HanseMerkur Reiseversicherung AG
Tel.: +49 40 4119-1919
Fax: +49 40 4119-3040
The data protection officer of the data controller is:
Mr Thomas Prigge
To contact the data protection officer, please use the above address or send an email to:
We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), provisions of the Insurance Contract Act (VVG) and other laws with relevance to data protection. In addition, our company is committed to observing the "Code of Conduct for the Handling of Personal Data by the German Insurance Industry", which adapts the above provisions to the specific needs of the insurance industry. The Code of Conduct can be viewed here. We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), provisions of the Insurance Contract Act (VVG) and other laws with relevance to data protection. In addition, our company is committed to observing the "Code of Conduct for the Handling of Personal Data by the German Insurance Industry", which adapts the above provisions to the specific needs of the insurance industry. The Code of Conduct can be viewed here.
If you submit an application for insurance cover, we will need the information you provide to conclude the contract and to assess the risk associated with providing insurance services to you. Where the insurance contract is concluded, we process this data for the purpose of implementing this contract, e.g. for the purpose of issuing an insurance policy or invoicing. We need information about the claim, for example, to check whether an insured event occurred and to assess the amount of damage.
Without processing your personal data, it would be impossible for us to enter into or implement insurance contracts.
In addition, we may process your personal data to comply with regulatory requirements, to compile insurance statistics or to develop new insurance products and pricing. We use the data from all existing contracts with HanseMerkur to analyse the customer relationship as a whole, to provide for example advice on contract adjustment or supplementation, to make good-will decisions, or to share comprehensive information.
The legal basis for this type of processing of personal data for pre-contractual and contractual purposes is Article 6 (1) (b) GDPR. Insofar as special categories of personal data are required for this purpose (e.g. your health data when concluding a health insurance contract), we will obtain your consent in accordance with Article 9 (2) (a) in conjunction with Article 7 GDPR. We provide you in advance with a template for this purpose here.
Where we use these data categories to compile statistics, this is done in accordance with Art. 9 (2) (j) GDPR in conjunction with Article 27 BDSG.
We also process your data in order to protect our legitimate interests and those of third parties (Article 6 (1) (f) GDPR). This may be necessary, in particular:
In addition, we process your personal data to comply with laws and regulations, e.g. regulatory requirements, statutory retention requirements under commercial or tax laws or our obligation to provide advice. The respective statutory provisions in conjunction with Article 6 (1) (c) GDPR constitute the legal basis for processing in this case.
If we intend to use your personal data for any purpose other than those listed above, we are required under the statutory provisions to notify you in advance.
We also insure risks assumed by us with specialised insurance companies (reinsurers). To do this, we may have to share your contract or claims data with the reinsurer, to allow them to form their own opinion about the risk or the insured event. It is also possible that the reinsurer will support our company based on its expertise in assessing the risk and the eligibility for benefits and in the evaluation of procedures. We will transmit your data to the reinsurer only if this is necessary to implement the insurance contract with you or lies within the scope required to safeguard our legitimate interests.
If you use an insurance intermediary to arrange insurance cover for you, the insurance intermediary will process the application, contract and claims data required to conclude and implement the contract. We will provide the insurance intermediary with your personal data to the extent that the intermediary needs this information to provide you with assistance and advice in insurance or financial services-related matters.
Data processing within the group:
Some data processing tasks are performed centrally by specialised companies or departments within our group for companies economically or organisationally affiliated within the group. If you have an insurance contract with one or more companies in our group, your data may be centrally managed by one company within the group, e.g. involving the central administration of address data, telephone customer service, contract and service processing, collection and payments or common mail processing. Our list of service providers lists the companies involved in centralised data processing
To fulfil our contractual and legal obligations, the individual companies of the HanseMerkur Insurance Group (HanseMerkur Krankenversicherung auf Gegenseitigkeit, HanseMerkur Krankenversicherung AG, HanseMerkur Lebensversicherung AG, HanseMerkur Allgemeine Versicherung AG, HanseMerkur Reiseversicherung AG, HanseMerkur Speziale Krankenversicherung AG) – hereinafter referred to as HanseMerkur – currently work as and when needed with service providers (companies/individuals) using health data and other data protected under Article 203 of the German Criminal Code (StGB). A list of contractors and service providers we use on a long-term basis:
|Persons and entities||Activities|
|H.B.C. Hanse Betreuungscenter GmbH||Telephone customer service|
|Roland Assistance GmbH||Assistance services|
|Insurance Warehouse Gesellschaft für Finanzdienstleistungen GmbH||Portfolio management in the field of travel insurance|
|Deutsche Assistance Service GmbH||Assistance services|
|Omnidata GmbH & Co.KG||Printing and inserting services|
|DCM Digital Claim Management GmbH und deren beauftrage Vertragsanwälte||Recourse processing in the field of travel insurance|
|PPI AG||Self-service portal / online claim form|
The complete contact details are available upon request.
In addition, HanseMerkur works together with the following entities to collect, process and use health data and other data protected under Article 203 StGB:
|Persons and entities||Activities|
|Doctors, psychologists, psychiatrists, reinsurers||Appraisers and experts|
|Legal practitioners||General service in justified individual cases|
|External IT service providers||Application development and provision of technical resources|
|Letter shops||Mailing campaigns|
|Detective agencies||Fraud prevention measures in justified individual cases|
|Debt collection companies||Legal dunning proceedings, debt collection|
In addition, we may have to share your personal data with other recipients, such as government agencies, to meet our statutory reporting obligations (e.g. social security institutions, tax authorities or law enforcement agencies).
We will delete your personal data as soon as it is no longer needed for the purposes specified above. We may be required to keep the personal data for periods during which claims can be made (statutory limitation periods from three to thirty years). In addition, we store your personal data where we are required to do so by law. The relevant obligations with respect to burden of proof and retention periods are set out in the Commercial Code, Tax Code and the Anti-Money Laundering Act, under which the periods of retention can be up to ten years.
You can request information about the personal data we hold about you by writing to the above address. In addition, under certain circumstances, you may request your data to be rectified or deleted. You are also entitled to restrict the processing of your data and to have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format.
You have the right to object to the processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you can object to the processing of data on compelling legitimate grounds relating to your particular situation.
You have the option to complain either to the data protection officer specified above or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:
Hamburg Commissioner for Data Protection and Freedom of Information
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will take place only if the EU country is deemed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal data protection rules, or EU standard contractual clauses) are in place.
Based on risk-related information we ask you to provide in your application, we make fully automated decisions, for example, as to whether to enter into a contract or the amount of the insurance premium.
You have the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.
If you are living in Switzerland we recommend visiting our Swiss website. There you are given valuable information and you can take out all travel insurances online.
For legal reasons you are not allowed to book travel insurances on our German website. We apologize for the inconvenience.