Privacy Policy

Transparency matters to us: As an expat, you may have many questions about how your personal data is handled. Rest assured: We handle your information securely and in full compliance with European GDPR standards. You are always welcome to contact us if anything is unclear.

1. Data Protection at a Glance

General Information

The following information provides a quick overview of what happens to your personal data when you visit our website. Personal data refers to any data that can personally identify you. Detailed information on data protection can be found in this full privacy policy.

Data Collection on This Website

Who is responsible for data collection?

Data processing on this website is performed by us, the website operator. Our contact details can be found in the section “Responsible Authority” below.

How do we collect your data?

Some data are collected when you provide them to us (e.g. by filling out a contact form). Other data are collected automatically when you visit the website, such as technical data (e.g. browser type, operating system, time of page access). These data are collected automatically once you access our website.

What do we use your data for?

Some data are collected to ensure the error-free provision of the website. Other data may be used to analyze user behavior or process service requests and contracts submitted through the website.

What rights do you have regarding your data?

• Access to stored personal data
• Correction or deletion of data
• Revocation of your consent for future data processing
• Restriction of processing in certain circumstances
• Objection to certain data processing operations
• Right to lodge a complaint with a supervisory authority

For any questions, you may contact us at any time.

2. Hosting

External Hosting

We host our website externally. The personal data collected is stored on servers of external hosting providers:

Hosting Provider:

Hostinger International, Ltd, 61 Lordou Vironos Street, 6023 Larnaca, Cyprus
HOSTINGER operations, UAB, Švitrigailos str. 34, Vilnius 03230, Lithuania

The processing of personal data by our hosting provider is based on:
• Contract fulfillment (Art. 6 para. 1 lit. b GDPR)
• Legitimate interest in secure, efficient, professional website operation (Art. 6 para. 1 lit. f GDPR)
• Consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG if applicable)

The hosting provider processes data only according to our instructions.

3. General Information and Mandatory Disclosures

Responsible Authority

Mona Anbari
Reinsburgstr. 6
70178 Stuttgart
Germany

Phone: +49-155 10473365

Email: hallo@healthsurance.online

Legal Basis for Processing

Depending on the situation, processing is based on:
• Consent (Art. 6 para. 1 lit. a GDPR)
• Contract performance or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
• Legal obligations (Art. 6 para. 1 lit. c GDPR)
• Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Special categories of personal data (Art. 9 para. 2 lit. a GDPR)

Data Retention Period

Your data will be stored as long as necessary for the stated purposes or legal retention periods. After expiration, the data will be deleted.

Recipients of Personal Data

We cooperate with external service providers. Data will only be shared with:
• Contract partners for contract performance
• Authorities if legally required
• Processors with proper agreements
• Joint controllers with joint processing agreements

Revocation of Your Consent

You can revoke your consent at any time with effect for the future.

Right to Object (Art. 21 GDPR)

You may object to data processing based on legitimate interest or for direct marketing purposes.

Complaint to Supervisory Authority

You have the right to file complaints with a data protection authority.

Data Portability

You have the right to receive data in a portable format or have it transferred to another controller where technically feasible.

Access, Correction, Deletion, and Restriction

You may request access, correction, deletion, or restriction of processing of your personal data at any time.

SSL/TLS Encryption

We use SSL/TLS encryption to secure data transmission.

Objection to Advertising Emails

We object to the use of our contact information for unsolicited advertising.

4. Data Collection on This Website

Contact Form

When you submit inquiries via the contact form, your provided data will be stored and used to process your request. We do not share this data without your consent.

Processing basis:
• Contractual necessity (Art. 6 para. 1 lit. b GDPR)
• Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Consent (Art. 6 para. 1 lit. a GDPR)

Inquiries via Email, Phone, or Fax

Data submitted via email, phone, or fax will be stored for processing your inquiry.

Processing basis as above.

5. Newsletter

If you sign up for our newsletter:
• We collect your email address and verification information.
• Data is used solely for sending the newsletter.
• You can unsubscribe at any time.

Processing basis: Consent (Art. 6 para. 1 lit. a GDPR)

Blacklist storage may occur for legal compliance after unsubscribing.

6. Plugins and Third-Party Tools

YouTube (Extended Privacy Mode)

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• No cookies set in extended privacy mode
• Personal data may be stored in local storage
• Certification under EU-US Data Privacy Framework
• More info: https://policies.google.com/privacy?hl=en

Vimeo (Do-Not-Track Mode)

Provider: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA
• IP addresses collected
• No cookies set, no tracking activated
• Certification under EU-US Data Privacy Framework
• More info: https://vimeo.com/privacy

Spotify

Provider: Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden
• IP addresses and plugin usage are recorded
• Google Analytics may be used by Spotify
• More info: https://www.spotify.com/en/legal/privacy-policy/

7. Use of Broker Pools

We collaborate with broker pools to access a wide range of insurance products:

Broker Pools:
• Fonds Finanz Maklerservice GmbH, Munich, Germany
• Blau direkt GmbH, Lübeck, Germany

Data may be shared anonymously for comparisons and in full for contract applications.

Processing of health data requires explicit consent.

8. Digital Tools for Efficient Consulting

We use digital tools for consulting and administrative processes:

Tally.so (Forms & Data Collection)
• Provider: Tally BV, Belgium
• Data: personal, insurance-related information
• Purpose: structured consultation preparation
• Legal basis: Art. 6 para. 1 lit. b & a GDPR
• More info: https://tally.so/help/privacy

Make.com (Process Automation)
• Provider: Celonis SE
• Purpose: internal workflow automation
• Legal basis: Art. 6 para. 1 lit. b & f GDPR
• More info: https://www.make.com/en/privacy-notice

Tentary.com (Consultation & CRM Management)
• Data: customer data, consultations, documentation
• Legal basis: Art. 6 para. 1 lit. b & f GDPR
• More info: https://tentary.com/privacy

Google Workspace (Communication & File Management)
• Provider: Google Ireland Limited
• Legal basis: Art. 6 para. 1 lit. b & f GDPR
• More info: https://workspace.google.com/intl/en/terms/privacy.html

Calendly (Appointment Booking)
• Provider: Calendly LLC, USA
• Legal basis: Art. 6 para. 1 lit. b & a GDPR
• More info: https://calendly.com/privacy

Zoom (Online Consultation & Videoconferencing)
• Provider: Zoom Video Communications, Inc., USA
• Legal basis: Art. 6 para. 1 lit. b & a GDPR (for recordings)
• More info: https://explore.zoom.us/en/privacy/

End of Privacy Policy