Data protection rights

Information on data processing and your rights

Your data are in safe hands with AOK – Die Gesundheitskasse; it is obliged to maintain social confidentiality (Article 35 SGB I (German Social Security Code I)). Since 25 May 2018, the European Union General Data Protection Regulation (EU-GDPR) has been in force, which further strengthens your rights as a customer. The following notes give you an overview about the collection and processing of your data and the related rights.

Information on data processing by the affiliated AOK

For which purposes and on what legal basis do we process your data?

AOK – Die Gesundheitskasse, as the provider of the statutory health and long-term care insurance, has the task of maintaining, restoring or improving the health of its insured persons, as well as providing assistance to patients in need of long-term care who, due to the seriousness of their need for long-term care, are dependent on solidarity support.

Benefits and other expenses are financed by contributions from employers and members.

In order to be able to perform these statutory tasks, AOK processes the data required for this purpose. This data is collected from you on the basis of statutory cooperation obligations (see, among others Articles 60 et seq. of SGB I (German Social Security Code I)) or consent. In addition, according to the Social Security Code, AOK also receives data from third parties (e.g. from your employer or service provider). A lack of cooperation can lead to disadvantages for you in terms of provision of services (refusal or withdrawal of services).

For health insurance, the legal basis for data processing derives from Article 284 SGB V (German Social Security Code V), for long-term care insurance from Article 94 SGB XI (German Social Security Code XI). In addition, AOK Rheinland/Hamburg is also assigned tasks according to other legal regulations for which personal data must be processed.

This includes numerous data processing tasks for their insured persons – including in the context of medical care for their insured persons who are abroad, e.g.

  • Identification of the insurance relationship and membership as the basis for a possible entitlement to benefits within the framework of the care contracts according to Article 140E SGB V (German Social Security Code V).
  • Review of the obligation to perform and the provision of services in other European countries.
  • Supporting the insured in case of medical malpractice.
  • Involvement of the medical service department.
  • Financial reconciliation with the service providers including checking the legality and plausibility of the billing.
  • Monitoring of compliance with contractual and legal obligations of the service providers of auxiliary equipment.
  • Monitoring the economic efficiency of service provision.
  • Financial reconciliation with other providers.
  • Execution of claims for reimbursement and compensation against third parties.

In addition, the AOK processes data on the basis of explicit declarations of consent (Article 6(1a) EU-GDPR).

Which data do we process?

We process the following categories of data:

  1. Personal data (e.g. address and contact data, date of birth)
  2. Membership data
  3. Insurance relationship data
  4. Service, care and billing data including health data (e.g. diagnoses, work incapacity times)
  5. Data from service providers and other contractual partner

Who receives your data?

Within the framework of statutory regulations, e.g. for billing with your health insurer, medical service, service provider as well as within the framework of payment transactions, data is transferred regularly to financial institutions and payment agencies. Beyond this, data may only be used in the individual cases specified by law in accordance with Articles 67d et seq. SGB X (German Social Security Code X) (e.g. police authorities, municipal and local authorities, tax authorities).

AOK may have your statutory duties performed by another provider, joint ventures or other service providers (in particular contract processors).

AOK may use and process the legally collected and stored data of the data subject for other purposes, provided that a different legal basis exists for this purpose according to the Social Security Code or the express consent of the data subject.

How long do we store your data?

The data is used for the performance of the task and for the duration of the legally prescribed retention periods (e.g. Article 110a SGB IV, Article 304 SGB V, Article 84 SGB X, Article 107 SGB XI (German Social Security Code IV, V, X, XI)) and then deleted.

What rights do you have in connection with the collection and processing of your data?

  • Right of access to the processed data
    (Article 15 EU-GDPR in conjunction with Article 83 SGB X (German Social Security Code X))
  • Right of rectification of incorrect data
    (Article 16 EU-GDPR in conjunction with Article 84 SGB X (German Social Security Code X)
  • Right of erasure
    (Article 17 EU-GDPR in conjunction with Article 84 SGB X (German Social Security Code X)
  • Right of restriction of processing
    (Article 18 EU GDPR in conjunction with Article 84 SGB X (German Social Security Code X))
  • Right to object
    (Article 21 EU-GDPR in conjunction with Article 84 SGB X (German Social Security Code))
  • Right of data portability
    (Article 20 EU-GDPR)
  • In the case of data processing on the basis of consent, the right to withdraw this consent exists at any time with effect for the future.

Do you have the right to lodge a complaint?

You have the right to complain to the regulatory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for AOK Rheinland/Hamburg is:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit (LDI) des Landes Nordrhein-Westfalen
Kavalleriestr. 2-4
DE-40213 Düsseldorf
Telephone: +49 211 384240

Please find the address for the affiliated AOKs on the respective website, see Service and/or Footer by clicking on the relevant AOK.

What data does Clarimedis, the medical information service of AOK, process?

For medical questions, the doctors of the AOK-Clarimedis ServiceCenter only store the reason for the request as well as the key points regarding the advice and information provided. Clarimedis processes this data based on your active consent. This makes it possible for us to use previously known information in case of enquiries and/or new customer inquiries.

Data is stored for one year. For a further nine years, we store the data in a specially protected archive only for the clarification of possible questions regarding legal liability. After this period, the data will be deleted.

Consent to data storage can be withdrawn at any time by contacting AOK-Clarimedis at Medical professionals at AOK-Clarimedis are subject to confidentiality. Your personal data will not be passed on to third parties. Clarimedis' terms of use can be found at

Who is responsible for data processing and who can you contact?

AOK Rheinland/Hamburg – Die Gesundheitskasse
Kasernenstr. 61
DE-40213 Düsseldorf

Telephone: +49 211 819 50000


as well as the respective departments of your responsible AOK.

If you have any questions, or if you believe that the processing of your personal data is not lawful, you may contact us or our data protection officer. You can reach our data protection officer at:

Datenschutzbeauftragter der AOK Rheinland/Hamburg
Kasernenstr. 61
DE-40213 Düsseldorf


Please find the address for the affiliated AOKs on the respective website, see Service and/or Footer by clicking on the relevant AOK.

Withdrawal of consent for the storage and use of personal data for sales purposes and advertising