Data Protection


Unless otherwise specified, is responsible for the data processing explained below:

Insurfox GmbH

(in the following: "we")

Stadtdeich 5

20097 Hamburg, Germany


Phone: +49 40 855986000

Contact details for data protection inquiries

For answers to questions about the processing of personal data, the exercise of your "data subject rights" and in case of revocation of consent granted, please contact us in writing to

Insurfox GmbH

Mr. Jürgen Sprang

Stadtdeich 5, 20097 Hamburg, Germany

or by e-mail to: E-mail:

If you contact us by e-mail, the communication will be unencrypted.

Validity of our privacy policy

With this privacy policy, we fulfill the information requirements of the General Data Protection Regulation (GDPR) for our website offering and for the personal data we collect via our websites. In addition to the GDPR, the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG) apply in particular in Germany. For third-party applications and websites that are referred to via links, for example, the data protection declarations there apply. Unless otherwise stated, we are not responsible for the processing of your data within the framework of websites or applications that are not operated by us, nor for their content.

Processing of personal data when visiting our website

(1) If you call up our website merely to obtain information, the server of our website only records the data that your end device (computer, laptop, tablet, smartphone, etc.) sends to our server on the basis of the https Internet protocol. The assignment of the automatic requests and responses of the server are made on the basis of your IP address, through which a reference to your person may be established. The purpose of processing the connection data is to technically enable you to use our website.

(2) When you call up our website, information is automatically sent to the server of our website by the browser of your respective end device and temporarily stored in log files ("log files"). The log files contain information such as your IP address, the URL of the accessed website, date and time of access, information about a successful page request, amount of data transferred, loading time, the website from which you accessed our website, type and version of your browser, operating system of your end device, name of your Internet service provider.

(3) The technical data collected does not allow any direct conclusions to be drawn about your identity. We do not store the data together with other personal data about you.

(4) The legal basis for data processing is our legitimate interest (Article 6 (1) sentence 1 lit. f GDPR). The data is technically necessary to display our website to you, to establish the connection smoothly, to ensure the stability and security of the system and to protect against misuse.

(5) Since the processing of the data is absolutely necessary for the provision and operation of our website, you have no right to object.

(6) The connection data will be deleted immediately after the execution of the https call. The log file data is automatically deleted after seven days.

Processing of personal data when contacting us

(1) If you contact us by mail, telephone, e-mail or via a contact form, we process the personal data you provide and the content of the communication only to process your request and, if necessary, to fulfill existing legal record-keeping obligations.

(2) Data processing for the purpose of contacting us is generally carried out on a voluntary basis. The legal basis depends on the specific purpose of the communication. Frequently, the legal basis for data processing will be the protection of our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f GDPR (such as conducting business correspondence, responding to inquiries about data protection). Insofar as further processing is carried out to fulfill legal retention obligations, the legal basis is Article 6 (1) sentence 1 lit. c GDPR.

(3) We delete the accruing communication data as soon as storage is no longer necessary to fulfill the purpose, unless legal retention obligations prevent deletion.

Processing of personal data for applications

(1) If you ("Applicant") apply to us electronically (e.g. by e-mail) and send us application documents electronically, we will process your personal data that you provide to us for the purpose of carrying out the application process.

(2) If we conclude an employment contract with an applicant, we process the data for the purpose of handling the employment relationship in compliance with the statutory provisions.

(3) If no employment relationship is established between an applicant and us, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part oppose deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

(4) The legal basis for data processing is Article 6 (1) Sentence 1 lit. b GDPR and Section 26 (1) Sentence 1 No. 1 BDSG (decision on the establishment of an employment relationship).

Processing of personal data of business partners

(1) In the context of cooperation with business partners, we process personal data of contact persons at interested parties, customers, sales partners, suppliers, service providers and other partners. The data include in detail:

(i) Contact information such as surname, first name as well as (business) address, telephone number, mobile phone number, fax number, e-mail address,

(ii) Information for processing payment transactions, such as bank details, account numbers, credit card information,

(iii) information the processing of which is required in the context of the performance of a contractual relationship with us or which is voluntarily provided by business partners,

(iv) personal data collected from publicly available sources, credit agencies or information databases,

(v) possibly further personal data which are legally required for the identification of our business partner, such as date of birth, date of identification, identification number.

(2) We process personal data for the following purposes:

(i) Communication with business partners in the context of initiating, establishing, implementing and terminating business relationships,

(ii) Implementation and administration of the business relationship (e.g. processing of orders for goods and services, accounting, billing),

(iii) assertion of and defense against legal claims,

(iv) Carrying out marketing activities (e.g. invitations to events, sending newsletters to existing customers),

(v) Maintaining and protecting the security of our products and services,

(vi) Preventing, preventing and detecting security risks and criminal acts,

(vii) Compliance with legal requirements (e.g. tax and commercial law retention obligations),

(viii) Compliance with legal obligations to investigate (e.g., under the Money Laundering Act).

(3) We only disclose data to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations (e.g. to participating telecommunications, transport and other auxiliary service providers as well as to subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). We will inform you about further data transfers within the scope of this data protection declaration.

(4) The processing of personal data is necessary to achieve the stated purposes. Unless expressly stated otherwise when collecting the personal data, the legal bases are:

(i) the performance and fulfillment of a contract with you (Article 6 (1) sentence 1 lit. b GDPR),

(ii) the fulfillment of legal obligations to which we are subject (Article 6 (1) sentence 1 lit. c GDPR),

(iii) the protection of legitimate interests of us (Article 6 (1) sentence 1 lit. f GDPR), whereby our legitimate interest lies in the initiation, implementation, processing and support of the business relationship.

If you have expressly given your consent to the processing of your personal data in individual cases, Article 6 (1) sentence 1 lit. a GDPR is the legal basis for the processing.

(5) We delete the accruing personal data as soon as the storage is no longer necessary for the fulfillment of the purpose, unless statutory limitation periods or statutory retention obligations (e.g. up to 10 years in accordance with the German Commercial Code or the German Fiscal Code) prevent a deletion.

Processing of personal data for newsletter registration

(1) Insofar as we offer a newsletter, we will also send you our newsletter by e-mail upon request outside of a business relationship, with which we will inform you about news and current offers. The only mandatory data for sending our newsletter is your e-mail address. The provision of further data is voluntary; we use this to be able to address you personally if necessary.

(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided and ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your data will be blocked and automatically deleted after one month. When you register for the newsletter, we store your IP address used and the times of registration and confirmation in order to prove compliance with legal requirements during the registration process and to be able to clarify any possible misuse of your personal data.

(3) We may pass on your data to a service provider who produces and sends the newsletter for us. This service provider is contractually obligated by us neither to use personal data for its own purposes nor to pass it on to third parties.

(4) The legal basis for the processing of your data for our newsletter is Article 6 (1) sentence 1 lit. a GDPR.

(5) You can object to the newsletter transmission as well as to the sending of e-mails at any time with effect for the future. To do so, it is sufficient to use the unsubscribe option at the end of the newsletter or to send a message in text form to the contact details provided in the imprint (e.g. by e-mail, postal letter).

(6) We will only process the personal data until you unsubscribe from the newsletter. As soon as you revoke your consent or unsubscribe from the newsletter, we may store your data stored on the occasion of the registration process and your unsubscribed e-mail address for up to three years before we delete them. The storage is based on our legitimate interest in being able to prove the consent you originally gave. We will comply with a request for deletion before the expiry of three years if you confirm to us at the same time that you formerly consented to the data processing.

Transmission and sharing of personal data

(1) We only pass on personal data to third parties if

(i) you have given your express consent (Article 6 (1) sentence 1 lit. a GDPR), or

(ii) this is necessary to carry out a pre-contractual measure requested by you or to fulfill a contractual relationship with you (Article 6 (1) sentence 1 lit. b GDPR), or

(iii) we are legally obliged to do so (Article 6 (1) sentence 1 lit. c GDPR), or

(iv) the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Article 6 (1) sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

(2) Personal data published by you via one of our online offers (e.g. in forums) may be accessible to other registered users of our online offer worldwide.

Payment and data transfer

We process your payment information collected in connection with the payment for the purpose of payment processing. Within the scope of offering individual payment methods, we work together with PayPal. When paying via PayPal, your payment data is forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as part of the payment processing. The legal basis for data processing is Article 6 (1) sentence 1 lit. b GDPR. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" via PayPal. The result of the credit check regarding the statistical probability of non-payment is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, these have their basis in a scientifically recognized mathematical-statistical procedure. For further information on data protection, please refer to PayPal's privacy policy:

Data transfer to third countries

In connection with the use of certain services and cookies, your data may be processed in individual cases in countries outside the scope of the GDPR ("third countries"). The level of data protection in third countries (such as the USA) may not correspond to the level within the European Union or the scope of the GDPR. This is regularly based on suitable guarantees within the meaning of Articles 44 et seq. GDPR (in particular standard contractual clauses). These guarantees are generally a means of ensuring that the conditions for permissible data processing are met within the meaning of Article 44 et seq. GDPR to create the conditions for a permissible transfer of data to third countries. However, this only applies if the recipient in the third country can actually comply with the conditions of the standard contractual clauses, which is usually the case. In view of any existing risks, we ask you for your express consent to the transfer of data to third countries (Article 49(1)(a) of the GDPR), insofar as a third country reference exists according to our explanations of individual processing operations.

General information on the use of cookies

When you visit our website, our web server sends so-called cookies. Cookies are very small text files that are stored on the hard drive of your end device (computer, laptop, tablet, smartphone, etc.) and assigned to the browser you use when you visit our websites. Cookies cannot execute programs or transfer viruses or Trojans to your end device. Personal data is not stored in a cookie.

Information about necessary cookies

(1) In order to simplify the use of our offer for you, we use absolutely necessary ("necessary") cookies. Necessary cookies ("temporary cookies") include, for example, session cookies, which store information about you during a single browser session, remain for each page change and are deleted when you close the browser, cookies that store certain settings on your part for a short time (e.g. log-in data, language settings or other settings on our website), cookies for even load distribution on the server, contact form cookies, which store the answer to a question via the contact form, multimedia cookies for the playback of media content (eg.E.g. Flash player), payment provider cookies set by integrated payment service providers (which do not analyze any specific usage behavior, but only serve to prepare possible payments or to check payment legitimacy), opt-out cookies with which cookie consent can be revoked, the cookie that records the consent status for other cookies, cookies from live chat systems and messenger services.

(2) You can see which necessary cookies we use from the Cookie-Tracking

(3) The use of the necessary cookies is based on legitimate interests (Article 6 (1) sentence 1 lit. f GDPR). Our legitimate interest is to ensure the functioning of our websites and their optimal usability.

Information about non necessary cookies

(1) We occasionally use cookies that are not necessary ("permanent cookies"). Such cookies enable us, for example, to analyze the use of our website in order to make our website more user-friendly and effective and to improve the content. Furthermore, when you visit our website again, it is automatically recognized that you have already visited our website and which entries and settings you have made so that you do not have to enter them again. You can find out which cookies we use in our cookie banner.

(2) Non-essential cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

(3) The use of non-essential cookies is based on your consent (Article 6 (1) sentence 1 lit. a GDPR). You can revoke your consent at any time with effect for the future.

Information on the technical deactivation of cookies

You can allow or disallow cookies independently in your browser's security settings. Help menus for popular browsers can be found at the following links:

- Microsoft Edge:

- Firefox:

- Chrome:

- Safari:

- Opera:

With cookies disabled, you can browse our website without restriction. However, you may not be able to use all the features of our website if you disable the necessary cookies.

Consent to the use of cookies, objection

(1) The use of necessary cookies is neither subject to consent nor is there an option to object. You can only deactivate such cookies by setting your browser.

(2) We require your consent for the placing and reading of cookies that are not technically necessary. We point this out to you on our website.

(3) If you do not agree with the storage and analysis of data from your visit, you can object to the storage and use of not functionally necessary Cookies at any time. If you object, the use of cookies and the associated data processing will cease for the future. For the use of our website, your objection has no disadvantages, unless you also disable the functions of technically necessary cookies.

(4) You can object to the use of third-party cookies and the associated data processing at any time as follows: (i) You can make a setting in your browser that prevents the setting of cookies by our website. (ii) You can click on the opt-out link of the respective service provider provided with the individual processing and deactivate the further use of cookies and the associated data processing there. (iii) You can download and install for your browser, for example, the "Opt-Out" add-on from Google. Opt-out cookies prevent the future collection of your data when visiting this and also other websites by Google services. To prevent data collection on different end devices, you must install the "Opt-Out" add-on on all end devices you use. An objection to the use of cookies for online marketing purposes can also be declared by means of other services, e.g. via the websites and

Use of Google Analytics

(1) Our website uses the web analytics service "Google Analytics". The provider of "Google Analytics" is the third-party provider Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google").

(2) Google Analytics uses cookies that enable an analysis of your use of our website. The information generated by the cookie about your use of our website is usually transmitted to and stored by Google on servers in the United States. For our website, we use Google Analytics with the extension "anonymizeIP()". This means that your IP address is shortened by Google within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area, which means that it cannot be linked to a specific person. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and anonymized there by shortening.

(3) Within the framework of the order processing agreement that we have concluded with Google, Google uses the information generated on our behalf to evaluate your use of our website, to compile reports on website activities and to provide us with further services associated with website use and internet use. Google may transfer the information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

(4) You can prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we would like to point out that you may then not be able to use all functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the link

(5) We use Google Analytics to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting for you as a user. If you have set up a customer account with us, we also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data".

(6) The legal basis for the use of Google Analytics is your consent pursuant to Article 6 (1) sentence 1 lit. a GDPR.

Your consent is voluntary and can be revoked by you at any time with effect for the future.

Any transfers to the USA will be based on standard data protection clauses in accordance with Article 46 sentence 2 lit. c GDPR. For more information, please visit

(7) Information on the purpose and scope of data collection and processing by Google can be found at The terms of use can be found at, the option to object (opt-out plugin) at

Use of Google Tag Manager

(1) We use the "Google Tag Manager" service on our website. The provider of the service is the third-party provider Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland ("Google").

(2) Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, the deactivation remains in place for all tracking tags that are integrated with Google Tag Manager. Information about the Tag Manager can be found at

(3) We use the Google Tag Manager to be able to make a simplified and clear integration of various services. In addition, the integration of the Tag Manager optimizes the loading times of the various services. The legal basis for the data processing is therefore our legitimate interest pursuant to Article 6 (1) sentence 1 lit. f GDPR.

Use of Freshdesk tool

(1) We use the Freshdesk tool on our website. The provider of Freshdesk is the third-party provider Freshdesk Inc, 2950 S. Delaware Street, San Mateo CA 94403, USA. Freshdesk also maintains an office in Germany (Neue Grünstraße 17, 10179 Berlin).

(2) We use Freshdesk to process your requests quickly and efficiently. If you do not agree with us processing your request via Freshdesk, you can alternatively communicate with us via email or telephone.

(3) Freshdesk uses cookies. The cookie generates information about, for example, your browser, hardware and software, internet service provider and IP address. The information recorded by is processed on various servers, some of which are located in the USA. Data processing may therefore take place outside the European Union

(4) Freshdesk uses the information to provide us with the above service. The basis for data processing by Freshdesk are so-called standard contractual clauses. These model templates provided by the EU Commission are intended to ensure that your data complies with European data protection standards even if it is transferred to and processed in third countries (such as the USA). Through the clauses, Freshdesk undertakes to comply with the European level of data protection when processing your data. For more information, please visit

(5) You can prevent the storage of cookies by setting your browser software accordingly, by rejecting the setting of Freshdesk cookies.

(6) The legal basis for the use of Freshdesk is your consent pursuant to Article 6 (1) sentence 1 lit. a GDPR. Your consent is voluntary and can be revoked by you at any time with effect for the future.

(7) Information on the purpose and scope of data use by Freshdesk and on data protection can be found at:

Use of social media links

(1) On our website, we currently link to the following social media networks: LinkedIn

(2) The legal basis is Article 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in the promotional purpose of increasing the attractiveness of our website and raising the profile of our company.

(3) No additional data processing takes place by setting the links. We use the so-called two-click solution, i.e. only when you click on the button of a network and thereby activate it, does your browser establish a connection to the respective network and the content of its page is loaded. The network operator receives the information that you have accessed the corresponding web page of our website. In addition, the data mentioned in the section "Processing of personal data when visiting our website" is transmitted to the respective operator.

(4) We have no influence on the data and data processing operations collected by the respective operator, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the respective network operator.

(5) Since network operators use cookies in particular for data collection, we recommend that you delete all cookies in the security settings of your browser before clicking on the button of a network. We also recommend that you log out of the relevant networks before visiting our website, but especially before clicking on a button, if you want to avoid the operators directly assigning the data collected during your visit to our website to your profile. You also have the right to object to the creation of user profiles, whereby you must contact the respective network operator to exercise this right.

(6) Further information on the type, scope, purpose and further processing of your data by network operators can be obtained from the respective operator. There you will also receive further information about your rights in this regard and setting options for protecting your privacy:

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Information on data protection:; Opt-out:

Your rights as a data subject

(1) Subject to the legal requirements, you have the following rights with regard to personal data concerning you:

- Right to information (Article 15 GDPR)

- Right to rectification (Article 16 GDPR)

- Right to erasure (Article 17 GDPR)

- Right to restriction of processing (Article 18 GDPR)

- Right to object to processing (Article 21 GDPR)

- Right to data portability (Article 20 GDPR)

(2) If you have given us consent to process your personal data, you have the right to revoke the consent given at any time with effect for the future (Article 7(3) GDPR). The revocation does not affect the lawfulness of the processing in the past. After revocation, we may only further process your personal data to the extent that we can base the processing on another legal basis (e.g. for the performance of a contract).

(3) You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Article 77 GDPR).

Data security

Within the website visit, we use the widespread TLS procedure in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. You can tell whether an individual page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Actuality and change of this privacy policy

This data protection declaration has the status stated at the end. Due to the further development of our website and the offers via the website or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be called up and printed out from our website at any time.

Status: September 2022