Information on data protection for business partners, service providers and interested parties
In the present notice, we inform you as a business partner, service provider or interested party about the processing of your personal data and the rights to which you are entitled according to data protection law. Which data is processed in detail and how it is used depends largely on the type of business relationship or service. Therefore not all parts of this information will apply to you.
1 Who is responsible for data processing?
Hansekuranz Kontor GmbH
Telephone: +49 251 915999-0
Telefax: +48 251 915999-15
If you have any questions about this notice, please contact our data protection officer. They can be contacted by mail at the aforementioned address with the addition "data protection officer" or by e-mail to firstname.lastname@example.org.
2 What sources and data do we use?
We process personal data that you provide to us within the course of our business relationship (e.g. in direct contact with our employees by e-mail, telephone, etc. or via the "Realytix" online tool). In addition, we process, to the extent necessary, personal data that we obtain from publicly accessible sources (e.g. corporate publications, the press, the Internet) or that we legitimately receive from our business partners. Relevant personal data is essentially your professional contact data, your professional function, the business correspondence conducted with you and, if applicable, your areas of professional interest.
3 For what purposes and on what legal basis is your data processed?
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other applicable law.
a. To fulfil (pre-)contractual obligations (Art. 6 para. 1 b GDPR)
Processing takes place within the course of the preparation, conclusion and termination of insurance contracts in all classes of insurance, in connection with other services or when using our services. We process your personal data (above all your professional contact data), in particular in order to get in touch with you and to communicate with you or your company in our contact management systems.
b. For the purposes protecting our legitimate interests (Art. 6 para. 1 f GDPR)
If necessary, we process your data beyond the actual fulfilment of the business relationship to protect the legitimate interests of us or third parties. Some examples are:
- The digital or postal dispatch of greeting cards to business partners, for example for Christmas or a company anniversary.
- Posting brochures and flyers to business partners in order to inform them about current news concerning the Hansekuranz Kontor.
- Disclosure of data to authorised employees of Munich Re Reinsurance Group
- Obtaining contact information using publicly available sources.
c. Based on your consent (Art. 6 para. 1 a GDPR)
If you have given us permission to process personal data for specific purposes, this constitutes the legal basis. You may revoke your consent at any time. This also applies to the revocation of declarations of consent given to us before the GDPR became effective (i.e. before 25 May 2018). Revoking consent only takes effect for the future and does not affect the legality of the data processed until the revocation.
Such consents concern in particular
- Participation in anonymous and personalised surveys to improve our service quality or in the context of events and seminars, e.g. to select suitable topics or speakers. These surveys are voluntary.
- Sending newsletters to inform you regularly about relevant and interesting news of Hansekuranz Kontor. If you would like to receive a newsletter offered on our website, we need an e-mail address and further information of you. This enables us to check whether you are the owner of the e-mail address provided and whether you agree to receive the newsletter. We use your data to send you the information you have requested. At the end of each newsletter there is a "unsubscribe" link. Via this link you can unsubscribe from the respective newsletter or generally object to the use of your data.
- Information about, or invitations to events and seminars. We process your personal data to send you invitations to events that may be relevant for you and your work. If you register for a seminar or event, we will provide you with the necessary information about the event or seminar. This includes, among other things, e-mails about the registration process, the venue and programme, as well as surveys on the course of the seminar. We store your registration details for a seminar or event in our contact management systems.
We store the necessary personal data such as your interests and consents to receiving a newsletter, invitations to events and seminars, participation in surveys or other declarations of consent in our contact management systems. Your declarations of consent are documented there and can be retrieved at your request.
d. Based on legal obligation (Art. 6 para. 1 c GDPR)
We will also process your data to fulfil our legal duties, e.g. based on supervisory provisions, or to compare your data against sanctions lists to comply with counter-terrorism rules (e.g. Council Regulation 2580/2001).
4 Who receives your data? What categories of recipient might we disclose your data to?
Within our company, those departments that need your data to fulfil the aforementioned purposes will have access to it.
External service providers: We use external service providers to fulfil our contractual and legal obligations. The involvement of service providers is necessary, for example, in the context of creating the content of our website and for sending newsletters. We have concluded corresponding data protection agreements with these service providers. Service providers we use to send your requested information (e.g. information by letter, sending electronic newsletters) receive the necessary personal data.
Munich Re Reinsurance Group: Access to the content of our contact and treaty management systems is restricted to authorised staff of our parent company.
5 How long do we store your data?
As a rule, we anonymise or delete your personal data as soon as it is no longer necessary for the aforementioned purpose, unless statutory documentation and retention rules (e.g. in the German Stock Corporation Act (AktG), Commercial Code (HGB) or Tax code (AO)) require us to keep it for longer. We will store your personal data for longer than that only in exceptional cases, where necessary in connection with claims asserted against Munich Re (Group) (statutory limitation period of up to 30 years).
6 How do we transfer data outside Europe?
If we need to transfer personal data to service providers outside the European Economic Area (EEA), we will do so only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example, through binding, in-house data protection provisions, or the European Commission’s standard contractual clauses).
7 Is there a legal or contractual obligation to provide personal data to third parties?
Within the framework of our contractual agreements as an underwriting agency with the corresponding risk carriers, we are generally obliged to provide the insurer with personal data insofar as this is necessary for the conclusion and processing of insurance contracts and the enforcement of associated claims.
8 Does an automated decision-making process take place?
Automatic decision making takes place exclusively within the framework of the use of the "Realytix" online platform. This is based on the internal pricing and underwriting agreements between Hansekuranz Kontor and Munich Re Rückversicherungsgruppe.
Automated decisions are made exclusively within the parameters agreed above. Other processes outside the parameters require manual intervention by the Hansekuranz Kontor.
The data collected on the platform is used to statistically substantiate underwriting decisions, make market-compatible adjustments, assess performance during the year and respond to risk-related trends. In addition, invoice data is used for the collection process of the Hansekuranz Kontor.
9 What data protection rights do you have?
In addition to your right to object, you have a right to information, a right to rectify or erase data under certain conditions, as well as a right to restrict data processing. Upon request, we will make the data that you provided available in a structured, accessible and machinereadable format. Please contact the aforementioned address to exercise these rights
Right to object: If we process your data for the purposes of protecting legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then stop the processing, unless we have compelling legitimate interests to do so which override your grounds. Even after giving your consent, you are entitled to revoke it for the future without consequences.
10 Would you like to file a complaint about how your data is being handled?
You may contact the aforementioned Data Protection Officer or the data protection authorities. The authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)
11 Are you obliged to provide your data?
We need your personal data, for example to send you the requested information, the newsletter you subscribed to, or invitations to events. Without this data, Hansekuranz Kontor cannot carry out the services you request.
Status of this information: October 2018
We will notify you should this information change substantially.