Data Protection

Data Protection of Hanseatische Krankenkasse (HEK)

1. General

With its Internet presence, HEK  wishes to comprehensively and competently inform insurees and interested parties of benefits, contributions and health topics, as well as to offer HEK‘s insurees and business partners the best possible online service of a modern service enterprise.

2. Introduction

All data acquired by HEK come under special protection afforded by the social security data protection under the Sozialgesetzbuch (SGB) [German Social Security Code]. Any data gathered and saved while availing the offers made from an internet presence are covered by the data protection regulations of the Telemediengesetz (TMG) [German Telemedia Act]. HEK will gather and use your personal data exclusively within the framework of these legal provisions.

Personal Data

This refers to information that could be traced to you personally. For example, first names and surnames constitute personal data.

In this data protection statement, we wish to inform you of the nature, scope, and purpose of the data we gather and use when you visit the HEK  website.

We are committed to the continuous improvement of our internet offerings. These developments may necessitate changes to this data protection statement. We recommend that you visit this page at regular intervals to keep abreast of the latest changes.

3. Personal Data

Informational Use

You do not need to provide any personal data if you simply wish to obtain information on about a particular topic and do not log in or register on the website or otherwise send us information. In this informational use, as we describe it, we gather only the data sent by your browser to enable you to visit the website. This information consists of the:

  • IP address
  • date and time of the enquiry
  • time difference with Greenwich Mean Time (GMT) 
  • content of the request (the actual page)
  • access status/HTTP status code 
  • quantity of data transferred
  • website from where the request came 
  • browser
  • operating system and interface 
  • language and version of browser software.

Use of service offerings

For some HEK online services, we need personal data to be able to provide the services. If you would like to make use of these offers, we will gather and store only the data required for the service. The saved data are used only for the stated purpose.

The data that are collected, saved and used by HEK for each service offering can be ascertained from the individual input forms. In these forms, mandatory fields are indicated as such. All other entries are voluntary.


If you would like to use the hospital guide, we will need you to provide information, either the local postcode or an area, to inform you of the hospitals in your vicinity. 

Participation in competitions

From time to time, the HEK website offers prizes in a lucky draw. HEK stores the personal data of of those taking part as is necessary for the processes of the lucky draw. For example, HEK requires an address to be able to send the prize. Data are passed on to a third party only when necessary because of the nature of the prize or for presenting the prize. This occurs when a lucky draw is held on the HEK website together with a co-operation partner that will be sending out the prizes.

If participants have given consent for public release, personal data will be released about them if they win the lucky draw. Normally, this would be the first name and surname of the winner. These data will be deleted no later than six weeks after the lucky draw is completed, or earlier at the request of the participant.

Deletion of data

HEK will delete personal data 

  • if the user revokes consent for storage,
  • when they are no longer needed,
  • if on other legal grounds the storage would be no longer permissible.

You may register and de-register at your own initiative for each HEK service offering for which registration is required.

Further information

For more information about gathering and processing of data, please refer to the declarations and provisions for the individual service offerings.

General information concerning the purpose of data gathering and data processing, as well as the type of saved data etc., can be found in our „Öffentliches Verfahrensverzeichnis“, the directory of public procedures.

4. Rights to information and withdrawal of consent

  • You are entitled to request information from us at any time about
  • what data we have saved about you and for what purpose
  • the origin of these data, and
  • which parties or categories of parties will receive the data if they are forwarded.

If you have given consent to the use of personal data, you may withdraw this consent at any time. We will then delete your personal data.

Should you have any request for information, enquiry or withdrawal of consent to data processing, please contact us at the addresses indicated at the bottom of the page.

5. Use and deletion of cookies

Like many other services offered on the Internet, the HEK  website also uses cookies. These are small text files that are saved on your computer. These files contain certain information about your visit to our website that is sent to HEK. Cookies will normally be created or read automatically during each visit to


No data are saved in cookies that could be traced to any individual person visiting our website. The information saved in the cookies is held separately from any data subsequently disclosed to us. We will not aggregate these data with data from other sources.

This website uses session cookies and transient cookies. Session is understood as a single session on the Internet that ends no later than the closing of the web browser.

Session cookies

Session cookies are used to save the session data. Session cookies save the session ID that enables the various requests of your browser to be assigned during a shared session. This feature allows your computer to be recognised again when you return to the website.

The lifetime of a session cookie is limited to the particular session. This means that once you fully close the browser, the cookie becomes invalid and can no longer be used. The same will happen if you are inactive for more than 30 minutes on the HEK website.

Transient cookies

Unlike session cookies, transient cookies are saved for a longer period. These cookies will stay on the computer beyond the visit itself unless they are intentionally deleted. In addition, transient cookies contain a pre-determined expiry date. After this date expires, the cookies will be deleted automatically.

Transient cookies are used by HEK, for example, for statistical purposes and to enable identification of which content on the HEK website is in particularly high demand. This helps significantly in the continual improvement of In this, no attribution is made to any person.


You can delete cookies generated by HEK at any time using your browser. However, please note that your personal settings for the use of are also saved in these cookies. This means that when you delete these cookies, these settings will also be reset and you may not be able to use all the available functions on our website.

6. Analytical tools

General provisions

We analyse visitor use of our website on a pseudoanonymised basis, in which the identity of a visitor to the site cannot be traced. The information gained through this analysis will help us to improve HEK’s web offering and carry out market analyses. The legal basis for analysis is set out in Section 15 of the Telemediengesetz. As a visitor to, you have the right to opt out from this gathering of data.

Web tracking

HEK uses the method of web tracking to analyse usage behaviour. That means that HEK will record what sites you visit and how often. For this purpose, HEK uses cookies that expire after 180 days.

In usage analysis, HEK has engaged the services of the Webtrekk GmbH company. Webtrekk GmbH is certified by TÜV Saarland for data protection in web monitoring software.

 When you visit our website, your browser will send us some information. We will gather these data and analyse it for our web monitoring purposes. These data will be gathered using tracking pixels, which are integrated into every website. Webtrekk GmbH saves the information thus acquired exclusively on its server in Germany.

The following data are collected: 

  • request (file name of the requested file)
  • browser type/version
  • browser language
  • operating system used
  • internal resolution of the browser window
  • screen resolution
  • Javascript activation
  • Java on/off 
  • cookies on/off 
  • depth of colour
  • referrer URL (the previously visited site)
  • IP address - to prevent recognition, the last octet of the IP address is truncated
  • time of access
  • clicks
  • value of order, if applicable content of the form, if applicable (for text entry fields such as name or password, only “filled in” or “not filled in” will be transmitted)


In usage analysis, HEK has engaged the services of the Piwik company. You can find more information about data protection by Piwik at:

If you wish to opt out from all saving of data on, please click here.

When analysis data are processed by Piwik, the IP address will be truncated so that no direct link can be made to any individual person. The truncated IP address will not be aggregated with any other data we hold.

7. Social plug-ins (Facebook, Twitter, Xing)

Social plug-ins are used on the HEK website. The current plug-ins are for Facebook, Twitter, Xing. Data, including personal data, can be sent by these plug-ins to US service providers, where these data may possibly be used.

Access by service providers

The service provider then receives information that you have requested the relevant page of our online offering. For this, you must neither have an account nor be logged in with the service provider. If you are logged in at a service provider, these data will be assigned directly to your account. If you click on a social plug-in and, for example, follow a link to the site, the service provider will also save this information in your user account and share that information publicly with your contacts.

If you do not want this information to be added to your profile at the service provider, you must log out before clicking on the social plug-in.

HEK has no control over whether and to what extent the service provider will gather personal data. Moreover, we have no knowledge of the scope, purpose and length of retention of the gathered data. It must be assumed that at a minimum, the IP address and device-relevant information will be recorded and used. It is also possible that the service provider will use cookies.

Notices from service providers

You can obtain further information about the handling of data protection from the websites of the individual service providers:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA:;

further information about acquisition of data:, applications everyoneinfo

b) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA

c) Xing AG, Dammtorstraße 30, 20354 Hamburg, Deutschland

8. Embedding of third-party services

We have embedded YouTube videos into our online offering that are stored on and can be played directly from our website. We have embedded these videos in the extended data protection mode. In this way, we ensure that no personal data will be sent to YouTube without playing a YouTube video when you visit the HEK website. Only when you play a video will any data be transferred. We have no control over this data transfer.

9. System security

We maintain up-to-date technical measures to ensure data security. These measures serve in particular to protect your personal data from unauthorised access by third parties. We keep our protection mechanisms in line with the current state of the art.

Whenever you are asked to enter personal data in one of our online offerings, the data are always transferred using an SSL encryption. This encryption should prevent any unauthorised party from gaining possession of your data. 

10. E-mail communication

In some cases, we reply to customer enquiries by conventional post, even when the enquiry is sent to us by e-mail. We always do this when a reply contains any social security data. We regret that for legal reasons, no other option is available at this time. As soon as technology lending itself to more widespread use becomes available in a form that guarantees the highest possible data security, we will be happy to respond to your service enquiries by e-mail.

11. Bearer of liability

Hanseatische Krankenkasse
Wandsbeker Zollstraße 86-90
22041 Hamburg
Telefon: 0800 0213213 (kostenfrei)

12. Data protection officer for HEK

Hanseatische Krankenkasse
Wandsbeker Zollstraße 86-90
22041 Hamburg