My accountFeather privacy policy
1. General information on data processing
This data protection declaration describes the collection and use of personal data in connection with the use of our web offer https://feather-insurance.com/ ("website") and our web application https://app.feather-insurance.com "app" in accordance with the requirements of the General Data Protection Regulation ("GDPR"). Processing activities that are not covered by this data protection declaration may be supplemented by further data protection declarations, which must be observed separately.
1.1 Responsible
Responsible person in the sense of the GDPR is
Popsure Germany GmbH (brand name: “Feather”)
Factory Görlitzer Park
Lohmühlenstrasse 65
12435 Berlin
Germany
You can contact us about privacy-related inquiries at hello@feather-insurance.com.
1.2 Data Protection Officer
We have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and on the implementation and maintenance of our data protection management system. For more information about Simpliant, please visit https://www.simpliant.eu.
You can reach our appointed data protection officer at:
1.3 Data subject rights and supervisory authority
You may exercise the following rights:
- Right to information about your data stored by us and its processing (Art. 15 GDPR),
- Right to rectification of inaccurate personal data (Art. 16 GDPR),
- Right to have your data stored by us deleted (Art. 17 GDPR),
- Right to restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
- Right to portability of data if you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR),
- Right to object to the processing of your data by us (Art. 21 GDPR)
To exercise your rights, you can contact us by email at hello@feather-insurance.com.
For identification purposes, please provide the following information:
- First and last name
- E-mail address
In individual cases, further information may be required for unique identification. The processing of your request and the identification of your person is based on Art. 6 para. 1 c) GDPR.
You may at any time pursuant to Art. 77 GDPR in conjunction with § 19 BDSG (German Federal Data Protection Act) file a complaint with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you live or with the authority responsible for us.
The following link provides a list and contact information for all state data protection authorities:
https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
1.4 Processing of data, purpose and legal basis
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
The legal basis of all our processing activities is based on Art. 6 (1) GDPR. You will receive further information in the context of the presentation of the individual processing activities.
1.5 Storage duration
We will take all reasonable steps to ensure that your personal data is processed only for the period required by the purpose of processing in each case. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law (e.g. § 257 HGB, 147 AO). Furthermore, we may retain your personal data until the expiry of the statutory limitation periods (usually three years; in individual cases, however, up to 10 years or longer), provided that this is necessary for the assertion, exercise or defense of legal claims.
1.6 Data security
To protect the security of your data during transmission, we use technical and organizational security measures, in particular encryption technology to prevent unauthorized access by third parties. An HTTPS or TLS encrypted connection is always used. Our security measures are continuously improved and adapted according to technological developments.
1.7 Transmission to service provider
We use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR. Data transfer to third countries
Unless otherwise stated below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries if the requirements of Art. 44 - 49 GDPR are met, in particular standard contractual clauses, binding corporate rules, adequacy decision of the Commission, as well as - if necessary - other required safeguards (in particular so-called transfer impact assessments).
1.8 No obligation to provide data / No profiling
There is no legal or contractual obligation to provide us with data. However, some services can only be provided if the required data is provided by you. Your personal data will not be used for automated individual decision making including profiling.
2. Processing activities
Our website offers different areas with different functionalities for the visitor, which are described in more detail below.
2.1 Server logs
Nature and purpose of data processing:
When you access our website or app, information of a general nature is automatically collected. This information, known as server log files, includes:
- IP address
- Name of the access provider
- Browser type, browser software version and browser language
- Operating system
- Date and time of access
- Access content
- Amount of data transferred
- Access status (successful transmission/error)
- Web page(s) to which the access was redirected
- Visited websites
The processing is carried out for the following purposes:
- Ensuring a trouble-free connection
- Ensuring smooth use
- Assessment of system safety and stability
Legal basis:
The processing is carried out pursuant to Art. 6 (1) f) GDPR based on our legitimate interest to host the website and app and to improve and monitor the security, stability and functionality of the website.
Recipient:
The recipient of the data is a technical service provider who is responsible for the operation and maintenance of our website. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
There is a transfer of data to our order processor in the United States of America ("USA"). The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Retention period:
The server log files are deleted after a maximum of 30 days . Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
2.2 Consent Management
Nature and purpose of the processing:
We use cookies or third-party applications (third-party tools) for various processing activities for which your consent is required in individual cases. In order to obtain such consent and to be able to store it, we use a so-called "cookie banner". As part of this, a cookie - a small text file - is set on your terminal device to register your selection/consent. For this purpose, we process your IP address, among other things.
Legal basis:
The processing is based on the documentation of compliance with the provisions of the GDPR, Art. 6 para. 1 c) GDPR.
For more information, see the "Cookies and third-party tools" section.
2.3 Contact
Nature and purpose of the processing:
In order to provide you with the best possible support when using our offers, we offer you the option of contacting us by e-mail, video call or via social media. In this context, we process your e-mail address, your name if applicable, and the content of your inquiry.
Legal basis:
The data is processed for the implementation of pre-contractual measures (Art. 6 para. 1 b) GDPR). In addition, you will be processed to protect our legitimate interests Art. 6 para. 1 f) GDPR to provide our customers with a straightforward customer service.
Recipient:
The recipients of the data may be providers of CRM systems ("Customer Relationship Management") or comparable service providers. As order processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Retention period:
If there is no customer relationship, communications will not be stored for longer than 3 years. Otherwise, data is deleted if it is no longer required. The necessity is reviewed at regular intervals.
2.4 Website analysis
Nature and purpose of data processing:
This website uses cookie-based technologies to help us better understand how the website is used. We do this by compiling reports about activity on the website that do not identify specific individuals. Analytics cookies process your IP address and data about usage patterns on our website (e.g. which pages were visited and which buttons were clicked) for this purpose.
Legal basis:
The processing is carried out with your consent in accordance with Art. 6 para. 1 a) GDPR.
For more information, see the "Cookies and third-party tools" section.
2.5 Marketing and advertising
Nature and purpose of data processing:
This website uses cookie-based technologies that help us run marketing and advertising campaigns. Advertisers can use them to serve ads that are primarily based on search results when using the company's own services.
Legal basis:
The processing is carried out with your consent in accordance with Art. 6 para. 1 a) GDPR.
For more information, see the "Cookies and third-party tools" section.
2.6 Web fonts
Nature and purpose of data processing:
In order for our website and app to display quickly and correctly, certain fonts must be downloaded from web servers to be downloaded. To perform this action, the user's IP address is processed.
Legal basis:
If personal data (such as the IP address) is stored, the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in the quality assurance and functionality of our app.
Recipient:
The recipient of the data is a service provider in the United States. As a processor, the service provider is obliged to process the data only within the framework of our instructions set out in a data processing contract.
Transfer to third countries
The data processing contract with the service provider contains standard contractual clauses approved by the EU Commission and appropriate guarantees for compliance with data protection obligations.
Duration of storage:
Data will be deleted after one year at the latest.
2.7 Job applications
Nature and purpose of data processing:
On our website, you have the opportunity to apply to us (especially for open positions). Data about you is usually collected directly from you as part of the application process - on the occasion of your application for a specific job ad or your unsolicited application. In addition, we may also have received data from third parties (e.g. online job boards) if you have applied to us via such a platform. In addition, we may process personal data that we have permissibly obtained from publicly accessible sources (e.g. professional social networks).
In order to accept and evaluate your application and depending on the data you provide, we may process the following personal data:
All the information you send us about yourself:
- Name
- Phone number
- Files and documents, such as testimonials and certificates, that you send us in connection with your application
Legal basis:
The processing of the data that you have provided to us as part of the application process is based on Art. 6 para. 1 b), Art. 88 GDPR in conjunction with. § Section 26 (1) BDSG. In case of your consent, the legal basis is Art. 6 para. 1 a) GDPR.
Recipient:
Only the departments and groups of people directly involved in the recruitment process have access to the data you provide. All employees involved have been obligated to treat your data confidentially.
In addition, the data may be processed by the service providers (e.g. job platform). As order processors, the service providers are obliged to process the data only within the scope of our instructions or - depending on the use of the service provider - as co-responsible parties according to the GDPR.
Storage period:
Your personal data will be deleted no later than three months after the end of the application process. In the event of employment, we will include the data provided in our personnel file. Invoices for any travel expense reimbursements will be archived in accordance with tax law requirements.
2.8 Account registration
Nature and purpose of data processing:
On our website there is the possibility to register a user account ("Account") for the app and to log in if an account exists. The Account allows you to manage your data and insurance policies. We process your data so that you can log in to our website and organize your data. We do this to provide a better service to our customers.
Legal basis:
The data is processed for the performance of a contract for the provision of our app (Art. 6 para. 1 b) GDPR).
Recipient:
The recipient of the data is a technical service provider. As an order processor, the service provider is obliged to process the data only within the scope of our instructions.
Transfer to third countries:
There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Retention period:
The data will be deleted after 30 days after deletion of the account is deleted. If there are still active insurance contracts, the data will be deleted 30 days after termination of these contracts. Data whose further storage is required for evidence purposes can be stored for up to 3 years after termination of the contractual relationship.
2.9 Transactional emails
Nature and purpose of the processing:
When you use our services, we must communicate with you as part of the business relationship. In particular, you will receive so-called transaction emails from us in this respect, in which information, processes and further necessary steps will be communicated to you.
For this purpose, we process your name and e-mail address, as well as any content of the customer relationship or your order.
Legal basis:
The sending of transactional emails takes place in the context of the fulfillment of a contract (Art. 6 para. 1 b) GDPR).
Recipient:
The recipients of the data are order processors. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Retention period:
Transactional emails are associated with your user account and are stored until the user account is deleted or you submit a deletion request to us.
2.10 Error and vulnerability management (error tracking)
Purpose and scope of data processing:
To ensure the technical stability of our service, to improve it by monitoring system stability and identifying code errors. The processing is solely for these purposes and does not evaluate data for advertising purposes.
Legal basis:
The data is processed for the performance of a contract for the provision of our app (Art. 6 para. 1 b) GDPR).
Recipient:
The recipients of the data are order processors. As processors, the service providers are obliged to process the data only within the scope of our instructions.
Transfer to third countries:
Data is transferred to the United States of America. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
2.11 Become a partner
Nature and purpose of data processing:
On our website there is a possibility to become an affiliate. As an affiliate you can earn money by recommending us to your customers or network. For this purpose, we process your data, such as your name, email address, address, company and your account data and tax ID. We process the data to get an overview as well as to be able to send you the money for a successful referral, if applicable.
Legal basis:
The data is processed for the implementation of (pre-)contractual measures (Art. 6 para. 1 b) GDPR).
Recipient:
The recipient of the data is a technical service provider. As an order processor, the service provider is obliged to process the data only within the scope of our instructions.
Transfer to third countries:
There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Retention period:
If there is cooperation from the request, the data will not be deleted. If not within 3 years.
2.12 Conclusion and management of insurance policies
Nature and purpose of data processing:
As a user of our app, you have the option of taking out various insurance policies or being placed on a waiting list in this regard. If an insurance contract is concluded, you have the option of managing the contract via our app. The following overview provides an overview of the insurance policies currently offered and which data is processed in the context of the conclusion and administration:
Insurance policy: Statutory health insurance
Data completion: Master data, contact details, employee details, time details, physical characteristics, prior insurance details.
Data contract management: Master data, contact details, employee details, time details, physical characteristics, prior insurance details.
Insurance policy: Private health insurance
Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics, prior insurance information.
Data contract management: Master data, contact data, employee details, time details, physical characteristics, health data, prior insurance details, benefit processing details.
Insurance policy: Occupational disability insurance
Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics.
Data contract management: Master data, contact data, time data, physical characteristics, health data, benefit processing data.
Insurance policy: Long-term travel health insurance ("Expat Insurance")
Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, prior insurance information.
Data contract management: Master data, contact data, employee details, time details, physical characteristics, health data, prior insurance information.
Insurance policy: Supplementary dental insurance
Data completion: Master data, contact data, time data, physical characteristics, health data.
Data contract management: Master data, contact data, time data, physical characteristics, health data.
Insurance policy: Private liability insurance
Data completion: Master data, contact details, time details, physical characteristics, details of previous insurance.
Data contract management: Master data, contact data, time data, physical characteristics, details of previous insurance, details of claims handling.
Insurance policy: Home insurance
Data completion: Master data, contact data, time data, physical characteristics, prior insurance data, housing data.
Data contract management: Master information, contact information, time information, physical characteristics, prior insurance information, housing information, claims information.
Insurance policy: Bicycle insurance
Data completion: Master data, contact details,, time details, physical characteristics, details of previous insurance, details of the bicycle.
Data contract management: Master data, contact data,, time data, physical characteristics, details of previous insurance, details of the bicycle, details of the claim settlement.
Insurance policy: Term life insurance
Data completion: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics, recreational activity details.
Data contract management: Master data, contact data, employee details, time details, physical characteristics, health data, creditworthiness characteristics, leisure activity details, benefit processing details.
Insurance policy: Legal expenses insurance
Data completion: Master data, contact details, employee details, time details, physical characteristics, prior insurance details.
Data contract management: Master data, contact details, employee details, time details, physical characteristics, prior insurance details, benefit processing details.
Legal basis:
The data is processed for the implementation of (pre-)contractual measures (Art. 6 para. 1 b) GDPR).
Recipient:
The recipient of the data is a technical service provider. As an order processor, the service provider is obliged to process the data only within the scope of our instructions.
Transfer to third countries:
There is a transfer of data to our order processor in the USA. The order processing contracts with the service provider contain standard contractual clauses approved by the EU Commission and appropriate guarantees that the data protection obligations will be met.
Retention period:
The data is made accessible in the Feather Account. The retention periods are based on the periods mentioned under 2.8.
3. Cookies and third-party tools
Our website uses cookies and similar technologies, e.g. pixels, local storage, third party requests (collectively "cookies" for simplicity). These technologies are used to make our offer more user-friendly, effective and secure and are based either on small text files that are stored on your terminal device and/or in your browser or a direct connection to third-party web servers.
If personal data is processed and the cookies used are not necessary for the provision of our offers, the processing is regularly based on your consent, which you give by clicking on the cookie banner displayed, Art. 6 para. 1 a) GDPR. Insofar as personal data is processed through technically necessary cookies, this is done to fulfill a contract to provide the app or another explicitly requested telemedia service (Art. 6 para. 1 b) GDPR. If the processing is carried out by way of exception or on the basis of legitimate interests, these will be named separately in the following.
3.1 Technically necessary cookies
Consent management
We use services of Intercom Inc, 55 2nd Street, 4th Floor, San Francisco, CA 94105, to assist us in obtaining consent. A transfer of your data to third countries, e.g. to the USA, may take place on the basis of standard contractual clauses. For the above purposes, cookies are used to create a pseudonymized visitor ID and an identifier for each individual browser session. For more information about Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy.
3.2 Technically unnecessary cookies
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. ("Google"). Google Analytics uses cookies that enable the website to analyze your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in Ireland. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser Add-On.
As an alternative to the browser add-on described above or when visiting our website on mobile devices, you can prevent tracking by Google Analytics on our pages by clicking on this link: https://tools.google.com/dlpage/gaoptout. This will install an opt-out cookie on your device and prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.
Google Campaign Manager
This website uses remarketing functions in the Campaign Manager of Google Ltd, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These functions enable the website visitor to be presented with interest-based advertising within Google's advertising network. For this purpose, a cookie is stored on the visitor's computer. The character string contained therein is used to recognize the visitor when visiting websites that are part of the Google advertising network. There, the visitor can be shown advertisements that relate to previously visited content on websites that use Google Remarketing.
Google uses the so-called "DoubleClick" cookie for this purpose, among others. The DoubleClick cookie is only used for the remarketing function. Your data may be transferred to third countries on the basis of standard contractual clauses.
The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to identify users personally.
We may integrate third-party advertisements based on the Google marketing service "AdSense". AdSense uses cookies that enable Google and its partner websites to serve ads based on users' visits to this website or other websites on the Internet.
Furthermore, we may use the "Google Tag Manager" to integrate and manage Google analytics and marketing services on our website.
According to Google, the remarketing function does not collect any personal data. If you still do not wish to use Google's "interest-based advertising" function, you can generally deactivate it in the settings at http://www.google.com/settings/ads. Alternatively, you can also set your browser so that it does not accept cookies or only accepts certain cookies. Please note that this may limit the functionality and convenience of websites. You can also deactivate the use of cookies for interest-based advertising via the advertising network initiative. To do so, follow the instructions at: http://www.networkadvertising.org/managing/opt_out.asp.
Google Fonts
Our website uses Google Fonts, a web service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google may collect information about how fonts are used with these applications, such as the font used, when a document using the font is opened, and when a font is applied to a document.
Google Fonts does not collect the content of the documents that use the fonts. Google uses the information collected from the websites that use Google Fonts to provide the Google Fonts service and to diagnose deployment or download issues.
Google reCAPTCHA
Google reCAPTCHA is a web service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The tool has the utility of blocking malicious software from abusive activity on our website. While legitimate users can use the web service, non-legitimate users are blocked from the website. In the process, Google collects personal data, such as the IP address.
The processing is carried out pursuant to Art. 6 (1) f) GDPR based on our legitimate interest in protection against bot attacks.
For more information, visit https://www.google.com/recaptcha/about/.
Microsoft Advertising
As a Microsoft Advertising customer, we use Microsoft Advertising Converison Tracking, an analysis service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft Advertising"). Microsoft Advertising sets a cookie on your computer ("conversion cookie") if you have accessed our website via a Microsoft Advertising ad. The information collected using the conversion cookie is used to generate conversion statistics for Microsoft Advertising customers who have opted in to conversion tracking. Microsoft Advertising customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.
For more information please visit Microsoft's privacy policy.
Google Reviews
On one of our website we have installed a plug-in from Google, which allows us to embed the reviews given to us via Google on our website. The tool is operated by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. For more information, you can also view Google's privacy policy.
Notion
On our website we use Notion, a project management and note-taking software. Notion is operated by Notion Labs Inc, 548 Market Street Suite 74567, San Francisco, CA 94104, United States. For more information, you can view Notion Labs' privacy policy.
4. Changes to the privacy policy
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or to make changes to our offers in the data protection declaration, e.g. when introducing new services. The current version of the data protection declaration applies in each case.
