Privacy Policy
Controller
This privacy policy applies to the website www.hanse-marine.de. The operator of the website is:
Hanse-Marine-Versicherung AG
Grosser Grasbrook 10
20457 Hamburg
T: +49 40 37 09 10
F: +49 40 37 09 11 09
info@hanse-marine.de
Introduction
This privacy policy is intended to provide you with information about the way we handle your personal data when you visit our website. Further information about what data concerning you we process and why if you contact us “off-line” can also be found on this website. In the following you will find general information in respect of our data protection and the information in accordance with Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR).
Information in accordance with Art. 13 GDPR Customers
Information in accordance with Art. 13 GDPR Reinsurers, agents and brokers
Information in accordance with Art. 13 GDPR Service providers and suppliers
Information in accordance with Art. 13 GDPR Personal data, applications
Your rights in relation to your data are set out at the end of this privacy policy. These apply to all data processing specified in this policy, irrespective of whether or not this in on the website.
Data processing on this website
The following generally applies: You can use this website without us knowing your identity or trying to gain knowledge of your identity. The personal data (the “digital tracks”) that are left when visiting a website do not only include any data provided in contact forms such as name and address, but also IP addresses. Personal data are all information that directly identify a person or that make a person identifiable by reference to other features. “Personal data” is referred to as “data” throughout this text.
IP Adresses
An IP address is the number for a device (laptop, tablet, smartphone etc.) that allows the respective device to be identified on the internet. This means that the IP address of the computer accessing the website must be known when moving between websites on the internet. However, we do not know the identity of the respective user and we also do not attempt to gain knowledge of their identity. IP addresses are collected on this website for security-related assessments and are deleted after one year.
If you access our website www.hanse-marine.de, your browser automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. Your full IP address is not collected or stored by us. This address is collected / stored exclusively in a truncated and therefore anonymised form.
The following information is collected when accessing our website without any further action on your part and is erased after one year:
- Date and time of access;
- Name and URL of the accessed website;
- Website from which the request originated (referrer URL);
- Browser used and, if applicable, your computer’s operating system and the name of your access provider.
We need these data because:
- the smooth establishment of a connection to the website must be ensured.
- system security and stability needs to be assessed and monitored.
- various other administrative purposes are handled in this way.
Sentence 1 of Art. 6 (1) (f) GDPR allows us to collect your data for these purposes (legal basis). Our legitimate interest is based on the purposes for data collection listed above.
We also use so-called cookies and other services when you visit our website. You can find more details about this below under “Cookies“.
If you send us an email, we store your contact data and the content of the email and use them to process your query. Please note that an unencrypted email is not sufficiently protected from third parties gaining knowledge of, making changes to or erasing such data. If you do not wish to take this risk, please contact us by telephone.
Legal basis: Art. 6 (1) (b) and Art. 6 (1) (f). Our legitimate interest in processing your data is to provide you the opportunity to contact us via email.
For compliance purposes, your data remain stored in a restricted access archive in our system for 6 years to 30 years.
Data Transfer
Your data may be transferred if:
- you have given your express consent for this (sentence 1 of Art. 6 (1) (a) GDPR).
- such transfer is necessary for us because we wish to assert legal claims and we have no reason to assume that you have an overriding interest that requires your data not being transferred (sentence 1 of Art. 6 (1) (f) GDPR).
- we are obliged by law to transfer your data (sentence 1 of Art. 6 (1) (c) GDPR).
- you have chosen a payment method that requires the essential data to be transferred to an external payment service provider.
- we are obliged by law to carry out a check on any existing embargoes and sanctions.
Cookies
We use cookies on our website. These are small files that your browser creates automatically and that are stored on your device (laptop, tablet, smartphone etc.) when you visit our website. Information is placed in the cookie that allows us to see how you browse our website and therefore to make continual improvements to the quality of our website. However, this does not mean that we obtain direct knowledge of your identity in this way. We use so-called session cookies for this purpose. These are deleted automatically when you leave our website.
The data processed by cookies are necessary for the specified purposes of protecting our legitimate interests and those of third parties in accordance with sentence 1 of Art. 6 (1) (f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notice is always displayed before a new cookie is placed. Please note that deactivating cookies completely may result in you not being able to use all functions of our website.
Data Protection Officer
Due to the fact the we employ less than 10 people, we are not legally obliged to appointed a company data protection officer. The point of contact for data protection issue is:
Herr Gösta Dosse (Vorstand)
Großer Grasbrook 10, 20457 Hamburg
E-Mail: info@hanse-marine.de
Information in accordance with Art. 13 and Art. 14 GDPR
Information in accordance with Art. 13 and Art. 14 GDPR - customers
Here you will find information in accordance with Art. 13 GDPR regarding how we handle your data if you are in a business relationship with us or are interested in entering into a business relationship with us. This may be the case if you conclude an insurance contract with us or if we handle a claim for you.
Controller
Purpose of data processing
- Performing insurance contracts
- Handling claims and investigating claims
- Complying with tax and company law obligations
- Complying with supervisory obligations
- Sales and marketing activities
Legal basis for the data processing
Art. 6 (1) (b) GDPR (contract, pre-contractual measures, taking steps at the request of the data subject)
Art. 6 (1) (c) GDPR (compliance with a legal obligation by the controller)
Art. 6 (1) (a) GDPR (consent of the data subject)
The controller’s legitimate interest
Not applicable.
Why do we need your data? (“Background for the provision of data”)
If you wish to conclude an insurance contract with us or we wish to broker insurance cover for you, we need not only your contact data, but also information about your personal circumstances. This is the only way in which we can provide you with a tailored offer and guarantee that it is the best for you. The same applies if we need to handle a claim for you. We also need a wide range of information in this case in order to be able to make the right decision for you.
Do we collect information about you from sources other than directly from you?
Due to the fact that our business is produced solely through insurance agents, we collect your data in relation to your insurance from insurance agents. In connection with the settlement of a claim, we may refer to information from experts and consultants.
If there is any suspicion of insurance fraud, we may obtain data about you from other sources and not directly from you. These other sources include e.g. the police, witnesses or information about you that is publicly available (social networks, websites).
In individual cases, we may obtain a credit report on our customers for risk assessment and risk protection purposes.
Recipients of the data:
- Internal departments
- Pantaenius Group companies
- Reinsurance companies
- Insurance brokers
- Insurance agents
- Financing companies / financing agents
- Auditors and IT service providers
- Loss adjusters and lawyers
- Courts and prosecution offices
- Supervisory authorities
Transfers to countries outside of the European Union
Depending on the place where the loss occurred and if necessary for handling a claim, we may transfer your data to countries outside of the European Union.
Period of storage
We store your data for as long as you have an insurance contract with us. At the end of a business relationship, we are subject to various national and international laws regarding the further retention of your data. We are currently developing an erasure concept allowing a systematic erasure of personal data.
Your rights in relation to your data
Please see below.
Information in accordance with Art. 13 GDPR: Reinsurers, agents and brokers
Here you will find information about how we handle your data if you work with us as an reinsurer, agent or broker.
Controller
Purpose of data processing
- Performing reinsurance treaties
- Performing insurance contracts
- Complying with tax and commercial law obligations
- Sales activities
- Performing bilateral contracts with insurance agents
- Complying with obligations imposed by supervisory authorities
Legal basis for the data processing
Art. 6 (1) (b) GDPR (contract, pre-contractual measures, taking steps at the request of the data subject)
Art. 6 (1) (c) GDPR (compliance with a legal obligation by the controller)
Art. 6 (1) (a) GDPR (consent)
The controller’s legitimate interest
Not applicable.
Recipients of the data
- Internal departments
- Pantaenius Group companies
- Auditors and IT service providers
- Courts and prosecution offices
- Supervisory authorities (BaFin)
Transfers to countries outside the European Union
We do not transfer any data to countries outside of the EU.
Period of storage
We store your data for as long as our business relationship with you as a reinsurer, agent or broker exists. At the end of a business relationship, we are subject to various national and international laws regarding the further retention of your data. We are currently developing an erasure concept allowing the systematic erasure of personal data.
Your rights in relation to your data
Please see below.
Information in accordance with Art. 13 and Art. 14 GDPR: Service providers and suppliers
Here you will find information about how we handle your data if you work with us as a service provider or supplier.
Controller
Purpose of data processing
- Providing all kinds of Services
- Particularly providing services in the field of IT
Legal basis for the data processing
Art. 6 (1) (b) GDPR (contract, pre-contractual measures, taking steps at the request of the data subject)
Art. 6 (1) (c) GDPR (compliance with a legal obligation by the controller)
The controller’s legitimate interest
Not applicable.
Recipients of the data
- Internal departments
Transfers to countries outside the European Union
We do not transfer any data to countries outside of the EU.
Period of storage
We store your data for as long as our contractual relationship with you exists. At the end of a business relationship, we are subject to various national and international laws regarding the further retention of your data. We are currently developing an erasure concept allowing the systematic erasure of personal data.
Your rights in relation to your data
Please see below.
Information in accordance with Art. 13 GDPR: Employee data, applications
Here you can find information about how we handle your data if you work for us or apply for a position with us.
Controller
Purpose of data processing
- Managing the employment relationship
- Conducting the application process
Legal basis for the data processing
§ 26 of the German Federal Data Protection Act (BDSG) in the version dated 5 July 2017.
Do we collect information about you from sources other than directly from you?
In relation to the regulatory burden of proof regarding the professional qualifications and personal repute (fit & proper requirements in accordance with Article 42 of the Solvency II Directive) of specific managers, information is collected from the following entities:
- Credit report (e.g. Schufa in Germany)
- Authorities (certificate of good conduct and excerpt from the commercial central register)
Recipients of the data
We only process employee data and applicants’ data within the Pantaenius Group. Only the personnel department employees and the executive board of the Hanse-Marine-Versicherung AG have access to this data.
Transfers to countries outside the European Union
We do not transfer any data to countries outside of the EU.
Period of storage
Employee data: We store your employee data for 10 years after the end of your employment relationship with us. We are obliged to do this by tax and commercial law provisions.
Applications: We store your data for as long as the application process continues. If we do not employ you, we will store your documents for a further 6 months after you have received notice of rejection. They are destroyed after this period.
If we do not employ you but, on the basis of your documents, we believe that you may be appropriate for us at a later date, we will retain your application with your consent for a further 6 months.
Your rights in relation to your data
Please see below.
Your rights in relation to your data
In accordance with Art. 15 GDPR, you can obtain information as to whether or not we store any personal data concerning you. If we store data concerning you, you have the right to obtain information regarding a range of further points relating to how we handle your data, such as which data we store, the reason we process them and how long they are stored.
If we have inaccurate or incomplete data concerning you, you can request that we rectify such data (Art. 16 GDPR).
You can also request the erasure of your data (Art. 17 GDPR). However, there may be reasons for which we are not permitted or not required to erase your data. These reasons are set out by law. If you request us to erase your data, we will check whether any such exceptions apply. If not, we will erase your data. The alternative to erasing your data is the restriction of processing your personal data in certain cases (Art. 18 GDPR). Let us know how you wish to proceed and we will check the statutory provisions to find a way that suits both your and our interests.
Art. 20 GDPR provides that, in certain circumstances, we must provide you with your personal data in a structured, commonly used and machine-readable format if you so request.
We have referred to our “legitimate interests” allowing us to process your data a few times in this privacy policy. If we process your data on the basis of our “legitimate interests”, you can object to such data processing (Art. 21 GDPR). To object, the above provision requires you to provide grounds “relating to your particular situation”.
If you wish to assert these rights, an email to info@hanse-marine.de will suffice. Please be aware that we then need to verify your identity to ensure that we do actually only send information regarding your data or your data itself to you. After the identity check, we will deal with your request and contact you without delay.
If you believe that we do not comply with the data protection provisions regarding the processing of your data on this website, you can complain to a data protection supervisory authority. You can find a list of competent data protection supervisory authorities in Germany here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html>
Version of this privacy policy: June 2018
This data protection information is updated regularly.