Postbeamtenkrankenkasse (PBeaKK, German Postal Civil Servants’ Health Insurance Fund) – Court Ruling (Germany, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The data subject was a civil servant for one of the companies (Bundesanstalt für Post und Telekommunikation (BAPT)) the controller manages the employee's health insurance benefits of. On 13 June 2018, the data subject sent a telefax to the controller, looking to exercise their Article 15 GDPR right to obtain from the controller a confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data in a detailed list. The controller responded on 2 July 2018, covering all aspects of Article 15 GDPR (a)-(h) in a one page document containing name, address, birth date, employee ID, tax ID, bank information, type of insurance, beginning of insurance as well as which group and pay scale. It also contained a general listing of billing documents and digitized receipts and outgoing mail since 2007. The data subject was not satisfied with this response, criticizing the lack of health data, missing information about the health reimbursement record for civil servants (Beihilfeakte), and an incorrect phone number. The controller replied to the complaint on 1 August 2018, saying that the phone number was deleted and offering examples of health data in the form of past doctors the data subject frequented. The data subject was yet again not satisfied and filed a disciplinary complaint at a data protection authority as the disclosure was deemed incomplete. The controller referred to Article 23 GDPR in conjunction with § 34(1)(2)(a) German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), stating they store approximately 3,000 documents, some with multiple pages, relating to the client due to the retention period of 10 years. It also claimed that the employer of the data subject has expressly reserved the right to respond to data requests based on Article 15 GDPR for themselves. The data subject kept repeatedly reaching out to the controller about its incomplete data inquiry, on 27 August 2018, 02
GDPR Articles Cited
National Law Articles
The data subject was a civil servant for one of the companies (Bundesanstalt für Post und Telekommunikation (BAPT)) the controller manages the employee's health insurance benefits of. On 13 June 2018, the data subject sent a telefax to the controller, looking to exercise their Article 15 GDPR right to obtain from the controller a confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data in a detailed list. The controller responded on 2 July 2018, covering all aspects of Article 15 GDPR (a)-(h) in a one page document containing name, address, birth date, employee ID, tax ID, bank information, type of insurance, beginning of insurance as well as which group and pay scale. It also contained a general listing of billing documents and digitized receipts and outgoing mail since 2007. The data subject was not satisfied with this response, criticizing the lack of health data, missing information about the health reimbursement record for civil servants (Beihilfeakte), and an incorrect phone number. The controller replied to the complaint on 1 August 2018, saying that the phone number was deleted and offering examples of health data in the form of past doctors the data subject frequented. The data subject was yet again not satisfied and filed a disciplinary complaint at a data protection authority as the disclosure was deemed incomplete. The controller referred to Article 23 GDPR in conjunction with § 34(1)(2)(a) German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), stating they store approximately 3,000 documents, some with multiple pages, relating to the client due to the retention period of 10 years. It also claimed that the employer of the data subject has expressly reserved the right to respond to data requests based on Article 15 GDPR for themselves. The data subject kept repeatedly reaching out to the controller about its incomplete data inquiry, on 27 August 2018, 02
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Postbeamtenkrankenkasse (PBeaKK, German Postal Civil Servants’ Health Insurance Fund) in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Postbeamtenkrankenkasse (PBeaKK, German Postal Civil Servants’ Health Insurance Fund) - Germany (2023). Retrieved from cookiefines.eu
Last updated: