Carglass GmbH proved that its IT-based service "Interfaces To Insurance Companies" complies with EU data protection law. Customers of Carglass (i.e., vehicle owners) can be sure that processing of their personal data by Carglass when communicating with vehicle insurance companies on the occasion of an insurance event relating to the breakage of glass is in line with the high requirements of EU data protection law.


Interfaces To Insurance Companies

Function as provided in November 2014

Qualification: IT-based service

View the Carglass Interfaces to Insurance Companies Certificate

Cert. No.



13/01/2015 - 31/01/2017


09/2015 (O.K.)

05/2016 (O.K.)

Public report

Interfaces To Insurance Companies Short Public Report Image Image 



Carglass GmbH
Godorfer Hauptstr. 175
50997 Köln



Employees of insurance companies who use the web portal are informed about relevant data protection requirements concerning the transfer of personal data on vehicle owners to Carglass by means of a detailed and comprehensible data protection leaflet. The leaflet is available at




The focus of the services that are provided by Carglass GmbH is on the repair or replacement of car windows. Providing the services, Carglass aims at assisting its customers in the overall process which involves communication with vehicle insurance companies. The main purpose of this communication is to clarify whether in a given case the relevant vehicle insurance company will accept the cost of repair.


The target of evaluation comprises the interfaces between Carglass GmbH and vehicle insurance companies. The data exchance that is made over these interfaces serves the following purposes:

  1. Clarification whether the relevant insurance company will accept the cost of repair (if not, customers will have to pay for Carglass' services themselves),
  2. Transmission of notice of damage of glass (to be signed by the customer - vehicle owner) from Carglass to the relevant insurance company,
  3. Billing between Carglass and insurance company after the repair of a glass damage,  
  4. Transmission of personal data about prospective customers from insurance companies to Carglass (employees of insurance companies may receive a commission when advising vehicle owners to rely on Carglass).

The ToE includes:

  1. Technical interfaces between Carglass and insurance companies for the purpose of sending requests for acceptance of cost of repair and receiving answers to these requests; 
  2. The web portal, if it is used by employees of insurance companies to communicate personal data about prospective customers to Carglass;
  3. Procedures that are used by Carglass to obtain the consent of the (prospective) customers for exchange of personal data with insurance companies (if applicable). 

Technical Evaluator

Hans-Joachim Bickenbach
2B Advice GmbH – the privacy benchmark
Joseph-Schumpeter-Alle 25
53227 Bonn

Legal Evaluator

Marco Schröder
2B Advice GmbH – the privacy benchmarkJoseph-Schumpeter-Alle 25
53227 Bonn

Formerly Certified Versions



European Privacy Seal for Carglass Interfaces to Insurance Companies



This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint



v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria


Cert. No.



24/05/2018 - 31/05/2020




Public Report

f.i.t. Short Public Report Image Image 



Im Heegen 13
22113 Oststeinbek


Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.


Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.


REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 


REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.



This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.


European Privacy Seal for REISSWOLF f.i.t.