Information about data processing by Techniker Krankenkasse (TK) pursuant to Section 13 GDPR (EU General Data Protection Regulation)
Techniker Kranken- und Pflegekasse collects, processes, stores and uses social data (personal data) to meet its legal mandate.
Identity of the controller
Techniker Krankenkasse, Bramfelder Strase 140, 22305 Hamburg, Germany, 0800-285 85 85, email@example.com – Corporation under public law
Contact details of data protection officer
TK Data Protection Officer, Bramfelder Str. 140, 22305 Hamburg, Germany, firstname.lastname@example.org
Purposes of the data processing and legal basis
Techniker Kranken- und Pflegekasse collects, processes, stores and uses social data (personal data) to meet its legal mandate. To give you an overview of the purposes of the data processing and the legal bases in both the statutory health and long-term care insurance, we provide this information in a clearly structured, easily understandable form:
1. Statutory health insurance fund
- Maintenance, restoration and improvement of the health status of its insurees (Section 1 of the Fünftes Buch Sozialgesetzbuch (SGB V / German Social Security Code – Book 5))
- Financing services and benefits and other expenses through the collection of contributions from employers and members (Section 3 SGB V)
- Assessment of the insurance relationship and membership, including the data necessary for initiating an insurance relationship (Section 284 (1) no. 1 SGB V)
- Issuance of the certificate of eligibility, the health insurance card and the electronic health card (Section 284 (1) no. 2 SGB V)
- Determination of the obligation to pay contributions as well as the contributions, their transfer and payment, and the implementation of social compensation (Section 284 (1) no. 3 SGB V)
- Assessment of the obligation to provide services and the provision of benefits to insurees, including the prerequisites for benefit limitations, determination of the perscription charge/co-payment status and implementation of the procedure for reimbursing costs, contribution repayments, and calculation of the income threshold for personal contribution payments (Section 284 (1) no. 4 SGB V)
- Support for insurees in case of treatment errors (medical malpractice) (Section 284 (1) no. 5 SGB V)
- Cover of medical treatment costs for persons not subject to compulsory insurance according to Section 264 SGB V in return for reimbursement of costs (Section 284 (1) no. 6 SGB V)
- Participation of the German Health Insurance Medical Service [Medizinischer Dienst](Section 284 (1) no. 7 SGB V)
- Settlement with service providers, including assessment of the legality and plausibility of the settlement (Section 284 (1) no. 8 SGB V)
- Monitoring compliance with contractual and legal obligations of service providers of medical aids (Section 284 (1) no. 9 SGB V)
- Settlement with other service providers (Section 284 (1) no. 10 SGB V)
- Execution of claims for reimbursement and compensation vis-à-vis third parties (Section 284 (1) no. 11 SGB V)
- Preparation, agreement and implementation of morbidity-based remuneration agreements (Section 284 (1) no. 12 SGB V)
- Preparation, implementation of pilot projects, integrated care contracts and contracts for outpatient-based provision of highly specialised services, including conducting performance and quality audits (Section 284 (1) no. 13 SGB V)
- Implementation of the risk adjustment scheme as well as preparation and implementation of structured treatment programmes, including acquisition of insurees to participate in them (Section 284 (1) no. 14 SGB V)
- Implementation of discharge and sick pay case management (Section 284 (1) no. 15 SGB V)
- Advising on prevention and rehabilitation measures (Section 284 (1) no. 16 SGB V)
- Monitoring the compliance of providers of medical aids with their legal and contractual obligations (section 284 (1) no. 17 SGB V])
- Fulfilment of the health insurance funds’ mandate as providers of rehabilitation services pursuant to SGB IX (section 284 (1) no. 18 SGB V)
- Development of healthcare innovations, the provision of information for insurees and the submission of offers (section 284 (1) no. 19 SGB V)
- Administrative provision of electronic patient records and the supply of additional applications (section 284 (1) no. 20 SGB V)
- Acquisition of members (Section 284 (4) SGB V)
2. Long-term care insurance
- Support for persons in need of permanent care who are dependent on assistance due to the severity of their long-term condition (Section 1 (4) of the Elftes Buch Sozialgesetzbuch (SGB XI / German Social Security Code – Book 11))
- Financing services and benefits and other expenses through the collection of contributions from employers and members (Section 1 (6) SGB XI)
- Assessment of the insurance relationship and membership (Section 94 (1) no. 1 SGB XI)
- Determination of the obligation to pay contributions as well as the contributions (Section 94 (1) no. 2 SGB XI)
- Assessment of the obligation to provide services and the provision of benefits to insurees as well as execution of claims for reimbursement and compensation (Section 94 (1) no. 3 SGB XI)
- Participation of the German Health Insurance Medical Service (Section 94 (1) no. 4 SGB XI)
- Settlement with service providers and the associated cost reimbursement (Section 94 (1) no. 5 SGB XI)
- Monitoring the cost-effectiveness, billing, settlement and cost reimbursement of the care services provided (Section 94 (1) no. 6 SGB XI)
- Conclusion and implementation of care charge agreements, remuneration agreements and integrated care contracts (section 94 (1) no. 6a SGB XI)
- Clarification and information (section 94 (1) no. 7 SGB XI)
- Coordination of care services, care consulting, issue of consultancy vouchers and performance of tasks at care support centres [Pflegestützpunkte] (section 94 (1) no. 8 SGB XI)
- Billing other service providers (section 94 (1) no. 9 SGB XI)
- Statistical purposes (Section 94 (1) no. 10 SGB XI)
- Assistance with pursuing claims for damages (Section 94 (1) no. 11 SGB XI)
Furthermore, TK may collect, use, process and store data if the data subject has given an express declaration of consent in accordance with Section 6 (1a) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 67b (2) of the Zehntes Sozialgesetzbuch (SGB X / German Social Security Code – Book 10).
Notwithstanding the abovementioned purposes and legal bases, we may use your data for other purposes (change of purpose) without prior notice if the following conditions are met:
- It is a measure pursuant to Section 82 (2) SGB X.
- Another legal basis allows the change of purpose without requiring notice in advance.
- You have already given your express consent.
- The data is pseudonymised.
Provision of social data (personal data)
In order for TK to be able to fully fulfil its legally prescribed mandate, you must comply with the obligation to cooperate as specified under Sections 60 et seq. of the Sozialgesetzbuch – Erstes Buch (SGB I / German Social Security Code – Book 1). Accordingly, you will have to provide TK with certain personal data which are necessary to perform legal tasks pertaining to you. If you not comply with this obligation to cooperate, it may result in delays or even denials for services and benefits you have requested.
Voluntary information, such as your telephone number and e-mail address, is expressly excluded from this data. If you do not provide this data, it will not be considered as non-compliance with the obligation to cooperate and it will not put you at any disadvantage.
Your social data (personal data) which TK must collect, process, store and use are subject to the data protection regulations of the SGB X, the German Federal Data Protection Act [BDSG – Bundesdatenschutzgesetz], and as of 25 May 2018 to the regulations of the EU General Data Protection Regulation (GDPR) as well. TK ensures that the confidentiality of social data is maintained in accordance with Section 35 SGB I.
Automated individual decision-making
During the course of certain business processes, TK makes decisions based solely on automated processing. TK complies with Art. 22 of the General Data Protection Regulation (GDPR) in such cases.
Pursuant to section 31a SGB X [German Social Code Book X], sovereign decisions (administrative acts) may be fully automated provided there is no reason for the individual case to be processed by an official.
No processing by an official is required in the case of administrative procedures with simple structures that can be reviewed and decided upon automatically following a specific schema.
In such cases, TK considers all the key information that could affect the outcome of the decision.
A decision regarding your application will be made once a fully automated review of the legal conditions has been carried out. TK will provide you with written information regarding the most important grounds on which the respective decision was based.
If you do not agree with the decision, you have the right to have the fully automated decision reviewed by a natural person. You can present your own viewpoint and appeal the decision.
Categories of recipients:
TK regularly transfers social data (personal data) to the following recipients on the basis of the legal provisions of the SGB (German Social Security Code) or other laws:
- Pension insurance and accident insurance providers
- German Federal Employment Agency
- German Health Insurance Medical Service
- Employers and paying agents
- Service providers
- Social assistance and welfare authorities
- Financial institutions within the scope of payment transactions
- Fiscal authorities
- Authorities, provided the conditions specified in Sections 67d et seq. of SGB X apply
- External contractors according to Section 80 SGB X (a detailed list of recipient categories can be found at www.tk.de)
If data is transferred to a recipient within one of the categories, you will be informed about the recipient unless one of the exceptions listed under Section 82 (1) and (2) of SGB X or the prerequisite specified in Section 13 (4) GDPR applies.
Duration of data retention and storage
Different retention periods apply to the various purposes for processing social data, which are regulated in Section 110a SGB IV, Section 304 SGB V, Section 107 SGB XI and in the German General Administrative Regulation on Social Insurance Accounting [SRVwV – Allgemeinen Verwaltungsvorschrift über das Rechnungswesen in der Sozialversicherung]. If the purpose for processing the data is no longer applicable, the relevant social data (personal data) are deleted.
Rights of the data subject with respect to data processing
You can exercise the following rights with respect to the aforementioned contact data as long as the legal requirements are satisfied:
- Right to information about the processed data (Section 15 GDPR in conjunction with Section 83 SGB X)
- Right to rectification of inaccurate or incorrect data (Section 16 GDPR in conjunction with Section 84 SGB X)
- Right to erasure (deletion) (Section 17 GDPR in conjunction with Section 84 SGB X)
- Right to restriction of processing (Section 18 GDPR in conjunction with Section 84 SGB X)
- Right to data portability (Section 20 GDPR)
- Right to object (Section 21 GDPR in conjunction with Section 84 SGB X)
- In the case of data processing based on consent, the right to revoke it with future effect can be exercised at any time.
Right to appeal to the supervisory authorities
As a data subject, you have the right to contact the relevant supervisory authorities responsible for overseeing TK:
1. Der Bundesbeauftragte für Datenschutz und die Informationsfreiheit / German Federal Commissioner for Data Protection and Freedom of Information
2. Bundesamt für Soziale Sicherung / German Federal (Social) Insurance Office