Privacy policy of HanseMerkur

We at HanseMerkur take the protection and security of your data very seriously. Find out about your rights and the measures we have taken to protect you: The data controller within the meaning of the General Data Protection Regulation (EU-GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

HanseMerkur Reiseversicherung AG

Siegfried-Wedells-Platz 1
20354 Hamburg
Tel.: +49 40 4119-1919
Fax: +49 40 4119-3040

The data protection officer of the data controller is:
Mr Thomas Prigge
To contact the data protection officer, please use the above address or send an email to:

Thank you for visiting our website. We are committed to protecting and respecting your privacy and we want you to feel secure. We collect, process or use your personal data in compliance with applicable laws and regulations. This privacy statement applies only to this website. It does not apply to websites linked or referred to from this website. You can find information about your rights here.

1. Provision of the website and creation of log files

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • Information about the browser type and version used
  • User’s operating system
  • Internet service provider of the user
  • IP address of the user
  • Date and time of access
  • Websites from which the user accessed our website
  • Websites accessed by the user's system via our website

The log files contain IP addresses or other data that can be traced back to the user. This could be the case, for example, if the link to the website from which the user accesses the website or the link used to switch to another website contains personal data. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. HanseMerkur cannot use this data to trace it back to you without involving your provider. For example, you can use the premium calculator "anonymously".

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f of the General Data Protection Regulation (GDPR).

Purpose of data processing: The temporary storage of the IP address by the system is necessary to display the website on the user’s computer. To do this, it is necessary to store the user’s IP address for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The data will be deleted when they are no longer necessary for the purposes for which they were collected. Where the data is collected for the purpose of providing the website, the data will be deleted at the end of the respective session.

If the data is stored in log files, they will be deleted after seven days at the latest. Data may be stored for other purposes. In this case, the IP addresses of the users are deleted or anonymised to prevent them from being traced to the calling client.

Collecting data for the purpose of providing the website and storing the data in log files is essential for the operation of the website. Users, therefore, do not have the option to object in this case.

2. Provision of the website and creation of log files

The data given by you within the framework of the conclusion of an insurance contract will be processed for handling processes within the booking process and for any subsequent insurance pay-out process. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

The following customer data will be collected and saved by us:

  • Personal data (e.g. name, address, date of birth, e-mail address)
  • Travel information (e.g. travel date, travel destination, travel price, travel booking date)
  • Payment information (e.g. account holder, IBAN & BIC / credit card number, credit card company, credit card holder)
  • Date when the insurance was taken out

The legal basis for the data processing is Art. 6(1)(b) of the GDPR. The processing is necessary for the conclusion and the fulfilment of the contract.

3. Reporting of a claim via the website

The data given by you during a claim within the framework of the online reporting of a claim on our website will be processed to handle the insured event. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

The legal basis for the data processing is Art. 6(1)(b) of the GDPR. The processing is necessary to handle the insured event.

If special categories of personal data e.g. health data are collected, we will obtain your consent pursuant to Art. 9 (2) (a) in conjunction with Art. 7 of the GDPR.

4. Use of cookies

When you visit some websites, so-called cookies are stored on your computer. Cookies are small text files used by website operators to store relevant data to make the browsing experience more efficient and enjoyable. Cookies cannot be read by a website other than the one which set it. HanseMerkur does not store any of your personal data in cookies. The maximum lifetime of cookies is 90 days. At the end of this period they are deleted automatically. Every time you visit a website, a new cookie is set. If there is an existing cookie, the information is updated. This is equivalent to deleting and setting a new cookie.

The purpose of using technically necessary cookies is to facilitate the use of the website. Without the use of cookies we would not be able to offer some functions and features of our website. Cookies also help to recognise your browser again after you visit a different website.

The analysis cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to constantly improve the content of our website.

Advertising cookies are used to provide you with personalised ads.

When users visit our website, they see a banner informing them about the use of cookies for analytical purposes, which includes a link to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.

How can I manage cookies?

As an Internet user, you can decide whether you want to accept cookies or reject them altogether. However, if you disable cookies, we can no longer guarantee the proper display of the website or the availability of all functions and features.

Cookies are stored on the user's computer and transmitted to our site. This gives you as the user full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

What types of cookies do we use?

We use four types of cookies: Essential cookies, functionality cookies, performance cookies and advertising cookies.

We use essential cookies (session cookies) to facilitate the general use of our website. To do this, we record certain actions performed by the user. These cookies are necessary for functional navigation on the website and for the use of certain website functions. This makes it easier for the user to visit our website, as it makes it more convenient to use the various areas on our website.

Functionality cookies (session cookies) allow us to tailor our website to the personal preferences of our users by recording the inputs and choices made, such as the name, location or language settings. These preferences are valid only for our website and cannot be used by other websites.

Performance cookies (persistent cookies) help us measure the traffic and functionality of our website. The information supplied by these cookies helps us understand what parts of our website users visit most frequently and whether any error messages appear on these pages. This helps us to provide visitors with a better user experience.

We use advertising cookies (persistent cookies) to show users tailored adverts. We also use these cookies to understand how frequently a user sees certain ads.

Information about session cookies and persistent cookies

Session cookies store information that is used during the current browsing session. These cookies are automatically deleted when you close the browser. Persistent cookies store information between subsequent visits to the website to identify you as a returning user.

Basic information about cookies:

You can prevent the setting of cookies – and thus your browser from storing and collecting data – by disabling the storage of cookies in your browser.

4.1 Etracker

This website uses the technologies of etracker GmbH ( to collect and store data for marketing purposes and to optimise users' experience. They use cookies that enable a statistical analysis of the utilisation of this website by its users, as well as a display of usage-related content or advertisement.

The data generated as a result are processed and saved solely in Germany by etracker on our behalf and are thus subject to strict German and European data privacy laws and standards. etracker was independently audited and certified in this regard and was awarded the data privacy quality seal ePrivacy.

Data are processed as per the legal provisions of Art. 6 Para. 1 (f) (legitimate interest) of the EU General Data Protection Regulation (EU GDPR). Our concern in the sense of the EU GDPR (legitimate interest) is the optimisation of our online offering and our website. Since the private sphere of our visitors is important to us, data that may allow conclusions to be made about any specific person, such as IP addresses and login or device IDs, are anonymised or pseudonymised as soon as possible. The data are not used for other purposes, etracker does not merge them with its own or other data, and they are not passed on to third parties.

You can object to the data processing described above at any time, insofar as it is done in a person-related manner. I object to the processing of my personal data with etracker on this website.

For more information on privacy at etracker please click here.

4.2 Google Adwords

Our website uses Google AdWords and Google Tag Manager to provide personalised, interest and location-related online advertising.

4.3 IntelliAd Webtracking

This website uses the web analytics service with bid management provided by intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich, Germany. To customise and optimise this website, anonymised user data will be recorded, aggregated and stored and used to create user profiles. When intelliAd tracking is used, cookies are stored locally. The anonymised user data and profiles can be used by the website operator as well as by other customers of intelliAd to identify user interests, but it cannot be used to identify you as the website visitor. You have the right to object to the storage of your (anonymously collected) user data also with effect for the future. To do this, use the intelliAd Opt-Out.

5. Newsletter

We will send you our free sales partner newsletter only with your express consent. Subscription to our newsletter may be terminated by the data subject at any time. You can unsubscribe by clicking on the unsubscribe link provided in every newsletter.

When you subscribe to our newsletter, the data is entered into an input mask and transmitted to us. In addition, we collect the following information: IP address of the calling computer and date and time of subscription. The collection of other personal data during the subscription process serves to prevent misuse of the service or the email address used. The legal basis for processing the data following the user's subscription to the newsletter is Art. 6 (1) lit. a GDPR. The data will be deleted when they are no longer necessary for the purposes for which they were collected. Accordingly, the email address of the user will be stored only as long as the subscription to the newsletter remains active.

We use the services of die direkten GmbH and kajomi GmbH for newsletter mailing.

6. Customer and product reviews

We have integrated company and product reviews on our website to give our customers the opportunity to post review insurance. At the same time, we want to improve our internal quality management. When you click on the customer review link after completing your online booking or online application, you will be redirected to a questionnaire at eKomi. To prevent multiple reviews, we forward an anonymised ID to eKomi. eKomi also stores your IP address. eKomi is committed to handling your transmitted data in compliance with data protection regulations and takes all organisational and technical measures to protect your data. The data is processed in accordance with Art. 6 (1) lit. a GDPR. Your feedback will help us to improve this process and products for all customers on a continual basis.

7. Online presence in social media

HanseMerkur has an online presence in social networks and platforms. This makes it possible for us to communicate actively with our existing and prospective customers and to inform them about our services. We point out that when visiting the respective networks and platforms the terms and conditions of business and data processing guidelines of the respective operators apply.

Facebook On this website, we link to our presence on “Facebook” of Facebook Inc. (1601 S California Ave, Palo Alto, CA 94304 USA. If you click on our link and are logged into Facebook at the same time, this information will be assigned to your Facebook account. The same applies of course if you submit comments. The data privacy statement can be found here.

8. Security of your personal data when using this website

On our website, we provide a contact form and an online application, which can be used to send us a message or to take out an insurance policy directly via our website. If you use this option, the data you enter into the input mask will be transmitted to us and stored. The personal data that we collect through service functions and forms based on your consent to the collection, processing and use of your personal data are transmitted in encrypted form over a secure Internet connection to our computer, where they are stored and secured. The encryption process used complies with the latest technology standards (TLS or SSL). The other personal data processed during the sending is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

When you transmit your personal data – e.g. by submitting a claim notification, by using the HanseMerkur RechnungsApp (invoicing app), by making an online application, by requesting a quotation or advice and by confirming this privacy notice – you declare that you consent to the storage and processing of the data that you have submitted for the purpose of processing and responding to queries (where required) within the required scope. Depending on the matter in hand, it may be necessary to forward this data to authorised third parties, or to process it using an automated system.

Where we obtain the consent of the user to processing the data, the legal basis for data processing is Art. 6 (1) lit. a GDPR and with respect to online transactions, Art. 6 (1) lit. b GDPR. The legal basis for health data processing is Art. 9 (2) lit. a GDPR.

The data will be deleted when they are no longer necessary for the purposes for which they were collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter in question has been definitely resolved. The additional personal data collected during the sending process will be deleted at the latest after seven days.

Users are entitled to revoke their consent to the processing of personal data at any time.

9. Email use

Emails that you send us through your email application may under some circumstances be unencrypted. Please check the settings of your email application or consult your email provider. We routinely encrypt our email responses using transport layer security (TLS). We send unencrypted emails only if transport layer encryption is not supported by your provider. This form of encryption, however, is broadly supported by email providers.

If you prefer end-to-end encryption (S/MIME) of your email communications, we would be happy to set this up for you. To configure the secure connection, please send us a quick email to and we will take it from there.

For secure communications, we recommend the contact form on this website.

Rights of data subjects

You can request information about the personal data we hold about you by writing to the above address. In addition, under certain circumstances, you may request your data to be rectified or deleted. You are also entitled to restrict the processing of your data and to have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format.

Right to object

You have the right to object to the processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you can object to the processing of data on compelling legitimate grounds relating to your particular situation.

Right to complain

You have the option to complain either to the data protection officer specified above or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:

Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6,
20095 Hamburg

< back