Data Protection Information

MSIG Insurance Europe AG (“MSIG”) would like to thank you for visiting our website and your interest in our products. The protection of your personal data is important to us and we would like you to feel safe when you visit our website. We comply with applicable data protection law, in particular the EU General Data Protection Directive (“GDPR”), German Federal Data Protection Act (“BDSG”) and German Telemedia Act (“TMG”).

In this data protection information we explain which information (including personal data) are processed by us in connection with your visit and use of our website.

  • Who is responsible for the processing of personal data?

    The controller responsible for the processing of personal data is MSIG Insurance Europe AG. You can contact us under the following contact information:

    An den Dominikanern 11-27
    D-50668 Cologne
    Telephone: +49 221 37991-0
    Fax: +49 221 37991-200
    E-Mail: info@msig-europe.com

    Any reference to “we” or “us” in this data protection information is a reference to the aforementioned entity.

    Our data protection officer may be contacted via the aforementioned means or via the following e-mail address:


  • Which principles do we observe?

    In compliance with applicable data protection law, we only process your personal data on the basis of a statutory authorization or if you have declared your consent. This also applies for the processing of personal data for marketing purposes.

    On this website we may collect information that does not allow us to draw any direct conclusions about your person. In certain cases – especially when combined with other data – this information can be considered as “personal data” under applicable data protection law. Furthermore, we may also collect information on this website that does not enable us to identify you, directly or indirectly. This is the case, for example, with aggregated information about all users of this website.

  • Which data do we process?

    You can access our website without entering personal data, e.g. such as your name, your postal address or your e-mail address. But also in this case we must process certain information to enable you to access our website. We provide general information about our company, our group of companies, our products and contact persons on our website. In this context, you will also find information on contact channels through which you can contact us, e.g. via telephone or e-mail.

    1. Logfiles:
    When you visit our website, our web server automatically stores the domain name or IP address of the requesting computer (usually of your internet access provider). We also store date, time and duration of your visit, the subpages/URLs you visit and information about the application(s) and terminal(s) you use to view our pages.

    2. Cookies:
    In order to make our website as user-friendly as possible, we use cookies. Cookies are small text files that are stored in your browser. These files help us to recognize certain preferences of our visitors when surfing and to design our site accordingly. Most of the cookies we use are session cookies. They are automatically deleted at the end of your visit. However, we also use permanent cookies, e.g. to save your language settings. These serve to improve user guidance. Our cookies do not collect any personal data and are not suitable for identifying you on third-party websites. You can set your browser that it informs you about the placement of cookies so that the use of cookies becomes transparent for you. You can also refuse the acceptance of cookies via your browser settings. However, this may mean that you may not be able to use all the functions of the website.

    3. Website analysis via Google Analytics:
    We use Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on our website to continuously improve our website. Google Analytics uses cookies which are stored on your computer and which enable analysis of the use of the website. The information generated by the cookies about your use of this website is usually sent to a Google server in Europe (or in a member state of the European Economic Area (“EAA”)) for the anonymization of the IP address, so that a personal reference is excluded. Only after the IP address was anonymized the shortened IP address is transferred to a Google server in the US and stored there. Only in exceptional cases the full IP address will be transferred to a Google server in the US and shortened there. This website uses Google Analytics with an extension for the anonymous collection of IP addresses (so-called IP masking). On our behalf, Google will use the collected information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of this website. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en An opt-out cookie is set which prevents the future collection of your data when you visit this website. Further information on data protection at Google Analytics can be found here and here.

  • For which purposes and on which legal basis do we process your personal data?

    1. We process personal data possibly contained in logfiles to enable you to use our website; this processing is based on Article 15 para 1 TMG respectively Article 6 para 1 f) GDPR for the purposes of our justified interest in operating our website.

    2. We process the data collected by the use of cookies and pseudonymized user profiles in order to perform direct marketing, market research and further develop our digital offers on the basis of Article 15 para 3 TMG respectively Article 6 para 1 f) GDPR for the purposes of our justified interest in analyzing the use of our website.

    3. The processing of personal data for handling one of your requests is carried out for the purposes of our legitimate interest in establishing and maintaining business contacts on the basis of Article 6 para 1 f) GDPR. If your request relates to the conclusion of a contract or pre-contractual measures, your personal data will be processed on the basis of Article 6 para 1 b) GDPR.

    4. We may process the data processed in connection with your use of our website also for compliance with legal obligations to which we are subject. This processing is based on Article 6 para 1 c) GDPR.

    5. We process personal data for the purposes of our justified interests or the justified interests of a third party on the basis of Article 6 para 1 f) GDPR.

    Justified interest may include

    a) the establishment of or defence against legal claims;
    b) the prevention and investigation of criminal or administrative offences or
    c) the management and further development of our business operations including risk management.

  • Are you obliged to provide data?

    For the handling of one of your requests to us it is necessary that you provide us at least with one means of contact. Otherwise we will not be able to process your request.

    If we collect additional data from you, we will inform you whether the provision of such information is based on a legal or contractual obligation or necessary for the closing of a contract. We usually indicate the information which can be provided voluntarily and which is not based on a legal or contractual obligation.

  • Who obtains or has access to your data?

    Your personal data are processed within our company. Depending on the categories of personal data, only dedicated departments units have access to your personal data. Such units include in particular the departments responsible for our websites and the contact persons designated on our website and our IT department. Based on a role/rights management concept, access to personal data is limited to the functions and the extent necessary for the respective purpose of the processing.

    If and to the extent permitted by law, we may transfer your personal data to recipients outside of our company. Such external recipients may include

    ­- affiliated companies within the Mitsui Sumitomo group, to which we may transfer personal data for internal administration purposes;
    ­- service providers that – on the basis of separate agreements with us – provide certain services possibly including the processing of personal data, as well as approved subcontractors of our service providers or
    ­- private or public bodies, to the extent we are obliged to transfer your personal data on the basis of a legal obligation to which we are subject.

  • Do we use automated decision-making?

    In connection with the operation of our websites we do not use automated decision-making (including profiling) within the meaning of Article 22 GDPR. If we apply such processes in the future, we will inform you separately in accordance with the applicable statutory provisions.

  • Are data transferred to countries outside the EU/the EEA?

    Personal data is processed generally within the European Union or the European Economic Area. We do not intend to transfer personal data to other countries.

    Only in connection with the processing of personal data within our group of companies and the use of service providers to provide web analysis services information may be transferred to recipients in so-called “third countries”. “Third countries” means countries outside the European Union or the Agreement on the European Economic Area, where a level of data protection comparable to that in the European Union cannot be assumed.

    If the information transferred contain personal data, we ensure before such a transfer that the necessary adequate level of data protection is guaranteed in the respective third country or with the recipient in the third country. This may result in particular from a so-called “adequacy resolution” of the European Commission, which establishes an appropriate level of data protection for a certain third country as a whole. Alternatively, we can also base data transmission on the so-called “EU standard contractual clauses” agreed with a recipient or – in the case of recipients in the USA – on compliance with the principles of the so-called “EU-US Privacy Shield”. If requested, we will provide you with further information on the suitable and appropriate guarantees for maintaining an appropriate level of data protection upon request. Please find the contact details at the beginning of this data protection information. For more information on the participants of the “EU-US Privacy Shield” please see here; Information on the “EU standard contractual clauses” here and information on the adequacy decisions here.

  • How long are your data stored?

    We store personal data as long as we have a justified interest in the retention of such data and your interest of the data subject in refraining from the further processing does not prevail. Even without a justified interest, we may continue to store the data, if there is a legal obligation (e.g. to comply with statutory retention obligations). We delete your personal data even without any action of you as soon as further retention is no longer necessary for the purposes for which the data were collected, otherwise processed or if further retention is not permitted by law.

    As far as the aforementioned processing is concerned, we regularly

    - delete the log data, if further storage is not required for purposes provided by law, such as the detection of misuse and the detection and rectification of technical faults and
    - delete the data processed in the context of a request to us after the expiration of statutory retention periods.

    If personal data need to be stored to comply with a legal obligation, such data is retained until the end of the respective retention period. If personal data is only processed to comply with a statutory retention obligation, the access to such data is usually restricted so that the data is only accessible for the purpose of the retention obligation, if necessary.

  • What are your rights as a data subject?

    a) Right to object according to Article 21 GDPR

    You have the right to object at any time to the processing of your personal data under Article 6 para 1) e) or f) GDPR. In the event of your objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for processing which prevail your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.

    If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of such personal data. If you object to the processing for direct marketing purposes, your personal data will no longer be processed.

    You have the possibility to exercise your right to object in connection with the use of Information Society services by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

    b) Other rights

    As a data subject, you may

    ­- request access to your personal data, Article 15 GDPR;
    ­- request the rectification of incorrect personal data, Article 16 GDPR;
    ­- request the erasure of your personal data, Article 17 GDPR;
    ­- request the restriction of the processing of your personal data, Article 18 GDPR and
    ­- exercise your right to data portability, Article 20 GDPR.

    The aforementioned rights may be asserted against us, e.g. by providing notice to us or to our data protection officer via the contact details specified at the beginning of this data protection information.

    In addition, you are entitled to lodge a complaint regarding the handling of your personal data with the competent supervisory authority, Article 77 GDPR.