The exali.com Data Protection Declaration

Content:

  1. Responsible in Terms of Data Protection Laws
  2. Data Protection Officer
  3. General Information on Data Processing
  4. Automatic Data Processing when you Visit the www.exali.com Website
  5. Use of Cookies
  6. Processing of Personal Data via the Contact Form
  7. Processing of Personal Data when Setting up a ‘My exali’ Customer Account
  8. Processing of Personal Data when Using the Online Questionnaire
  9. Processing of Personal Data via Email
  10. Processing of Personal Data in the Newsletter / Newsflash
  11. Processing of Personal Data via Telephone, Callback Service
  12. Processing of Personal Data via Fax
  13. Processing of Personal Data as Part of the Application Process
  14. Processing of Personal Data via the Chat Programme
  15. Rights of the Data Subject
  16. Google Analytics / Web Analysis, Tracking Services
  17. Google Ads and Google Conversion Tracking
  18. Facebook Pixel Tracking - Facebook Audiences (Remarketing / Retargeting), Conversion Tracking and Facebook Fan Page
  19. Twitter Universal Website Tag (Remarketing / Retargeting), Conversion Tracking
  20. Integration of YouTube Videos
  21. Adobe Typekit
  22. eKomi
  23. Use / Integration of the exali.com Liability Seal
  24. Privacy Policy for our exali Facebook Page
  25. LinkedIn Pixel Tracking (Remarketing / Retargeting), Conversion Tracking

Data Processing Carried out by exali

When using the website www.exali.com, its functionalities, your contacting us and sending an inquiry, you transmit personal data to us, which we process for the purpose of processing your inquiries, contract processing and customer support. We only handle this data strictly for the specific purpose in accordance with data protection laws.

The Party Responsible in Terms of Data Protection Laws is:

exali AG
Franz-Kobinger-Str. 9
86157 Augsburg

Phone:  +49 (0) 821 80 99 46-0
Fax:  +49 (0) 821 80 99 46-29

Email: info@exali.com
 

Data Protection Officer

Legally required data protection officer:
We have appointed a data protection officer for our company.

RDP Röhl Dehm & Partner Rechtsanwälte mbB
Moritzplatz 6
86150 Augsburg

dataprotection@exali.com

 

General Information on Data Processing

Scope of the Processing of Personal Data in General

In principle, we only process personal data insofar as is necessary to provide a functional website and our content and services.

Legal Basis for the Processing of Personal Data:

The respective legal basis for the processing of personal data is derived from the General Data Protection Regulation, Article 6 Paragraph 1 lit. a - f GDPR.

Insofar as the consent of the data subject has been given, Art. 6 para. 1 lit. a GDPR is the legal basis.

Art. 6 para. 1 b of the GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party or for processing operations in connection with pre-contractual measures.

If processing is necessary to fulfil a legal obligation of the party responsible, Art. 6 Para. 1 lit. c GDPR is the legal basis.

To the extent that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6 para. 1 lit.d GDPR is the legal basis.

If the processing is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority that has been transferred to the person responsible for the processing, the legal basis is Art. 6 para. 1 lit.e GDPR.

If processing is necessary to safeguard a legitimate interest of our company and if the interests, fundamental freedoms or fundamental rights of the person concerned do not outweigh the interests, the legal basis is Art. 6 para. 1 lit. f GDPR.

Provision of Personal Data Required for the Conclusion of a Contract or Due to Statutory Retention Obligations

When you contact us, we collect personal data. Some of these data we store on the grounds of statutory regulations, while some are necessary for the conclusion of a contract. If you wish to conclude a contract with us, you must provide us with your data in order that we can provide our services to you. In addition, there are statutory retention requirements for us with regards to tax and commercial law which we must comply with. Otherwise we may not be able to provide our services to you.

Before providing your personal data, you are welcome to ask your respective contact partner at exali whether we need your data to conclude a contract and/or due to our statutory retention obligations, and what the consequences will be if you do not provide this data to us.

Data Deletion and Storage Duration

We store your personal data as long as this is necessary to fulfil the purpose or storage is required due to legal regulations, Art 6 Para. 1 lit. c GDPR.

If the purpose for storing personal data is no longer given, these data will be deleted after 6 months or processing of these will be restricted, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

Any further storage will only take place if this has been provided for by the European or national legislature.
 

SSL or TLS Encryption

We use SSL or TLS encryption across the entire website for security reasons on the one hand and to protect your confidential data on the other.

This encryption means that confidential data, such as inquiries or orders that you submit to us, cannot be viewed by third parties.

You can recognise an encrypted connection by the fact that the url line of the browser changes from #http://’ to ‘https://’ and a green lock icon appears in the url field.
 

Automatic Data Processing When you Visit the www.exali.com Website
 

IP Address
 

1. Description and Scope of the Data Processing
When this page is called up, requests are sent to the server, which it must answer. To do so, your IP address must be collected and processed in order to be able to answer the relevant server inquiries.

2. Legal Basis for Data Processing
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of Data Processing
The purpose of processing your IP address is the functionality of the website and the provision of technical access options.

4. Legitimate Interest
The legitimate interest in the temporary storage of the IP address lies in the fact that the functionality and provision of the technical accessibility of the website is not possible without this.

5. Duration of Storage
The data will be deleted as soon as further storage is no longer necessary due to the purpose being achieved.

When collecting the data for the provision of the website, this is the case when the accessing process has ended.
 

Hosting on own Servers

1. Description and Scope of the Data Processing
We use our own servers for the technical implementation of the website and its accessibility.

This includes the provision of storage and database services as well as their maintenance and care.

2. Legal Basis for Data Processing
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of Data Processing
The purpose of the processing is the execution of the online offer as well as the detection of malfunctions and break-in attempts.

4. Legitimate Interest
The legitimate interest is the provision of a functional and uncompromised technical website environment.


Server Log Files


1. Description and Scope of the Data Processing
The IP addresses collected when this page is accessed are also stored in so-called server log files in order to discover technical faults and / or attempts to manipulate and break into the server structure and make them remediable.

In addition, the hosting provider of this website automatically collects, stores and processes information in so-called server log files, which are automatically transmitted by your browser.

This information includes:

Browser type and browser version
Operating system used
Referrer URL
Host name of accessing computer
Time of server request

However, this information is not merged with other data sources.

2. Legal Basis for Data Processing
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of Data Processing
The purpose of processing your IP address and the above information is to detect malfunctions and attempted break-ins.

4. Legitimate Interest
The legitimate interest in processing the IP address and the above information is to provide a functional and uncompromised technical website environment.

5. Duration of Storage
The data will be deleted again within 30 days.

6. Recipients of Personal Data
The IP address and the above information are processed by the following hosting provider on behalf of an order processing agreement in accordance with Art. 28 (2 and 4) GDPR:
 

Use of Cookies


1. Description and Scope of the Data Processing
The website www.exali.com uses so-called ‘cookies’. Cookies are text files that are stored in the memory and / or on a data carrier of the device used to visit the website and that are processed by your Internet browser in accordance with the settings stored there. We use a cookie when logging into the exali.com customer area to ensure that the customer has full access to their personal data without having to log in again each time the page is viewed.

In order to make the application as simple and clear as possible for the user, we have divided the online questionnaire into individual steps. We use a ‘session cookie’ to ensure that all data required for submitting a questionnaire can be saved up to the last application step and clicking on ‘Submit questionnaire now’.

The content of these cookies is:

Name: PHPSESSID
Content: Session cookie in the form of a hash

Our ‘ProDL cookie’ is an exception to this. This is used to save an internal ID of the selected professional activity so that information relevant to them can be displayed to the user.

Name: ProDL cookie
Content: ID (internal identifier) of the chosen professional activity.
 

2. Legal Basis for Data Processing
The legal basis for data processing is Art. 6 para. 1 lit.b) and Art. 6 para, 1 lit.f) GDPR.

3. Purpose of Data Processing
These cookies contain technical information for the provision of the website functionalities as part of the order and customer account process. This enables the technical implementation of the offer and customer account process.

4. Legitimate Interest According to Art. 6 para. 1 lit.f GDPR
Our legitimate interest lies in the provision of a technical environment that maps an online application process for our customers and users. The cookies used only contain technical data and product information, which technically depicts the conclusion of an online contract by our customers on the initiative of our customers.


5. Duration of Storage as well as Options for Objection and Removal
The cookies used on this site are so-called ‘session cookies’. The ‘ProDL cookie’ described above is an exception. These cookies are automatically deleted from the browser cache / memory on your computer at the end of your website visit and / or when you close your browser, provided you have activated this functionality in your browser.

Please check the settings of your internet browser (e.g. Firefox, Internet Explorer, Edge, Chrome, Opera, Safari). Your internet browser also gives you the option of regulating the handling of cookies or of deactivating them entirely. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
 

Processing of Personal Data via the Contact Form


1. Description and Scope of the Data Processing
There is a contact form on our website that is only used for electronic contact. We only process your personal data insofar as you communicate it to us when you contact us.

The following data is processed for inquiries via the contact form:

Name*
E-mail address*
Phone*
Reason for your inquiry ‘My inquiry concerns’*
Prospective / existing customer*
Your message to us*

The fields marked with an ‘*’ symbol are mandatory fields, without which you cannot send an inquiry to us using this contact form.

The indication of the name is used to address you personally when processing your request.

When you simply enter the data in the forms, no data is transmitted to us, this only happens after you have clicked ‘Submit’.

At the time the message is sent, the following data is also processed:

Date and time of the inquiry
 

2. Legal Basis for Data Processing
The legal basis for the processing of personal data to process and answer your inquiries is Art. 6 para. 1 lit. f GDPR. 

The legal basis for the processing of personal data that is used to prepare and / or create a contractual relationship is Art. 6 para. 1 lit.b) GDPR.

3. Purpose of Data Processing
The processing of personal data via the contact form serves the sole purpose of establishing contact and enabling the company to address the customer for information on the customer's initiative.

Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship, in this case the purpose is also to maintain the customer relationship.

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request accordingly. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.

5. Duration of Storage
The data will be erased within 6 months once they are no longer required to achieve the purpose for which they were collected or are not subject to further statutory retention requirements (e.g. 10 years according to the AO German Tax Code, 6 years pursuant to HGB, the German Commercial Code). For your data entered in the contact form, this is the case when the respective conversation with the user has ended.

The conversation has ended once the circumstances show that the matter in question has been conclusively clarified.
 

Processing of Personal Data when Setting up a ‘My exali’ Customer Account


1. Description and Scope of the Data Processing
You can create a customer account on our website to facilitate the application process and customer support process. This ‘My exali’ customer account helps you to make the application process and the administration of your contract data more efficient for you and to manage your insurance contracts. For this purpose, we offer you a registration process in which you transmit data as part of your online questionnaire. You will receive your access data for the ‘My exali’ customer area with the password you have chosen, which you assigned in the online questionnaire.


2. Legal Basis for Data Processing
The legal basis for the processing of personal data that is used to prepare and / or create a contractual relationship is Art. 6 para. 1 lit.b GDPR.

3. Purpose of Data Processing
The processing of personal data as part of the registration is used to create the customer account, with which you can manage your applications and your contract data more easily.
 

4. Duration of Storage
Your personal data will be deleted when you order us to delete your customer account. This does not apply if the data is subject to further statutory retention requirements (e.g. 10 years according to AO, the German Tax Code, 6 years according to the HGB, the German Commercial Code). In this case, processing will be restricted until the retention period has expired.


Processing of Personal Data when Using the Online Questionnaire


1. Description and Scope of the Data Processing
There is an online questionnaire function on our website, which enables you to apply online and take out insurance benefits such as those made possible by professional indemnity insurance contracts.

You can submit applications for insurance benefits on our website, which we then check and document for you as part of our application process and provide the contracts in the ‘My exali’ customer account.

Depending on your professional affiliation, we collect application data in order to be able to initiate an insurance application for you that corresponds to your professional profile.

This information can include:

Headquarters, title, annual net turnover, street / house number, title, postcode, last name, city, first name, country, company name (including legal form, if applicable), company formation, legal form, account number, telephone, bank code, mobile phone, IBAN, fax, BIC, e-mail address, bank, website, account holder, GULP ID, Freelancermap ID, competent bar association, initial admission, number of professionals / partners, owner / main contact person - salutation, owner / main contact person - title, owner / main contact person - first name, owner / main contact person - last name, other partners - salutation, other partners - title, other partners - first name, other partners - surname, focus areas / specialist lawyers, goods or services, insured portals / apps, main activity, secondary activity, e-mail, application questions.
 

In addition, we have to ask certain risk questions in the application process. These differ depending on your profession. Therefore, the screenshot is only an example:
 


2. Legal Basis for Data Processing
The legal basis for the processing of personal data that is used to prepare and / or create a contractual relationship is Art. 6 para. 1 lit.b GDPR.

3. Purpose of Data Processing
The purposes of processing personal data in the context of the online application are the processing of the questionnaire, the obtaining of corresponding insurance offers, the payment processing, the processing of the insurance contract process with the conclusion of the contract and the enabling of any customer inquiries, as well as the care and maintenance of the customer relationship.

4. Duration of Storage
The data will be erased within 6 months once they are no longer required to achieve the purpose for which they were collected or are not subject to further statutory retention requirements (e.g. 10 years according to the AO German Tax Code, 6 years pursuant to HGB, the German Commercial Code). In this case, processing will be restricted until the retention period has expired.

As a rule, the special legal documentation requirements apply to us as an insurance broker according to VVG. Since you can generally apply for insurance benefits for our insurance products up to 10 years after the contract has ended, your data must be stored for this period.’

5. Recipients of Personal Data
If you take out insurance on our sites, you agree that exali.com and the insurer Markel may use personal data and other information for insurance purposes, such as: to produce insurance policies and certificates or to process damage claims. This permission also includes the transfer of parts of your personal details or other information to third parties in order to be able to provide insurance coverage. Such third parties can be, for example, the insurer, reinsurer, damage appraiser and insurance supervisory authorities. If such personal data belong to persons other than yourself, you must obtain the explicit consent of these persons and authorise us to use the information from these persons for the purposes described above.
 

Processing of Personal Data via Email

1. Description and Scope of the Data Processing
For inquiries that you send us by e-mail, personal data will be processed depending on the content of your e-mail:

In any case, this is your e-mail address, the date and time and the content of the message. In addition, depending on the content of your e-mail, the following personal data are processed, as an example:

First name, last name
Phone number

The data will only be used to process the conversation and / or to carry out and / or initiate a contractual relationship.
 

2. Legal Basis for Data Processing
Based on the express request of the user via email, the legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. If contact by Email is also aimed at concluding and / or executing a contract, the additional legal basis for processing is Art. 6 para. 1 lit.b GDPR.

3. Purpose of Data Processing
The processing of personal data via your e-mail request serves the sole purpose of establishing contact and enabling the company to address the customer for information purposes on the customer's initiative.

Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship.

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request accordingly. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.

5. Duration of Storage
The data will be erased within 6 months once they are no longer required to achieve the purpose for which they were collected or are not subject to further statutory retention requirements (e.g. 10 years according to the AO German Tax Code, 6 years pursuant to HGB, the German Commercial Code).

As a rule, the special legal documentation requirements apply to us as an insurance broker according to the german VVG. As you can usually apply for insurance benefits for our insurance products up to 10 years after the contract has ended, it is essential that your data are stored for this period.
 

Processing of Personal Data in the Newsletter / Newsflash

1. Description and Scope of the Data Processing
We offer a newsletter with promotional information for our customers and interested parties. The registration for our newsletter service uses the double-opt-in procedure to verify your registration.

In this case, you register using the newsletter form and after clicking the registration button you will receive an Email with a link that you can click to confirm and complete the newsletter registration process. If you click on this confirmation link, you will receive mailings at regular intervals with the content specifically described when you registered for the newsletter. This registration process is also the process for obtaining your consent under competition law to send the newsletter within the meaning of the german UWG. You can revoke this consent subject to competition law at any time with effect for the future by clicking the unsubscribe link included in each newsletter.

Our newsletter contains information about us, our offers and our services.

We log every newsletter registration so that we can provide evidence of the relevant registration in accordance with the legal requirements.

The time of registration and confirmation as well as your IP address are saved.

To register for our newsletter, it is sufficient if you enter your e-mail address in the registration form. However, we ask you to optionally provide a name so that we can address you personally in the newsletter.

In order to manage your consent in a legally secure manner, the data transmitted by you during registration will be processed in our CRM system.

If you no longer wish to receive the newsletter in the future, you can unsubscribe at any time by notifying us at newsletter@exali.com.

2. Legal Basis for Data Processing
The legal basis for processing your personal data for sending the newsletter is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing and logging the registration procedure is Art. 6 para. 1 lit. a GDPR.

3. Purpose of Data Processing
The data processing serves the sole purpose of sending our newsletter and documenting your registration in a legally secure manner, as well as maintaining the customer relationship.

4. Duration of Storage
The data you provided when registering for the newsletter will be deleted by us no later than 6 months after you have unsubscribed from the newsletter and processing will be restricted until it is deleted.

Processing of Personal Data via Telephone, Callback Service


1. Description and Scope of the Data Processing
In the case of telephone inquiries, personal data will be processed depending on the content of the conversation:

Depending on the information you provided during the telephone call, this may also include the following personal data:

First name, last name
Phone number
Customer number
Payment details
Contract data
 

The data will only be used to process the conversation and / or to carry out and / or initiate a contractual relationship.

When using the callback service, we collect:

Name
Phone number
When can we reach you?
Reason for your inquiry and the request for a callback
Interested party / existing customer

2. Legal Basis for Data Processing
Due to the express request of the user via telephone and / or the request for a telephone call back, the legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. If the contacting by phone is also aimed at concluding and / or executing a contract, the additional legal basis for the processing is Art. 6 para. 1 lit.b GDPR.
 

3. Purpose of Data Processing
The processing of personal data via the telephone call serves the sole purpose of establishing contact and enabling the company to address the customer for informational purposes on the customer's initiative.

Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship, as well as maintaining the customer relationship.
 

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request accordingly. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.
 

5. Duration of Storage
The data will be erased within 6 months once they are no longer required to achieve the purpose for which they were collected or are not subject to further statutory retention requirements (e.g. 10 years according to the AO German Tax Code, 6 years pursuant to HGB, the German Commercial Code).
As a rule, the special legal documentation requirements apply to us as an insurance broker according to VVG. As you can usually apply for insurance benefits for our insurance products up to 10 years after the contract has ended, it is essential that your data are stored for this period.
 

Processing of Personal Data via Fax


1. Description and Scope of the Data Processing
For inquiries made by fax, personal data will be processed depending on the content of your message:

In any case, this is your fax number, date and time and the content of the message. In addition, depending on the content of your message, the following personal data are processed for example:

First name, last name
Phone number
Customer number
Payment details
Contract data

The data will only be used to process the conversation and / or to carry out and / or initiate a contractual relationship.
 

2. Legal Basis for Data Processing
Due to the express request of the user via fax, the legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR. If contact by fax is also aimed at concluding and / or executing a contract, the additional legal basis for processing is Art. 6 para. 1 lit.b GDPR.

3. Purpose of Data Processing
The processing of personal data about your request by fax serves the sole purpose of establishing contact and enabling the company to address the customer for informational purposes on the customer's initiative.

Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship.

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request accordingly. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.

5. Duration of Storage
The data will be erased within 6 months once they are no longer required to achieve the purpose for which they were collected or are not subject to further statutory retention requirements (e.g. 10 years according to the AO German Tax Code, 6 years pursuant to HGB, the German Commercial Code).

As a rule, the special legal documentation requirements apply to us as an insurance broker according to VVG. As you can usually apply for insurance benefits for our insurance products up to 10 years after the contract has ended, it is essential that your data are stored for this period.

Processing of Personal Data as Part of the Application Process


1. Description and Scope of the Data Processing
In job advertisements or on our website, we regularly provide information about current vacancies. You have the opportunity to apply for these positions. You can send us this application data either by post or by e-mail.

Data that you send us as part of the application process can be:

  • Name, address and contact details
  • CV including all further specifications
  • Personal cover letter
  • Qualifications
  • Interests

If you send us your data by Email, we will also process your Email address, the date and time and the content of the message. In addition, depending on the content of your Email, the following personal data are processed, as an example:

First name, last name
Phone number

The data will only be used in the context of the application process to decide on the vacancy.
 

2. Legal Basis for Data Processing
The legal basis for processing the data in the application process is Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG.

If, in the contact of the application process, you provide us with special categories of personal data such as, for example, an existing severely disabled status or health data that are necessary for the assessment of your employability for a certain position, the processing of this data communicated on your initiative takes place in accordance with Art. 9 para 2 lit. b), lit. h) GDPR, Section 26 paragraph 3 BDSG.

3. Purpose of Data Processing
The processing of personal data as part of the application process serves the sole purpose of personnel planning and the establishment of employment relationships.

4. Legitimate Interest
The legitimate interest in data processing lies in the need to fill vacancies with qualified applicants within the framework of sustainable personnel planning and corporate management.

5. Duration of Storage
If an application is rejected, the data will be deleted within 6 months of the rejection. Data from successful applications are subject to the retention requirements that result from labour and social law regulations, the AO and the HGB.

6. Recipients of Personal Data
The address data are processed by the following service providers on the basis of an order processing agreement in accordance with Art. 28 (2 and 4) GDPR:

BITE GmbH
Resi-Weglein-Gasse 9
89077 Ulm
Germany
 

Processing of Personal Data via the Chat Programme

1. Description and Scope of the Data Processing
We use chat software on our website with which you can contact us. This chat software is provided by Userlike UG from Cologne, Germany. You can start the chat with a button on our website, which opens a new window. Prior registration / registration is not necessary.

During our normal business hours, you can chat with our customer support staff for free using the real-time chat. Outside of our normal business hours you can only send us a message by e-mail.

We process your personal data exclusively to answer your request and to improve our service via real-time chat.

The following data is processed for inquiries via real-time chat:

  • Name
  • E-mail address
  • Location (country, city)
  • User agent (browser)
  • Operating system
  • End device
  • Number of page views
  • Number of visits to the page
  • Referrer
  • URL (where the chat started)
  • Chat topic
  • Chat content
  • If the user uses the ‘screenshot’ function, additional personal data in the browser window may be collected.

The indication of the name is used to address you personally when processing your request.
It is necessary to provide your e-mail address so that you can leave us a message outside of our normal business hours and we can contact you.

When you simply enter the data in the forms, no data is transmitted to us, this only happens once you have clicked the ‘Send’ button.

At the time the message is sent, the following data is also processed:

  • Chat status (new, pending, closed)
  • Duration of the chat
  • Date of the chat

Userlike also uses cookies and text files that are stored on your computer to technically enable a conversation with employees of exali.com in the form of a real-time chat on the website.
 

2. Legal Basis for Data Processing
The legal basis for the processing of personal data to process and answer your inquiries is Art. 6 para. 1 lit. f GDPR.
The legal basis for the processing of personal data that is used to prepare and / or create a contractual relationship is Art. 6 para. 1 lit.b) GDPR.
 

3. Purpose of Data Processing
The processing of personal data via the real-time chat serves the sole purpose of establishing contact, advising and general customer care on the initiative of the customer (answering the request).
Depending on the intention and content of your request, the purpose can also be the initiation and / or implementation of a contractual relationship, in this case the purpose is also to maintain the customer relationship.
 

4. Legitimate Interest
The legitimate interest in data processing lies in the possibility of processing your request and being able to respond to your request accordingly. The data collected will be processed on the basis of a request made by you. This processing is also in your interest in order to be able to respond to your request according to your expectations.
 

5. Duration of Storage
The data will be erased within 6 months once they are no longer required to achieve the purpose for which they were collected or are not subject to further statutory retention requirements (e.g. 10 years according to the AO German Tax Code, 6 years pursuant to HGB, the German Commercial Code).
For your data entered in the real-time chat, this is the case when the respective conversation with the user has ended.
The conversation has ended once the circumstances show that the matter in question has been conclusively clarified.

As a rule, the special legal documentation requirements apply to us as an insurance broker according to VVG. As you can usually apply for insurance benefits for our insurance products up to 10 years after the contract has ended, it is essential that your data are stored for this period.

6. Recipients of Personal Data
The real-time chat software is used on behalf of and on the basis of an order processing agreement in accordance with Art. 28 Para. 2 - 4 GDPR provided by the following external service provider:

Userlike UG (limited liability)
Probsteigasse 44-46
50670 Cologne

Our service provider will not use your data to write to you. You can find more information about the purpose and scope of the processing of your data by Userlike as an external service provider and how Userlike works at: https://www.userlike.com/de/terms.

Rights of the Data Subject

If your personal data are processed, you are the data subject within the meaning of the General Data Protection Regulation. You are therefore entitled to the following rights vis-à-vis the responsible party.

To exercise your rights as a data subject towards us as the responsible party, please contact the following email address: dataprotection@exali.com
 

1. Right to Information - Art. 15 GDPR
You have the right to request a confirmation from the responsible party as to whether the personal data concerned are being processed.

If such processing is taking place, you have the right to information about this personal data and the following information:

  • the purposes for which the personal data idprocessed;
  • the categories of personal data that is processed;
  • the recipients or the categories of recipients to whom the personal data has been disclosed or are still being disclosed;
  • if possible, the planned period of time, for which the personal data will be stored (or, if this is not possible, the criteria for establishing this period of time);
  • the existence of a right to correct or delete your personal data, a right to restrict processing by the responsible party or a right to object to this processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You also have the right to request information about whether your personal data is being transmitted to a third country or to an international organisation. In this context, you can also request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
 

2. Right to Rectification - Art. 16 GDPR
You have the right to immediate correction and / or completion of the data concerning you, provided that the processed personal data is incorrect or incomplete.
 

3. Right to Erasure - Art. 17 GDPR
Deletion obligation:
You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:

  • the personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed;
  • you have revoked your consent on which the processing was based according to. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing;
  • According to Art. 21 para. 1 you have lodged an objection to the processing and there are no overriding legitimate reasons for the processing, or you have, according to Art. 21 para. 2 GDPR lodged an objection to the processing;
  • the personal data concerning you has been processed unlawfully;
  • the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which the person responsible is subject;
  • the personal data relating to you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
     

Exceptions:
There is no right to deletion if processing is necessary

  • to exercise the right to freedom of expression and information;
  • to fulfil a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the responsible party;
  • for reasons of public interest in the area of public health in accordance with Article 9 paragraph 2 letters h and i and Article 9 paragraph 3;
  • for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89
  • para. 1 GDPR, insofar as the right mentioned in section a) is likely to make the implementation of the objectives of this processing impossible or seriously impair it, or
  • to assert, exercise or defend legal claims.
     

4. Right to Restriction of Processing - Art. 18 GDPR
You have the right to request that the personal data relating to you be restricted under the following conditions:

  • if you dispute the accuracy of the personal data concerning you for a period of time that allows the responsible party to check the accuracy of the personal data;
  • if the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  • if the responsible party no longer needs the personal data for the purposes of processing, but you need these to assert, exercise or defend legal claims, or
  • if you have objected to the processing in accordance with Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible party outweigh your reasons.

If the processing of your personal data has been restricted, this data - apart from storage - may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest processed by the Union or a member state.

If the processing has been restricted due to the aforementioned conditions, you will be informed by the responsible party before the restriction is ended.

5. Right to Notification - Art. 19 GDPR
If you have exercised one of your rights to correction, deletion or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of the correction, deletion of the data or the restriction of processing unless this turns out to be impossible or involves a disproportionate effort.

You also have the right to be informed about these recipients.

 

6. Right to Data Portability - Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

  1. the processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract in accordance with Art. 6 para. 1 lit.b GDPR and
  2. the processing is carried out using automated procedures.

In exercising this right to data portability, you also have the right to have your personal data transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible.

7. Right of Objection - Art. 21 GDPR
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is carried out based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The responsible party will then no longer process the personal data concerning you unless they can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims

If personal data are processed in order to run direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of services of the information society - regardless of Directive 2002/58 / EC - you have the option of exercising your right of objection by means of automated procedures that use technical specifications.

8. Right to Revoke the Declaration of Consent under Data Protection Laws
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.

9. Right to Lodge a Complaint with a Supervisory Authority - Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is being carried out violates the General Data Protection Regulation.

The supervisory authority to which you lodge a complaint will inform you, as the complainant, of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

These data protection notices are updated at regular intervals.
 

Google Analytics / Web Analysis, Tracking Services

We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter: ‘Google’). In this context, pseudonymised usage profiles are created and cookies are used.

If you do not want your user behaviour to be evaluated in connection with Google Analytics, you can object here. This click deactivates Google Analytics.

The information generated by the cookie about your use of this website, such as

  • browser type / version,
  • operating system,
  • referrer URL (the previously visited page),
  • host name of accessing computer (IP address),
  • and the time of the server request

are transmitted to and stored by Google on servers in the United States.

The information is used to evaluate the website use, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and needs-based design of this website. 

This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly. However, we would like to point out that in this case it may occur that not all functions of this website will work to their full extent.

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser, only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again. 

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help section.
 

Google Ads and Google Conversion Tracking


1. Description and Scope of the Data Processing
This website uses Google Ads. Ads is an online advertising program from Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (“Google”).

If you do not want your user behaviour to be evaluated in connection with Google Ads and Google Conversion Tracking, you can object here.

We use so-called conversion tracking as part of Google Ads. If you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user’s device. If the user visits certain pages on this website and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was redirected to this page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked via the websites of Google Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. The customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not want to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie in your internet browser under user settings. You will then not be included in the conversion tracking statistics.

We use Google Ads remarketing tags from Google Inc. on our website. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google”)). 

These technologies enable us to target you with individual interest-based advertising. The cookies used collect information about which of our products you are interested in, for example. On the basis of the information, we can also show you offers on third-party sites that are specifically geared to your interests, as they result from your previous user behaviour. The recording and evaluation of your user behaviour is exclusively pseudonymous and does not enable us to identify you. In particular, the information will not be merged with your personal data.

Google observes the data protection regulations of the “US Safe Harbor” agreement and is registered with the “Safe Harbor” program of the US Department of Commerce. Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage. 

Google may also transfer this information to third parties if this is required by law or if third parties process this data on our behalf. Third-party providers, including Google, place advertisements on websites on the Internet and use stored cookies to show advertisements on the basis of previous visits by a user to this website. The collection and storage of data can be objected to at any time with future effect.

If you do not want to take part in the targeting process, you can also refuse the setting of a cookie required for this - for example via a browser setting that generally deactivates the automatic setting of cookies. Further information on Google’s data protection provisions can be found here
 

2. Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR.
 

3. Purpose of data processing
The purpose of the data processing is the provision of area-specific addressing of interested parties and users, the analysis of user behaviour for the most suitable product pre-selection for the customer’s area as well as the optimisation of the website.
 

4. Legitimate interest
Our legitimate interest is to guide interested parties and users to the offers that suit them in order to be able to prevent misunderstandings about the range and/or scope of services of the products that are suitable for the interested party and user. This is also in the interest of the interested party and user in a product preselection that is suitable for their area.

5. Duration of storage
The cookies set for conversion tracking automatically lose their validity after 90 days and are therefore no longer used to personally identify users.
 

6. Objection and removal options
Your internet browser also gives you the option of regulating the handling of cookies or of deactivating them entirely. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

Facebook pixel tracking - Facebook audiences (remarketing / retargeting), conversion tracking and Facebook fan page

As part of the use of the Facebook Ads Remarketing targeting tool, we use the Facebook tracking pixel on our website. The social network Facebook is offered by Facebook Inc. or, if you are based in the EU, by Facebook Ireland Ltd.

If you do not want us to evaluate your user behaviour in connection with Facebook Ads, you can object to their use here.

With the help of the Facebook Pixel we can see how you react to our ads on Facebook, for example when you click on a link in the ad that leads to our website. This gives us a better overview of how successful our campaigns are on Facebook and enables us to continuously optimise them.

The tracking pixel is loaded on your end device when you react to an advertisement placed by us on Facebook, for example because you click on a link on our website or when you visit our website. In this context, a pixel ID is created and stored in a

Cookie so that we can analyse your user behaviour until the tracking pixel has expired. The tracking pixel is not used for personal identification. From the user behaviour of different users, we create certain general pseudonymous user profiles, with the help of which we address similar user groups on third-party websites with advertisements.

In connection with the use of the Facebook Pixel, the information collected is also processed on Facebook Inc. servers in the USA. Further information on data protection on Facebook can be found in their help section.

 

Facebook fan page

I. Joint controllers for data processing

You are on the Facebook fan page of:

exali AG
Franz-Kobinger-Straße 9
86157 Augsburg

 

For the information service offered here, we use the technical platform facebook.com and the services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbor, Dublin 2, Ireland (hereinafter “Facebook”).

As a fan page operator, we and Facebook are joint controllers for processing within the meaning of data protection laws.
The agreement according to Art. 26 para. 1 GDPR can be found under the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
 

II. Data protection contact details

The contact details of our data protection officer can be found in the data protection information.
The platform operator’s data protection officer can be contacted via the following link:
https://www.facebook.com/help/contact/540977946302970
 

III. General information on data processing

We would like to point out that you use this Facebook page and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can call up the information offered on this page on our website at www.exali.com.
 

IV. Automatic data processing when you visit our Facebook fan page

When you visit our Facebook page, Facebook records, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page.

Facebook provides more information on this under the following link:
http://de-de.facebook.com/help/pages/insights.

The data collected about you in this context will be processed by Facebook and possibly transferred to countries outside the European Union. What information Facebook receives and how it is used is described in general terms by Facebook in its data usage guidelines. There you will also find information about contact options for Facebook and the setting options for advertisements. The data usage guidelines are available at the following link:
http://de-de.facebook.com/about/privacy
 

You can find Facebook’s full data policy here:
https://de-de.facebook.com/full_data_use_policy


How Facebook uses the data from visiting Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not stated conclusively and clearly by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to information from Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. In addition, Facebook saves information about its users’ end devices (e.g. as part of the “registration notification” function); If necessary, Facebook is able to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, there is a cookie with your Facebook ID on your device. This enables Facebook to understand that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons integrated into websites enable Facebook to record your visits to these website pages and to assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you.

If you want to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, Facebook information that can be used to directly identify you is deleted. This allows you to use our Facebook page without revealing your Facebook ID. When you access the interactive functions of the site (like, comment, share, news, etc.), a Facebook login screen appears. After you have logged in, you will again be recognizable for Facebook as a specific user.

Information on how you can manage or delete existing information about you can be found on the following Facebook support pages:
https://de-de.facebook.com/about/privacy#

Information about the data that the platform operator processes about the registered and non-registered visitors to our Facebook fan page, the storage period of this data, the categories of recipients (including for disclosure and internal group data exchange) as well as data transfer to third countries can be found at the following link:
https://www.facebook.com/privacy/explanation

Should the data subjects be tracked through the processing of their data via the Facebook fan page, e.g. through the use of cookies, the storage of the IP address or other comparable techniques, the platform operator is obliged to inform about this on the basis of the agreement in accordance with Art. 26 (1) GDPR.

Accordingly, the platform operator is obliged to provide information about the purposes of data processing, the legal basis and the setting of a session cookie and three cookies with lifetimes between four months and two years.

You can find more information about this at the following links:

https://www.facebook.com/privacy/explanation

https://www.facebook.com/policies/cookies/
 

V. Collection, processing and use of your personal data by us

Via our Facebook fan page, you have the opportunity to react to our posts, write comments, create a post on our site yourself or send us private messages. All of the data you provide and disclose in this context will be used and processed by us. The sole purpose of this data processing is communication with users based on a legitimate interest on our part (Art. 6 (1) (f)) GDPR.

  1. Categories of data subjects

    Data subjects are registered and non-registered visitors to our Facebook fan page in the Facebook social network.
     
  2. Data that we process from registered visitors to our Facebook fan page

    User ID (username) under which you registered Released profile data (e.g. name details, occupation, address, contact details, pictures, interests and possibly also special personal data such as religious affiliation, health data, etc.) Data generated when sharing content, exchanging messages and communicating data that is required in the context of contract processing at the request of registered visitors.

    In addition, we only process pseudonymised data such as:
    Statistics and insights into how you interact with our fan page, the articles, pages, videos and other content provided (page activities, page views, “likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language) evaluations of the success and background of our advertisements, other analyses and measurements.

    We cannot combine this pseudonymised data with the corresponding personal data (allocation features such as name details). This means that it is not possible for us to identify individual visitors. They remain anonymous to us.
     
  3. Data that we process from non-registered visitors to our Facebook fan page

    Pseudonymised data such as statistics and insights into how our fan page, the articles, pages, videos and other content that is provided through it is interacted with (page activities, page views, “likes”, reach, general demographic, location and interest-related information on age, gender, country, city, language), evaluations of the success and background of our advertisements, other analyses and measurements on….

    We cannot combine this pseudonymised data with the corresponding personal data (allocation features such as name details). This means that it is not possible for us to identify individual visitors. They remain anonymous to us.
     
  4. Origin of the data

    We collect the data directly from the data subject or receive it from the platform operator.
     
  5. Purpose of data processing

    We process the data primarily for the purposes of external presentation and advertising. In addition, we process the data for communication and data exchange as well as for the organisation of events. Finally, the data can also be processed to initiate or process contracts.
     
  6. Storage period

    Based on the agreement concluded with the platform operator in accordance with Art. 26 (1) GDPR, the platform operator is responsible for storing and deleting the data.

    You can find more information on this at the following link:
    https://www.facebook.com/privacy/explanation
     
  7. Categories of recipients

    Only our employees and service providers can access the data we process.
    If the data subjects post their data publicly on our Facebook fan page, they can be viewed at any time by other registered and possibly non-registered visitors.
     
  8. Data transfer to third countries

    If the data subject posts their data publicly on our Facebook fan page, this data can be viewed by other registered and unregistered visitors to our Facebook fan page worldwide.

    In addition, data is transmitted to third countries by the platform operator as part of the operation of our Facebook fan page.
    This data transfer is either secured by an adequacy decision by the EU Commission in accordance with Art. 45 GDPR or by suitable guarantees in accordance with Art. 46 GDPR.
    You can find more information on this at the following link:
    https://www.facebook.com/privacy/explanation
     

VI. Legal bases
 

  1. Data processing carried out by us:

    We process data via the Facebook fan page in accordance with the statutory provisions and on the basis of the following legal bases:
    • The processing takes place on the basis of an express consent in accordance with Art. 6 (1) (a) GDPR, Art. 7 GDPR)
    • The processing takes place to fullfil the contract or to carry out pre-contractual measures in accordance with Art. 6 (1) (b) GDPR.
    • The processing takes place on the basis of a legal obligation to which we are subject in accordance with Art. 6 (1) (c) GDPR
    • The processing is carried out to safeguard our legitimate interest in accordance with Art. 6 (1) (f) GDPR

    Our legitimate interest in processing the data outweighs the interests, fundamental rights and freedoms of the data subjects.

    Our interest in processing is the provision of a platform with current information, the improvement of our offer and our website, the presentation of our company and effective communication with users in the event of questions and other concerns.

    On the other hand, we process as little personal data of the data subjects as possible and use the option of anonymisation/pseudonymisation, insofar as this is possible in the interest of effective communication.

    If special categories of personal data are processed, this is done on the basis of the following legal bases:
    • The processing takes place on the basis of the consent of the data subject in accordance with Art. 9 (2) (a) GDPR
    • The processing takes place because the data subject has obviously made the personal data public in accordance with Art. 9 (2) (e) GDPR
       
  2. Data processing by the platform operator:

    The legal bases on which the platform operator bases data processing can be found at the following link:
    https://www.facebook.com/about/privacy/legal_bases

    If the data subjects are tracked by collecting their data, be it through the use of cookies or comparable techniques or by storing the IP address, the platform operator shall obtain the consent of the data subjects in advance.

    In particular, the platform operator is obliged to inform the data subjects about the purposes for which and the legal basis on which the first access to a fan page generates entries in the so-called local storage even for non-registered visitors and whether personal data of non-registered visitors (e.g. IP address or other data that is condensed into personal data) is used to create profiles.
     

VII. Rights of data subject

If your personal data is processed, you are the data subject within the meaning of the General Data Protection Regulation. You are therefore entitled to the following rights vis-à-vis the controller.

Since only the platform operator has full access to all user data, we recommend that you contact Facebook Inc. directly to assert your rights.

To exercise your rights as a data subject towards us as the controller, please contact the following email address:

dataprotection@exali.com
 

1. Right to information - Art. 15 GDPR
You have the right to request a confirmation from the controller as to whether the personal data concerned is being processed.
If such processing is taking place, you have the right to information about this personal data and the following information:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data that is processed;
  3. the recipients or the categories of recipients to whom the personal data has been disclosed or is still being disclosed;
  4. if possible, the planned period of time, for which the personal data will be stored (or, if this is not possible, the criteria for establishing this period of time);
  5. the existence of a right to correct or delete your personal data, a right to restrict processing by the controller or a right to object to this processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information about the origin of the data if the personal data is not collected from the data subject;
  8. the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You also have the right to request information about whether your personal data is being transmitted to a third country or to an international organisation. In this context, you can also request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.
 

2. Right to rectification - Art. 16 GDPR
You have the right to immediate correction and / or completion of the data concerning you, provided that the processed personal data is incorrect or incomplete.
 

3. Right to erasure - Art. 17 GDPR
You have the right to request the immediate deletion of your personal data at any time if one of the following reasons applies:

  1. the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. you have revoked your consent on which the processing was based according to. Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing;
  3. According to Art. 21 (1)you have lodged an objection to the processing and there are no overriding legitimate reasons for the processing, or you have, according to Art. 21(2) GDPR lodged an objection to the processing;
  4. the personal data concerning you has been processed unlawfully;
  5. the deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which the controller is subject;
  6. the personal data relating to you was collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.
     

Exceptions:

There is no right to deletion if processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation that requires processing under the law of the Union or of the member states to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the controller;
  3. for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3);
  4. for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89
    (1) GDPR, insofar as the right mentioned in section a) is likely to make the implementation of the objectives of this processing impossible or seriously impair it, or
  5. to assert, exercise or defend legal claims.
     

4. Right to restriction of processing - Art. 18 GDPR
You have the right to request that the personal data relating to you be restricted under the following conditions:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to check the accuracy of the personal data;
  2. if the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. if the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or
  4. if you have objected to the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
     

If the processing of your personal data has been restricted, this data - apart from storage - may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest processed by the Union or a member state.

If the processing has been restricted due to the aforementioned conditions, you will be informed by the controller before the restriction is ended.
 

5. Right to notification - Art. 19 GDPR
If you have exercised one of your rights to correction, deletion or restriction of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of the correction, deletion of the data or the restriction of processing unless this turns out to be impossible or involves a disproportionate effort.

You also have the right to be informed about these recipients.
 

6. Right to data portability - Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  1. the processing is based on consent in accordance with Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract in accordance with Art. 6 (1) b GDPR and
  2. the processing is carried out using automated procedures.

In exercising this right to data portability, you also have the right to have your personal data transmitted directly from one controller to another controller, insofar as this is technically feasible.
 

7. Right of objection - Art. 21 GDPR
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is carried out based on Art. 6 (1) e or f GDPR; this also applies to profiling based on these provisions.

The controller will then no longer process the personal data concerning you unless they can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If personal data is processed in order to run direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of services of the information society - regardless of Directive 2002/58 / EC - you have the option of exercising your right of objection by means of automated procedures that use technical specifications.
 

8. Right to withdraw the declaration of consent under data protection laws
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.
 

9. Right to lodge a complaint with a supervisory authority - Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is being carried out violates the General Data Protection Regulation.

The supervisory authority to which you lodge a complaint will inform you, as the complainant, of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
 

Twitter Universal Website Tag (Remarketing / Retargeting), Conversion Tracking

If you have given us your consent, we use the “Twitter-Pixel” service–- a visitor action pixel of the social network Twitter and the function twitter universal website tag, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

The data protection officer for the European Union is Twitter International Company, The Academy, 42 Pearse Street, Dublin 2, Ireland.

If you do not want us to evaluate your user behaviour in connection with “Twitter Pixel” and twitter universal website tag, you can object to their use here.

This functionality makes it possible to track user actions on our pages when they have seen an advertisement and/or followed it in order to enable a new target group-based, individualised approach to customers. This data is processed by Twitter in order to be able to present you with individualised advertising “Twitter Ads” during your visit to Twitter. You can find more information at https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads. If you are logged in to your Twitter account, this data will be linked to your account by Twitter. To do this, Twitter saves a cookie on your device.

The Twitter Pixel is only activated if you have given your express consent to the web analysis service at the beginning of the page view. If you do not consent, there will be no data exchange with Twitter tracking.

2. Legal basis for data processing
The legal basis for data processing is Art. 6 (1) (a) and (f) GDPR.

3. Purpose of data processing
The purpose of data processing is the provision of area-specific addressing of interested parties and users, the analysis of user behaviour for product preselection that is as suitable as possible for the customer’s area and the optimisation of the website.

4. Legitimate interest
Our legitimate interest is to guide interested parties and users to the offers that suit them in order to be able to prevent misunderstandings about the range and/or scope of services of the products that are suitable for the interested party and user. This is also in the interest of the interested party and user in a product preselection that is suitable for their area.

5. Duration of storage

The data is currently permanently linked to your Twitter user account. If the user account is deleted, the data will also be deleted.

6. Data transfer and data categories
Your data will be transmitted to Twitter Ireland / USA. This concerns usage data for this website such as the advertising seen, the type and content of the website.

7. Objection and removal options
Your internet browser also gives you the option of regulating the handling of cookies or of deactivating them entirely. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent. In addition, Twitter offers the option of deactivating personalised advertising in its user account settings.

Or please click the following link to withdraw your consent with effect for the future
If you would like to agree to the use of the Twitter Pixel, please click on the following link to activate tracking by Twitter Pixel.

 

Integration of YouTube videos

1. Description and scope of the data processing

We use a “two-click” solution to activate embedded “YouTube” videos. Data is only exchanged with YouTube after the YouTube functionality has been activated. Our website uses content and services from YouTube, which is operated by Google. The operator of the website is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

We use YouTube exclusively to optimise our online offer and to give you as a user a better and more appealing surfing experience.
When integrating this service, it is necessary that your IP address is transmitted to the operator of the service (Google). Because without your IP address, the content cannot be sent to your browser. The services can also set cookies on the user’s device. Technical information about the browser and operating system you are using, referring websites, the visit time and other information about the use of our online offer can be stored in these cookies.

You can find more information on handling user data in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

2. Legal basis for data processing

The legal basis for data processing is Art. 6 (1) (a) and (f) GDPR.

3. Purpose of data processing
The data processing serves the purpose of enabling an appealing presentation of our online offer.

4. Legitimate interest
Our legitimate interest in data processing arises from the purpose of offering an appealing online offer and providing you with appealing content on our website.

5. Duration of storage
The duration of the storage of the data on YouTube results from the YouTube privacy policy: https://www.google.de/intl/de/policies/privacy.

The duration of the storage of cookies depends on your browser settings. You can change this yourself at any time.

Or please click the following link to withdraw your consent with effect for the future.
If you would like to agree to the use of YouTube, please click on the following link to activate the YouTube functionality.

 

Adobe Typekit

1. Description and scope of the data processing
This site uses so-called “web fonts” for the uniform representation of fonts, which are provided by Adobe Systems Incorporated, San Francisco, 345 Park Avenue, San Jose, California 95110, USA (“Adobe”). When you access this page, your browser loads the required web fonts from an Adobe server into your browser cache in order to display texts and fonts correctly. The contractual partner for Europe is Adobe Systems Software Ireland Limited (Adobe Ireland), 4-6 Riverwalk, Citywest Business Park, 0000 Dublin 24, Ireland.

In order to display the font, the browser you are using must establish a connection to the Adobe servers. This gives Adobe knowledge that our website has been accessed via your IP address.

If your browser does not support web fonts, a standard font will be used by your device.

Further information on Adobe Typekit can be found in Adobe’s privacy policy: https://www.adobe.com/de/privacy/policy.html.

2. Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR.

3. Purpose of data processing
The data processing serves the purpose of enabling an appealing presentation of our online offer.

4. Legitimate interest
Our legitimate interest in data processing results from the purpose of offering an appealing online offer and providing you with appealing content on our website.

eKomi

1. Description and scope of the data processing
This website uses the customer rating functionality eKomi, from eKomi Ltd., Markgrafenstr. 11, 10969 Berlin. Customers can rate us using this functionality. The rating is always voluntary. You will find a link for this on exali.com, and in individual cases you will also receive the link by email. If you click on this link, you will be redirected to the eKomi website and can rate us. For this purpose, we occasionally forward a randomly generated number to eKomi via the link in order to be able to determine that it is one of our customers and to receive feedback that a rating has been made. This ensures that a customer who has already rated us will not be asked to rate us again.

2. Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR.

3. Purpose of data processing
The data processing serves the purpose of enabling our customers to evaluate our offer in order to enable us and other customers/interested parties to classify our services.

4. Legitimate interest
Our legitimate interest in data processing results from the purpose of continuous improvement of our offer and the orientation of interested parties with regard to the evaluation by existing customers.

5. Duration of storage
The data is currently stored permanently until further notice.

6. Data transfer and data categories
The fact that you are our customer is transferred to eKomi in pseudonymised form, no customer data is used for this.

Use / integration of the exali.com Liability Seal

Most exali.com customers have the option of embedding an exali.com Liability Seal on their own website via HTML code. By clicking on the Liability Seal, visitors to the exali.com customer are shown a confirmation of the exali.com customer’s insurance contract. Every exali.com customer has the option of requesting the HTML code in their personal My Exali area, which makes it possible to display the seal.

1. Description and scope of the data processing
If you as an exali.com customer would like to request the Liability Seal for integration on your website, by clicking the button “>> Agree to terms of use” you agree that we may process your personal data only for the purpose of providing the Liability Seal. Without this consent, we cannot provide you with the Liability Seal for embedding.

If you enter this data (voluntarily) in the profile settings, the following data will be processed:

Profile name
Website
Company description
Logo
Web profile

Clicking on the Liability Seal on the website of a customer who has embedded the HTML code displays confirmation of the customer’s insurance contract. In order to be able to create this confirmation of the insurance contract, the following data of the exali.com customer is processed:

Policyholder
Insurance number
Start of insurance
End of insurance
Insured sum
Scope of validity

When visiting the exali.com customer’s website with the Liability Seal, the following visitor data is transmitted.

Browser type and browser version
Operating system
Referrer URL
Host name of accessing computer
Time of server request
This information is absolutely necessary and will not be saved.  

2. Legal basis for data processing
The legal basis is Art. 6 (1) (b) and (c) GDPR since the processing of data is necessary for executing pre-contractual measures and is performed on the basis of our statutory retention obligations.


3. Purpose of data processing
The exali.com Liability Seal is intended to give exali.com customers the opportunity to show potential clients on their own website that they have professional indemnity insurance that will apply in a damage event. This allows exali.com customers to stand out from the competition and to come across as a responsible service provider. The processing of personal data is absolutely necessary in order to create the exali.com Liability Seal and the associated confirmation of insurance contract.
Personal data is processed for the purpose of generating the HTML code for the Liability Seal and the confirmation of insurance contract.

4. Duration of storage
The data will be erased within 6 months once it is no longer required to achieve the purpose for which it was collected or is not subject to further statutory retention requirements (e.g. 10 years according to the AO German Tax Code, 6 years pursuant to HGB, the German Commercial Code).

 

Privacy policy for our exali Facebook page

We have created this data protection notice for Facebook based on the template from https://lawlikes.de/.

 

Name and address of the controller:

The joint controllers for the operation of this Facebook page within the meaning of the EU General Data Protection Regulation and other data protection regulations are:

Facebook Ireland Ltd. (hereinafter “Facebook”)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

and

exali AG
Franz-Kobinger-Straße 9
86157 Augsburg
Germany

Information on our Facebook page

We operate this page to draw attention to our services, our company and our editorial content and to contact you as a visitor and user of this Facebook page and our website. Further information about us as well as about our activities, companies etc. can be found on our website at https://www.exali.com

As the operator of the Facebook page, we have no interest in the collection and further processing of your individual personal data for analysis or marketing purposes. Further information on how we handle personal data can be found in our data protection declaration on our website at: https://www.exali.com/data-protection-declaration/

The operation of this Facebook page, including the processing of users’ personal data, is based on our legitimate interests in providing up-to-date and supportive information and interaction options for and with our users and visitors in accordance with Art. 6 (1) (f) GDPR.

Processing of personal data by Facebook

The European Court of Justice (ECJ) ruled in its judgment of 5 June 2018 ( http://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&dageIndex=0&doclang=DE&mode=req&dir=&occ=first&part = 1 & cid = 298398 ) that the operator of a Facebook page is a joint controller Facebook for the processing of personal data.

We are aware that Facebook processes user data for the following purposes:

? Advertising (analysis, creation of personalised advertising)

? Creation of user profiles

? Market research.

Facebook uses cookies to store and further process this information, i.e. small text files that are stored on the various end devices of the users. If the user has a Facebook profile and is logged in to it, the storage and analysis also takes place across devices.

Facebook’s privacy policy contains further information on data processing: https://www.facebook.com/about/privacy/

Objection options (so-called opt-out) can be set here: https://www.facebook.com/settings?tab=ads and here http://www.youronlinechoices.com.

The transmission and further processing of personal data of users in third countries, such as the USA, as well as the associated possible risks for the user cannot be excluded by us as the operator of the site.

Statistical data

Statistical data

of different categories can be called up for us via the so-called “Insights” on the Facebook page. These statistics are generated and provided by Facebook. As the operator of the site, we have no influence on the generation and display. We cannot turn off this function or prevent the generation and processing of the data. For a selectable period and for the categories fans, subscribers, people reached and interacting people, the following data is provided to us by Facebook in relation to our Facebook page:

Total number of page views, "likes", page activities, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, origin based on country and city, language, views and clicks in the shop, clicks on Route planner, clicks on phone numbers. Data on the Facebook groups linked to our Facebook page is also provided in this way. Due to the constant development of Facebook, the availability and the preparation of the data changes, so that we refer to the above-mentioned Facebook privacy policy for further details.

We use this data, available in aggregated form, to make our posts and activities on our Facebook page more attractive for users. For example, we use the “people who like exali.com” category for a customised approach and the preferred visiting times of the users to optimise the timing of our posts. Information about the type of end devices used by visitors helps us to adapt the posts to them in terms of visual design. In accordance with the Facebook terms of use, which every user has agreed to when creating a Facebook profile, we can identify the subscribers and fans of the site and view their profiles and other information shared by them.

When using Facebook Messenger

If you contact us on Facebook – for example via Facebook Messenger – we collect personal data in this context. The data we collect when you contact us via Facebook Messenger depends on the data you send us. This personal data can be, for example:

  • Name
  • Email address
  • Phone
  • Reason for your inquiry “My inquiry concerns”
  • Interested party / existing customer
  • Your message to us

We only use and save this data to answer your request. The legal basis for this is our legitimate interest in answering your inquiry in accordance with Art. 6 (1) (f) GDPR. After the final processing of your request (final response), we will delete your data, provided that there are no statutory retention requirements.

User rights

Since only Facebook has full access to the user data, we recommend that you contact Facebook directly if you would like to ask for information or ask other questions about your rights as a user (e.g. right to erasure). If you need support or have any other questions, please contact us by email at info@exali.com. If you no longer want the data processing described here to occur in the future, please use the functions “I no longer like this page” and/or “I no longer want to subscribe to this page” so your user profile is no longer connected to our site.

LinkedIn pixel tracking (remarketing / retargeting), conversion tracking

Our website uses functions of the LinkedIn network. The operator of the LinkedIn page for the European Union is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Each time you visit one of our pages that contains LinkedIn functions, a connection to the LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the “Recommend button” from LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account within the framework of the user agreement you have concluded with LinkedIn.

If you do not want your user behaviour to be evaluated in connection with LinkedIn ads, you can object here.

When using the targeting tool “LinkedIn Campaign Manager”, we use the tracking pixel (Insight Tag) from LinkedIn on our website.

With the help of the LinkedIn Pixel, we can see how you react to our exali ads on LinkedIn, for example when you click on a link in the ad that leads to our website. This gives us a better overview of how successful our exali campaigns on LinkedIn are and can continuously optimise them.

The tracking pixel is loaded on your end device when you react to an advertisement placed by us on LinkedIn, for example because you click on a link that takes you to our site or when you visit our website. In this context, a pixel ID is created and stored in a cookie so that we can analyse the anonymised user behaviour until the tracking pixel has expired.

The tracking pixel is not used for personal identification. From the user behaviour of different users, we create certain general pseudonymous user profiles, with the help of which we address similar user groups on LinkedIn with advertisements.

In connection with the use of the LinkedIn Pixel, the information collected is also processed on servers of LinkedIn Inc. in the USA. Further information on data protection at LinkedIn can be found in their help section.