Information on data processing and your rights
Your data is in safe hands with AOK Niedersachsen. AOK Niedersachsen has an obligation to protect personal data (Section 35 of Book I of the German Social Code (Sozialgesetzbuch I – SGB I)). AOK Niedersachsen processes your data on the basis of the European Union General Data Protection Regulation (EU-GDPR) and other applicable laws. The following information provides an overview of the collection and processing of your data and the rights related thereto.
Why do we process your data, and on what legal basis?
AOK Niedersachsen, as a provider of solidarity-based health and care insurance, has the task of preserving, restoring or improving the health of its policy holders, as well as providing assistance to those in need of care who rely on solidarity support owing to the level of their need for care.
The benefits and other expenditure are financed by collecting contributions from employers and members.
In order to fulfil these statutory tasks, AOK Niedersachsen processes the data required for this purpose. This data is collected from you on the basis of statutory duties of cooperation (see, e.g. Section 60 et seq. SGB I) or on the basis of consent. AOK also receives data from third parties in accordance with the SGB (e.g. from your employer or care providers). Your failure to cooperate could adversely affect you when it comes to the provision of benefits (refusal or withdrawal of benefits).
For health insurance, the legal basis for data processing is Art. 6(1)(e) and (3)(b) and Art. 9(2)(b) and (4) EU-GDPR in conjunction with Section 284 of the German Social Code, Book V (SGB V), and for nursing care insurance it is Section 94 of the German Social Code, Book XI (SGB XI). AOK Niedersachsen is also entrusted with tasks under other statutory provisions for which the processing of personal data is necessary.
In particular, this includes:
For the tasks of the health insurance companies
- setting up the insurance contract and membership, including the data required for initiating an insurance contract.
- issuing the electronic health card.
- establishing the obligation to contribute and the contributions, responsibility for the contributions and payment of the contributions.
- assessment of the obligation to pay and provide benefits to the policy holder, including the requirements for benefit restrictions, determination of co-payment status and carrying out of cost reimbursements, reimbursements of contributions and determination of the limit.
- assisting the policy holder in the event of malpractice.
- assumption of treatment costs for individuals not required to have insurance in accordance with Section 264 of SGB V against reimbursement of costs.
- involvement of the Health Insurance Medical Service (MDK).
- settlement with care providers, including checking the lawfulness and plausibility of the invoice.
- monitoring of compliance with the contractual and statutory obligations of providers of aid.
- monitoring of the cost-effectiveness of the provision of benefits.
- settlement with other funding agencies.
- settlement of claims for reimbursement or compensation against third parties.
- preparation, agreement and execution of morbidity-orientated remuneration agreements.
- preparation, execution of pilot projects, contracts for integrated forms of care and for the outpatient provision of highly specialised services, including the execution of performance and quality audits.
- implementation of the risk adjustment scheme, as well as the preparation and implementation of structured treatment programmes, including recruiting policy holders to participate in these programmes.
- conclusion and execution of nursing care rate agreements, remuneration agreements and performance and quality agreements.
- consulting on measures for prevention and rehabilitation, and consulting on participation, as well as benefits and help with care.
- coordination of nursing care, care consulting, and fulfilment of duties at care support points.
- performance of discharge and sickness allowance case management.
- acquisition of new members.
- reimbursement of employer’s contributions in the case of illness or maternity.
- combating of misconduct in healthcare (Section 197a SGB V).
- research projects.
For the tasks of the nursing care insurance fund
- Determination of the insurance relationship and membership
- Determination of the contribution obligation and the contributions, who bears them and their payment
- Examination of the obligation to pay benefits and the provision of benefits to insured persons as well as the implementation of claims for reimbursement and compensation.
- Involvement of the medical service.
- Accounting with service providers and reimbursement of costs
- Monitoring of the efficiency of service provision and accounting and the quality of service provision
- Conclusion and implementation of nursing care rate agreements, remuneration agreements and contracts for integrated care.
- Clarification and information
- Coordination of nursing care assistance, nursing care counselling, issuing of counselling vouchers as well as the performance of tasks in the nursing care support centres
- Accounting with other service providers
- Statistical purposes
- Support for insured persons when asserting of claims for damages
- Combating misconduct in the health care system (Section 47a German Social Code (SGB) Book XI).
- Research projects
AOK Niedersachsen also processes data on the basis of express declarations of consent (Article 6 (1a) EU-GDPR, Article 9 (2a) EU-GDPR in conjunction with Section 67b (2) SGB Book X and supplementary regulations of the SGB), e.g. in connection with the electronic patient file, participation in structured treatment programmes and special forms of care, when making use of care and discharge management and for individual consultation and assistance in the event of incapacity for work in the event of sickness benefit or when processing data on interested parties. Consent is voluntary and can be revoked at any time with effect for the future without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Where do we process your data?
The processing of social data is only permissible in Germany or another member state of the European Union or the European Economic Area if the legal requirements specified for this are met. Data processing outside the European Union or the European Economic Area may only take place under the strict conditions of the Social Code and the General Data Protection Regulation, provided that an adequacy decision in accordance with Art. 45 EU-GDPR is available, which confirms an adequate level of protection.
What data do we process?
We process the following categories of data:
- Personal data (e.g. last name, first names, address and communication data, date of birth, photograph, health insurance number, bank details, marital status, gender, nationality, pension insurance number, tax identification number)
- Data on membership and its initiation (in particular preceding insurance periods, employer, start and end of membership, indicators for granting benefits)
- Data on the insurance relationship (e.g. type of insurance: compulsorily insured, voluntarily insured, start and end, reasons for registration, information on the activity, contribution groups, remuneration, income, pension payments, data on exemption from contributions/insurance, data on the pension application, pension payment, paying agency)
- Contribution and payment data (e.g. contribution amount, contribution debts, party liable to pay, data on dunning procedure)
- Service, supply and accounting data including health data (e.g. diagnoses, periods of incapacity to work, hospitalisation, aids, prescribed medicines, service prescribers, service providers, costs, duration of benefit receipt e.g. sickness benefit, data on compensation claims, co-payments, additional payments, data on treatment programmes, integrated care, model projects, care management, bonus programmes, optional tariffs, receipt of compensation benefits e.g. sickness benefit, injury benefit)
- Data on the caregiver (e.g. personal data, start and end of the care activity, reasons for registration and durations, information on the verification of the pension insurance obligation and, if applicable, collection of contributions)
- Data on the legal representative (e.g. personal data, scope of power of attorney or care)
- Data on optional tariffs and bonus programmes (e.g. chosen tariff, amount of bonus)
- Data of service providers and other contractual partners (e.g. doctor identifier number, identification code of the institution, name, address, data on professional qualifications, communication data)
- Data from employers and their tax advisors (e.g. address and communication data)
- Data of interested parties, competition participants (e.g. address and communication data, date of birth)
- Data on business partners and suppliers (e.g. name, address, communication data, bank details, data on billing)
We may process your data, in deviation from the above-mentioned purposes and legal bases, for other purposes (change of purpose) without any obligation to inform you in advance, if the following conditions are met:
- Another legal basis allows the change of purpose
- Your express consent has been given.
- The facts of the case are in accordance with Section 82 (2) SGB X
Who receives your data?
Data is transferred regularly in accordance with the statutory provisions to: providers of pension and accident insurance, the German Federal Employment Agency (Bundesagentur für Arbeit), the Health Insurance Medical Service (MDK), care providers, welfare authorities and, in relation to payment transactions, financial institutions, employers and paying agents. Furthermore, data may be transferred only in those individual cases stipulated by law under Section 67d et seq. SGB X (e.g. police authorities, local and municipal administration, tax authorities).
The AOK Niedersachsen can have its statutory tasks performed by another social service provider, working groups or by other service providers (in particular processors/Art. 28 EU-GDPR in conjunction with Section 80 SGB X), e.g. IT service providers, file and data carrier shredders, print service providers, billing service providers, producers of the electronic health insurance card (eGK) and providers of digital health services.
AOK Niedersachsen may use and process the lawfully collected and stored data of the data subject for other purposes if there is another legal basis for doing so under the SGB or if the data subject has given their express consent for this.
How long do we store your data for?
The data is stored while the task(s) are being completed and for the duration of the retention periods prescribed by law (e.g. Section 110a SGB IV, Section 304 SGB V, Section 84 SGB X, Section 107 SGB XI) and is then deleted.
What rights do you have?
- right of access to processed data (Art. 15 GDPR in conjunction with Section 83 SGB X)
- right to rectification of inaccurate data (Art. 16 GDPR in conjunction with Section 84 SGB X)
- right to erasure (Art. 17 GDPR in conjunction with Section 84 SGB X)
- right to restriction of processing (Art. 18 GDPR in conjunction with Section 84 SGB X)
- right to object (Art. 21 GDPR in conjunction with Section 84 SGB X)
- right to data portability (Art. 20 GDPR)
- In the case of data processing based on consent, you have the right to revoke this consent at any time with future effect.
Who is responsible for data processing and who can you contact in this regard?
- Corporation under public law -
If you have any questions or if you believe that your personal data is not being processed lawfully, you can contact us or our data protection officer.
Contact details of the data protection officer(s):
Data protection officer of the AOK Niedersachsen
Hildesheimer Straße 273
Data processing at Clarimedis, the medical information service of the AOK
What data does Clarimedis process?
With regard to medical questions, only the reason for the enquiry and key points relating to the information provided are stored by the medical staff of the AOK-Clarimedis ServiceCenter. Clarimedis processes this data on the basis of your active consent. This enables us to refer to information that is already known to us in the event of enquiries and/or new customer enquiries.
The data is stored for one year. We store your data in a specially protected archive for a further nine years for the clarification of possible liability issues. After this period the data will be deleted.
Consent to data storage can be revoked at any time by contacting AOK-Clarimedis at firstname.lastname@example.org. The medical staff at the AOK-Clarimedis ServiceCenter are bound by professional secrecy. Your personal data will not be disclosed to third parties.
The Clarimedis Terms and Conditions of Use can be found at https://www.aok.de/pk/niedersachsen/inhalt/nutzungsbedingungen-clarimedis-10/
Do you have a right to lodge a complaint?
You have the right to lodge a complaint with the competent supervisory authorities if you believe that the processing of your personal data is unlawful.
The address of the competent supervisory authorities for the AOK Niedersachsen is:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Niedersächsisches Ministerium für Soziales, Gesundheit und Gleichstellung