Data Privacy Statement pursuant to Art. 13 and 14 EU General Data Protection Regulation (GDPR)

This notice explains how your data will be collected and dealt with, and your rights concerning that data. In this notice, ‘we’, ‘us’ or ‘our’ refers to Inter Hannover and its agents, co-insurers and reinsurers. ‘You’ or ‘your’ refers to the individual whose personal data we are processing.

1. Responsible data controller

International Insurance Company of Hannover SE (‘Inter Hannover’)
Roderbruchstraße 26
30655 Hannover
Germany
Tel. +49 511 5604-2909

Inter Hannover is a Data Controller as defined under the EU General Data Protection Regulation (‘GDPR’). 
You can reach our Data Protection Officer by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox:
E-mail: privacy-ih@inter-hannover.com

2. Personal data we may collect about you

  • Individual details such as name, address, proof of address, contact details (including emails and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title, employment history and family details (including their relationship to you).
  • Identification numbers issued by government bodies, agencies or similar such as national insurance, passport, tax identification or driving licence numbers.
  • Financial information such as bank account or payment card details, income or transaction histories.
  • Insurance policy information including information about quotes you receive and policies you take out.
  • Credit and anti-fraud data including credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.
  • Information about previous and current claims (including in connection with other related or unrelated insurance) which may include data about your health, criminal convictions, or special categories of personal data and, in some cases, surveillance reports.
  • Technical information including your computer’s IP address.
  • Special categories of personal data which have additional protection under the GDPR, namely health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation.

3. Where we may collect your personal data from

We may collect your personal data from various sources:

  • You (including, from time to time, recordings of your telephone calls with us)
  • Your family members, employer or agent/representative (including your broker)
  • Our agents, other insurers, insurance brokers, or reinsurers
  • Credit reference agencies
  • Websites or software applications for use on computers or mobile devices and/or social media content, tools and applications
  • Anti-fraud databases, sanctions lists, court judgments and other databases
  • Government agencies
  • Any open electoral register; or
  • In the event of a claim, third parties including the other party or parties to the claim, witnesses, experts, loss adjusters, solicitors, claims handlers, translators, surveillance agents, engineers and others.

4. Identities of Data Controllers and Data Protection Contacts

The operation of the insurance market means that personal data may be shared between insurance brokers, insurers, reinsurers and other market participants. You can find out the identity of the controller or controllers of your personal data in the following ways:

  • If you took out the insurance yourself, get in touch with the data protection contact at your insurance broker or the entity you dealt with in taking out the insurance.
  • If your employer or another organisation took out the insurance for your benefit, you should get in touch with the data protection contact at your employer or the organisation that took out the insurance.
  • If you are not a policyholder or an insured under the insurance, you should get in touch with the organisation that collected your personal data. 

5. The purposes, categories, legal grounds and recipients of our processing your personal data

Your personal data may be processed for the following purposes:

Quotation/inception:

  • Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks
  • Evaluating the risks and matching them to appropriate policy terms/premium
  • Payment of premium where the insured is an individual

Policy administration:

  • Client care, including communicating with you and sending you updates
  • Payments to and from individuals

Claims processing:

  • Managing insurance and reinsurance claims
  • Defending or prosecuting legal claims or regulatory proceedings
  • Investigating or prosecuting fraud

Renewals:

  • Contacting you/the insured to renew the insurance
  • Evaluating the risks and matching them to appropriate policy terms/premium
  • Payment of premium where the insured is an individual

Other purposes including:

  • Complying with our regulatory or legal obligations
  • Risk modelling
  • Effecting reinsurance contracts
  • Transferring books of business, company sales, restructuring and reorganisation.

We may also disclose personal data to the following non-exhaustive list of entities:

reinsurers, financial institutions, service providers, contractors, agents, tax authorities, law enforcement and other regulators and group companies in connection with the above purposes. You will find the current list of service providers and our companies who participate in data-processing operations here on our website or by emailing privacy-ih@inter-hannover.com.

We process your data on one of the following legal grounds:

  • in order to place and operate the contract(s) of insurance;
  • where a legitimate interest to do so has been identified for which processing of your data is necessary and which balances your interest, rights and freedoms e.g. protecting you from fraud or personalising the insurance product to you; or
  • where we have a legal obligation to do so e.g. to prevent money laundering.

6. Consent

To provide insurance and deal with insurance claims in certain circumstances we may need to process special categories of your personal data (see 1.8 above), such as medical or criminal records. Your consent to this processing may be necessary to achieve one or more of the purposes set out above. 
Where this is the case, you may withdraw your consent to such processing at any time by notifying privacy-ih@inter-hannover.com. If you do withdraw your consent, however, this may mean we cannot provide insurance or pay claims.

7. Profiling

When calculating insurance premiums, we may compare your personal data against other data such as industry averages or fraud patterns. Your personal data may also be used to create such other data to ensure, among other things, that premiums align to risk. 

We may make decisions based on profiling and without staff intervention (known as automatic decision making).

8. Storage and retention of your personal data

Data is held by us on servers and in printed form, as well as on our behalf in off-site storage facilities. We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, so long as there is any possibility that either you or we may bring or face legal claims in connection with the insurance contract(s), or if there are legal or regulatory reasons to retain your data, we must do so.

9. International transfer of data

We may need to transfer your data to third parties outside the European Economic Area. These transfers will be made in compliance with the GDPR.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact privacy-ih@inter-hannover.com.

10. Amendment

We may amend this Privacy Notice from time to time. We will let you know if we make any significant changes. 

11. Your rights

If you have any questions about our use of your personal data, please contact the relevant data protection contact as explained above. In certain circumstances you may have the right to require us to: 

  • Provide you with further details about the use we make of your personal data
  • Provide you with a copy of the personal data we hold
  • Correct any inaccuracies in the personal data we hold
  • Delete any personal data we no longer have any lawful ground to use
  • Where the processing requires your consent, to withdraw that consent so we stop the processing in question
  • Transfer your personal data to another organisation
  • Object to any processing based on the legitimate interests ground at paragraph 4, bullet point 3 above unless our reasons for that processing outweigh any prejudice to your data protection rights
  • Object to automated processing, including profiling
  • Restrict how we process or use your personal data in certain circumstances e.g. whilst a complaint is being investigated.


In certain circumstances we may need to restrict the above rights to safeguard the public interest (e.g. prevention or detection of crime) or our interests (e.g. legal or litigation privilege).

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think we have breached the GDPR, you have the right to complain to the relevant national authority, details below.

Germany (lead supervisory authority)
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: poststelle@lfd.niedersachsen.de
Website: www.lfd.niedersachsen.de 

Sweden
Datainspektionen
Drottninggatan 29
5th Floor
Box 8114
104 20 Stockholm
Tel. +46 8 657 6100
Fax +46 8 652 8652
e-mail: datainspektionen@datainspektionen.se
Website: http://www.datainspektionen.se/

Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121
00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
e-mail: garante@garanteprivacy.it
Website: http://www.garanteprivacy.it

UK

England 
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Website: casework@ico.org.uk 

Scotland
Information Commissioner’s Office
45 Melville Street
Edinburgh
EH3 7HL
Tel: 0131 244 9001
Website: scotland@ico.org.uk  

Wales
Information Commissioner’s Office
2nd Floor
Churchill House
Churchill Way
Cardiff CF10 2HH
Tel: 029 2067 8400
Website: wales@ico.org.uk  

Northern Ireland
Information Commissioner’s Office
3rd Floor
14 Cromac Place
Belfast
BT7 2JB
Tel: 0303 123 1114 (local rate) or 028 9027 8757 (national rate)
ni@ico.org.uk

12. Contact Us

Head Office:
Data Protection Officer
Roderbruchstraße 26
30655 Hannover
Germany
Tel. +49 511 5604-2909

UK Branch:
Legal & Compliance
10 Fenchurch Street
London
EC3M 3BE
Tel. +44 (20) 7015 4000

Scandinavian Branch:
Legal & Compliance
Hantverkargatan 25
P.O Box 22085
SE-104 22 Stockholm
Tel. +46 8 617-5485

Italian Branch:
Data Protection Officer
Roderbruchstraße 26
30655 Hannover
Germany
Tel. +49 511 5604-2909

Data privacy information in connection with your use of our websites

1. Scope of application and basic principles

We attach considerable importance to the protection of your personal data. You can learn more about the general and extensive measures that we take to protect your data in our Data Privacy Statement pursuant to Art. 13 and 14 EU General Data Protection Regulation. In the following we provide you with specific information in connection with your use of our websites.

2. Collection and processing of your data

We collect your data in various ways:

Access data and server log files

In order to technically optimise the utilisation of our Internet offerings, we require information about which technical tools are used to access which of our webpages. We save these data temporarily in so-called server log files. These are forwarded to the service provider New Relic for the purposes of analysis and, as appropriate, troubleshooting. The data do not include any personal data.

Subscription to our e-mail notification service

If you are a subscriber to our e-mail Notification Service, you receive e-mail notifications of current press releases that you can access under www.hannover-rueck.de or www.hannover-re.com. We use the data provided by you for this purpose solely for sending our notification e-mails. You may choose to stop receiving these notifications at any time because each notification e-mail contains a link via which you can cancel the receipt of these e-mails.

Direct inquiries using contact forms or via e-mail

Inquiries that we receive via the contact or order form or which you send directly to a contact person at the Hannover Re Group are forwarded as necessary by us internally within the Group to the relevant responsible area.

In view of our global presence, the responsible area within the Group may be located outside the European Economic Area (EEA). In this case too, however, your data are used solely to respond to your particular inquiry and in accordance with the relevant applicable statutory provisions. In this respect, our binding corporate rules safeguard the necessary level of data privacy also in connection with such data transfers.

3. Use of cookies, Web analysis

Cookies are small files that we send through your Web browser to your computer's hard drive and which we can read during your current visit to our webpages and upon subsequent visits. Our cookies enable us to make the use of special functionalities available to you.

You can prevent cookies being saved by setting your browser software accordingly; we would, however, point out to you that in this case you may not be able to use all functions of this website to the full extent.

In addition to these technical cookies, we use the analytics tool Piwik for Web analytics purposes in order to optimise for you our Web offerings and in particular how they are presented. The analytics tool Piwik (further information at: http://piwik.org) uses cookies to analyse user behaviour. This analysis is, however, conducted on an anonymised basis because we use the "anonymizeIP" plugin to ensure that IP addresses are always logged anonymously (so-called IP masking). This step blanks the last two bytes of your IP address (e.g. 123.456.xxx.xxx).

You may, however, choose to systematically and completely prevent such logging of your visit to our website by Piwik. To make that choice, please click the following link.

You are currently opted in. Click here to opt out.

You are currently opted out. Click here to opt in.

Clicking the link will place an opt-out cookie on your computer that prevents logging of your data when visiting this website.

Please note: If you choose to delete all cookies on your computer through your browser, the opt-out cookie will also be deleted. In this case you will need to opt out again.

Finally, we make use of offerings from external service providers in connection with the HTML Annual Report and the Applicants' Portal. The tool etracker is additionally used for analytics purposes in the area of the HTML Annual Report. In the case of both offerings, further cookies are also placed on your computer when accessing the HTML Annual Report or upon registering with the Applicants' Portal. These areas are, however, subject to separate Data Privacy Statements of which you will be informed when making use of the respective offering.

4. Further information

Further information, particularly regarding the topics

  • disclosure of your data,
  • data security,
  • your rights,
  • our Data Protection Officer and/or
  • responsibility,

can also be found in our Data Privacy Statement pursuant to Art. 13 and 14 EU General Data Protection Regulation.

5. Reservation of right of modification

We reserve the right to modify these data privacy rules at any time within the limits set by applicable laws.