Information about data processing by Techniker Krankenkasse (TK) pursuant to Section 13 GDPR (EU General Data Protection Regulation)
Techniker Kranken- und Pflegekasse collects, processes, stores and uses social data (personal data) to meet its legal mandate.
Identity of the controller
Techniker Krankenkasse, Bramfelder Strase 140, 22305 Hamburg, Germany, 0800-285 85 85, firstname.lastname@example.org – Corporation under public law
Contact details of data protection officer
TK Data Protection Officer, Bramfelder Str. 140, 22305 Hamburg, Germany, email@example.com
Purposes of the data processing and legal basis
Techniker Kranken- und Pflegekasse collects, processes, stores and uses social data (personal data) to meet its legal mandate. To give you an overview of the purposes of the data processing and the legal bases in both the statutory health and long-term care insurance, we provide this information in a clearly structured, easily understandable form:
1. Statutory health insurance fund
- Maintenance, restoration and improvement of the health status of its insurees (Section 1 of the Fünftes Buch Sozialgesetzbuch (SGB V / German Social Security Code – Book 5))
- Financing services and benefits and other expenses through the collection of contributions from employers and members (Section 3 SGB V)
- Assessment of the insurance relationship and membership, including the data necessary for initiating an insurance relationship (Section 284 (1) no. 1 SGB V)
- Issuance of the certificate of eligibility, the health insurance card and the electronic health card (Section 284 (1) no. 2 SGB V)
- Determination of the obligation to pay contributions as well as the contributions, their transfer and payment, and the implementation of social compensation (Section 284 (1) no. 3 SGB V)
- Assessment of the obligation to provide services and the provision of benefits to insurees, including the prerequisites for benefit limitations, determination of the perscription charge/co-payment status and implementation of the procedure for reimbursing costs, contribution repayments, and calculation of the income threshold for personal contribution payments (Section 284 (1) no. 4 SGB V)
- Support for insurees in case of treatment errors (medical malpractice) (Section 284 (1) no. 5 SGB V)
- Cover of medical treatment costs for persons not subject to compulsory insurance according to Section 264 SGB V in return for reimbursement of costs (Section 284 (1) no. 6 SGB V)
- Participation of the German Health Insurance Medical Service [Medizinischer Dienst](Section 284 (1) no. 7 SGB V)
- Settlement with service providers, including assessment of the legality and plausibility of the settlement (Section 284 (1) no. 8 SGB V)
- Monitoring compliance with contractual and legal obligations of service providers of medical aids (Section 284 (1) no. 9 SGB V)
- Settlement with other service providers (Section 284 (1) no. 10 SGB V)
- Execution of claims for reimbursement and compensation vis-à-vis third parties (Section 284 (1) no. 11 SGB V)
- Preparation, agreement and implementation of morbidity-based remuneration agreements (Section 284 (1) no. 12 SGB V)
- Preparation, implementation of pilot projects, integrated care contracts and contracts for outpatient-based provision of highly specialised services, including conducting performance and quality audits (Section 284 (1) no. 13 SGB V)
- Implementation of the risk adjustment scheme as well as preparation and implementation of structured treatment programmes, including acquisition of insurees to participate in them (Section 284 (1) no. 14 SGB V)
- Implementation of discharge and sick pay case management (Section 284 (1) no. 15 SGB V)
- Advising on prevention and rehabilitation measures (Section 284 (1) no. 16 SGB V)
- Acquisition of members (Section 284 (4) SGB V)
2. Long-term care insurance
- Support for persons in need of permanent care who are dependent on assistance due to the severity of their long-term condition (Section 1 (4) of the Elftes Buch Sozialgesetzbuch (SGB XI / German Social Security Code – Book 11))
- Financing services and benefits and other expenses through the collection of contributions from employers and members (Section 1 (6) SGB XI)
- Assessment of the insurance relationship and membership (Section 94 (1) no. 1 SGB XI)
- Determination of the obligation to pay contributions as well as the contributions (Section 94 (1) no. 2 SGB XI)
- Assessment of the obligation to provide services and the provision of benefits to insurees as well as execution of claims for reimbursement and compensation (Section 94 (1) no. 3 SGB XI)
- Participation of the German Health Insurance Medical Service (Section 94 (1) no. 4 SGB XI)
- Settlement with service providers and the associated cost reimbursement (Section 94 (1) no. 5 SGB XI)
- Monitoring the cost-effectiveness, billing, settlement and cost reimbursement of the care services provided (Section 94 (1) no. 6 SGB XI)
- Conclusion and implementation of care rate agreements, remuneration agreements, and performance and quality agreements (Section 94 (1) no. 7 SGB XI)
- Advising on participation as well as services, benefits and support for long-term care (Section 94 (1) no. 8 SGB XI)
- Coordination of long-term care assistance, long-term care case management and consultation as well as undertaking tasks in care support centres [Pflegestützpunkte], (Section 94 (1) no. 9 SGB XI)
- Statistical purposes (Section 94 (1) no. 10 SGB XI)
- Assistance with pursuing claims for damages (Section 94 (1) no. 11 SGB XI)
Furthermore, TK may collect, use, process and store data if the data subject has given an express declaration of consent in accordance with Section 6 (1a) of the EU General Data Protection Regulation (GDPR) in conjunction with Section 67b (2) of the Zehntes Sozialgesetzbuch (SGB X / German Social Security Code – Book 10).
Notwithstanding the abovementioned purposes and legal bases, we may use your data for other purposes (change of purpose) without prior notice if the following conditions are met:
- It is a measure pursuant to Section 82 (2) SGB X.
- Another legal basis allows the change of purpose without requiring notice in advance.
- You have already given your express consent.
- The data is pseudonymised.
Provision of social data (personal data)
In order for TK to be able to fully fulfil its legally prescribed mandate, you must comply with the obligation to cooperate as specified under Sections 60 et seq. of the Sozialgesetzbuch – Erstes Buch (SGB I / German Social Security Code – Book 1). Accordingly, you will have to provide TK with certain personal data which are necessary to perform legal tasks pertaining to you. If you not comply with this obligation to cooperate, it may result in delays or even denials for services and benefits you have requested.
Voluntary information, such as your telephone number and e-mail address, is expressly excluded from this data. If you do not provide this data, it will not be considered as non-compliance with the obligation to cooperate and it will not put you at any disadvantage.
Your social data (personal data) which TK must collect, process, store and use are subject to the data protection regulations of the SGB X, the German Federal Data Protection Act [BDSG – Bundesdatenschutzgesetz], and as of 25 May 2018 to the regulations of the EU General Data Protection Regulation (GDPR) as well. TK ensures that the confidentiality of social data is maintained in accordance with Section 35 SGB I.
Automated individual decision-making
Pursuant to Section 22 of the EU General Data Protection Regulation (GDPR), TK does not make any decisions based on automated processing, including profiling.
Categories of recipients:
TK regularly transfers social data (personal data) to the following recipients on the basis of the legal provisions of the SGB (German Social Security Code) or other laws:
- Pension insurance and accident insurance providers
- German Federal Employment Agency
- German Health Insurance Medical Service
- Employers and paying agents
- Service providers
- Social assistance and welfare authorities
- Financial institutions within the scope of payment transactions
- Fiscal authorities
- Authorities, provided the conditions specified in Sections 67d et seq. of SGB X apply
- External contractors according to Section 80 SGB X (a detailed list of recipient categories can be found at www.tk.de)
If data is transferred to a recipient within one of the categories, you will be informed about the recipient unless one of the exceptions listed under Section 82 (1) and (2) of SGB X or the prerequisite specified in Section 13 (4) GDPR applies.
Duration of data retention and storage
Different retention periods apply to the various purposes for processing social data, which are regulated in Section 110a SGB IV, Section 304 SGB V, Section 107 SGB XI and in the German General Administrative Regulation on Social Insurance Accounting [SRVwV – Allgemeinen Verwaltungsvorschrift über das Rechnungswesen in der Sozialversicherung]. If the purpose for processing the data is no longer applicable, the relevant social data (personal data) are deleted.
Rights of the data subject with respect to data processing
You can exercise the following rights with respect to the aforementioned contact data as long as the legal requirements are satisfied:
- Right to information about the processed data (Section 15 GDPR in conjunction with Section 83 SGB X)
- Right to rectification of inaccurate or incorrect data (Section 16 GDPR in conjunction with Section 84 SGB X)
- Right to erasure (deletion) (Section 17 GDPR in conjunction with Section 84 SGB X)
- Right to restriction of processing (Section 18 GDPR in conjunction with Section 84 SGB X)
- Right to data portability (Section 20 GDPR)
- Right to object (Section 21 GDPR in conjunction with Section 84 SGB X)
- In the case of data processing based on consent, the right to revoke it with future effect can be exercised at any time.
Right to appeal to the supervisory authorities
As a data subject, you have the right to contact the relevant supervisory authorities responsible for overseeing TK:
1. Der Bundesbeauftragte für Datenschutz und die Informationsfreiheit / German Federal Commissioner for Data Protection and Freedom of Information
53117 Bonn, Germany
firstname.lastname@example.org or email@example.com
2. Bundesamt für Soziale Sicherung / German Federal (Social) Insurance Office
53113 Bonn, Germany
firstname.lastname@example.org or email@example.com