Munich Re logo
Not if, but how

Explore Munich Re Group

Get to know our Group companies, branches and subsidiaries worldwide.

Information on data protection for applicants

    alt txt



    We would like to explain how your personal data will be processed by Munich Reinsurance Company and inform you of your rights under data protection legislation.

    Who is responsible for processing your data?

    Münchener Rückversicherungs-Gesellschaft
    Aktiengesellschaft in München
    Königinstrasse 107
    80802 Munich, Germany

    Phone: +49 (89) 38 91-0
    Fax: +49 (89) 39 90 56

    Our Data Protection Officer can be reached at the above address – by adding the words “Data Protection Officer” – or at the following email address

    Which data categories do we use and where do they originate from?

    The categories of personal data that we process include, in particular, your master data (e.g. name or nationality), contact details (e.g. address, phone number or email address) and also data relating to the entire application process (in particular, covering letter, CV, certificates, questionnaires/interviews, details of your qualifications and work experience). Special categories of personal data (such as data concerning health, religious affiliation, degree of disability) are not needed to process your application. We use this data only if you have voluntarily provided it in the course of the application process and its use is justified by your consent or a statutory permission. When you come to an interview, we also record your data as part of video surveillance in certain buildings, e.g. entrance to the Main Building, access control vestibules or approach/access to the underground car park.

    As a rule, your personal data will be collected from you direct within the scope of the recruitment process. In addition, we may also have received data from third parties (e.g. recruitment agencies), to which you have provided your data for disclosure.

    For what purposes and on what legal basis is your data processed?

    We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. Works Constitution Act (BetrVG), General Equal Treatment Act (AGG)).

    Data processing is used primarily for implementing and handling the application process and assessing your suitability for the relevant position. Processing your application data is necessary in order to be able to take a decision on the conclusion of an employment relationship. The primary legal basis for this is Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the Federal Data Protection Act (BDSG). In some areas, we may rely on your separate consent pursuant to Art. 6(1)(a) and 7 GDPR and Section 26(2) BDSG (e.g. regarding the use of your application documents for other Munich Re Group vacancies too). Where you give such consent, you have the right to revoke it at any time with effect for the future.

    Munich Re Group is a global enterprise that also operates using matrix structures. In matrix structures, besides a legal/disciplinary supervisor (“legal view“) there is also a professional supervisor (“management view”), who may be at another Group company in a different country. If in such a case, a position is advertised for the Munich location, for example, the future disciplinary supervisor in Munich will receive your application documents. But the professional supervisor, who may be at a location in the USA, for example, will also get access to your data, as he (or she) supervises future staff professionally.

    We base this disclosure of your data on the Group’s legitimate interests (Art. 6(1)(f) GDPR).

    Any other processing of special categories of personal data is based on the permitting circumstances in Section 22(1)(1b) BDSG and Section 26(3) and (4) BDSG, insofar as we have not obtained your consent for this separately (Art. 9(2)(a) GDPR, Section 26(2) BDSG).

    We may also process your data to fulfil our legal duties as a potential employer, e.g. based on supervisory provisions, or to compare your data against sanctions lists to comply with counter-terrorism rules (e.g. Council Regulation 2580/2001). This is done in each case on the basis of Art. 6(1)(c) GDPR and Section 26 BDSG.

    We also use your data for statistical purposes (e.g. studies on applicant behaviour). These statistics are compiled exclusively for our own purposes and the analysis results are in no case personalised, but are anonymised.

    Should we wish to process your personal data for any other purpose than those mentioned, we will inform you of this in advance in accordance with the legal requirements.

    Who receives your data?

    Your application data is treated confidentially at all times. Within our Company, the only persons and bodies (e.g. functional unit, Staff Council, Representative Body for Disabled Persons) that will have access to your personal data will be those that need it for the recruitment decision and to fulfil our (pre‑)contractual and legal requirements.

    Where we are unable to offer you any vacant job position, but your profile gives us reason to believe that your application could possibly be of interest for future job openings within our group of companies, we will pass your application details on to other Group companies, provided you have given us your explicit consent to do so.

    Where the vacant job position is in a matrix organisation, your details may also be passed to supervisors in other companies of our global Group. The job posting will always indicate whether a vacancy is in a matrix structure.

    Our online applications platform is operated by an external service provider, Lumesse GmbH in Düsseldorf, which in turn uses other IT service providers.

    We may also provide your personal data to other recipients outside the Company, where this is necessary for concluding the contract of employment (e.g. Chamber of Industry and Commerce and German Insurance Association for Vocational Training).

    How do we transfer data to countries outside Europe (third countries)?

    Should we pass on personal data to service providers or Group companies outside the European Economic Area (EEA), we will do so only if the EU Commission has confirmed that the respective third country’s level of data protection is sufficient, or if other appropriate data-protection guarantees (e.g. binding, internal data protection regulations or agreement on the standard contract clauses of the EU Commission) are in place. You can request detailed information on this, as well as on the level of data protection of our service providers in third countries, at the points of contact mentioned above.

    How long will your data be stored?

    We will delete your personal data six months after completion of the application process. This does not apply if statutory provisions preclude deletion or if further storage is necessary for evidential purposes or you have consented to a longer period of retention.

    What privacy rights can you claim as a data subject?

    You may request information on the stored data about you from the address indicated above. In addition, under certain conditions you may request that your data be deleted or corrected. Furthermore, you may also have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format.

    Right to object:
    If we process your data for the purpose of safeguarding legitimate (Group) interests, you may object to this processing to the above address if your particular situation gives grounds for opposing such data processing.

    We will then stop that processing, unless it serves our overriding, compelling legitimate interests or the establishment, exercise or defence of legal claims.

    Would you like to complain about how your data is handled?

    You may contact our Data Protection Officer (see above for contact details) or a data protection supervisory authority. The data protection supervisory authority responsible for Munich Re is: Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht), Promenade 27, 91522 Ansbach, Germany:

    Are you obliged to provide your data?

    Within the scope of your application, you are obliged to provide the personal data required for performing the application process and the assessment of suitability. Without this data, we will not be able to conduct the application process and will not be able to make a decision on the conclusion of an employment relationship.

    This information last updated: February 2021
    We will notify you as required of pertinent changes to the information in this document.