Munich Re
Munich Re Service GmbH

Privacy Policy for Location Risk Intelligence

    alt txt

    properties.trackTitle

    properties.trackSubtitle

    1. Applicability

    The following privacy policy (“Policy”) describes how Munich Re Service GmbH (“we” or “us”) processes your personal data when you use the Location Risk Intelligence, the online services that are integrated in Munich Re’s Location Risk Intelligence platform (“Location Risk Intelligence” or “Platform”). We provide this service to user companies being subscription customers (“Clients”) who designate the individual users, authorized to use the Platform (“Users”).

    This document explains the data processing involved and informs you about your data protection rights as an User of this software-as-a-service solution.

    2. Processing of your data

    2.1 Who is responsible for the processing of your personal data, and how can you contact the Data Protection Officer?

    Following entity is responsible for processing of your personal data:

    Munich Re Service GmbH
    Königinstrasse 107
    80802 Munich
    Germany

    E-Mail: mrs-inbox@munichre.com

    You can reach MunichRe Service GmbH by email at mrs-inbox@munichre.com or by post at the address indicated above.

    You can contact our Data Protection Officer at the aforementioned address, with the addition "To the Data Protection Officer" or under www.munichre.com/en/general/contact/form-data-protection.html marking “Munich Re Service GmbH” in the field “Company”.

    2.2 What data categories do we use, and for what purposes, and what is the legal basis for processing your personal data?

    We process your personal and personally identifiable data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other applicable laws and regulations.

    In the following sections, you will find information on the respective processing activities, purposes of processing, legal basis and retention periods.

    2.2.1 Visiting our log-in landing page

    You log in to our Location Risk Intelligence platform via your internet browser or via API, by visiting our log-in landing page https://risksuite.munichre.com/login. On this log-in landing page, we use technologies that control the presentation and operation of the respective content and are required for technical reasons.

    a) Personal data being processed

    Your IP-address

    b) Legal basis

    The technologies we use are technically necessary. Therefore, we base this form of processing of your data on Section 25 para. 2 TDDDG and Art. 6 (1) (f) GDPR.

    c) Retention period

    The technologies we use are automatically deleted at the end of your visit.

    2.2.2 Registration process

    The registration process is necessary to provide you with the functionalities of the Platform. Upon this process, you will receive a personalized invitation to use the Platform. Within this invitation you will be requested to confirm your identity by providing your personal data.

    The information on the processing specified in this section also applies to the use of test accounts.

    a) Personal data being processed

    First name, last name, e-mail-address,  personalized token

    b) Purposes of the processing

    The processing of your personal data is necessary in order to identify you as an authorized user and to grant you the initial access to the Platform.

    c) Legal basis

    Art. 6 (1) (b) GDPR

    d) Retention period

    Your personal data is being stored until your status as authorized user remains valid. Once our agreement with the Client is terminated or we are informed by the Client that your authorization has been terminated, your account and personal data will be deleted automatically 90 days after the termination.

    2.2.3 Login process

    You may login to the Platform once you are registered. After the successful login, you have access to the functionalities agreed upon between the Client and Munich Re Service GmbH. You can manage your personal data (name and last name) in the settings of your individual account. 

    The information on the processing specified in this section also applies to the use of test accounts and login-modifications (such as single-sign-on – “SSO” or multi-factor authentication – “MFA”). Please note that if you use the MFA, the privacy policy of the provider of your respective MFA-app applies.

    a. Personal Data being processed

    E-mail-address, password, personalized token.

    b. Purposes of the processing

    The processing of your personal data is necessary in order to identify you as an authorized user each time you wish to access the Platform. Your personal data is also processed in order to grant you access to the functionalities of the Platform agreed upon between the Client and Munich Re Service GmbH.

    c. Legal basis

    Art. 6 (1) (b) GDPR

    d. Retention period

    Your personal data is being stored until your status as authorized user remains valid. Once our agreement with the Client is terminated or we are informed by the Client that your authorization has been terminated, your account and personal data will be deleted automatically 90 days after the termination.

    2.3 Who receives your data? What recipient might we disclose your data to?

    Within the Munich Re Group, and in particular at Munich Re Service GmbH and Munich Reinsurance Company in Munich, only those employees and agents who require your personally identifiable data for the purposes set out in Section 2 receive access to it. All of these parties are under strict obligations to maintain confidentiality and ensure data protection.

    We operate Location Risk Intelligence as a cloud solution within the European Union. The data specified in Section 2 is transferred to a cloud server in Europe and stored there. In certain cases, we make use of external service providers to help us meet our contractual and legal obligations. For example, outsourcing is required for the development of various Location Risk Intelligence functionalities. The possibility cannot be ruled out that such service providers encounter the personally identifiable data specified in Section 2. However, strict confidentiality and data protection agreements have been concluded with these service providers. You will find the list of service providers that exclusively provide their services within Location Risk Intelligence here.

    3. How do we transfer data to countries outside Europe?

    If we need to transfer personal data to service providers outside the European Economic Area (EEA), this is only done if the European Commission has confirmed that the level of data protection in the country in question is, or if data protection is suitably guaranteed in some other way (e.g. through binding, internal company data protection regulations, or the standard contractual clauses of the European Commission and Binding Corporate Rules of the Munich Re Group).

    4. How long do we store your data?

    In addition to the retention periods described in Section 2 above, we generally anonymize or delete your personally identifiable data as soon as it is no longer required for the above-mentioned purposes, unless statutory documentation and data retention regulations – e.g. the German Commercial Code (HGB) or German Tax Code (AO) – oblige us to retain it for longer. A period of storage of your personally identifiable data longer than this only occurs in exceptional cases where it is required in connection with the assertion of claims (with a statutory limitation period of up to 30 years) against the Munich Re Group.

    5. What data protection rights do you have?

    You have a right to information, under certain circumstances a right to have your data rectified or deleted, and a right to restricted processing. On request, we will make the collected data available to you in a structured, accessible and machine-readable format. Please contact us via the contact details above if you wish to exercise these rights.

    You may also object to the processing on grounds relating to your particular situation, at any time. This applies in cases, where processing of your personal data is based on Art. 6 (1) (e) or (f) GDPR.  In this case we shall no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or when the processing is performed for the establishment, exercise or defence of legal claims.

    6. Would you like to file a complaint about how your data is being handled?

    If you have a complaint, you may contact the aforementioned Data Protection Officer (see Section 1 of this Policy), or the state data protection authority. The authority responsible for us is:

    Bayerisches Landesamt für Datenschutzaufsicht
    (Data Protection Authority of Bavaria for the Private Sector)
    Promenade 18, 91522 Ansbach, Germany

    E-mail: poststelle@lda.bayern.de
    Web: https://www.lda.bayern.de/en/contact.html

    7. How will you be informed about changes to data protection information?

    Should we make changes to this data protection information, it will be updated in the Location Risk Intelligence online services.

    (Last updated: March 2025)