Information on data processing and your rights
Your data is in safe hands with AOK. AOK has an obligation to protect personal data (Section 35 of Book I of the German Social Code (Sozialgesetzbuch I – SGB I)). The EU General Data Protection Regulation (GDPR), which enters into force on 25 May 2018, further strengthens your rights as a customer. The following information provides an overview of the collection and processing of your data and the rights related thereto.
Why do we process your data, and on what legal basis?
AOK, as a provider of solidarity-based health and care insurance, has the task of preserving, restoring or improving the health of its policy holders, as well as providing assistance to those in need of care who rely on solidarity support owing to the level of their need for care.
The benefits and other expenditure are financed by collecting contributions from employers and members.
In order to fulfil these statutory tasks, AOK-Bundesverband processes the data required for this purpose. This data is collected from you on the basis of statutory duties of cooperation (see, e.g. Section 60 et seq. SGB I) or on the basis of consent. AOK also receives data from third parties in accordance with the SGB (e.g. from your employer or care providers). Your failure to cooperate could adversely affect you when it comes to the provision of benefits (refusal or withdrawal of benefits).
For health insurance, the legal basis for data processing is Section 284 SGB V; for care insurance, it is Section 94 SGB XI. In addition, AOK-Bundesverband is assigned tasks on the basis of other statutory provisions for which personal data needs to be processed.
In addition, AOK-Bundesverband processes data on the basis of express declarations of consent (Art. 6 (1) a) GDPR).
What data do we process?
We process the following categories of data:
- personal data (e.g. address and communication data, date of birth, photo)
- data on membership and its initiation
- data on optional tariffs and bonus programmes
- data of care providers and other contractual partners
- data of prospective customers, competition participants
- data from promotions and programmes.
Who receives your data?
Data is transferred regularly in accordance with the statutory provisions to: providers of pension and accident insurance, the German Federal Employment Agency (Bundesagentur für Arbeit), the Health Insurance Medical Service (MDK), care providers, welfare authorities and, in relation to payment transactions, financial institutions, employers and paying agents. Furthermore, data may be transferred only in those individual cases stipulated by law under Section 67d et seq. SGB X (e.g. police authorities, local and municipal administration, tax authorities).
AOK may arrange for its statutory tasks to be carried out by another funding agency, associations or other service providers (in particular, processors).
AOK-Bundesverband may use and process the lawfully collected and stored data of the data subject for other purposes if there is another legal basis for doing so under the SGB or if the data subject has given their express consent for this.
How long do we store your data for?
The data is stored while the task(s) are being completed and for the duration of the retention periods prescribed by law (e.g. Section 110a SGB IV, Section 304 SGB V, Section 84 SGB X, Section 107 SGB XI) and is then deleted.
What rights do you have?
- right of access to processed data (Art. 15 GDPR in conjunction with Section 83 SGB X)
- right to rectification of inaccurate data (Art. 16 GDPR in conjunction with Section 84 SGB X)
- right to erasure (Art. 17 GDPR in conjunction with Section 84 SGB X)
- right to restriction of processing (Art. 18 GDPR in conjunction with Section 84 SGB X)
- right to object (Art. 21 GDPR in conjunction with Section 84 SGB X)
- right to data portability (Art. 20 GDPR)
- In the case of data processing based on consent, you have the right to revoke this consent at any time with future effect.
Who is responsible for data processing and who can you contact in this regard?
Rosenthaler Straße 31
phone: +49 (0)30 34646-0
fax: +49 (0)30 34646-2502
If you have any questions or if you believe that the processing of your personal data is not being carried out lawfully, you can contact us or our data protection officer. You can reach our data protection officer at:
Contact details of data protection officer:
Data protection officer at AOK
Rosenthaler Straße 31
phone: +49 (0)30 34646-0
Do you have a right of complaint?
You have the right to complain to the supervisory authority if you believe that the processing of your personal data is not being carried out lawfully. The address of the supervisory authority responsible for AOK-Bundesverband is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
phone: +49 (0)30 13889-0
fax: +49 (0)30 2155050