Privacy Notice
Introduction and general information
Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information on the handling of your data that is collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.
Controller within the meaning of the GDPR
KINGSTONE Investment Management GmbH
Promenadeplatz 10
80333 Munich
T: +49 89-205 008 5630
E: info@kingstone-re.com
Contact details of the Data Protection Officer
PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de
When contacting the Data Protection Officer, please state the company to which your enquiry relates. Please refrain from enclosing sensitive information, such as a copy of your ID, with your enquiry.
Definitions
Our privacy notice should be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy notice. The official definitions are explained in Art. 4 GDPR..
Accessing and storing information in terminal equipment
By using our website, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored on your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) sentence 1, (2) no. 2 TTDSG.
In cases in which such a process serves other purposes (e.g. the needs-based design of our website), this is only carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the German Federal Data Protection Act (German Federal Data Protection Act) apply to the processing of your personal data.
Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.
Webhosting
This website is hosted by an external service provider (hoster). This website is hosted in Germany. Personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, website access and other data generated via a website.
We collect the data listed in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
We have concluded a data processing agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
Server log files
When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status
- Web browser and operating system used
- (Complete) IP address of the requesting computer
- Amount of data transferred
We collect the data listed in order to ensure a smooth connection to the website and the technically error-free provision of our services. The processing of this data is absolutely necessary in order to make the website available to you. The log files are used to analyse system security and stability as well as for administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. After 30 days at the latest, the data is completely deleted so that it is no longer possible to establish a reference to the individual user.
The data may also be processed in anonymised form for statistical purposes. At no time will this data be stored together with other personal data of the user, compared with other databases or passed on to third parties.
Cookies
Our website uses so-called “cookies”. Cookies are small text files that are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising.
The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the technically error-free provision of our services. For details on the purposes of the processing and legitimate interests, please refer to the information on the specific data processing.
The processing of personal data through the use of other cookies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimisation purposes, we will inform you about this separately in this privacy notice and obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can set your browser so that you
- be informed about the setting of cookies,
- Only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or in general,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed for the respective browsers under the following links:
You can also manage cookies from many companies and functions that are used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track function”. If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be “tracked” for the purpose of behaviour-based advertising and similar.
Information and instructions on how to edit this function can be found under the following links, depending on your browser provider:
You can also prevent scripts from loading by default. “NoScript” only allows the execution of JavaScripts, Java and other plug-ins on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).
Please note that the functionality of our website may be restricted if cookies are deactivated.
Change cookie settings
You can withdraw or change your cookie settings at any time. To do this, call up the cookie settings again. You can find this at any time at the bottom left of the website.
Consent Management (Borlabs)
In order to manage cookies in compliance with data protection regulations, we use the software solution from Borlabs- Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany.
When visiting our website, an essential cookie is stored in the user’s browser, in which the consent given or the withdrawal of consent is stored. This data is not passed on to the provider of Borlabs Cookie.
With Borlabs, we provide you with a so-called cookie banner, which you can use to give us your consent to the use of cookies. The cookie banner informs you about the use of cookies when you first visit our website and asks for your consent to the use of cookies. Until you give your consent, all non-essential cookies that we use on our website are automatically blocked. You have the option of rejecting unwanted cookies via the cookie banner and still continuing to use the website.
The Borlabs cookie in particular is necessary in order to comply with the legal requirements of data protection law. We do not use the user data collected by the cookies to create user profiles. The legal basis for the processing is our legitimate interest in observing the rejection of cookies and/or the withdrawal of your consent to the use of cookies in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
The data collected will be stored until you ask us to erase it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on Borlabs Cookie data processing can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
You can find Borlabs’ privacy notice here: https://de.borlabs.io/datenschutz/
Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which can be used to analyse the use of websites.
When using Google Analytics 4, so-called “cookies” are used. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last digits, see below) is usually transmitted to a Google server, where it is stored and processed. This may also result in information being transmitted to the servers of Google LLC based in the USA and further processing of the information there.
When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always collected and processed in abbreviated form by default and automatically, so that the information collected cannot be directly linked to a person. This automatic anonymisation is carried out by shortening the last digits of the IP address transmitted by your terminal device by Google within member states of the European Union (EU) or other signatory states to the Agreement on the European Economic Area (EEA).
Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activity and usage behaviour and to provide us with other services relating to your use of the website and the Internet. The abbreviated IP address transmitted by your terminal device as part of Google Analytics 4 will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for 2 months and then deleted.
Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users based on an evaluation of interest-based advertising and with the use of third-party information via a special function, the so-called “demographic characteristics”. This enables the provision and differentiation of user groups of the website for the purpose of target group-optimised marketing measures. However, data collected via the “demographic characteristics” cannot be assigned to a specific person and therefore cannot be assigned to you personally. This data collected via the “demographic characteristics” function is stored for 2 months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the terminal device you use to access the website, will only take place if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your use of the website.
We have concluded a data processing agreement with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.
As a transfer of personal data by Google to affiliated companies and subcontractors in countries outside the EU and the EEA is possible, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further legal information on Google Analytics 4, including a copy of the standard contractual clauses mentioned, can be found at the following link: https://policies.google.com/privacy
Details on the processing triggered by Google Analytics 4 and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites
Newsletter by Klaviyo
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information. The provision of additional data is freely given so that we can address you personally in the newsletter.
We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email if you have expressly confirmed to us that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive future newsletters. By confirming, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of sending you the desired newsletter.
When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address you used to register for the newsletter as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later date. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
You can unsubscribe from the newsletter at any time via the link included in every newsletter or by sending an email to the Controller named above. After cancellation, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.
Our e-mail newsletters are sent via a technical service provider to whom we pass on the data you provide when registering for the newsletter. We have concluded a data processing agreement with our email service provider in which we oblige them to protect our customers’ data and not to pass it on to third parties.
Service provider: Klaviyo, Inc.
Address: Summer St Floor 6, Boston, MA 02111, United States
As personal data may be transferred to countries outside the EU and the EEA, further safeguards are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Klaviyo is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
The service provider uses the information from the newsletter registration to send and statistically analyse the newsletter on our behalf on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. For the analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files that are stored on our website. This allows us to determine whether a newsletter message has been opened and which links have been clicked on. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively in pseudonymised form and is not linked to your other personal data; direct personal identification is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of recipients.
If you wish to withdraw your consent to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
Sending of applications (Personio)
If you apply to us via our application platform (Personio) or by email, we collect personal data. This includes in particular your contact details (such as first and last name, telephone number and e-mail address of the user) as well as other data provided by you about your background (e.g. CV, qualifications, degrees and professional experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). As a rule, your personal data is collected directly from you as part of the application process and encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 b GDPR in conjunction with Section 26 para. 1 German Federal Data Protection Act. In addition, consent pursuant to Art. 6 para. 1 lit. a, 7 GDPR in conjunction with Section 26 para. 2 German Federal Data Protection Act can be used as a data protection authorisation provision. If the processing of your data is based on consent, you have the right to withdraw your consent at any time with effect for the future.
Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfil our legal obligations. Your applications may be forwarded to the relevant Controller for review. Under no circumstances will your personal data be passed on to third parties without authorisation.
Your data relating to an application for a specific job advertisement will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after completion of the application process. You can withdraw your consent at any time with effect for the future. An informal email to the Controller’s contact details listed above is sufficient for this purpose. If you are accepted, we reserve the right to keep your application for longer if the start date is more than six months in the future.
We have concluded a data processing agreement with our service provider Personio, in which we oblige it to protect our customers’ data and not to pass it on to third parties..
Service provider: Personio SE & Co. KG
Adress: Seidlstraße 3 80335 München, Deutschland
Privacy notice: https://www.personio.de/datenschutzerklaerung/
YouTube
On our website, we embed videos from “YouTube”, a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). The legal basis for the processing of your personal data in this context is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR.
If the playback of embedded YouTube videos is started by your consent, a server call is made, usually to a Google server in the USA. This tells the server which page you have accessed and the IP address of the browser of the visitor’s terminal device is transmitted to Google and stored by Google.
If you have given your consent, the provider “YouTube” also uses cookies to collect information about user behaviour. According to information from “YouTube”, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behaviour. If you are logged in to Google, your data may also be assigned to your account when you click on a video. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for the purposes of advertising, market research and/or customising the design of its websites. Such an analysis is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right of objection to the creation of these user profiles. Please contact Google directly for this purpose.
As a transfer of personal data by Google to affiliated companies and subcontractors in countries outside the EU and the EEA is possible, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search
For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.
Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy?hl=de&gl=de
Firewall
We use a firewall to ensure the security of our website. We use the firewall to protect our website from hacker attacks and other unauthorised access. For this purpose, the user’s IP address is transmitted to the provider. In addition, the provider sets necessary cookies that are used exclusively for security checks and are not used for other purposes. The selected provider does not store any further personal data of the user.
We process the data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to ensure the security of our website and to protect it from hacker attacks.
Since your personal data is transferred to the provider in the (USA), further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the (USA) to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the (USA).
External links
Social networks (LinkedIn; YouTube) are only integrated on our website as links to the corresponding services. After clicking on the integrated text/image link, you will be redirected to the page of the respective provider. User information is only transferred to the respective provider after you have been redirected. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers you use.
1. Introduction and general information on data processing
The protection of your personal data is very important to us. Below you will find information on the handling of your data that is collected through your use of our social media presence on social networks and platforms. Your data will be processed in accordance with the legal regulations.
1.1. General information on the Controller
The Controller named at the beginning of this privacy notice (hereinafter referred to as “we/us”) operates presences or “fan pages” on various social media platforms. We are joint controllers with the operators named here under 1. for the processing of your personal data in connection with your visit to our presence or our “fan page” on the LinkedIn platform, insofar as they provide us with aggregated information about visitors to our fan page or our presence (“Insights”). Detailed information on the scope of joint controllership processing in relation to the respective providers can be found in the second section of this privacy notice.
1.1.1 Joint controllership
The operator of the LinkedIn platform is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810 USA.
We have concluded an agreement with the operator in accordance with Art. 26 GDPR on joint controllership for the processing of your personal data (Controller Addendum). This agreement specifies which data processing operations we or the respective operator are responsible for when you visit our fan page or our presence on the platform. You can view this agreement at the following link::
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
1.1.2. Controller of the platform providers themselves
If your personal data is processed by the following social media platforms, this processing is carried out under the sole responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR. For the assertion of your data subject rights, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please feel free to contact us at any time.
- YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
1.1.3. Controller of KINGSTONE Investment Management GmbH
We are solely responsible for the processing of your personal data in the cases mentioned under 1.4. to 1.7. which is not carried out by the operators mentioned under 1.1.2.
1.2. Data transfer and recipients, data transfer to third countries
If we pass on personal data to the providers of social media platforms, the latter are recipients of the data within the meaning of Art. 4 No. 9 GDPR. As personal data is transferred to countries outside the EU and the EEA (including the USA) when visiting and interacting with the social media platforms we use, further protective mechanisms are required to ensure the level of data protection required by the GDPR. According to the privacy notice, LinkedIn uses appropriate measures for third country transfers, including in particular standard data protection clauses, to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=de
In cases where providers process your personal data under their own responsibility (1.1.2.), we have no influence on the processing of this data by the provider and their handling of this data (at least after transmission of the data). For further information, please check the privacy notice of the respective provider and, if necessary, use the opt-out / personalisation options with regard to data processing by the provider:
YouTube/Google
- Privacy notice: https://policies.google.com/privacy?hl=de&gl=de
- Opt-out: https://adssettings.google.com/authenticated
- Google (Google LLC) is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here https://policies.google.com/privacy?hl=de&gl=de
1.3. Access to and storage of information in terminal equipment (cookies)
When you visit our social media pages, one or more cookies are set on your terminal device by the platform provider. Cookies are small text files that are stored on your terminal device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit.
Permanent cookies remain stored on your terminal device until you delete them yourself or they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behaviour or display advertising.
By interacting with our social media sites, information (e.g. your IP address) may be accessed or information (e.g. cookies) may be stored on your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
The period of activity or validity of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have any technical questions, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the respective privacy notice of the provider. Links to the respective privacy notices can be found above under “Data transfer and recipients”. If you have any further questions, please contact the provider of the respective social media platform directly.
1.4. Data processing for market research and advertising purposes
As a rule, personal data is processed on the company page for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the respective provider to recognise you when you visit a website. In addition, your interactions on the social media platform are analysed extensively by the provider. The data collected can be used to create user profiles. These are used to place adverts inside and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the user profiles independently of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them. Further information on this can be found in the privacy notices of the respective provider.
When you visit or interact with our social media presence, we may receive personal data from you, which we process on our own responsibility in addition to the provider, other than in the cases mentioned in section 2 of this privacy notice. This may be information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name).
The provider LinkedIn provides us with information about which LinkedIn user has visited our LinkedIn site. This information is stored for 180 days and is then no longer available to us.
Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy notice. We have a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR in the operation of our social media presence and the associated processing of personal data which you actively publish or make available to us. Our legitimate interest lies in the advertising approach and in providing an effective means of communication and interaction with our company..
1.5. Data processing when contacting us
We collect personal data ourselves when you contact us, for example via a contact form or a messenger service of the respective platform, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you provide or share. This data is stored by us for the purpose of processing your enquiry and in the event of follow-up questions. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your enquiry is aimed at concluding a contract. Your data will be deleted after final processing of your enquiry, provided that there are no statutory retention obligations to the contrary. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.
1.6. Data processing for contract processing
If your contact via a social network or other platform is aimed at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures or for the provision of the desired services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it is no longer required to fulfil the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract for the purpose for which you contacted us. Please note, however, that it may be necessary to store personal data of our contractual partners even after conclusion of the contract in order to fulfil contractual or legal obligations.
1.7. Data processing based on consent
If you are asked by the respective platform providers for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be withdrawn at any time with effect for the future.
2. Processing in joint controllership with the operator of the social media platform
2.1. LinkedIn presence
2.2.2. Your rights as a data subject of the data processing
If, as a visitor to the site, you would like to exercise your rights (information, rectification, erasure, restriction, data portability, complaint to the supervisory authority, objection or withdrawal), you can contact both LinkedIn and us. You can (also) restrict the visibility of your LinkedIn account to us via the LinkedIn settings.
For more information on data processing by LinkedIn, please refer to LinkedIn’s privacy notice: https://www.linkedin.com/legal/privacy-policy
2.2.3. Data Protection Officer of LinkedIn
To contact LinkedIn’s Data Protection Officer, you can use the contact form at the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO verwenden.
Data transfer and recipients
Your personal data will not be transferred to third parties unless
- if we have explicitly pointed this out in the description of the respective data processing,
- if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- in the event that a legal obligation exists for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
- insofar as this is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
We also use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded data processing agreements in accordance with Art. 28 GDPR where necessary. These service providers are bound by our instructions and are regularly monitored by us. These include service providers for hosting, sending emails, maintenance and servicing of our IT systems, etc. The service providers will not pass this data on to third parties.
Data security
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state-of-the-art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
Duration of storage of personal data
The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the performance of a contract or the initiation of a contract or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you have exercised your right of withdrawal or right of objection.
Your rights
Below you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the Controller with regard to the processing of your personal data:
- The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to complain, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
- The right, in accordance with Art. 16 GDPR, to demand the immediate rectification of incorrect or incomplete personal data stored by us.
- The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- The right to demand the restriction of processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to erase it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- The right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another Controller in accordance with Art. 20 GDPR.
- The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.
- The right to withdraw consent given in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right of objection
If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation. If you wish to exercise your right of withdrawal or right of objection, simply send an email to datenschutz@kingstone-re.com.
Legal obligations
The provision of personal data for the decision on the conclusion of a contract, the performance of a contract or for the implementation of pre-contractual measures is freely given. However, we can only make the decision within the framework of contractual measures if you provide personal data that is necessary for the conclusion of a contract, the performance of a contract or pre-contractual measures.
Automated decision-making
Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.
Subject to change
We reserve the right to adapt or update this privacy notice if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.
Status of this privacy notice: 08.11.2023