Privacy Policy

1. Who We Are

This website is operated by German Private Health Insurance ("GPHI", "we", "our", "us"), an independent insurance brokerage service providing guidance on German private health insurance (PKV) to individuals, expatriates, and businesses in Germany.

Contact:
German Private Health Insurance
Munich, Germany
Email: info@germanprivatehealthinsurance.com
Phone: +49 176 8723 9846

We are committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data We Collect

2.1 Information You Provide Directly

When you use our contact form or quote request form, we collect:

• Name (first and last)
• Email address
• Phone number (optional for contact form; required for quote requests)
• Date of birth and age (quote requests only)
• Country of birth and residence (quote requests only)
• City and postcode (quote requests only)
• Employment status and annual gross income (quote requests only)
• Medical history / pre-existing conditions (quote requests only, voluntarily disclosed)
• Message content and any additional information you choose to provide

2.2 Automatically Collected Data

When you visit our website, our servers automatically collect:

• IP address (anonymised after 24 hours)
• Browser type and version
• Operating system
• Referring URL
• Pages visited and time of visit
• General geographic location (country/city level only)

2.3 Cookies

We use only essential cookies necessary for the website to function. We do not use advertising cookies, third-party tracking cookies, or retargeting pixels. We do not use Google Analytics or similar analytics services that transfer personal data to third countries without adequate safeguards.

3. How We Use Your Data

We process your personal data for the following purposes:

• Providing insurance broking services: To respond to your enquiry, prepare personalised PKV quotes, and provide independent insurance advice (legal basis: contract performance or pre-contractual steps — Art. 6(1)(b) GDPR)
• Communication: To respond to messages and follow up on enquiries (legal basis: legitimate interest — Art. 6(1)(f) GDPR)
• Legal compliance: To fulfil record-keeping obligations under German insurance broking regulations (§34d GewO, VVG) (legal basis: legal obligation — Art. 6(1)(c) GDPR)
• Website security and fraud prevention: IP logging and access monitoring to protect our systems (legal basis: legitimate interest — Art. 6(1)(f) GDPR)

We do not use your data for automated decision-making or profiling. We do not sell your data to third parties.

4. Special Category Data

Information about your health (pre-existing medical conditions) constitutes special category data under Art. 9 GDPR. We process this data only where you have provided explicit consent and only for the specific purpose of obtaining an accurate PKV quote on your behalf. You are never required to disclose health information; however, failing to do so may affect the accuracy of any quotes we obtain.

5. Who We Share Your Data With

We may share your data with:

• PKV insurance providers: When you request a quote, we share relevant personal and health data with the insurers you authorise us to approach. Each insurer is an independent data controller for the data they receive.
• IT service providers: We use third-party hosting and email infrastructure providers who process data on our behalf as data processors under a Data Processing Agreement (DPA).
• Legal or regulatory authorities: Where required by law or court order.

We do not share your data with marketing companies, data brokers, or social media platforms.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

• Enquiry and contact data: 3 years from last contact, unless a policy is taken out
• Policy-related records: 10 years from policy end date (required under German insurance broking regulations)
• Server logs: 30 days, with IP addresses anonymised after 24 hours

7. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): You may request a copy of all personal data we hold about you.
• Right to rectification (Art. 16): You may ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17): You may request deletion of your data where we no longer have a legal basis to retain it.
• Right to restrict processing (Art. 18): You may ask us to limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): You may request your data in a structured, machine-readable format.
• Right to object (Art. 21): You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@germanprivatehealthinsurance.com. We will respond within 30 days.

You also have the right to lodge a complaint with the relevant supervisory authority. In Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) or the data protection authority of the German state (Bundesland) in which you reside.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data transmission to and from this website uses HTTPS (TLS encryption). Access to personal data within our organisation is restricted to authorised personnel on a need-to-know basis.

9. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on an adequacy decision. PKV quote data shared with German insurance providers stays within the EEA.

10. Children's Privacy

Our services are directed at adults aged 18 and over. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For significant changes, we will provide additional notice where we hold your contact information. Continued use of our website after changes constitutes acceptance of the revised policy.

12. Contact

For any questions about this Privacy Policy or our data practices, please contact:

German Private Health Insurance
Munich, Germany
Email: info@germanprivatehealthinsurance.com
Phone: +49 176 8723 9846