Privacy policy

In this privacy policy, we, the “Health and Accident Insurance for Upper Austria Federal State Employees” hereinafter “KFL”, as the data controller within the meaning of Art. 4 (7) of the GDPR, communicate which data we process within the scope of our legal mandate pursuant to the Upper Austrian Health and Accident Insurance Act for Federal State Employees and our other business activities. Since the protection of your personal data is particularly important to us, we strictly adhere to the statutory requirements of the DSG (Data Protection Act) and the GDPR when collecting and processing your personal data.

In the following, we will inform you in detail about the scope and purpose of our data processing as well as your rights as the person affected by the data processing. Therefore, please read our privacy policy carefully.

1. Personal data

Personal data is any information that relates to an identified or identifiable natural person. This includes your name, your address, your telephone number and your date of birth, for example.

In particular, information about health of a natural person are part of special categories of personal data.

In the course of our legal mandate as well as for the fulfilment of our other benefit obligations, we process personal data of any category to the same extent.

 
2. Processing and duration of storage

As part of our legal mandate, we have to collect and process various information from insured persons on which the fulfilment of our benefit obligations is based. Insured persons within the meaning of this data privacy policy are members in accordance with Section 2 and family members in accordance with Section 8 of the Upper Austrian Health and Accident Insurance Act for Federal State Employees. The master personal data as well as general insurance information of our policyholders are received from the responsible office of the Upper Austria Federal State Government, the agency of the Upper Austrian Provincial Government and, if necessary, from hospitals and other insurance providers. This data is required to generate a profile of our insured persons in our system in order to be able to administer the required data for provision of benefits in the event of a claim. From our insured persons, we received various information via a separate application for a benefit claim in the event of a benefit claim, containing health-related information about diseases, injuries, diagnoses and any necessary treatment. We require the processing of this data to be able to review a benefit claim from a policyholder and to be able to make a benefit commitment if necessary. We retain this data during the ongoing insurance relationship and beyond for as long as there are statutory retention obligations or we are confronted with claims from policyholders or third parties and require the data to defend against unjustified claims.

In the case of a contract initiation or conclusion with other customers or to third parties involved in the provision of benefits, we process their personal data after complete execution of the contract until expiry of the guarantee, warranty, statute of limitations and legal retention periods applicable to us, in addition, to the termination of any legal disputes in which the data is needed as proof. With regard to our employees, we are obliged to process personal data insofar as this is necessary for payroll accounting, time recording and the verification of other employment contract obligations. Detailed privacy policy information has been brought to the attention of all our employees.

3. Data transmission

Your data is not transmitted to third parties in principle unless we are legally obliged to do so, the transfer of data is necessary to carry out a contractual relationship between us or you have previously expressly consented to the disclosure of your data. External processors or other cooperation partners will only receive your data if it is necessary for the execution of the contract or if we have a legitimate interest in it, which we always announce separately as required. Insofar as one of our processors comes into contact with your personal data, we ensure that the processor complies with the provisions of data protection laws in the same way as we do.

Your personal data will not be sold to third parties or sold in any other way.

 
4. Security

We use numerous technical and organisational security measures to protect your data against manipulation, loss, destruction and access by third parties. Our security measures are continuously improved in line with technological developments.

 
5. Your rights

In accordance with the General Data Protection Regulation and the Data Protection Act, you as the data subject of our data processing have the following rights and remedies:

Right of access (Art. 15 EU GDPR) You as the data subject of the above-described and other data processing have the right to request information on whether and, if so, which personal data are processed through it. For your own protection – so that no unauthorised person receives information about your data – we will verify your identity in a suitable manner before providing information.

Right to rectification (Art. 16) and erasure (Art. 17 EU GDPR)
You have the right to demand the correction of incorrect personal data concerning you without delay or, in consideration of the purposes of data processing, the completion of incomplete personal data and the deletion of your data, provided that the criteria of Article 17 EU GDPR are met.

Right to restriction of processing (Art. 18 EU GDPR)
You have the legal right to restrict the processing of all collected personal data. This data will be processed from the request for restriction only with your individual consent or for the assertion and enforcement of legal claims.

Right to object (Art. 21 EU GDPR) You may, at any time for any reason arising out of your particular situation, object to the processing of personal data relating to you which is necessary for the protection of our legitimate interests or that of a third party, insofar as there is no legal obligation to data processing. Your data will not be processed after opposition unless there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

Revocation of consent
If you have separately consented to the processing of your data, you can revoke it at any time. Such revocation affects the admissibility of the processing of your personal data after you have given it to us.

We will respond to all reasonable inquiries within the legal framework free of charge and as soon as possible.

  
6. Contact information/Contact

Contact information of data controller
Krankenfürsorge und Unfallfürsorge für Oö. Landesbeamte (KFL)
Böhmerwaldstraße 16
4020 Linz, Oberösterreich
Telefon (+43 732) 77 20-138 50
Fax: (+43 732) 77 20-2138 75
E-Mail: info@kflooe.at
www.kflooe.at

Contact information of data protection officer
Mag. Philipp Summereder
Summereder Pichler Wächter Rechtsanwälte GmbH
Dr. Herbert-Sperl-Ring 3, 4060 Leonding
Telefon: (+43 732) 272 887
office@spwr.at
www.spwr.at
FN441762a LG Linz | ADVM-Code P430533

Health and Accident Insurance for Upper Austrian Federal State Employees follows the guidelines for accessibility of web content “Web Content Accessibility Guidelines (WCAG 2), compliance level AA or the applicable European Standard EN 301 549 V2.1.2 (2018-08) to achieve the highest accessibility possible. Some elements are not yet fully WCAG-compliant (e.g. PDF documents). This statement was made on 18/02/2022 based on a self-test by the company broinger.design GmbH (Markus Krichbaumer) according to WCAG 2.1 in compliance level AA.

Contact:
Health and Accident Insurance for Upper Austrian Federal State Employees
Böhmerwaldstraße 16
4020 Linz

Phone: 0732 7720-138 50
Fax: 0732 7720-2138 75

Email: info@kflooe.at
Web: www.kflooe.at