Data Protection & Privacy

HanseMerkur Insurance Consultancy GmbH – Dubai Branch

Last Updated: 25th of February 2026

  1. Introduction

This Data Privacy Notice explains how HanseMerkur Insurance Consultancy GmbH – Dubai Branch (“HanseMerkur Dubai”, “we”, “us”, “our”) collects, uses, processes, stores and protects personal data in connection with:

  • Insurance consultancy and distribution activities in the United Arab Emirates (UAE);
  • Insurance policies issued by licensed UAE insurers;
  • Reinsurance and risk-management arrangements;
  • Our website, communications and customer services.

We are committed to processing personal data in accordance with applicable UAE data protection, healthcare and insurance regulations.

  1. Regulatory Framework

Personal data is processed in accordance with:

  • UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”).
  • Federal Law No. (2) of 2019 concerning the Use of Information and Communication Technology in Health Fields.
  • Ministerial Decision No. 51 of 2021 concerning the Executive Regulations for Health Data.
  • UAE Central Bank (CBUAE) regulations applicable to insurance activities.
  • Applicable healthcare regulatory requirements (including DHA, DOH and MOHAP frameworks).
  1. Insurance Structure and Roles

3.1 HanseMerkur Dubai

HanseMerkur Dubai is a UAE-registered branch acting in an insurance consultancy and distribution capacity.

3.2 Local Licensed Insurer (Policy Issuer)

Insurance policies marketed and administered in the UAE are issued by:

Emirates Insurance Company PSC

A public joint stock company licensed and regulated by the UAE Central Bank to conduct insurance business in the UAE.

Emirates Insurance Company is the licensed risk carrier and policy issuer.

3.3 Reinsurance Arrangements

Risk under certain policies may be reinsured with:

HanseMerkur Reiseversicherung AG

a regulated, licensed and authorised insurance undertaking incorporated in Germany.

Where applicable, underwriting and claims data may be shared with the reinsurer strictly for legitimate insurance and risk-management purposes and subject to legal safeguards.

  1. Data Controllers

Depending on the processing activity, personal data may be processed by:

  • HanseMerkur Dubai (distribution, administration and servicing).
  • Emirates Insurance Company (as licensed insurer and risk carrier).
  • HanseMerkur group companies in Germany (for reinsurance or centralised services).

Each entity processes personal data in accordance with its legal obligations as controller or processor under applicable law.

  1. Contact Details

HanseMerkur Insurance Consultancy GmbH – Dubai Branch
Office 417, Blue Bay Tower
Business Bay, Dubai
United Arab Emirates
P.O. Box 114994

Compliance / Data Protection:
compliance@hmgme.com

General Enquiries:
info@hmgme.com
Tel: +971 4 453 4749

  1. Categories of Personal Data

We may collect and process the following categories:

Identity and Contact Data

Name, address, date of birth, passport/ID, nationality, contact details.

Policy and Contract Data

Policy numbers, coverage details, beneficiaries and dependents.

Financial Data

Bank details, payment history.

Health and Medical Data (Sensitive Data)

Medical history, diagnoses, treatment records, claims documentation.

Claims and Correspondence Data

Incident reports, statements, supporting documents.

Technical and Website Data

IP address, device data, cookies, browsing behaviour.

Marketing Preferences

Communication preferences and marketing consents.

  1. Lawful Basis for Processing

Personal data is processed on one or more of the following lawful bases:

  • Performance of an insurance contract.
  • Compliance with legal or regulatory obligations.
  • Legitimate business interests (e.g., fraud prevention, IT security).
  • Explicit consent (particularly for sensitive health data where required).

We do not process personal data for incompatible purposes.

  1. Healthcare Data Compliance

Health data is classified as sensitive data and subject to enhanced protections.

8.1 Compliance with Federal Law No. (2) of 2019 and Ministerial Decision No. 51 of 2021

Where health data relates to healthcare services provided in the UAE, we comply with:

  1. Federal Law No. (2) of 2019 (ICT in Health Fields);
  2. Ministerial Decision No. 51 of 2021 (Health Data Executive Regulations).

Health data is:

  • Processed only where necessary and lawful;
  • Access-restricted to authorised personnel;
  • Stored and protected in accordance with UAE healthcare data requirements.

8.2 Health Data Localisation and Transfers

Under UAE healthcare data laws:

  1. Health data relating to healthcare services provided in the UAE must generally be stored and processed within the UAE.
  2. Cross-border transfer of such data is restricted unless permitted under applicable exemptions or approvals.

Where health data must be shared outside the UAE (including with reinsurers), this will occur only:

  • Where legally permitted;
  • Subject to regulatory requirements;
  • With appropriate safeguards;
  • In compliance with UAE PDPL cross-border provisions.

Where appropriate, anonymisation or pseudonymisation may be applied prior to transfer.

  1. Sharing of Personal Data

Personal data may be shared with:

  1. Emirates Insurance Company (policy issuer);
  2. Reinsurers including HanseMerkur group entities;
  3. Insurance intermediaries and claims administrators;
  4. IT, payment and administrative service providers;
  5. Regulators (including CBUAE and healthcare authorities);
  6. Courts or law enforcement where required.

All recipients are required to protect personal data and process it only for authorised purposes.

  1. International Transfers

Personal data may be transferred outside the UAE, including to Germany, for reinsurance and centralised services.

Such transfers are conducted in accordance with:

  1. UAE PDPL cross-border requirements;
  2. Healthcare data restrictions (where applicable);
  3. Contractual safeguards and security controls.
  1. European Union and German Data Protection (GDPR)

Where personal data is processed in Germany in connection with reinsurance or group services, such processing may also be subject to:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR);
  • German Federal Data Protection Act (BDSG).

Where GDPR applies, appropriate safeguards are implemented, including:

  1. Lawful basis under Article 6 GDPR;
  2. Special category protections under Article 9 GDPR;
  3. Security measures under Article 32 GDPR;
  4. Data subject rights under Articles 12–22 GDPR.

Nothing in this Notice creates an EU establishment of HanseMerkur Dubai for the purposes of Article 3 GDPR. GDPR applies only where legally required due to involvement of EU-based entities or EU data subjects.

  1. Data Retention

Personal data is retained only as long as necessary for:

  • Policy administration;
  • Claims handling;
  • Legal and regulatory compliance;
  • Audit and accounting obligations.

Data is securely deleted or anonymised when no longer required.

  1. Data Security

We implement appropriate technical and organisational measures including:

  • Encryption where appropriate;
  • Role-based access controls;
  • Confidentiality undertakings;
  • Monitoring and audit procedures.

Access to personal data is limited to authorised personnel.

  1. Your Rights

Subject to applicable law, you may have the right to:

  • Access your personal data;
  • Correct inaccurate data;
  • Request restriction of processing;
  • Request deletion (where legally permissible);
  • Request data portability;
  • Object to processing based on legitimate interests; and
  • Withdraw consent (where applicable).

Requests may be made to:

management@hmgme.com

Proof of identity may be required.

  1. Complaints

If you are dissatisfied with how your personal data is processed, please contact our Compliance Officer.

You may also lodge a complaint with a competent authority, including:

  • UAE Central Bank (CBUAE);
  • Ministry of Health & Prevention (MOHAP);
  • Dubai Health Authority (DHA);
  • Department of Health – Abu Dhabi (DOH).
  1. Cookies and Website Technologies

Our website uses cookies and similar technologies to:

  • Maintain site functionality;
  • Improve user experience;
  • Enhance security;
  • Analyse performance.

Cookie preferences may be managed through browser settings.

  1. Changes to this Notice

We may update this Notice periodically to reflect legal or regulatory changes. The latest version will be published on our website.