Privacy Policy for the ACREDIA website & cookies

ACREDIA takes the protection of your personal data very seriously.

Please note: The English translation of the original German text is provided as a convenience only. Although it was prepared with great care, we cannot guarantee its accuracy or completeness. Only the original German version is legally binding.

Acredia Versicherung AG and its subsidiary Acredia Services GmbH (hereinafter: “ACREDIA”, “we”, “us”) thank you for visiting this website and for your interest in our services and products. We are committed to the protection of your privacy and of your personal data and want you to feel secure while visiting our website. We comply with the applicable regulations on protection, lawful handling and confidentiality of personal data and on data security, in particular the Austrian Data Protection Act (“DSG”), the EU General Data Protection Regulation (“GDPR”) and the Austrian Telecommunications Act (“TKG”).

General information

This Privacy Policy informs you about the type, scope and purposes of the processing of your personal data within our online offering on the Acredia Versicherung AG website www.acredia.at and the
OeKB Versicherung www.oekbversicherung.at and PRISMA Die Kreditversicherung
www.prisma-kredit.com product brand websites (hereinafter collectively: “ACREDIA website” or “our website”) together with the associated services, functions, content and external web presence (hereinafter collectively: “online offering”). We therefore explain below in particular which personal data we collect, process and use when you use our online offering.

Hyperlinks and plug-ins given on the ACREDIA website may direct users to other websites which are not operated by ACREDIA and to which our Privacy Policy does not apply. Those websites contain information that comes from independent third parties and that may be of interest and useful to visitors to the ACREDIA website. Only the relevant provider is liable for the content and design of those websites. Please note that we check such links carefully, but we have no influence on the content and security of the websites of other providers and cannot therefore assume liability.

What are personal data?

Personal data pursuant to Article 4(1) GDPR are any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, either directly or indirectly, for example by reference to an identifier such as a name or identification number, e.g. IBAN or VAT identification number. Data of legal persons and registered business partnerships (e.g. companies in Austria with the legal form “OG” or “KG”) are not protected by the GDPR, unless the company name enables an individual to be identified. Data of companies that are not legal persons (e.g. sole proprietorships) are, however, protected by the GDPR as natural persons.

Which of your data do we record? For what purposes and on what legal basis do we process those data?

If you contact us

If you contact us by email, via the contact form on our website or via other electronic channels (such as social media platforms), we will process the personal data voluntarily provided by you, in particular: your name, email address, type of enquiry and/or subject of your message and content of your message.

If you contact us, we will process the personal data that you provided to process your request, to get in touch with you as requested and to send you the requested information. That data processing is therefore necessary for fulfilment of our (pre-) contractual obligations.

In addition, we store log data on email correspondence to ensure appropriate information and system security and to detect malware, including the following data in particular: email and IP address of the recipient and sender, number of recipients, email subject, date and time of receipt by the server, file name of attachments, size of the message, spam risk classification and delivery status, reverse DNS and authentication details.

Access data and log data

We collect and process data, including the following data in particular, when you use our website and the associated services, i.e. when you access the server on which the specific service is located (“server log files”): name of the accessed website, file, date and time of the access, transmitted data volume, server status codes, processing time, browser type and client type including version, operating system, referrer URL (previously visited page), IP address and the content of any web forms.

Those data are automatically generated by our servers when you use our website and are necessary in order for us to provide you with the desired services. We therefore solely process server log files to be able to provide our website and the associated services to you, to identify you as a user with access authorisation, to distribute web server requests on our server pool and for security reasons (e.g. to investigate misuse or fraud). The data processing is therefore necessary to safeguard our legitimate interests in providing a user-friendly and secure website.

Usage data

Based on your consent, we also collect and process data about your use of and interaction with our website, including the following in particular: IP address, web browser, browser language, operating system, files requested on our website, Java settings, screen resolution, colour depth, clicks on the website (time of the access or click) and the web page from which you accessed our website (“referrer URL”).

Those data are collected using “tracking cookies” (see the “Cookies” chapter below). We use those usage data for web analysis, to improve our services and our website and to enhance user-friendliness. That data processing is conducted on the basis of your consent to the use of cookies on our website. You may withdraw that consent free of charge at any time with effect for the future (e.g. by adjusting the cookie settings of your browser).

Newsletter

To obtain your consent to receive our newsletter, we use the “double opt-in method”, i.e. after registering for the newsletter, you will receive an email in which you are asked to confirm your registration. On the basis of your consent, we will process the personal data that you provided voluntarily when registering for the newsletter (name and email address) to send email newsletters concerning our current projects, marketing information and product information and to track your reading of our newsletter. We send our newsletter using the “DialogMail” mailing tool. Please see here for DialogMail’s privacy policy: https://www.dialog-mail.com/meta/rechtliches/datenschutz-richtlinie.php.

Performance measurement: Our newsletters contain a mechanism to track your reading behaviour. That enables us to determine whether our newsletters are opened, when they are opened and which links are clicked on. Those statistical analyses solely serve to allow us to obtain information about the reading habits of our newsletter recipients and to tailor our content accordingly.

You may withdraw your consent to receipt of the newsletter at any time free of charge and with effect for the future (e.g. by using the unsubscribe link in the email newsletter or by sending an email to that effect to postfach@acredia.eu). After receipt of your withdrawal of consent, we will stop sending you email newsletters without delay and will delete your personal data from the email distribution list.

Registration and user account

If you are registered on our website and have a user account for use of our online offering, we will also process your personal data, including the following data in particular: form of address, name, company, email address, address, telephone number and your access data.

We solely process your user account data to provide your account and to provide our online offering, namely to conclude an insurance contract with you online and for performance of your insurance contract and placement of orders for the collection of receivables. That data processing is necessary for the fulfilment of our (pre-) contractual obligations.

Data including the following are required to be entered for processing the online purchase: contact person, contact details, details of the policyholder and details of the policyholder’s customers. For performance of your insurance contract, you may in particular provide turnover reports, submit credit assessment orders and file claims. You may place new orders for collection of receivables, for example by entering the details of the debtor company and the outstanding receivables. Details of said data processing are set out in the “Information on data processing pursuant to Articles 13 and 14 GDPR of Acredia Versicherung AG” and the “Privacy Policy of Acredia Services GmbH”.

We do not process any special categories of personal data (Article 9(1) GDPR).

Microsoft Clarity

We use Microsoft Clarity to analyze and optimize our website. If you have agreed to the use of functional cookies in our consent management tool Usercentrics, Microsoft Clarity will collect data about your user behavior on our website by means of a specially assigned user ID. Microsoft Clarity collects information about navigation, scrolling and clicking behavior. This data is stored on the Clarity server as pseudonymized recordings. This allows us to display heat maps, from which we can see where we can optimize our website for a better user experience. More information about how Microsoft Clarity works can be found here.

Does the ACREDIA website use cookies?

Cookies are files that are transmitted to your web browser by our web server and are stored on your device for later retrieval. Using cookies, our website can store important data enabling us to provide our services to you and to make use of the website more convenient.

Most of the cookies used by us are “session cookies”, which are only stored for the duration of your current visit to our website. These temporary cookies make your use of our website more convenient (for example, by adjusting the user settings for sorting of links and language selection in accordance with your needs). Session cookies are only valid for the duration of your specific visit to the website and are then automatically deleted. In addition, we use “persistent cookies", which remain on your device and are not automatically deleted when you close your browser. Naturally you can also delete those cookies yourself at any time. Persistent cookies serve, in particular, to improve your user experience when you next visit our website by tailoring the website to your personal needs. That also enables optimisation of loading times.

We use the following types of cookies on our website:

  • “Necessary cookies” and “functionality cookies” are required in order to provide our website and the associated services and to operate our website. They are used to ensure the proper functionality and security of our website. These cookies are necessary to safeguard our legitimate interests in providing a user-friendly and secure website.
  • “Tracking cookies”, “marketing cookies” and “web analysis cookies” record your usage behaviour and your interaction with our website. That enables us both to tailor our online offering to you and to display relevant advertising to you. We only use such cookies on the basis of your consent, which you may withdraw at any time. Please see the “Cookies subject to consent” chapter for further details of the specific tracking cookies, marketing cookies and web analysis cookies used by us.

You can adjust your browser settings so that cookies are only generated with your consent or are disabled. In that case, we will only record anonymous data about your visit to our website, e.g. in order to determine the total number of visitors to our website. If you have disabled the use of cookies in your browser settings, you may not be able to use the full functionality of our online offering.

Cookies subject to consent

Google Analytics

If you have consented to cookies, our website will use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). In general, the information generated by the Google Analytics cookie about your use of the website is transmitted to a Google server in the USA and stored there.

Google will use that information on our behalf to analyse use of our website by users, to compile reports about activity on our website and to provide us with further services related to use of the website. The processed data may be used to generate pseudonymous usage profiles of users. Google may also share that information with third parties if required to do so by law or if third parties process the data on behalf of Google.

We solely use Google Analytics with activated IP anonymisation. That means that your IP address is truncated by Google within the Member States of the European Union or in the European Economic Area. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. To our knowledge, the IP address transmitted by your browser will not be merged with other data held by Google.

Please see the Google websites for further information about data use by Google, settings options and opt-out options:

https://www.google.com/intl/de/policies/privacy/partners

You can prevent the use of Google Analytics by downloading and installing the browser plug-in provided under the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

 

Google Tag Manager

With the Google Tag Manager, marketers can manage website tags through a single interface. The tag manager itself, which uses the tags, works without cookies and does not collect personally identifiable information. The Tag Manager simply triggers other tags that may themselves collect data. For details regarding those third party cookies, please view the respective privacy statement of the third party. However, Google Tag Manager does not use this information. If you have set cookies to be disabled or otherwise enabled cookies, this will be applied to all tracking tags used with Google Tag Manager, so the tool will not change your cookie settings.

Google may ask your permission to share some product information (such as your account information) with other Google products in order to enable certain features, such as making it easier to add new conversion tracking tags for AdWords. In addition, Google's developers review product usage information from time to time to further improve the product. However, Google will never share this type of information with other Google products without your consent.
For more information, please see Google's Terms of Use and Google's privacy notices for this product.

Google remarketing/marketing services

If you have consented to cookies, we will use Google marketing and remarketing services. The provider is Google Inc. The information collected about users of our website by the Google remarketing/marketing cookies is transmitted to Google and stored on Google servers in the USA.

The Google marketing and remarketing services enable us to display more targeted ads for and on our website in order to show users relevant ads that may be of interest to them. The Google marketing and remarketing cookies therefore record in particular which websites the user has visited, what content the user is interested in and what offers he/she has clicked on, as well as technical information concerning the browser and operating system, referrer websites, session time and the IP address of the user. To our knowledge, the IP address is not merged with the user’s data from other Google services.

For further information about Google remarketing and for Google’s privacy policy, please see: http://www.google.com/privacy/ads/

You can permanently disable the use of cookies by Google by downloading and installing the plug-in provided under the following link: https://www.google.com/settings/ads/plugin.

Alternatively, you can deactivate the use of cookies by third-party providers by accessing the deactivation page of the Network Advertising Initiative at http://www.networkadvertising.org/choices/ and following the opt-out instructions given there.

Google Adwords: The Google marketing and remarketing services used by us include the “Google Adwords” online advertising program. In the case of Google Adwords, each Adwords customer (including us) receives a different “conversion cookie”. Cookies cannot therefore by tracked via the websites of Adwords customers. The information collected using the Google Adwords cookie serves to generate statistics for Adwords customers. Adwords customers are informed in particular of the total number of users that have clicked on their ad and that were redirected to a page with a conversion tracking tag. However, they do not include any information enabling the personal identification of users.

For further information about Google Adwords and Google’s privacy policy, please see: http://www.google.com/privacy/ads/

You can deactivate the use of Google Adwords via the ad preferences manager https://www.google.com/settings/ads/onweb/?hl=en.

Social media cookies

We work together with various social media providers. Social media plug-ins are integrated with the ACREDIA website to enable social media posts (on Facebook, LinkedIn and Twitter) to be recommended and shared. When using this service, your browser will be automatically connected with the relevant social media provider and will transmit your IP address in anonymised (truncated) form (anonymizeip) and other information, such as cookies, if you have already visited the relevant platform previously. Where possible, we avoid that form of data transmission until you actually interact with one of the platforms. Data are only transmitted if you click on one of the icons (e.g. Twitter logo) displayed in the social media bar. ACREDIA does not have any influence on or access to cookies that are placed by social media.

Further integrated services and content of third parties

Based on our legitimate interests in the provision, optimisation and commercial operation of our online offering, we therefore use services and content of third-party providers within our online offering for integration of their content and services. That often requires the third-party providers of that content to receive the IP address of users since they cannot send the requested content to their correct browser without the IP address. The IP address is therefore required for display of such content and use of the integrated services.

We have implemented the following specific services and content of third parties on our website:

LeadLab from WiredMinds
We use LeadLab from Wiredminds to measure the reach of our website. We record only those website visits that can be clearly attributed to companies and collect only company-related data. Tracking is carried out only if there is a positive match of the IP address of the visitor with a white list of companies with at least 10 employees. We record only the IP range of the company, no personal data is being processed. Processing is based on ACREDIA's justified interest in measuring the range of its online services. We neither track natural persons, nor do we track across other websites.

Are your data shared with third parties?

We will share your personal data to the necessary extent with the following external service providers (processors) that assist us in provision of our services:

  • IT service providers and/or providers of data hosting solutions or similar services;
  • other service providers, providers of tools and software solutions that likewise assist us in provision of our services and act on our behalf (e.g. providers of marketing tools, marketing agencies, communications service providers, mail service providers and call centres)

All our processors solely process your data on our behalf and on the basis of our instructions so that we can provide our online offering to you.

Are your data transmitted to a third country?

If we process your data in a third country outside the European Union (“EU”) or the European Economic Area (“EEA'”) or transmit them to a third country due to use of the services of a third party, we will only do so insofar as is required for fulfilment of (pre-) contractual obligations, for legitimate interests, as legally required or on the basis of your consent. In addition, the European Commission must have established that said third country offers an adequate level of data protection, or other suitable and appropriate safeguards (e.g. EU standard contractual clauses) must be implemented to ensure the transmission of your data to the respective third country is in compliance with data protection law.

How long will we retain your data for?

We will store your personal data for no longer than is necessary for the purposes for which they are processed. In addition, we will process your personal data in compliance with the statutory retention and documentation obligations.

As a general rule, we will store your data related to you contacting us for a period of seven years based on the relevant statutory retention and documentation obligations.

Access data and log data will be stored for a maximum period of thirteen months, unless an overriding legitimate interest of ACREDIA in protection and security is in conflict with erasure of those data and can only by safeguarded by analysing data and log data.

In general, we will store data about your usage behaviour for a period of three months, but until no later than your withdrawal of consent.

If you have only registered for our newsletter and are not our customer, we will store your data until withdrawal of your consent and for a maximum of three years beyond that.

We will store data concerning your registration and your user account until the end of your business relationship with us and beyond that until expiry of the relevant statutory retention and documentation obligations.

In addition, if necessary, we will store your personal data beyond the aforementioned periods if legal claims arising from the legal relationship between you and us can be enforced or until final resolution of a specific case or legal dispute. That longer retention period serves to safeguard our legitimate interests in the enforcement, clarification and defence of legal claims.

What rights do you have?

You have the right to information about the personal data concerning you that are processed by us (Article 15 GDPR). In addition, you have the right to rectification of incorrect or incomplete data and – under certain circumstances – the right to erasure of your data (Article 16ff GDPR). Furthermore, you have the right to restriction of processing (Article 18 GDPR) and the right to data portability with respect to the data that you have provided to us (Article 20 GDPR).

You also have the right to object for reasons relating to your particular situation (Article 21 GDPR). In particular, you may object to processing of your data for direct marketing purposes.

In addition, you have the right to withdraw your consent at any time with effect for the future.

Finally, you have the right to lodge a complaint with the relevant supervisory authority (Article 77 GDPR). The relevant supervisory authority for Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria.

If you have any queries about data protection, please do not hesitate to contact us:

Acredia Versicherung AG
Himmelpfortgasse 29
1010 Vienna, Austria
Telephone: +43 (0)50102-0
Email: datenschutz@acredia.at

How do we protect your data?

We take suitable technical and organisational security measures pursuant to Article 32 GDPR to ensure a level of data security appropriate to the risk, in particular to protect your personal data against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage.

Will this Privacy Policy be updated?

As the internet develops, we will amend our Privacy Policy on an ongoing basis. Information will be provided on our website of any amendments. We therefore kindly ask you to peruse this information regularly to stay updated.

Version dated December 2022