Information on data protection for applicants

We would like to explain how your personal data will be processed by Munich Reinsurance Company and inform you of your rights under data protection legislation.

Who is the controller responsible for processing the data?

Münchener Rückversicherungs-Gesellschaft
Aktiengesellschaft in München (Munich Reinsurance Company)
Königinstrasse 107
80802 Munich, Germany

Phone: +49 (89) 38 91-0
Fax: +49 (89) 39 90 56
Email: contact@munichre.com

Our Data Protection Officer can be reached at the above address – by adding the words “Data Protection Officer” – or at the following email address datenschutz@munichre.com

What categories of data do we use, and where do we get it from?

The categories of personal data that we process include, in particular, your master data (e.g. name, nationality), contact details (e.g. address, phone number, email address) and also data relating to the entire application process (in particular covering letter, CV, certificates, questionnaires/interviews, details of your qualifications and work experience). Special categories of personal data (such as data concerning health, religious affiliation, degree of disability) are not needed to process your application. We use this data only if you have voluntarily provided it in the course of the application process and its use is justified by your consent or a statutory permission. When you come to an interview, we also record your data as part of video surveillance in certain buildings, e.g. entrance to the Main Building, access control vestibules or approach/access to the underground car park. 

As a rule, your personal data will be collected from you directly as part of the recruitment process. In addition, we may also have received data from third parties (e.g. recruitment agencies), to which you have provided your data for disclosure

For what purposes, and on what legal grounds, will your data be processed?

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws (e.g. German Works Constitution Act (BetrVG), German General Equal Treatment Act (AGG)). 

Data processing primarily serves implementation and conclusion of the application process and the purpose of assessing the applicant’s suitability for the respective position. Processing your application data is necessary for us to decide whether to enter into an employment relationship. The primary legal basis for this is Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the Federal Data Protection Act. In some areas, we may rely on your separate consent pursuant to Art. 6(1)(a) and 7 of the GDPR and Section 26(2) of the Federal Data Protection Act (e.g. regarding the use of your application documents for other Munich Re Group vacancies too). Where you give such consent, you have the right to withdraw it at any time with effect for the future.

Munich Re Group is a global enterprise that also operates using matrix structures. In matrix structures, besides a legal supervisor/line manager (“legal view”) there is also a professional supervisor (“management view”), who may be at another Group company in a different country. If in such a case, a position is advertised for the Munich location, for example, the future line manager in Munich will receive your application documents. However, the professional supervisor, who may, for example, be in the USA will also be given access to your data, as they will be supervising future staff professionally.

We base this disclosure of your data on the Group’s legitimate interests (Art. 6(1)(f) GDPR).
Any other processing of special categories of personal data is based on the statutory permissions under Section 22(1)(1b) and Section 26(3) and (4) of the Federal Data Protection Act, insofar as we have not obtained your consent for this separately (Art. 9(2)(a) of the GDPR, Section 26(2) of the Federal Data Protection Act).

We may also process your data to fulfil our legal duties as a potential employer, e.g. based on supervisory provisions, or to compare your data against sanctions lists to comply with counter-terrorism rules (e.g. Council Regulation (EC) No 2580/2001). This is done in each case on the basis of Article 6(1)(c) GDPR and Section 26 of the Federal Data Protection Act.

We also use your data for statistical purposes (e.g. studies on applicant behaviour). Any statistics are collected purely for internal purposes. The findings remain anonymous and are not personalised in any case.

Should we wish to process your personal data for any purpose other than those mentioned, we will inform you of this in advance in accordance with the legal requirements. 

Who receives your data?

Your application data will be treated confidentially at all times. Within our Company, the only persons and bodies (e.g. functional unit, Staff Council, Severely Disabled Employees’ Representative) that will have access to your personal data will be those that need it for the recruitment decision and to fulfil our (pre-)contractual and legal requirements. 

Where we are unable to offer you any open job vacancy, but your profile gives us reason to believe that your application could possibly be of interest for future job openings within our group of companies, we will pass your application details on to other Group companies, provided you have given us your explicit consent to do so.

Where the job vacancy is in a matrix organisation, your details may also be passed to supervisors in other companies of our global Group. The job posting will always indicate whether a vacancy is in a matrix structure.
Our platform for online applications is operated by the external service provider SAP Deutschland SE & Co. KG Hasso-Plattner-Ring 7 69190 Walldorf, Baden, Germany (“SAP”), which in turn uses other IT service providers.

We may also provide your personal data to other recipients outside the Company, where this is necessary for concluding the contract of employment (e.g. Chamber of Industry and Commerce and German Insurance Association for Vocational Training)

How do we transfer data to countries outside Europe (third countries)?

Should we pass on personal data to service providers or Group companies outside the European Economic Area (EEA), we will do so only if the European Commission has confirmed that the respective third country’s level of data protection is sufficient, or if other appropriate data-protection guarantees (e.g. binding, internal data protection regulations or agreement on the European Commission’s standard contract clauses) are in place. You can request detailed information on this as well as on the level of data protection at our service providers in third countries using the contact details provided above.

How long will your data be stored?

As a rule, unless you have actively consented to us retaining your personal data for a longer period (e.g. for inclusion in our application tool to offer you a different position going forward), we will delete your 

personal data six months after completing the application procedure. Other deletion periods may apply outside Europe and the European Economic Area. These will be taken into consideration in each case in our international application process and in the candidate management tool. This does not apply if statutory provisions preclude deletion or if further storage is necessary for evidential purposes or you have consented to a longer period of retention.

What privacy rights can you assert as a data subject?

At the address indicated above, you may request information about your personal data stored by us. In addition, under certain conditions you may request that your data be rectified or deleted. Furthermore, you may also have a right to restrict the processing of your data and a right to have the data provided by you disclosed in a structured, commonly used and machine-readable format. 

Right to object:
If we process your data for the purpose of safeguarding legitimate (Group) interests, you may lodge an objection to such processing at the above address, provided your particular situation presents grounds for objecting to such data processing.
We will then cease processing the personal data, unless we have compelling legitimate grounds not to do so that override your interests, or if processing serves the establishment, exercise or defence of legal claims.

Would you like to file a complaint about how your data is being handled? 

You may contact our Data Protection Officer (see above for contact details) or a data protection supervisory authority. The data protection supervisory authority responsible for Munich Re is: Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht), Promenade 18, 91522 Ansbach, Germany: https://www.lda.bayern.de/de/kontakt.html

Are you obliged to provide your data?

Within the scope of your application, you are obliged to provide the personal data required for performing the application process and the assessment of suitability. Without this data, we will not be able to conduct the application process and will not be able to make a decision on the conclusion of an employment relationship.