You can count on the BMW BKK Data Protection!
Information on data processing pursuant to the EU GDPR and on your rights.
With the BMW BKK, your data are in safe hands; the BMW BKK has a duty to protect the secrecy of social data (pursuant to § 35 SGB I [German Social Code, Book I]).
With effect since 25 May 2018, the General Data Protection Regulation (abbreviated GDPR) of the European Union has been in force, which further strengthens your rights as a customer. The following information is intended to provide you with an overview relating to the collection and processing of your data and the rights to which you are entitled in that context.
For what purposes do we process your data, and what is the legal basis on which we do so?
As a body responsible for providing health and long-term nursing care insurance on a basis of social solidarity, the BMW BKK is tasked with preserving or restoring the health of its insurees or improving their health status and with providing nursing care for those who, due to the severity of their need for such care, are dependent on the support provided by the community of the insurees.
The benefits and other activities are funded out of the contributions levied on the employers and the BMW BKK’s members.
In order to perform these tasks and duties, which are stipulated by law, the BMW BKK processes the relevant data. This data is obtained from you either on the strength of your duties to cooperate as stipulated by law (see, among other references, § 60 and following sections of SGB Book I) or on the basis of your specific consent. In conformity with the provisions of the German Social Code, the BMW BKK also receives data from third parties (e.g. from your employer or organisations/persons providing services). Any withholding of necessary cooperation on your part can have negative consequences for you in relation to the provision of benefits (refusal or withdrawal of benefits under the insurance scheme).The benefits and other activities are funded out of the contributions levied on the employers and the BMW BKK’s members.
With regard to your health insurance, the legal basis for data processing is § 284 SGB Book V, and with regard to your nursing care insurance, § 94 SGB Book XI. The BMW BKK is also entrusted with the performance of tasks and duties under other statutory regulations, which also require the processing of personal data.
These include, in particular:
- Verification of the existence of an insurance relationship and of membership of the BMW BKK, including the data required for initiating and creating an insurance relationship.
- Issue of the electronic health card.
- Establishment of the obligation to contribute and the amount of the contributions, as well as responsibility for funding and payment of them.
- Review of the obligation to provide benefits and the provision of such benefits to insurees, including the circumstances in which the provision of benefits may be restricted, as well as identification of the payment status and performance of the procedures relating to cost refunds, refund of contributions, and establishment of the bounds of capacity to pay.
- Support for the insurees in the event of medical treatment errors.
- Assumption of treatment costs for persons not liable for health insurance pursuant to § 264 SGB Book V in return for refund of costs.
- Involvement in the Health Insurance Medical Service (“Medizinischer Dienst der Krankenversicherung).
- Accounting and settlement with service providers, including review of the lawfulness and plausibility of cost statements.
- Monitoring of compliance with contractual and statutory duties on the part of suppliers of aids.
- Monitoring of the cost-effectiveness of service provision.
- Accounting and settlement with other funding agencies.
- Conduct of claims against third parties for refund of costs and payment of compensation.
- Preparation, agreement and implementation of morbidity-orientated remuneration contracts.
- Preparation and performance of pilot schemes, contracts relating to forms of integrated care and provision of highly specialised services on an outpatient basis, including the conduct of cost-effectiveness and quality audits.
- Performance of structural risk adjustment as well as preparation and implementation of structured treatment programmes, including the recruitment of insurees for participation in them.
- Conclusion and implementation of agreements on nursing care rates, remuneration agreements, and performance and quality agreements.
- Consultancy on prevention and rehabilitation measures as well as consultancy on participation and also nursing care services and aids.
- Coordination of nursing aids, nursing care consultancy and the performance of tasks at the long-term nursing care operation centres.
- Performance of discharge and sickness benefit case management.
- Recruitment of members.
- Compensation for employer’s expenses in the case of sickness and maternity.
- Combating misconduct in the health system (Section 197a SGB Book V).
- Research projects.
The BMW BKK additionally processes data on the basis of express declarations of consent (Art. 6 (1) a GDPR).
What data do we process?
We process the following categories of data:
1. Personal data (e.g. address and communications data, birth date, photograph)
2. Data on membership and initiation of membership
3. Data on the insurance relationship
4. Contribution and payment data
5. Benefit, treatment and accounting & settlement data, including health data
(e.g. diagnoses, times of incapacity for work)
6. Data on carer
7. Data on the legal representative
8. Data on elective tariffs and bonus schemes
9. Data on service providers and other contract partners
10. Data on employer and employer’s tax accountants
11. Data on prospects, participants in competitions
Who gets your data?
Data is regularly transmitted in conformity with statutory regulations to: Pensions and accident insurance bodies, the German Federal Labour Office (“Bundesagentur für Arbeit”), the Health Insurance Medical Service, service providers, social benefit funding bodies and, in connection with payments, also banks, employers and payment offices. Data may also be transmitted in the individual cases permitted by law under § 67d and following sections of SGB Book X (e.g. police authorities, local and municipal administration, tax authorities).
BMW BKK may have its statutory duties performed through other funding agencies, consortia or other service providers (in particular contract processors).
The data of data subjects which have been lawfully collected and stored may also be used and processed by the BMW BKK for other purposes, provided that other legal grounds for doing so exist under the German Social Code or that the data subject has expressly consented thereto.
How long do we/will we store your data?
The data are stored for performance of the task or duty in question and for the duration of the preservation periods specified by law (e.g. § 110a SGB Book IV, § 304 SGB Book V, § 84 SGB Book X, § 107 SGB Book XI) and are then destroyed.
What rights do you have?
- Right to information on processed data (Art. 15 GDPR in conjunction with § 83 SGB Book X)
- Right to rectification of inaccurate data (Art. 16 GDPR in conjunction with § 84 SGB Book X)
- Right to erasure (Art. 17 GDPR in conjunction with § 84 SGB Book X)
- Right to restriction of processing (Art. 18 GDPR in conjunction with § 84 SGB Book X)
- Right to object (Art. 21 GDPR in conjunction with § 84 SGB Book X)
- Right to data portability (Art. 20 GDPR)
- In the case of data processing done on the strength of a declaration of consent, the data subject has the right to withdraw his/her consent at any time with effect for the future.
Do you have a right to complain?
You have the right to lodge a complaint with the supervisory authority if you are of the opinion that the processing of your personal data is not being done in a lawful manner. The address of the data protection supervisory authority responsible for the BMW BKK is:
Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit.
Graurheindorfer Str. 153
Telefon: +49 (0)228 997799-0
Email address: firstname.lastname@example.org
The general right of petition under Article 17 of the German Basic Law (“Grundgesetz”) is not in any way affected by the foregoing right to complain; it therefore still remains possible to submit a petition to the legal supervisory body referred to in § 88 SGB Book IV.
Who is the "controller", i.e. the party or person responsible for processing the data, and whom can you contact?
Betriebskrankenkasse der BMW AG
Körperschaft des öffentlichen Rechts
Mengkofener Strasse 6
Email address: Informationen@bmwbkk.de
If you have any questions or are of the opinion that processing of your personal data is not being done in a lawful manner, you have the possibility to contact us or our data protection officer. You can reach our data protection officer under the contact data of the BMW BKK Data Protection Officer ("Datenschutzbeauftragter der BMW BKK"):
Data protection officer BMW BKK
Telephone: +49 (0)89 382 67900
Telefax: +49 (0)89 382 11181
Email address: Datenschutzbeauftragter@bmwbkk.de
Contact data for the professional supervisory authority:
Bundesamt für Soziale Sicherung
Telephone: +49 (0)228 619-0
Telefax: +49 (0)228 619-1870
Email address: email@example.com