As an employer, you process personal data for such purposes as your payroll accounting. For all your data processing, also for other purposes, you must comply with GDPR.
What must you do for the occupational insurances that you have taken out with AG Insurance?
Provide information
GDPR requires you to inform the participants of the data that you process about them (such as surname, first name, address and so on), the purposes for which you process the data (such as payroll accounting), and also any partners (such as external payroll accounting firms) to which you disclose such data (‘information tot data subject’).
Consequently, you will need to inform the employees that, for the purpose of the supplementary pension and/or occupational health insurance you have taken out for them, personal data will be disclosed to and processed by AG Insurance.
What exactly must you inform the data subjects about?
-
Your disclosure of personal data to AG Insurance
-
The purposes for which the personal data are intended and the legal ground for their processing
you will find this information in question 3, or in our General Terms and Conditions that you received together with the agreement for data processing (refer to question 1) -
Their right to:
-
access the processed data and, if necessary, to have them rectified
-
object to processing of their data, restrict the processing of the data or have the data erased
-
if consent is requested for the processing of the data, the right to withdraw such consent at any time, without prejudicing the lawfulness of processing under consent given prior to withdrawal
-
submit a complaint to a supervisory authority.
-
The contact details of our Data Protection Officer (‘DPO’); refer to question 7
How exactly can you do this?
-
You can publish information on your intranet about the processing of data by AG Insurance. If you provide an overview of personnel benefits, you can also present this information in the overview.
-
You can state in a general information clause the partners to which you disclose the personal data and the purposes for which you disclose the data. You can mention this in your Privacy Notice, for example.
-
In the case of new participants, you can append an information clause to the affiliation documents.
Health data
It is possible that AG Insurance will have to process health data in order to perform the supplementary pension and/or occupational health insurance. As health data are of a sensitive nature, AG Insurance has always attached special importance to ensuring that data subjects explicitly agree to the processing thereof.
With a view to handling affiliations and claims smoothly, please obtain the explicit consent of the data subjects (the main insured party and any additional insured parties) for the processing of their health data by AG Insurance. It suffices that you get this explicit consent once.
The collecting of this explicit consent is required to be able to obtain death benefit coverage under the group insurance or the reimbursement of medical costs. If there is only a life coverage, you don’t have to obtain the explicit consent.
At any time, the participants have the right to withdraw their consent for AG Insurance to process health data. However, this might result in AG Insurance being unable to meet a request for service and/or perform the contractual relationship.
The health data entrusted to AG Insurance by participants will be treated in the strictest confidence by AG Insurance, under the supervision of a professional healthcare practitioner.
How exactly can you do this?
You can obtain explicit consent by getting the affiliate to sign an (online) form. To this end, you can use
this template
(according as to a supplementary pension and/or occupational health insurance has been taken out, you can delete as appropriate in this template).
-
You can provide the form on your intranet.
-
For new participants, you can always append the form to the documents supplied at the start of employment or on affiliation.