Privacy

The following privacy policy provides an overview of the collection and processing of personal data.

We respect and protect your privacy, regardless of whether you are a customer, potential customer or visitor to our website. What does this mean in real terms when it comes to your personal data?

This privacy policy details what data are processed when you contact us over the Internet. It applies to the health insurance and healthcare fund of SBK Siemens-Betriebskrankenkasse – these are referred to below as ‘SBK’.

It also provides you with information on the processing of your data in line with the legal standards that came into effect on 25 May 2018 (Article 13ff. GDPR). This privacy policy gives you a quick and easy overview of which personal and social security data we collect from you and what we do with them. Additionally, it describes your rights under the data protection laws and who you can contact if you have any questions.

Privacy policy for the SBK homepage

We hope to provide you with comprehensive information about the products and services of SBK through our website and our newsletters.

The protection of your personal data is very important to us. The following privacy policy provides you with an overview of when we store data and the purposes for which they are collected and processed.

As a public body, we are subject to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the special provisions concerning the protection of social security data of the books of the German Social Code (SGB), especially Books I, V, X, XI and XII. Our adherence to the statutory provisions is verified on a regular basis.

Your consent to the processing of data

Your data from your visit to the website will not be collected, processed or used automatically without your express consent. Your IP address is stored in server log files for 30 days. However, we cannot access them and as such, they cannot be associated with an individual. We will store your personal data if you expressly provide us with them. This might be in one of the following cases:

  • you register for the personal portal ‘My SBK’;
  • you order brochures;
  • you subscribe to our newsletter;
  • you participate in competitions or
  • you contact us using the contact form.

Each input screen on the website describes which data are collected, stored and used. Fields marked as optional are voluntary.

Use and disclosure of your data

If you provide us with your data, we will only use them for the original purpose, e.g. in order to respond to queries or send the newsletter. Your data will not be passed on to third parties without your consent. Data are only passed on to third parties in line with mandatory statutory regulations or if the disclosure is necessary for the purposes of litigation or prosecution in the event of an attack on our network infrastructure.

We have our external service providers sign a contractual undertaking to adhere to the provisions concerning the protection of social security data. To this end, we enter into a legally required data processing contract in the sense of Article 28 GDPR in conjunction with Section 80 of Book X of the German Social Code (SGB). As the client, we inspect the protection of your personal data prior to the start of the data processing, and then regularly monitor compliance with the technical and organisational measures implemented by the contractor.

Whenever you provide personal data, your data will be encrypted before they are transmitted over the Internet in order that they cannot be accessed by unauthorised parties.

Persons under the age of 15 should not provide us with any personal data without the permission of their parents or guardians.

Newsletter

You can subscribe to our employer newsletter on our website. You require a valid email address in order to receive the newsletter. You are not obliged to provide your name or surname. You will then receive a confirmation email in which you will be required to confirm your subscription to the newsletter (the opt-in process). The data you provide will be used exclusively for the purposes of sending the newsletter. We will not share any information with third parties. You can unsubscribe from the newsletter at any time by clicking on this link.

When you open the SBK newsletter and the personal informational email and click on other links, these actions will be logged for statistical purposes. These data are only used once anonymised in order to optimise our newsletters with regard to the interests of our visitors. These data cannot be used to carry out a personal analysis.

Use of cookies

A cookie is a small text file containing information which is installed on the browser of the visitor. Cookies cause no damage to your computer. They serve to make our website more user-friendly and effective. You can configure your browser to notify you of the installation of cookies, to only allow specific cookies, to block cookies in certain cases or in general and to delete cookies automatically when you close your browser window. Deactivating cookies might limit the features of this website.

We use session cookies in some parts of our website. They become invalid automatically at the end of your visit.

Necessary cookies

These cookies ensure the basic functions of the SBK website so that you can use it. These functions include, for example, site navigation, the processing of forms and access to your personal online self-service branch Meine SBK.

Survey participation: to check whether you have participated in a website survey or do not wish to participate, a cookie called ‘ucsurvey’ is used, which expires after 30 days. The cookie prevents the survey from being displayed again for one month.

Statistic cookies

SBK web pages use Matomo web analysis software for the statistical analysis of visitor access activities. Software cookies are used for this purpose. When you first visit an SBK web page, you have the option to agree to enable Matomo for the entire SBK website.

By consenting to the use of statistic cookies, you are helping us continuously improve our website through the analysis of anonymous statistics. The legal basis for this is Article 6(1)(a) GDPR. This data cannot be analysed in connection to any particular person.

Matomo is configured in compliance with data protection laws. The information collected by cookies on the use of the website is stored on SBK servers in Germany. Your IP address is anonymised as soon as it has been processed and before it is stored. The information generated by the cookie on your use of SBK web pages is not shared with third parties.

You can deactivate the collection of data by Matomo here:

External services

Cookies may be set or comparable technologies from external services may be used if you have given us your consent for this. The legal basis is Articl 6(1)(a) GDPR. This refers to:

Google Maps: our web pages use Google Maps, a map service provided by Google Ireland Ltd (‘Google’) in order to display locations. The use of this technology means that information on how you use this website (e.g. your IP address) may be transmitted to Google and stored there. Cookies are also set by the service. By using this website, you consent to the collection, processing and use of the automatically collected data and the data you provide by Google, a representative of Google or a third-party provider. You can find Google’s privacy policy and terms of service at https://policies.google.com/

Monotype: our web pages use web fonts provided by Monotype Imaging Holdings Inc. (‘Monotype’) for the uniform display of fonts. Your browser loads the necessary web fonts in the browser cache when a page is accessed, in order to display text in the correct font. For licensing reasons, Monotype also records an anonymised project identification number for SBK, the web address of the licensed website and a referrer URL. Your IP address is also transmitted to a Monotype service provider in order to log access to the fonts and prevent unauthorised use. These IP addresses are not shared with Monotype, stored or otherwise processed. Monotype’s privacy policy can be found at https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy

UmfrageOnline: To display surveys, we use the UmfrageOnline service provided by enuvo GmbH, Seefeldstraße 25, 8008 Zurich, Switzerland (‘UmfrageOnline’). When you take part in a survey, data is record using cookies with your consent, in order to allow for unrestricted use of the survey. Furthermore, when you participate in a survey, information on how you use this website (e.g. your IP address) may be transmitted to Google and stored there. Survey responses are checked and administered by SBK. UmfrageOnline processes these only on our behalf. You can find UmfrageOnline’s data protection statement at https://www.umfrageonline.com/datenschutz

YouTube: our web pages use the YouTube service provided by Google Ireland Ltd (‘Google’) to display videos. The use of this technology means that with your prior consent, information on how you use this website (e.g. your IP address) may be transmitted to Google and stored there. Cookies are also set by the service. By using this website, you consent to the collection, processing and use of the automatically collected data and the data you provide by Google, a representative of Google or a third-party provider. You can find Google’s privacy policy and terms of service at https://policies.google.com/

Data protection information for social media plugins

You can use a social plugin embedded on the SBK website in order to share content from the SBK website on a social network. These social plugins are provided as a service from each social media provider.

Data transmission

If you use a social media plug-in, data will be transmitted to the server of the social media provider in question if you have previously given your consent for this. The data that is transmitted is, for example, your IP address or the URL of the site you visited. The transmission takes place even if you are not registered with the social network in question. The collected data can be merged at a later date, e.g. if you register with the social network in the future.

Please note that our data protection guidelines and liability provisions do not apply to the websites of third-party providers to which our website contains links. SBK has no control over how the social media providers use your data. If you would like to know how each social media provider approaches data protection, please see their various privacy policies. Please see the links below for more information on the potential use of your data and the duration of storage:

Facebook, facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA

Twitter, Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Google+, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

LinkedIn , Ireland Unlimited Company, Wilton Place, Dublin 2, Irland

WhatsApp Inc., 1601 Willow Road Menlo Park, CA 94025

Links to other websites

We accept no responsibility for the content of websites to which our website contains links. If you believe that third-party websites to which our website contains links are in breach of the law or otherwise have inappropriate content, please let us know. We will follow up on your report immediately and remove the link if necessary.

Facebook competitions

For the purposes of communicating, implementing and processing the competition, personal data of the participants is processed by SBK (and especially stored). Once the winner has been determined and the prize issued, the data of all users involved in the competition is deleted. SBK will not transmit data to unauthorised third parties.

To set up, implement and process the competition, SBK processes the email address and name (first and surname) of the participant. When the winner has been determined, their address is also processed for the purpose of issuing the prize (sending it by post). This data will be deleted once the prize has been issued.

By reaching out in writing (post, fax or email), participants can at any time request information from SBK about what personal data pertaining to them is being stored by SBK, and can request that the data be corrected or deleted.

Objections to the use of data can be submitted to the following email address: social@sbk.org. If a user objects to the use of their data before the competition is complete (before the respective prize has been issued), that user can no longer take part in the competition. Any prize this user would have won in this case will be issued to a new winner (determined by drawing a winner from the group of respondents with the correct answers).

This promotion and the resulting prize is not affiliated with Facebook and is not sponsored, supported or organised by Facebook in any manner. The recipient of the information provided by the user is not Facebook, but rather Siemens-Betriebskrankenkasse (SBK). The information provided is used only for the promotion and is protected and treated as confidential as a matter of course. The provision of personal data is voluntary, but is required in order to participate in the promotion.

Please see the following link for more information on the potential use of your data and the duration of storage by Facebook: Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA 

Right to withdraw consent

If you have voluntarily provided us with consent to the storage and use of your personal data for a specific purpose, you can withdraw it at any time with future effect. The data in question will then be erased without undue delay.

If you would like to withdraw your consent to the use of your data, please send an email to widerruf@sbk.org.
 

Contact

If you have any questions or suggestions, please contact our data protection officer:

SBK
SBK-Pflegekasse
Vorstandsbeauftragter Datenschutz
Heimeranstraße 31
80339 München
Tel.: 089 62 700-280

Alternatively, use our online form for an encrypted data transfer:

Data protection contact form

When you use the contact form, please provide either your health insurance number or your address and phone number so that we are able to process your query. It goes without saying that we will only use these data to process your query and will delete them afterwards. Please note that messages (e.g. emails) are not encrypted when they are transmitted over the Internet. Therefore, it cannot be ruled out that information might be read, modified or deleted by unauthorised third parties. For this reason, we recommend that you use the forms on the SBK website as data in these are encrypted and transmitted securely.

Privacy policy for ‘My SBK’

The following privacy policy supplements the general privacy policy for the website www.sbk.org for the protected area ‘My SBK’ which can be used by SBK policyholders after they register for it separately. Unless provided for otherwise in this privacy policy, the general privacy policy applies.

SBK, as the controller in the sense of the data protection legislation, provides various online services through ‘My SBK’. SBK collects and processes certain personal data, described below, in order to provide the services in ‘My SBK’ and improve it. SBK uses these data in order to provide the services and features available through ‘My SBK’.

Registration

Separate registration is required in order to use ‘My SBK’. This registration requires your name, surname, policyholder number, date of birth, post code and email address. You will then be sent an initial password that you can replace with a password of your own choice. The security code required to use all of the features of ‘My SBK’ will then be posted to the address you used to register with SBK.

As part of a registration for ‘My SBK’, the following personal data will be stored in your personal area and can be accessed, supplemented and sometimes even modified by you:

  • Name and surname
  • SBK policyholder number
  • Address
  • Date of birth
  • Phone number(s)
  • Fax number (s)
  • Email address
  • Pension insurance number
  • Any jointly insured family members

Use of personal data

SBK collects other data as part of specific online services (e.g. uploading photos for the electronic health insurance card) within ‘My SBK’. These data are collected and processed in line with the statutory remit of SBK which is supported by a service provider that is obliged to maintain the secrecy of personal data.

Prevention of misuse and guaranteed traceability

In order to prevent the misuse of your personal access to SBK and ensure the necessary traceability, which is also in your interests, the following procedures are logged:

  1. The registration procedure
  2. All log-ins
  3. All failed log-in attempts
  4. Each transaction initiated

    The user ID, date, time, identification type and a transaction code are all logged.

    Use of cookies and analytics tools

    The use of cookies and analytics tools is detailed in the general privacy policy for the SBK website.

    Deletion of your account

    If you no longer wish to use ‘My SBK’, you can delete your account at any time. In this case, the personal data collected specifically for ‘My SBK’ will be deleted unless any statutory rights or duties of retention would prevent this on a case-by-case basis.

    Contact

    If you have any questions or suggestions, please contact our data protection officer:

    SBK
    SBK-Pflegekasse
    Vorstandsbeauftragter Datenschutz
    Heimeranstraße 31
    80339 München
    Tel.: 089 62 700-280

    Alternatively, use our online form for an encrypted data transfer:

    Data protection contact form

    When you use the contact form, please provide either your health insurance number or your address and phone number so that we are able to process your query. It goes without saying that we will only use these data to process your query and will delete them afterwards. Please note that messages (e.g. emails) are not encrypted when they are transmitted over the Internet. Therefore, it cannot be ruled out that information might be read, modified or deleted by unauthorised third parties. For this reason, we recommend that you use the forms on the SBK website as data in these are encrypted and transmitted securely.

    Important information

    Social security data in emails?

    Generally speaking, unencrypted emails are like a postcard. We therefore recommend that you do not send any sensitive data by email.

    As a rule, we do not respond to queries involving sensitive data by email, rather by post or through your online inbox in ‘My SBK’. We can provide the information you require in this protected area. Do you no longer have an account with ‘My SBK’? No problem. Click here to register for the secure service.

    We recommend that you use your private account for email correspondence with SBK.

    Warning regarding fraudulent calls

    Recently, there have been numerous cases involving people posing as employees of a health insurer or claiming to be acting on behalf of a health insurer calling policyholders.

    In the calls, the fraudsters ask for the account details of the policyholder under false pretences, for example a payment from a bonus scheme.

    In other cases, fraudsters have asked for the policyholder’s address details, allegedly in order to send them information about supplementary insurance policies, and then signed them up to a supplementary insurance policy and demanded payment.

    We cannot conceive of the schemes the fraudsters will think up next.

    Please note:

    Neither SBK nor your SBK customer advisor will ever phone you and ask for your data.

    What can you do if you receive such a call?

    • The only correct response is not to provide any data and hang up immediately.
    • If you have already provided account details before you hang up, we can only advise that you monitor your account activity and object to any charges that you cannot remember making.
    • If you provided address details and receive what appears to be a concluded policy with a demand for payment, we recommend that you do not pay initially and seek legal advice immediately, e.g. from a consumer protection agency or a lawyer.
    • If the calls become more frequent or more relentless, you can attempt to have the phone number blocked and consult a consumer protection agency.

    Controller

    The contact details of SBK, the controller, are as follows:

    SBK Siemens-Betriebskrankenkasse
    Heimeranstr. 31
    80339 München

    Tel.: 0800 072 572 572 50

    Mail: info@sbk.org

    Data protection officer

    The data protection officer appointed by the management of SBK and the data protection team can be contacted as follows:

    Post:

    SBK Siemensbetriebskrankenkasse
    SBK Pflegekasse
    Datenschutz
    Heimeranstr. 31
    80339 München

    Email:

    datenschutz@sbk.org

    or

    using the data protection contact form

    data protection contact form

    What are personal data?

    Data are personal or relate to a person if they can be associated with a specific natural person unequivocally. They include, for example, information such as your name, date of birth, address, personal email address, health insurance number and phone number.

    European lawmakers have defined it in a slightly more complex manner (Article 4 no. 1 GDPR):

    ‘For the purposes of this Regulation, “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’

    What are social security data?

    Social security data are personal data that are processed a statutory health insurance fund (such as SBK), for example, in connection with their duties under the German Social Code (SGB). Therefore, the data listed above are also social security data.

    Trade and company secrets are equivalent to social security data. They include all data relating to a business or business operations, including of legal entities, that are of a confidential nature.

    Legislators have provided the following definition in the German Social Code (Section 67(2) SGB X):

    ‘Social security data are personal data (Article 4(1) GDPR) that are processed by an entity referred to in Section 35 of Book I in connection with its duties under this Code. Trade and company secrets are all business-related data, including those concerning natural persons, which are of a confidential nature.’

    What does data processing mean?

    When we process personal data and social security data, this means that we collect, store, use, transmit or erase them, for example.

    This is defined as follows by the European General Data Protection Regulation (Article 4 no. 4 GDPR):

    For the purposes of this Regulation, ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    What legal grounds are there for data processing and for what purpose do we process your data?

    We process personal data and social security data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Social Code (SGB).

    The specific purpose of the processing is determined by the following breakdown of the legal grounds.

    If we process data having been granted consent, we will describe the purpose before asking for any consent from you.

    Change of purpose

    In deviation from the purposes and legal grounds described above, we can use your data for other purposes without being obliged to notify you in advance (i.e. a change of purpose) if the following criteria are met:

    1. The measure is in accordance with Section 82(2) SGB X.
    2. Other legal grounds permit the change of purpose and do not establish an obligation to notify you.
    3. We have your express consent.
    4. The data are pseudonymised.

    Legal grounds:

    At SBK, your data are processed on legal grounds.

    The legal grounds are set out by the various books of the German Social Code (SGB), especially Book I (General Part), Book IV (General Rules for Social Security), Book V (Statutory Health Insurance) and Book X (Social and Administrative Procedures and Protection of Social Data).

    Specifically, we process data on the following legal grounds:

    SBK health insurance fund

    1. Preservation, restoration and improvement of the health standards of its policyholders (Section 1 SGB V)
    2. Financing of benefits and other expenditure through the collection of contributions from employers and members (Section 3 SGB V)
    3. Setting up the insurance contract and membership, including the data required for initiating an insurance contract (Section 284(1) no. 1 SGB V)
    4. Issuance of the voucher and the electronic health card (Section 284(1) no. 2 SGB V)
    5. Establishing the obligation to contribute and the contributions, responsibility for the contributions and payment of the contributions (Section 284(1) no. 3 SGB V)
    6. Assessment of the obligation to pay and provide benefits to the policy holder, including the requirements for benefit restrictions, determination of co-payment status and carrying out of cost reimbursements, reimbursements of contributions and determination of the limit (Section 284(1) no. 4 SGB V)
    7. Assisting the policy holder in the event of malpractice (Section 284(1) no. 4 SGB V)
    8. Assumption of treatment costs in accordance with Section 264 SGB V (Section 284(1) no. 6 SGB V)
    9. Involvement of the German Health Insurance
      Medical Service (MDK) (Section 284(1) no. 7 SGB V)
    10. Settlement with care providers, including checking the lawfulness and plausibility of the invoice (Section 284(1) no. 8 SGB V)
    11. Monitoring of the cost-effectiveness of the provision of benefits (Section 284(1) no. 9 SGB V)
    12. Settlement with other funding agencies (Section 284(1) no. 10 SGB V)
    13. Settlement of claims for reimbursement or compensation (Section 284(1) no. 11 SGB V)
    14. Preparation, agreement and execution of remuneration agreements in the sense of Section 87a SGB V (Section 284(1) no. 12 SGB V)
    15. Preparation and execution of pilot projects, care management in accordance with Section 11(4) SGB V, contracts for integrated forms of care and for the outpatient provision of highly specialised services, including the execution of performance and quality audits, provided that contracts have been concluded without involving the Association of Statutory Health Insurance Physicians (Kassenärztliche Vereinigung). (Section 284(1) no. 13 SGB V)
    16. Implementation of the risk adjustment scheme, as well as the preparation and implementation of structured treatment programmes, including recruiting policy holders to participate in these programmes (Section 284(1) no. 14 SGB V)
    17. Performance of discharge management in accordance with Section 39(1a) SGB V (Section 284(1) no. 15 SGB V)
    18. The selection of policyholders for measures in the sense of Section 44(4) line 1 SGB V and Section 39b SGB V as well as their implementation (Section 284(1) no. 16 SGB V)
    19. Monitoring of compliance with the contractual and legal duties of the providers of medical aids pursuant to Section 127(5a) SGB V (Section 284(1) no. 16a SGB V)
    20. The fulfilment of the duties of the health insurance funds as funding organisations pursuant to SGB IX (Section 284(1) no. 17 SGB V)
    21. Acquisition of new members (Section 284(4) SGB V)

    SBK healthcare fund

    1. Support of people in need of care who are reliant on assistance due to the severity of their need (Section 1(4) SGB XI)
    2. Financing of benefits and other expenditure through the collection of contributions from employers and members (Section 1(6) SGB XI)
    3. Setting up the insurance contract and membership (Section 94(1) no. 1 SGB XI)
    4. Establishing the obligation to contribute and the contributions (Section 94(1) no. 2 SGB XI)
    5. Assessment of the obligation to pay and provide benefits to the policy holder, as well as the settlement of claims for reimbursement or compensation (Section 94(1) no. 3 SGB XI)
    6. Involvement of the German Health Insurance
      Medical Service (MDK) (Section 94(1) no. 4 SGB XI)
    7. Settlement with care providers and cost reimbursement (Section 94(1) no. 5 SGB XI)
    8. Monitoring of the cost-effectiveness of the provision of benefits, including settlement and cost reimbursement (Section 94(1) no. 6 SGB XI)
    9. Conclusion and execution of daily rate agreements, remuneration agreements and service and quality agreements (Section 94(1) no. 7 SGB XI)
    10. Advice on participation as well as benefits and care aids (Section 94(1) no. 8 SGB XI)
    11. Coordination of care, care advice and fulfilment of duties in the care advice centres (Section 94(1) no. 9 SGB XI)
    12. Statistical purposes (Section 94(1) no. 10 SGB XI)
    13. Assistance with the enforcement of claims for compensation (Section 94(1) no. 11 SGB XI)

    Please be aware of the obligations to cooperate set out in Section 60ff. SGB I in order that SBK is able to fulfil its legal duties. These obligations require you to provide SBK with certain personal data that are necessary for the fulfilment of the legal duties concerning you. Failure to cooperate on your part can result in delays or even the rejection of applications you file for benefits. Additionally, please be aware of your duties to provide SBK with information and notification pursuant to Section 28a SGB IV, Section 198ff. SGB V and Sections 50 and 100 SGB XI.

    These data expressly do not include voluntary details such as your phone number or email address. Your refusal to provide these data does not represent a breach of any duty to provide information, notification or cooperation and you will not suffer any negative repercussions.

    Your social security data that SBK processes are subject to the data protection regulations of Books I and X of the German Social Code (SGB) and the German Federal Data Protection Act (BDSG), as well as the General Data Protection Regulation (GDPR) from 25 May 2018. SBK ensures that the secrecy of social security data in the sense of Section 35 SGB I is maintained.

    Consent:

    Additionally, SBK can process data on the grounds of express declarations of consent pursuant to Article 6(1a) GDPR in conjunction with Section 67b(2) SGB X and the relevant statutory provisions in the specialised books of the German Social Code (Sections 39(1a), 39a, 44(4) of Books V and XI of the German Social Code (SGB)).

    For example, we will ask for your consent to data processing if we want to provide you with even better support and advice in a specific case. This requires your documented prior consent. In these specific cases, we will approach you, explain the sense and purpose of the necessary data processing to you and ask for your consent.

    You can also provide consent to a wide range of reasons to contact you (e.g. participation in customer satisfaction surveys or competitions). In each case, you will be notified in detail of what data we will process and how we will use them.

    All of these declarations of consent are voluntary. This means that you do not need to fear any repercussions if you do not wish to grant consent. Additionally, you can withdraw your consent at any time. For more information, see the section on your right to withdraw consent

    To ‘Your right to withdraw consent’

    What data concerning you do we process?

    (Types of stored data)

    We collect your personal data and social security data when you contact us, e.g. as a potential customer, policyholder, employer or business partner. In particular, this means when you are interested in our products, submit applications, visit our website, register for our online services or contact us by email or phone, or if you receive benefits from us or pay premiums to us as part of your insurance policy with SBK. Specifically, these are the following:

    Social security data of the policyholder

    Data concerning members and family members

    The following data concerning policyholders are stored:

    • Name and surname
    • Date of birth
    • Address
    • Phone number
    • Email address
    • Characteristic features (e.g. health insurance number)
    • Photograph
    • Place of birth
    • Family members
    • Bank details
    • Marital status
    • Gender
    • Nationality
    • Pension insurance number
    • Consents granted

    Membership data

    The following social security data are stored in connection with your membe

    • Standard qualifying periods
    • Start and end
    • Branch providing care
    • Characteristics of benefit payment (e.g. cost reimbursement, participation in special types of care)
    • Information on supplementary insurance policies

    Insurance policy data

    The following social security data are stored in connection with your insurance policy:

    • Type of insurance
    • Start and end
    • Reasons for notification
    • Employment details
    • Group/class of contributions
    • Remuneration / income / pension benefits
    • Data on exemption from contributions/insurance
    • Data on application for retirement / pension benefits
    • Employer / pay office

    Contribution data (only for direct payers)

    The following social security data are stored in connection with your premiums:

    • Nominal premium
    • Actual premium
    • Payer
    • Premium collection data
    • Dunning process data
    • Insolvency proceedings data

    Benefit data

    The following social security data are stored in connection with your benefits:

    • Type of benefit
    • Diagnosis
    • Characteristics of inpatient treatments
    • Characteristics of medication
    • Characteristics of medical devices
    • Prescribing doctor
    • Caregiver
    • Period / receipt of benefits
    • Costs
    • Data on suspensions, interruptions, breakdowns, discontinuation of benefits
    • Data on other funding agencies
    • Data on contractual benefits
    • Data concerning claims for reimbursement
    • Data concerning claims for compensation
    • Data on annuity entitlements
    • Own contributions / additional payments
    • Data on structured treatment programmes, integrated care, care management
    • Data concerning bonus schemes
    • Data on optional tariffs
    • When unemployment benefits are being paid and health and long-term care insurance contributions are being reimbursed: Tax identification number
    • Degree of care and further data on the benefits provided by the long-term care insurer

    Data on the caregiver

    The following social security data are stored in connection with the caregiver:

    • Master data:  
      Name, surname
      Date of birth
      Pension insurance number
      Address
      Phone number
      Email address
    • Start and end of the provision of care
    • Reasons for notification, periods
    • Data on the verification of compulsory old-age pension insurance
    • Data on benefit collection and payment to the old-age pension insurance provider
    • Qualification data
    • Data for statistical notifications pursuant to Section 109 SGB XI

    Data on the legal representative / carer

    The following social security data are stored in connection with your legal representative:

    • Name and surname
    • Address
    • Landline/mobile number
    • Email address
    • Power of attorney for healthcare / official order, as well as its content and time period

    Business partner data

    Data concerning employers and pay offices

    The following data concerning employers and pay offices are stored:

    • Name
    • Address
    • Phone number
    • Email address
    • Characteristics (e.g. employer number, company number)
    • Bank details
    • Nominal premium
    • Actual premium
    • Payer
    • Premium collection data
    • Dunning/insolvency process data
    • Institutions providing care
    • Audit data
    • Billing type data
    • Data on the implementation of the German Expense Compensation Act (AAG)

    Care provider data

    The following data concerning care providers are stored:

    • Name
    • Address
    • Phone number
    • Email address
    • Characteristic features (e.g. doctor registration number)
    • Professional qualification data

    Data on contractual partners and suppliers

    The following data concerning contractual partners and suppliers are stored:

    • Name
    • Address
    • Phone number
    • Email address
    • Characteristics (e.g. supplier number, institution number)
    • Bank details
    • Settlement data

    Social security data of other people

    Data on the recipient of the publication

    The following data are stored if publications are obtained:

    • Name and surname
    • Address or
    • email address if sent electronically
    • Characteristics (e.g. nature and scope of the publications)
    • Consents granted

    Data concerning potential customers

    The following data concerning potential customers are stored:

    • Name and surname
    • Address
    • Date of birth
    • Phone number
    • Email address
    • Employer
    • Consents granted

    Data concerning visitors to our website

    The following data concerning website visitors are stored:

    • IP address

    Automated decision-making (Article 22 GDPR)

    We do not use fully automated individual decision-making in order to conclude and execute insurance policies.

    Who receives your data?

    Within SBK, your data are made available to the people who need them in order to carry out their assignments. We guarantee this, for example, by using the latest software to manage your data. The software meets the requirements of the General Data Protection Regulation. For example, this includes the requirement that it must be possible to configure the software so that the employees of SBK are only able to access the data necessary for their specific fields of activity.

    SBK transmits social security data to the following recipients in line with the statutory regulations of the German Social Code (SGB) or other regulations:

    • Deutsche Rentenversicherung and the German Federal Employment Agency,
    • German Social Accident Insurance on a case-by-case basis
    • financial institutions within the context of payment traffic,
    • the German Federal (Social) Insurance Office for the health fund,
    • your tax office through the Central Allowance Authority for State Subsidised Pensions (ZfA) if reports have to be submitted in line with the provisions of the German Income Tax Act (EStG),
    • the German Health Insurance  
      Medical Service (MDK) as part of medical examinations,
    • Employers and pay offices,
    • Caregivers,
    • Authorities tasked with combating the misuse of benefits, moonlighting and illegal employment,
    • Police authorities, the public prosecution department, courts and danger prevention authorities for their duties or in order to prevent planned crimes or carry out criminal proceedings,
    • Protection of the constitution, the German Federal Intelligence Service and the Military Counterintelligence Service for domestic and foreign security,
    • Authorities as part of requests for information following infringements of maintenance obligations and for pension adjustments
    • External contractors in the sense of Article 28 GDPR and Section 80 SGB X:
      • IT service providers
        Your data are stored in a specially secured environment within a certified data processing centre.
        The data processing centre of SBK is
        BITMARCK Holding GmbH
        www.bitmarck.de
      • Other IT service providers for the
        • provision of IT and telecommunications services, e.g.
        • Provision of hardware and software
        • Telecommunications
        • Advice and support
        • Maintenance and support
      • File and data media destroyers
        Disposal of files and data media
      • Service providers for advertising and market analysis
        • Customer satisfaction survey
        • Market research
        • Marketing measures
      • Letter shops, post and parcel delivery services, printers
        • Generation and sending of informative material
        • Printing services
        • Email newsletters
      • Digitisation service providers
        • SBK app
      • Card manufacturers and trust centres
        • eGK
      • Billing service providers
        • Inspection of invoices of care providers, e.g. pharmacies and medical aid providers

    HOWEVER: Under no circumstances will we sell your data to third parties.

    Processing in a third country

    SBK processes your personal data and social security data in Germany. Generally speaking, this also applies to the service providers we use. In justified cases, data can be lawfully transmitted to member states of the EU or EEA.

    Data are not transmitted to countries outside of the EU or EEA including Switzerland, also known as third countries.

    Duration of storage

    The social security data are stored and erased in line with the requirements of Sections 110a SGB IV, Section 304 SGB V Section 107 SGB XI and of the General Administrative Regulation on Accounting in Social Security (SRVwV).

    Maximum or, if no regulations apply, social security data are only stored for as long as necessary for the purposes for which they were collected.

    What rights do you have (rights of the data subject)?

    In line with our commitment to transparency, it goes without saying that we guarantee and protect your rights.

    Every data subject has the

    • right to access information (Article 15 GDPR);
    • right to rectification (Article 16 GDPR);
    • right to erasure (Article 17 GDPR);
    • right to restriction of processing (Article 18 GDPR);
    • right to data portability (Article 20 GDPR);
    • right to object (Article 21 GDPR), and
    • right to lodge a complaint with a supervisory authority (Article 77 GDPR).

    Right to information

    You are entitled, at any time, to demand that we provide you with information on the following:

    • the purpose of our processing of data;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    • the right to lodge a complaint with a supervisory authority;
    • where the personal data are not collected from the data subject, any available information as to their source;
    • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

    Your right to access information is restricted if the information would adversely affect the rights and freedoms of others.

    As we have to process a wide range of data in connection with your insurance, please make any request for information as precise as possible and indicate the information or processing to which your request for information relates.

    Our ‘right to information’ form is the fastest way to request information from us.

    Requests for access to information

    Simply fill in the form and send it securely. You will be sent the information as quickly as possible.

    If you do not want this, please understand that we can only accept requests for access to information that are in writing (and signed by your own hand).

    Right to rectification

    If you determine that the data concerning you are incorrect or incomplete, you are entitled to their rectification or supplementation. To exercise this right, please contact your customer advisor and provide us with the documents supporting your conclusion that will enable us to examine your request.

    We will handle your request as quickly as possible and notify you of the outcome and any other necessary steps.

    Right to be forgotten (erasure)

    We have to store your social security data in line with statutory requirements in order to fulfil our legal duties.

    You are entitled to obtain the erasure of the data where one of the following grounds applies:

    • the social security data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the statutory storage deadlines have expired (see ‘Duration of storage’);
    • the social security data have been unlawfully processed;
    • you withdraw your consent to the use of specific data and there are no other legal grounds for their processing (e.g. storage periods). For more information about withdrawing consent, see here.

    To ‘Your right to withdraw consent’

    Right to restriction of processing

    You are entitled to demand that SBK restrict processing where one of the following applies:

    • You contest the accuracy of your social security data. The restriction applies for a period enabling the SBK to verify the accuracy of the social security data,
    • the processing is unlawful and you oppose the erasure of the social security data and request the restriction of their use instead;
    • SBK no longer needs the social security data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims and you notify SBK of this before the expiry of the deadlines for erasure.
    • the social security data cannot be erased due to the special mode of storage or if erasure would involve a disproportionate effort.

    For example, the processing of social security data can be restricted by means of blocking which will prevent employees of SBK from accessing them.

    Right to withdraw consent

    Any consent you give to the use of personal data relating to you may be revoked at any time. The withdrawal of consent applies to the future. We will erase your personal data in accordance with the statutory deadlines for erasure. The data will no longer be used after you withdraw your consent.

    Please post your notice of withdrawal of consent to SBK 80227 Munich or email it to widerruf@sbk.org.

    You can also withdraw consent through ‘My SBK’. Do you no longer have an account with ‘My SBK’? No problem, click here to register securely and, once you have access to ‘My SBK’, view consents you have granted and withdraw them with future effect.

    Right to data portability

    You are entitled to receive the personal data and social security data that you have provided to us in a portable format.

    If you change insurer, the health insurance funds will transmit the data necessary to continue your insurance policy to one another in line with Section 304(2) SGB V. You are not required to do anything.

    Right to lodge a complaint

    You are entitled to lodge a complaint with the supervisory authority of SBK if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.

    The relevant supervisory authorities are:

    4. SBK video consultation

    Privacy policy for the SBK video consultation

    In an SBK video consultation you receive competent and personal advice.

    The protection of your personal data is very important to us. The following privacy policy provides you with an overview of when we store data and the purposes for which it is collected and processed.

    As a public body, we are subject to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the special provisions concerning the protection of social security data of the books of the German Social Code (SGB), especially Books I, V, X, XI and XII. Our adherence to the statutory provisions is verified on a regular basis.
     

    Your consent to the processing of data

    Your data from the video consultation will not be collected, processed or used automatically without your express consent.

    You would ideally provide your consent to SBK for processing data from the video consultation, which is conducted in Cisco Webex Meetings, in the SBK video consultation form online. We will store your personal data if you expressly provide us with this data.

    Each input screen on the SBK video consultation form online describes which data is collected, stored and used. Fields marked as optional are voluntary additional information.

    Furthermore, you also confirm that you will not take any screenshots or photos or make any other recordings of images and sound transmitted during the video consultation. You agree not to pass on images and sound from the video consultation to third parties, nor will you distribute, publish or otherwise repurpose this information. If you fail to comply with these requirements, SBK reserves the right to exclude you from participating in the SBK video consultation temporarily or permanently and to take legal action.

    Use and disclosure of your data

    If you provide us with your data, we will only use this data for the original purpose of arranging your appointment and conducting the video consultation. Your data will not be passed on to unauthorised third parties without your consent. Data is only passed on without consent in line with mandatory statutory regulations or if the disclosure is necessary for the purposes of litigation or prosecution in the event of an attack on our network infrastructure.

    We have our external service providers sign a contractual undertaking to adhere to the provisions concerning the protection of social security data. To this end, we enter into a legally required data processing contract in the sense of Article 28 GDPR in conjunction with Section 80 of Book X of the German Social Code (SGB). As the client, we inspect the protection of your personal data prior to the start of the data processing, and then regularly monitor compliance with the technical and organisational measures implemented by the contractor.

    Whenever you provide personal data, your data will be encrypted before it is transmitted over the internet so that it cannot be accessed by unauthorised parties.

    Persons under the age of 15 should not provide us with any personal data without the permission of their parents or guardians.

    What data concerning you do we process?

    (Types of stored data)

    We collect your personal data and social security data as part of the video consultation with you, e.g. as a prospective client, customer, employer or business partner. Specifically, these are the following:

    Social security data of the customer/prospective client

    The following data concerning customers is stored:

    • Form of address (optional)
    • Surname, first name
    • Date of birth
    • Telephone number (optional)
    • Email address
    • Health insurance number (optional)
    • Desired appointment (date, time)
    • Reason for the consultation
    • Comment (optional)
    • Consents granted

    Additional data processed

    • Password (registration and login with password optional)
    • Browser
    • Profile picture (optional)
    • Unique user ID (UUID)
    • IP address
    • User agent identifier
    • Hardware type
    • Operating system and version
    • Client version
    • IP addresses along the network
    • MAC address of your client (as applicable)
    • Service version
    • Actions taken
    • Geographical region
    • Meeting information (date, time, frequency, average and actual duration, quantity, quality, network activities and network connections)
    • Number of meetings
    • Number of meetings with and without screen sharing
    • Number of participants
    • Screen resolution
    • Performance, troubleshooting and error diagnostics
    • Meeting host information (host name, ID, meeting site URL, start and end time)
    • Meeting title
    • Participant information (email address, IP address, user name, telephone number, room device information)

    Right to withdraw consent

    If you have voluntarily provided us with consent to the storage and use of your personal data for a specific purpose, you can withdraw it at any time with future effect. The data in question will then be erased without undue delay.

    If you would like to withdraw your consent to the use of your data, please send an email to widerruf@sbk.org.

    Contact

    If you have questions specifically about data protection, which your personal consultant was unable to answer, please reach out to our Data Protection Officer:

    SBK
    SBK-Pflegekasse
    Vorstandsbeauftragter Datenschutz
    Heimeranstr. 31
    80339 Munich, Germany
    Tel.: 089 62 700-280
    datenschutz@sbk.org

    Alternatively, use our online form for encrypted data transfer: data protection contact form

    When you use the contact form, please provide either your health insurance number or your address and phone number so that we are able to process your query. It goes without saying that we will only use this data to process your query and will delete it afterwards. Please note that messages (e.g. emails) are not encrypted when they are transmitted over the internet. Therefore, it cannot be ruled out that information might be read, modified or deleted by unauthorised third parties. For this reason, we recommend that you use the forms on the SBK website as this data is then encrypted and transmitted securely.