Data Protection Declaration

1. Information on the collection of personal data

Notes on data processing

We are hereby informing you about the collection of personal data when using our products and our website. Personal data are all data that refer to you personally such as name, address, email addresses, user behaviour or motor vehicle registration plate number. We process personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) exclusively in fulfilment of our contractual obligations (article 6 (1b) GDPR), on the basis of your consent (art 6 (1a) GDPR) or due to statutory requirements (art 6 (1c) GDPR). Data other than personal data do not fall under the remit of this Declaration.

Office in charge (controller) and whom you should contact

Controller according to art 4 (7) GDPR:
ATRALOsecur GmbH
Heidenkampsweg 43 – 45
20097 Hamburg
Phone +49 40 23777-298

Contact coordinates of the protection officer:

data protection officer

Telefon +49 5231 603-6129
Telefax +49 5231 603-60-6129

The processing of your personal data depends on the particular point of departure situation:

a. When visiting our website, the description under numerals 6 through 10 of this Declaration applies.

b. If a contract obtains between you and us regarding the intermediation of insurance agreements or the insurance consulting of firms, personal data that emerges from the application documents, execution of the contract and the adapting of insurance agreements (e.g., premiums, insurance cases, risk or agreement amendments) as well as other contracts and required for contract implementation is stored and processed and such data are forwarded to insurers, underwriters and/or consolidated group companies and collaboration partners (e.g., experts, appraisers and attorneys). This applies in particular to application, product and insurance records, health data, property and company data as well as to sales figures, income and tax data determinant for insurance policies as well as to data about claims cases, recourse actions and corresponding payments settled by the insurance company.

All data received is exclusively stored for processing on the Group’s own servers and not passed on to external service providers or forwarded to clouds on external servers.

Health data (art 4 (15) GDPR) are basically not processed.

c. If any contract obtains between you and us other than one about the brokering of insurance agreements or about insurance consulting of firms, then the processing depends on the particular contract. In general, names, telephone numbers, addresses and email addresses of interlocutors are processed in order to perform or take receipt of contractual services.

Depending on what is required, we process the following categories of data: name, address, telephone, email, IP address, social security data, motor vehicle registration plate number, account data, eventual further data made available in connection with individual contract fulfilment.

If we fall back on commissioned service providers for specific functions of our services or if we wish to use your data for advertising purposes, we will inform you about the particular procedures as explained below.

2. Rights of data subjects

Below we inform you about your rights as a subject of data processing:

The existence of a right to information under the conditions of art 15 GDPR, correction under the provisions of art 16 GDPR, erasure (deletion) under the provisions of art 17 GDPR, restriction of processing under the conditions of art 18 GDPR or any objection against processing under the provisions of art 21 GDPR where there is a justified interest as well as the right to data portability under the conditions of art 20 GDPR.

The existence of a right to revoke data protection law consent in the terms of art 6 (1) letter a) or art 9 (2), letter a) at any time without indicating any reasons and without using a specific form, without impairing the legality of processing on the basis of such consent having already taken place prior to revocation.

Every subject has in case of data protection law violations by the controller or the latter’s contract data processer the right to complain to the competent authority.

That is, in this case, the Hamburgian commissioner for data protection and freedom of information,
Ludwig-Erhard-Straße 22, 20459 Hamburg,
Telefon: 040 428544040, Telefax: 040 / 428 54 – 4000 E-Mail:

In addition, subjects have the option of contacting the regulatory authority in their habitual place of abode (residence).

3. Security measures

We deploy state-of-the-art organisational contractual and technical security measures in order to ensure that the provisions of the data protection laws are complied with and in order to protect the data we process from manipulation, destruction or unauthorised access.

The security measures include in particular the encrypted transmission of data between your browser and our server as well as forgoing storage of your insurance data in cloud software solutions.

4. Contract processor

In performing our services, we are supported by companies with which agreements have been signed about contract processing. They are insurers, underwriters, insurance brokers, insurance consultants and claims adjustment companies.

The hosting of our website, the provision of the web server and the data processing infrastructure, the telephone data transmission in the area of telephone service, accounting, administrative management including software maintenance, is carried out by the group company, Oskar Schunck GmbH & Co. KG, Englschalkinger Straße 12, 81925 Munich, with a corresponding written agreement on commissioned processing.

5. Deletion strategy

We process and store your personal data as long as the insurance relationship via us obtains or another insurance relationship obtains and as long as claims may be asserted hereunder. And to the extent required for execution of the contract (e.g., in connection with contract settlement of the insurance agreement including claims processing).

Personal data stemming from general correspondence, fax messages, emails, letters and appointment notes are stored under sec 257 (IV), sentence 2 Commercial Code for six calendar years, contracts and accounting related documents (billing, payment and booking data, broker records under sec 257 (I), numerals 1 and 4 Commercial Code are under sec 257 (IV), sentence 1 stored for 10 calendar years either after termination of the contract or termination of the intended business relation,

Personal data of employees (e.g., job application records, assessments, etc.) are kept during the relationship with the company in the personnel department and, where required, with the employee’s supervisor for action and after termination of employment so restricted that only the personnel department has access to them. Such data must where required be disclosed in audits by the social security officer (e.g., Deutsche Rentenversicherung) to the authorised authorities. The personal data are erased at the end of 10 calendar years after the employee has left the company, unless special conditions emerge from ongoing proceedings (e.g., court proceedings) or for enforcement of legal orders needed to ward off, for instance, liability claims or to enforce such claims, up through settlement of the corresponding procedures which required their retention. Thereafter, remaining personal data will be erased after an appropriate waiting period of at most one calendar month. Personal data of those vested in company pensions are stored pending taking of the pension plus a corresponding waiting period of ten years and then erased.

Personal data of job applicants (electronic application documents, emails, and other contact or appointment data) are basically erased immediately after the end of the application procedure if the applicant is not hired. The applicants are immediately informed of this. If there are grounds to expect possible proceedings under the General Equality Act (AGG) then correspondence records necessary for settlement are kept up through the end of the statutory deadline under sec 15 AGG (two months) and then erased when proceedings under AGG are no longer possible because deadlines have run out.

The deadlines run as of the end of the calendar year in which the contractual service was fully performed.

In case of doubts due to the attribution of personal data to the positions in question then the10-year retention period applies.

If the contractual service has been completely performed and if the erasure period of 10 years has begun then their retrievability is selectively restricted at the end of six calendar years and can then no longer be retrieved by users working as assistants, including in case of selections, unless their further processing (time limited) is required for the following purposes: retention of evidence (claim to surrender, legally definite claims, claims under executable documents, claims that have become executable by findings in insolvency proceedings, claims to reimbursement of claims under compulsory foreclosure in connection with the statutes of limitations under sec 197 (1) Civil Code for 30 years).

6. Collection of personal data when visiting our website

If the website is used merely for information purposes, that is, if you are not registering or otherwise submitting information for us, then we only collect personal data that your browser sends to our server and which are technically necessary for us to have you display our website and guarantee the stability and safety (the legal basis is art 6 (1), sentence 1, letter f) GDPR, the interest lies in the commercial appearance via the website).

  • IP address
  • Date and time of the enquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the requisition (exact page)
  • Access status / http status code
  • Data volume transmitted in this visit
  • Website from which the requisition comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

With your making contact with us by email or via a contact form the data you convey (your email address, eventually your name and your telephone number) are stored with us in order to answer your questions. The data generated in this context are erased after storage is no longer required or processing is restricted if there are statutory retention obligations.

In addition to the data mentioned above, with your use of our website cookies are stored on your computer. Cookies are small text files allocated on your hard drive to the browser you use and by means of which in the place set by the cookie (in this case by us) certain information is channelled. Cookies cannot execute any programmes or transmit viruses to your computer. They serve to make the internet contents more user friendly and efficient.

Use of cookies:

a) This website uses the following types of cookies, whose scope and manner of function are explained here below:

Transient cookies (see b)

Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. They in particular include the session cookies. The latter store a so-called session ID with which various enquiries of your browser are allocated to the joint session. With them, your computer can be recognised again if you return to our website. The session cookies are deleted if you log out or close the browser.

c) Persistent cookies are automatically deleted after a specific period of time which may be different for each cookie. However, you can at any time delete the cookies in your browser’s security settings.

d) You can configure your browser settings according to your preferences and, for example, reject the acceptance of third-party cookies or of all cookies. But we must point out that you then cannot make use of all the functions on this website.

7. Google web fonts

This website uses so-called web fonts for standardised presentation of fonts provided by Google. When calling up a page your browser loads the necessary web fonts in your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must make contact with Google’s server. By doing so, Google becomes aware that you called up our website from your IP address. The use of Google web fonts occurs in the interests of standardised and attractive presentation of our online offers. This constitutes a justified interest in the terms of art 6 (1), letter d) GDPR.

If your browser does not support web fonts then a standard font off your computer is used.

You can find further information on Google web fonts at and Google’s data protection declaration at:

8. Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses so-called „cookies,“ text files that are stored on your computer and which make possible analysis of our use of this website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the United States and stored there. In case IP anonymisation on this website is activated then your IP address, within the Member States of the European Union or in other Treaty States of the European Economic Area are abbreviated by Google in advance. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and abbreviated there. On instructions from the operator of this website, Google will use this information to evaluate your use of the website in order to compose reports about the website activities and in order to perform further services relating to web use and internet use for the website operator.

The IP address transmitted to Google Analytics from your browser will not be combined with other data from Google.

You can prevent the storage of cookies with a corresponding setting of your browser software; however, we must make you aware that you may in that case not be able to use all of the functions of this website to the full extent. You can in addition prevent recording of the data picked up by the cookie relating your use of this website (including your IP address) and transmission to Google as well as the processing of such data by downloading and installing the following browser plug from:

Google Analytics uses this website with the extension „anonymizeIp().“ In that way IP addresses are further processed in abbreviated form and its relatedness to a specific person can be excluded. If a reference to a person is attributed to data collected about you then it is immediately excluded and the personal data immediately deleted.

We use Google Analytics in order to be able to analyse the use of our website and too regularly improve it. We can use the statistics gained to improve our programme and to make it more interesting to you as a user. For the exceptional cases where personal data is transmitted to the United States, Google has submitted to the EU-US privacy shield, The legal basis for the use of Google Analytics is art 6 (1), sentence 1, letter f) GDPR.

Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: An overview of data protection: well as the data protection declaration:

9. Contact form

If you want to make an enquiry with us via our contact form your information will be stored with us, including the contact data you give there for the purpose of processing your enquiry and in the event that you have subsequent questions. We do not pass this data on without your consent. You can revoke this at any time with effect for the future.

10. Plugins

On our internet pages as well as with our own apps we use so-called software plugins that expand the function scope provided for our users by adding services offered by other manufacturers.

The plugins deployed include, for instance, Google Maps, for depicting digital maps, but also Google Recaptcha. Both plugins are products of Google Inc (1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA). Recaptcha serves to protect against misuse of our website contents in that, for instance, interactions by automated accesses by so-called bots to the internet page in question are checked and prevented. For this, Google processes your IP address and eventually additional data which provide evidence of the presence of some human action and which are collected in connection with website access. Processing occurs both inside Europe as well as in the United States, in the latter case on the basis of the „US-Privacy-Shield.“ Applicable to this are Google’s data protection regulations, retrievable at The data processing for the plugins described above occurs on the basis of statutory regulations permitting the processing of personal data because companies in the SCHUNCK GROUP have an overwhelming justified interest in the protection of their IT systems (art 6 (1), letter f) GDPR). In this matter, securing the functional capability of our website contents must concretely be seen as a justified interest in the terms of the law.

Only when the plugins are activated does your internet browser make a direct connection to the servers of the relevant plugin provider. In that way the plugin provider receives the information that your internet browser has called up the corresponding page of the SCHUNCK GROUP‘s website. Log-files (including the IP address) are in that case sent directly from your internet browser to a server of the relevant plugin provider and may eventually be stored there. This service may have its venue located outside of the EU or the EEA (e.g., in the United States). If you do not wish to let the plugin provider get and eventually store or re-use data collected via this website you should not use the plugins in question.

You can also basically completely prevent the loading of the plugins with the aid of add-ons (supplemental programmes), so-called script-blockers, for your browser.

Further information about the purpose and scope of collection as well as further processing and use of your data by plugin providers as well as on your rights and settings options to protect your data can be found in the data protection notices of the providers in question.

We do not use any social media plugins.

11. Miscellaneous

Notices on data processing for third-party data can be found here. With this Data Protection Declaration, the processing of data by insurers or other intermediaries is not regulated so that attention must be drawn to their separate declarations. We reserve the right to update and improve the Data Protection Declaration on an ongoing basis in view of legislative regulations and requirements in case of changes to procedures or otherwise.