Data Privacy Statement in connection with your use of our website and online services
In the following we provide you with specific information in connection with your use of our website, corporate presence in social media and online collaboration tools. In addition, we would refer to our General Data Privacy Statement pursuant to Articles 13 and 14 EU General Data Protection Regulation (GDPR).
1. Responsible data controller / Contact information for the Data Protection Officer
Hannover Rück SE
Phone +49 511 5604-0
Fax +49 511 5604-1188
Our Data Protection Officer can be reached by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox at firstname.lastname@example.org.
2. Purposes and legal bases of data processing
Data processing operations in connection with our website are intended primarily to enable you to visit our website without encountering any problems and are also carried out for purposes of IT security and Web analytics.
Insofar as you have consented to data processing, the legal basis of the respective data processing operations is Art. 6 (1) a) GDPR (consent).
We would additionally make reference to Art. 6 (1) f) GDPR (legitimate interest) as a legal basis. It is our legitimate interest to process such data that are necessary during your visit for the smooth operation of our website and for purposes of IT security. Further information on the purposes and legal bases of individual data processing operations is provided in the corresponding sections below.
The following connection and device data of visitors to our website is processed using cookies and Web analytics:
- IP address
- Date and time of the request
- Time zone difference relative to Greenwich Mean Time (GMT)
- Access status / HTTP status code
- Volume of data transferred
- Operating system and its user interface, language and version of browser software
Cookies are small files that we send through your Web browser to your computer's hard drive and which we can read during your current visit to our webpages and upon subsequent visits.
You can prevent cookies being saved by setting your browser software accordingly; in this case, however, you may not be able to use all the functions of this website.
We use the following technical cookies without your explicit consent because they are necessary for the proper functioning of our website:
- legal notices accepted: Remembers the pages for which you have accepted any preceding legal notices.
- form ID cookie: Stores a random, variable and untraceable ID number in order to be able to distinguish actual visitors from bots when forms are submitted.
- function cookies for stock and bond charts, the contents of which are supplied by external service providers and integrated into our website.
If you have activated cookies for website analysis, we use Siteimprove Analytics on this website, a web analysis service of Siteimprove GmbH, Kurfürstendamm 56, 10707 Berlin, Germany. We use Siteimprove Analytics to analyse website use by users in order to monitor the functionality of our websites (e.g. accessibility of our texts, functionality of links, etc.) and to provide our visitors with the most pleasant and useful experience possible. For example, your anonymised IP address, the URL visited, page title, length of stay and other statistical data are temporarily collected, which are used exclusively for quality checks. Their evaluation helps us to continuously improve our services for you.
We make use of services offered by external service providers in connection with the HTML Annual Report and the Applicants' Portal. In both cases, further cookies are placed on your computer when accessing the HTML Annual Report or upon registering with the Applicants' Portal. These areas are, however, subject to separate Data Privacy Statements of which you will be informed when making use of the respective service offer.
4. Source, collection and processing of your data
Only personal data technically transmitted to us by you in the context of your visit to our website is processed in connection with the operation of our website.
We collect your data in various ways:
Access data and server log files
In order to technically optimise the utilisation of our website, we require information about which technical tools are used to access which of our webpages. We store this data in so-called server log files. Unless otherwise required by law, the storage period is 12 months. The data does not include any personal information.
Subscription to our e-mail notification service
If you are a subscriber to our Notification Service, you receive e-mail notifications of the latest press releases that you can access under www.hannover-rueck.de or www.hannover-re.com. We use the data provided by you for this purpose solely for sending our e-mail notifications. You may choose to stop receiving these notifications at any time by sending an e-mail to email@example.com. In addition, each e-mail notification contains a link via which you can cancel the receipt of these e-mails.
Direct inquiries using contact forms or via e-mail
Inquiries that we receive via contact or order forms or which you send directly to a contact person at the Hannover Re Group are forwarded as necessary by us internally within the Group to the relevant responsible area.
In view of our global presence, the responsible area may be located outside the European Economic Area (EEA). In this case too, however, your data is used solely to respond to your particular inquiry and in accordance with the relevant applicable statutory provisions. In this respect, our binding corporate rules safeguard the necessary level of data privacy also in connection with such data transfers.
All data that you transmit using the e-mail form on our website is encrypted to protect it against misuse by third parties. We currently use TLS (Transport Layer Security (formerly SSL, Secure Sockets Layer)) encryption as recommended by the Federal Office for Information Security (BSI). We cannot, however, guarantee the security of data transmitted to us over the Internet.
5. Third-party contents and technologies, social media
You also have the possibility to follow us on YouTube, XING and LinkedIn. For information about the purpose and scope of data collection and the further processing and use of the data by the respective social network as well as your rights and setting options to protect your private sphere, please consult the data privacy statements / notices of the relevant social network, for which we have provided corresponding links below:
6. Use of videoconferencing and collaboration tools
We use the videoconferencing and collaboration apps Microsoft Teams and Cisco Webex Teams for online collaboration within the Hannover Re Group and with external guests.
Purposes of data processing
- Holding online meetings, conferences and webinars (video, audio, chat)
- Communication (video, audio, chat) between individual persons or within internal company groups or with external mixed groups (e.g. project teams, departments or areas)
- Project work, sharing and collaborative editing of documents and other materials between individual persons or within internal company groups or with external mixed groups (e.g. project teams, departments or areas)
- Conducting job interviews
- Instructional and training measures
- Documentation, logging and recording of the aforementioned activities
The following personal data is processed
- Information about the user: e.g. forename, surname, e-mail address, potentially phone number, profile picture and more specific function information, language preference
- Meeting metadata: e.g. subject, description and more detailed information, IP addresses of the participants, device/hardware information, potentially information about the browser used or phone number depending on the type of dial-in.
- Text, audio and video data: depending on the type of dial-in, you have the option to use various functions in an online meeting (e.g. chat, screen sharing, file upload). All processing operations involving personal data associated with your interactions (e.g. input of texts in the course of a chat, upload and sharing of files) are processed in the context of the online meeting and potentially also for log purposes. In order to facilitate the display of video and the reproduction of audio, data about your microphone / webcam is collected accordingly for the duration of the meeting. Before joining a meeting, you have the opportunity to verify the status of the microphone and webcam on your terminal device and, as appropriate, to deactivate them if you do not wish to transfer any data in this regard.
- When the recording function is used: video and audio files of meetings (including presentation contents as well as all shared screen content), text file of the online meeting chat record. If recordings are made, this is transparently notified beforehand and – where necessary – consent is requested.
- When dialling in by phone: specification of the incoming and outgoing call number, country name, start and end time. Other connection data such as the IP address of the device may also be stored.
- When apps are used (Microsoft Teams): numerous apps are available to you, most of them provided by Microsoft. In isolated cases apps from third-party providers are also available and may be used.
Legal bases of data processing
- With regard to the processing of our employees' personal data, the legal basis of processing is Section 26 (1) Sentence 1 BDSG in conjunction with Art. 88 GDPR. If, in exceptional cases – such as when the recording function is used –, employees consent to the respective processing, the legal basis is Art. 6 (1) a) GDPR in conjunction with Art. 7 GDPR. Should processing not be necessary for establishing, implementing or terminating the employment relationship, but nevertheless constitute a fundamental integral component in the use of the applications, Art. 6 (1) f) GDPR is the legal basis for data processing. Our legitimate interest in these cases is in the effective conduct of online meetings.
- If online meetings are held in the context of contractual relationships, the legal basis is Art. 6 (1) letter b) GDPR.
- With regard to the processing of personal data of other participating data subjects (e.g. external consultants and cooperation partners), the legal basis of processing is Art. 6 (1) f) GDPR. It is our legitimate interest to process such data that is necessary for the technical maintenance of services and communication and for the traceable sharing of content for purposes of collaboration or that was made available to us by the participants for this purpose. If, in exceptional cases – such as when the recording function is used –, participants consent to the respective processing, the legal basis is Art. 6 (1) a) GDPR in conjunction with Art. 7 GDPR.
Categories of recipients of personal data and further information on data protection
The providers of the online collaboration platforms, the providers of the apps made available on these platforms as well as the external participants / cooperation partners are recipients of the personal data used through these services and/or shared with them.
- Further information on data privacy from Microsoft on Teams: https://docs.microsoft.com/de-de/microsoftteams/security-compliance-overview
- Further information on data privacy from Cisco on Webex Teams: https://help.webex.com/de-de/nv2hm53/Cisco-Webex-Security-and-Privacy
7. Period of data storage
The connection and device data is stored in log files for a period of 12 months. It may otherwise be noted that we erase your personal data as soon as they are no longer required for the aforementioned purposes. It may occur that personal data is stored for the period in which claims can be asserted against our company (statutory limitation period of three or up to thirty years). In addition, we store your personal data to the extent required by law.
8. Data transfer to a third country
If we transfer personal data to companies / service providers and/or authorities outside the European Economic Area (EEA), such transfer will only take place if the third country has been confirmed by the European Commission as having an appropriate level of data protection or if other appropriate data protection guarantees (e.g. mandatory internal corporate data protection rules or EU standard contract wordings) are in place. Detailed information in this regard and concerning the level of data protection at our service providers in third countries can be requested from the aforementioned contact information.
9. Automated decision-making and profiling
We process your data on a partially automated basis in order to support our employees' decision-making in certain situations. Should we fully automate these operations in the future we shall inform you accordingly in advance in order to enable you to exercise your rights.
10. Rights of data subjects
You can request information about the data stored on your person from the aforementioned address. Under certain conditions, you can also request that your data be rectified or erased. You may also have the right to restrict the processing of your data and to have the data that you made available provided to you in a structured, commonly used and machine-readable format. Consent that has been given may be withdrawn at any time with future effect.