Privacy

We respect and protect your privacy, regardless of whether you are a customer, potential customer or visitor to our website. What does this mean in real terms when it comes to your personal data?

This privacy policy details what data are processed when you contact us over the Internet. It applies to the health insurance and healthcare fund of SBK Siemens-Betriebskrankenkasse – these are referred to below as ‘SBK’.

It also provides you with information on the processing of your data in line with the legal standards that came into effect on 25 May 2018 (Article 13ff. GDPR). This privacy policy gives you a quick and easy overview of which personal and social security data we collect from you and what we do with them. Additionally, it describes your rights under the data protection laws and who you can contact if you have any questions.  

Privacy policy for the SBK homepage

We hope to provide you with comprehensive information about the products and services of SBK through our website and our newsletters.

The protection of your personal data is very important to us. The following privacy policy provides you with an overview of when we store data and the purposes for which they are collected and processed.

As a public body, we are subject to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the special provisions concerning the protection of social security data of the books of the German Social Code (SGB), especially Books I, V, X, XI and XII. Our adherence to the statutory provisions is verified on a regular basis.

Your consent to the processing of data

Your data from your visit to the website will not be collected, processed or used automatically without your express consent. Your IP address is stored in server log files for 30 days. However, we cannot access them and as such, they cannot be associated with an individual. We will store your personal data if you expressly provide us with them. This might be in one of the following cases:

Each input screen on the website describes which data are collected, stored and used. Fields marked as optional are voluntary. 

Use and disclosure of your data

If you provide us with your data, we will only use them for the original purpose, e.g. in order to respond to queries or send the newsletter. Your data will not be passed on to third parties without your consent. Data are only passed on to third parties in line with mandatory statutory regulations or if the disclosure is necessary for the purposes of litigation or prosecution in the event of an attack on our network infrastructure.

We have our external service providers sign a contractual undertaking to adhere to the provisions concerning the protection of social security data. To this end, we enter into a legally required data processing contract in the sense of Article 28 GDPR in conjunction with Section 80 of Book X of the German Social Code (SGB). As the client, we inspect the protection of your personal data prior to the start of the data processing, and then regularly monitor compliance with the technical and organisational measures implemented by the contractor.

Whenever you provide personal data, your data will be encrypted before they are transmitted over the Internet in order that they cannot be accessed by unauthorised parties.

Persons under the age of 15 should not provide us with any personal data without the permission of their parents or guardians.

Newsletter

You can subscribe to our employer newsletter on our website. You require a valid email address in order to receive the newsletter. You are not obliged to provide your name or surname. You will then receive a confirmation email in which you will be required to confirm your subscription to the newsletter (the opt-in process). The data you provide will be used exclusively for the purposes of sending the newsletter. We will not share any information with third parties. You can unsubscribe from the newsletter at any time by clicking on this link.

When you open the SBK newsletter and the personal informational email and click on other links, these actions will be logged for statistical purposes. These data are only used once anonymised in order to optimise our newsletters with regard to the interests of our visitors. These data cannot be used to carry out a personal analysis.

Use of cookies

We use session cookies in some parts of our website. They become invalid automatically at the end of your visit. From 10 March 2017 onwards, we will use a cookie known as ‘ucsurvey’ for a website survey; the cookie will expire in 30 days. The cookie prevents the survey from being displayed again for one month. A cookie is a small text file containing information which is installed on the browser of the visitor. Cookies cause no damage to your computer and do not contain viruses. They serve to make our website more user-friendly and effective. You can configure your browser to notify you of the installation of cookies, to only allow specific cookies, to block cookies in certain cases or in general and to delete cookies automatically when you close your browser window. Deactivating cookies might limit the features of this website.

Use of the analytics service Matomo

This website uses Matomo to statistically evaluate visits in order to improve the website of SBK. These data cannot be used to carry out a personal analysis. Matomo is configured so as to be consistent with the data protection legislation and uses cookies. The information on the use of the website generated by the cookie is stored on the server of SBK in Germany. The IP address is anonymised as soon as it has been processed and before it is stored. The information on your use of the website generated by the cookie is not shared with third parties.

You can deactivate the collection of data by Matomo here:

Links to other websites

We accept no responsibility for the content of websites to which our website contains links. If you believe that third-party websites to which our website contains links are in breach of the law or otherwise have inappropriate content, please let us know. We will follow up on your report immediately and remove the link if necessary.

Data protection information for social media plugins

You can use a social plugin embedded on the SBK website in order to share content from the SBK website on a social network. These social plugins are provided as a service from each social media provider.

Data transmission

When you activate such a social plugin by clicking on it, data will be transmitted to the server of that social media provider, e.g. your IP address or the URL of the page you are visiting. The transmission takes place even if you are not registered with the social network in question. The collected data can be merged at a later date, e.g. if you register with the social network in the future.

Please note that our data protection guidelines and liability provisions do not apply to the websites of third-party providers to which our website contains links. SBK has no control over how the social media providers use your data. If you would like to know how each social media provider approaches data protection, please see their various privacy policies. Please see the links below for more information on the potential use of your data and the duration of storage:

Facebook, facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA

Twitter, Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA

Google+, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Google Maps

For the purposes of finding branches, this website uses the Google Maps API, a map service provided by Google Inc. (‘Google’) in order to display the branches of SBK. The use of this technology means that information on how you use this website (e.g. your IP address) might be transmitted to the provider of the solution and stored there. By using this website, you consent to the collection, processing and use of the automatically collected data and the data you provide by Google, a representative of Google or a third-party provider. The Terms of Service of Google Maps are available at Terms of Service of Google Maps.

Activation and deactivation of social plugins

By clicking on the fields of each social media provider to activate them, you consent to the use of each social plugin and acknowledge the data protection information. The button will then turn green.

You can terminate your use of each social media plugin at any time by clicking on the social plugin again. The button will then turn grey. This will block the transfer of any more data to the social media provider.

Naturally, you can make full use the SBK website even if you do not activate the social plugins.

Right to withdraw consent

If you have voluntarily provided us with consent to the storage and use of your personal data for a specific purpose, you can withdraw it at any time with future effect. The data in question will then be erased without undue delay.

If you would like to withdraw your consent to the use of your data, please send an email to widerruf@sbk.org.

Contact

If you have any questions or suggestions, please contact our data protection officer:

SBK
SBK-Pflegekasse
Vorstandsbeauftragter Datenschutz
Heimeranstraße 31
80339 München
Tel.: 089 62 700-280

Alternatively, use our online form for an encrypted data transfer:

Data protection contact form

When you use the contact form, please provide either your health insurance number or your address and phone number so that we are able to process your query. It goes without saying that we will only use these data to process your query and will delete them afterwards. Please note that messages (e.g. emails) are not encrypted when they are transmitted over the Internet. Therefore, it cannot be ruled out that information might be read, modified or deleted by unauthorised third parties. For this reason, we recommend that you use the forms on the SBK website as data in these are encrypted and transmitted securely.

Back to overview

Privacy policy for ‘My SBK’

The following privacy policy supplements the general privacy policy for the website www.sbk.org for the protected area ‘My SBK’ which can be used by SBK policyholders after they register for it separately. Unless provided for otherwise in this privacy policy, the general privacy policy applies.

SBK, as the controller in the sense of the data protection legislation, provides various online services through ‘My SBK’. SBK collects and processes certain personal data, described below, in order to provide the services in ‘My SBK’ and improve it. SBK uses these data in order to provide the services and features available through ‘My SBK’.

Registration

Separate registration is required in order to use ‘My SBK’. This registration requires your name, surname, policyholder number, date of birth, post code and email address. You will then be sent an initial password that you can replace with a password of your own choice. The security code required to use all of the features of ‘My SBK’ will then be posted to the address you used to register with SBK.

As part of a registration for ‘My SBK’, the following personal data will be stored in your personal area and can be accessed, supplemented and sometimes even modified by you:

Use of personal data

SBK collects other data as part of specific online services (e.g. uploading photos for the electronic health insurance card) within ‘My SBK’. These data are collected and processed in line with the statutory remit of SBK which is supported by a service provider that is obliged to maintain the secrecy of personal data.

Prevention of misuse and guaranteed traceability

In order to prevent the misuse of your personal access to SBK and ensure the necessary traceability, which is also in your interests, the following procedures are logged:

The user ID, date, time, identification type and a transaction code are all logged.

Use of cookies and analytics tools

The use of cookies and analytics tools is detailed in the general privacy policy for the SBK website.

Deletion of your account

If you no longer wish to use ‘My SBK’, you can delete your account at any time. In this case, the personal data collected specifically for ‘My SBK’ will be deleted unless any statutory rights or duties of retention would prevent this on a case-by-case basis.

Contact

If you have any questions or suggestions, please contact our data protection officer:

SBK
SBK-Pflegekasse
Vorstandsbeauftragter Datenschutz
Heimeranstraße 31
80339 München
Tel.: 089 62 700-280

Alternatively, use our online form for an encrypted data transfer:

Data protection contact form

When you use the contact form, please provide either your health insurance number or your address and phone number so that we are able to process your query. It goes without saying that we will only use these data to process your query and will delete them afterwards. Please note that messages (e.g. emails) are not encrypted when they are transmitted over the Internet. Therefore, it cannot be ruled out that information might be read, modified or deleted by unauthorised third parties. For this reason, we recommend that you use the forms on the SBK website as data in these are encrypted and transmitted securely.

Important information

Social security data in emails?

Generally speaking, unencrypted emails are like a postcard. We therefore recommend that you do not send any sensitive data by email.

As a rule, we do not respond to queries involving sensitive data by email, rather by post or through your online inbox in ‘My SBK’. We can provide the information you require in this protected area. Do you no longer have an account with ‘My SBK’? No problem. Click here to register for the secure service.

We recommend that you use your private account for email correspondence with SBK.

Warning regarding fraudulent calls

Recently, there have been numerous cases involving people posing as employees of a health insurer or claiming to be acting on behalf of a health insurer calling policyholders.

In the calls, the fraudsters ask for the account details of the policyholder under false pretences, for example a payment from a bonus scheme.

In other cases, fraudsters have asked for the policyholder’s address details, allegedly in order to send them information about supplementary insurance policies, and then signed them up to a supplementary insurance policy and demanded payment.

We cannot conceive of the schemes the fraudsters will think up next.

Please note:

Neither SBK nor your SBK customer advisor will ever phone you and ask for your data.

What can you do if you receive such a call?

Controller

The contact details of SBK, the controller, are as follows:

SBK Siemens-Betriebskrankenkasse
Heimeranstr. 31
80339 München

Tel.: 0800 072 572 572 50

Mail: info@sbk.org

Data protection officer

The data protection officer appointed by the management of SBK and the data protection team can be contacted as follows:

Post:

SBK Siemensbetriebskrankenkasse
SBK Pflegekasse
Datenschutz
Heimeranstr. 31
80339 München

Email:

datenschutz@sbk.org

or

using the data protection contact form

data protection contact form

What are personal data?

Data are personal or relate to a person if they can be associated with a specific natural person unequivocally. They include, for example, information such as your name, date of birth, address, personal email address, health insurance number and phone number.

European lawmakers have defined it in a slightly more complex manner (Article 4 no. 1 GDPR):

‘For the purposes of this Regulation, “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’

What are social security data?

Social security data are personal data that are processed a statutory health insurance fund (such as SBK), for example, in connection with their duties under the German Social Code (SGB). Therefore, the data listed above are also social security data.

Trade and company secrets are equivalent to social security data. They include all data relating to a business or business operations, including of legal entities, that are of a confidential nature.

Legislators have provided the following definition in the German Social Code (Section 67(2) SGB X):

‘Social security data are personal data (Article 4(1) GDPR) that are processed by an entity referred to in Section 35 of Book I in connection with its duties under this Code. Trade and company secrets are all business-related data, including those concerning natural persons, which are of a confidential nature.’

What does data processing mean?

When we process personal data and social security data, this means that we collect, store, use, transmit or erase them, for example.

This is defined as follows by the European General Data Protection Regulation (Article 4 no. 4 GDPR):

For the purposes of this Regulation, ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

What legal grounds are there for data processing and for what purpose do we process your data?

We process personal data and social security data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Social Code (SGB).

The specific purpose of the processing is determined by the following breakdown of the legal grounds.

If we process data having been granted consent, we will describe the purpose before asking for any consent from you.

Change of purpose

In deviation from the purposes and legal grounds described above, we can use your data for other purposes without being obliged to notify you in advance (i.e. a change of purpose) if the following criteria are met:

Legal grounds:

At SBK, your data are processed on legal grounds.

The legal grounds are set out by the various books of the German Social Code (SGB), especially Book I (General Part), Book IV (General Rules for Social Security), Book V (Statutory Health Insurance) and Book X (Social and Administrative Procedures and Protection of Social Data).

Specifically, we process data on the following legal grounds:

SBK health insurance fund

SBK healthcare fund

Please be aware of the obligations to cooperate set out in Section 60ff. SGB I in order that SBK is able to fulfil its legal duties. These obligations require you to provide SBK with certain personal data that are necessary for the fulfilment of the legal duties concerning you. Failure to cooperate on your part can result in delays or even the rejection of applications you file for benefits. Additionally, please be aware of your duties to provide SBK with information and notification pursuant to Section 28a SGB IV, Section 198ff. SGB V and Sections 50 and 100 SGB XI.

These data expressly do not include voluntary details such as your phone number or email address. Your refusal to provide these data does not represent a breach of any duty to provide information, notification or cooperation and you will not suffer any negative repercussions.

Your social security data that SBK processes are subject to the data protection regulations of Books I and X of the German Social Code (SGB) and the German Federal Data Protection Act (BDSG), as well as the General Data Protection Regulation (GDPR) from 25 May 2018. SBK ensures that the secrecy of social security data in the sense of Section 35 SGB I is maintained.

Consent:

Additionally, SBK can process data on the grounds of express declarations of consent pursuant to Article 6(1a) GDPR in conjunction with Section 67b(2) SGB X and the relevant statutory provisions in the specialised books of the German Social Code (Sections 39(1a), 39a, 44(4) of Books V and XI of the German Social Code (SGB)).

For example, we will ask for your consent to data processing if we want to provide you with even better support and advice in a specific case. This requires your documented prior consent. In these specific cases, we will approach you, explain the sense and purpose of the necessary data processing to you and ask for your consent.

You can also provide consent to a wide range of reasons to contact you (e.g. participation in customer satisfaction surveys or competitions). In each case, you will be notified in detail of what data we will process and how we will use them.

All of these declarations of consent are voluntary. This means that you do not need to fear any repercussions if you do not wish to grant consent. Additionally, you can withdraw your consent at any time. For more information, see the section on your right to withdraw consent

To ‘Your right to withdraw consent’

What data concerning you do we process?

(Types of stored data)

We collect your personal data and social security data when you contact us, e.g. as a potential customer, policyholder, employer or business partner. In particular, this means when you are interested in our products, submit applications, visit our website, register for our online services or contact us by email or phone, or if you receive benefits from us or pay premiums to us as part of your insurance policy with SBK. Specifically, these are the following:

Social security data of the policyholder

Data concerning members and family members

The following data concerning policyholders are stored:

Membership data

The following social security data are stored in connection with your membe

Insurance policy data

The following social security data are stored in connection with your insurance policy:

Contribution data (only for direct payers)

The following social security data are stored in connection with your premiums:

Benefit data

The following social security data are stored in connection with your benefits:

Data on the caregiver

The following social security data are stored in connection with the caregiver:

Data on the legal representative / carer

The following social security data are stored in connection with your legal representative:

Business partner data

Data concerning employers and pay offices

The following data concerning employers and pay offices are stored:

Care provider data

The following data concerning care providers are stored:

Data on contractual partners and suppliers

The following data concerning contractual partners and suppliers are stored:

Social security data of other people

Data on the recipient of the publication

The following data are stored if publications are obtained:

Data concerning potential customers

The following data concerning potential customers are stored:

Data concerning visitors to our website

The following data concerning website visitors are stored:

Automated decision-making (Article 22 GDPR)

We do not use fully automated individual decision-making in order to conclude and execute insurance policies.

Who receives your data?

Within SBK, your data are made available to the people who need them in order to carry out their assignments. We guarantee this, for example, by using the latest software to manage your data. The software meets the requirements of the General Data Protection Regulation. For example, this includes the requirement that it must be possible to configure the software so that the employees of SBK are only able to access the data necessary for their specific fields of activity.

SBK transmits social security data to the following recipients in line with the statutory regulations of the German Social Code (SGB) or other regulations:

HOWEVER: Under no circumstances will we sell your data to third parties.

Processing in a third country

SBK processes your personal data and social security data in Germany. Generally speaking, this also applies to the service providers we use. In justified cases, data can be lawfully transmitted to member states of the EU or EEA.

Data are not transmitted to countries outside of the EU or EEA including Switzerland, also known as third countries.

Duration of storage

The social security data are stored and erased in line with the requirements of Sections 110a SGB IV, Section 304 SGB V Section 107 SGB XI and of the General Administrative Regulation on Accounting in Social Security (SRVwV).

Maximum or, if no regulations apply, social security data are only stored for as long as necessary for the purposes for which they were collected.

What rights do you have (rights of the data subject)?

In line with our commitment to transparency, it goes without saying that we guarantee and protect your rights.

Every data subject has the

Right to information

You are entitled, at any time, to demand that we provide you with information on the following:

Your right to access information is restricted if the information would adversely affect the rights and freedoms of others.

As we have to process a wide range of data in connection with your insurance, please make any request for information as precise as possible and indicate the information or processing to which your request for information relates.

Our ‘right to information’ form is the fastest way to request information from us.

Requests for access to information

Simply fill in the form and send it securely. You will be sent the information as quickly as possible.

If you do not want this, please understand that we can only accept requests for access to information that are in writing (and signed by your own hand).

Right to rectification

If you determine that the data concerning you are incorrect or incomplete, you are entitled to their rectification or supplementation. To exercise this right, please contact your customer advisor and provide us with the documents supporting your conclusion that will enable us to examine your request.

We will handle your request as quickly as possible and notify you of the outcome and any other necessary steps.

Right to be forgotten (erasure)

We have to store your social security data in line with statutory requirements in order to fulfil our legal duties.

You are entitled to obtain the erasure of the data where one of the following grounds applies:

To ‘Your right to withdraw consent’

Right to restriction of processing

You are entitled to demand that SBK restrict processing where one of the following applies:

For example, the processing of social security data can be restricted by means of blocking which will prevent employees of SBK from accessing them.

Right to withdraw consent

Any consent you give to the use of personal data relating to you may be revoked at any time. The withdrawal of consent applies to the future. We will erase your personal data in accordance with the statutory deadlines for erasure. The data will no longer be used after you withdraw your consent.

Please post your notice of withdrawal of consent to SBK 80227 Munich or email it to widerruf@sbk.org.

You can also withdraw consent through ‘My SBK’. Do you no longer have an account with ‘My SBK’? No problem, click here to register securely and, once you have access to ‘My SBK’, view consents you have granted and withdraw them with future effect.

Right to data portability

You are entitled to receive the personal data and social security data that you have provided to us in a portable format.

If you change insurer, the health insurance funds will transmit the data necessary to continue your insurance policy to one another in line with Section 304(2) SGB V. You are not required to do anything.

Right to lodge a complaint

You are entitled to lodge a complaint with the supervisory authority of SBK if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation.

The relevant supervisory authorities are: