With this statement, we would like to inform you about the collection and processing of your personal data by the data controller named below and the rights to which you are entitled under the provisions of data protection law.
Responsible data controller
The company responsible for data processing is
Phone: +49 511 3747-0, Fax: +49 511 3747-2525
You can contact the responsible data protection officer by post using the aforementioned address (please add the address line
- Data Protection Officer / Group Legal - Data Protection - )
or by e-mail at: firstname.lastname@example.org
Legal bases and purposes of data processing
Insurance companies may cede a portion of their risks from insurance contracts to reinsurers in order to actively manage their insured portfolio and to be in a position to meet their obligations to indemnify under the insurance relationships at any time. For the proper establishment, performance or termination of the reinsurance contract, we generally only receive anonymised data from your insurer. If anonymised data is not sufficient for the aforementioned purposes, we receive data from the insurance application or relationship in pseudonymised form.
We primarily only receive your personal data insofar as this is necessary for the reinsurance. This may occur in particular for the following reasons:
The legal basis for this processing of personal data for the aforementioned purposes is Art. 6 (1) b) GDPR, insofar as the processing is necessary for the initiation, fulfilment or settlement of a contractual relationship with you. This also includes the constellation in which the conclusion of the reinsurance contract is required for the conclusion or performance of your insurance contract with another insurer. If the processing is carried out so that your insurer can comply with supervisory requirements or assure you of its performance capability by concluding a reinsurance contract with you or so that we can carry out internal statistical analyses, the legal basis is Art. 6 Para. 1 f) GDPR, possibly in conjunction with Art. 6 Para. 4 GDPR. If you have otherwise consented to data processing, the legal basis is Art. 6 para. 1 a) GDPR. If special categories of personal data (e.g. your health data when concluding a life insurance contract) are required for this purpose, your insurer will generally obtain your consent in accordance with Art. 9 Para. 2 a) in conjunction with Art. 7 GDPR. If we compile statistics with these data categories, this is done on the basis of Art. 9 para. 2 j) GDPR in conjunction with § 27 BDSG or Art. 5 para. 1 b) in conjunction with Art. 6 para. 4 GDPR.
We also process your data to protect our legitimate interests or those of third parties (Art. 6 para. 1 f) GDPR). This may be necessary in particular:
In addition, we process your personal data to comply with legal requirements, such as supervisory standards, commercial and tax retention obligations or the comparison of your data with so-called sanctions lists in order to comply with anti-terrorism legislation (e.g. Regulation (EC) 2580/2001). In this case, the legal basis for the processing is the respective legal regulations in conjunction with Art. 6 (1) c) GDPR.
If we intend to process your personal data for a purpose not mentioned above, we will inform you in advance within the scope of the legal provisions.
Categories of personal data
Essentially, the following data and data categories are collected, processed and used:
Categories of recipients of personal data
In order to fulfil our contractual and legal obligations, we partly use external service providers of the following categories:
In addition, we may transfer your personal data to other recipients in individual cases. These include, for example, authorities for the fulfilment of statutory notification obligations or other reinsurers to whom we transfer risks (retrocessionaires).
Data transfer to a third country
If we transfer personal data to companies/service providers and/or authorities outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. mandatory internal corporate data protection regulations or EU standard contract wordings) are in place. You can request detailed information on this and on the level of data protection at our service providers in third countries using the contact information above.
Sources of your data
Your data will be passed on to us by your insurer within the framework of the above-mentioned purposes.
Automated individual case decisions including profiling
Automated individual case decisions including profiling are not performed.
Duration of data storage
We delete your personal data as soon as it is no longer required for the aforementioned purposes. In this context, it is necessary for the defence of claims that personal data be retained for the period in which claims can be asserted against the responsible party/ies. Here, the retention period depends on contractual and/or statutory limitation periods and the respective corresponding limitation requirements. In addition, we store your personal data for the period in which we are legally obliged to do so. Corresponding obligations to provide proof and to retain data result from the German Commercial Code and the German Fiscal Code, among other things. We also delete your data if you exercise your right of revocation or objection, if this is relevant.
Data subjects' rights
You can request information about the data stored about you at the aforementioned address. Under certain conditions, you can also request the correction or deletion of your data. You may also have the right to restrict the processing of your data and to have the data that you made available provided to you in a structured, commonly used and machine-readable format.
Right of objection
If we process your data to protect legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.
Right of appeal
You have the option of contacting the above-mentioned data protection officers or a data protection supervisory authority with a complaint. The data protection supervisory authority responsible for the data controllers is the Data Protection Commissioner for Lower Saxony:
Die Landesbeauftragte für den Datenschutz Niedersachsen