Information about data protection on websites

Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München
Königinstr. 107
80802 Munich
Germany
Tel.: +49(89)3891-0
Fax: +49(89)399056
email: contact@munichre.com

(hereinafter referred to as “Munich Re” or “we”)

You can contact our Data Protection Officer at the postal address above – please include “Data Protection Officer/Group Compliance & Legal” in the address – or send an email to datenschutz@munichre.com.

3.1 What categories of data do we use, and for what purposes is personal data processed?

Munich Re only processes your personal data to the extent necessary to provide a functional website as well as our content and services. As a general principle, you can opt to use our website without providing personal data – with the exception of the data that your browser transmits to us automatically when you visit a page. For more information, please refer to sections 4 to 7.

No automated decision-making is used.

3.2 What is the legal basis for our processing of your personal data?

We will process your data on the basis of the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telecommunications Digital Services Data Protection Act (TDDDG) and all other laws applicable to the processing of personal data.

The substantive legal grounds for the processing depend on the context and the purpose for which we receive your data. You can find further information from section ‎4 onwards.

3.3 Who receives your data?

Within Munich Re, only the responsible staff and departments will receive the data required for the process concerned. The data may also be sent to service providers for the purposes for which it was collected. Service providers have to be involved in the administration and maintenance of IT systems, for example. Support is provided by external service providers in applicant management, for example. If we process any of your personal data for certain procedures, you will receive detailed information on how we may use your data.

Service providers that we use to send you the information you have requested (e.g. information by mail, newsletters, etc.) will receive the necessary personal data (e.g. postal companies will receive your name and address details). A list of all service providers that process data on our behalf can be consulted or downloaded using the link “Further information” at the bottom of this website.

3.4 Will your data be transferred to a third country?

As a general principle, we process your personal data in Germany or in countries that are European Union (EU) or European Economic Area (EEA) member states. If we need to transfer personal data to service providers or subcontractors outside the EEA, we will do so only if the European Commission has confirmed that the country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example, through binding corporate rules, or the European Commission’s Standard Contractual Clauses). You can write to the above-mentioned address to obtain detailed information and to learn more about the level of data protection at our service providers in non-EEA countries.

3.5 What measures do we have in place to protect your data?

We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties.

3.6 What data protection rights can you assert as a data subject?

You can request information about the personal data we have stored under your name, from the address above. In addition, under certain circumstances, you may request that your data be rectified or erased. Furthermore, you may have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format. If you have given your consent, you have the right to revoke it at any time with effect for the future; if you were not informed of any other way to do so when you gave your consent, you can send your revocation to the above address.

If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if processing serves the assertion, exercise or defence of legal claims.

Please contact the address above if you wish to exercise the rights referred to above. 

3.7 Who can you contact if you wish to make a complaint?

If you believe that we have breached applicable data protection law when processing your personal data, you can contact the aforementioned Data Protection Officer or the data protection authorities to make a complaint. The public authority responsible for Munich Re is:

Bayerisches Landesamt für Datenschutzaufsicht (Data Protection Authority of Bavaria for the Private Sector)
Promenade 18
91522 Ansbach
Germany

3.8 How long will your data be stored for?

We will delete your personal data as soon as it is no longer required for the purposes set out in this information on data protection, and provided that no legal documentation or retention requirements apply, for example in the German Commercial Code (HGB), fiscal laws or the German Fiscal Code (AO). In addition, we only store personal data in individual cases if this is necessary in connection with the defence, assertion or exercise of legal claims. You will find more detailed information, where relevant, in the specific data processing sections.

3.9 Are you obliged to provide your data?

You are not required to provide personal data when accessing Munich Re’s website. There are, however, services for which we require personal data from you, e.g. to send you information, a newsletter you have requested such as the “Munich Re email information” or information on a contract, or to consider you as part of an application process. Without this data, Munich Re cannot carry out the services you request. We only collect the data that is actually required. In those cases in which we process your personal data, we will provide you with separate information on the processing purposes, recipients, legal basis and other rights you may have, to the extent that this is not already included in this data protection information.

We automatically collect and store information in what are known as server log files, which your browser transmits to us automatically. This information includes:

• Browser type and browser version;
• Operating system used;
• IP address;
• Referrer URL (from which URL the user is coming);
• Host name (network name) of the accessing computer; and
• Time of the server request.

Such data cannot be traced back to individual users. The data will not be merged with data from other sources. We reserve the right to review the information subsequently, and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our website is being used illegally (for example, a hacking attack on our network).

Our legitimate interests (Art. 6(1f) GDPR) provide the legal basis for processing. Our legitimate interest lies in providing a secure and functioning website.

The data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. Where data is collected for the purposes of making the website available, this is the case when the session has ended.

During your online session, we use the pixel technology of WiredMinds GmbH (Lindenspürstraße 32, 70176 Stuttgart, Germany) for non-personal analysis of use of our website. For this purpose, we process your IP address, which your browser transmits to us automatically when you visit our website. The processing is limited to the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). IP addresses are not stored. The data collected by WiredMinds does not allow any conclusions to be drawn about, or create any links back to, natural persons at any time. WiredMinds uses this information to create company-related usage profiles relating to use of our website, to improve our website and our marketing in general. The data obtained in this way is not used to personally identify visitors of our website.

The processing is based on the legal grounds of our legitimate interests (Art. 6(1f) GDPR), as we want to know which companies are interested in our offering. This is also our legitimate interest.

Social media functions and social plug-ins are embedded in our website in the form of small icons. We currently embed the following social networks on our websites as icons: LinkedIn, YouTube, Instagram, Facebook, X and Xing.

By default, Munich Re exclusively embeds deactivated icons, which do not contact the servers of these external networks when Munich Re’s website is accessed. The buttons become active and create a connection only if you deliberately click an icon, thus indicating your consent to communicating with such providers. By entering your personal login data to these networks, you create a connection to your identity.

You thus leave Munich Re’s website and our sphere of influence. Munich Re does not record which external network you activate. The next time you visit Munich Re’s website, the social media plug-ins return to their inactive mode, ensuring that no data is automatically communicated to social media upon such return visit.

When you interact with the social plug-ins – for example, by entering a comment – a corresponding notification is sent to the social network and saved in accordance with the respective network’s policy. Please consult the respective social network’s data protection notice with regard to the scope and purpose of the data collected, its use and processing, as well as your respective rights and options in protecting your privacy.

The email address you provide will be used by Munich Re to reply to you with the information you request. Any sensitive confidential information will be encrypted or, if this is not possible, sent to you by regular mail. If the contents of the email refer to a contractual relationship, Munich Re will save the email. The email address will be saved exclusively for corresponding with you, and will not be disclosed to third parties. The legal basis for processing data transmitted in the course of sending an email is Art. 6(1f) GDPR. Our legitimate interest lies in communicating with you. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1b) GDPR.

We also process your data in accordance with Art. 6(1f) GDPR to ensure the IT security of IT operations (e.g. logging and monitoring to prevent unauthorised access, unauthorised disclosure of confidential information, or for troubleshooting). This is also our legitimate interest. Insofar as this is compatible with the original purpose of the processing, we or individual service providers may anonymise logged usage data in order to subsequently use the anonymous data for purposes of improving the respective IT products, their security and the like.

The data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. In cases involving email communication, this is the case when the communication with you has been finalised and there are no longer any legal obligations to retain data (in connection with the conclusion and/or initiation of a contract). Even after a contract has been concluded, it may be necessary to store personal data concerning the contractual partner in order to fulfil contractual or statutory obligations.

If requested by you, we will process your personal data in order to send you the Munich Re email information and other marketing information, invitations to seminars or events or surveys, and other relevant and interesting news from Munich Re (“Munich Re email information”).

Within this context, we process the following data concerning you:

• Your email address to send you the Munich Re email information;
• Your name and title so that we can address you personally in the Munich Re email information;
• Information regarding the consent you have granted to prove this consent (e.g. metadata such as the time you signed up for the Munich Re email information as part of the double opt-in procedure); and
• Other information that you have voluntarily provided to us for further use (for example, business areas such as life insurance that you would like information on, or your professional field of activity).

The legal basis for sending and personally addressing you in the Munich Re email information is your consent (Art. 6(1a) GDPR). We process the information on the granting of your consent on the basis of our legal obligation to be able to demonstrate it (Art. 6(1c) GDPR).

The data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case if you unsubscribe from the Munich Re email information distribution list. In addition, you can opt to change the data you have provided to us at any time. You can unsubscribe and change your data at any time using a link provided in every Munich Re email information. 

We may process your personal data to provide you with whitepapers, downloads, brochures or other PDFs that you have requested, for example, via a form or a download button. In such cases, we only process personal data about you if you have provided it to us as part of the order process (e.g. when filling out the corresponding order form).

Our services, in particular the provision of white papers, downloads, brochures, PDFs or seminars may be financed by advertising if we point this out to you in the specific individual case when the order is placed (“Commercialised Service”). This means that we will only provide you with the Commercialised Service if you revocably consent to receiving promotional communications by email, telephone and/or other communication channels (where indicated in each case). In this case, we will process your personal data beyond the provision of the Commercialised Service to send you further information material such as the Munich Re email information. The legal basis in this case is taking steps prior to entering into a contract or contract performance (Art. 6(1b) GDPR).

Your personal data will be erased as soon as it is no longer required to fulfil the purpose for which it was collected. This is the case if your personal data is no longer required for the initiation and/or performance of the contract. Even after a contract has been concluded, it may be necessary to store personal data concerning the contractual partner in order to fulfil contractual or statutory obligations.