Data Protection Policy for tk.de

Techniker Krankenkasse (TK) wants to use its website to provide interested parties and insurees with comprehensive, useful and knowledgeable information about services, benefits, contributions and health topics and offer TK’s insurees and business partners the best possible online service from a modern service provider.

Techniker Krankenkasse’s data protection policy is presented in the following.

This data protection policy informs users about the type, scope and purpose of the personal data collected and used by the responsible provider on this website (hereinafter referred to as the "offer"). The legal basis for data protection is contained in the EU General Data Protection Regulation (GDPR), the Sozialgesetzbuch (SGB) [German Social Security Code] and the Bundesdatenschutzgesetz (BDSG) [German Federal Data Protection Act]. TK only collects and uses your personal data in compliance with these provisions. Such personal data includes all information related to an identifiable or identified natural person. This includes your health insurance number, for example.

We are committed to continuously further developing and improving our website and offerings. These developments may necessitate changes to this data protection policy. We recommend that you periodically visit this website in order to keep up to date on our policy.

1. Processing and retention period of your data on tk.de

1.1 Scope of personal data processing

When personal data is collected on this website, it is collected either on the basis of your express consent (Art. 6(1) Sentence 1(a) GDPR), to comply with legal obligations to which TK is subject (Art. 6(1) Sentence 1(c) GDPR), to perform tasks in the public interest or in the exercise of official authority vested in TK (Art. 6(1) Sentence 1(e) GDPR), or to safeguard the legitimate interests of TK (Art. 6(1) Sentence 1(f) GDPR). The data is stored for as long as it is necessary for the purpose for which it was collected and provided that statutory retention periods do not prohibit its deletion.

Informational use

You do not have to provide any personal data if you simply want to obtain information on tk.de about a particular topic and do not log in or register on the website or otherwise provide us with information.

In case of such an "informational use", we only collect the data transmitted by your browser in order to enable you to visit the website. This data comprises:

IP address
Date and time of request
Time zone difference from Greenwich Mean Time (GMT)
Contents of the request (specific page)
Access status/HTTP status code
Volume of data transferred in each case
Referrer URL
Browser
Operating system and its interface
Language and version of the browser software.

The logged data is used exclusively for data security purposes, in particular to prevent attempts to hack into or attack our web server (Art. 6(1) Sentence 1(f) GDPR). The data is neither used to create individual user profiles nor passed on to third parties and is deleted no later than 90 days afterwards. We reserve the right to statistically evaluate anonymised data records.

Please also refer to the information on analytical tools in Section 4 of this data protection policy.

Use of service offers

For some TK online services, we need personal data to be able to provide the services. If you want to utilise one of these services, we only collect and store the data required to provide the service. The stored data will exclusively be used for the specified purpose.

Example
If you want to use the TK-Klinikführer [TK Hospital Guide], we will need you to enter a postal code or city in order to inform you about hospitals in your vicinity.

What data TK collects, stores and uses for a specific service offer can be seen in the individual input form for that service. Further information on data collection and data processing can be found in the explanations and terms for each service offer.

You can register or deregister on your own initiative at any time for any TK service offer that requires registration.

Participation in contests and sweepstakes

Contests and sweepstakes are offered on the TK website from time to time. TK stores the personal data of the entrants that is necessary to run the contest or sweepstakes. For example, TK needs an address in order to be able to send prizes. The data is only passed on to third parties if it is necessary due to the type of prize or presenting the prize. For example, if a contest is held on the TK website together with a cooperation partner who will be sending the prizes directly.

1.2 When will my data be deleted?

TK deletes personal data

if the users revoke their consent to having the data stored;

if the data is no longer required;

if storage of the data is not permitted for other legal reasons.

2. Communication channels with TK

2.1 Password-protected online offers from TK

On the TK website, there are password-protected areas for various offers where particularly sensitive data is collected. More detailed information can be found in the respective terms of use and data protection policies.

The programs used for entering passwords log the following data for each login error and each time a password is blocked:

date,

time,

IP address of the computer via which the incorrect entry was made, and

the username.

This data is stored on the TK web server.

2.2 E-mail communication

In certain cases, we reply to customer enquiries by postal mail even if an enquiry has been sent to us by e-mail. This is always the case if our reply contains social data. We regret that for legal reasons, no other option is available at this time. As soon as a more broad-based secure technology becomes available that guarantees the highest possible data security, we will be happy to answer your service enquiries by e-mail as well.

2.3 Newsletter

The data you provide when subscribing to a newsletter will only be used to personalise the newsletter and will not be forwarded to third parties. Providing this information is voluntary. We perform anonymised tracking for statistical purposes.

2.4 Chat

On tk.de, you can access our anonymous TK Chat feature. The corresponding terms of use apply .

We will answer individual questions about services or your TK insurance cover in the secure " Meine TK " ["My TK"] area.

2.5 Contact form

You have the option to contact TK via an online form. The data you voluntarily enter is collected and used solely for the purpose of establishing contact. The data is transmitted using TLS encryption. Further details can be found on the contact form .

2.6 Portals

You have the option to contact TK via various portals (e.g. corporate customers, careers, innovations). The data you voluntarily enter is collected and used solely for the purpose of establishing contact. The data is transmitted using TLS encryption. Further details can be found on each portal.

2.7 Dialogue Wizard

For certain topics, you can use our dialogue wizard, which answers your question in a dialogue format. The dialogue wizard does not collect any personal data. Dialogue histories are used exclusively for training the system in order to continuously improve the user experience. The entire history is completely deleted no later than 16 weeks after the dialogue.

3. Information about cookies and data stored in the browser

Like many other websites, the TK website also uses "cookies". Cookies are small text files stored on your computer. They contain information about your visit to our website that is transmitted to TK. Cookies are usually set or read automatically each time you visit tk.de.

Important note
No data is stored in the cookies that allows personally identifiable information to be traced to any person visiting our website. The information saved in the cookies is stored separately from any other data provided to us. We do not merge this data with other data sources.

This website uses session cookies and persistent cookies. The term "session" here refers to an Internet session that ends at the latest when the web browser is closed.

Click here to change your privacy settings.

3.1 Session cookies

Session cookies are used to save the session data. Session cookies store a "session ID" which is used to assign various requests from your browser to a session. This feature allows your computer to be recognised again when you return to the website.

A session cookie expires at the end of each session. That means that the cookie becomes invalid and can no longer be used as soon as you close the browser completely. The same happens if you are not active on the TK website for more than 30 minutes.

3.2 Persistant cookies

In contrast to session cookies, persistent cookies are stored for a period of up to 6 months. They remain on the computer even after the current visit is over, unless they are intentionally deleted. In addition, persistent cookies contain a predefined expiry date. After that date expires, the cookies are automatically deleted.

TK uses persistent cookies for statistical purposes, for example, in order to identify what content of the TK website is in particularly high demand. This is an important tool that helps us continuously improve tk.de for you. A personally identifiable reference to the user is not created in the process.

3.3 Deletion

You can delete cookies set by TK at any time in your browser. However, please note that your personal settings for using tk.de are also stored in the cookies. Therefore, if you delete these cookies, your settings will also be reset and you may not be able to use all the features and functions of our website.

4. Analytical tools

4.1 General information

We analyse the usage behaviour of visitors to our website in pseudonymised form, i.e. without being able to trace any personally identifiable information about the visitor. The findings and information we obtain this way helps us to improve the TK website and conduct market analyses.

4.2 Web tracking

TK uses the web tracking method to analyse usage behaviour. This means that TK records which of its websites have been visited and how often. For this purpose, TK sets cookies that expire after 180 days.

TK has commissioned Webtrekk GmbH as the service provider for conducting the usage analysis. The TÜV Saarland technical inspection association has certified Webtrekk GmbH as a service provider for data protection with regard to web monitoring software.

When you visit our website, your browser transmits certain information to us. Webtrekk GmbH stores this data exclusively on its server in Germany. The following data are collected:

Time of access

Technical data about your browser and end device, such as operating system, browser, language setting, screen resolution

Information about the content, features and functions used, such as page names, campaigns, link clicks, logins, form sections

Your IP address is not transferred to Webtrekk.

4.3 Conversion tracking

TK uses conversion tracking to analyse online advertising campaigns. This means that TK tracks how many users reach the tk.de website via an online advertisement. The information obtained in this way allows us to generate statistics about our online advertising campaigns. The analysis is only conducted in an aggregated form, so that it is not possible to determine any personally identifiable information about you.

To implement the conversion tracking, TK works together with Adform, a provider that measures our online advertising campaigns. For conversion tracking, TK uses persistent cookies that expire in 60 days.

4.4 Personalisation of website content using Adtelligence Platform software from ADTELLIGENCE GmbH

On our website, we use the Adtelligence Platform software from ADTELLIGENCE GmbH (www.adtelligence.com). This is used for targeting specific groups with the aim of personalising our online business. For this purpose, data of website visitors is recorded and assigned to specific target groups by means of cookies and tracking pixels. The target group-specific characteristics are recorded by ADTELLIGENCE, transmitted to the system in anonymous form and stored on servers in Germany. On this basis, pages or contents that are displayed to you are controlled in order to present you with personalised and relevant website content. We will not forward this information to third parties.

4.5 Retargeting

On tk.de, we use the retargeting technology from Adform. In online marketing, retargeting is a process in which visitors to a website are identified and are then shown targeted advertising on other websites. For retargeting, TK uses persistent cookies that expire after 90 days. In the case of retargeting as well, the data is only collected in pseudonymised form.

5. Integration of third-party services

Google Ads (Conversion Tracking & Remarketing)

We use Google’s remarketing and conversion tracking technologies (Google Ads) provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland, whereby so-called Google pixels are placed on your device, provided you have given us your consent. We can use the data from advertising campaigns to determine how successful individual advertising measures are and automatically provide you with interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited and your interactions.

With Google Conversion Tracking, if you have arrived at our website via a Google advert, we can see that someone has clicked on an advert, been redirected to our website and reached a pre-defined landing page (‘conversion site’). Furthermore, we can see that you have accessed our website via another route and carried out an interaction defined as a conversion. In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures were by measuring the performance of certain parameters, such as the display of adverts or clicks by you, and optimise them accordingly.

We ourselves do not collect or process any personal data in the advertising measures mentioned. We are merely provided with statistical analyses by Google. Based on these analyses, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising materials; in particular, we cannot identify users on the basis of this information.

We also use Google remarketing technology, which collects and stores information about your user behaviour on our websites. The pixels enable Google to collect, process and use information from these, from which usage profiles are created using pseudonyms. These usage profiles serve to analyse your visitor behaviour on our website and are used to display advertisements in order to show you relevant and personalised content on external websites that appears to be of interest to you based on your user behaviour on our website.

Due to the marketing tools used, your browser may automatically establish a direct connection with Google’s server in some cases. We have no influence over the scope and further use of the data collected by Google through the use of this tool, and therefore inform you in accordance with our current knowledge: Through the integration of Ads Conversion and Ads Remarketing, Google receives information that you have accessed the relevant part of our website or clicked on one of our advertisements, as well as which areas of our website you have viewed. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address.

Categories of personal data

Google Ad Cookie (Cookie ID = Pixel ID)

DoubleClick ID

User ID

Google Advertising ID

Identifier for Advertisers (IDFA) and Android Advertising ID (AAID)

Android Device ID

Apple ID

Google Click ID

IP address

Location information

User Agent

User behaviour (on-site and off-site, including page and referral URLs)

Browser and device information

Consent status

Date and time of the request

The data is processed in pseudonymised form and is used exclusively for the analysis and optimisation of our advertising activities. We are unable to identify individuals.

Legal basis

Processing is carried out on the basis of your consent in accordance with

Section 25(1) sentence 1 of the TDDDG [German Telecommunications Digital Services Data Protection Act] (consent to the setting of cookies and pixels)

Article 6(1)(a) of the GDPR (Consent to the processing of personal data)

You may withdraw your consent at any time with effect for the future. You can do this in the overview of cookies on tk.de under the section ‘Use of Cookies’ or by clicking the ‘Privacy Settings’ link in the footer of our website to reconfigure your settings.

Recipients / Categories of recipients

Personal data may be disclosed to service providers and their subsidiaries that provide technologies or support services for the operation and maintenance of Google services, as well as to Google LLC (USA)

Retention period

The data will be deleted as soon as it is no longer required for processing. Log data is anonymised after 9 months, and cookie information is anonymised after 18 months.

Storage location (data transfer to a third country or international organisation)

Your data is processed on servers within the EU. During processing, data may also be stored with international organisations outside the EU, at least in the USA on the basis of the EU-US Data Privacy Framework and - in the case of transfers to other third countries - on the basis of EU Standard Contractual Clauses pursuant to Article 46(2)(c) of the GDPR.

Further information

For further details on data processing, please refer to Google’s privacy policy "More information on how Google uses personal data", the privacy statement or the settings for personalised advertising / withdrawal.

Google Maps

We use Google Maps API to visually display interactive maps. When these maps are used, Google also collects, processes and uses data about the usage of the map functions.

Admiral Cloud

We have integrated video files on our website for informational purposes. These videos are provided on the AdmiralCloud platform. When the videos are accessed, data is transferred from the user's browser to the AdmiralCloud server. The data is transferred as soon as the link is clicked on.

The data collected by the AdmiralCloud server includes details on how the user uses the AdmiralCloud services, the IP address, data on the browser type, browser language, date and time of viewing and the URL of the page on which the video is stored, as well as cookies that can be used to uniquely identify the user’s browser, but which are only used to manage the service.

6. System security

We maintain up-to-date technical measures to ensure data security. These measures are particularly intended to protect your personal data from unauthorised access by third parties. We adapt our protection and security mechanisms to the current state of the art.

If you are asked to enter personal data in one of our online offers, the data is always transferred using TSL encryption. The purpose of this encryption is to prevent any unauthorised party from gaining possession of your data.

7. General rights of data subjects and contact persons

You have the right

a. to obtain information about the categories of the personal data being processed, purposes of the processing, any recipients to whom the data will be disclosed, the envisaged storage and the retention period (Art. 15 GDPR);
b. to request rectification of inaccurate, incorrect or incomplete data (Art. 16 GDPR);
c. to withdraw consent at any time with effect for the future (Art. 7(3) GDPR);
d. to object to the processing of data on the grounds of legitimate interests, for reasons relating to your particular situation (Art. 21(1) GDPR);
e. to request the erasure (deletion) of personal data in certain cases within the scope of Art. 17 GDPR - particularly if the personal data is no longer necessary in relation to the purposes for which it was collected or it is being unlawfully processed, or if you revoked your consent in accordance with (c) above or declared an objection as described in (d) above;
f. to request, under certain circumstances, the restriction of data where erasure is not possible or the erasure obligation is disputed (Art. 18 GDPR);
g. to data portability, i.e. you can receive your data which you provided to us in a commonly used and machine-readable format, such as CSV, and can, where necessary, transmit the data to others (Art. 20 GDPR).

8. Contact details of the controller, data protection officer and our supervisory authorities

Contact details of the controller
Techniker Krankenkasse
Bramfelder Straße 140
22305 Hamburg
Tel: + 49 (0)800-285 85 85
E-mail: service@tk.de

Contact details of data protection officer
Techniker Krankenkasse
Beauftragter für den Datenschutz
Bramfelder Str. 140
22305 Hamburg
E-Mail: datenschutz@tk.de

Contact details of supervisory authorities
Der Bundesbeauftragte für Datenschutz und die Informationsfreiheit [German Federal Commissioner for Data Protection and Freedom of Information]
Graurheindorfer Str. 153
53117 Bonn
poststelle@bfdi.bund.de oder poststelle@bfdi.de-mail.de

Bundesamt für Soziale Sicherung [German Federal Office for Social Security]
Friedrich-Ebert-Allee 38
53113 Bonn
poststelle@bas.bund.de oder poststelle@bas.de-mail.de