Compass Shield – Privacy at a Glance

Who we are: Compass Point Assist, Schulstrasse 13, 82441 Ohlstadt, Germany.
What we collect: Your contact details, travel information, and — in emergencies — medical data.
Why we collect it: To manage your membership, provide 24/7 assistance, coordinate with insurers and medical partners, and meet legal obligations.
Who we share it with: Only with trusted partners such as insurers, medical providers, or emergency responders — and only if necessary.
Where it goes: Sometimes outside the EU/EEA, but always with GDPR safeguards.
How long we keep it: Only as long as needed for your membership, assistance cases, and legal requirements.
Your rights: You can access, correct, delete, or restrict your data. You may also object to processing or withdraw consent.
Contact us anytime: 📧 dataprotection@compasspoint-assist.com
Your regulator: You can also contact the Bavarian Data Protection Authority (BayLDA).

⚠️ Important: If you need medical help, we may need to process sensitive health data to provide support.

Compass Shield – Privacy Policy

Effective Date: September 1, 2025

Compass Point Assist (“CPA”, “we”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, process, and safeguard information in connection with the Compass Shield membership and portal.

1. Data Controller

The data controller responsible for the processing of personal data in connection with Compass Shield is:
Compass Point Assist
Schulstrasse 13, 82441 Ohlstadt, Germany
📧 dataprotection@compasspoint-assist.com

2. Categories of Data Collected

We may collect the following categories of personal data:

Identification data (name, date of birth, nationality, address, passport details if required).
Contact data (telephone numbers, email addresses).
Travel data (destination, itinerary, dates of travel).
Membership and payment data (membership type, transaction details, billing information).
Medical and health data (medical history, current condition, diagnoses, treatments, prescriptions, or information required during an assistance case).
Technical data (portal log-in information, IP address, browser/device type, usage statistics).

3. Purposes of Processing

Personal data is processed for the following purposes:

Administration of Compass Shield memberships.
Verification of identity and membership validity.
Provision of advisory, assistance, and emergency support services.
Coordination with insurers, medical providers, and local assistance partners.
Processing of medical information where necessary for urgent care, case management, or insurance claims.
Compliance with legal and regulatory requirements, including sanctions screening.
Communication with Members before, during, and after their travel.
Portal operation, security, and improvement.

4. Legal Basis for Processing

The processing of personal data is carried out on the following legal bases under GDPR:

Administration of Compass Shield memberships.
Verification of identity and membership validity.
Provision of advisory, assistance, and emergency support services.
Coordination with insurers, medical providers, and local assistance partners.
Processing of medical information where necessary for urgent care, case management, or insurance claims.
Compliance with legal and regulatory requirements, including sanctions screening.
Communication with Members before, during, and after their travel.
Portal operation, security, and improvement.

4. Legal Basis for Processing

The processing of personal data is carried out on the following legal bases under GDPR:

Art. 6(1)(b) GDPR - for performance of a contract (membership services, assistance provision).
Art. 6(1)(c) GDPR - or compliance with legal obligations (e.g., tax, accounting, sanctions laws).
Art. 6(1)(f) GDPR - for legitimate interests (fraud prevention, service improvement, IT security).
Art. 9(2)(c) GDPR - processing of health data where necessary to protect vital interests in an emergency.
Art. 9(2)(h) GDPR - processing of health data necessary for the provision of medical treatment and health management.

5. Data Sharing and Recipients

We may share personal data, strictly as required, with:

Licensed insurers providing insurance components of Compass Shield.
Medical providers, hospitals, or emergency responders.
Assistance partners (including ground support and risk intelligence providers).
IT service providers operating our portal and communication systems.
Public authorities where legally required (e.g., law enforcement, regulators).

6. International Data Transfers

Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards, such as the EU Commission’s Standard Contractual Clauses or equivalent protections, are in place.

7. Data Retention

We retain personal data for the following periods:

Membership and case-related data: generally, 10 years (insurance and statutory recordkeeping).
Medical data: retained only as long as necessary for the assistance case and related obligations.
Technical and log data: generally, 1 year. Longer retention may apply where required by law.

8. Member Rights

Members have the following rights under GDPR:

Right to access (Art. 15).
Right to rectification (Art. 16).
Right to erasure (Art. 17).
Right to restriction of processing (Art. 18).
Right to data portability (Art. 20).
Right to object (Art. 21).
Right to withdraw consent at any time (Art. 7(3)).

Requests may be made to: dataprotection@compasspoint-assist.com.

9. Security

We implement appropriate technical and organizational measures to protect personal data, including sensitive health information, against unauthorized access, alteration, disclosure, or destruction.

10. Children

Compass Shield services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children without parental or guardian consent.

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. Members will be notified of material changes, and the latest version will always be available in the Compass Shield portal.

12. Supervisory Authority

Members also have the right to lodge a complaint with the competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27, 91522 Ansbach, Germany
📧 poststelle@lda.bayern.de