Skip to main content
Insurance Guide
Understanding the SystemChoosing Your PlanCosts BreakdownSelf-Employed & Freelancers
Cost Estimator
Eligibility Check
Provider Reviews
Health Insurance
Public vs PrivateIncoming InsuranceInsurance for FamiliesKrankentagegeldNursing Care InsuranceDental InsuranceMental Health CoverageInsurance & TaxesSwitching InsuranceLeaving Germany
Resources
Connect with a Broker

Privacy Policy

Last updated: March 26, 2026

1. Introduction

Expat Health Insurance ("we," "us," or "our") operates the website expat-health-insurance.de. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our services, in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data Controller

The data controller responsible for the processing of your personal data is:

Expat Health Insurance
Website: https://www.expat-health-insurance.de

3. Data We Collect

3.1 Information You Provide

  • Contact form submissions: Name, email address, phone number (optional), occupation, income range, nationality (optional), and message content.
  • Newsletter signups: Email address.
  • Callback requests: Name, email, phone number, preferred date and time, timezone.
  • PDF guide requests: Email address and name (optional).
  • Document checklist requests: Email, name, employment type, insurance status, nationality.

3.2 Automatically Collected Data

  • Usage data: Pages visited, time spent, referral source, browser type, device type, and operating system.
  • UTM parameters: Campaign tracking data from URL parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content).
  • Cookies: See Section 7 for cookie details.

4. How We Use Your Data

We process your personal data for the following purposes:

  • To respond to your inquiries and provide insurance consultation services (legal basis: Art. 6(1)(b) GDPR — contract performance).
  • To send you the requested PDF guides, checklists, or newsletter (legal basis: Art. 6(1)(a) GDPR — consent).
  • To improve our website and services through analytics (legal basis: Art. 6(1)(f) GDPR — legitimate interest).
  • To schedule and conduct callback appointments (legal basis: Art. 6(1)(b) GDPR — contract performance).

5. Third-Party Service Providers

We use the following third-party services to operate our website:

  • Vercel (San Francisco, USA): Website hosting and deployment. Vercel processes server logs including IP addresses. Data processing agreement is in place. Transfer to the US is covered by EU-US Data Privacy Framework.
  • Resend (USA): Email delivery for contact form submissions, PDF guides, newsletters, and callback confirmations. Only email addresses and message content are shared. Data processing agreement is in place.
  • Google Analytics 4 (USA): Website analytics to understand how visitors use our site. Data is only collected with your explicit consent (see cookie consent banner). IP anonymization is enabled. Transfer to the US is covered by EU-US Data Privacy Framework.
  • WordPress (self-hosted CMS): Blog content management. No personal data from visitors is shared with WordPress.

6. Data Retention

  • Contact form data: Retained for up to 24 months after the last interaction, then deleted.
  • Newsletter subscriptions: Retained until you unsubscribe.
  • Analytics data: Google Analytics data is automatically deleted after 14 months.
  • Session data (UTM parameters): Stored in session storage and automatically cleared when you close your browser.

7. Cookies

Our website uses the following cookies:

  • Essential cookies: Required for the website to function properly (e.g., cookie consent preferences, theme preferences, text size settings). These do not require consent.
  • Analytics cookies (Google Analytics): Used to collect anonymous usage statistics. These are only set after you provide explicit consent through our cookie banner.

You can manage your cookie preferences at any time through our cookie consent banner or your browser settings.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): Request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): Request deletion of your personal data.
  • Right to restrict processing (Art. 18 GDPR): Request limitation of processing.
  • Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3) GDPR): Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us via our contact form. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS/TLS encryption for all data in transit
  • Secure hosting infrastructure with Vercel
  • Access controls and authentication for administrative functions
  • Regular security reviews of our codebase and dependencies
  • HTML sanitization of all user input to prevent injection attacks

10. Children's Privacy

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully. In Germany, you can contact your state's data protection authority (Landesdatenschutzbeauftragte).

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

https://www.expat-health-insurance.de/contact