Data protection and information security
properties.trackTitle
properties.trackSubtitle
1. Scope of application
The following privacy statement applies to Munich Re HealthTech S.A. internet presence. This website may contain links to third-party websites (external links), which remain the responsibility of the respective operators. Should you notice that our website contains a link to a site whose content violates applicable law, please let us know at dpo@mrhealthtech.com
We will then remove such link from our website without delay. Munich Re HealthTech S.A. assumes no responsibility as to the topicality, correctness, completeness, or quality of the information provided.
2. Use of your data
2.1. Who is responsible for processing your data, and who is our Data Protection Officer?
Munich Re HealthTech S.A.
95-97 Kifisias Avenue
151 24 Maroussi, Athens, Greece
T. +30 213 0104800
F. +30 210 8064580
Email: dpo@mrhealthtech.com
You may contact our Data Protection Officer Mrs Panagiota Lagou, at the above address, or via the email dpo@mrhealthtech.com
2.2 What categories of data do we use, and where do we get it from?
2.3. For which purposes is the data processed?
If you disclose your personal data to us in specific circumstances (for example, by filling out a contact form), we handle such data confidentially, in accordance with the data protection regulations in effect at our Company’s registered office. If you send us an email, or if you complete and submit an on-line form on our website, we will use any personal data you provide (such as your name or email address) only to correspond with you, to send you the information you requested, or for the other purpose(s) stipulated on the form.
For legal or technical reasons, personal data may also be collected and communicated to us in an encrypted form from areas on our website that are accessible only to users with special authorization (for example, the job application portal). The amount of data collected depends on the application used.
For every application where we collect your personal data, we will provide an individualized privacy statement to inform you about the processing of your data.
2.4 What is the legal basis for our processing of your personal data?
We process your data based on the provisions of the EU General Data Protection Regulation (GDPR), and all other laws applicable to the processing of personal data.
The substantive legal grounds for the processing depend on the context and the purpose for which we collect your data. For that reason, we will be informing you separately via individualized privacy statements in the respective application or process.
As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary, in the context of a contractual relationship, to fulfil a contract or during the pre-contractual process (for example, job application process), or at your request. Where the applications are restricted access (for example, job applicant), the user or data subject’s consent may constitute the legal grounds.
2.5 Who receives your data?
Within Munich Re HealthTech S.A, only those staff and departments that are responsible for the respective process will receive your data; a clear distribution of responsibilities and access concept applies in this respect. The data may also be disclosed to service providers for the purposes set out above. Using service providers is necessary, for example, for the administration and maintenance of IT systems. We also use external service providers for support when managing job applicants, for example. If we process any of your personal data for certain purposes, you will receive a notice about how exactly your data is being used.
Service providers that we use to send you the requested information (such as brochures by mail, issuing newsletters) will receive your required personal data (e.g. postal services receive your name and address).
A list of all service providers that we use for data processing can be found under Section 3 and is available for downloading or mailing upon request.
2.6 Will we send your data to third countries?
If personal data needs to be transferred to service providers or Group companies outside the European Economic Area (EEA), this will be done only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example through standard EU contractual clauses, Privacy Shield).
You may also request the information from the contact person.
2.7 What measures do we have in place to protect your data?
We have state-of-the-art technical and organizational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorized parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorized third-party access during transfer. You can recognize an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.
For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected email, it is possible that unauthorized parties may gain knowledge of or modify your data during transmission via the internet.
2.8 What data protection rights can you claim as a data subject?
2.9 Right to object
If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.
If we are processing your data based on your consent, you may revoke this consent at any time with respect to future processing.
2.10 Who can you contact if you have a complaint?
If you have a complaint, you may contact the Data Protection Officer, or the state data protection authority. The authority responsible for Munich Re HealthTech S.A. is:
Data Protection office in Greece
Hellenic Data Protection Authority
Kifissias 1-3,
115 23 Athens, Greece
http://www.dpa.gr
Email: contact@dpa.gr
2.11 How long will your data be stored?
2.12 Are you required to provide us with your data?
2.13 Do we apply automated decision-making or profiling measures?
2.14 Use of your data in specific processes
2.15 Amendment of this data protection statement
3. Internet presence Cookies and log files
3.1 Use of cookies
During an online session, cookies are stored on your computer. These are small files that control the display and operation of our website. Cookies will not damage your computer and do not contain viruses.
When you visit our website, and wish to make use of the functions we offer, we use one group of cookies that are required for technical reasons. These cookies are so-called "session cookies". They are automatically deleted at the end of your visit.
Furthermore, we use a consent management platform (i.e. an approval management service), with which we document and implement your decisions regarding the data processing on our website. The Consent Management Platform used at Munich Re Website was developed and is managed by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. To do that, small files (analog cookies) are stored locally in the cache of your browser. This happens regardless of whether you agree or reject certain cookies. They continue to exist and can be read out even after the browser window has been closed or the program has been closed - if you don't delete the cache.
If you agreed to this, we also employ other cookies to carry out statistical evaluations of the range of our websites. We perform anonymized statistical evaluations of these websites. We do not establish any personal link to you. We commission a service provider (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland) to carry out the statistical evaluations, and these are performed exclusively for us and on our behalf. For this reason, when you visit our websites, cookies from this service provider are also stored on your device. These cookies enable us to recognize your browser on your next visit and remain on your terminal device until you delete them.
The data for carrying out statistical evaluations of our website is stored and processed in Europe (Ireland, France), but for supporting reasons there might be access to the data by Adobe employees outside EU. (Switzerland, Canada, United Kingdom, India or USA). While Switzerland, Canada, and the United Kingdom have a level of data protection appropriate to that of the EU, the level of data protection in India and USA does not correspond to the EU data protection level. In these countries, there is a risk that your data may be processed by authorities, possibly without the possibility of legal recourse.
We also use cookies for marketing purposes if you agreed to this. This allows us to place advertising in a more targeted manner. In this context, we carry out so-called retargeting in cooperation with LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). The purpose of retargeting is to recognize a user of our website. This gives us the opportunity to better tailor our advertising offering on LinkedIn to the informational needs of the users.
For example, a user is not shown an advertisement again if he has already dealt with a product but is instead provided with more concrete information about the product. This makes the user's communication with Munich Re more efficient. Therefore, we store a LinkedIn cookie on your device if you have given us your consent to do so. LinkedIn also uses your data for its own purposes for analytics, marketing, advertising, and retargeting to provide you with support and to personalize and develop its services. You can find more information about this on LinkedIn's privacy policy at: [https://www.linkedin.com/legal/privacy-policy].
The data transferred to LinkedIn is stored and processed in the USA. The level of data protection in the USA does not correspond to the EU level of data protection. Therefore, there is a risk that your data may be processed by authorities, possibly without the possibility of legal recourse.
On our website we use following cookies
Technical necessary cookies:
JSESSIONID, www.munichre.com, the session ID for internal use on the server, specifically used for load distribution, is removed at the end of your browser session.
AMCV_###AdobeOrg, contains the unique Adobe Experience Cloud user ID for visitor identification using Adobe Analytics, duration 24 months.
Cookies for statistical evaluations:
s_ecid, contains a copy of the Adobe Experience Cloud ID for visitor identification using Adobe Analytics, duration 24 months.
s_cc, Session-Cookie, detects whether cookies are permitted, and is removed at the end of the browser session.
s_sq, Session-Cookie, registers the last link clicked, and is removed at the end of the browser session.
s_vi, contains a unique visitor ID for visitor identification using Adobe Analytics, duration 24 months.
s_fid, contains a copy of the unique visitor ID for visitor identification using Adobe Analytics, duration 24 months.
Cookies for marketing purposes
For more information about the cookies set by LinkedIn, please see LinkedIn's Cookie Policy at [https://www.linkedin.com/legal/cookie-policy].
You can manage, change or revoke your cookie preferences at any time in the "Cookie Settings" You can find the "Cookie Settings" as a link on each of our pages.
3.2 Server log files
The information that your browser automatically sends us is collected automatically and saved in server log files. They contain:
Browser type and version
Operating system used
Referrer URL (the URL that the user comes from)
Host name (network name) of the accessing computer
Time of server request
This data cannot be traced to individual people. We do not merge this data with other data sources. We reserve the right to review the information subsequently and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our internet presence is being used illegally (for example, a hacking attack on our network).
4.0 Information Security Policy
Information and information systems’ protection have strategic significance for Munich Re HealthTech S.A. (MRHT) to achieve its short and long-term objectives.
The Management acknowledging the information and information systems’ importance in business processes implementation, is committed to safeguard the systems’ normal operation. MRHT has established an Information Security Policy aiming to:
- Ensure the confidentiality, availability and integrity of the information it processes
- Protect the data subjects’ rights within the scope of its business operations
- Comply with the applicable legislative and regulatory requirements
- Promptly address incidents that may violate the Information Security
For this reason, MRHT takes the proper technical and organizational measures to ensure the availability, integrity and confidentiality of the data it process. At the same time, it adheres to policies and procedures in the context of which the following are defined: - Organizational units and roles required for Information Security issues monitoring
- Technical measures for controlling and restricting access to information and information systems
- Information classification method based on its importance and criticality
- The required actions for information protection during the phases of processing, storing and transferring
- Methods for training the company’s employees and partners in Information Security
- Information Security incidents handling method
- Methods for ensuring the continuous operation of business processes in cases of information systems failures or physical disasters
MRHT conducts periodically Information Security risk assessments and determines the required corrective actions. It evaluates the effectiveness of the Information Security procedures by defining performance indicators, describing their measurement methods, producing and reviewing periodic reports with a view to continuously improving the system.
The Information Security Officer is responsible for the Information Security Management System operation and control as well as for taking the required initiatives to eliminate any factor that may lead to company’s information availability, integrity or confidentiality compromise.
MRHT’s employees and partners with access to information and information systems are responsible for adhering to the rules of the implemented Information Security Policy.