Privacy policy of HanseMerkur

The protection and security of your data is important to HanseMerkur. Find out here about your rights and the measures we have taken to protect you: The controller within the meaning of the General Data Protection Regulation (EU GDPR) and other national data protection laws of the member states as well as other data protection regulations is the:

HanseMerkur Reiseversicherung AG

Postfach
20352 Hamburg
Tel.: 040 4119-1919
Fax: 040 4119-3040
E-Mal: reiseinfo@hansemerkur.de

The data protection officer of the controller is:
Mr Thomas Prigge
Please use the above address to contact us or send an e-mail to: datenschutz@hansemerkur.de.

Thank you for visiting our website. We take the protection of your privacy when collecting, processing and using your personal data in accordance with the statutory provisions very seriously and want you to feel secure. This privacy policy applies only to this website. It does not apply to websites linked to from this website. You can find a note about your rights here.

1 Provision of the website and creation of log files

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

Information about the browser type and version used
User’s operating system
Internet service provider of the user
IP address of the user
Date and time of access
Websites from which the user accessed our website
Websites accessed by the user's system via our website

The log files contain IP addresses or other data that can be traced back to the user. This could be the case, for example, if the link to the website from which the user accesses the website or the link used to switch to another website contains personal data. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. HanseMerkur cannot use this data to trace it back to you without involving your provider. For example, you can use the premium calculator "anonymously".

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f of the General Data Protection Regulation (GDPR).

Purpose of data processing: The temporary storage of the IP address by the system is necessary to display the website on the user’s computer. To do this, it is necessary to store the user’s IP address for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The data will be deleted when they are no longer necessary for the purposes for which they were collected. Where the data is collected for the purpose of providing the website, the data will be deleted at the end of the respective session.

If the data is stored in log files, they will be deleted after seven days at the latest. Data may be stored for other purposes. In this case, the IP addresses of the users are deleted or anonymised to prevent them from being traced to the calling client.

Collecting data for the purpose of providing the website and storing the data in log files is essential for the operation of the website. Users, therefore, do not have the option to object in this case.

2 Conclusion of an insurance contract via the website

The data given by you within the framework of the conclusion of an insurance contract will be processed for handling processes within the booking process and for any subsequent insurance pay-out process. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

The following customer data will be collected and saved by us:

Personal data (e.g. name, address, date of birth, e-mail address)
Travel information (e.g. travel date, travel destination, travel price, travel booking date)
Payment information (e.g. account holder, IBAN & BIC / credit card number, credit card company, credit card holder)
Date when the insurance was taken out

The legal basis for the data processing is Art. 6(1)(b) of the GDPR. The processing is necessary for the conclusion and the fulfilment of the contract.

The data you provide when taking out a policy online may be used by HanseMerkur to check for any unusual activity (e.g. simultaneous online policy purchases using different customer accounts). HanseMerkur has a legitimate interest in carrying out such checks.

To prevent fraud, we also use the services of Risk.Ident GmbH, Am Sandtorkai 50, 20457 Hamburg, when operating our website.

Risk.Ident collects and processes data using cookies and other tracking technologies to identify the user's device and gather further data on website usage. This data is not linked to a specific user. Whenever Risk.Ident collects IP addresses, these are encrypted immediately.

The data is stored by Risk.Ident in a database for the purpose of fraud prevention. The database also stores data on end devices transmitted by us to Risk.Ident, the use of which has already led to (attempted) fraud. In this context, too, no association is made with specific users.

As part of the application process on our website, we retrieve a risk assessment for the user’s device from the Risk.Ident database. This risk assessment of the likelihood of a fraud attempt takes into account, amongst other things, whether the device has connected via different service providers, whether the device has a frequently changing geographical location, how many transactions have been carried out via the device, and whether a proxy connection is being used.

The legal basis for processing the data for the purpose of fraud prevention is Article 6(1)(f) of the GDPR.

3 Reporting of a claim via the website

The data given by you during a claim within the framework of the online reporting of a claim on our website will be processed to handle the insured event. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

The legal basis for the data processing is Art. 6(1)(b) of the GDPR. The processing is necessary to handle the insured event.

If special categories of personal data e.g. health data are collected, we will obtain your consent pursuant to Art. 9 (2) (a) in conjunction with Art. 7 of the GDPR.

4 Use of cookies

When you visit the websites, so-called cookies are stored on your computer, depending on the area. Cookies are small text files in which the provider of a website stores data relevant to it in order to facilitate surfing on the website. Such a cookie cannot be read by any website other than the one that placed the cookie. HanseMerkur does not store any of your personal data in the cookies. The maximum lifetime of the cookie is 90 days. At the end of this period, they are automatically deleted. A new cookie is set each time you visit the website. If a cookie exists, the information is updated. This corresponds to deleting and resetting the cookie.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.

The purpose of using analytics cookies is to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

Advertising-related cookies are used for the purpose of presenting you with customised advertisements.

When accessing our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

How can I manage cookies?

As an Internet user, you can decide for yourself whether you want to accept cookies or block them completely. We can no longer guarantee the correct display and full functionality of our website if cookies are disabled.

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

What types of cookies do we use?

We use four types of cookies on our website: Generally Required Cookies, Functional Cookies, Performance Cookies and Advertising Cookies.

We use generally necessary cookies (session cookies) for the general use of our website. In this way, certain actions performed by the user are saved. These cookies are necessary for functional navigation on the website and for the use of certain website functions. This makes it easier for the user to visit our website, as it allows them to make optimum use of various areas of our site.

Functional cookies (session cookies) enable us to customise our website to the personal preferences of our users by saving the entries and selections made, such as name, region or language settings. These settings are only valid for visits to our website and cannot be used by other websites.

Performance-related cookies (persistent cookies) help us to measure the data traffic and functionality of our website. This allows us to recognise which areas of our site users visit most frequently and whether any error messages appear on these pages. In this way, we create a more user-friendly experience when using our website.

We use advertising-related cookies (persistent cookies) to present the user with customised advertisements. We also use these cookies so that we can track how often certain adverts appear to a user.

Further information on session cookies and persistent cookies

Session cookies store information that is used during your current browser session. As soon as you close the browser, these cookies are automatically deleted. Persistent cookies store information between two visits to the website so that you can be recognised as a returning user on a subsequent visit.

Basic information about cookies:

You can prevent the setting of cookies in your browser - and thus also any storage or collection of data - by deactivating cookie storage in your browser.

Overview of cookies used

We use the following cookies: Overview

5 Newsletter

We will send you our free sales partner newsletter only with your express consent. Subscription to our newsletter may be terminated by the data subject at any time. You can unsubscribe by clicking on the unsubscribe link provided in every newsletter.

When you subscribe to our newsletter, the data is entered into an input mask and transmitted to us. In addition, we collect the following information: IP address of the calling computer and date and time of subscription. The collection of other personal data during the subscription process serves to prevent misuse of the service or the email address used. The legal basis for processing the data following the user's subscription to the newsletter is Art. 6 (1) lit. a GDPR. The data will be deleted when they are no longer necessary for the purposes for which they were collected. Accordingly, the email address of the user will be stored only as long as the subscription to the newsletter remains active.

We use the services of die direkten GmbH and kajomi GmbH for newsletter mailing.

6 Customer and product reviews

We have integrated company and product reviews on our website to give our customers the opportunity to post review insurance. At the same time, we want to improve our internal quality management. When you click on the customer review link after completing your online booking or online application, you will be redirected to a questionnaire at eKomi. To prevent multiple reviews, we forward an anonymised ID to eKomi. eKomi also stores your IP address. eKomi is committed to handling your transmitted data in compliance with data protection regulations and takes all organisational and technical measures to protect your data.

We also work with Trustpilot A/S ("Trustpilot") and Google to collect customer feedback. Trustpilot also asks for your name and email address. If you would like to know more about how Trustpilot or Google processes your data, you can view the company's privacy policy here. The Google privacy policy can be found on the Google website.

The data is processed in accordance with Art. 6 (1) lit. a GDPR. Your feedback will help us to improve this process and products for all customers on a continual basis.

7 Online presence in social media

HanseMerkur has an online presence in social networks and platforms. This makes it possible for us to communicate actively with our existing and prospective customers and to inform them about our services. We point out that when visiting the respective networks and platforms the terms and conditions of business and data processing guidelines of the respective operators apply.

We integrate content or service offers from third-party providers within our website. The basis for this is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. DSGVO. The content may include videos, for example. The third-party providers can see the IP address of the user, otherwise the content could not be sent to the browser. The IP address is therefore required to display the content.

Third-party providers may use pixel tags for statistical or marketing purposes. This allows information such as visitor traffic on the pages of this website to be evaluated. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring websites, visit duration and other information about the use of our online services. This information may also be linked to information from other sources.

YouTube

Videos from the YouTube platform, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are embedded. You can find the privacy policy here: https://policies.google.com/privacy. If you want to prevent tracking, click here: https://adssettings.google.com/authenticated.

Google Maps

Maps from the ‘Google Maps’ service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA are integrated. You can find the privacy policy here: https://policies.google.com/privacy. If you wish to prevent tracking, click here: https://adssettings.google.com/authenticated.

Facebook

On this website, we link to our presence on “Facebook” of Facebook Inc. (1601 S California Ave, Palo Alto, CA 94304 USA. If you click on our link and are logged into Facebook at the same time, this information will be assigned to your Facebook account. The same applies of course if you submit comments. The data privacy statement can be found here.

8 Security of your personal data when using this website

On our website, we provide a contact form and an online application, which can be used to send us a message or to take out an insurance policy directly via our website. If you use this option, the data you enter into the input mask will be transmitted to us and stored. The personal data that we collect through service functions and forms based on your consent to the collection, processing and use of your personal data are transmitted in encrypted form over a secure Internet connection to our computer, where they are stored and secured. The encryption process used complies with the latest technology standards (TLS or SSL). The other personal data processed during the sending is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

When you transmit your personal data – e.g. by submitting a claim notification, by using the HanseMerkur RechnungsApp (invoicing app), by making an online application, by requesting a quotation or advice and by confirming this privacy notice – you declare that you consent to the storage and processing of the data that you have submitted for the purpose of processing and responding to queries (where required) within the required scope. Depending on the matter in hand, it may be necessary to forward this data to authorised third parties, or to process it using an automated system.

Where we obtain the consent of the user to processing the data, the legal basis for data processing is Art. 6 (1) lit. a GDPR and with respect to online transactions, Art. 6 (1) lit. b GDPR. The legal basis for health data processing is Art. 9 (2) lit. a GDPR.

The data will be deleted when they are no longer necessary for the purposes for which they were collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter in question has been definitely resolved. The additional personal data collected during the sending process will be deleted at the latest after seven days.

Users are entitled to revoke their consent to the processing of personal data at any time.

9 Email use

Emails that you send us through your email application may under some circumstances be unencrypted. Please check the settings of your email application or consult your email provider. We routinely encrypt our email responses using transport layer security (TLS). We send unencrypted emails only if transport layer encryption is not supported by your provider. This form of encryption, however, is broadly supported by email providers.

If you prefer end-to-end encryption (S/MIME) of your email communications, we inform you that HanseMerkur uses domain keys for email encryption. You can find the certificates of HanseMerkur at www.openkeys.de:

SMIME: securemail@hansemerkur.de
PGP: postmaster@hansemerkur.de

For secure communications, we recommend the contact form on this website.

10 Service – request documents & change contact information

On our website, you have the possibility to request specific documents or to change your contact information using forms. Please note that we offer different forms for different purposes (e.g. copy of insurance policy or confirmation of Covid-19 travel conformation conformation or cancellation of insurance). In order to send you the requested documents or change confirmations, it is necessary for you to provide us with the personal data requested in the forms. This is the only way we can correctly process your requirements and send you the requested documents or change confirmations to the e-mail address stored for your contract. If the verification of your provided data is successful, your request can be processed automatically.

Please note that we always send the requested documents to the e-mail address you used while booking in order to ensure that no unauthorized persons can access your information. If no e-mail address is stored for your contract, we will check whether an alternative e-mail address is stored in the customer database of HanseMerkur, which can be used as a substitute.

Please understand that, for security reasons and to protect your data, we are unable to send the requested documents to an alternative e-mail address that is unknown to us. For any queries regarding the requested documents, please provide us with your preferred e-mail address. We will use that e-mail address only to contact you for clarification. This e-mail address will not be added to our databases and of course, the e-mail address will not be passed on to third parties.

Based on your entered name, insurance policy number and date of birth, we will check whether the processing can be automated or not. An automated process takes place if an exact assignment has been possible without doubt based oft the entered information.

On the basis of the opt-in provided by you in the context of the document request, processing takes place on the basis of consent pursuant to Art. 6 para. 1 lit. a EU-DSGVO.

11 Checklists

On our website, you have the possibility to compile checklists and to have them sent to your e-mail address. The e-mail address will only be used for the purpose of the mailing and will not be saved permanently. The legal basis for the processing is the consent granted by you when you send us your e-mail address pursuant to Art. 6 (1) Letter a GDPR.

Rights

Rights of data subjects

You can request information about the personal data we hold about you by writing to the above address. In addition, under certain circumstances, you may request your data to be rectified or deleted. You are also entitled to restrict the processing of your data and to have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format.

Right to object

You have the right to object to the processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you can object to the processing of data on compelling legitimate grounds relating to your particular situation.

Right to complain

You have the option to complain either to the data protection officer specified above or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:

Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6,
20095 Hamburg

back to the homepage of the data protection area