Munich Re logo
Risk Management Partners
EN

Data Privacy Statement

    alt txt

    properties.trackTitle

    properties.trackSubtitle

    Munich Re Service GmbH is a wholly-owned subsidiary of Munich Reinsurance Company (Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München). The company is responsible for development, marketing and sale of products and services in the area of digital technologies, in particular for risk measurement, risk control and general business optimisation. It is in our mutual interest that we take our responsibility to guarantee the privacy of your data very seriously, in compliance with the applicable provisions of data protection law. We use state-of-the-art technology to communicate with you while keeping your data secure.

    1. Applicability

    The following data protection notice applies to MunichRe Service GmbH’s websites. This website contains links to third-party websites (external links). These websites are the responsibility of the respective operators. Should you notice that our website contains a link to a site whose content violates applicable law, please let us know at mrs-inbox@munichre.com. We will then remove such links from our website without delay.

    2. Processing of your data

    We would hereby like to explain how your personal data will be processed when you visit Munich Re GmbH’s websites, and to inform you of your rights under data protection law.

    2.1. Who is responsible for processing your data and how can you reach the responsible?

    Munich Re Service GmbH
    Königinstraße 107
    80802 München
    Telefon: +49(89)3891-0
    E-Mail: mrs-inbox@munichre.com

    You can reach MunichRe Service GmbH by email at mrs-inbox@munichre.com or by post at the address indicated above.

    You can contact our Data Protection Officer at the postal address mentioned above, with the addition "To the Data Protection Officer" or under www.munichre.com/en/general/contact/form-data-protection.html marking “Munich Re Service GmbH” in the field “Company”.

    2.2 What is the legal basis for processing your personal data?

    We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Telecommunications Digital Services Data Protection Act (TDDDG) and all other relevant laws on the processing of personal data.

    The legal basis for a specific data processing depends on the context in which and for what purpose we process your data.

    a) To fulfil (pre-)contractual obligations (Art. 6 para. 1 lit. b) GDPR)

    In general, the collection and processing of your personal data serves to purposes of communication and the transmission of requested information. This may be necessary for the performance a contractual relationship or in the context of pre-contractual negotiations or at the request of the data subject.

    b) To pursue legitimate interests (Art. 6 para. 1 lit. f) GDPR)

    This may be the case, for example, when sending information to customers and business partners by post, as well as when storing your contact details in our (groupwide) IT systems. This can also include the assertion of violations of the law.

    c) Consent (Art. 6 para. 1 lit. a) GDPR)

    The user’s, meaning the data subject’s consent may also be required to send information or to establish contact for marketing purposes. The use of tracking pixels is also based on your consent. You can revoke the declaration of consent given to us and the consent to the storage of personal data at any time with effect for the future in accordance with Section 2.8 of this Data Privacy Statement. If you have subscribed to our e-mail newsletter, you can also assert the revocation by clicking on the link contained in the newsletter. However, processing carried out until the revocation remains lawful in such a case.

    d) Due to legal requirements (Art. 6 para. 1 lit. c) GDPR)

    We also process your data in order to be able to fulfil our legal obligations, e.g. due to regulatory requirements or when comparing your data with so-called sanctions lists in order to comply with anti-terrorism legislation (e.g. EU Regulation 2580/2001).

    2.3 What categories of data will we use, and for what purposes will we process your personal data?

    (a) We process the personal data that you provide us in the course of our common business. If you send us an email, or if you complete and submit an online form on our website, we will use any personal data you provide (such as your name, email address or telephone number) only to correspond with you, to send you the information you requested, or for the other purpose(s) stipulated on the particular form. Where allowed by law, we also process personal data that we have legitimately obtained from other sources, such as from Group companies or from public sources. For legal or technical reasons, personal data may also be collected and communicated to us in an encrypted form from areas on our website that are accessible only to users with special authorisation (for example, the Location Risk Intelligence platform). The amount of data collected depends on the application used.

    We base this form of processing your data on the initiation of contract negotiations with you or for the performance of an existing contract in accordance with Art. 6 para.1 lit. b) GDPR.

    (b) We use your contact data for marketing purposes or for sending information. When you fill out and submit an electronic form, you provide Munich Re Service GmbH with your consent to use your data (such as first and last names, email address, telephone number and postal address) to send you, in future, information about Munich Re Service GmbH’s products and services, or to contact you for marketing purposes. This also applies if you subscribe to receive emails (such as a newsletter). In application of the dual optin process for legal reasons, a one-time confirmation email will be sent to the email address provided for the receipt of information. We also send such a one-time confirmation email to those who contact us using the online form. The confirmation email is intended to determine whether it was the owner of the email address who authorised receiving emails, and it thus serves as evidence of this authorisation.

    We base this form of processing your data on consent in accordance with Art. 6 para. 1 lit. a) GDPR.

    (c) In order for Munich Re Service GmbH to receive information about the interactions with the email recipient, a function called “tracking pixel” will be used in the Microsoft Dynamics 365 Marketing module. This function identifies, using image resources, when a recipient opens an email sent using a Microsoft Dynamics 365 product. If an email is sent using the Dynamics 365 Marketing module or Microsoft Dynamic CRM, an image tag for a tiny image is inserted in the main portion of the email. If the recipient opens the email and his or her email client is appropriately configured, the email client sends a request for the image to the Microsoft Dynamics platform. This request is transferred to the email-opening rate that is provided to Munich Re Service GmbH for analysis.

    We base this form of processing your data on consent in accordance with Art. 6 para. 1 lit. a) GDPR.

    (d) During an online session, we use the tracking pixel technology of WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. Here, the IP address of a visitor is processed. Each visitor has the right at any time before visiting the website not to consent to the processing. The refusal of consent will be taken into account permanently. The processing takes place exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab. The data collected by WiredMinds does not allow any conclusion to be drawn about a natural person at any time. WiredMinds GmbH uses this information to create anonymous usage profiles relating to visitor behavior on our website. The data obtained in this way is not used to personally identify visitors to our website.

    We base this form of processing your data on a legitimate interest in accordance with Art. 6 para. 1 lit. c) GDPR.

    (e) During an online session, cookies are stored on your computer. These are small files that control the display and operation of our website. Cookies will not damage your computer and do not contain viruses.

    When you visit our website, and wish to make use of the functions we offer, we use one group of cookies that are required for technical reasons. We also employ other cookies to carry out statistical evaluations of the reach of our websites. We perform anonymised statistical evaluations of these websites. We do not establish any personal link to you.

    You may deactivate, in your browser, any cookies that are not necessary to display the website.

    Most of the cookies we use are session cookies. They are automatically deleted at the end of your visit. Other cookies, such as those used for statistical evaluations, remain on your terminal device until you delete them. These cookies allow us to recognise your browser the next time you visit.

    The cookies are as follows:

    ARRAffinity (Domain: .biz.rmp.munichre.com)

    This cookie is necessary to ensure that all of the user’s page views are sent to the same server. It is deleted when the browser is closed.

    ASP.NET_SessionId (Domain: .biz.rmp.munichre.com)

    This cookie is necessary to administer the user sessions. It is an anonymous cookie that is deleted when the browser is closed.

    Dynamics365PortalAnalytics (Domain: .biz.rmp.munichre.com)

    Service cookie to anonymously analyse the use of the service; will be aggregated for statistical purposes.

    WT_FPC (Domain: .munichre.com)

    This cookie is set by Webtrends Analytics. Its purpose is to track and report on user behaviour on a website in order to improve performance. The analysis is anonymous. Such data cannot be traced back to individual users. The data will not be merged with data from other sources. We reserve the right to review the information subsequently, and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our internet presence is being used illegally (for example, a hacking attack on our network).

    If the cookies and similar technologies are not technically necessary, we base this form of processing your data on your consent in accordance with Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 TDDDG. If the requirements according to Section 25 para. 2 are met, we refrain from obtaining the consent in accordance with Section 25 para. 1 TDDDG.

    2.4 Who receives your data?

    Within Munich Re Service GmbH, only those staff and departments who are responsible for the respective process will receive your data. The data may also be disclosed to Munich Reinsurance Company, which provides comprehensive services to Munich Re Service GmbH, and to its service providers. Only those staff within Munich Re (Group) who need your data for the aforementioned purposes will have access to it.

    Furthermore, external service providers can be used to fulfil some of contractual and statutory obligations. Outsourcing is necessary, for example, in the sales process, when creating the content for our website or sending newsletters. Corresponding data protection agreements have been concluded with such service providers. Service providers that are used to send you the requested information (such as brochures by mail, issuing electronic newsletters) will receive the necessary personal data.

    2.5 Will we send your data to third countries?

    If personal data needs to be transferred to service providers or Group companies outside the European Economic Area (EEA), this will be done only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example through standard EU contractual clauses, Binding Corporate Rules of the Munich Re Group). You may also request the information from the aforementioned contact person.

    2.6 What measures do we have in place to protect your data?

    We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorised third-party access during transfer. You can recognise an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.

    For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected e-mail, it is possible that unauthorised parties may gain knowledge of or modify your data during transmission via the internet.

    2.7 How long will your data be stored?

    We will delete your personal data as soon as it is no longer required for the purposes set out above, and no legal documentation or retention requirements apply, for example in the German Commercial Code (Handelsgesetzbuch), fiscal laws or the General Tax Code (Abgabenordnung). The retention periods might sum up to ten years. We will store your personal data for longer than that only in exceptional cases, where necessary in connection with claims asserted against Munich Re (statutory limitation period of up to 30 years).

    2.8 Are you required to provide us with your data?

    You are not required to provide personal data when accessing Munich Re Service GmbH’s website. However, there are services for which we require personal data from you – for example, to send you information, a newsletter you have requested, details about a contract, or to take your application into account for a job opening. Without this data, Munich Re Service GmbH cannot carry out the services you request.

    2.9 What data protection rights can you claim as a data subject?

    In addition to your right to object (see below), you have a right to request access, a right to rectify or erase data under certain conditions, as well as a right to restrict data processing of your personal data. Upon request, we will make the data that you provided available in a structured, accessible and machine-readable format. Please contact the above-mentioned address to exercise these rights.

    Right to object

    If we process your data for the purposes of protecting legitimate interests, you may, by contacting the address indicated above, object to this processing on grounds relating to your particular situation. We will then stop the processing, unless we have compelling legitimate grounds to do so which override your interests, rights and freedoms, or it serves the establishment, exercise or defence of legal claims.

    2.10 Who can you contact with any complaints?

    If you have a complaint, you may contact the aforementioned address, or the state data protection authority. The data protection authority responsible for us is:

    Bayerisches Landesamt für Datenschutzaufsicht
    Promenade 27
    91522 Ansbach
    https://www.lda.bayern.de/de/kontakt.html
    poststelle@lda.bayern.de

    3. Amendments to this data protection notice

    The continual improvement of our website, and the use of new technology, make it necessary to amend our data protection notice from time to time. When visiting our website, please read the current version of our privacy statement (current status: September 2024).

    (Last updated: October 2024