1. Scope of application
The following data protection notice applies to Munich Re’s internet presence. This website contains links to third-party websites (external links). These websites are the responsibility of the respective operators. Should you notice that our website contains a link to a site whose content violates applicable law, please let us know at email@example.com.
We will then remove such link from our website without delay. Munich Re assumes no responsibility as to the topicality, correctness, completeness or quality of the information provided.
2. Use of your data
2.1. Who will be responsible for processing your data, and how can you reach the Data Protection Officer?
Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in Munich
80802 München, Germany
You may contact our Data Protection Officer at “Data Protection Officer” at the aforementioned address, or via the e-mail address firstname.lastname@example.org.
2.2 What categories of data will we use, and for what purposes do we process personal data?
You are generally free to visit our website anonymously. Munich Re does not save any personal or traceable data (e.g. IP addresses) of visitors to its website. We collect impersonal data about visits to our website (date, time, pages visited, navigation, software used) to have user habits anonymously analysed by an external service provider. The data is rendered anonymous before it is saved by the service provider.
If you disclose your personal data to us in specific circumstances (for example, by filling out a contact form), we handle such data confidentially, in accordance with the data protection regulations in effect at our Company’s registered office. If you send us an e-mail, or if you complete and submit an on-line form on our website, we will use any personal data you provide (such as your name or e-mail address) only to correspond with you, to send you the information you requested, or for the other purpose(s) stipulated on the particular form.
For legal or technical reasons, personal data may also be collected and communicated to us in an encrypted form from areas on our website that are accessible only to users with special authorisation (for example, the shareholder portal or job application portal). The amount of data collected depends on the application used.
For every application or process with which we collect your personal data, we will provide an individualised privacy statement to inform you about the processing of your data.
2.3 What is the legal basis for our processing of your personal data?
We process your data on the basis of the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and all other laws applicable to the processing of personal data. The substantive legal grounds for the processing depend on the context and the purpose for which we collect your data.
As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary, in the context of a contractual relationship, to fulfil a contract or during the pre-contractual process (for example, job application process), or at your request. Where the applications are restricted-access (for example the job applicant portal), the user or data subject’s consent may constitute the legal grounds. You may revoke such consent at any time. Any processing done before the revocation would remain valid, however.
2.4 Who receives your data?
Within Munich Re, only those staff and departments who are responsible for the respective process will receive your data. The data may also be disclosed to service providers for the purposes set out above. Using service providers is necessary, for example, for the administration and maintenance of our IT systems. We also use external service providers for support when managing job applicants, for example. If we process any of your personal data for certain purposes, you will receive a notice about how exactly your data is being used.
Service providers that we use to send you the requested information (such as brochures by mail, issuing newsletters) will receive your required personal data (e.g. postal services receive your name and address).
A list of all service providers that we use for data processing can be found under Section 6, and also is available for downloading.
2.5. Will we send your data to third countries?
If personal data needs to be transferred to service providers or Group companies outside the European Economic Area (EEA), this will be done only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example through standard EU contractual clauses, Privacy Shield). You may also request the information from the aforementioned contact person.
2.6 What measures do we have in place to protect your data?
We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorised third-party access during transfer. You can recognise an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.
For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected e-mail, it is possible that unauthorised parties may gain knowledge of or modify your data during transmission via the internet.
2.7 What data protection rights can you claim as a data subject?
At the address indicated above, you may request information about the personal data we have stored under your name. In addition, under certain conditions you may request that your data be deleted or corrected. Furthermore, you may also have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format.
2.8 Right to object
If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
2.9 Who can you contact if you have a complaint?
If you have a complaint, you may contact the aforementioned Data Protection Officer, or the state data protection authority. The authority responsible for us is:
Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht)
91522 Ansbach, Germany:
2.10 How long will your data be stored?
We will delete your personal data as soon as it is no longer required for the purposes set out above, and no legal documentation or retention requirements apply, for example in the German Commercial Code (HGB), fiscal laws or the General Tax Code (AO). Further details can be found, where applicable, under the respective types of data processing.
2.11 Are you required to provide us with your data?
You are not required to provide personal data when accessing Munich Re’s website. However, there are services for which we require personal data from you – for example, to send you information, a newsletter you have requested, details about a contract, or to take your application into account for a job opening. Without this data, Munich Re cannot carry out the services you request. We collect only the data that is required in a particular case. Where we do process your personal data, we will inform you separately about the purposes, recipients, legal basis and any other rights you may have.
3. Cookies and log files
During an online session, cookies are stored on your computer. These are small files that control the display and operation of our website. Cookies will not damage your computer and do not contain viruses.
When you visit our website, and wish to make use of the functions we offer, we use one group of cookies that are required for technical reasons.
We also employ other cookies to carry out statistical evaluations of the range of our websites. We perform anonymised statistical evaluations of these websites. We do not establish any personal link to you. We commission service providers to carry out the statistical evaluations, and these are performed exclusively for us and on our behalf. For this reason, when you visit our websites, cookies from these service providers are also stored on your device.
If you do not want cookies for statistical evaluations to be stored on your computer, you can object to them by opting out. In this case, an opt-out cookie will be stored on your device that prevents our website cookies for statistical evaluations from being stored on your computer in future.
Most of the cookies we use are session cookies. They are automatically deleted at the end of your visit. Other cookies, such as those used for statistical evaluations, remain on your terminal device until you delete them. These cookies allow us to recognise your browser the next time you visit.
- The session ID for internal use on the server, specifically used for load distribution, is removed at the end of your browser session.
- Registers the “read” status of the cookie banner, duration 60 months
- Visitor identification for the statistical evaluation of web trends, duration 24 months
- Visitor identification for the statistical evaluation of web trends, duration 10 years
- Visitor identification for the statistical evaluation of web trends, duration 10 years
- registers an opt out from statistical evaluation, duration 10 years
- contains a copy of the Adobe Experience Cloud ID for visitor identification using Adobe Analytics, duration 24 months
- contains the unique Adobe Experience Cloud user ID for visitor identification using Adobe Analytics, duration 24 months
- detects whether cookies are permitted, and is removed at the end of the browser session.
- registers the last link clicked, and is removed at the end of the browser session.
- contains a unique visitor ID for visitor identification using Adobe Analytics, duration 24 months
- contains a copy of the unique visitor ID for visitor identification using Adobe Analytics, duration 24 months
3.2 Server log files
The information that your browser automatically sends us is collected automatically and saved in server log files. They contain:
- Browser type and version
- Operating system used
- Referrer URL (the URL that the user comes from)
- Host name (network name) of the accessing computer
- Time of server request
This data cannot be traced to individual people. We do not merge this data with other data sources. We reserve the right to review the information subsequently, and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our internet presence is being used illegally (for example, a hacking attack on our network).
4. Use of social networks
Social media functions and social plug-ins are embedded in our website in the form of small icons. We currently embed the following social networks on our websites as icons: Twitter, Google+, LinkedIn, Facebook and XING.
By default, Munich Re exclusively embeds deactivated icons, which do not contact the servers of these external networks when Munich Re’s website is accessed. The buttons become active and create a connection only if you deliberately click an icon, thus indicating your consent to communicating with such providers. By entering your personal login data to these networks, you create a connection to your identity.
You thus leave Munich Re’s internet presence and our sphere of influence. Munich Re does not record which external network you activate. The next time you visit Munich Re’s website, the social media plug-ins return to their inactive modus, ensuring that no data is automatically communicated to social media upon such return visit.
When you interact with the social plug-ins – for example, by entering a comment – a corresponding notification is sent to the social network and saved in accordance with the respective network’s policy. Please consult the respect social network’s data protection statement with regard to the scope and purpose of the data collected, its use and processing, as well as your respective rights and options in protecting your privacy.
6. Use of your data in specific processes
Munich Re will inform you when it collects your data while you use its website (job applications, subscribing to newsletters, responding to surveys, etc.) You will find information on the processing of your personal data – outside of our website as well – here .
We use external service providers to operate some parts of our website. The categories of service providers can be found in the Download section.
7. Amendments to this data protection notice
The continual improvement of our website, and the use of new technology, make it necessary to amend our data protection notice from time to time. When visiting our website, please read the current version of our data protection notice (current version: May 2018).
You may view the previous version (dated 16 February 2016) here previous version (dated 16 February 2016)