Data protection

In the following you will find information about the use of your personal data. The first section explains the use of your personal data when visiting our website. In the second section of this data protection information you will learn more about data protection concerning insurance contracts.

Controller of your personal data in connection with the use of our website is HDI Global SE.

Should you have questions or suggestions concerning data protection beyond this information, or should you desire to assert your rights for information and correction, our contacts for data protection will gladly assist you. Furthermore, you are, under certain conditions, entitled to restrict processing, enforce deletion of your data, or demand disclosure and furnishing of all of your provided personal data in a structured, established and machine readable format. Our data protection team can be contacted at:

Talanx AG
Group Data Protection
Riethorst 2
30659 Hannover
E-Mail: privacy@talanx.com

The supervisory authority responsible for us is the supervisory authority Niedersachsen (Landesbeauftragte für den Datenschutz Niedersachsen). Please contact this authority should you have questions or complaints.

1. Log files

Upon each visit of our website, your browser automatically sends information to the servers of our website, which is temporarily stored in a so-called log file. The following data is recorded without any action on your part and stored until automatic deletion:

• IP address of the computer issuing the request,
• date and time of access,
• name and URL of the file(s) accessed/retrieved,
• website which directed you to our Internet presence (referrer page),
• operating system and browser employed,
• name of your internet access provider.

Collecting and processing of this data takes place to make the use of our website possible (for establishing the connection), to ensure continuous system security and stability, to allow for technical administration of our network infrastructure and optimization of our website, as well as for internal statistics use. The IP address is only used in the event of attacks on the network infrastructure as well as for statistical purposes without us drawing any conclusions with regard to your identity. It takes place under consideration and within the scope of the weighing of interests according to article 6 para 1 (f) of the General Data Protection Regulation (GDPR). To the extent that further storage of log files is required for purposes of proof, these are excluded from deletion until the respective incident has been finally clarified.

The data collected will be deleted after four weeks at the latest.

2. Cookies and web analysis

We are continuously working on improving and optimizing our online services and offering you a pleasant visit of our website. Logging your access to our website into log files, as well as employing cookies and web analysis, are important for this. The legal basis for data processing using cookies – also for purposes of web analysis – is our legitimate interest in the analysis, the optimization and the commercially viable operation of our website pursuant to article 6 para 1 (f) GDPR.

2.1 Cookie information and cookie management

Cookies are automatically stored onto your computer when you visit our website. Cookies are text files which contain a pseudonymized alias and thus do not permit any form of attribution to a specific person. Only we are able to read these cookies.

The cookies that we employ may be categorized as follows: generally required cookies, function-related cookies, and service-related cookies.

Generally required cookies are used to make our website user-friendly. Certain actions you perform are stored for the duration of the respective visit to our website with the purpose of optimizing your user experience. For example, your entries to the calculator are stored so you do not have to re-enter them. These cookies are deleted when you close/exit the browser.

Function-related cookies enable us to adjust our website to the personal preferences of our users. As an example, we store the settings the user makes (e.g., country or language).

Service-related cookies help us to measure usage of our website. With these cookies, we can determine which areas of our website are visited most frequently. This information helps us to identify potentials to further improve our website.

As a user of our website, you are asked to select your own privacy settings to determine if you accept or reject cookies, or wish to be notified about receiving a new cookie. In addition, you can delete previously stored cookies. If you delete your cookies, this may result in opt-out cookies being deleted. The affected opt-outs must then be reactivated to become effective again. Deactivating cookies may lead to parts of our website not being fully functional or not being displayed correctly.

Additionally, you can adjust your settings in our Cookie Management Center.

2.2. Web analysis

We use cookies for our website that enable the analysis of your surfing behavior (service-related cookies). For this, we use the web analysis service “Piwik Pro”. This service only uses pseudonymized data with shortened IP addresses such as date and time of page view, duration of the visit, frequency of page view or pages referring you to our website. You can activate and deactivate these cookies as outlined in section 2.1.

3. Communication with us

On our website, you may find various options to contact us. The communication between your browser and our servers is encrypted via SSL. You can see this in your browser by the "https://" in the address of our website.

3.1 Newsletter

We utilise the services provided by Marketo EMEA Limited (Cairn House South County Business Park, Leopardstown Road, Dublin 18 Ireland) for the dispatch of Newsletters.

If you order our Newsletter, we save your email address, surname, first name and, if applicable, your form of address. We use this information exclusively to send the Newsletter.

This data processing is always conducted based on the legal basis of your consent in accordance with Art. 6 Section 1 lit. a) Datenschutzgrundverordnung (General Data Protection Regulations). You can cancel the Newsletter at any time using a link contained in each issue. We then delete your data from our email mailing list.

Inasmuch as you have explicitly agreed to the personalised tracking, we will also analyse your user conduct. For this assessment, the emails sent contain so-called web beacons, also known as tracking pixels. Using the data thus obtained, we create a user profile in order to provide our digital services to you in a manner tailored according to your interests. Here we record when you read our emails and which links you click on in them, and draw conclusions from this information regarding your personal interests. We link this data with actions conducted by you on our website. The information thus collected is stored at Marketo on their server within the EU/EEA.

Tracking is not possible if you have deactivated the display of images as a standard measure in your email program. If you have the images shown to you manually, the tracking mentioned above will take place.

Should you have received our Newsletter without registering for it, then we have sent it to you because your interest has been assumed based on existing connections to HDI Global or its subsidiaries. In this way, the mailing takes place on the legal basis of a balancing of interests in accordance with Art. 6 Section 1 lit. f) Datenschutzgrundverordnung (General Data Protection Regulations).

Whatever the case, we record whether newsletters are repeatedly not read within a certain deadline, in order to delete Newsletter addressees from the recipient list once more. We collect this data on the legal basis of a balancing of interests in accordance with Art. 6 Section 1 lit. f) Datenschutzgrundverordnung (General Data Protection Regulations), in order to clean the data.

During the registration process for the Newsletter, the IP address and the date and time of the registration and confirmation are collected in order to be able to prove that you have consented to receive the Newsletter and to prevent any misuse of the services or the email address used. This data processing takes place on the legal basis of a balancing of interests in accordance with Art. 6 Section 1 lit. f) Datenschutzgrundverordnung (General Data Protection Regulations).

3.2 Contact form

If you wish to send us a message, you may use our contact form. Data you have entered into the contact form such as name, e-mail address, insurance policy number, and message submitted, is stored and used only for the purpose of our individual communication with you. This communication is performed by the HDI Global SE branch office determined by your choice of country and/or language. After completion of the communication process, your personal data will be, as a general rule, deleted. Legal basis for this processing of personal data is - if consent of the user has been given - article 6 para 1 (a) GDPR.

3.3 Offer calculator / Online booking system

Data entered into one of our calculators or online booking systems is stored and used exclusively for the purposes of offer and policy preparation according to article 6 para 1 (b) and (f) GDPR. We are assisted with this by external service providers which are subject to existing data protection agreements in accordance with applicable legal requirements. Data protection information for specific services or products is made available - if necessary - when using the calculators or the online booking system.

3.4 Online services

Our website offers online services which require your registration, such as the “Insurance Certificate Online” for our transportation insurance, or the “bAVnet”, with which our customers can manage their contracts for company pension plans. The data processing required for such registration is performed on the legal basis of article 6 para 1 (b) and (f) GDPR, and is described in more detail during the registration process.

4. Content and third-party technology

For embedding HDI videos, we use content and technology of the online video service Vimeo. This service is operated by Vimeo, LLC, with headquarters at 555 West 18th Street, New York, NY 10011, United States of America.

When retrieving pages from our website containing a Vimeo plug-in, a connection to the servers of Vimeo is established, and the plug-in displayed. This transmits information on which of our pages you have visited to the Vimeo server by transferring your IP address. If you are logged on to Vimeo as a member, Vimeo assigns this information to your personal Vimeo user account. When using the plug-in, for example by clicking the start button of a video, this information is also attributed to your account. Additional information about usage may be collected, e.g. which, when and for how long you have viewed a video. You can prevent such attribution by logging off from your Vimeo account and deleting the respective Vimeo cookies before using our website.

Vimeo accesses the tracker of Google Analytics via the iframe inside which the video is being displayed. We have no access to this tracking by Vimeo. You can prevent transmission and use of your data, which is generated by the cookie and relates to your use of the website (including your IP address), to Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Please note that we have no influence on the mode and scope of collection, use or processing of your data by Vimeo. For information on this, please consult the data protection information of Vimeo at https://vimeo.com/privacy.

5. Notice of the right to object

If we process your personal data on the legal basis of our legitimate interests pursuant to article 6 para 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to article 21 GDPR, provided that there are grounds related to your particular situation, or you object to the processing of your personal data for direct marketing purposes. In the latter case, we will comply with your objection regardless of grounds relating to your particular situation. Please contact our data protection team (contact details above) if you wish to exercise your right of revocation or objection.

Your privacy is important to us! Therefore, you decide which of your data we may process. Regardless of your selection, we always adhere to the strict requirements of European data protection law (GDPR).

If you would like to conclude an insurance contract with us, if you’re already a customer of ours or you wish to pursue a claim against us, we will need your personal data in order to assess the risk to be insured, advise and support you or check whether we are obliged to pay and settle a claim.

You trust that we will handle your data responsibly. We are aware of this responsibility and we take data protection and data security very seriously. HDI Global SE has therefore voluntarily undertaken to exceed the scope of statutory data protection regulations and subscribe to the data protection Code of Conduct for the German insurance industry.

Data protection Code of Conduct

We provide detailed information in the data protection Code of Conduct of the German insurance industry on the types of data processing that can occur in connection with an insurance contract. This code of conduct has been verified by the data protection authorities, and it represents the first voluntary commitment on the subject of data protection in force throughout the industry. By joining, we are subscribing to a comprehensive data protection and data security concept. The demands go beyond what is required in law — e.g with regard to duties of information and documentation. Our customers can rely on the fact that the typical insurance processes described in the voluntary commitment comply with data protection laws.

You can find the text of the data protection Code of Conduct here.

Data protection notes

You will find information on the type of data processing typical to the insurance industry in our data protection notes. As the specific type of data processing can vary depending on the line of business, the product or your situation as a policyholder, insured person or claimant, we provide comprehensive information here. If you are interested in receiving detailed information, you may approach our data protection team using the contact details shown above.

You can find our data protection notes here.

Declaration of consent

The regulations contained in the Insurance Contract Act, the Federal Data Protection Act, the General Data Protection Regulation and other laws do not provide a sufficient legal basis for the use of your health data. If you are required to provide your health details to enable us to process your insurance application, assess a risk or settle a claim, we therefore require a declaration of consent and confidentiality release from you. The contents of the declarations used have been agreed with the data protection regulatory authorities. They offer transparency in the way your personal data are handled.

You may find the text of our declaration of consent here.

Overview of service providers

There are certain tasks in connection with insurance contracts which we do not perform ourselves but commission a service provider to perform on our behalf. Depending on the type of assignment commissioned, it may also be necessary to pass on your health data to a service provider. We have prepared a list of service providers showing the assignments for which the respective service providers are used.

You will find the current list of service providers as well as the companies in our Group which participate in joint data processing:

Overview of HDI Global SE.

Notes and information system

We use the HIS notes and information system, a system developed by the German insurance industry and designed to comply with data protection laws, to support risk reviews and avoid insurance fraud.

You will find the data protection notes of informa HIS GmbH here.