The purpose of the following is to inform you as Customer or Stakeholder about the processing of your Personal Data by HanseMerkur and your rights under the Data Protection Laws and Regulations:
Data Protection Officer: Mr Thomas Prigge
Phone: +49 40 4119 19 19
Fax: +49 40 4119 30 40
Purpose and Legal Basis of Data Processing
We process your Personal Data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), provisions of the Insurance Contract Act (VVG) and other laws with relevance to Data Protection. In addition, our company is committed to observing the “Code of Conduct for the Handling of Personal Data by the German Insurance Industry”, which adapts the above provisions to the specific needs of the insurance industry.
If you submit an application for insurance cover, we will need the information you provide to conclude the contract and to assess the risk associated with providing insurance services to you. Where the insurance contract is concluded, we process this data for the purpose of implementing this contract, e.g. for the purpose of issuing an insurance policy or invoicing. We need information about the claim, for example, to check whether an insured event occurred and to assess the claim.
Without processing your personal data, it would be impossible for us to enter into or implement insurance contracts.
In addition, we may process your personal data to comply with regulatory requirements, to compile insurance statistics or to develop new insurance products and pricing. We use the data from all existing contracts with HanseMerkur to analyse the customer relationship as a whole, to provide for example advice on contract adjustments, to make goodwill decisions, or to share comprehensive information.
The legal basis for this type of processing of personal data for pre-contractual and contractual purposes is Article 6 (1) (b) GDPR. Insofar as special categories of personal data are required for this purpose (e.g. your health data when concluding a health insurance contract), we will obtain your consent in accordance with Article 9 (2) (a) in conjunction with Article 7 GDPR.
Where we use these data categories to compile statistics, this is done in accordance with Art. 9 (2) (j) GDPR in conjunction with Article 27 BDSG.
We also process your data in order to protect our legitimate interests and those of third parties (Article 6 (1) (f) GDPR). This may be necessary, in particular:
To ensure IT security and to protect IT operations, to promote our own insurance products and other products of the companies belonging to the HanseMerkur Group and their cooperation partners as well as to conduct market surveys and opinion polls, to prevent and investigate criminal offences, and in particular to identify clues that point towards insurance fraud.
In addition, we process your personal data to comply with laws and regulations, e.g. regulatory requirements, statutory retention requirements under commercial or tax laws or our obligation to provide advice. The respective statutory provisions in conjunction with Article 6 (1) (c) GDPR constitute the legal basis for processing in this case.
If we intend to use your personal data for any purpose other than those listed above, we are required under the statutory provisions to notify you in advance.
Categories of recipients of personal data
We also insure risks assumed by us with specialised insurance companies (reinsurers). To do this, we may have to share your contract or claims data with the reinsurer, to allow them to form their own opinion about the risk or the insured event. It is also possible that the reinsurer will support our company based on its expertise in assessing the risk and the eligibility for benefits and in the evaluation of procedures. We will transmit your data to the reinsurer only if this is necessary to implement the insurance contract with you or lies within the scope required to safeguard our legitimate interests.
If you use an insurance intermediary to arrange insurance cover for you, the insurance intermediary will process the application, contract and claims data required to conclude and implement the contract. We will provide the insurance intermediary with your personal data to the extent that the intermediary needs this information to provide you with assistance and advice in insurance or financial services-related matters.
Data processing within the group
Some data processing tasks are performed centrally by specialised companies or departments within our group of companies economically or organisationally affiliated within the group. If you have an insurance contract with one or more companies in our group, your data may be centrally managed by one company within the group, e.g. involving the central administration of address data, telephone customer service, contract and service processing, collection and payments or common mail processing.
Third-party service providers
To fulfil our contractual and legal obligations, the individual companies of the HanseMerkur Insurance Group currently work as and when needed with service providers (companies/individuals) using health data and other data protected under Article 203 of the German Criminal Code (StGB).