Reiseversicherungen Vergleich Anbieter Ratgeber
+49 2247 9194-900

Beratung zur Reiseversicherung

+49 2247 9194-900 Montag bis Freitag: 08:00 bis 17:00 Uhr info@reiseversicherung.com

Haben Sie einen Notfall?

Eine Übersicht der Notfallkontakte finden Sie hier.

Privacy Policy

Data protection policy

DR-WALTER Versicherungsmakler GmbH is an expert in insurance for private and business travel and stays abroad, e.g. for companies, organisations, institutions or even for Germans abroad or employees abroad. As an independent insurance broker, we compare insurance offers for you and offer you solutions that suit you and your needs.

In doing so, we take the protection of informational self-determination and privacy as well as data processing security seriously in order to maintain and strengthen the trust of the insured. The following information informs those affected about the type, scope and purpose of the processing of personal data within our company as well as their rights in this regard. 

Data controller

DR-WALTER Versicherungsmakler GmbH
Eisenerzstraße 34
53819 Neunkirchen-Seelscheid
Germany

Tel. +49 2247 9194-0
Fax +49 2247 9194-40
Data protection office: datenschutz@dr-walter.com

Purposes of processing

As an independent insurance broker within the meaning of Section 59 (3) of the German Insurance Contract Act (VVG), we advise and support our customers in the selection, brokerage and management of insurance contracts. We operate as an insurance broker in accordance with Section 34d (1) of the German Trade Regulation Act (GewO). In order to carry out these activities, we process personal data, in particular to: 

  • analyse and compare insurance needs, 
  • research and broker offers from insurers, 
  • manage ongoing customer relationships, 
  • fulfil legal obligations (e.g. under the GwG, AO), 
  • communicate with customers (including electronically), 
  • offer services via online forms or customer portals, 
  • carry out advertising and marketing measures, insofar as this is legally permissible or based on consent. 

Data collection

As a matter of principle, we collect personal data directly from the data subjects (taking into account Sections 19 and 31 of the Insurance Contract Act (VVG)). Data is collected without the involvement of the data subjects if this is necessary for the provision of the service or if direct collection would require a disproportionate effort and there are no overriding interests worthy of protection (e.g. in the case of group contracts). Where necessary, health data is collected from third parties with effective release from confidentiality obligations and in accordance with Section 213 of the Insurance Contract Act (VVG). 

Categories of personal data

Depending on the type of contract, we process in particular:  

  • Master data (e.g. name, address, date of birth) 
  • Contact details (e.g. email addresses, telephone numbers) 
  • Health data (e.g. diagnoses, pre-existing conditions, treatments) 
  • Contract-related data (e.g. insurance policy number, tariff information, product interest) 
  • Communication content (e.g. via e-mails, online forms) 
  • Payment data (only if relevant, e.g. in the event of queries regarding premium payments) 

Legal basis for processing

We only process your personal data if this is legally permitted. This is the case in the following situations: 
 

On the basis of consent, Art. 6 (1) (a) GDPR 

If you have given us your consent to process your data, we may process the data within the scope of the consent given (e.g. for advertising and marketing purposes). You can revoke your consent at any time with effect for the future. 

For the performance of a contract, Art. 6 (1) (b) GDPR 

In order for us to fulfil our brokerage and advisory mandate, it is necessary to process certain data. 

To fulfil legal obligations, Art. 6 (1) (c) GDPR  

In some cases, we are legally obliged to process or pass on data, e.g. for tax purposes or reports to supervisory authorities. 

To protect vital interests, Art. 6 (1) (d) GDPR 

If it is necessary to protect your vital interests or those of another person (e.g. in an emergency), we may process your data. 

On the basis of legitimate interests, Art. 6 (1) (f) GDPR 

In certain cases, we process data to protect our legitimate interests or the interests of third parties, e.g. to combat abuse or to assert and defend legal claims. In doing so, we carefully weigh up the interests involved to ensure that your fundamental rights and freedoms are not impaired. 

On the basis of consent, Art. 9 (2) (a) GDPR 

We require your express consent to process special categories of personal data, in particular health data. This may be necessary, for example, to determine insurance requirements or to calculate premiums. You may revoke your consent at any time with effect for the future. 

Recipients of the data

We only pass on personal data if this is necessary for the execution of the brokerage and consulting assignment, to fulfil legal obligations or on the basis of legitimate interests. Possible recipients 

  • Insurance companies, for the brokerage of offers and insurance policies 
  • Cooperation partners within the group of companies, in particular DR-WALTER GmbH, with whom we share IT infrastructures, customer systems and services 
  • IT and communication service providers, e.g. web hosting, support 
  • External service providers, e.g. document destruction, marketing agencies 
  • Lawyers, tax advisors, supervisory authorities, to the extent required by law 

If we use external service providers for data processing, this is done exclusively on the basis of a data processing agreement in accordance with Art. 28 GDPR. We will provide a list of the service providers used upon request (datenschutz@dr-walter.com). 

Duration of data processing

We store personal data for the duration of the business relationship (initiation, execution, termination) and in accordance with the respective statutory retention obligations (e.g. Sections 257 HGB, 147 AO, generally 6 to 8 years). In addition, data is stored until the expiry of statutory limitation periods (e.g. for the defence and/or pursuit of claims). Once the purposes and legal obligations no longer apply, the data is deleted or anonymised.

Rights of data subjects

Under the General Data Protection Regulation (GDPR), data subjects have the following rights with regard to the processing of their personal data:
  

Right of access, Art. 15 GDPR  

Data subjects have the right to obtain information about the data processed, the purposes of processing and the recipients. In exceptional cases, information may not be disclosed if there are overriding legitimate interests of third parties or if legal confidentiality obligations apply.
  

Right to rectification, Art. 16 GDPR  

Data subjects have the right to request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.
  

Right to erasure, Art. 17 GDPR  

Data subjects have the right to request the erasure of their personal data, provided that the legal requirements are met. This may be the case, for example, if processing is no longer necessary or consent has been revoked.  

Instead of erasure, the data is blocked if erasure conflicts with statutory, constitutional or contractual retention obligations, if there is reason to believe that erasure would prejudice the legitimate interests of the data subject, or if erasure is not possible or would involve disproportionate effort due to the special nature of the storage. Personal data will also be blocked if its accuracy is disputed by the data subject and neither its accuracy nor its inaccuracy can be determined. 
 

Right to restriction of processing, Art. 18 GDPR  

Data subjects may request the restriction of the processing of their data if the conditions for this are met, for example if the accuracy of the data is disputed or the processing is unlawful.
  

Right to object, Art. 21 GDPR  

Data subjects have the right to object to the processing of their personal data at any time, in particular if the processing is based on legitimate interests or is used for direct marketing.  

Your consent and the release from confidentiality can be revoked at any time with effect for the future; the lawfulness of the processing until revocation remains unaffected. Insofar as certain processing operations are contractually necessary, revocation may result in services not being able to be provided or not being able to be provided in full.  

The objection must be sent to the above-mentioned controller by post, fax or email, stating your full name, email contact details and, if available, your insurance number.
   

Exercising data subject rights  

To exercise the above rights, data subjects may contact the company's data protection officer at any time in writing or by email (DR-WALTER GmbH, Data Protection Officer, Eisenerzstraße 34, 53819 Neunkirchen-Seelscheid or datenschutz@dr-walter.com) Proof of identity may be required to protect data.  

 

Right to lodge a complaint with a supervisory authority, Art. 77 GDPR  

Data subjects have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. You can contact the authority responsible for us in Germany as follows:
  

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen  
Postfach 20 04 44  
40102 Düsseldorf  
Germany  
E-Mail: poststelle@ldi.nrw.de  

 

Transfer of data to a third country

Some service providers/recipients may process data in third countries. In such cases, we ensure an adequate level of data protection, e.g. through an adequacy decision by the EU Commission (including the EU–US Data Privacy Framework) or standard contractual clauses (SCCs) of the EU Commission, with additional technical and organisational measures where necessary. 

Data security

We protect your personal data through a variety of technical and organisational measures that are state of the art and are regularly reviewed and further developed. Access to our buildings, IT systems and data processing facilities is restricted to authorised persons only and is secured by access controls. Within the company, authorisations are designed in such a way that employees can only access the data they need to perform their tasks. Server rooms and data storage media are specially protected.  

Personal data is processed exclusively by trained employees who are bound to confidentiality. Our systems are protected against unauthorised access by firewalls, antivirus programmes and regular security checks. Paper documents and mobile data carriers are secured in accordance with the ‘clean desk’ principle and in lockable containers. For the secure transmission of data via our online services, we use encryption technologies in accordance with recognised standards (SSL/TLS), so that access by unauthorised persons is largely impossible.  

To ensure the integrity and traceability of data processing, we log entries and accesses. Data and data carriers are deleted or destroyed in accordance with data protection regulations. Backups are created and tested regularly, and emergency and recovery concepts ensure the availability of data even in the event of a crisis.  

Please note: If you contact us directly by e-mail, the transmission is usually unencrypted. In this case, there is a residual risk that messages may be viewed by third parties. For confidential communication, we therefore recommend using the online forms provided in the service area [https://www.dr-walter.com/en/service/] or contacting us by telephone.  

We continuously adapt our measures to current security requirements and risks in order to ensure a level of protection that is appropriate to the risk at all times.  

 

Last updated: October 2025 

Startseite