Data privacy statement

1. Data controller
W. Droege Assekuradeur GmbH
Große Elbstraße 39
22767 Hamburg, Germany
Phone +49 40 361 204-0
E-mail: info(at)

2. Data protection officer
Mr Reinhard Ernst
E-mail: datenschutz(at)

3. Processing of personal data, legal basis and purpose of use
Within the framework of our activity, it is necessary for us to process your personal data in our EDP; we may also need to pass them on to third parties or to let third parties receive them. The type and scale of the necessary data will depend on the desired or existing insurance protection and our corresponding service range. The European GDPR (the new Federal Data Protection Act; BDSG neu) permits processing of personal data subject to specific conditions. In some cases, in particular if data concerning health are affected, explicit consent is required, however. Therefore, please take note of the following information.

Information on processing activities

1. Purposes of processing activities
We process your personal data as far as this is necessary and depending on the order placed with us, in order to record your contract and risk situation, review and evaluate it, to compile offers for you for appropriate insurance protection and to submit these to you, to mediate the corresponding insurance contracts for you, to support and manage your insurance contracts and to support you in processing claims and payments.

2. Processing activities concerning personal data
We process your personal data as far as this is necessary for the above purposes. Processing shall in particular include the collection, recording and use of data. The scale depends on what insurance protection you are interested in, what insurances you already have and what insurance contracts are to be mediated and supported. These may include the following details:

a) Name, address, date of birth, phone number, fax number, email, marital status, profession, health details, object details, company details, income, turnover, tax details, other personal or commercial facts, pension wishes, risk appetite, experience in the area of financial investments, bank details.

b) Contract details concerning existing or terminated contracts, in particular in the case of insurance comparisons and concerning surrender values and premium payments. We protect your data from unauthorised access and unauthorised disclosure. Our employees, who may be charged with processing of your data, are obligated to preserve data secrecy in accordance with point (f) of Article 5(1), Article 32(4) of the General Data Protection Regulation (GDPR).

3. Transfer of your personal data to third parties for any other purposes than the ones listed below will not take place
We will only pass on your personal data to any third parties:

a) If you have explicitly given your consent to this according to point (a) of sentence 1 of Article 6(1) GDPR.

b) If transfer is necessary according to point (b) of sentence 1 of Article 6(1) for compliance with a contract with you or for carrying-out any pre-contractual measures that are performed upon your request.

c) If it is necessary to meet a legal obligation of the controller in accordance with point (c) of sentence 1 of Article 6(1) GDPR.

d) If it is necessary in accordance with point (f) of sentence 1 of Article 6(1) GDPR to assert, exercise or defend any legal claims and if there is no reason to assume that you have an overriding legal interest in non-disclosure of your data.

4. Cooperation with third parties in disclosure and receipt of data
Within the framework of coverage requests, contract conclusions, contract administrations and processing of payments and claims, it may be necessary to disclose data to third parties or to receive data from third parties. The data are only disclosed at the scope necessary according to the corresponding purpose.

The following categories of third parties may be concerned: - insurances - reinsurances - broker pools - cooperating insurance brokers - technical service providers (= operators of comparison software or customer administration programmes) – sub-intermediaries - social security providers - credit institutions and capital investment companies - building societies - financial service providers and securities trade companies - lawyers, tax advisors, auditors - insurance ombudsmen - Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht; BaFin) - legal successors – underwriting agents - experts.

Further data recipients may be those bodies for which you have given us your consent for data transmission or to which we are authorised to transmit personal data based on reconciliation of interests.

5. Right to withdrawal/consequences of withdrawal
If your personal data are processed based on legitimate interests in accordance with point (f) of sentence 1 of Article 6(1) GDPR, you have the right to object to processing of your personal data in accordance with Article 21 GDPR as far as there are grounds for this that result from your particular situation or the objection is targeted against direct marketing. In the latter case, you have a general right to object that will be implemented by us without any indication of a particular situation.

An objection that is not targeted against our direct marketing may mean that we cannot provide our services anymore for existing contracts either. In case of withdrawal, we will either erase or initially block your data. This will depend on the following circumstances: Personal data are erased without undue delay if processing was not legitimate or turns out to be illegal due to subsequent circumstances or if knowledge of the data is no longer necessary for compliance with our tasks. Instead of erasure, the data may be blocked as far as erasure is prevented by archiving periods stipulated in the law, articles of association or in contracts. Longer storage of personal data may be necessary in particular due to the documentation obligations we are subject to under the Insurance Contract Act (Versicherungsvertragsgesetz) or as evidence. Blocking is deemed suitable as well if erasure is not possible or would only be possible with disproportionate effort, or if it would affect interests to be protected of the data subjects. The data will further be blocked if their accuracy is contested by the data subject, and neither accuracy nor inaccuracy can be established.

If you want to exercise your withdrawal right or right to object, simply send an email to info(at)

6. Legal succession/transfer of inventory
If the broker wholly or partially transfers its business operation to another broker (e.g. within the framework of sale of the business operation, the client agrees that the broker will provide the contract and service data of the customer to the receiving broker. The broker will inform the client before forwarding the data and disclose the name and address of the receiving broker. The client has the right to object to the data transfer to the receiving broker at any time.

7. When visiting the website
When calling our website, the browser used on your terminal device will automatically send information to the server of our website. This information is temporarily stored in a log file. The following information is recorded without any action on your end and stored until automatic erasure.

This may include, e.g., the following data: a) Internet protocol address of the requesting computer, b) Date and time of the access, c) Name and URL of the called file, d) Website from which the access takes place (referrer URL), e) Browser used and, if applicable, the operating system of your computer and the name of your access provider. The personal data named are processed by us for the following purposes: a) Ensuring smooth establishment of the website's connection, b) Ensuring comfortable use of our website, c) Evaluation of system safety and stability, as well as for further administrative purposes. The legal basis for processing activities shall be point (b) of sentence 1 of Article 6(1) GDPR. Our legitimate interests follow from the purposes listed for data collection above.

7.1 Use of cookies
Our website uses cookies. These are small text files your web browser stores on your terminal device. Cookies help us make our offer more user-friendly, more effective and safe. Some cookies are “session cookies." Such cookies will be deleted again automatically after the end of your browser session. Other cookies, in contrast, remain on your terminal device until you delete them yourself. Such cookies help us recognise you when you return to our website. A modern web browser lets you monitor, limit or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when the programme is closed. Deactivation of cookies may restrict the function of our website. As the provider of this website, we have a legitimate interest in storage of cookies for technically correct and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these will be covered separately in this data protection policy.

Cookies that are needed to exercise electronic communication processes or to provide certain functions desired by you (e.g. shopping basket) will be set based on point (f) of Article 6(1) GDPR. As the provider of this website, we have a legitimate interest in recording of cookies for technically correct and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these will be covered separately in this data protection policy.

7.2 YouTube
We use YouTube to present our company and our services in an optimum way. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.

USA is by definition a third county, and in this respect we draw attention to the fact that it is possible that users’ data will be processed outside of the European Union, in particular in the USA. Risks for users may exist as a result of this, e.g. that subsequent access to users’ data may become difficult. We have no access to this users’ data. The ability to access it lies exclusively with YouTube.

We use YouTube in connection with the “extended data protection mode” function to enable videos to be displayed to you. The legal basis is Article 6, Para. 1 Letter f) of the GDPR (General Data Protection Regulation). Our justified interest lies in improving the quality of our Internet presence. According to information from YouTube, the “extended data protection mode” function causes the data described in more detail below to be transmitted to the YouTube server only if you actually start a YouTube video on our web page. In the absence of this “extended data protection”, a connection to the YouTube server in the USA is set up as soon as you access one of our Internet pages on which a YouTube video is embedded. This connection is necessary to enable the respective video on our Internet page to be played back through your Internet browser. In the course of this, YouTube will record and process at least your IP address, the date and time of day, and the Internet page you visited. A link is also set up to Google’s “Double-Click” advertising network.

If you are simultaneously logged on to YouTube on the same computer, YouTube assigns the connection information to your YouTube account. If you want to prevent this, you must either log off from YouTube before visiting our Internet site, or carry out the corresponding settings in your YouTube user account. For functionality purposes and to analyse user behaviour, YouTube permanently saves cookies on your terminal device via your Internet browser. If you do not agree to this processing, you have the option to use a setting in your Internet browser to prevent the cookies being saved. More information about this can be found under “cookies”.

You can find further information about the collection and use of data and about your rights and protection options at

8. SSL or TLS encryption
Our website uses SSL or TLS encryption for reasons of safety and to protect the transmission of confidential contents that you send to us as the page operator. Data that you transmit through this website cannot be read by third parties because of this. You can recognise an encrypted connection by the "https://" address line of your browser and the lock icon in the browser line.

9. Contact form
Data transmitted by contact form, including your contact details, are stored in order to enable us to process your query or to be available for subsequent questions. The data are not passed on without your consent.

The data entered in the contact form shall only be processed based on your consent (point (a) of Article 6(1) GDPR). By submission, your give us your consent to process your data. You can withdraw your consent at any time. Withdrawal only requires informal communication by email. The lawfulness of the processing activities performed until the withdrawal shall remain unaffected by this. Data transmitted through the contact form will remain with us until you demand that we erase them, withdraw your consent to storage or storage of these data is no longer necessary. Mandatory legal provisions – in particular archiving periods – shall remain unaffected by this.

10. Data security
Apart from this, we use appropriate technical and organisational safety measures in order to protect your personal data from accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures will be improved continually according to the technological developments.

11. Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in case of any breach of data protection law. The competent supervisory authority for issues of data-protection law is the state data protection officer of the Federal state in which our undertaking is registered. The following links provides a list of data protection officers and their contact details:

12. Current version and amendments of this data protection statement
Further development of our website and offers on it or changed statutory or authority specifications may require amendments to this data protection statement. You may view and print the respective current data protection statement at any time on the website at

This data protection statement is currently valid as of March 2022.