers in the USA without the user's knowledge, we use the so-called Shariff solution. This solution ensures that initially no personal data is passed on to the providers of the individual social plug-ins when you visit our websites. Only when you click on one of the social plugins can data be transferred to the service provider and stored there.


Einwilligungs- und Schweigepflichtentbindungserklärung

Erklärung ALTE LEIPZIGER mit Risikoprüfung (German)

Erklärung ALTE LEIPZIGER ohne Risikoprüfung (German)

Erklärung ALTE LEIPZIGER Sach zur Unfallversicherung (German)

Declaration HALLESCHE Krankenversicherung (English)

Service provider

In common terminology, the term "service provider" is used when tasks are transferred to external persons or companies. The Federal Data Protection Act distinguishes between the following two constellations:

  • Contract data processing

The service provider carries out the tasks assigned to him as far as possible without any independent decision-making scope (e.g. data media/file destruction companies, telephone customer service, printing/inserting and dispatch, IT service provider).
In these cases, the Federal Data Protection Act (BDSG) states that the service provider is only regarded as an extended arm of the insurer: From a legal point of view, the data remains with the client.

  • Transfer of functions

The tasks are carried out by the service provider to a large extent or even completely independently.
Here, data is transferred to "third parties" in accordance with the BDSG. This always takes place when it is an original insurance function that cannot be carried out by us, mostly for reasons of independence. The data transfer necessary for this purpose may be carried out if this is necessary to protect the legitimate interests of the insurance company and there is no reason to assume that an overriding interest of the insurance customer worthy of protection conflicts with this.

If health data are also affected when personal data are transferred to service providers, insurance customers give their consent to this by signing the application form (and, if applicable, in the course of processing claims or benefits). Reference is also made to the "List of service providers", which provides information on the current status of the service providers commissioned by us (the current version can be found on our Internet address under "Datenschutz").

In the "Code of Conduct" (short: CoC -- "Rules of Conduct for the Handling of Personal Data by the German Insurance Industry"), the data protection supervisory authorities of the federal states together with the German Insurance Association and the Federation of German Consumer Organisations have once again listed the data protection standards in a comprehensible and comprehensive manner. Article 21 CoC deals with the obligations for commissioned data processing and Article 22 CoC describes the transfer of functions.

In contrast to commissioned data processing, Article 22 CoC provides that the data subject may contradict the transfer of functions. In this case, the insurer must then objectively examine whether the interest of the person concerned that is worthy of protection outweighs the legitimate interest of the insurance company in implementing the insurance. However, the contradiction can also lead to the continuation of the insurance contract being impaired, or to the fact that the processing of claims or benefits cannot be accomplished.


Dienstleisterliste ALTE LEIPZIGER (German)

List of service providers HALLESCHE

Rules of conduct for the handling of personal data

The General Association of the German Insurance Industry (GDV) with its member companies was the first professional association to make use of the opportunity to draw up rules of conduct which promote the implementation of data protection regulations. This was done in close cooperation with the data protection supervisory authorities and with the involvement of the Federation of German Consumer Organisations. (vzbv).

With their accession on 1 January 2014, the insurance companies in the ALTE LEIPZIGER-HALLESCHE Group have recognised the "Code of Conduct for the Handling of Personal Data by the German Insurance Industry" (Code of Conduct) as binding.

On the basis of the Code of Conduct, an industry-wide data protection standard has been established for the first time. The provisions of the Federal Data Protection Act on the establishment, implementation and termination of insurance contracts are specified in more detail. Data protection and data security concerns are taken into account beyond the legally required level.

This creates transparency for the individual and legal certainty for the insurance industry.

The full text of the Code of Conduct can be found here in German.