GenkiGenki
About
Insurance
Guide
Help
My account

Privacy policy

§1 Information on the collection of personal data and provider identification

  • In the following, we provide information about the collection of personal data when using this website and/or other Genki services. Personal data is all data that can be personally related to you, such as name, address, e-mail addresses, and user behavior.

  • The controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is Genki UG (haftungsbeschränkt), Dorothee-Sölle-Platz 2, 50672 Cologne, Germany, [email protected] (see our legal notice).

  • Our data protection officer is Dr. iur. Andreas Pinheiro LL.M., [email protected]. If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we also name the defined criteria for the storage duration.

§2 Rights, in particular to information and revocation

  1. You have the following rights with regard to your personal data:

  2. Right to information,

  3. Right to correction or deletion,

  4. Right to restriction of processing,

  5. Right to object to processing,

  6. Right to data portability.

  7. If you have given your consent to the use of data, you can revoke it at any time.  Should the lawfulness of the processing be based on consent, it remains valid until the revocation is exercised.

  8. Please direct all requests for information, inquiries, or objections to data processing by e-mail to [email protected].

  9. You can demand that we delete your data at any time. There may be legal retention periods that require us to store your data until the period expires.

  10. If your data should be incorrect, you have the right to request a correction from us. We will comply with this request without delay.

  11. You have the right to receive the personal data you have provided to us in a readable format, as far as technically possible, in order to make it available to another company (right to data portability).

  12. You have the right to complain to the supervisory authority responsible for you. A list of data protection officers and their contact details can be found at the Federal Commissioner for Data Protection and Freedom of Information.

§3 Storage period

  1. We process and store personal data only for as long as is necessary for the respective purposes, as permitted by your consent, or as required by statutory or contractual retention periods. If the purpose of processing no longer applies or if a prescribed retention period expires, the data is routinely deleted or blocked in accordance with legal requirements.

  2. Technical data (e.g., server log files) is generally not stored for longer than one year.

  3. Personal and payment data is also stored for a maximum of one year, unless it is still required to provide the services you have requested—in which case the storage period is extended accordingly.

  4. Insurance terms and conditions are stored indefinitely after the purchase of an insurance product. The same applies to proofs of consent, which are retained until the consent given is revoked.

  5. The following periods also apply within the scope of statutory retention obligations:

    1. Insurance contracts must be retained as business letters in accordance with § 257 Para. 4 of the German Commercial Code (HGB) for six years.

    2. Advisory documentation is stored for five years in accordance with § 22 Para. 5 of the Insurance Mediation and Advisory Ordinance (VersVermV).

    3. In addition, statutory retention periods (e.g., under commercial or tax law) may provide for storage of up to ten years.

§4 Data security

We maintain current technical measures to ensure data security, in particular to protect your personal data from dangers during data transmission and from third parties gaining knowledge. These are adapted to the current state of the art.

§5 Informational use

  1. In the case of purely informational use of the website, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server or to that of our service provider. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

    1. IP address

    2. Date and time of the request

    3. Time zone difference from Greenwich Mean Time (GMT)

    4. Content of the request (specific web page)

    5. Website from which the request comes

    6. Browser

    7. Operating system and its interface

    8. Language and version of the browser software

  2. We store technical data for a maximum of one year.

  3. Cookies refer to data that is stored automatically on your device when you use a website. That data remains accessible to that website when you navigate between its various pages. Cookies can be used to identify you and to maintain information like website preferences.

§6 Cookies

  • To learn more about cookies and how they work, you can visit allaboutcookies.org.

  • We use cookies to be able to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

  • The cookies we use are described in our cookie banner.

  • Your consent to the setting of cookies will be stored until you revoke it. You can revoke this at any time via our Consent Management Tool.

§7 Contacting us

  1. When you contact us by e-mail, your e-mail address and name are stored by us. The purpose of this storage is solely to contact you in order to answer your questions.

  2. The legal basis for the collection when contacting us is the consent you have given by sending an e-mail (Art. 6 Para. 1 S. 1 lit. a GDPR).

  3. Information on the use of our support chat can be found under § 15.

  4. We will only use your data for advertising purposes to the extent permitted by law. In particular, we only use your e-mail address for direct advertising for our own similar goods or services. You can object to the use of your data for advertising purposes at any time by email to [email protected]. Here, we rely on our legitimate interest in promoting our products to our customers pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.

  5. To enable quick and uncomplicated contact with you, we use WhatsApp and Google Meet as communication channels.

    1. Via the free messenger WhatsApp (a service of Meta Platforms Ireland Ltd.), text messages, images, videos, and sound files can be exchanged in private chats.

    2. Google Meet is a video conferencing and direct messaging service from Google. Thus, these companies receive your contact information, such as phone number or e-mail address.

  6. Insofar as you have declared your voluntary consent to us pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR for the processing of personal data for these purposes, this consent forms the legal basis for the processing of this data. The consent given can be revoked at any time with effect for the future.

  7. We only store your data for as long as we need it for the purposes described above or are legally obliged to do so.

  8. More information on data processing can be found here for WhatsApp and here for Google Meet.

§8 Sub-processors

In order to be able to offer our services, we sometimes have to pass on data to sub-processors. Below we list our sub-processors for you:

  1. DR-WALTER to conclude and manage insurance contracts, as well as to offer insurance-related customer support. Further information can be found in the data protection declaration of DR-WALTER.

  2. Squarelife concludes health insurance agreements, processes your claims, and provides insurance-related customer support. Please also look at their privacy policy.

  3. HeyFlow and HubSpot enable us to advise you on health insurance.

  4. Flixcheck enables us to manage some of your insurance application information.

  5. Stripe is our payment service provider. You can find out more about data processing by Stripe in § 8 (6).

  6. Cloudflare, Heroku, and DigitalOcean enable us to offer technical services such as our website.

  7. Amazon Web Services and MongoDB enable us to securely process and store your data.

  8. Intercom, WhatsApp, and, if applicable, OpenAI enable us to offer our customers excellent support and contact. You can read more details under § 18 and § 19.

  9. We use SendGrid, Drip, and Twilio to reliably send emails and SMS messages. Our marketing emails are processed via Drip.

  10. Google, Meta, Microsoft, and Reddit allow us to use behavioral data to advertise our services on other websites.

  11. Bing and TikTok enable us to better reach our visitors with marketing offers.

  12. Google and PostHog allow us to better understand our visitors and improve our websites and services by analyzing the technical, referral, and behavioral data we collect.

  13. Slack enables our team to coordinate internally.

§9 Use of our service

  1. If you wish to use our service, it is necessary for the conclusion of the contract that you provide your personal data, which we require for insurance processing.  Necessary mandatory information is:

    1. Email address

    2. Gender

    3. Date of birth

    4. Country of nationality

    5. Home country

  2. We process the data you provide to handle your booking. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR.

  3. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

  4. We are obliged by commercial and tax law to store your address, payment, and order data for a period of ten years. Insurance document conditions are stored permanently upon conclusion of the contract. Insurance contracts must be retained as business letters for six years in accordance with § 257 Para. 4 HGB. Consulting documentation is stored for five years in accordance with § 22 Para. 5 of the Insurance Mediation and Consulting Ordinance (VersVermV).

  5. We use your specified data for the processing of your booking, subsequent execution of your contract, and fraud prevention. For this purpose, we pass on your non-medical personal data to a commissioned insurer and Nomads for Impact e.V.  We only share medical data with the relevant insurer if it is necessary for the processing of the contract or if you have given your consent. We delete this data after the contract has been processed and the storage retention periods have expired.

  6. The legal basis for the specified processing is the necessity to fulfill the contract (Art. 6 Para. 1. Lit. b GDPR). If this does not apply, we base our processing on your consent ( § 213 Abs. 1 VVG, Art. 9 Para. 2 lit. a GDPR, Art. 6 Para. 1 S. 1 lit. a GDPR). This consent may be revoked at any time with effect for the future.

  7. According to the German Insurance Contract Act (VVG), the insured person must disclose all circumstances relevant to the assessment of the risk and the settlement of claims to the insurer when applying for insurance, making any changes to the contract, and in the event of a claim. This includes, for example, previous illnesses and insurance claims or notifications of other similar insurance policies (applied for, existing, rejected, or terminated). In order to prevent insurance fraud, to clarify any contradictions in the information provided by the insured person, or to close gaps in the findings regarding the damage incurred, it may be necessary to request personal information from other insurers or to provide relevant personal data in response to inquiries.

  8. Payment processing can be carried out by credit card, debit card, prepaid card or other provided payment options via the payment service provider Stripe Payments Europe Ltd ("Stripe"), Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we pass on the information you provided during the ordering process along with the information about your booking (name, address, invoice amount, currency and transaction number). Your data is passed on exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. Further information on Stripe's data protection can be found in the Stripe Services Agreement.

§10 Insurance claim procedures

  1. When you, as the policyholder, report a claim, your data is recorded and processed via our Member Center. The electronic claim form collects the information required for processing, including, in particular, the date of the claim, invoice data, place of treatment, and, if applicable, medical reports and evidence.

  2. After the form is submitted, the data is stored on our systems and transmitted to the responsible insurer via a secure interface. The subsequent review and processing of the claim is carried out exclusively by the insurer. The result of the claim processing is usually communicated to you directly by email from the insurer.

  3. We are currently working with the insurer to create the technical capability to automatically transmit status information and basic details about the claim processing to us via an interface and display them to you in the Member Center in the future.

  4. The legal basis for the processing of your data is Art. 6 Para. 1 lit. b GDPR (fulfillment of the insurance contract). If special categories of personal data (e.g., health data) are involved, processing is also carried out on the basis of Art. 9 Para. 2 lit. a and lit. h GDPR in conjunction with § 22 BDSG.

§11 Use of our website

  1. If you wish to use our website, you must register by providing your e-mail address. You will receive a confirmation e-mail to verify your e-mail address. The provision of the aforementioned data is mandatory; you can provide all other information (phone number) voluntarily when using our website.

  2. When you use our website, we store your data required for the fulfillment of the contract until you permanently delete your access. We also store the voluntary data you provide for the duration of your use of the website, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR.

§12 Social media

external websites of third-party social media providers and not plugins. Consequently, no connections are established or personal data transmitted to the third-party providers when you visit our website. When you click on the respective button, which is marked with the provider's symbol, you will be redirected to that provider's website. At that moment, you leave our website. If you have any questions about the data collection of the third-party providers, please read the data protection declarations provided by them. We refer to the following social media:

  1. Facebook Our website refers via the "f" button to the social network facebook.com, the operator of which for users outside the USA and Canada is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. Information on data protection can be found here: https://www.facebook.com/privacy/policy/. Facebook Ireland ensures a comparable level of data protection for data transfer to the parent company in the USA by concluding so-called standard data protection clauses (SCC) pursuant to Art. 46 para. 2 GDPR. Further information can be found at: https://www.facebook.com/legal/EU_data_transfer_addendum

  2. Twitter By clicking on the button with the little bird symbol, you will be taken to the microblogging service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland; Twitter ensures a comparable level of data protection for data transfer to the parent company in the USA by concluding so-called standard data protection clauses (SCC) pursuant to Art. 46 para. 2 GDPR. Further information can be found at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html, notes on data protection can be found here: https://twitter.com/de/privacy

  3. Instagram Instagram is a service of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Further information can be found in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

  4. TikTok TikTok is a video platform of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Further information on data processing by TikTok can be found at: https://www.tiktok.com/legal/page/eea/privacy-policy/en

  5. LinkedIn LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA. LinkedIn ensures a comparable level of data protection for data transfer to the parent company in the USA by concluding so-called standard data protection clauses (SCC) pursuant to Art. 46 para. 2 GDPR. Further information can be found at: http://www.linkedin.com/legal/privacy-policy

  6. Discord Discord is a communication platform of Discord Inc. The company is located at 444 De Haro Street #200, San Francisco, CA 94107, USA. Further information on data protection when using Discord can be found at: https://discord.com/privacy

§13 Newsletter

  1. With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

  2. For the registration for our newsletter, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an email to the specified email address in which we ask you to confirm that you wish to receive the newsletter. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR.

  3. The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR.

  4. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to [email protected].

  5. We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent may contain so-called tracking pixels.  These are single-pixel image files that link to our website and thus enable us to evaluate your user behavior. This is done by collecting the data mentioned in § 4 of this declaration, as well as web beacons, which are assigned to your e-mail address and linked with a unique ID. Links contained in the newsletter may also contain this ID.  With the data obtained in this way, we create a user profile in order to be able to provide you with the newsletter tailored to your interests. In doing so, we record when you read our newsletters, which links you click on in them, and deduce your personal interests from this. We link this data with actions you have taken on our website.

§14 Google Ads Conversion Tracker

  1. We use the offer of Google to draw attention to our attractive offers with the help of advertising materials (so-called Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. We thus pursue the interest of displaying advertising to you that is of interest to you, making our website more interesting for you, and achieving a fair calculation of advertising costs.

  2. These advertising materials are delivered by Google via so-called "Ad Servers". For this purpose, we use Ad Server cookies, which can be used to measure certain parameters for success measurement, such as the display of ads or clicks by users. If you access our website via a Google ad, a cookie is stored in your browser by Google Ads Conversion Tracker. These cookies usually lose their validity after 30 days and are not intended to identify you personally. As analysis values, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (marking that the user no longer wishes to be addressed) are usually stored for this cookie.

  3. These cookies enable Google to recognize your internet browser. If a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not yet expired, Bing and the customer can recognize that the user has clicked on the ad and been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies cannot, therefore, be tracked via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising materials; in particular, we cannot identify users on the basis of this information.

  4. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by the use of this tool by Bing, and therefore inform you according to our state of knowledge: By integrating the Ads Conversion Tracker, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. It is possible that the provider will find out and store your IP address.

  5. You can prevent participation in this tracking procedure in various ways. We would like to point out that in this case, you may not be able to use all the functions of this offer to their full extent. Ways to prevent tracking participation:

    1. by a corresponding setting of your browser software, in particular, the suppression of third-party cookies means that you will not receive any ads from third-party providers

    2. by deactivating the cookies for conversion tracking by setting your browser so that cookies from this domain are blocked, whereby this setting will be deleted when you delete your cookies

    3. by deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads", via the link https://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies.

  6. The legal basis for the processing of your data is Art. 6 Para. 1 S. 1 lit. f GDPR. Further information on data protection at Google can be found here. Alternatively, you can visit the website of the Network Advertising Initiative (NAI).

§15 TikTok/Facebook pixel

  1. For marketing purposes, our website uses so-called conversion and retargeting tags (also "pixels") of the social networks TikTok and Facebook. The provider is, on the one hand, TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok") and, on the other hand, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin, Ireland Dublin 2 ("Facebook"). We use TikTok and Facebook pixels to analyze the general use of our website and to understand the effectiveness of advertising ("conversion"). In addition, we use the pixels to show you individualized advertising messages based on your interest in our products ("retargeting").

  2. The legal basis for the collection of data by TikTok and Facebook pixels is your consent pursuant to Art. 6 Para. 1 S. 1 lit. a GDPR, which is obtained beforehand (e.g., in the cookie banner).

  3. For this purpose, TikTok and Facebook process data that the services collect via cookies and similar technologies on our website. The data generated in this context can be transferred by the providers for evaluation to servers of the parent company, Beijing Bytedance Technology Ltd. in China ("TikTok") or Meta in the USA ("Facebook") and stored there.

  4. If you are a member of the social networks and allow this via the privacy settings of your account, TikTok and Facebook can also link the information collected about your visit to us with your member account and use it for the targeted placement of ads. Further information on data processing by TikTok and Facebook can be found at: https://www.tiktok.com/legal/page/eea/privacy-policy/en and https://www.facebook.com/privacy/policy/.

§16 Support chat

  1. We offer you a live support (text) chat on our website for all questions or other concerns.

  2. Our support team can view the customer information stored in your account. In addition, we process all data that you voluntarily provide to us via chat. The purpose of processing is exclusively to answer your questions or clarify your concerns.

  3. The legal basis for data processing is our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in answering your concerns.

  4. To provide you with this communication option, we use the service provider Intercom (Intercom, Inc., 55 2nd Street, 4th Fl., San Francisco, CA 94105, USA). You can read more about the data protection measures at https://www.intercom.com/blog/data-privacy-compliance/.

  5. Intercom's privacy policy can be found at: https://www.intercom.com/legal/privacy

§15 Integration of ChatGPT

  1. To ensure the most pleasant and goal-oriented communication possible, our support team has the option of having response suggestions generated by ChatGPT.

  2. ChatGPT is a so-called "chatbot". Through large amounts of data in conjunction with machine learning, a language model provides the "best possible" answer. The answer is not sent directly to you. Our support staff can use this text as a suggestion and adapt it manually to provide you with the optimal answer.

  3. In order to provide suitable results for your request, we must forward your request to the service provider of ChatGPT ("OpenAI"). To protect your personal data, we have concluded a data processing agreement with OpenAI.

  4. OpenAI does not use your data for further training of the language models. The chat data is stored there for 30 days. Further information on data processing by OpenAI with ChatGPT can be found at: https://openai.com/policies/api-data-usage-policies.

  5. The legal basis for the use of ChatGPT is your consent (Art. 6 Para. 1 lit. a GDPR), which you have given us in the live text chat via a checkbox. The consent can be revoked at any time by sending a message to the specified contact details. Should you not give your consent, you can still use our chat; however, this may affect your chat experience, as a pre-formulated, possible answer is generated by our own, less powerful language models.

Changes

We regularly review our privacy policy and list all changes here.

12 January 2025

  • We revised our privacy policy completely.

30 April 2025

  • Added Vercel to data processors.

  • Added Qonto, Wise, PayPal, and Easybill to data processors.

25 November 2024

  • Added Heyflow to data processors.

11 November 2024

  • Added country of citizenship as personal data we store and process.

  • Added Flixcheck, HubSpot, Meta, Microsoft, PostHog, Slack, Squarelife, and WhatsApp to data processors.

  • Clarified that we process and store your communications with us for customer support and insurance advisory purposes.

  • Clarified use of advertising services.

23 August 2023

  • Added Drip and OpenAI to data processors.

11 June 2022

  • Removed Hotjar from data processors.

  • Added Twitter to data processors.

5 April 2022

  • Removed SendGrid from data processors.

  • Added Intercom to data processors.

18 December 2021

  • Clarified writing and overall structure.

  • Added DigitalOcean, Facebook, Google, and Hotjar to data processors.

  • Added information about advertising and performance analytics.

Any questions?

We’re happy to answer them.