Book your free consultation

Privacy Policy & Data Protection

1. Privacy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

Data Collection on This Website

Data processing on this website is carried out by the website operator. You can find their contact details in the "Responsible Party" section of this privacy policy.

How Do We Collect Your Data?

Your data is collected in part by you providing it to us. This may include data you enter in a contact form, for example. Other data is collected automatically or with your consent when you visit the website through our IT systems. This is primarily technical data (e.g., internet browser, operating system, or time of page access).

2. Hosting, Encryption, and Data Processing

Vercel Hosting

This website is hosted by Vercel. The provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. Vercel is a cloud platform service that enables us to deploy our website. When you use our website, certain information is automatically processed by Vercel, including IP addresses and technical information about access.

For more information on handling user data, please see Vercel's privacy policy: https://vercel.com/legal/privacy-policy

SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the browser's address line changing from "http://" to "https://" and by the lock icon in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. SSL certificates are automatically provided and regularly renewed by our hosting provider Vercel.

Data Processing Agreements

We have concluded data processing agreements (DPA) pursuant to Art. 28 GDPR with the following providers to ensure the protection of your data:

  • Vercel Inc. - Hosting service provider with Data Processing Addendum (DPA) pursuant to the EU Commission's Standard Contractual Clauses
  • Resend - Email service provider with Data Processing Agreement (DPA) based in the USA, EU Commission's Standard Contractual Clauses
  • Microsoft Corporation - Appointment booking via Microsoft Bookings, Data Processing Addendum (DPA) pursuant to the EU Commission's Standard Contractual Clauses

Data Transfer to Third Countries

Vercel, Resend and Microsoft are based in the USA. Microsoft operates data centers within the EU. Data transfer is based on:

  • Standard Contractual Clauses (SCC) of the EU Commission pursuant to Art. 46 GDPR
  • Additional technical and organizational measures to protect your data

The providers have committed to ensuring an adequate level of data protection in accordance with European standards.

3. General Information and Mandatory Disclosures

Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

Responsible Party

The responsible party for data processing on this website is:

EIC Expatriates Insurance Consulting Versicherungsmakler GmbH

CEO: Alexander Milkereit

Hammfelddamm 4a

41460 Neuss

Email: Alexander.Milkereit@eic-insurance.de

Phone: +49 (0) 2131 228 10

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

Storage Duration

Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. Specific storage periods:

  • Server logs: 7 days
  • Contact form data: 6 months after processing the inquiry
  • Session cookies: Deleted after the browser session ends

If you assert a legitimate deletion request or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods).

4. Data Collection on This Website

Cookies

Our website uses only technically necessary cookies. These cookies are used to enable basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Technically necessary cookies:

  • CSRF Token: Protects against Cross-Site Request Forgery attacks
  • Session cookies: Enable navigation between pages without data loss

Important: Our analytics tool Plausible Analytics uses NO cookies. The analysis is completely cookie-free and privacy-compliant. Therefore, no cookie banner is required.

Web Fonts

This website uses locally hosted web fonts for uniform font display. These are hosted on our server. No connection to font provider servers (such as Google Fonts) is made, so no data is transferred to third parties.

Server Log Files

The provider of the pages (Vercel) automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP address

This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR).

Email Sending via Resend

We use the Resend service for sending emails. Resend is an email service provider based in the USA. If you contact us via our contact form, your email address and the contents of your message will be sent via Resend.

The use of Resend is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the reliable delivery of emails. We have concluded a data processing agreement (DPA) with Resend that ensures the protection of your data in accordance with GDPR.

For more information about data protection at Resend, please visit: https://resend.com/legal/privacy-policy

Online Appointment Booking via Microsoft Bookings

For online appointment booking, we use Microsoft Bookings, a service provided by Microsoft Corporation. When you book a consultation appointment through our booking form, the following data is transmitted to Microsoft:

  • First name and last name
  • Email address
  • Phone number (optional)
  • Requested appointment time

The processing of this data is based on Art. 6 para. 1 lit. b GDPR (contract fulfillment or pre-contractual measures) as well as Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient appointment organization).

Microsoft stores the data in data centers within the European Union. We have concluded a data processing agreement (DPA) with Microsoft that ensures the protection of your data in accordance with GDPR. After the appointment has been completed, your booking data will be handled in accordance with our retention policies.

For more information about data protection at Microsoft, please visit: https://www.microsoft.com/en-us/privacy/privacystatement

5. Your Rights

Right of Access

You have the right to obtain information about your personal data stored by us at any time.

Right to Rectification

You have the right to request the immediate correction of inaccurate personal data or completion of your personal data stored by us.

Right to Erasure

You have the right to request the immediate deletion of your personal data stored by us, unless further processing is required for legal reasons.

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request transmission to another controller.

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6 para. 1 lit. e or f GDPR. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing.

Withdrawal of Consent

If processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Postfach 20 04 44

40102 Düsseldorf

Phone: 0211/38424-0

Email: poststelle@ldi.nrw.de

No Automated Decision-Making

Automated decision-making including profiling pursuant to Art. 22 GDPR does not take place.

6. Analytics Tools

Plausible Analytics

We use Plausible Analytics, a privacy-friendly web analytics service that uses NO cookies and is fully GDPR compliant.

What is collected:

  • Page views and visited pages
  • Referral source (which website you came from)
  • Approximate location (country only, no precise position)
  • Browser and operating system
  • Screen size
  • Anonymized usage of our insurance calculator

What is NOT collected:

  • No IP addresses are stored
  • No personal data
  • No cookies are set
  • No cross-site or cross-device tracking
  • No sharing with third parties or advertisers

Legal basis: Processing is based on our legitimate interest in statistical analysis of our website traffic (Art. 6 para. 1 lit. f GDPR).

Storage duration: Aggregated data is stored indefinitely but contains no personal information.

Right to object: You can object to the use of Plausible Analytics at any time by disabling JavaScript in your browser or using a script blocker.

Provider: Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia (EU company).

For more information about Plausible, please visit: https://plausible.io/data-policy

No Advertising or Marketing Tracking

This website uses NO:

  • Google Analytics
  • Facebook Pixel or Social Media Tracking
  • Advertising cookies or marketing trackers
  • Retargeting or remarketing
  • Newsletter tracking

7. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your subsequent visit.

As of: August 29, 2025

Last update: Integration of Microsoft Bookings for online appointment scheduling

Privacy Policy | Waysafe