With this information, we would like to inform you as an insurance customer or involved party about the processing of your personal data by HanseMerkur and the rights to which you are entitled under data protection law.
HanseMerkur Reiseversicherung AG
Telephone: 040 4119 - 1919
Fax: 040 4119 - 3040
The data protection officer of the data controller is:
Mr. Niklas Geldszus
Please use the above address to contact us or send an email to:
Purposes and legal bases of data processing
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the provisions of the Insurance Contract Act (VVG) relevant to data protection law and all other relevant laws. Furthermore, our company has committed to the rules of conduct for the handling of personal data established by the German insurance industry, which specify the above-mentioned laws for the insurance industry.
If you file an application for insurance cover, we require the information provided by you for the conclusion of the contract and to assess the risk to be assumed by us. If the insurance contract is concluded, we process this data to implement the contractual relationship, e.g. for issuing the policy or for invoicing. We need information about the claim, for example, to check whether an insured event occurred and to assess the amount of damage.
The conclusion and/or the execution of the insurance contract is not possible without processing your personal data.
In addition, we require your personal data to compile insurance statistics, e.g. to develop new tariffs or to comply with regulatory requirements. We use the data from all existing contracts with HanseMerkur to analyse the customer relationship as a whole, to provide for example advice on contract adjustment or supplementation, to make goodwill decisions, or to share comprehensive information.
The legal basis for this processing of personal data for pre-contractual and contractual purposes is Art. 6 (1) b) GDPR. If special categories of personal data (e.g. your health data when concluding a health insurance contract) are required for this purpose, we obtain your consent in accordance with Art. 9 (2) lit. a in conjunction with Art. 7 GDPR. For this purpose, we provide you with the declaration as a sample.
If we compile statistics with these data categories, this is done on the basis of Art. 9 (2) lit. j GDPR in conjunction with Section 27 German Federal Data Protection Act (BDSG).
We also process your data in order to safeguard our legitimate interests or those of third parties (Art. 6(1) lit. f GDPR). This can be necessary in particular:
- to ensure IT security and IT operations,
- for advertising our own insurance products and other products of the companies of the HanseMerkur Group and of cooperation partners, as well as for market and opinion surveys,
- to prevent and investigate criminal offences; in particular, we use data analyses to identify clues that could point towards insurance fraud.
In addition, we process your personal data to fulfil legal obligations such as regulatory requirements, commercial and tax retention obligations or our duty to provide advice. The respective statutory provisions in conjunction with Article 6 (1) lit. c GDPR constitute the legal basis for processing in this case.
If we should wish to process your personal data for a reason not given above, we will inform you of this beforehand pursuant to the statutory provisions.
Categories of personal data recipient
We also insure risks assumed by us with special insurance companies (reinsurers). For this purpose, it may be necessary to transmit your contract and, if applicable, claims data to a reinsurer so that they can form their own picture of the risk or the insured event. It is also possible that the reinsurer will support our company based on its expertise in assessing the risk and the eligibility for benefits, and in the evaluation of procedures. We only transfer your data to the reinsurer if this is necessary for the performance of our insurance contract with you or to the extent required to protect our legitimate interests.
Insofar as you are looked after by an intermediary with regard to your insurance contracts, your intermediary processes the application, contract and claims data required for the conclusion and implementation of the contract. We will provide the insurance intermediary with your personal data to the extent that the intermediary needs this information to provide you with assistance and advice in insurance or financial services-related matters.
Data processing in the group of companies:
Specialised companies or divisions of our group of companies perform certain data processing tasks centrally for the companies affiliated in the group. If there is an insurance contract between you and one or more companies of our group, your data can be processed, for instance, for the central administration of address data, for telephone customer service, for contract and benefits handling, for collections and disbursements or for joint processing of the mail in centralised form by a company of the group. In our service provider list, you will find the companies that participate in centralised data processing.
External service providers
To fulfil our contractual and legal obligations, the individual companies of the HanseMerkur Insurance Group (HanseMerkur Krankenversicherung auf Gegenseitigkeit, HanseMerkur Krankenversicherung AG, HanseMerkur Lebensversicherung AG, HanseMerkur Allgemeine Versicherung AG, HanseMerkur Reiseversicherung AG, HanseMerkur Speziale Krankenversicherung AG) – hereinafter referred to as HanseMerkur – currently work as and when needed with service providers (companies/individuals) using health data and other data protected under Article 203 of the German Criminal Code (StGB). A list of the contractors and service providers we use with whom we have more than temporary business relationships can be found in the table:
H.B.C. Hanse Betreuungscenter GmbH
Telephone customer service
Roland Assistance GmbH
call us Assistance International GmbH
|IMA Deutschland GmbH|
MD Medicus Assistance Service GmbH
Insurance Warehouse Gesellschaft für Finanzdienstleistungen GmbH
Portfolio management in the area of travel insurance
German Assistance Service GmbH
PAV Card GmbH
Printing and inserting services
DCM Digital Claim Management GmbH and its appointed contract lawyers
Recourse handling within the scope of travel insurance
Self Service Portal / Online Claims Notification
AWS (Amazon Web Services)
Service for converting the data (insurance policy) into an appropriate Apple/Google format for storage at the user's premises
We will be happy to provide you with the full contact details on request.
In addition, HanseMerkur also works with the following bodies as required, which collect, process and use health data and other data protected under Section 203 of the German Criminal Code (StGB):
In addition, we may transmit your personal data to further recipients, such as authorities in order to meet statutory disclosure requirements (e.g. social insurance agencies, financial authorities or law enforcement authorities).
Duration of data storage
We will delete your personal data as soon as it is no longer required for the above-mentioned purposes. In this context, personal data may be retained for the time during which claims may be asserted against our company (statutory limitation period of 3 or up to 30 years). Moreover, we save your personal data if we are obligated to do so by law. Corresponding obligations to provide supporting documents as well as retention requirements arise, in particular, from the German Commercial Code (HGB), the Tax Code (AO) and the Anti-Money Laundering Act (GwG). The storage periods are then up to 10 years.
Data subjects' rights
You can request information about the data stored about you at the above address. Furthermore, under certain conditions, you may also request that your data be rectified or erased. You may also have a right to restrict the processing of your data and a right to receive the data you have provided in a structured, commonly used and machine-readable format.
Right of objection
You have the right to object to the processing of your personal data for direct advertising purposes. If we process your data to safeguard justified interests, you can object to this processing if reasons result from your special situation that argues against data processing.
Right to lodge a complaint
You have the option of filing an appeal with the data protection officer named above or with a data protection supervisory authority. The data protection supervisory authority responsible for us is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Data transfer to a third country
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will take place only if the third country is deemed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal data protection rules, or EU standard contractual clauses) have been put in place.
Automated individual case decisions
On the basis of the information you provide about the risk, which we ask you about when you apply, we make a fully automated decision, for example, about the conclusion of the insurance or the amount of the insurance premium you have to pay.
You have the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.