Privacy Policy

Last updated: 1 January 2025

Contents

  1. Data Controller
  2. Data We Collect
  3. Legal Basis for Processing
  4. How We Use Your Data
  5. Data Sharing
  6. Data Retention
  7. Your Rights
  8. Data Security
  9. Cookies
  10. Changes to This Policy
  11. Contact

1. Data Controller

The data controller responsible for processing personal data on this website is:

SONO Sterbegeld VVaG
Westring 73
46242 Bottrop
Germany
Email: support@sonoag.org
Phone: +49 2041 18220

2. Data We Collect

We may collect the following categories of personal data:

  • Contact data: Name, postal address, telephone number, email address
  • Enquiry data: The content of messages you send us via our contact form
  • Technical data: IP address, browser type and version, pages visited, date and time of access
  • Cookie data: As described in our Cookie Policy

We do not collect special categories of personal data (such as health data) via this website. Any health data required in connection with an insurance application is handled separately and subject to additional safeguards.

We process personal data on the following legal bases under the EU General Data Protection Regulation (GDPR) and applicable German data protection law:

  • Article 6(1)(a) GDPR — Consent: Where you have given explicit consent, for example for analytics cookies.
  • Article 6(1)(b) GDPR — Contractual necessity: Where processing is necessary to respond to a pre-contractual enquiry or fulfil a contract of insurance.
  • Article 6(1)(c) GDPR — Legal obligation: Where processing is required to comply with a legal obligation, such as regulatory reporting requirements.
  • Article 6(1)(f) GDPR — Legitimate interests: For the secure operation of this website, detection of abuse, and improvement of our services.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To respond to enquiries submitted via our contact form
  • To process applications for insurance membership
  • To administer existing member policies
  • To comply with our legal and regulatory obligations as an insurance association
  • To operate and improve this website
  • To detect and prevent fraud or security incidents

We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

5. Data Sharing

We do not sell personal data. We may share data with third parties only in the following circumstances:

  • Service providers: Carefully selected processors who help us operate our website and business, bound by data processing agreements and prohibited from using data for their own purposes.
  • Regulatory authorities: Where disclosure is required by law or regulation, such as reporting to the German financial supervisory authority (BaFin).
  • Legal proceedings: Where necessary to establish, exercise, or defend legal claims.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Specific retention periods:

  • Contact form submissions: Up to 3 years, unless a contractual relationship results from the enquiry.
  • Member and policy records: For the duration of the membership plus any legally required retention period (typically 10 years under German commercial and tax law).
  • Server log files: Up to 90 days.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your data where it is no longer needed or where consent is withdrawn.
  • Right to restriction (Art. 18 GDPR): You may request that we limit processing in certain circumstances.
  • Right to data portability (Art. 20 GDPR): You may request your data in a structured, commonly used format.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@sonoag.org. You also have the right to lodge a complaint with a supervisory authority — in Germany, the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW).

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted data transmission via HTTPS, access controls, and regular security reviews.

Notwithstanding these measures, no method of transmission over the internet is completely secure. We cannot guarantee the absolute security of data transmitted to us electronically.

9. Cookies

This website uses cookies. Please refer to our Cookie Policy for full details of the cookies we use, their purposes, and how to manage your preferences.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by an updated "last updated" date at the top of this page. We encourage you to review this policy periodically.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

SONO Sterbegeld VVaG
Westring 73, 46242 Bottrop, Germany
support@sonoag.org
+49 2041 18220