Privacy policy in accordance with Articles 13 and 14 GDPR

With this statement, we would like to inform you about the collection and processing of your personal data by the data controller named below and the rights to which you are entitled under the provisions of data protection law.

Responsible data controller

The company responsible for data processing is

Talanx AG
HDI-Platz 1
30659 Hanover
Phone: +49 511 3747-0, Fax: +49 511 3747-2525

You can contact the responsible data protection officer by post using the aforementioned address (please add the address line

- Data Protection Officer / Group Legal - Data Protection - )

or by e-mail at:

Legal bases and purposes of data processing

Insurance companies may cede a portion of their risks from insurance contracts to reinsurers in order to actively manage their insured portfolio and to be in a position to meet their obligations to indemnify under the insurance relationships at any time. For the proper establishment, performance or termination of the reinsurance contract, we generally only receive anonymised data from your insurer. If anonymised data is not sufficient for the aforementioned purposes, we receive data from the insurance application or relationship in pseudonymised form.

We primarily only receive your personal data insofar as this is necessary for the reinsurance. This may occur in particular for the following reasons:

  • independent underwriting or claims management in the case of, for example, large contract amounts or a risk that is difficult to assess in an individual case
  • evaluation of portfolio lists to determine any accumulation risks,
  • verification of the obligation to indemnify your insurer or random or case-by-case control of the underwriting and claims management by the primary insurer,
  • supporting your insurers in risk and claims assessment as well as in the evaluation of process flows.

The legal basis for this processing of personal data for the aforementioned purposes is Art. 6 (1) b) GDPR, insofar as the processing is necessary for the initiation, fulfilment or settlement of a contractual relationship with you. This also includes the constellation in which the conclusion of the reinsurance contract is required for the conclusion or performance of your insurance contract with another insurer. If the processing is carried out so that your insurer can comply with supervisory requirements or assure you of its performance capability by concluding a reinsurance contract with you or so that we can carry out internal statistical analyses, the legal basis is Art. 6 Para. 1 f) GDPR, possibly in conjunction with Art. 6 Para. 4 GDPR. If you have otherwise consented to data processing, the legal basis is Art. 6 para. 1 a) GDPR. If special categories of personal data (e.g. your health data when concluding a life insurance contract) are required for this purpose, your insurer will generally obtain your consent in accordance with Art. 9 Para. 2 a) in conjunction with Art. 7 GDPR. If we compile statistics with these data categories, this is done on the basis of Art. 9 para. 2 j) GDPR in conjunction with § 27 BDSG or Art. 5 para. 1 b) in conjunction with Art. 6 para. 4 GDPR.

We also process your data to protect our legitimate interests or those of third parties (Art. 6 para. 1 f) GDPR). This may be necessary in particular:

  • in order to ensure IT security and IT operations
  • in connection with the use of professional service providers for our support, especially in the areas of IT, communication analysis, marketing, and event technology
  • to meet regulatory requirements

In addition, we process your personal data to comply with legal requirements, such as supervisory standards, commercial and tax retention obligations or the comparison of your data with so-called sanctions lists in order to comply with anti-terrorism legislation (e.g. Regulation (EC) 2580/2001). In this case, the legal basis for the processing is the respective legal regulations in conjunction with Art. 6 (1) c) GDPR.

If we intend to process your personal data for a purpose not mentioned above, we will inform you in advance within the scope of the legal provisions.

Categories of personal data

Essentially, the following data and data categories are collected, processed and used:

  • Master data
  • Insurance policy data
  • Claims data
  • Billing and benefit data

Categories of recipients of personal data

In order to fulfil our contractual and legal obligations, we partly use external service providers of the following categories:

  • Surveyors / medical experts for the preparation of expert opinions for underwriting and claims management
  • IT service providers for maintenance, operation and protection of data, systems and applications ("on premise" as well as cloud-based), data recovery as well as destruction of data media
  • Software providers and service providers, e.g. for office, communication, CRM, marketing and analytics purposes
  • Service providers to support application and portfolio processing such as translators, audit service providers, service providers for storage and destruction of files

In addition, we may transfer your personal data to other recipients in individual cases. These include, for example, authorities for the fulfilment of statutory notification obligations or other reinsurers to whom we transfer risks (retrocessionaires).

Data transfer to a third country

If we transfer personal data to companies/service providers and/or authorities outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. mandatory internal corporate data protection regulations or EU standard contract wordings) are in place. You can request detailed information on this and on the level of data protection at our service providers in third countries using the contact information above.

Sources of your data

Your data will be passed on to us by your insurer within the framework of the above-mentioned purposes.

Automated individual case decisions including profiling

Automated individual case decisions including profiling are not performed.

Duration of data storage

We delete your personal data as soon as it is no longer required for the aforementioned purposes. In this context, it is necessary for the defence of claims that personal data be retained for the period in which claims can be asserted against the responsible party/ies. Here, the retention period depends on contractual and/or statutory limitation periods and the respective corresponding limitation requirements. In addition, we store your personal data for the period in which we are legally obliged to do so. Corresponding obligations to provide proof and to retain data result from the German Commercial Code and the German Fiscal Code, among other things. We also delete your data if you exercise your right of revocation or objection, if this is relevant.

Data subjects' rights

You can request information about the data stored about you at the aforementioned address. Under certain conditions, you can also request the correction or deletion of your data. You may also have the right to restrict the processing of your data and to have the data that you made available provided to you in a structured, commonly used and machine-readable format.

Right of objection

If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

Right of appeal

You have the option of contacting the above-mentioned data protection officers or a data protection supervisory authority with a complaint. The data protection supervisory authority responsible for the data controllers is the Data Protection Commissioner for Lower Saxony:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hanover

PDF Download