->

Data Protection Information


MSIG Insurance Europe AG (“MSIG”) would like to thank you for visiting our website and your interest in our products. The protection of your personal data is important to us and we would like you to feel safe when you visit our website. We comply with applicable data protection law, in particular the EU General Data Protection Directive (“GDPR”), German Federal Data Protection Act (“BDSG”) and German Telemedia Act (“TMG”).

In this data protection information we explain which information (including personal data) are processed by us in connection with your visit and use of our website (“website”).

  1. Who is responsible for data processing?

    The controller responsible for the processing of personal data under data protection law is MSIG Insurance Europe AG, which is available at:

    An den Dominikanern 11-27
    D-50668 Cologne
    Telephone: +49 221 37991-0
    Telefax: +49 221 37991-200
    E-mail: info@msig-europe.com

    Any reference to “we” or “us” in this data protection information is a reference to the aforementioned entity.

    Our data protection officer may be contacted via the aforementioned means or via the following e-mail address:
    datenschutz@msig-europe.com


  2. Which principles do we observe?'

    In compliance with applicable data protection law, we only process your personal data on the basis of a statutory authorisation or if you have declared your consent.

    On this website we may collect information that does not allow us to draw any direct conclusions about your person. In certain cases – especially when combined with other data – this information can be considered as “personal data” under applicable data protection law. Furthermore, we may also collect information on this website that does not enable us to identify you, directly or indirectly. This is the case, for example, with aggregated information about all users of this website.


  3. Which data do we process?

    You can access our website without directly entering personal data, such as your name, your postal address or your e-mail address. But also in this case we must process and store certain information to enable you to access our website. We provide general information about our company, our group of companies, our products and contact persons on our website. In this context, you will also find information on means of contact using which you can contact us, e.g. via telephone or e-mail.

    1. Logfiles:
    When you visit our website, our web server automatically stores the domain name or IP address of the requesting computer (usually of your internet access provider). We also store date, time and duration of your visit, the subpages/URLs you visit and information about the application(s) and terminal device(s) you use to view our pages.

    2. Cookies:
    In order to make our website as user-friendly as possible, we use cookies. Cookies are small text files that are stored in your browser. These files help us to recognize certain preferences of our visitors when surfing and to design our site accordingly. Most of the cookies we use are session cookies. They are automatically deleted at the end of your visit. However, we also use permanent cookies, e.g. to save your language settings. These serve to improve user guidance. Our cookies do not collect any personal data and are not suitable for identifying you on third-party websites. You can set your browser such that it informs you about the placement of cookies so that the use of cookies becomes transparent for you. You can also refuse the acceptance of cookies via your browser settings in principle. However, this may mean that you may not be able to use all the functions of the website.

    3. Website analysis via Google Analytics:
    We use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), on our website to continuously improve our website. Google Analytics similarly uses cookies which are stored on your computer and which enable analysis of the use of the website. The information generated by the cookies about your use of this website is usually sent to a Google server in Europe (or in a member state of the European Economic Area (“EAA”)) for the anonymization of the IP address, so that a personal reference is excluded. Only once the IP address has been anonymized is the shortened IP address transferred to a Google server in the US and stored there. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. This website uses Google Analytics with an extension for the anonymous collection of IP addresses (so-called IP masking). On our behalf, Google will use the collected information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other Google data. You may refuse the storage of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en An opt-out cookie is set which prevents the future collection of your data when you visit this website. Further information on data protection at Google Analytics can be found here and here.

    4. Getting in touch:
    Where you use one of the means specified on our website to get in touch, we process any personal data which may be in your message and communicated by you (e.g. your e-mail address, your name, your telephone number) in order to process and answer your inquiry.


    IV. For which purposes and on which legal basis do we process your personal data?

    1. Any personal data which may be contained in the logfiles are processed to enable you to use our website; this processing is based on Section 15 (1) TMG and on Article 6 (1 f) GDPR for the purposes of our legitimate interest in operating our website.

    2. The data collected using cookies, including of the web analysis service Google Analytics, and the pseudonymised use profiles are processed for the purposes of shaping our website in line with needs on the basis of Section 15 (3) TMG and Article 6 (1 f) GDPR for the purposes of our legitimate interest in analysing the use of our website.

    3. Data are processed to handle an inquiry for the purposes of our legitimate interest in establishing and maintaining business contacts on the basis of Article 6 (1 f) GDPR. If your inquiry relates to the conclusion of a contract or pre-contractual measures, we process your personal data on the basis of Article 6 (1 b) GDPR.

    4. Where we give you the possibility to grant consent to the processing of personal data, we process the data covered by the consent for the purposes set out in the consent; this processing is based on Article 6 (1 a) GDPR.

    Please note that
    • the granting of consent to us is voluntary;
    • not granting consent or revoking it at a later date may nevertheless have consequences about which we inform you before consent is granted; and
    • any consent granted to us can be revoked at any time, taking effect on the future, e.g. by communication by post, fax or e-mail using the means of contact set out in the data protection information.

    5. We may process the data processed in connection with your use of our website also for compliance with legal obligations to which we are subject. This processing is based on Article 6 (1 c) GDPR.

    6. Otherwise we process your data beyond the above-mentioned purposes also to safeguard our legitimate interests or the interests of third parties; this processing is based on Article 6 (1 f) GDPR. Our legitimate interests include the following:
    a)  establishment of legal claims and defence in legal disputes;
    b)  prevention and investigation of criminal offences; and
    c)  control and further development of our business operations including risk control.


    V. Am I obliged to provide data?

    For the handling of your inquiry to us it is necessary for you to provide a means of contact. Without this information we will not be able to process your inquiry.

    If we also collect personal data from you, we will inform you whether the provision of this information is based on a legal or contractual obligation or is necessary for the conclusion of a contract. We indicate which information can be provided voluntarily and is not based on one of the above-mentioned obligations or is not necessary to conclude a contract.


    VI. Who receives my data?

    Your personal data are processed within our company. Depending on the categories of personal data, only dedicated departments have access to your personal data. Such departments include in particular the departments responsible for our websites and the contact persons designated on our website and our IT department.

    To the extent permitted by law, we may transfer your personal data also to third parties outside of our company. These external recipients may include the following in particular

    • affiliated companies, such as MS&AD Insurance Group Holdings, Inc. (Japan) and Mitsui Sumitomo Insurance Co. Limited (Japan), to which we may transfer personal data for internal administration purposes;
    • service providers used by us which – on the basis of separate agreements with us – provide services which may include the processing of personal data, as well as subcontractors of our service providers which are used with our consent; and 
    • private and public bodies, to the extent that we are obliged to transfer your personal data on the basis of legal obligations.

    We ensure that also the external recipients of personal data observe the obligations under data protection law in accordance with this data protection information.


    VII. Are data transferred to countries outside the EU/the EEA?

    Personal data are processed generally within the European Union or the European Economic Area.

    Only in connection with the processing of personal data within our group of companies and the use of service providers to provide web analysis services may information be transferred to recipients in so-called “third countries”. “Third countries” mean countries outside the European Union or the Agreement on the European Economic Area, where a level of data protection comparable to that in the European Union cannot be assumed.

    If the information transferred also contains personal data, we ensure before such a transfer that the necessary adequate level of data protection is guaranteed in the respective third country or with the recipient in the third country. This may result in particular from a so-called “adequacy resolution” of the European Commission, which establishes an appropriate level of data protection for a certain third country as a whole. Alternatively, we can also base data transmission on the so-called “EU standard contractual clauses” agreed with a recipient or – in the case of recipients in the USA – on compliance with the principles of the so-called “EU-US Privacy Shield”. We will provide you with further information on the suitable and appropriate guarantees for maintaining an appropriate level of data protection upon request. Please find the contact details at the beginning of this data protection information. For more information on the participants of the “EU-US Privacy Shield” please see here; information on the “EU standard contractual clauses” here and information on the adequacy decisions here.


    VIII. How long are my data stored?

    We store your personal data as long as we have a legitimate interest in this storage and your interests in refraining from further storage do not prevail.

    Even without a legitimate interest, we may continue to store the data, if there is a legal obligation (e.g. to comply with statutory storage obligations). We delete your personal data even without any action on your part as soon as they are no longer necessary to satisfy the purpose of processing or the storage is otherwise not permitted by law.

    Usually,

    • log data are deleted if further storage is not required for purposes provided by law, such as the detection of misuse and the detection and rectification of technical faults; and
    • the data processed in the context of an inquiry to us are deleted after expiry of the statutory storage periods.

    Personal data which we must store to satisfy legal obligations are stored up to the end of the respective storage obligation. Where we store personal data exclusively to satisfy storage obligations, they are usually blocked so that they are only accessible for the purpose of the storage obligation.


    IX. What are my rights?

    a) Right to object according to Article 21 GDPR

    You have the right to object at any time to the processing of your personal data under Article 6 (1) e) or f) GDPR. In the event of your objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for processing which prevail over your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.

    b) Other rights

    As a data subject, you may

    • request access to your stored personal data, Article 15 GDPR;
    • request the rectification of incorrect data, Article 16 GDPR;
    • request the erasure of your personal data, Article 17 GDPR;
    • request the restriction of processing, Article 18 GDPR and
    • exercise your right to data portability, Article 20 GDPR.

    To exercise these rights you can contact us or our data protection officer at any time, e.g. using one of the means of contact provided the beginning of this data protection information.

    In addition, you are entitled to lodge a complaint with a supervisory authority responsible for data protection, Article 77 GDPR.

logo-msi