Please note: The English translation of the original German text is provided as a convenience only. Although it was prepared with great care, we cannot guarantee its accuracy or completeness. Only the original German version is legally binding.
Acredia Versicherung AG and its subsidiary Acredia Services GmbH (hereinafter: “ACREDIA”, “we”, “us”) thank you for visiting this website and for your interest in our services and products. We are committed to the protection of your privacy and of your personal data and want you to feel secure while visiting our website. We comply with the applicable regulations on protection, lawful handling and confidentiality of personal data and on data security, in particular the Austrian Data Protection Act (“DSG”), the EU General Data Protection Regulation (“GDPR”) and the Austrian Telecommunications Act (“TKG”).
OeKB Versicherung www.oekbversicherung.at and PRISMA Die Kreditversicherung
www.prisma-kredit.com product brand websites (hereinafter collectively: “ACREDIA website” or “our website”) together with the associated services, functions, content and external web presence (hereinafter collectively: “online offering”). We therefore explain below in particular which personal data we collect, process and use when you use our online offering.
What are personal data?
Personal data pursuant to Article 4(1) GDPR are any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, either directly or indirectly, for example by reference to an identifier such as a name or identification number, e.g. IBAN or VAT identification number. Data of legal persons and registered business partnerships (e.g. companies in Austria with the legal form “OG” or “KG”) are not protected by the GDPR, unless the company name enables an individual to be identified. Data of companies that are not legal persons (e.g. sole proprietorships) are, however, protected by the GDPR as natural persons.
Which of your data do we record? For what purposes and on what legal basis do we process those data?
If you contact us
If you contact us by email, via the contact form on our website or via other electronic channels (such as social media platforms), we will process the personal data voluntarily provided by you, in particular: your name, email address, type of enquiry and/or subject of your message and content of your message.
If you contact us, we will process the personal data that you provided to process your request, to get in touch with you as requested and to send you the requested information. That data processing is therefore necessary for fulfilment of our (pre-) contractual obligations.
In addition, we store log data on email correspondence to ensure appropriate information and system security and to detect malware, including the following data in particular: email and IP address of the recipient and sender, number of recipients, email subject, date and time of receipt by the server, file name of attachments, size of the message, spam risk classification and delivery status, reverse DNS and authentication details.
Access data and log data
We collect and process data, including the following data in particular, when you use our website and the associated services, i.e. when you access the server on which the specific service is located (“server log files”): name of the accessed website, file, date and time of the access, transmitted data volume, server status codes, processing time, browser type and client type including version, operating system, referrer URL (previously visited page), IP address and the content of any web forms.
Those data are automatically generated by our servers when you use our website and are necessary in order for us to provide you with the desired services. We therefore solely process server log files to be able to provide our website and the associated services to you, to identify you as a user with access authorisation, to distribute web server requests on our server pool and for security reasons (e.g. to investigate misuse or fraud). The data processing is therefore necessary to safeguard our legitimate interests in providing a user-friendly and secure website.
Based on your consent, we also collect and process data about your use of and interaction with our website, including the following in particular: IP address, web browser, browser language, operating system, files requested on our website, Java settings, screen resolution, colour depth, clicks on the website (time of the access or click) and the web page from which you accessed our website (“referrer URL”).
Performance measurement: Our newsletters contain a mechanism to track your reading behaviour. That enables us to determine whether our newsletters are opened, when they are opened and which links are clicked on. Those statistical analyses solely serve to allow us to obtain information about the reading habits of our newsletter recipients and to tailor our content accordingly.
You may withdraw your consent to receipt of the newsletter at any time free of charge and with effect for the future (e.g. by using the unsubscribe link in the email newsletter or by sending an email to that effect to firstname.lastname@example.org). After receipt of your withdrawal of consent, we will stop sending you email newsletters without delay and will delete your personal data from the email distribution list.
Registration and user account
If you are registered on our website and have a user account for use of our online offering, we will also process your personal data, including the following data in particular: form of address, name, company, email address, address, telephone number and your access data.
We solely process your user account data to provide your account and to provide our online offering, namely to conclude an insurance contract with you online and for performance of your insurance contract and placement of orders for the collection of receivables. That data processing is necessary for the fulfilment of our (pre-) contractual obligations.
We do not process any special categories of personal data (Article 9(1) GDPR).
Cookies are files that are transmitted to your web browser by our web server and are stored on your device for later retrieval. Using cookies, our website can store important data enabling us to provide our services to you and to make use of the website more convenient.
Most of the cookies used by us are “session cookies”, which are only stored for the duration of your current visit to our website. These temporary cookies make your use of our website more convenient (for example, by adjusting the user settings for sorting of links and language selection in accordance with your needs). Session cookies are only valid for the duration of your specific visit to the website and are then automatically deleted. In addition, we use “persistent cookies", which remain on your device and are not automatically deleted when you close your browser. Naturally you can also delete those cookies yourself at any time. Persistent cookies serve, in particular, to improve your user experience when you next visit our website by tailoring the website to your personal needs. That also enables optimisation of loading times.
We use the following types of cookies on our website:
- “Necessary cookies” and “functionality cookies” are required in order to provide our website and the associated services and to operate our website. They are used to ensure the proper functionality and security of our website. These cookies are necessary to safeguard our legitimate interests in providing a user-friendly and secure website.
- “Tracking cookies”, “marketing cookies” and “web analysis cookies” record your usage behaviour and your interaction with our website. That enables us both to tailor our online offering to you and to display relevant advertising to you. We only use such cookies on the basis of your consent, which you may withdraw at any time. Please see the “Cookies subject to consent” chapter for further details of the specific tracking cookies, marketing cookies and web analysis cookies used by us.
Cookies subject to consent
If you have consented to cookies, our website will use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). In general, the information generated by the Google Analytics cookie about your use of the website is transmitted to a Google server in the USA and stored there.
Google will use that information on our behalf to analyse use of our website by users, to compile reports about activity on our website and to provide us with further services related to use of the website. The processed data may be used to generate pseudonymous usage profiles of users. Google may also share that information with third parties if required to do so by law or if third parties process the data on behalf of Google.
We solely use Google Analytics with activated IP anonymisation. That means that your IP address is truncated by Google within the Member States of the European Union or in the European Economic Area. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. To our knowledge, the IP address transmitted by your browser will not be merged with other data held by Google.
Please see the Google websites for further information about data use by Google, settings options and opt-out options:
You can prevent the use of Google Analytics by downloading and installing the browser plug-in provided under the following link:
Google Tag Manager
With the Google Tag Manager, marketers can manage website tags through a single interface. The tag manager itself, which uses the tags, works without cookies and does not collect personally identifiable information. The Tag Manager simply triggers other tags that may themselves collect data. For details regarding those third party cookies, please view the respective privacy statement of the third party. However, Google Tag Manager does not use this information. If you have set cookies to be disabled or otherwise enabled cookies, this will be applied to all tracking tags used with Google Tag Manager, so the tool will not change your cookie settings.
Google may ask your permission to share some product information (such as your account information) with other Google products in order to enable certain features, such as making it easier to add new conversion tracking tags for AdWords. In addition, Google's developers review product usage information from time to time to further improve the product. However, Google will never share this type of information with other Google products without your consent.
Google remarketing/marketing services
If you have consented to cookies, we will use Google marketing and remarketing services. The provider is Google Inc. The information collected about users of our website by the Google remarketing/marketing cookies is transmitted to Google and stored on Google servers in the USA.
The Google marketing and remarketing services enable us to display more targeted ads for and on our website in order to show users relevant ads that may be of interest to them. The Google marketing and remarketing cookies therefore record in particular which websites the user has visited, what content the user is interested in and what offers he/she has clicked on, as well as technical information concerning the browser and operating system, referrer websites, session time and the IP address of the user. To our knowledge, the IP address is not merged with the user’s data from other Google services.
Google Adwords: The Google marketing and remarketing services used by us include the “Google Adwords” online advertising program. In the case of Google Adwords, each Adwords customer (including us) receives a different “conversion cookie”. Cookies cannot therefore by tracked via the websites of Adwords customers. The information collected using the Google Adwords cookie serves to generate statistics for Adwords customers. Adwords customers are informed in particular of the total number of users that have clicked on their ad and that were redirected to a page with a conversion tracking tag. However, they do not include any information enabling the personal identification of users.
You can deactivate the use of Google Adwords via the ad preferences manager https://www.google.com/settings/ads/onweb/?hl=en.
Social media cookies
We work together with various social media providers. Social media plug-ins are integrated with the ACREDIA website to enable social media posts (on Facebook, LinkedIn and Twitter) to be recommended and shared. When using this service, your browser will be automatically connected with the relevant social media provider and will transmit your IP address in anonymised (truncated) form (anonymizeip) and other information, such as cookies, if you have already visited the relevant platform previously. Where possible, we avoid that form of data transmission until you actually interact with one of the platforms. Data are only transmitted if you click on one of the icons (e.g. Twitter logo) displayed in the social media bar. ACREDIA does not have any influence on or access to cookies that are placed by social media.
Further integrated services and content of third parties
Based on our legitimate interests in the provision, optimisation and commercial operation of our online offering, we therefore use services and content of third-party providers within our online offering for integration of their content and services. That often requires the third-party providers of that content to receive the IP address of users since they cannot send the requested content to their correct browser without the IP address. The IP address is therefore required for display of such content and use of the integrated services.
We have implemented the following specific services and content of third parties on our website:
- External Google fonts (Google Fonts).
Opt-out option: https://adssettings.google.com/authenticated
- Sending of video messages via Accordium.
- Maps of the Google Maps service of the third-party provider Google.
Opt-out option: https://www.google.com/settings/ads/
- Videos on the YouTube platform of the third-party provider Google.
Opt-out option: https://adssettings.google.com/authenticated
Are your data shared with third parties?
We will share your personal data to the necessary extent with the following external service providers (processors) that assist us in provision of our services:
- IT service providers and/or providers of data hosting solutions or similar services;
- other service providers, providers of tools and software solutions that likewise assist us in provision of our services and act on our behalf (e.g. providers of marketing tools, marketing agencies, communications service providers, mail service providers and call centres)
All our processors solely process your data on our behalf and on the basis of our instructions so that we can provide our online offering to you.
Are your data transmitted to a third country?
If we process your data in a third country outside the European Union (“EU”) or the European Economic Area (“EEA'”) or transmit them to a third country due to use of the services of a third party, we will only do so insofar as is required for fulfilment of (pre-) contractual obligations, for legitimate interests, as legally required or on the basis of your consent. In addition, the European Commission must have established that said third country offers an adequate level of data protection, or other suitable and appropriate safeguards (e.g. EU standard contractual clauses) must be implemented to ensure the transmission of your data to the respective third country is in compliance with data protection law.
How long will we retain your data for?
We will store your personal data for no longer than is necessary for the purposes for which they are processed. In addition, we will process your personal data in compliance with the statutory retention and documentation obligations.
As a general rule, we will store your data related to you contacting us for a period of seven years based on the relevant statutory retention and documentation obligations.
Access data and log data will be stored for a maximum period of thirteen months, unless an overriding legitimate interest of ACREDIA in protection and security is in conflict with erasure of those data and can only by safeguarded by analysing data and log data.
In general, we will store data about your usage behaviour for a period of three months, but until no later than your withdrawal of consent.
If you have only registered for our newsletter and are not our customer, we will store your data until withdrawal of your consent and for a maximum of three years beyond that.
We will store data concerning your registration and your user account until the end of your business relationship with us and beyond that until expiry of the relevant statutory retention and documentation obligations.
In addition, if necessary, we will store your personal data beyond the aforementioned periods if legal claims arising from the legal relationship between you and us can be enforced or until final resolution of a specific case or legal dispute. That longer retention period serves to safeguard our legitimate interests in the enforcement, clarification and defence of legal claims.
What rights do you have?
You have the right to information about the personal data concerning you that are processed by us (Article 15 GDPR). In addition, you have the right to rectification of incorrect or incomplete data and – under certain circumstances – the right to erasure of your data (Article 16ff GDPR). Furthermore, you have the right to restriction of processing (Article 18 GDPR) and the right to data portability with respect to the data that you have provided to us (Article 20 GDPR).
You also have the right to object for reasons relating to your particular situation (Article 21 GDPR). In particular, you may object to processing of your data for direct marketing purposes.
In addition, you have the right to withdraw your consent at any time with effect for the future.
Finally, you have the right to lodge a complaint with the relevant supervisory authority (Article 77 GDPR). The relevant supervisory authority for Austria is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, Austria.
If you have any queries about data protection, please do not hesitate to contact us:
Acredia Versicherung AG
1010 Vienna, Austria
Telephone: +43 (0)50102-0
How do we protect your data?
We take suitable technical and organisational security measures pursuant to Article 32 GDPR to ensure a level of data security appropriate to the risk, in particular to protect your personal data against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage.
Version dated March 2019