By means of this statement we are informing you (in particular as policyholders, contracting parties, injured parties and claimants, beneficiaries of our customers, negotiating partners, brokers, interested parties, investors, suppliers, service providers, lessees, guests, other visitors, participants in an (online) event as well as contact persons for the aforementioned groups) about the processing of your personal data that we, as Hannover Rück SE, have received directly and/or indirectly and about the rights to which you are entitled under data privacy law.
We would further ask you to bear in mind our additional data privacy statements on our website under "Data privacy", including those for shareholders, in connection with the use of our website and online services and with regard to video surveillance.
In specific cases we also provide information in accordance with international data privacy laws, such as the California Consumer Privacy Act (CCPA). These data privacy notices can be found on our website with respect to the relevant worldwide locations of our corporate group.
Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover
Tel. +49 511 5604-0
Fax +49 511 5604-1188
www.hannover-re.com
You can reach our Data Protection Officer by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox at privacy[at]hannover-re.com.
We process your personal data in conformity with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz "BDSG") and all other relevant laws.
Insurance undertakings may pass on part of their risks from insurance contracts to reinsurers in order to actively manage their insured portfolio and so as to be able to fulfil their obligations to indemnify under the insurance relationships at all times. For the purpose of properly establishing, implementing or terminating a reinsurance treaty, we normally receive from your insurer only anonymised data. Insofar as anonymous data do not suffice for the specified purposes, we receive the data from the insurance application or relationship in pseudonymised form.
We receive your personal data primarily only to the extent that this is necessary for the purposes of the reinsurance. In particular, this may occur for the following reasons:
Furthermore, we require your personal data for the compilation of insurance-specific statistics, for example for the development of new tariffs or for the fulfilment of supervisory requirements, in order to organise your visit to our premises as well as to issue invitations and facilitate your participation in our (online) events.
The legal basis for the processing of personal data for the aforementioned purposes is Art. 6 (1) b) GDPR, insofar as processing is necessary for the initiation, fulfilment or settlement of a contractual relationship with you. This also includes the constellation in which formation of the reinsurance treaty is necessary for materialisation or fulfilment of your insurance contract with another insurer. If processing occurs in order that your insurer can comply with supervisory requirements or assure you of its performance capability through formation of a reinsurance treaty or so that we can conduct internal statistical analyses, the legal basis is Art. 6 (1) f) GDPR, as appropriate in conjunction with Art. 6 (4) GDPR. If you have otherwise consented to data processing, the legal basis is Art. 6 (1) a) GDPR. Insofar as special categories of personal data (e.g. data concerning your health when taking out a life insurance contract) are required to this end, your insurer will as a matter of principle obtain your consent pursuant to Art. 9 (2) a) in conjunction with Art. 7 GDPR. If we compile statistics with these categories of data, this is done on the basis of Art. 9 (2) j) GDPR in conjunction with Section 27 BDSG or Art. 5 (1) b) in conjunction with Art. 6 (4) GDPR.
Further purposes for which personal data are processed include, most notably, for the administration of shareholders and members of bodies required by law or the articles of association, suppliers and service providers, interested parties / newsletter subscribers as well as for the offering of media services and real estate / building management and property security. These processing operations are conducted on the legal basis of Art. 6 (1) GDPR.
We also process your data in order to safeguard our legitimate interests or those of third parties Art. 17 (3) b), Art. 6 (1) f) GDPR). In particular, this can be necessary:
Above and beyond this, we process your personal data in order to fulfil legal requirements such as supervisory standards and retention obligations under commercial and tax law or the cross-checking of your data against so-called sanctions lists in order to comply with legal stipulations for combating terrorism (e.g. Council Regulation (EC) No. 2580/2001). In this case the relevant legal provisions in conjunction with Art. 6 (1) c) GDPR serve as the legal basis for such processing.
We process your personal data in accordance with the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz “LkSG”) for the r purpose of receiving, communicating and clarifying difficult cases of suspected violations of regulations, in particular violations of human rights or environmental obligations, as well as in the case of reports of possible violations of laws, internal guidelines or other grievances in the workplace in accordance with the Whistleblower Protection Act (Hinweisgeberschutzgesetz “HinSchG”).
If you visit us on our website, we process your data for this purpose on the legal basis of our legitimate interest in the necessary safety standards and to safeguard our rights of domicile, Art. 6 (1) f) GDPR, § 4 BDSG.
Should we wish to process your personal data for a purpose not specified above, we shall inform you in advance within the framework of the applicable legal provisions. Your personal data will not be sold, lent, rented or otherwise transferred to third parties without your consent.
As a general principle, your data are passed on to us by your insurer within the scope of the aforementioned purposes. In addition, we also make use of databases from third-party providers in conformity with legal provisions. Furthermore, we use data from publicly accessible sources, especially for the evaluation of large losses or for accumulation control.
Essentially, the following data and data categories are collected, processed and used:
In order to fulfil our contractual and legal obligations we utilise to some extent external service providers in the following categories:
In addition, we may transfer your personal data in specific cases to other recipients. These include, for example, public authorities in order to fulfil statutory duties of notification or other reinsurers to whom we transfer risks (retrocessionaires).
We erase your personal data as soon as they are no longer needed for the aforementioned purposes. In this context it may occur that personal data are stored for the period in which claims can be asserted against our company (statutory limitation period of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding documentation and retention duties derive from, among other things, the Commercial Code, the Fiscal Code and the Money Laundering Act. The retention periods under such laws are up to ten years.
If we transfer personal data to an undertaking/service provider and/or authorities outside the European Economic Area (EEA), the transfer only takes place if the European Commission has confirmed that the third country ensures an adequate level of data protection or other adequate data protection safeguards (e.g. mandatory internal corporate data protection rules or EU standard contract wordings) are in place. Detailed information in this regard and concerning the level of data protection at our service providers in third countries can be requested from the contact information specified above.
We process your data on a partially automated basis in order to support decision-making by our employees in certain situations. Should we fully automate these operations in the future, we shall inform you accordingly in advance so that you can safeguard your rights.
You may require information about the data stored on your person by contacting the address specified above. In addition, you may, under certain circumstances, require the rectification or erasure of your data. Furthermore, you may be entitled to a right to restrict the processing of your data as well as a right to be provided with the data made available by you in a structured, commonly used and machine-readable format. Consent that has been given may be withdrawn at any time with future effect.
If we process your data to protect legitimate interests, you may register your objection to this processing with our Data Protection Officer at the aforementioned address if there are reasons associated with your particular situation that oppose such data processing. We shall then no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing which outweigh your interests, rights and freedoms, or if the intention of processing is to assert, exercise or defend legal claims.
You have the option to complain to the Data Protection Officer specified under Item 1 or a responsible data protection supervisory authority.
The data protection supervisory authority responsible for our company is the Data Protection Commissioner for the State of Lower Saxony:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: poststelle@lfd.niedersachsen.de
Insofar as country-specific peculiarities need to be observed for the processing of your data, you will find them in the country-specific sections of our website.
We reserve the right to modify these data privacy rules at any time within the limits set by applicable laws.
Information as of November 2024