Data Protection Information
Website Privacy Notice
This privacy notice applies to Munich Re’s internet presence. This website contains links to third-party websites (external links). These websites are the responsibility of the respective operators. Should you notice that our website contains a link to a site whose content violates applicable law, please let us know at firstname.lastname@example.org.
We will then review it and, if necessary, remove such link from our website without delay. Munich Re assumes no responsibility as to the topicality, correctness, completeness or quality of the information provided.
We hereby inform you about the processing of your personal data when using the Munich Re websites and your statutory data protection rights.
2.1. Who will be responsible for processing your data, and how can you reach the Data Protection Officer?
Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in Munich
80802 München, Germany
(”Munich Re” or “us”)
You may contact our Data Protection Officer at “Data Protection Officer” at the aforementioned address, or via the e-mail address email@example.com.
2.2 What categories of data will we use, and for what purposes do we process personal data?
In principle, you are free to visit our website without providing any personal data – except the data that your browser transmits automatically when requesting the website. Only if you have agreed to the evaluation of your usage behavior for statistical purposes, data (date, time, pages viewed, navigation, software used) will be collected by us via an external service provider when you visit our website. Then your complete IP address will be transmitted to the service provider, where it will be shortened before being saved, so with effect for the future it will no longer be possible to draw conclusions about you.
If you disclose your personal data to us in specific circumstances (for example, by filling out a contact form), we handle such data confidentially, in accordance with the data protection law applicable to the respective Munich Re office. If you send us an e-mail, or if you complete and submit an on-line form on our website, we will use any personal data you provide (such as your name or e-mail address) only to correspond with you, to send you the information you requested, or for the other purpose(s) stipulated on the particular form.
For legal or technical reasons, personal data may also be collected and communicated to us in an encrypted form from areas on our website that are accessible only to users with special authorisation (for example, the shareholder portal or job application portal). The scope of data collected depends on the specific website area.
For other applications or processes in context of which we collect your personal data, we will provide an individualised privacy notices to inform you about the processing of your data.
2.3 What is the legal basis for our processing of your personal data?
We process your data on the basis of the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telecommunication Telemedia Data Protection Act (TTDSG) and all other laws applicable to the processing of personal data. The applicable legal basis for the processing depend on the context and the purpose for which we collect your data.
As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary, in the context of a user/contractual relationship, to fulfill a contract or during the pre-contractual process (including the preparation or performance of events or webinars for which you have registered), or at your request. Where an application or process requires restricted-access (for example the job applicant portal), the user or data subject’s consent may constitute the legal grounds. You may revoke such consent at any time. Any processing done before the revocation would remain valid, however.
2.4 Who receives your data?
At Munich Re, only those staff and departments who are responsible for the respective process will receive your data. The data may also be disclosed to service providers for the purposes set out above. Using service providers is necessary, for example, for the administration and maintenance of our IT systems. We also use external service providers for support when managing job applicants, for example. If we process any of your personal data for certain purposes, you will receive a notice about how exactly your data is being used.
Service providers that we use to send you the requested information (such as brochures by mail, issuing newsletters) will receive your required personal data (e.g. postal services receive your name and address).
A list of all service providers that we use for data processing can be found in section “Further information” at the bottom of this page, and also is available for downloading.
2.5. Will we send your data to third countries?
If personal data needs to be transferred to service providers or Group companies outside the European Economic Area (EEA), this will be done only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if you have agreed to it separately, or if data protection is otherwise sufficiently guaranteed (for example through standard EU contractual clauses). You may also request the information from the aforementioned contact person.
2.6 What measures do we have in place to protect your data?
We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorised third-party access during transfer. You can recognize an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.
For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected e-mail, it is possible that unauthorised parties may gain knowledge of or modify your data during transmission via the internet.
2.7 What data protection rights can you claim as a data subject?
At the address indicated above, you may request information about the personal data we have stored under your name. In addition, under certain conditions you may request that your data be deleted or corrected. Furthermore, you may also have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format. If you have given your consent, you have the right to revoke it at any time with effect for the future; if you were not informed of any other way in the consent, you can also send the revocation to the above mentioned address.
If we process your data on the basis of our legitimate interests, you may object to this processing on grounds relating to your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
2.8 Who can you contact if you have a complaint?
If you have a complaint, you may contact the aforementioned Data Protection Officer, or the state data protection authority. The authority responsible for us is:
Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht)
91522 Ansbach, Germany
2.9 How long will your data be stored?
We will delete your personal data as soon as it is no longer required for the purposes set out in this privacy notice and no legal documentation or retention requirements apply, for example in the German Commercial Code (HGB), fiscal laws or the General Tax Code (AO). Furthermore, we only retain personal data in individual cases if this is necessary in connection with the defense, assertion or exercise of legal claims. Further details can be found, where applicable, in the description of the respective data processing operations.
2.10 Are you required to provide us with your data?
You are not required to provide personal data when accessing Munich Re’s website. However, there are services for which we require personal data from you – for example, to send you information or a newsletter such as the “Munich Re Email Information” you have requested, details about a contract, or to take your application into account for a job application. Without this data, Munich Re cannot carry out the services you request. We collect only the data that is required in a particular case. Where we do process your personal data, we will inform you separately about the purposes, recipients, legal basis and any other rights you may have if not already covered by this Data Protection Information.
When you visit our website, and wish to make use of the functions we offer, we use one group of cookies that are required for technical reasons. These cookies are so-called "session cookies". They are automatically deleted at the end of your visit.
Furthermore we use a consent management platform (i.e. an approval management service), with which we document and implement your decisions regarding the data processing on our website. The Consent Management Platform used at Munich Re Website was developed and is managed by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. In order to do that, small files (analog cookies) are stored locally in the cache of your browser. This happens regardless of whether you agree or reject certain cookies. They continue to exist and can be read out even after the browser window has been closed or the program has been closed - provided that you don't delete the cache.
The legal basis for the processing of technical necessary cookies and the use of the Consent Management Platform is art. 6 para. 1f GDPR and section 25 para. 2 no. 2 TTDSG. We have a legitimate interest in making the website available on the internet. At the same time, this does not conflict with any interests of the user, as the user has an interest when visiting our website that the website delivers the desired information to him or her without technical hindrances.
If you agreed to this, we also employ other cookies to carry out statistical evaluations of the range of our websites. We perform anonymised statistical evaluations of these websites. We do not establish any personal link to you. We commission a service provider (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland) to carry out the statistical evaluations, and these are performed exclusively for us and on our behalf. For this reason, when you visit our websites, cookies from this service provider are also stored on your device. These cookies enable us to recognize your browser on your next visit and remain on your terminal device until you delete them.
The data for carrying out statistical evaluations of our website is stored and processed in Europe (Ireland, France), but for supporting reasons there might be access to the data by Adobe employees outside EU. (Switzerland, Canada, United Kingdom, India or USA). While Switzerland, Canada, and the United Kingdom have a level of data protection appropriate to that of the EU, the level of data protection in India and USA does not correspond to the EU data protection level. In these countries, there is a risk that your data may be processed by authorities, possibly without the possibility of legal recourse.
The legal basis for performing statistical analyses is your consent (art. 6 para. 1a GDPR and section 25 para. 1 TTDSG).
The data transferred to LinkedIn is stored and processed in the USA. The level of data protection in the USA does not correspond to the EU level of data protection. Therefore, there is a risk that your data may be processed by authorities, possibly without the possibility of legal recourse.
The legal basis for setting the retargeting cookie is your consent (art. 6 para. 1a GDPR and section 25 para. 1 TTDSG).
You can view details about each cookie in the “Cookie Settings”. There you can also manage, change or revoke your cookie preferences at any time. You can find the "Cookie Settings" as a link at the bottom of each of our pages.
On our website we use following cookies:
Technically necessary cookies:
- JSESSIONID, www.munichre.com, the session ID for internal use on the server, specifically used for load distribution, is removed at the end of your browser session.
- AMCV_###AdobeOrg, contains the unique Adobe Experience Cloud user ID for visitor identification using Adobe Analytics, duration 24 months.
Cookies for statistical evaluations:
- s_ecid, contains a copy of the Adobe Experience Cloud ID for visitor identification using Adobe Analytics, duration 24 months.
- s_cc, Session-Cookie, detects whether cookies are permitted, and is removed at the end of the browser session.
- s_sq, Session-Cookie, registers the last link clicked, and is removed at the end of the browser session.
- s_vi, contains a unique visitor ID for visitor identification using Adobe Analytics, duration 24 months.
- s_fid, contains a copy of the unique visitor ID for visitor identification using Adobe Analytics, duration 24 months.
Cookies for marketing purposes:
You can manage, change or revoke your cookie preferences at any time in the "Cookie Settings" You can find the "Cookie Settings" as a link on each of our pages.
3.2 Server log files
The information that your browser automatically sends us is collected automatically and saved in server log files. They contain:
- Browser type and version
- Operating system used
- IP address
- Referrer URL (the URL that the user comes from)
- Host name (network name) of the accessing computer
- Time of server request
This data cannot be traced to individual people. We do not merge this data with other data sources. We reserve the right to review the information subsequently, and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our internet presence is being used illegally (for example, a hacking attack on our network).
The processing is based on the legal grounds of our legitimate interests (art. 6 para. 1f GDPR), as we want to provide the user with a secure and functioning website, which is also in the interest of the users.
3.3 Use of tracking pixels
During your online session, we use the pixel technology of WiredMinds GmbH (Lindenspürstraße 32, 70176 Stuttgart, Germany) for non-personal analysis of use of our website. For this purpose, we process your IP address, which your browser automatically transmits to us when you visit our website. The processing is limited to the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored. The data collected by WiredMinds does not allow any conclusions to be drawn about or links back to natural persons at any time. WiredMinds uses this information to create company-related usage profiles relating to use of our website, to improve our website and our marketing in general. The data obtained in this way is not used to personally identify visitors of our website.
The processing is based on the legal grounds of our legitimate interests (art. 6 para. 1f GDPR), as we want to know which companies are interested in our offers. Since only IP addresses of companies are evaluated and the IP addresses of other users are deleted immediately after the whitelist comparison, there are no conflicting interests of users.
Social media functions and social plug-ins are embedded in our website in the form of small icons. We currently embed the following social networks on our websites as icons: Twitter, LinkedIn, Facebook and XING.
By default, Munich Re exclusively embeds deactivated icons, which do not contact the servers of these external networks when Munich Re’s website is accessed. The buttons become active and create a connection only if you deliberately click an icon, thus indicating your consent to communicating with such providers. By entering your personal login data to these networks, you create a connection to your identity.
You thus leave Munich Re’s internet presence and our sphere of influence. Munich Re does not record which external network you activate. The next time you visit Munich Re’s website, the social media plug-ins return to their inactive modus, ensuring that no data is automatically communicated to social media upon such return visit.
When you interact with the social plug-ins – for example, by entering a comment – a corresponding notification is sent to the social network and saved in accordance with the respective network’s policy. Please consult the respect social network’s data protection statement with regard to the scope and purpose of the data collected, its use and processing, as well as your respective rights and options in protecting your privacy.
The e-mail address you provide will be used by Munich Re to reply to you with the information you request. Any sensitive confidential information will be encrypted or, if this is not possible, sent to you by regular mail. If the contents of the e-mail refer to a contractual relationship, Munich Re will save the e-mail. The e-mail address will be saved exclusively for corresponding with you, and not disclosed to third parties. You will never receive an unsolicited e-mail from us. As a result, should you nevertheless receive any unsolicited e-mail that purports to be from us, it is fraudulent and should be deleted. Before you send Munich Re an unencrypted e-mail, please remember that its contents are not protected against unauthorised access or manipulation. For this reason, we recommend using our contact form to send any messages to Munich Re.
We also process your data in accordance with art. 6 para. 1f GDPR to ensure the IT security of IT operations (e.g. logging and monitoring to prevent unauthorized access, unauthorized disclosure of confidential information or for troubleshooting). Insofar as this is compatible with the original purpose of the processing, we or individual service providers may anonymize logged usage data in order to subsequently use the anonymous data for purposes of improving the respective IT products, their security and the like.
Below, we explain how we specifically process your data in context of individual processing operations:
6.1 Munich Re E-mail Information
If requested by you, we will process your personal data in order to send you Munich Re e-mail information and other marketing information, invitations to seminars or events or surveys, and other relevant and interesting news from Munich Re ("Munich Re E-mail Information").
In such case, we process the following data about you:
- Your e-mail address to send you the Munich Re E-mail Information and a confirmation e-mail to verify the e-mail address you have provided (so-called double opt-in procedure),
- your name and title to address you personally in the Munich Re E-mail Information, and
- further information relating to the consent you have given as proof of consent (e.g. metadata such as the time of registration for the Munich Re E-mail Information).
The legal basis for sending and personally addressing you in the Munich Re E-mail Information is your consent (art. 6 para. 1a GDPR). We process the information on the granting of your consent on the basis of our legal obligation to be able to demonstrate it (art. 6 para. 1c GDPR).
We may personalize the Munich Re E-mail Information for you on the basis of the data mentioned below:
- Your interests as communicated to us, which you indicated when subscribing to the Munich Re E-mail Information (e.g. "Internet of Things", "Cyber", "Life Insurance"), to send you more targeted information,
- your e-mail address, IP address, cookie ID, visitor ID, referrer URL, your usage behavior in connection with the Munich Re E-mail Information (such as name of the Munich Re E-mail Information, opening of the Munich Re E-mail Information, clicks on links or articles in the Munich Re E-mail Information) and your further surfing behavior on our website after clicking on links in the Munich Re E-mail Information and technical data on that (product information such as colors, prices, styles and photos, purchase activity, information, you provide in forms on our website, success rates of advertising campaigns, date and time of visit, whether you downloaded a file, an image or something else, information you provide outside the services, device information, connection speed, ads clicked on, whether you clicked on a link, image or text on our website, items added to shopping cart, name of website, click path, browser information, search query when you click on the link to our website). We process this data to measure reach and success as well as to improve and personalize our Munich Re E-mail Information so you can access information that is relevant to you even more easily and quickly. Technologically, we implement that by means of UTM parameters and tracking cookies from our service provider Adobe Systems Software Ireland Limited (as described in more detail in the “Cookie Settings” for the "Adobe Analytics" service) that are assigned to your e-mail address.
The legal basis for this is your consent (art. 6 para. 1a GDPR or, for cookie-based data processing, section 25 para. 1 TTDSG).
In addition, we may personalize Munich Re E-mail Information for you on the basis of corporate or professional information you enter into our forms (e.g. about your company or your industry) or participation in our events, if we have separately informed you of this in context of the specific processing operation. For such processing, we rely on the legal ground of our legitimate interests (art. 6 para. 1f GDPR) in providing you with e-mail information that meets your needs and interests as far as possible. This is not opposed by any overriding interests on your part, as the data used is purely company and job-related data.
No automated decision-making takes place.
You will find an “unsubscribe” link at the bottom of each Munich Re E-mail Information. You can use this to unsubscribe from the Munich Re E-mail Information and revoke your consent to the data processing described above or to object to the data processing.
6.2 Provision of whitepapers, downloads, brochures or PDFs that you have requested
We may process your personal data to provide you with whitepapers, downloads, brochures or other PDFs that you have requested, for example, via a form or a download button. In such case, we only process personal data about you if you have provided it to us as part of the order process (e.g., when filling out the corresponding order form). The legal basis is our legitimate interest in providing you with the requested materials (art. 6 para. 1f GDPR).
Our services, in particular the provision of whitepapers, downloads, brochures, PDFs or seminars may be financed by advertising if we point this out to you in the specific individual case when ordering the service ("Commercialized Service"). This means that we will only provide you with the Commercialized Service if you revocably consent to receiving promotional communications by e-mail, telephone and/or other communication channels (in each case where indicated). In this case, we will process your personal data beyond the provision of the Commercialized Service to send you further information material such as the Munich Re E-mail Information. You will find an “unsubscribe” link at the bottom of each Munich Re E-mail Information. You can use this to unsubscribe from the Munich Re E-mail Information. In such case, you may keep and continue to use any Commercialized Services you have already received. The legal basis in this case is contract performance (art. 6 para. 1b GDPR).
We also process your entries in about your business or professional activity in our forms (e.g. about your company or industry) to personalize our Munich Re E-mail Information, if you have subscribed to it, for you. The legal basis is our legitimate interest (art. 6 para. 1f GDPR) in providing you with such Munich Re E-mail Information that meets your needs and interests best. This does not conflict by any overriding interests from your end, as the data used is company and job-related data only.
Automated decision-making does not take place
6.3 Other processing operations
If Munich Re otherwise collects personal data when using its website (application process, participation in surveys, participation in events, etc.), we will inform you of this separately. Information on the processing of personal data, also outside our website, can be found below on this page in the section "Data Protection Information structured by Munich Re Group Entities and Topics".
We sometimes use external service providers to operate our websites. You can find the categories of service providers in the download area "Further information".
The continued improvement of our website and the use of new technology make it necessary to amend our privacy notice from time to time. When visiting our website, please read the then current version of our data protection notice (most recent version: September 2023).
Data Protection Information structured by Munich Re Group Entities and Topics
Munich Re Group and its subsidiaries and affiliates is protecting the privacy of the individuals we encounter in conducting our business. Our aim is responsible and transparent handling of personal information, balancing the interests in business areas like reinsurance, job application, business relationship, insurance or any other business topic.
The following documents provide you with an overview of the ways we process your personal data:
Binding Corporate Rules (BCR)
BCR are the basis for a smooth inter-group transfer of personal data within a group of companies.
In essence, the BCR contain a set of data protection requirements which shall guarantee minimum data protection standards according to the GDPR outside the European Economic Area (EEA). This mechanism enables a global group of companies to transfer and process European personal data around the globe.
Munich Re’s BCR have been approved by the European data protection supervisory authorities and the competent data protection authority of Bavaria.
The BCR inform you about the rules for international transfers of personal data between the companies of the Munich Re Group operating in the EEA and the companies of the Munich Re Group operating outside the EEA.
The BCRs also describe the rights of data subjects in the event of such a transfer, what they can do if they wish to exercise their rights or lodge a complaint, and how they can contact us.