Munich Re
Munich Re Service GmbH

Privacy Policy for Location Risk Intelligence

    alt txt

    properties.trackTitle

    properties.trackSubtitle

    1. Applicability

    The following privacy policy (“Policy”) describes how Munich Re Service GmbH (hereafter “we” or “us”) processes your personal data when you use Location Risk Intelligence, the online services that are integrated into Munich Re’s Location Risk Intelligence platform (hereafter “Location Risk Intelligence” or “Platform”). We provide this service to user companies that are subscription customers (“Clients”); said companies designate the individual users who are authorised to use the Platform (“Users”).

    This document explains the data processing involved and informs you about your data protection rights as a User of this software-as-a-service solution.

    2. Processing of your data

    2.1 Who is responsible for the processing of your personal data, and how can you contact the Data Protection Officer?

    The following entity is responsible for the processing of your personal data:

    Munich Re Service GmbH
    Königinstrasse 107
    80802 Munich
    Germany

    E-Mail: mrs-inbox@munichre.com

    You can reach Munich Re Service GmbH by email at mrs-inbox@munichre.com or by post at the address indicated above.

    You can contact our Data Protection Officer at the aforementioned address, with the addition “To the Data Protection Officer” or using the contact form at www.munichre.com/en/general/contact/form-data-protection.html and selecting “Munich Re Service GmbH” in the field “Company”.

    2.2 What data categories do we use, and for what purposes? What is the legal basis for processing your personal data?

    We process your personal and personally identifiable data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other applicable laws and regulations.

    In the following sections, you will find information on the respective processing activities, purposes of processing, legal basis and retention periods.

    2.2.1 Visiting our log-in landing page 

    You can log in to our Location Risk Intelligence platform via your internet browser or via API, by visiting our log-in landing page https://risksuite.munichre.com/login. On this log-in landing page, we use technologies that determine the appearance and functionality of the respective content and are required for technical reasons. 

    a) Personal data processed

    Your IP address

    b) Legal basis

    The technologies we use are technically necessary. Therefore, we base this form of processing your data on Section 25 para. 2 TDDDG and Art. 6(1)(f) GDPR.

    c) Retention period

    The technologies we use are automatically deleted at the end of your visit.

    2.2.2 Registration process

    The registration process is necessary to provide you with the functionalities of the Platform. After having completed this process, you will receive a personalised invitation to use the Platform. You will also be requested to confirm your identity by providing your personal data. 

    The information on the processing specified in this section also applies to the use of test accounts. 

    a) Personal data processed

    First name, last name, email address, personalised token 

    b) Purposes of processing

    The processing of your personal data is necessary in order to identify you as an authorised user and to grant you initial access to the Platform.

    c) Legal basis

    Art. 6(1)(b) GDPR

    d) Retention period

    Your personal data is stored as long as you retain your status as an authorised user. Once our agreement with the Client is terminated or we are informed by the Client that your authorisation has been terminated, your account and personal data will be deleted automatically after 90 days. 

    2.2.3 Log-in process

    You may log in to the Platform once you are registered. After successfully logging in, you will have access to the functionalities agreed upon between the Client and Munich Re Service GmbH. You can manage your personal data (name and last name) in your individual account settings. 

    The information on the processing specified in this section also applies to the use of test accounts and log-in modifications (such as single-sign-on (“SSO”) or multi-factor authentication (“MFA”)). Please note that if you use MFA, the privacy policy of your respective MFA app provider applies. 

    a. Personal data processed

    Email address, password, personalised token 

    b. Purposes of processing 

    The processing of your personal data is necessary in order to identify you as an authorised user each time you wish to access the Platform. Your personal data is also processed in order to grant you access to the functionalities of the Platform agreed upon between the Client and Munich Re Service GmbH. 

    c. Legal basis 

    Art. 6(1)(b) GDPR

    d. Retention period

    Your personal data is stored as long as you retain your status as an authorised user. Once our agreement with the Client is terminated or we are informed by the Client that your authorisation has been terminated, your account and personal data will be deleted automatically after 90 days.

    2.3 Who receives your data? Who might we disclose your data to?

    Within the Munich Re Group, and in particular at Munich Re Service GmbH and Munich Reinsurance Company in Munich, only those employees and agents who require your personally identifiable data for the purposes set out in Section 2 receive access to it. All of these parties are under strict obligations to maintain confidentiality and ensure data protection.

    We operate Location Risk Intelligence as a cloud solution within the European Union. The data specified in Section 2 is transferred to a cloud server in Europe and stored there. In certain cases, we make use of external service providers to help us meet our contractual and legal obligations. For example, outsourcing is required for the development of various Location Risk Intelligence functionalities. Therefore, it cannot be ruled out that such service providers come in contact with the personally identifiable data specified in Section 2. However, strict confidentiality and data protection agreements have been concluded with these service providers. You will find the list of service providers that exclusively provide their services within Location Risk Intelligence here.

    3. Do we transfer data to countries outside Europe? 

    If we need to transfer personal data to service providers outside the European Economic Area (EEA), we only do so if the European Commission has confirmed that the level of data protection in the country in question is sufficient, or if data protection is suitably guaranteed in some other way (e.g. through binding, internal company data protection regulations, or the standard contractual clauses of the European Commission and Binding Corporate Rules of the Munich Re Group).

    4. How long do we store your data?

    In addition to the retention periods described in Section 2 above, we generally anonymise or delete your personally identifiable data as soon as it is no longer required for the above-mentioned purposes, unless statutory documentation and data retention regulations – e.g. the German Commercial Code (HGB) or German Tax Code (AO) – oblige us to retain it longer. A period of storage of your personally identifiable data longer than this only applies in exceptional cases where it is required in connection with the assertion of claims (with a statutory limitation period of up to 30 years) against the Munich Re Group.

    5. What data protection rights do you have?

    You have a right to information, under certain circumstances a right to have your data corrected or deleted, and a right to restrict its processing. On request, we will make the collected data available to you in a structured, accessible and machine-readable format. Please contact us using the contact details above if you wish to exercise these rights.

    You may also object, at any time, to the processing on grounds relating to your particular situation. This applies in cases where the processing of your personal data is based on Art. 6(1)(e) or (f) GDPR. In this case we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds for the processing which override your interests, rights and freedoms, or when the processing is done in order to establish, assert or defend against claims.

    6. Do you wish to file a complaint about the processing of your data?

    If you have a complaint, you may contact the aforementioned Data Protection Officer (see Section 1 of this Policy), or the state data protection authority. The authority responsible for us is:

    Bayerisches Landesamt für Datenschutzaufsicht

    (Data Protection Authority of Bavaria for the Private Sector)
    Promenade 18, 91522 Ansbach, Germany

    Email: poststelle@lda.bayern.de
    Website: https://www.lda.bayern.de/en/contact.html

    7. How will you be informed about changes to this Policy?

    Should we make changes to this Policy, it will be updated in the Location Risk Intelligence online services.

    (Last updated: March 2025)