Privacy

The following privacy policy provides an overview of the collection and processing of personal data.

We respect and protect your privacy, regardless of whether you are a customer, potential customer or visitor to our website. What does this mean in real terms when it comes to your personal data?

This privacy policy details what data are processed when you contact us over the Internet. It applies to the health insurance and healthcare fund of SBK Siemens-Betriebskrankenkasse – these are referred to below as ‘SBK’.

It also provides you with information on the processing of your data in line with the legal standards that came into effect on 25 May 2018 (Article 13ff. GDPR). This privacy policy gives you a quick and easy overview of which personal and social security data we collect from you and what we do with them. Additionally, it describes your rights under the data protection laws and who you can contact if you have any questions.

1. Privacy policy

  • Privacy policy for the SBK
  • Privacy policy for ‘My SBK’
  • 2. Important information

  • Social security data in emails?
  • Warning regarding fraudulent calls
  • 3. Information on the processing of your data

  • Controller
  • Data protection officer
  • What are personal data?
  • What are social security data?
  • What does data processing mean?
  • What legal grounds are there for data processing and for what purpose do we process your data?
  • What data concerning you do we process? (Types of stored data)
  • Automated decision-making
  • Who receives your data?
  • Processing in a third country
  • Duration of storage
  • What rights do you have (rights of the data subject)?
  • Right to information
  • Right to rectification
  • Right to be forgotten (erasure)
  • Right to restriction of processing
  • Right to withdraw consent
  • Right to data portability
  • Right to lodge a complaint
  • Privacy policy for the SBK homepage

    We hope to provide you with comprehensive information about the products and services of SBK through our website and our newsletters.

    The protection of your personal data is very important to us. The following privacy policy provides you with an overview of when we store data and the purposes for which they are collected and processed.

    As a public body, we are subject to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the special provisions concerning the protection of social security data of the books of the German Social Code (SGB), especially Books I, V, X, XI and XII. Our adherence to the statutory provisions is verified on a regular basis.

    Your consent to the processing of data

    Your data from your visit to the website will not be collected, processed or used automatically without your express consent. Your IP address is stored in server log files for 30 days. However, we cannot access them and as such, they cannot be associated with an individual. We will store your personal data if you expressly provide us with them. This might be in one of the following cases:

  • you register for the personal portal ‘My SBK’;
  • you order brochures;
  • you subscribe to our newsletter;
  • you participate in competitions or
  • you contact us using the contact form.
  • Each input screen on the website describes which data are collected, stored and used. Fields marked as optional are voluntary.

    Use and disclosure of your data

    If you provide us with your data, we will only use them for the original purpose, e.g. in order to respond to queries or send the newsletter. Your data will not be passed on to third parties without your consent. Data are only passed on to third parties in line with mandatory statutory regulations or if the disclosure is necessary for the purposes of litigation or prosecution in the event of an attack on our network infrastructure.

    We have our external service providers sign a contractual undertaking to adhere to the provisions concerning the protection of social security data. To this end, we enter into a legally required data processing contract in the sense of Article 28 GDPR in conjunction with Section 80 of Book X of the German Social Code (SGB). As the client, we inspect the protection of your personal data prior to the start of the data processing, and then regularly monitor compliance with the technical and organisational measures implemented by the contractor.

    Whenever you provide personal data, your data will be encrypted before they are transmitted over the Internet in order that they cannot be accessed by unauthorised parties.

    Persons under the age of 15 should not provide us with any personal data without the permission of their parents or guardians.

    Newsletter

    You can subscribe to our employer newsletter on our website. You require a valid email address in order to receive the newsletter. You are not obliged to provide your name or surname. You will then receive a confirmation email in which you will be required to confirm your subscription to the newsletter (the opt-in process). The data you provide will be used exclusively for the purposes of sending the newsletter. We will not share any information with third parties. You can unsubscribe from the newsletter at any time by clicking on this link.

    When you open the SBK newsletter and the personal informational email and click on other links, these actions will be logged for statistical purposes. These data are only used once anonymised in order to optimise our newsletters with regard to the interests of our visitors. These data cannot be used to carry out a personal analysis.

    Use of cookies

    We use session cookies in some parts of our website. They become invalid automatically at the end of your visit. From 10 March 2017 onwards, we will use a cookie known as ‘ucsurvey’ for a website survey; the cookie will expire in 30 days. The cookie prevents the survey from being displayed again for one month. A cookie is a small text file containing information which is installed on the browser of the visitor. Cookies cause no damage to your computer and do not contain viruses. They serve to make our website more user-friendly and effective. You can configure your browser to notify you of the installation of cookies, to only allow specific cookies, to block cookies in certain cases or in general and to delete cookies automatically when you close your browser window. Deactivating cookies might limit the features of this website.

    Use of the analytics service Matomo

    This website uses Matomo to statistically evaluate visits in order to improve the website of SBK. These data cannot be used to carry out a personal analysis. Matomo is configured so as to be consistent with the data protection legislation and uses cookies. The information on the use of the website generated by the cookie is stored on the server of SBK in Germany. The IP address is anonymised as soon as it has been processed and before it is stored. The information on your use of the website generated by the cookie is not shared with third parties.

    You can deactivate the collection of data by Matomo here:

    Links to other websites

    We accept no responsibility for the content of websites to which our website contains links. If you believe that third-party websites to which our website contains links are in breach of the law or otherwise have inappropriate content, please let us know. We will follow up on your report immediately and remove the link if necessary.

    Data protection information for social media plugins

    You can use a social plugin embedded on the SBK website in order to share content from the SBK website on a social network. These social plugins are provided as a service from each social media provider.

    Data transmission

    When you activate such a social plugin by clicking on it, data will be transmitted to the server of that social media provider, e.g. your IP address or the URL of the page you are visiting. The transmission takes place even if you are not registered with the social network in question. The collected data can be merged at a later date, e.g. if you register with the social network in the future.

    Please note that our data protection guidelines and liability provisions do not apply to the websites of third-party providers to which our website contains links. SBK has no control over how the social media providers use your data. If you would like to know how each social media provider approaches data protection, please see their various privacy policies. Please see the links below for more information on the potential use of your data and the duration of storage:

    Facebook, facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA

    Twitter, Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

    Google+, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

    Google Maps

    For the purposes of finding branches, this website uses the Google Maps API, a map service provided by Google Inc. (‘Google’) in order to display the branches of SBK. The use of this technology means that information on how you use this website (e.g. your IP address) might be transmitted to the provider of the solution and stored there. By using this website, you consent to the collection, processing and use of the automatically collected data and the data you provide by Google, a representative of Google or a third-party provider. The Terms of Service of Google Maps are available at Terms of Service of Google Maps.

    Activation and deactivation of social plugins

    By clicking on the fields of each social media provider to activate them, you consent to the use of each social plugin and acknowledge the data protection information. The button will then turn green.

    You can terminate your use of each social media plugin at any time by clicking on the social plugin again. The button will then turn grey. This will block the transfer of any more data to the social media provider.

    Naturally, you can make full use the SBK website even if you do not activate the social plugins.

    Right to withdraw consent

    If you have voluntarily provided us with consent to the storage and use of your personal data for a specific purpose, you can withdraw it at any time with future effect. The data in question will then be erased without undue delay.

    If you would like to withdraw your consent to the use of your data, please send an email to widerruf@sbk.org.

    Contact

    If you have any questions or suggestions, please contact our data protection officer:

    SBK
    SBK-Pflegekasse
    Vorstandsbeauftragter Datenschutz
    Heimeranstraße 31
    80339 München
    Tel.: 089 62 700-280

    Alternatively, use our online form for an encrypted data transfer:

    Data protection contact form

    When you use the contact form, please provide either your health insurance number or your address and phone number so that we are able to process your query. It goes without saying that we will only use these data to process your query and will delete them afterwards. Please note that messages (e.g. emails) are not encrypted when they are transmitted over the Internet. Therefore, it cannot be ruled out that information might be read, modified or deleted by unauthorised third parties. For this reason, we recommend that you use the forms on the SBK website as data in these are encrypted and transmitted securely.

    Back to overview

    Privacy policy for ‘My SBK’

    The following privacy policy supplements the general privacy policy for the website www.sbk.org for the protected area ‘My SBK’ which can be used by SBK policyholders after they register for it separately. Unless provided for otherwise in this privacy policy, the general privacy policy applies.

    SBK, as the controller in the sense of the data protection legislation, provides various online services through ‘My SBK’. SBK collects and processes certain personal data, described below, in order to provide the services in ‘My SBK’ and improve it. SBK uses these data in order to provide the services and features available through ‘My SBK’.

    Registration

    Separate registration is required in order to use ‘My SBK’. This registration requires your name, surname, policyholder number, date of birth, post code and email address. You will then be sent an initial password that you can replace with a password of your own choice. The security code required to use all of the features of ‘My SBK’ will then be posted to the address you used to register with SBK.

    As part of a registration for ‘My SBK’, the following personal data will be stored in your personal area and can be accessed, supplemented and sometimes even modified by you:

  • Name and surname
  • SBK policyholder number
  • Address
  • Date of birth
  • Phone number(s)
  • Fax number (s)
  • Email address
  • Pension insurance number
  • Any jointly insured family members
  • Use of personal data

    SBK collects other data as part of specific online services (e.g. uploading photos for the electronic health insurance card) within ‘My SBK’. These data are collected and processed in line with the statutory remit of SBK which is supported by a service provider that is obliged to maintain the secrecy of personal data.

    Prevention of misuse and guaranteed traceability

    In order to prevent the misuse of your personal access to SBK and ensure the necessary traceability, which is also in your interests, the following procedures are logged:

  • The registration procedure
  • All log-ins
  • All failed log-in attempts
  • Each transaction initiated
  • The user ID, date, time, identification type and a transaction code are all logged.

    Use of cookies and analytics tools

    The use of cookies and analytics tools is detailed in the general privacy policy for the SBK website.

    Deletion of your account

    If you no longer wish to use ‘My SBK’, you can delete your account at any time. In this case, the personal data collected specifically for ‘My SBK’ will be deleted unless any statutory rights or duties of retention would prevent this on a case-by-case basis.

    Contact

    If you have any questions or suggestions, please contact our data protection officer:

    SBK
    SBK-Pflegekasse
    Vorstandsbeauftragter Datenschutz
    Heimeranstraße 31
    80339 München
    Tel.: 089 62 700-280

    Alternatively, use our online form for an encrypted data transfer:

    Data protection contact form

    When you use the contact form, please provide either your health insurance number or your address and phone number so that we are able to process your query. It goes without saying that we will only use these data to process your query and will delete them afterwards. Please note that messages (e.g. emails) are not encrypted when they are transmitted over the Internet. Therefore, it cannot be ruled out that information might be read, modified or deleted by unauthorised third parties. For this reason, we recommend that you use the forms on the SBK website as data in these are encrypted and transmitted securely.

    Back to overview

    Important information

    Social security data in emails?

    Generally speaking, unencrypted emails are like a postcard. We therefore recommend that you do not send any sensitive data by email.

    As a rule, we do not respond to queries involving sensitive data by email, rather by post or through your online inbox in ‘My SBK’. We can provide the information you require in this protected area. Do you no longer have an account with ‘My SBK’? No problem. Click here to register for the secure service.

    We recommend that you use your private account for email correspondence with SBK.

    Back to overview

    Warning regarding fraudulent calls

    Recently, there have been numerous cases involving people posing as employees of a health insurer or claiming to be acting on behalf of a health insurer calling policyholders.

    In the calls, the fraudsters ask for the account details of the policyholder under false pretences, for example a payment from a bonus scheme.

    In other cases, fraudsters have asked for the policyholder’s address details, allegedly in order to send them information about supplementary insurance policies, and then signed them up to a supplementary insurance policy and demanded payment.

    We cannot conceive of the schemes the fraudsters will think up next.

    Please note:

    Neither SBK nor your personal SBK consultant will ever phone you and ask for your data.

    What can you do if you receive such a call?

  • The only correct response is not to provide any data and hang up immediately.
  • If you have already provided account details before you hang up, we can only advise that you monitor your account activity and object to any charges that you cannot remember making.
  • If you provided address details and receive what appears to be a concluded policy with a demand for payment, we recommend that you do not pay initially and seek legal advice immediately, e.g. from a consumer protection agency or a lawyer.
  • If the calls become more frequent or more relentless, you can attempt to have the phone number blocked and consult a consumer protection agency.
  • Back to overview

    Controller

    The contact details of SBK, the controller, are as follows:

    SBK Siemens-Betriebskrankenkasse
    Heimeranstr. 31
    80339 München

    Tel.: 0800 072 572 572 50

    Mail: info@sbk.org

    Back to overview

    Data protection officer

    The data protection officer appointed by the management of SBK and the data protection team can be contacted as follows:

    Post:

    SBK Siemensbetriebskrankenkasse
    SBK Pflegekasse
    Datenschutz
    Heimeranstr. 31
    80339 München

    Email:

    datenschutz@sbk.org

    or

    using the data protection contact form

    data protection contact form

    Back to overview

    What are personal data?

    Data are personal or relate to a person if they can be associated with a specific natural person unequivocally. They include, for example, information such as your name, date of birth, address, personal email address, health insurance number and phone number.

    European lawmakers have defined it in a slightly more complex manner (Article 4 no. 1 GDPR):

    ‘For the purposes of this Regulation, “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’

    What are social security data?

    Social security data are personal data that are processed a statutory health insurance fund (such as SBK), for example, in connection with their duties under the German Social Code (SGB). Therefore, the data listed above are also social security data.

    Trade and company secrets are equivalent to social security data. They include all data relating to a business or business operations, including of legal entities, that are of a confidential nature.

    Legislators have provided the following definition in the German Social Code (Section 67(2) SGB X):

    ‘Social security data are personal data (Article 4(1) GDPR) that are processed by an entity referred to in Section 35 of Book I in connection with its duties under this Code. Trade and company secrets are all business-related data, including those concerning natural persons, which are of a confidential nature.’

    What does data processing mean?

    When we process personal data and social security data, this means that we collect, store, use, transmit or erase them, for example.

    This is defined as follows by the European General Data Protection Regulation (Article 4 no. 4 GDPR):

    For the purposes of this Regulation, ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    Back to overview

    What legal grounds are there for data processing and for what purpose do we process your data?

    We process personal data and social security data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Social Code (SGB).

    The specific purpose of the processing is determined by the following breakdown of the legal grounds.

    If we process data having been granted consent, we will describe the purpose before asking for any consent from you.

    Change of purpose

    In deviation from the purposes and legal grounds described above, we can use your data for other purposes without being obliged to notify you in advance (i.e. a change of purpose) if the following criteria are met:

  • The measure is in accordance with Section 82(2) SGB X.
  • Other legal grounds permit the change of purpose and do not establish an obligation to notify you.
  • We have your express consent.
  • The data are pseudonymised.
  • Legal grounds:

    At SBK, your data are processed on legal grounds.

    The legal grounds are set out by the various books of the German Social Code (SGB), especially Book I (General Part), Book IV (General Rules for Social Security), Book V (Statutory Health Insurance) and Book X (Social and Administrative Procedures and Protection of Social Data).

    Specifically, we process data on the following legal grounds:

    SBK health insurance fund

  • Preservation, restoration and improvement of the health standards of its policyholders (Section 1 SGB V)
  • Financing of benefits and other expenditure through the collection of contributions from employers and members (Section 3 SGB V)
  • Setting up the insurance contract and membership, including the data required for initiating an insurance contract (Section 284(1) no. 1 SGB V)
  • Issuance of the voucher and the electronic health card (Section 284(1) no. 2 SGB V)
  • Establishing the obligation to contribute and the contributions, responsibility for the contributions and payment of the contributions (Section 284(1) no. 3 SGB V)
  • Assessment of the obligation to pay and provide benefits to the policy holder, including the requirements for benefit restrictions, determination of co-payment status and carrying out of cost reimbursements, reimbursements of contributions and determination of the limit (Section 284(1) no. 4 SGB V)
  • Assisting the policy holder in the event of malpractice (Section 284(1) no. 4 SGB V)
  • Assumption of treatment costs in accordance with Section 264 SGB V (Section 284(1) no. 6 SGB V)
  • Involvement of the German Health Insurance
    Medical Service (MDK) (Section 284(1) no. 7 SGB V)
  • Settlement with care providers, including checking the lawfulness and plausibility of the invoice (Section 284(1) no. 8 SGB V)
  • Monitoring of the cost-effectiveness of the provision of benefits (Section 284(1) no. 9 SGB V)
  • Settlement with other funding agencies (Section 284(1) no. 10 SGB V)
  • Settlement of claims for reimbursement or compensation (Section 284(1) no. 11 SGB V)
  • Preparation, agreement and execution of remuneration agreements in the sense of Section 87a SGB V (Section 284(1) no. 12 SGB V)
  • Preparation and execution of pilot projects, care management in accordance with Section 11(4) SGB V, contracts for integrated forms of care and for the outpatient provision of highly specialised services, including the execution of performance and quality audits, provided that contracts have been concluded without involving the Association of Statutory Health Insurance Physicians (Kassenärztliche Vereinigung). (Section 284(1) no. 13 SGB V)
  • Implementation of the risk adjustment scheme, as well as the preparation and implementation of structured treatment programmes, including recruiting policy holders to participate in these programmes (Section 284(1) no. 14 SGB V)
  • Performance of discharge management in accordance with Section 39(1a) SGB V (Section 284(1) no. 15 SGB V)
  • The selection of policyholders for measures in the sense of Section 44(4) line 1 SGB V and Section 39b SGB V as well as their implementation (Section 284(1) no. 16 SGB V)
  • Monitoring of compliance with the contractual and legal duties of the providers of medical aids pursuant to Section 127(5a) SGB V (Section 284(1) no. 16a SGB V)
  • The fulfilment of the duties of the health insurance funds as funding organisations pursuant to SGB IX (Section 284(1) no. 17 SGB V)
  • Acquisition of new members (Section 284(4) SGB V)
  • SBK healthcare fund

  • Support of people in need of care who are reliant on assistance due to the severity of their need (Section 1(4) SGB XI)
  • Financing of benefits and other expenditure through the collection of contributions from employers and members (Section 1(6) SGB XI)
  • Setting up the insurance contract and membership (Section 94(1) no. 1 SGB XI)
  • Establishing the obligation to contribute and the contributions (Section 94(1) no. 2 SGB XI)
  • Assessment of the obligation to pay and provide benefits to the policy holder, as well as the settlement of claims for reimbursement or compensation (Section 94(1) no. 3 SGB XI)
  • Involvement of the German Health Insurance
    Medical Service (MDK) (Section 94(1) no. 4 SGB XI)
  • Settlement with care providers and cost reimbursement (Section 94(1) no. 5 SGB XI)
  • Monitoring of the cost-effectiveness of the provision of benefits, including settlement and cost reimbursement (Section 94(1) no. 6 SGB XI)
  • Conclusion and execution of daily rate agreements, remuneration agreements and service and quality agreements (Section 94(1) no. 7 SGB XI)
  • Advice on participation as well as benefits and care aids (Section 94(1) no. 8 SGB XI)
  • Coordination of care, care advice and fulfilment of duties in the care advice centres (Section 94(1) no. 9 SGB XI)
  • Statistical purposes (Section 94(1) no. 10 SGB XI)
  • Assistance with the enforcement of claims for compensation (Section 94(1) no. 11 SGB XI)
  • Please be aware of the obligations to cooperate set out in Section 60ff. SGB I in order that SBK is able to fulfil its legal duties. These obligations require you to provide SBK with certain personal data that are necessary for the fulfilment of the legal duties concerning you. Failure to cooperate on your part can result in delays or even the rejection of applications you file for benefits. Additionally, please be aware of your duties to provide SBK with information and notification pursuant to Section 28a SGB IV, Section 198ff. SGB V and Sections 50 and 100 SGB XI.

    These data expressly do not include voluntary details such as your phone number or email address. Your refusal to provide these data does not represent a breach of any duty to provide information, notification or cooperation and you will not suffer any negative repercussions.

    Your social security data that SBK processes are subject to the data protection regulations of Books I and X of the German Social Code (SGB) and the German Federal Data Protection Act (BDSG), as well as the General Data Protection Regulation (GDPR) from 25 May 2018. SBK ensures that the secrecy of social security data in the sense of Section 35 SGB I is maintained.

    Consent:

    Additionally, SBK can process data on the grounds of express declarations of consent pursuant to Article 6(1a) GDPR in conjunction with Section 67b(2) SGB X and the relevant statutory provisions in the specialised books of the German Social Code (Sections 39(1a), 39a, 44(4) of Books V and XI of the German Social Code (SGB)).

    For example, we will ask for your consent to data processing if we want to provide you with even better support and advice in a specific case. This requires your documented prior consent. In these specific cases, we will approach you, explain the sense and purpose of the necessary data processing to you and ask for your consent.

    You can also provide consent to a wide range of reasons to contact you (e.g. participation in customer satisfaction surveys or competitions). In each case, you will be notified in detail of what data we will process and how we will use them.

    All of these declarations of consent are voluntary. This means that you do not need to fear any repercussions if you do not wish to grant consent. Additionally, you can withdraw your consent at any time. For more information, see the section on your right to withdraw consent

    To ‘Your right to withdraw consent’

    Back to overview

    What data concerning you do we process?

    (Types of stored data)

    We collect your personal data and social security data when you contact us, e.g. as a potential customer, policyholder, employer or business partner. In particular, this means when you are interested in our products, submit applications, visit our website, register for our online services or contact us by email or phone, or if you receive benefits from us or pay premiums to us as part of your insurance policy with SBK. Specifically, these are the following:

    Social security data of the policyholder

    Data concerning members and family members

    The following data concerning policyholders are stored:

  • Name and surname
  • Date of birth
  • Address
  • Phone number
  • Email address
  • Characteristic features (e.g. health insurance number)
  • Photograph
  • Place of birth
  • Family members
  • Bank details
  • Marital status
  • Gender
  • Nationality
  • Pension insurance number
  • Consents granted
  • Membership data

    The following social security data are stored in connection with your membe

  • Standard qualifying periods
  • Start and end
  • Branch providing care
  • Characteristics of benefit payment (e.g. cost reimbursement, participation in special types of care)
  • Information on supplementary insurance policies
  • Insurance policy data

    The following social security data are stored in connection with your insurance policy:

  • Type of insurance
  • Start and end
  • Reasons for notification
  • Employment details
  • Group/class of contributions
  • Remuneration / income / pension benefits
  • Data on exemption from contributions/insurance
  • Data on application for retirement / pension benefits
  • Employer / pay office
  • Contribution data (only for direct payers)

    The following social security data are stored in connection with your premiums:

  • Nominal premium
  • Actual premium
  • Payer
  • Premium collection data
  • Dunning process data
  • Insolvency proceedings data
  • Benefit data

    The following social security data are stored in connection with your benefits:

  • Type of benefit
  • Diagnosis
  • Characteristics of inpatient treatments
  • Characteristics of medication
  • Characteristics of medical devices
  • Prescribing doctor
  • Caregiver
  • Period / receipt of benefits
  • Costs
  • Data on suspensions, interruptions, breakdowns, discontinuation of benefits
  • Data on other funding agencies
  • Data on contractual benefits
  • Data concerning claims for reimbursement
  • Data concerning claims for compensation
  • Data on annuity entitlements
  • Own contributions / additional payments
  • Data on structured treatment programmes, integrated care, care management
  • Data concerning bonus schemes
  • Data on optional tariffs
  • When unemployment benefits are being paid and health and long-term care insurance contributions are being reimbursed: Tax identification number
  • Degree of care and further data on the benefits provided by the long-term care insurer
  • Data on the caregiver

    The following social security data are stored in connection with the caregiver:

  • Master data:  
    Name, surname
    Date of birth
    Pension insurance number
    Address
    Phone number
    Email address
  • Start and end of the provision of care
  • Reasons for notification, periods
  • Data on the verification of compulsory old-age pension insurance
  • Data on benefit collection and payment to the old-age pension insurance provider
  • Qualification data
  • Data for statistical notifications pursuant to Section 109 SGB XI
  • Data on the legal representative / carer

    The following social security data are stored in connection with your legal representative:

  • Name and surname
  • Address
  • Landline/mobile number
  • Email address
  • Power of attorney for healthcare / official order, as well as its content and time period
  • Business partner data

    Data concerning employers and pay offices

    The following data concerning employers and pay offices are stored:

  • Name
  • Address
  • Phone number
  • Email address
  • Characteristics (e.g. employer number, company number)
  • Bank details
  • Nominal premium
  • Actual premium
  • Payer
  • Premium collection data
  • Dunning/insolvency process data
  • Institutions providing care
  • Audit data
  • Billing type data
  • Data on the implementation of the German Expense Compensation Act (AAG)
  • Care provider data

    The following data concerning care providers are stored:

  • Name
  • Address
  • Phone number
  • Email address
  • Characteristic features (e.g. doctor registration number)
  • Professional qualification data
  • Data on contractual partners and suppliers

    The following data concerning contractual partners and suppliers are stored:

  • Name
  • Address
  • Phone number
  • Email address
  • Characteristics (e.g. supplier number, institution number)
  • Bank details
  • Settlement data
  • Social security data of other people

    Data on the recipient of the publication

    The following data are stored if publications are obtained:

  • Name and surname
  • Address or
  • email address if sent electronically
  • Characteristics (e.g. nature and scope of the publications)
  • Consents granted
  • Data concerning potential customers

    The following data concerning potential customers are stored:

  • Name and surname
  • Address
  • Date of birth
  • Phone number
  • Email address
  • Employer
  • Consents granted
  • Data concerning visitors to our website

    The following data concerning website visitors are stored:

  • IP address
  • Back to overview

    Automated decision-making (Article 22 GDPR)

    We do not use fully automated individual decision-making in order to conclude and execute insurance policies.

    Back to overview

    Who receives your data?

    Within SBK, your data are made available to the people who need them in order to carry out their assignments. We guarantee this, for example, by using the latest software to manage your data. The software meets the requirements of the General Data Protection Regulation. For example, this includes the requirement that it must be possible to configure the software so that the employees of SBK are only able to access the data necessary for their specific fields of activity.

    SBK transmits social security data to the following recipients in line with the statutory regulations of the German Social Code (SGB) or other regulations:

  • Deutsche Rentenversicherung and the German Federal Employment Agency,
  • German Social Accident Insurance on a case-by-case basis
  • financial institutions within the context of payment traffic,
  • the German Federal (Social) Insurance Office for the health fund,
  • your tax office through the Central Allowance Authority for State Subsidised Pensions (ZfA) if reports have to be submitted in line with the provisions of the German Income Tax Act (EStG),
  • the German Health Insurance  
    Medical Service (MDK) as part of medical examinations,
  • Employers and pay offices,
  • Caregivers,
  • Authorities tasked with combating the misuse of benefits, moonlighting and illegal employment,
  • Police authorities, the public prosecution department, courts and danger prevention authorities for their duties or in order to prevent planned crimes or carry out criminal proceedings,
  • Protection of the constitution, the German Federal Intelligence Service and the Military Counterintelligence Service for domestic and foreign security,
  • Authorities as part of requests for information following infringements of maintenance obligations and for pension adjustments
  • External contractors in the sense of Article 28 GDPR and Section 80 SGB X:
    • IT service providers
      Your data are stored in a specially secured environment within a certified data processing centre.
      The data processing centre of SBK is
      BITMARCK Holding GmbH
      www.bitmarck.de
    • Other IT service providers for the
      • provision of IT and telecommunications services, e.g.
      • Provision of hardware and software
      • Telecommunications
      • Advice and support
      • Maintenance and support
    • File and data media destroyers
      Disposal of files and data media
    • Service providers for advertising and market analysis
      • Customer satisfaction survey
      • Market research
      • Marketing measures
    • Letter shops, post and parcel delivery services, printers
      • Generation and sending of informative material
      • Printing services
      • Email newsletters
    • Digitisation service providers
      • SBK app
    • Card manufacturers and trust centres
      • eGK
    • Billing service providers
      • Inspection of invoices of care providers, e.g. pharmacies and medical aid providers
  • HOWEVER: Under no circumstances will we sell your data to third parties.

    Back to overview

    Processing in a third country

    SBK processes your personal data and social security data in Germany. Generally speaking, this also applies to the service providers we use. In justified cases, data can be lawfully transmitted to member states of the EU or EEA.

    Data are not transmitted to countries outside of the EU or EEA including Switzerland, also known as third countries.

    Back to overview

    Duration of storage

    The social security data are stored and erased in line with the requirements of Sections 110a SGB IV, Section 304 SGB V Section 107 SGB XI and of the General Administrative Regulation on Accounting in Social Security (SRVwV).

    Maximum or, if no regulations apply, social security data are only stored for as long as necessary for the purposes for which they were collected.

    Back to overview

    What rights do you have (rights of the data subject)?

    In line with our commitment to transparency, it goes without saying that we guarantee and protect your rights.

    Every data subject has the

  • right to access information (Article 15 GDPR);
  • right to rectification (Article 16 GDPR);
  • right to erasure (Article 17 GDPR);
  • right to restriction of processing (Article 18 GDPR);
  • right to data portability (Article 20 GDPR);
  • right to object (Article 21 GDPR), and
  • right to lodge a complaint with a supervisory authority (Article 77 GDPR).

  • Back to overview

    Right to information

    You are entitled, at any time, to demand that we provide you with information on the following:

  • the purpose of our processing of data;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Your right to access information is restricted if the information would adversely affect the rights and freedoms of others.

    As we have to process a wide range of data in connection with your insurance, please make any request for information as precise as possible and indicate the information or processing to which your request for information relates.

    Our ‘right to information’ form is the fastest way to request information from us.

    Requests for access to information

    Simply fill in the form and send it securely. You will be sent the information as quickly as possible.

    If you do not want this, please understand that we can only accept requests for access to information that are in writing (and signed by your own hand).

    Back to overview

    Right to rectification

    If you determine that the data concerning you are incorrect or incomplete, you are entitled to their rectification or supplementation. To exercise this right, please contact your personal consultant and provide us with the documents supporting your conclusion that will enable us to examine your request.

    We will handle your request as quickly as possible and notify you of the outcome and any other necessary steps.

    Back to overview

    Right to be forgotten (erasure)

    We have to store your social security data in line with statutory requirements in order to fulfil our legal duties.

    You are entitled to obtain the erasure of the data where one of the following grounds applies:

  • the social security data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the statutory storage deadlines have expired (see ‘Duration of storage’);
  • the social security data have been unlawfully processed;
  • you withdraw your consent to the use of specific data and there are no other legal grounds for their processing (e.g. storage periods). For more information about withdrawing consent, see here.
  • To ‘Your right to withdraw consent’

    Back to overview

    Right to restriction of processing

    You are entitled to demand that SBK restrict processing where one of the following applies:

  • You contest the accuracy of your social security data. The restriction applies for a period enabling the SBK to verify the accuracy of the social security data,
  • the processing is unlawful and you oppose the erasure of the social security data and request the restriction of their use instead;
  • SBK no longer needs the social security data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims and you notify SBK of this before the expiry of the deadlines for erasure.
  • the social security data cannot be erased due to the special mode of storage or if erasure would involve a disproportionate effort.
  • For example, the processing of social security data can be restricted by means of blocking which will prevent employees of SBK from accessing them.

    Back to overview

    Right to withdraw consent

    Any consent you give to the use of personal data relating to you may be revoked at any time. The withdrawal of consent applies to the future. We will erase your personal data in accordance with the statutory deadlines for erasure. The data will no longer be used after you withdraw your consent.

    Please post your notice of withdrawal of consent to SBK 80227 Munich or email it to widerruf@sbk.org.

    You can also withdraw consent through ‘My SBK’. Do you no longer have an account with ‘My SBK’? No problem, click here to register securely and, once you have access to ‘My SBK’, view consents you have granted and withdraw them with future effect.

    Back to overview

    Right to data portability

    You are entitled to receive the personal data and social security data that you have provided to us in a portable format.

    If you change insurer, the health insurance funds will transmit the data necessary to continue your insurance policy to one another in line with Section 304(2) SGB V. You are not required to do anything.

    Back to overview

    Right to lodge a complaint

    You are entitled to lodge a complaint with the supervisory authority of SBK if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.

    The relevant supervisory authorities are:

  • Federal Commissioner for Data Protection and Freedom of Information (BfDI)
    Husarenstr. 30
    53117 Bonn

    poststelle@bfdi.bund.de

    or through the contact form at

    www.bfdi.bund.de/DE/Service/Kontakt/kontakt_node.html
    • German Federal Insurance Office (Bundesversicherungsamt)
      Friedrich-Ebert-Allee 38
      53113 Bonn poststelle@bvamt.bund.de

      or

      poststelle@bvamt.de-mail.de

      or through the contact form at

      www.bundesversicherungsamt.de/kontakt.html
    • Back to overview

      Folgen Sie uns auf

      Facebook
      Instagram
      YouTube
      X
      LinkedIn
      XING
      TikTok
      Cookie Settings Privacy Legal information Accessibility & simplified language Contact SBK

      Your website settings

      We use required cookies, which are necessary for the operation of the website, in order to provide you with an optimal website experience. Additional cookies and technologies are only used if you agree to them. These cookies and technologies are used for statistical purposes and for other functions on the website:

    • Required cookies
    • Statistic cookies
    • External services
    • By clicking on ‘Agree’ and then on ‘Save’, you accept this and the transferring of your data to third parties.

      For more information, including regarding the processing of data by third party providers, see your Settings and our Privacy Policy. You can decline the use of cookies or change your Settings at any time.

      About the settings Accept

      You have the choice of which cookies and external services you allow:

      These cookies are necessary to enable you to navigate through the pages and use essential functions.

      These cookies help us to better understand user behaviour.

      On this page, services provided by third parties are integrated. They provide their services independently. In individual cases, cookies must be set for these functions.

      Privacy Policy

      Save Settings