Feather privacy policy

1. General information on data processing

This data protection declaration describes the collection and use of personal data in connection with the use of our web offer https://feather-insurance.com/ ("website") and our web application https://app.feather-insurance.com "app" in accordance with the requirements of the General Data Protection Regulation ("GDPR"). Processing activities that are not covered by this data protection declaration may be supplemented by further data protection declarations, which must be observed separately.


1.1 Responsible

Responsible person in the sense of the GDPR is

Popsure Germany GmbH (brand name: “Feather”)

Factory Berlin Mitte

Rheinsberger Str. 76/77

10115 Berlin

Germany

You can contact us about privacy-related inquiries at hello@feather-insurance.com.


1.2 Data Protection Officer

We have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and on the implementation and maintenance of our data protection management system. For more information about Simpliant, please visit https://www.simpliant.eu.

You can reach our appointed data protection officer at:

hello@feather-insurance.com


1.3 Data subject rights and supervisory authority 

You may exercise the following rights:

  • Right to information about your data stored by us and its processing (Art. 15 GDPR),
  • Right to rectification of inaccurate personal data (Art. 16 GDPR),
  • Right to have your data stored by us deleted (Art. 17 GDPR),
  • Right to restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Right to portability of data if you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR),
  • Right to object to the processing of your data by us (Art. 21 GDPR)

To exercise your rights, you can contact us by email at hello@feather-insurance.com.

For identification purposes, please provide the following information:

  • First and last name
  • E-mail address

In individual cases, further information may be required for unique identification. The processing of your request and the identification of your person is based on Art. 6 para. 1 c) GDPR.

You may at any time pursuant to Art. 77 GDPR in conjunction with § 19 BDSG (German Federal Data Protection Act) file a complaint with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you live or with the authority responsible for us.

The following link provides a list and contact information for all state data protection authorities:

https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html


1.4 Processing of data, purpose and legal basis

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The legal basis of all our processing activities is based on Art. 6 (1) GDPR. You will receive further information in the context of the presentation of the individual processing activities.


1.5 Storage duration

We will take all reasonable steps to ensure that your personal data is processed only for the period required by the purpose of processing in each case. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (e.g. § 257 HGB, 147 AO). Furthermore, we may retain your personal data until the expiry of the statutory limitation periods (usually three years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.


1.6 Data security

To protect the security of your data during transmission, we use technical and organizational security measures, in particular encryption technology to prevent unauthorized access by third parties. An HTTPS or TLS encrypted connection is always used. Our security measures are continuously improved and adapted according to technological developments. 


1.7 Transmission to service provider

We use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR. Data transfer to third countries

Unless otherwise stated below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries if the requirements of Art. 44 - 49 GDPR are met, in particular standard contractual clauses, binding corporate rules, adequacy decision of the Commission, as well as - if necessary - other required safeguards (in particular so-called transfer impact assessments).


1.8 No obligation to provide data / No profiling

There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the required data is provided by you. Your personal data will not be used for automated individual decision making including profiling.


2. Processing activities

Our website offers different areas with different functionalities for the visitor, which are described in more detail below.


2.1 Server logs 

Nature and purpose of data processing:

When you access our website or app, information of a general nature is automatically collected. This information, known as server log files, includes:

  • IP address
  • Name of the access provider
  • Browser type, browser software version and browser language
  • Operating system
  • Date and time of access
  • Access content
  • Amount of data transferred
  • Access status (successful transmission/error)
  • Web page(s) to which the access was redirected
  • Visited websites

The processing is carried out for the following purposes:

  • Ensuring a trouble-free connection
  • Ensuring smooth use
  • Assessment of system safety and stability

Legal basis:

The processing is carried out pursuant to Art. 6 (1) f) GDPR based on our legitimate interest to host the website and app and to improve and monitor the security, stability and functionality of the website.

Recipient:

The recipient of the data is a technical service provider who is responsible for the operation and maintenance of our website. As processors, the service providers are obliged to process the data only within the scope of our instructions.

Transfer to third countries:

There is a transfer of data to our order processor in the United States of America ("USA"). The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.

Retention period:

The server log files are deleted after a maximum of 30 days . Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.


2.2 Consent Management

Nature and purpose of the processing:

We use cookies or third-party applications (third-party tools) for various processing activities for which your consent is required in individual cases. In order to obtain such consent and to be able to store it, we use a so-called "cookie banner". As part of this, a cookie - a small text file - is set on your terminal device to register your selection/consent. For this purpose, we process your IP address, among other things.

Legal basis:

The processing is based on the documentation of compliance with the provisions of the GDPR, Art. 6 para. 1 c) GDPR.

For more information, see the "Cookies and third-party tools" section.


2.3 Contact

Nature and purpose of the processing:

In order to provide you with the best possible support when using our offers, we offer you the option of contacting us by e-mail, video call or via social media. In this context, we process your e-mail address, your name if applicable, and the content of your inquiry.

Legal basis:

The data is processed for the implementation of pre-contractual measures (Art. 6 para. 1 b) GDPR). In addition, you will be processed to protect our legitimate interests Art. 6 para. 1 f) GDPR to provide our customers with a straightforward customer service.

Recipient:

The recipients of the data may be providers of CRM systems ("Customer Relationship Management") or comparable service providers. As order processors, the service providers are obliged to process the data only within the scope of our instructions.

Transfer to third countries:

There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.

Retention period:

If there is no customer relationship, communications will not be stored for longer than 3 years. Otherwise, data is deleted if it is no longer required. The necessity is reviewed at regular intervals.


2.4 Website analysis

Nature and purpose of data processing:

This website uses cookie-based technologies to help us better understand how the website is used. We do this by compiling reports about activity on the website that do not identify specific individuals. Analytics cookies process your IP address and data about usage patterns on our website (e.g. which pages were visited and which buttons were clicked) for this purpose.

Legal basis:

The processing is carried out with your consent in accordance with Art. 6 para. 1 a) GDPR.

For more information, see the "Cookies and third-party tools" section. 


2.5 Marketing and advertising

Nature and purpose of data processing:

This website uses cookie-based technologies that help us run marketing and advertising campaigns. Advertisers can use them to serve ads that are primarily based on search results when using the company's own services.

Legal basis:

The processing is carried out with your consent in accordance with Art. 6 para. 1 a) GDPR.

For more information, see the "Cookies and third-party tools" section. 


2.6 Web fonts

Nature and purpose of data processing: 

In order for our website and app to display quickly and correctly, certain fonts must be downloaded from web servers to be downloaded. To perform this action, the user's IP address is processed.

Legal basis: 

If personal data (such as the IP address) is stored, the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in the quality assurance and functionality of our app. 

Recipient: 

The recipient of the data is a service provider in the United States. As a processor, the service provider is obliged to process the data only within the framework of our instructions set out in a data processing contract.

Transfer to third countries  

The data processing contract with the service provider contains standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.

Duration of storage: 

Data will be deleted after one year at the latest.


2.7 Job applications

Nature and purpose of data processing:

On our website, you have the opportunity to apply to us (especially for open positions). Data about you is usually collected directly from you as part of the application process - on the occasion of your application for a specific job ad or your unsolicited application. In addition, we may also have received data from third parties (e.g. online job boards) if you have applied to us via such a platform. In addition, we may process personal data that we have permissibly obtained from publicly accessible sources (e.g. professional social networks).

In order to accept and evaluate your application and depending on the data you provide, we may process the following personal data:

All the information you send us about yourself:

  • Name
  • E-mail
  • Phone number

Files and documents, such as testimonials and certificates, that you send us in connection with your application

Legal basis:

The processing of the data that you have provided to us as part of the application process is based on Art. 6 para. 1 b), Art. 88 GDPR in conjunction with. § Section 26 (1) BDSG. In case of your consent, the legal basis is Art. 6 para. 1 a) GDPR.

Recipient:

Only the departments and groups of people directly involved in the recruitment process have access to the data you provide. All employees involved have been obligated to treat your data confidentially.

In addition, the data may be processed by the service providers (e.g. job platform). As order processors, the service providers are obliged to process the data only within the scope of our instructions or - depending on the use of the service provider - as co-responsible parties according to the GDPR.

Storage period:

Your personal data will be deleted no later than three months after the end of the application process. In the event of employment, we will include the data provided in our personnel file. Invoices for any travel expense reimbursements will be archived in accordance with tax law requirements.


2.8 Account registration 

Nature and purpose of data processing:

On our website there is the possibility to register a user account ("Account") for the app and to log in if an account exists. The Account allows you to manage your data and insurance policies. We process your data so that you can log in to our website and organize your data. We do this to provide a better service to our customers. 

Legal basis:

The data is processed for the performance of a contract for the provision of our app (Art. 6 para. 1 b) GDPR). 

Recipient:

The recipient of the data is a technical service provider. As an order processor, the service provider is obliged to process the data only within the scope of our instructions.

Transfer to third countries:

There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.

Retention period:

The data will be deleted after 30 days after deletion of the account is deleted. If there are still active insurance contracts, the data will be deleted 30 days after termination of these contracts. Data whose further storage is required for evidence purposes can be stored for up to 3 years after termination of the contractual relationship.


2.9 Transactional emails

Nature and purpose of the processing:

When you use our services, we must communicate with you as part of the business relationship. In particular, you will receive so-called transaction emails from us in this respect, in which information, processes and further necessary steps will be communicated to you.  

For this purpose, we process your name and e-mail address, as well as any content of the customer relationship or your order. 

Legal basis: 

The sending of transactional emails takes place in the context of the fulfillment of a contract (Art. 6 para. 1 b) GDPR). 

Recipient: 

The recipients of the data are order processors. As processors, the service providers are obliged to process the data only within the scope of our instructions. 

Transfer to third countries:

There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.

Retention period: 

Transactional emails are associated with your user account and are stored until the user account is deleted or you submit a deletion request to us. 


2.10 Error and vulnerability management (error tracking)

Purpose and scope of data processing:

To ensure the technical stability of our service, to improve it by monitoring system stability and identifying code errors. The processing is solely for these purposes and does not evaluate data for advertising purposes.

Legal basis:

The data is processed for the performance of a contract for the provision of our app (Art. 6 para. 1 b) GDPR). 

Recipient:

The recipients of the data are order processors. As processors, the service providers are obliged to process the data only within the scope of our instructions.

Transfer to third countries:

Data is transferred to the United States of America. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.


2.11 Become a partner

Nature and purpose of data processing:

On our website there is a possibility to become an affiliate. As an affiliate you can earn money by recommending us to your customers or network. For this purpose, we process your data, such as your name, email address, address, company and your account data and tax ID. We process the data to get an overview as well as to be able to send you the money for a successful referral, if applicable.

Legal basis:

The data is processed for the implementation of (pre-)contractual measures (Art. 6 para. 1 b) GDPR).

Recipient:

The recipient of the data is a technical service provider. As an order processor, the service provider is obliged to process the data only within the scope of our instructions.

Transfer to third countries:

There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.

Retention period:

If there is cooperation from the request, the data will not be deleted. If not within 3 years.


2.12 Conclusion and management of insurance policies

Nature and purpose of data processing:

As a user of our app, you have the option of taking out various insurance policies or being placed on a waiting list in this regard. If an insurance contract is concluded, you have the option of managing the contract via our app. The following overview provides an overview of the insurance policies currently offered and which data is processed in the context of the conclusion and administration:


Insurance policy: Statutory health insurance

Data completion: Master data, contact details, employee details, time details, physical characteristics, prior insurance details.

Data contract management: Master data, contact details, employee details, time details, physical characteristics, prior insurance details.


Insurance policy: Private health insurance

Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics, prior insurance information.

Data contract management: Master data, contact data, employee details, time details, physical characteristics, health data, prior insurance details, benefit processing details.


Insurance policy: Occupational disability insurance

Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics.

Data contract management: Master data, contact data, time data, physical characteristics, health data, benefit processing data.


Insurance policy: Long-term travel health insurance ("Expat Insurance")

Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, prior insurance information.

Data contract management: Master data, contact data, employee details, time details, physical characteristics, health data, prior insurance information.


Insurance policy: Supplementary dental insurance

Data completion: Master data, contact data, time data, physical characteristics, health data.

Data contract management: Master data, contact data, time data, physical characteristics, health data.


Insurance policy: Private liability insurance

Data completion: Master data, contact details, time details, physical characteristics, details of previous insurance.

Data contract management: Master data, contact data, time data, physical characteristics, details of previous insurance, details of claims handling.


Insurance policy: Home insurance

Data completion: Master data, contact data, time data, physical characteristics, prior insurance data, housing data.

Data contract management: Master information, contact information, time information, physical characteristics, prior insurance information, housing information, claims information.


Insurance policy: Bicycle insurance

Data completion: Master data, contact details,, time details, physical characteristics, details of previous insurance, details of the bicycle.

Data contract management: Master data, contact data,, time data, physical characteristics, details of previous insurance, details of the bicycle, details of the claim settlement.


Insurance policy: Term life insurance

Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics, recreational activity details.

Data contract management: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics, leisure activity details, benefit processing details.


Insurance policy: Legal expenses insurance

Data completion: Master data, contact details, employee details, time details, physical characteristics, prior insurance details.

Data contract management: Master data, contact details, employee details, time details, physical characteristics, prior insurance details, benefit processing details.


Legal basis:

The data is processed for the implementation of (pre-)contractual measures (Art. 6 para. 1 b) GDPR).

Recipient:

The recipient of the data is a technical service provider. As an order processor, the service provider is obliged to process the data only within the scope of our instructions.

Transfer to third countries:

There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.

Retention period:

The data is made accessible in the Feather Account. The retention periods are based on the periods mentioned under 2.8.


3. Cookies and third-party tools

Our website uses cookies and similar technologies, e.g. pixels, local storage, third party requests (collectively "cookies" for simplicity). These technologies are used to make our offer more user-friendly, effective and secure and are based either on small text files that are stored on your terminal device and/or in your browser or a direct connection to third-party web servers.

If personal data is processed and the cookies used are not necessary for the provision of our offers, the processing is regularly based on your consent, which you give by clicking on the cookie banner displayed, Art. 6 para. 1 a) GDPR. Insofar as personal data is processed through technically necessary cookies, this is done to fulfill a contract to provide the app or another explicitly requested telemedia service (Art. 6 para. 1 b) GDPR. If the processing is carried out by way of exception or on the basis of legitimate interests, these will be named separately in the following.


3.1 Technically necessary cookies

Consent management

We use services of Intercom Inc, 55 2nd Street, 4th Floor, San Francisco, CA 94105, to assist us in obtaining consent. A transfer of your data to third countries, e.g. to the USA, may take place on the basis of standard contractual clauses. For the above purposes, cookies are used to create a pseudonymized visitor ID and an identifier for each individual browser session. For more information about Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy.


3.2 Technically unnecessary cookies

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. ("Google"). Google Analytics uses cookies that enable the website to analyze your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in Ireland. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-On.

As an alternative to the browser add-on described above or when visiting our website on mobile devices, you can prevent tracking by Google Analytics on our pages by clicking on this link: https://tools.google.com/dlpage/gaoptout. This will install an opt-out cookie on your device and prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.


Google Campaign Manager

This website uses remarketing functions in the Campaign Manager of Google Ltd, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These functions enable the website visitor to be presented with interest-based advertising within Google's advertising network. For this purpose, a cookie is stored on the visitor's computer. The character string contained therein is used to recognize the visitor when visiting websites that are part of the Google advertising network. There, the visitor can be shown advertisements that relate to previously visited content on websites that use Google Remarketing. 

Google uses the so-called "DoubleClick" cookie for this purpose, among others. The DoubleClick cookie is only used for the remarketing function. Your data may be transferred to third countries on the basis of standard contractual clauses. 

The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to identify users personally.

We may integrate third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies that enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet.

Furthermore, we may use the "Google Tag Manager" to integrate and manage Google analytics and marketing services on our website.

According to Google, the remarketing function does not collect any personal data. If you still do not wish to use Google's "interest-based advertising" function, you can generally deactivate it in the settings at http://www.google.com/settings/ads. Alternatively, you can also set your browser so that it does not accept cookies or only accepts certain cookies. Please note that this may limit the functionality and convenience of websites. You can also deactivate the use of cookies for interest-based advertising via the advertising network initiative. To do so, follow the instructions at: http://www.networkadvertising.org/managing/opt_out.asp.

You can learn more about how Google processes personal information here: https://business.safety-google/privacy


Google Fonts

Our website uses Google Fonts, a web service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google may collect information about how fonts are used with these applications, such as the font used, when a document using the font is opened, and when a font is applied to a document. 

Google Fonts does not collect the content of the documents that use the fonts. Google uses the information collected from the websites that use Google Fonts to provide the Google Fonts service and to diagnose deployment or download issues.   


Google reCAPTCHA

Google reCAPTCHA is a web service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The tool has the utility of blocking malicious software from abusive activity on our website. While legitimate users can use the web service, non-legitimate users are blocked from the website. In the process, Google collects personal data, such as the IP address.

The processing is carried out pursuant to Art. 6 (1) f) GDPR based on our legitimate interest in protection against bot attacks.

For more information, visit https://www.google.com/recaptcha/about/.


Microsoft Advertising

As a Microsoft Advertising customer, we use Microsoft Advertising Converison Tracking, an analysis service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft Advertising"). Microsoft Advertising sets a cookie on your computer ("conversion cookie") if you have accessed our website via a Microsoft Advertising ad. The information collected using the conversion cookie is used to generate conversion statistics for Microsoft Advertising customers who have opted in to conversion tracking. Microsoft Advertising customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.

For more information please visit Microsoft's privacy policy.


Google Reviews

On one of our website we have installed a plug-in from Google, which allows us to embed the reviews given to us via Google on our website. The tool is operated by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. For more information, you can also view Google's privacy policy.


Notion

On our website we use Notion, a project management and note-taking software. Notion is operated by Notion Labs Inc, 548 Market Street Suite 74567, San Francisco, CA 94104, United States. For more information, you can view Notion Labs' privacy policy. 


4. Changes to the privacy policy

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or to make changes to our offers in the data protection declaration, e.g. when introducing new services. The current version of the data protection declaration applies in each case. 

Insurance
Public healthPrivate healthExpat healthStudent healthDentalPersonal liabilityHouseholdBike
Dog liabilityPet healthTravelLifeDisabilityLegalPensionCar
For companies & self-employed
Advice
Contact usBlogFAQRecommendation tool
Company
About usHow is Feather different?CareersFeather in-depthPressBecome a partner
FacebookInstagramLinkedIn
Download on the App StoreGet it on Google Play
ImprintPrivacy policyTermsSecurityIntroductory informationAccessibility
Copyright © Feather, a brand of Popsure Deutschland GmbH - All rights reserved.