PASSPORTCARD NOMADS’ PRIVACY NOTICE AND DECLARATION OF CONSENT AND RELEASE OF CONFIDENTIALITY

Please read this statement carefully. This Privacy Notice, Declaration of consent and release of secrecy (“Privacy Notice”) concerns the processing of personal data. It explains to you which personal data is processed by PassportCard Nomads and for which purposes. “Personal data” is any information relating to an identified or identifiable natural person.

The controller of the Personal Data is:

Mashlim Letoshav Hul Ltd. (hereinafter: “PassportCard Nomads” or “We“)

Phone number: + 49 40 46 898 6375

Email: cs@passportcardnomads.com

Contact Data Protection Officer of Controller: DPO@DavidShield.com

Declaration of consent for the processing of health data, transfer of personal data outside EU the and release from confidentiality of medical providers and professionals, insurance companies and brokers

PassportCard Nomads expressly informs and points out that you are free to confirm this declaration of consent and to object it for the future. We have to point out, however, that it will generally not be possible to conclude or implement an insurance contract with PassportCard Nomads without your consent in the processing of your health data.

If reference is made to this Privacy Notice and the confirmation of this Declaration of consent is requested, this confirmation also includes the following statements with regard to the processing of your health related personal data, also in countries outside the EU and the release of the general obligation to confidentiality for insurance companies and medical professions:

By confirming this Privacy Notice, I agree that PassportCard Nomads may collect, store and processe the information I provide to PassportCard Nomads when applying for an insurance cover and in the future (including health related data) to the extent necessary to review the application and to establish, to perform and to finish an insurance agreement.

By confirming this Privacy Notice, I agree that PassportCard may transfer my personal data including health related data if necessary, for the purpose of my insurance agreement to

• service providers,
• (re-)insurance companies,
• if necessary, also to my employer if my employer has concluded the insurance contract with PassportCard Nomads which extend to me, and
• medical providers and medical experts as listed under paragraph 7
• related companies for the purpose of preforming PassportCard Nomads obligation under the insurance policy

I agree that this personal data including health related data is processed for the same purposes as stated in this Privacy Notice.

Insofar as necessary I release PassportCard Nomads and its employees as well as medical providers by confirming this declaration from their obligation to confidentiality with regard to personal data including health related data protected by any applicable laws.

By confirming this Privacy Notice, I agree that PassportCard may collect my health data from doctors and other medical providers, nurses, hospital staff, personal insurers, statutory health insurance funds and authorities and use them for the purposes included in the privacy policy, insofar as this is necessary for risk assessment or for the performance of contractual obligations of PassportCard Nomads.

This confirmation also expressly refers to service providers in countries outside the EU in particular especially if I use services in these countries.

Should I want to withdraw my consent in the future I will notify you via email.

1. General information
   • This Privacy Notice applies for the collection of personal data via our website at PassportCardnomads.com, via our mobile app (“APP”) as well as for any other collecting of your personal data including inbound or outbound calls via telephone.
   • This Privacy Notice applies for our customers, our potential customers, our business partners, our contractors as well as for applicants for a position in our company. If necessary and where legally required, we will also inform you separately about the processing of your personal data in other contexts if this has not yet been done by this privacy notice.
   • We will not use or disclose your Personal Data for purposes other than those purposes specified in this Privacy Notice. We will do our best to protect the privacy of your Personal Data. If you have any concerns about the way we process your Personal Data, you are welcome to contact our data protection team at: dpo@davidshield.com or write to us to: cs@passportcardnomads.com. We will look into your enquiry and make good-faith efforts to resolve any existing or potential dispute with you.
   • If you remain unhappy with the response you received, you can also refer the matter to the relevant supervisory Authority. You will find the contact details of the supervisory Authority in paragraph 13.

2. Processing of Personal Data of children under the age of 18

We are legally obliged to only provide our services to people who are at least 18 years. By concluding a contract with PassportCard Nomads, you confirm that you are over 18 years of age.

3. How and why we need your Personal Data – provision of services
   • Your Personal Data is collected from the digital platforms we provide you (APP, webpage and self-service webpage), by our sales department, or by our services representatives via telephone. We use the Personal Data we collect and receive to provide our services, to study and analyze the functionality of our services, website and APP and to analyze users’ activities, to provide support, to measure service activity, to conduct surveys and send questionnaires, to maintain our service, to make it better and to continue developing the service and to communicate with natural persons working for our business partners.
   • We may use your email address to contact you when necessary, to send you reminders and to provide you information and notices about our service.
   • We obey the law and expect you to do the same. If necessary, we may use your Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of our service, and to take any action in any legal dispute and proceeding. Although you are not required by law to provide us your Personal Data, failing to provide us with any necessary Personal Data might jeopardize our ability to provide you with essential services including providing you with health insurance coverage and/or managing pending claims you may have filed with us.

4. The Personal Data you provide in order to apply for an insurance policy
   • As a potential insured member, we may ask you to provide us with your personal data. We may ask you for your name, your contact details, your gender, your birthday, your passport number (or other forms of state issued identification number), your email address, profession, medical history and/or current status and financial information. If you wish to enroll any of your family member to our insurance policy, we may ask you the same information about them as well. If you are enrolled to our insurance policy as part of a corporate group, we may also ask for your workplace and job title.
   • As an insured member we may ask you to provide additional personal details, such as medical documents and legal documents and your premium debt status. When you file an insurance claim with us, we may collect and process your medical bills, your written correspondences with us and any written notes taken about you by our customer representatives. If you, as a potential insured member or as an insured member, correspond with us by telephone, we may record your conversation with us for quality assurance purposes.
   • If you purchased an insurance cover with us via a credit/debit card, please note that we comply with the Payment Card Industry Data Security Standard (PCI DSS). Accordingly, we have implemented data security and organizational measures that protect your payment information such as credit/debit card number and keep them in confidence. If you provided us with your bank account information for future insurance payments, we would keep those in confidence in accordance with the data protection standard described in this statement.
   • When you contact us, or when we contact you, we may receive and process any personal information that you provide us. We may participate in correspondences you have with treating and/or advising physicians for rendering you further services and/or examining eligibility for insurance.
   • We advise you to be cautious when uploading insurance related content through our APP and/or our self-service website and/or through emails. Please also avoid any involuntary disclosure of your Personal Data or disclosure of others’ Personal Data without their consent.
   • we may also make use of automated individual decision making, weighing up your personal health status with our experiences to provide you with optimal insurance cover. In exceptional cases, we may also decide that no insurance cover can be granted as the risk for other PassportCard Nomads insured members is too high.

5. The Personal Data that we collect when you access our website or APP

When you access our website or mobile app, our servers may log certain ‘traffic/session’ information from your device, such as the country from which you use the Service, the browser type, operating system, geo-location and the Internet Protocol (IP) address. We also collect information about your activity, for example your log-in and log-out time, the duration of sessions, viewed webpages or specific content on webpages etc. Log-files store this information with your full IP-address so we will have a corresponding document to your declaration of consent.

6. Is there an obligation to provide Personal Data?
   • We are required to collect your Personal Data as set out in paragraph 3. Without this data, we will generally not be able to provide you with health insurance coverage and/or manage pending claims you may have filed with us.
   • In some cases, we are under a legal obligation to process personal data. Examples are to detect, prevent and investigate fraud or to facilitate the exercise of your consumer rights. Further we may need to process your personal data to detect, prevent and investigate any other actual or suspected violations of law or misuse of our service.

7. On what legal basis do we process your Personal Data?

We process Personal Data under the following lawful grounds: (i) the processing of special categories of personal data such as the data concerning health is based on your explicit consent; (ii) the processing of your personal data is necessary for us to perform the agreement with you and to take steps at your requests prior to entering into the agreement between us; (iii) the processing of your personal data is necessary for us to comply with legal obligations to which we are subject; (vi) the processing of your personal data is necessary for legitimate interests, such as cyber security and data protection, fraud detection, service maintenance and control, support, back-up, data disaster recovery.

8. Who receives your personal data?
   • Except as set out in this Privacy Notice, we do not sell, trade, or otherwise transfer your Personal Data to outside parties. Your Personal Data may be transferred to the following categories of recipients:
     • Affiliates:

1. Parent companies, subsidiaries, and other affiliated company (the DavidShield group).
2. Within PassportCard Nomads your Personal Data is provided to the respective departments that need such data for the execution of the insurance policy you have chosen. Please find a list of the affiliated companies here http://www.davidshieldgroup.com.

• Service providers

1. Third party administrative services providers.
2. Third party information technologies providers (such as cloud providers).
3. Third-party service providers engaged by us and working on our order to support data processing (so-called “processors”) may also receive data for these purposes. Service providers can also be commissioned to provide serve capacity.
   • Third parties

Your Personal Data will be disclosed by us to third parties only if this is necessary for the fulfillment of our legal and/or contractual obligations, if we or the third party have a legitimate interest in the disclosure, or if you have given your consent in relevant cases. In addition, data may be transferred to third parties to the extent we are required to do so by law or by enforceable regulatory or judicial order. Third parties to whom we may transfer your Personal Data, irrespective of the services we provide, include:

1. Medical providers
2. Legal representatives
3. Insurance consultants
4. Corporate contact personnel (applicable to groups/business insurance policies)
5. Insurance brokers and agents
6. Law enforcement departments (after providing us with a valid legal request for disclosure)
7. Insurance companies that ultimately will be responsible to pay your insurance claim (if applicable)
8. Experts for the purpose of assessing inter alia injuries, diseases and their causes
9. Relevant financial institutions such as: banks, credit cards processors, clearing houses, Payment Service Providers (gateway companies), and card issuers.

9. Where do we process your Personal Data?
   • Your Personal Data is processed in Israel.
   • Not all of the parties listed in paragraph 8 above are located in the European Economic Area. If we need to transfer Personal Data to a party which is located outside the EEA, we ensure that the transfer shall take place in accordance with the general principles of transfer as laid down in the GDPR. To the extent necessary under EU privacy laws and regulations, we have implemented data onward transfer instruments, such as the Controller to Processor Standard Contractual Clauses (SCCs), the Controller to Controller SCCs. The transfer may be subject to appropriate safeguards included in international privacy treaties to which the EU is a party to.
   • In certain cases, we may need to transfer your personal information to countries outside Europe. This transfer is either necessary for the fulfilment of our insurance contract (see Art. 49 subsection 1 sentence 1b GDPR) or covered by your consent declaration (see above).

10. Public access to your personal information

Prior to our first communication with you, we may have received, or granted access, to your Personal Data from social media and other public online platforms on which you publicly published your Personal Data. This personal information may include, but is not limited to, your personal and contact information, geographical location and other types of data that appears, publicly, in your social media and other public accounts.

11. How long will we store your Personal Data?

We need your Personal Data to adjudicate any claims you may file with us under your health insurance policy and or with the insurance company (for example to receive insurance reimbursements). We will store your Personal Data for at least the minimum amount of time required by applicable regulations.

12. Personal Data security

We will use our best efforts to protect the confidentiality of your Personal Data. We use reasonable data security measures in line with the high industry standards. We also adopted strict rules that include technical and physical administrative measures for protecting your Personal Data, including protecting against Personal Data misuse and against unauthorized hacking.

13. Web services disclaimer

Our websites might include links to external third-party websites. If you follow a link to any of these websites, please note that they have their own privacy notices which should be reviewed. Please note that we are not responsible for the privacy protection, policies, and use of any software offered in these external websites. We will not be responsible for any direct or indirect damages caused from the use of third-party websites.

14. Cookies
    • We use standard analytics tools of Google Analytics and smart look. The privacy practices of these tools are subject to Google’s own privacy policy at: http://www.google.com/analytics/learn/privacy.html. and Smartlook’s privacy policy at: https://help.smartlook.com/en/articles/3244452-privacy-policy. Google Analytics and Smartlook use cookies to provide its service.
    • The website uses so-called “cookies”. These are small files that are stored on the user’s computer when he or she visits the website. How we use Cookies is outlined below.
    • The 3 main types of cookies we use on our site are:
      • Strictly necessary cookies

These cookies are essential. Without them you might not be able to get the information or service you have asked for. They are needed for things like logging whether you see error messages – so we can make improvements and fix bugs – as well as allowing you to apply online for an insurance solution on our online form.

• Analytics and measurement Cookies

We use several technologies to understand how visitors use our website or app. These help us to identify areas for improvement, and to collect and report on commercial data (like sales volumes). We may, for example, analyze website usage and identify a page where people struggle to know what to do next; we’d then use session capture to observe some individual site visitors and find out what the issue is.

Tools we use for analytics and measurement include:

Google Analytics (Google Inc.)

Our website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics employs so-called “cookies “, text files that are stored to your computer in order to facilitate an analysis of your use of the site. The information generated by these cookies about your visits to our site is transmitted to Google’s servers in the US and stored there. However, using the IP anonymization (“anonymizeIP”) activated for this website, Google will shorten your IP address (IP masking) within the member states of the European Union, or other countries within the European Economic Area (so-called IP masking).Only in exceptional cases will the full IP address be transferred to a Google server in the USA, and will be shortened there for further processing. On behalf of the website provider, Google will use this information to evaluate your use of the website, to compile reports on the website activities, and to provide other services related to website use to the provider.  The IP addresses transferred in the context of Google Analytics from the App will not be put together with other Google data. You can prevent cookies from being installed by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website. You can prevent the transfer of data created by the cookie and related to your use of the website (including your IP address) to Google and the processed of tis data by Google, by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=en).

You can prevent the identification by Google Analytics on this website, by clicking on the following link. An opt-out cookie will be placed which prevent the future collection of your data when visiting this website:

Deactivate Google Analytics

You can find further information about terms of use and data protection at http://www.google.com/analytics/terms/gb.html

or at  http://www.google.com/intl/gb/policies/privacy/partners/

We would like to point out that on this website Google Analytics uses the “anonymizeIP” function in order to ensure anonymous detection of IP addresses (so-called IP masking). This ensures that one cannot create a personal reference using IP addresses.

• Your consent to cookies

Strictly necessary cookies do not require your consent.

For analytical and measurement cookies as well as for targeting or advertising cookies we request your consent before placing them on your device. You can give your consent by continuing to use our website or by clicking on the appropriate button on the banner displayed to you when visiting our website.

• What about links to other websites and their Cookies?

We often link to other sites to give you extra information or services. Where these are provided by a third party, you may leave our website by clicking through to theirs. In this case, the Cookies policy set out on the third party’s website will also apply. As this won’t be controlled by us, you should read their policy to find out what information is being collected and how it’s used.

• How to control Cookies

You can restrict, remove, or block Cookies through your browser settings at any time.

In addition to what is specified in this document, the user can manage preferences for Cookies directly from within their own browser and prevent – for example – third parties from installing them. Through the browser preferences, it is also possible to delete Cookies installed in the past, including the Cookies that might possibly have saved the consent for the installation of Cookies by this website. It is important to note that by disabling all Cookies, the functioning of this site may be compromised. Users can find information about how to manage Cookies in their browser at the following addresses: Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Windows Explorer.

In the case of services provided by third parties, users can exercise their right to withdraw from the tracking activity by utilizing the information provided in the third party’s privacy policy, by clicking the opt-out link – if provided – or by contacting the third party.

15. What rights do I have?
    • As the data subject, you are entitled to the following data protection rights:
      • Access:

You have the right to request access to personal data related to you and stored at PassportCard Nomads and about the scope of data processing and data transfer performed by PassportCard Nomads and to obtain a copy of your stored personal data. 

• Rectification:

With respect to your personal data stored at PassportCard Nomads, you have the right to demand the immediate rectification of incorrect personal data and you have the right to have incomplete personal data completed

• Erasure:
  1. You have the right to demand the immediate deletion or erasure of your personal data stored by PassportCard Nomads if the legal requirements are satisfied.
  2. This is the case, in particular, if:
     1. your personal data is no longer needed for the purposes for which it was collected.
     2. the sole legal basis for processing such data was your consent, and you have withdrawn such consent.
     3. you have objected to processing on the legal grounds relating to your particular situation, and we cannot prove that there are overriding legitimate grounds for processing.
     4. your personal data were processed unlawfully; or
     5. your personal data must be erased in order to comply with legal requirements.
  3. If we have transmitted your data to third parties, we will inform them about the erasure to the extent required by law.
  4. Please note that your right to erasure is subject to certain limitations. For example, we may not and/or must not erase data that we are still required to retain due to statutory retention obligations. In addition, your right of erasure does not extend to data that we need in order to assert, exercise, or defend against legal claims, unless other grounds for continued storage exist.
  5. Restriction to the Processing: Under certain conditions, you have the right to request that processing be limited (i.e., the marking of stored personal data with the aim of limiting its processing in the future). The requirements are:
     1. The accuracy of your personal data is contested by you and PassportCard Nomads must verify the accuracy of the personal data.
     2. the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead.
     3. PassportCard Nomads no longer needs the personal data for the purposes of processing, but you require the data to establish, exercise or defend your legal claims.
     4. you have objected to processing pending the verification of whether the legitimate grounds of PassportCard Nomads override your legitimate grounds.
  6. Where processing has been restricted, such data will be marked accordingly and, with the exception of storage, will be processed only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest the EU or an EU Member State.
• Data Portability:

To the extent that we automatically process your personal data that you have provided to us based on your consent or any contract with you, you have the right to receive such data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from PassportCard Nomads. You also have the right to have the personal data transmitted directly from PassportCard Nomads to another controller where technically feasible, provided that such transmission does not adversely affect the rights and freedoms of others.

• Right to Object:

If we process your personal data on grounds of legitimate interests or in the public interest, then you have the right to object to the processing of your personal data on grounds relating to your particular situation. In addition, you have an unrestricted right to object if we process your data for our direct marketing purposes. Please see our separate note in the section titled “Information about your right to object”.

• Withdrawal of Consent:

If you have given consent to the processing of your personal data, then you can withdraw such consent at any time. Please note that the withdrawal applies prospectively only. Processing that occurred before the withdrawal of consent remains valid.

16. Information about Your Right to Object
    • Right to object for personal reasons
      • You have the right to object to the processing of your personal data on grounds relating to your particular situation. The prerequisite for this is that the data processing takes place in the public interest or on the basis of a balancing of interests. This applies also to profiling.
      • Insofar as we base the processing of your personal data on a balancing of interests, we generally assume that we can demonstrate compelling legitimate grounds but will, of course, examine each individual case.
      • In the event of an objection, we will no longer process your personal data, unless we can demonstrate:
        1. compelling legitimate grounds (zwingende schutzwürdige Gründe) for the processing of these data that override your interests, rights and freedoms, or
        2. your personal data serves the establishment, exercise or defence of legal claims.
      • Right to object to the processing for direct marketing purposes
        • You have the unrestricted right to object to the processing of your Personal Data for direct marketing purposes, which include profiling to the extent that it is related to such direct marketing without providing any reason.
        • In the event of an objection, we will no longer process your Personal Data.
      • Exercise of the right of objection
        • The objection can be made without form and should preferably be made to the contact data listed in this data protection notice.

17. Disclosure of Personal Data in case of emergency
    • In cases of an emergency, we may choose to disclose your Personal Data to a third party if all of the following apply:
      • We are approached by a third party, who is your close relative or is otherwise connected to you, asking us to disclose your Personal Data (we will verify by reasonable means the third party’s connection to you).
      • We are unable to contact you after reasonable efforts, depending on the nature and scope of the emergency.
      • We conclude after reasonable evaluation that the requested disclosure is necessary in order to protect your vital interests.

18. Notification of changes

We may change the terms of this privacy notice occasionally. We will notify you via our website or mobile app. Please read all occasional changes to this policy as they may affect your privacy rights.

19. Less secured communication during emergencies

You might need our services during unfortunate circumstances such as emergency medical care, hospitalization, during various types of check-ups with your doctors and more. During these times, and within the scope of our services, you will need to share with us Personal Data relating to your specific problem. While we prefer using secured communication channels through which you may provide us, and we may send you, Personal Data, we also understand that these channels will not always be available to you during times of need. Thus, if you are interested in sending us, and receiving from us, respectively if you send us Personal Data about you via unsecured communication channels (such as WhatsApp, S.M.S and any other IM or unsecured channel) you accept the above mentioned risks. Please note that we will not be liable for any system failure or personal data hacking while using these channels and to use these channels you retain the sole and full responsibility for using these unsecured methods of communications.

20. Direct Marketing
    • If you purchased an insurance cover with us and are therefore an existing customer, we have included you in our marketing distribution list. We will send you in the future information on our company and its offers. You can opt out from our marketing distribution list by sending us a request to kundenbetreuung@passportcard.de or by clicking the remove option in our notices. Opting out from the marketing distribution list will have no effect on your contractual rights. We will inform you on this right and possibility in the course of every single marketing information.
    • If you do not have an insurance cover with us and are interested in receiving information about the products we offer, you can contact us at kundenbetreuung@passportcard.de and request to be listed on our marketing distribution list.