call us

Privacy Policy

Privacy Policy

We, the call us Assistance International GmbH, process personal data in the course of our business activities in accordance with the Data Protection Act (DSG), the General Data Protection Regulation (GDPR), the specific provisions of the Insurance Contract Act (VersVG), and other applicable laws.
In the following, we provide you , as the affected person, with further details regarding this data processing

Where terms referring to people are used in the masculine form in this text, they are intended to refer to people of all genders.

Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “affected person”).

You are a person affected if you are

  • a policyholder or insured person or
  • a beneficiary of a warranty agreement with our client,
  • another party involved in a business transaction on behalf of a client or our company,
  • a prospective customer for goods or other services, or a customer of our clients,
  • a prospective client or existing client of our company,
  • a supplier of goods and services to our company or contractors,
  • a user of our web applications and websites,
  • an applicant interested in working at our company,
  • an employee or a member of a governing body of our company

or when contacting us by phone, fax, email, or in person.

The information we collect is specified in the respective forms or in the questions asked by our staff. 

 

1. Information Obligation

 The controller shall take appropriate measures to provide the affected person with the following information:

a) Data controller:

To the extent that we process personal data for our own purposes, we, the call us Assistance International GmbH,
Waschhausgasse 2, 1020 Vienna, +43 (1) 31670-0, office@call-us-assistance.com, are responsible for ensuring that your data is handled lawfully.

b) Data Protection Officer:

You can contact our Data Protection Officer at the mailing address listed above or by email at lukas.zuegner@b-it.com.

c) Purpose and legal basis of the processing:

We process your data for the purpose of the

  • processing your inquiries,
  • implementation of pre-contractual measures,
  • fulfillment of contractual obligations, including, in particular, the provision of support services,
  • compliance with legal obligations,
  • protection of our legitimate interests, e.g., to ensure the operation, security, and ongoing improvement of our websites and web applications,
  • retention of your application or use as a reference based on your express consent,
  • compliance with legal documentation and reporting requirements, particularly in the area of taxation and duties,
  • compliance with any reporting obligations to you, third parties, and authorities in the event of a data breach.

Legal basis  for the processing are the lawfulness of the processing

  • based on your consent,
  • to fulfill a contract,
  • to comply with a legal obligation,
  • to protect vital interests and to
  • to protect the legitimate interests of the controller or a third party.

We may only process special categories of data, such as health data, with your explicit consent, which you may revoke at any time.

d) Legitimate interest:

Our legitimate interest  may also serve as a basis for processing your personal data, e.g.

  • the execution and documentation of business transactions,
  • the investigation of facts in the fight against insurance fraud,
  • the preparation of statistics, the analysis of data for the planning, execution, and documentation of internal audit activities, as well as forensic analyses
  • ensuring the continuous improvement of our business processes, market research such as satisfaction surveys, and studies on the services we provide.

This also includes the transfer of data to third parties for this purpose, if such transfer is necessary for the implementation of these measures, for statistical analyses, etc.

If we need to process data for which none of the legal bases listed above apply, we will obtain your voluntary consent, which you may revoke at any time.

e) Information regarding any recipients of personal data:

We disclose personal data to the following recipients on a case-by-case and as-needed basis:

1. Insurers or guarantors for the performance of a contract;
2. Courts, government agencies, public prosecutors, and public-law entities to the extent required by law;
3. Other dispute resolution bodies and their organs, including experts appointed by them, interest groups, conciliation bodies, and guardians for adults;
4. To fulfill our obligations and protect our rights, we work with service providers (data processors) and transfer your personal data to them to the extent necessary for the provision of services. Our data processors include, in particular, the following categories:

  • IT service provider for the purposes of project management, requirements definition, software implementation, adaptation, and development, as well as the support and maintenance of IT systems;
  • Data centers for data processing;
  • Software and service providers (provision of IT applications) for email delivery, as well as for handling web-based processes in connection with contract fulfillment;
  • Security service providers dedicated to safeguarding the physical and electronic security of data;
  • Market research firms that conduct market analyses and surveys on the behavior, needs, attitudes, opinions, motivations, etc., of the participants;
  • Service provider for conducting forensic analyses when necessary;
  • Other service providers involved in the processing of insurance claims, such as collection agencies or data analysis service providers that help prevent and investigate insurance fraud.

5. Other recipients: Within the framework of the contractual relationship, and in particular in connection with our obligation to provide services, your personal data may—depending on the specific circumstances—be disclosed to the following third parties in particular:

  • Assistance service providers, in particular network partners of the AXA Partners Group, who assist us in fulfilling our service obligations abroad;
  • Hospitals, medical facilities, healthcare providers;
  • Organizations that provide emergency, assistance, and other services, such as search and rescue services, passenger and freight transport services, roadside assistance services, locksmith services, plumbing services, fire, water, and burglary damage restoration services, and similar services;
  • authorized experts and appraisers;
  • Attorneys, notaries, insolvency administrators, and receivers;
  • other parties involved in the claims settlement process;
  • other insurers involved in the settlement of claims arising from an accident;
  • Tax advisor;
  • Certified Public Accountant;
  • Credit institutions and financial service providers for the processing of payment transactions;
  • Postal and courier services and logistics partners;
  • Parties involved in a claim (such as the party at fault, the injured party, witnesses, heirs);
  • Professional associations such as the Lawyers' Association, the Medical Association, and the Chamber of Commerce, for information regarding the insurance policy (e.g., confirmation of whether insurance coverage exists);

f) Third country:

As a general rule, we process your personal data within the European Union. However, we cannot rule out the possibility that we may need to process personal data in a third country in the event of a claim involving a third country, for example, if the claim occurred in a third country or if we are required to arrange benefits for you in a third country. In such a case, we will process the data on the basis of an adequacy decision; in the absence of such a decision, on the basis of appropriate safeguards, including binding internal data protection rules of the AXA Partners Group; otherwise, with your express consent; and, ultimately, to protect your vital interests.

2. Additional information

a) Duration of storage of personal data:

We will retain your personal data for as long as

  • necessary to fulfill the purposes described above;
  • you have not withdrawn your consent, in cases where the processing is based on consent;
  • such retention is necessary to comply with a legal obligation or to assert, exercise, or defend our legal claims and/or those of the insurer. Due to corporate law provisions, we are required to store your contract data for at least seven years after the contract ends (Section 212 of the Austrian Commercial Code). In addition, the special ten-year retention obligation under Section 12 of the Insurance Contract Act applies.

b) You have the right—upon verification of your identity—to request confirmation as to whether personal data concerning you is being processed. If applicable, you have the right to access the personal data we process as the data controller. In the event that inaccurate data is being processed, you have the right to correction of the data. Furthermore, provided the legal requirements are met, you have the right to erasure of your personal data, for example, if

  • the data is no longer necessary for the purposes for which it was collected or otherwise processed, or
  • the data is being processed unlawfully, or
  • if processing is based on a declaration of consent, you withdraw your consent.

You also have the right to restrict the processing, for example if

  • you dispute the accuracy of the processed data,
  • the processing is unlawful, or
  • there is a dispute between us and you regarding whether you have a right to erasure. In this case, we will continue to store the relevant data but will not process it in any other way.

You also have the right to object at any time, on grounds relating to your particular situation, to the processing of your data based on our legitimate interests. In particular, you have the right to object to the processing of your data for direct marketing purposes.

For the purpose of data portability to another responsible party, you have the right to receive the data in a structured, commonly used, and machine-readable format. To the extent technically feasible, you may also request that we transmit the data directly to the other responsible party.

c)  If we process your data based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of the processing carried out on the basis of your consent prior to withdrawal;

If you request that we take any of the measures listed in b) or c), we will promptly inform you of the actions we have taken or of the reasons why, in our view, implementation is not feasible.

Exercising your right to erasure, restriction of processing, or objection to the processing of your personal data may result in our inability to fulfill our contractual obligations. In such a case, the provisions governing termination of the contract by the contracting party shall apply.

These measures do not affect the obligation to continue processing data that is required by law, nor do they affect our right to process such data for the purpose of asserting, exercising, or defending legal claims.

d)  If you have a complaint regarding the processing of personal data, you may contact the data protection officer named in 1.b).

In any case, you may file a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.

e)  Unless we expressly obtain consent for further processing, the provision of personal data is necessary for the performance of a warranty or insurance contract. If personal data is not provided, the underlying contract cannot be performed.

f)  Where a decision based solely on automated processing—including profiling—is not

  • necessary for the performance of a contract between you, as the affected person, and us, as the data controller,
  • permitted under Union or Member State law to which the controller is subject, and such law provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
  • carried out with your express consent,

automated decision-making, including profiling, does not take place.

3. Processing for other purposes

If we intend to process personal data for a purpose other than the one for which it was collected, we will provide you with information about that other purpose and all other relevant information in accordance with Section 2 prior to such further processing.

4. Article 13 of the EU GDPR: Obligation to provide information when collecting personal data directly from the affected person

  1. If personal data is collected from the affected person, the controller shall inform the affected person of the following at the time such data is collected:
    1. the name and contact details of the controller and, where applicable, of the controller’s representative;
    2. where applicable, the contact details of the data protection officer;
    3. the purposes for which the personal data will be processed, as well as the legal basis for the processing;
    4. if the processing is based on Article 6, paragraph 1, subparagraph (f), the legitimate interests pursued by the controller or by a third party;
    5. where applicable, the recipients or categories of recipients of the personal data, and
    6. where applicable, the controller’s intention to transfer the personal data to a third country or an international organization, as well as the existence or absence of an adequacy decision by the Commission or, in the case of transfers pursuant to Article 46, Article 47, or the second subparagraph of Article 49(1), a reference to the appropriate or suitable safeguards and the means by which a copy of them may be obtained or where they are available.
  2. In addition to the information provided in paragraph 1, the controller shall provide the affected person, at the time of collection of such data, with the following additional information necessary to ensure fair and transparent processing:
    1. the period for which the personal data will be stored or, if this is not possible, the criteria used to determine that period;
    2. the existence of a right to obtain from the controller information regarding the personal data in question, as well as the right to rectification, erasure, restriction of processing, or objection to processing, and the right to data portability;
    3. where the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of a right to withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal;
    4. the existence of a right to lodge a complaint with a supervisory authority;
    5. whether the provision of personal data is required by law or contract, or is necessary for the conclusion of a contract; whether the affected person is obliged to provide the personal data; and what possible consequences failure to provide such data would entail; and
    6. the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4), and—at least in those cases—meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the affected person.
  3. If the controller intends to further process the personal data for a purpose other than that for which the personal data was collected, the controller shall provide the affected person, prior to such further processing, with information regarding that other purpose and all other relevant information in accordance with paragraph 2.
  4. Paragraphs 1, 2, and 3 do not apply if and to the extent that the affected person already has the information.