General

Protection of your private sphere when processing personal data is very important to us.

Safeguarding your right to determine how information is used yourself and data processing security are a core issue for the insurance industry in order to preserve the trust of the insured. All procedures must be in harmony with the provisions of the European Data Protection Directive, the German Federal Data Protection Act and all industry-specific rulings on data protection. Furthermore, the companies of the insurance industry signing up undertake to live up to the principles of transparency, the necessity of the data processed and data avoidance and frugality in a particular manner.

The insurance industry has long depended on using personal data of the insured on a major scale. They are collected, processed and used to process proposals, policies and claims handling in order to advise and support policyholders and to assess the risk to be insured, examine the duty to indemnify and to prevent insurance abuse in the interests of the insured community. Insurers today can only perform their tasks with the help of electronic data processing.

Specific purpose and transfer of personal data
Your personal data will only be used for the purpose for which you let us have them, i.e. the purpose for which you consented to have them used or transferred. The collection of personal data from and/or their transfer to public institutions and authorities will be effected only subject to binding national legislation. Our staff members are bound to secrecy and to compliance with our code of conduct.

Your rights

Right to information
You can request information on the data we store concerning you in writing, by telephone, by fax or by electronic mail. Based on your request, you will be given information on which personal data of which origin we store concerning you and for what purposes, as well as the recipients or categories of your data.

Rights to rectification, deletion and blocking
(1) You can demand rectification if personal data concerning you proves to be incorrect or incomplete.
(2) You can demand deletion of stored personal data concerning you if their collection or processing was unlawful from the outset, their processing or use proves to be unlawful because of circumstances that have arisen later or knowledge of the data is no longer necessary for us to fulfil the purpose of their processing or use.
(3) Your data will be blocked rather than deleted to the extent their deletion is in conflict with statutory, by-law or contractual retention requirements or where deletion is not possible for other reasons.

Internal data protection audits by our Data Protection Officers
Should you have any questions regarding the processing of your personal data, please do not hesitate to contact our Group Data Protection Officers, who will be glad to give information and to receive your suggestions or complaints.

Contact

Talanx AG
Group Data Protection
Riethorst 2
30659 Hannover
E-Mail: privacy@talanx.com

External data protection audits

Besides the internal data protection audits by our Data Protection Officers, the law provides for auditing bodies that help the people affected in enforcing their rights. Given the federal structure of the Federal Republic of Germany, data protection control is a matter for the individual federal states.

You can find further information on data protection in Germany and Europe, for example, with the Bundesbeauftragte für den Datenschutz (www.bfd.bund.de) or on the website of the Data Protection Officers (www.datenschutz.de). You can find information on consumer protection on the website of the Arbeitsgemeinschaft der Verbraucherverbände e.V.

Data Protection Code – code of conduct on handling personal data

HDI Gerling Industrie Versicherung AG signed up to the Code of Conduct on Handling of Personal Data of the German insurance industry on 1 June 2014.

As the first standard applicable across the industry, this code of conduct was agreed jointly by the Gesamtverband der deutschen Versicherungswirtschaft and the data protection regulatory authorities. The State Data Protection Officer has declared it compatible with applicable data protection law.

The Data Protection Code is a voluntary self-commitment that governs the use of the personal data of our insured, applicants and claimants. The goal is to create transparency for you concerning the processing of personal data by insurance companies. It defines specific standards concerning the provisions of applicable data protection law and takes account of your interests in data protection over and above the extent required by law.

By signing up to this code, we commit to adhering to the requirements of the code of conduct and to implementing measures still necessary on a timely basis.

You can find the text of the Data Protection Code here, which is provided in PDF format for downloading.

We will be glad to provide you with the text in paper format as well. You can request this under the contact data given above.

List of service providers

HDI Global SE outsources certain tasks, as for example can arise in a number of insurance categories in handling claims or incoming mail and which can involve the collection, processing or use of your data, to another group company or an external service provider.

For your information, you can find our current List of Service Providers here (pdf, 65KB).

Data security

Our company uses technical and organisational security measures to protect your data managed by us against coincidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures, such as data encryption, are continuously being improved in line with technological developments.

To the extent we save your data during your visit to our website, we will inform you of the purpose of collecting that data.
Please bear in mind that our data protection information does not apply to websites of other providers, which you may be able to reach via our internet product.

Links to websites of other providers

These webpages may contain links to websites of other providers. At the time of setting the link, we have assured ourselves that the sites linked directly were free of illegal content. We, however, have no influence whatsoever on the content of the linked sites and cannot check them continuously. We therefore assume no liability for any content of the linked sites that has been changed since the link was set.

Cookies

General information on the technology:
Cookies are data (information) that the webserver sends to the web browser of the internet user when visiting a website. Internet users can define themselves in their web browser settings whether, and for how long, cookies may be saved on their computer or not. Regardless of that, they can also delete cookies on their computers later via the function corresponding to the web browser.

Example: Adjusting cookie settings in Internet Explorer 8.0:

  • In the “Tools” menu, choose Internet Options.
  • Click on the “Data Protection” tab.
  • You can now set whether cookies should be accepted, selected or rejected.
  • Click on “OK” to confirm your setting.

 

Example: Adjusting cookie settings in Firefox 3:

  • In the “Tools” menu, choose Settings.
  • Click on the “Data Protection” tab.
  • In the dropdown menu, choose the entry “Set up based on user-defined settings”.
  • You can now set whether cookies should be accepted, how long you want to keep those cookies and add exceptions to specify which websites you always, or never, want to allow to use cookies.
  • Click on “OK” to confirm your setting.

Usage:
Using cookies makes sense for three reasons:


1. Dialogue support
During an online session there is no permanent connection between your computer and the webserver. A connection is only built up when, for example, you call up a new page. In the case of extensive dialogues via multiple pages, such as a claim report, your information can possibly be lost when calling up the next page. So the system (“server”) does not know which of your data had already been entered in the previous form. Your information is stored in the interim by a cookie on your computer and then added again before sending the last dialogue page.

If you have logged on personally, e.g. in your customer account, order transactions that you perform during that connection are also logged. This process is necessary in order to ensure that none of your queries are lost in the event of a system failure.


2. Personalisation
By saving a cookie, only a certain web browser, and not you personally, can be identified on repeated access to a website.
As a rule, we use so-called “Session Cookies”. These are automatically removed after ending the web browser session (so at the latest when you close the browser). So they are never saved on your computer.

3. Controlling partnerships
For billing reasons, a cookie must always be set when you reach our web products from one of our cooperation partners. These cookies are saved on your hard disk for a month and deleted automatically after that period.
They serve to recognise the user in the event of a new visit later and are the basis for the agreed settlement with partners. In this case, we cannot grant you an option for contractual reasons.

Web Analysis

General information on the technology:
Web analysis, also called web tracking, is a technical process intended to investigate use of websites in order to obtain information so that functional workflows on a website can be optimised.

Usage:
To optimise and structure our internet presence to suit the needs, we analyse visitor patterns on our site. For that analysis we use the tracking tool “netmind”.
With netmind, no IP addresses are collected, processed, used and saved for the analysis. For the visitor, therefore, the analysis is completely anonymous – with no personal identification and without linking of personal data from external systems (customer databases, CRM or the like).
Cookies are used for the analysis.

You can object to the analysis of your website visit at any time by clicking on the Link <>. To block the tracking, a cookie has to be installed on your computer.
Cookies are small text files in which information can be saved. This information can be read by very different forms of software. Please make the appropriate browser settings to enable a cookie to be placed in the event of you objecting.

No data is transmitted to third parties.

Data encryption

General information on the technology:
Encryption is a process that makes data unreadable for unauthorised persons, but readable for authorised persons. Algorithms that can carry out encryption are, for example, SSL, RSA, DES and DES3. If the same key is used for encryption and decryption, one speaks of a symmetrical encryption method. If different keys are used for encryption and decryption, one speaks of an asymmetrical encryption method. The longer the key, therefore, the longer it takes to crack it.

Usage:
Your data are protected by a combination of asymmetrical and symmetrical encryption methods. First, the web browser sends a self-generated session key with the public 1024-bit RSA key of the webserver (asymmetrical method) to the webserver itself. The decryption takes place there using the secret RSA key, so the webserver and the web browser can from now on communicate encrypted with the session key. A new session key will be generated every time you log on again.

Web browser settings:
In the customary web browser versions, you will be warned that you are entering an encrypted area. You can, though, switch those messages off, which means that you accept all encrypted connections. The HTTPS or SSL protocol serves to encrypt and authenticate the network connection between the webserver and browser and guarantees that data cannot be read or manipulated during the transmission.

Phishing

Information on your internet security:
An increasing number of so-called phishing mails have been circulated lately (with "phishing" being a combination of the words "password" and "fishing"). Scammers send out these mails to lure users of the internet to faked internet websites which ask them to enter passwords or other data that allow access to online applications. The goal is to exploit the data of the persons so lured.

The best way to protect yourself:
The first and foremost maxim is: We will never ask you by e-mail, telephone or any other unsecured mode of transmission to supply information about your personal access data (e.g. password). You should therefore strictly ignore any e-mails containing such requests and not disclose your access data - whether by telephone or e-mail.

Please inform us when you receive an e-mail of this nature that carries our name as that of the purported sender. In case you did disclose your access data by error, kindly contact our Group Data Protection department by e-mail.

For your own security, you should also apply customary precautions to ensure your security as a user of online applications. Such measures include updating your virus protection and security features of the internet browser at regular intervals as well as installing a personal firewall.