By means of this statement we are informing you (in particular as policyholders, contracting parties, injured parties and claimants, beneficiaries of our customers, negotiating partners, brokers, interested parties, investors, suppliers, service providers, lessees, guests, other visitors, participants in an (online) event as well as contact persons for the aforementioned groups) about the processing of your personal data that we, as Hannover Rück SE, have received directly and/or indirectly and about the rights to which you are entitled under data privacy law.
We would further ask you to bear in mind our additional data privacy statements on our website under "Data privacy", including those for shareholders, in connection with the use of our website and online services and with regard to video surveillance.
In specific cases we also provide information in accordance with international data privacy laws, such as the California Consumer Privacy Act (CCPA). These data privacy notices can be found on our website with respect to the relevant worldwide locations of our corporate group.
1. Responsible data controller
Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover
Tel. +49 511 5604-0
Fax +49 511 5604-1188
www.hannover-re.com
You can reach our Data Protection Officer by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox at privacy[at]hannover-re.com.
2. Purposes and legal bases of data processing
We process your personal data in conformity with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant laws.
Insurance undertakings may pass on part of their risks from insurance contracts to reinsurers in order to actively manage their insured portfolio and so as to be able to fulfil their obligations to indemnify under the insurance relationships at all times. For the purpose of properly establishing, implementing or terminating a reinsurance treaty, we normally receive from your insurer only anonymised data. Insofar as anonymous data do not suffice for the specified purposes, we receive the data from the insurance application or relationship in pseudonymised form.
We receive your personal data primarily only to the extent that this is necessary for the purposes of the reinsurance. In particular, this may occur for the following reasons:
Furthermore, we require your personal data for the compilation of insurance-specific statistics, for example for the development of new tariffs or for the fulfilment of supervisory requirements, in order to organise your visit to our premises as well as to issue invitations and facilitate your participation in our (online) events.
The legal basis for the processing of personal data for the aforementioned purposes is Art. 6 (1) b) GDPR, insofar as processing is necessary for the initiation, fulfilment or settlement of a contractual relationship with you. This also includes the constellation in which formation of the reinsurance treaty is necessary for materialisation or fulfilment of your insurance contract with another insurer. If processing occurs in order that your insurer can comply with supervisory requirements or assure you of its performance capability through formation of a reinsurance treaty or so that we can conduct internal statistical analyses, the legal basis is Art. 6 (1) f) GDPR, as appropriate in conjunction with Art. 6 (4) GDPR. If you have otherwise consented to data processing, the legal basis is Art. 6 (1) a) GDPR. Insofar as special categories of personal data (e.g. data concerning your health when taking out a life insurance contract) are required to this end, your insurer will as a matter of principle obtain your consent pursuant to Art. 9 (2) a) in conjunction with Art. 7 GDPR. If we compile statistics with these categories of data, this is done on the basis of Art. 9 (2) j) GDPR in conjunction with Section 27 BDSG or Art. 5 (1) b) in conjunction with Art. 6 (4) GDPR.
Further purposes for which personal data are processed include, most notably, for the administration of shareholders and members of bodies required by law or the articles of association, suppliers and service providers, interested parties / newsletter subscribers as well as for the offering of media services and real estate / building management and property security. These processing operations are conducted on the legal basis of Art. 6 (1) GDPR.
We also process your data in order to safeguard our legitimate interests or those of third parties (Art. 6 (1) f) GDPR). In particular, this can be necessary:
Above and beyond this, we process your personal data in order to fulfil legal requirements such as supervisory standards and retention obligations under commercial and tax law or the cross-checking of your data against so-called sanctions lists in order to comply with legal stipulations for combating terrorism (e.g. Council Regulation (EC) No. 2580/2001). In this case the relevant legal provisions in conjunction with Art. 6 (1) c) GDPR serve as the legal basis for such processing.
Should we wish to process your personal data for a purpose not specified above, we shall inform you in advance within the framework of the applicable legal provisions.
3. Sources of personal data
As a general principle, your data are passed on to us by your insurer within the scope of the aforementioned purposes. In addition, we also make use of databases from third-party providers in conformity with legal provisions. Furthermore, we use data from publicly accessible sources, especially for the evaluation of large losses or for accumulation control.
4. Categories of personal data
Essentially, the following data and data categories are collected, processed and used:
5. Categories of recipients of personal data
In order to fulfil our contractual and legal obligations we utilise to some extent external service providers in the following categories:
In addition, we may transfer your personal data in specific cases to other recipients. These include, for example, public authorities in order to fulfil statutory duties of notification or other reinsurers to whom we transfer risks (retrocessionaires).
6. Duration of data storage
We erase your personal data as soon as they are no longer needed for the aforementioned purposes. In this context it may occur that personal data are stored for the period in which claims can be asserted against our company (statutory limitation period of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding documentation and retention duties derive from, among other things, the Commercial Code, the Fiscal Code and the Money Laundering Act. The retention periods under such laws are up to ten years.
7. Data transfer to a third country
If we transfer personal data to an undertaking/service provider and/or authorities outside the European Economic Area (EEA), the transfer only takes place if the European Commission has confirmed that the third country ensures an adequate level of data protection or other adequate data protection safeguards (e.g. mandatory internal corporate data protection rules or EU standard contract wordings) are in place. Detailed information in this regard and concerning the level of data protection at our service providers in third countries can be requested from the contact information specified above.
8. Automated decision-making and profiling
We process your data on a partially automated basis in order to support decision-making by our employees in certain situations. Should we fully automate these operations in the future, we shall inform you accordingly in advance so that you can safeguard your rights.
9. Rights of data subjects
You may require information about the data stored on your person by contacting the address specified above. In addition, you may, under certain circumstances, require the rectification or erasure of your data. Furthermore, you may be entitled to a right to restrict the processing of your data as well as a right to be provided with the data made available by you in a structured, commonly used and machine-readable format. Consent that has been given may be withdrawn at any time with future effect.
If we process your data to protect legitimate interests, you may register your objection to this processing with our Data Protection Officer at the aforementioned address if there are reasons associated with your particular situation that oppose such data processing. We shall then no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing which outweigh your interests, rights and freedoms, or if the intention of processing is to assert, exercise or defend legal claims.
11. Right to complain
You have the option to complain to the Data Protection Officer specified under Item 1 or a responsible data protection supervisory authority.
The data protection supervisory authority responsible for our company is the Data Protection Commissioner for the State of Lower Saxony:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: poststelle[at]lfd.niedersachsen.de
12. Local specificities
Insofar as country-specific peculiarities need to be observed for the processing of your data, you will find them in the country-specific sections of our website.
13. Reservation of right of modification
We reserve the right to modify these data privacy rules at any time within the limits set by applicable laws.
Information as of November 2020
We provide below specific data privacy information for shareholders of Hannover Re and their representatives regarding use of our registration and Shareholder Portal as well as participation in our Annual General Meeting.
In addition, we refer to our "General Data Privacy Statement pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR)" on our website.
1. Responsible data controller/contact information for the data protection officer
Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover, Germany
E-mail: Hauptversammlung[at]hannover-re.com
You can contact Hannover Re's data protection officer by post using the aforementioned address (please add the address line "Group Data Protection Officer") or via e-mail at: privacy[at]hannover-re.com
2. Purposes and legal bases of data processing, categories of data processed
Hannover Re processes your personal data in conformity with the EU General Data Protection Regulation (GDPR), the German Data Protection Act (BDSG), the relevant legal provisions governing the European Company (SE) such as the Statute for a European Company Regulation (SE Regulation), the German Stock Corporation Act (AktG) and other relevant legal provisions.
The shares of Hannover Re are no-par-value registered shares. In accordance with Section 67 AktG, personal data must be entered in the Company's share register when issuing such registered shares. This personal data consists of the shareholder's first name and surname, postal and electronic address details, shareholder's date of birth as well as the specification of the number of shares or stock number. In accordance with Section 67 (1), sentence 2 AktG, the shareholder is required to provide this information to the Company. This notification is usually provided by the credit institutions involved in the purchase/sale and safekeeping of the shares. The credit institutions pass this information on to Hannover Re via Clearstream Banking AG, Frankfurt, which, as the central securities depository, oversees the technical processing of securities transactions and the safekeeping of shares for the credit institutions. Insofar as shareholders provide personal data of authorised representatives to Hannover Re (e.g. in the context of registration for the Annual General Meeting), this data is collected and stored accordingly (normally the first name and surname as well as the address).
Personal data is processed primarily for purposes of stock corporation law, commercial law and tax law such as:
Data processing takes place on the legal basis of Article 6 (1) c) and (4) GDPR in conjunction with the German Stock Corporation Act (AktG), in particular Section 67 and Section 118a AktG (realisation of a virtual Annual General Meeting). Primarily, the personal data is processed for the proper preparation and execution of the virtual Annual General Meeting in order to enable you to exercise your respective rights in connection (in particular for the registration, electronic exercise and confirmation of voting rights, the granting, amendment and revocation of authorisations and, if applicable, instructions for participation, the exercise of the right to speak and the right to information by way of video communication and the electronic possibility to object to resolutions of the Annual General Meeting as well as for the tracking of its complete transmission in video and audio).
In individual cases, Hannover Re also processes your data in order to safeguard legitimate interests in accordance with Article 6 (1) f) GDPR. This is the case, for example, if personal data is processed for statistical purposes, for example regarding changes in the shareholder structure or trading volumes, or if, in connection with capital increases, we are required to exclude certain shareholders from information concerning rights offerings due to their nationality or place of residence so as to adhere to securities regulations of such countries.
If you make use of the electronic registration process for the Annual General Meeting via our Shareholder Portal, we will process your data in this respect with your consent pursuant to Article 6 (1) a) in conjunction with Article 7 GDPR. Your consent is voluntary. You may withdraw the consent that you have given at any time with effect for the future. However, we would point out that if you withdraw your consent it may no longer be possible for us to make the Shareholder Portal available to you completely or in part.
When using the Shareholder Portal, data is stored in a log file (in particular, IP address, time stamp, actions performed, shareholder number (encrypted), session ID, and possible error logs) in order to operate the portal securely.
The Shareholder Portal also uses cookies, which are essential for the operation of the portal. Cookies are used exclusively by Hannover Re and not by the portal service-provider itself. Section 25 (2) No. 2 of the German Telecommunications and Telemedia Data Protection Act (TDDSG) forms the legal basis for such data processing.
We use the following technical cookies without your explicit consent, as they are necessary for the failure-free operation of our website:
WebSessionID: Support for error analyses / investigation of cyber attacks
JSESSIONID: Identification of the user during navigation steps within the application
HideCookieNotice: Control the hiding of the cookie banner
If we intend to process your personal data for any other purpose, we will inform you in advance within the scope of the legal provisions.
Annual General Meeting (AGM)
In the context of a shareholder's registration for the Annual General Meeting, Hannover Re processes the necessary data stored in the share register as well as the data provided as part of registration or communicated on this occasion by the respective custodian bank (in particular first name and surname, place of residence or address, e-mail address, number of shares, class of shares and type of ownership).
The Annual General Meeting shall be held as a virtual Annual General Meeting pursuant to Section 118a of the German Stock Corporation Act (AktG) without the physical presence of the shareholders or their proxies (with the exception of the proxies appointed by the Company).
If a shareholder requests that items be placed on the agenda, Hannover Re will publicise these items, stating the name of the shareholder, if the requirements pursuant to the German Stock Corporation Act (AktG) are met. Likewise, Hannover Re will make countermotions and nominations by shareholders available on the website of Hannover Re, stating the name of the shareholder, if the requirements pursuant to the German Stock Corporation Act (AktG) are met (Article 56 Sentence 2 and Sentence 3 SE Regulation, Section 50 (2) German SE Implementation Act (SEAG), Sections 122 (2), 126 (1), 127 AktG).
3. Categories of recipients of personal data
External service providers:
Hannover Re makes use of external service providers for the management of the share register and for technical matters connected with holding the Annual General Meeting. Examples of the tasks performed by service providers that we commission in this regard are:
Additional recipients:
In the context of Hannover Re's AGM a list of attendees is compiled containing personal data of the participants. Pursuant to Section 129 AktG (4), the list must be made available to all attendees before the first vote, and in the case of a virtual AGM, to all shareholders and representatives of shareholders who are electronically connected to the meeting. Each shareholder shall be granted access to the list of attendees upon request for up to two years after the AGM.
Furthermore, personal data is disclosed in accordance with legal requirements in connection with the exercise of shareholder rights. This is the case in the context of publishing requests to amend the agenda (Article 56 SE Regulation in conjunction with Section 124 (1) AktG) as well as countermotions and election nominations received from shareholders (Article 53 SE Regulation in conjunction with Sections 126 and 127 AktG). Insofar as shareholders are given the opportunity to ask questions by means of electronic communication during the virtual Annual General Meeting, this will be announced on the basis of Article 53 SE Regulation in conjunction with Section 131 (1) and (1f) AktG. In addition, it may become legally necessary to pass on your personal data to other recipients such as public authorities in the event of certain facts and circumstances applying (e.g. if statutory voting rights thresholds are exceeded, to financial authorities or criminal prosecution authorities).
4. Data transmission to a third country
The transfer of shareholders' personal data to countries outside the European Economic Area (EEA) is not envisaged. Should, however, your personal data be transferred to third countries, such transfer will only take place if the third country has been confirmed by the European Commission as having an appropriate level of data protection, if other appropriate data protection guarantees (e.g. mandatory internal company data protection regulations or EU standard contractual clauses) are in place or if this is permitted based on a legally recognised exception for certain cases, e.g. if shareholder communications are also transmitted to shareholders in third countries and these communications contain personal data (in particular motions for the Annual General Meeting with disclosure of the name of the person proposing the motion) or if it is necessary for the establishment, exercise or defence of legal claims.
5. Duration of data storage and criteria for determining such duration
Your personal data is deleted as soon as it is no longer required for the purposes mentioned above. This does not apply if and to the extent that statutory obligations to provide evidence and to retain data (e.g. under the German Stock Corporation Act, Section 257 of the German Commercial Code, Section 8 of the German Money Laundering Act or Section 147 of the German Fiscal Code) oblige us to retain the data for a longer period of time or if the data is relevant for judicial or extrajudicial proceedings, for example in the case of actions for avoidance or nullity; in these cases, we shall retain the data for as long as the relevant obligations to provide evidence and to retain data exist or until the relevant proceedings, including any enforcement proceedings, have been finally and conclusively concluded by a court of law or otherwise.
Data stored in the share register will be stored for the holding period and a period of ten years following the complete sale of your shares based on the legal documentation and retention obligations and subsequently anonymised. Based on the legal principles governing the statute of limitations, this can lead to a storage period of three to thirty years (Section 199 of the German Civil Code).
For personal data arising in connection with Annual General Meetings, the period of storage is normally up to three years. Insofar as you authorise the representative exercising voting rights designated by the Company for the Annual General Meeting, there is a statutory requirement to record the data used to document the authorisation in a verifiable form and retain it under access protection for three years (Section 134 (3) sentence 5 AktG). Wherever possible, your personal data is kept in an anonymised form.
Retention periods commence at the end of the calendar year in which the event triggering the retention period occurs (e.g. termination of shareholder status).
6. Automated decision-making and profiling
Automated decision-making and profiling is not currently envisaged. Should automated processing of your personal data involve such data being used to evaluate, analyse or predict certain personal aspects relating to you, this is known as profiling. In the event of changes Hannover Re will inform you in accordance with the legal requirements.
7. Rights of data subjects
You can request information regarding the personal data stored about you from the aforementioned address. Under certain conditions, you can also request that your data be corrected or deleted.
You may also have the right to restrict the processing of your data and to have the data that you made available provided to you in a structured, commonly used and machine-readable format. Consent that has been given may be withdrawn at any time with future effect. Further legal information regarding your data can be found in Article 15 ff GDPR and Sections 67, 67 e AktG.
You can access our Shareholder Portal directly at www.hannover-re.com/shareholder-portal or via our Company's homepage. The Shareholder Portal gives you access to the most important personal information recorded about you in the share register; you can inform us of any corrections here or via the aforementioned address.
If we process your data to protect legitimate interests, you may register your objection to this processing with our data protection officer at the aforementioned address if there are reasons associated with your particular situation that could mean such data processing is inappropriate. We shall then no longer process your personal information unless we can demonstrate compelling and legitimate grounds for processing which outweigh your interests, rights and freedoms, or if the intention of processing is to assert, exercise or defend legal claims.
9. Right to complain
You have recourse to our data protection officer (contact details as above) or a data protection supervisory authority.
The responsible data protection supervisory authority for Hannover Re is:
Der Landesbeauftragte für den Datenschutz Niedersachsen (Data Protection Commissioner for Lower Saxony)
Prinzenstrasse 5
30159 Hannover, Germany
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: poststelle[at]lfd.niedersachsen.de
10. Reservation of the right of modification
We reserve the right to modify this data privacy information at any time within the limits set by applicable laws.
Information valid as of February 2024
In the following we provide you with specific information in connection with your use of our website, corporate presence in social media and online collaboration tools. In addition, we would refer to our General Data Privacy Statement pursuant to Articles 13 and 14 EU General Data Protection Regulation (GDPR).
1. Responsible data controller / Contact information for the Data Protection Officer
Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover
Phone +49 511 5604-0
Fax +49 511 5604-1188
www.hannover-re.com
Our Data Protection Officer can be reached by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox at privacy[at]hannover-re.com.
2. Purposes and legal bases of data processing
Data processing operations in connection with our website are intended primarily to enable you to visit our website without encountering any problems and are also carried out for purposes of IT security and Web analytics.
Insofar as you have consented to data processing, the legal basis of the respective data processing operations is Art. 6 (1) a) GDPR (consent).
We would additionally make reference to Art. 6 (1) f) GDPR (legitimate interest) as a legal basis. It is our legitimate interest to process such data that are necessary during your visit for the smooth operation of our website and for purposes of IT security. Further information on the purposes and legal bases of individual data processing operations is provided in the corresponding sections below.
3. Categories of data, use of cookies, Web analytics
The following connection and device data of visitors to our website is processed using cookies and Web analytics:
Cookies are small files that we send through your Web browser to your computer's hard drive and which we can read during your current visit to our webpages and upon subsequent visits.
You can prevent cookies being saved by setting your browser software accordingly; in this case, however, you may not be able to use all the functions of this website.
We use the following technical cookies without your explicit consent because they are necessary for the proper functioning of our website:
Matomo
In addition to these technical cookies, we use the analytics tool Matomo for Web analytics purposes in order to optimise for you the Web contents that we offer and in particular how they are presented. The analytics tool Matomo (further information at: http://matomo.org) uses cookies to analyse user behaviour. This analysis is, however, conducted on an anonymised basis because we use the "anonymizeIP" plugin to ensure that IP addresses are always logged anonymously (so-called IP masking). This step blanks the last two bytes of your IP address (e.g. 123.456.xxx.xxx).
Siteimprove Analytics
If you have activated cookies for website analysis, we use Siteimprove Analytics on this website, a web analysis service of Siteimprove GmbH, Kurfürstendamm 56, 10707 Berlin, Germany. We use Siteimprove Analytics to analyse website use by users in order to monitor the functionality of our websites (e.g. accessibility of our texts, functionality of links, etc.) and to provide our visitors with the most pleasant and useful experience possible. For example, your anonymised IP address, the URL visited, page title, length of stay and other statistical data are temporarily collected, which are used exclusively for quality checks. Their evaluation helps us to continuously improve our services for you.
Further applications
We make use of services offered by external service providers in connection with the HTML Annual Report and the Applicants' Portal. In both cases, further cookies are placed on your computer when accessing the HTML Annual Report or upon registering with the Applicants' Portal. These areas are, however, subject to separate Data Privacy Statements of which you will be informed when making use of the respective service offer.
4. Source, collection and processing of your data
Only personal data technically transmitted to us by you in the context of your visit to our website is processed in connection with the operation of our website.
We collect your data in various ways:
Access data and server log files
In order to technically optimise the utilisation of our website, we require information about which technical tools are used to access which of our webpages. We store this data in so-called server log files. Unless otherwise required by law, the storage period is 12 months. The data does not include any personal information.
Subscription to our e-mail notification service
If you are a subscriber to our Notification Service, you receive e-mail notifications of the latest press releases that you can access under www.hannover-rueck.de or www.hannover-re.com. We use the data provided by you for this purpose solely for sending our e-mail notifications. You may choose to stop receiving these notifications at any time by sending an e-mail to privacy[at]hannover-re.com. In addition, each e-mail notification contains a link via which you can cancel the receipt of these e-mails.
Direct inquiries using contact forms or via e-mail
Inquiries that we receive via contact or order forms or which you send directly to a contact person at the Hannover Re Group are forwarded as necessary by us internally within the Group to the relevant responsible area.
In view of our global presence, the responsible area may be located outside the European Economic Area (EEA). In this case too, however, your data is used solely to respond to your particular inquiry and in accordance with the relevant applicable statutory provisions. In this respect, our binding corporate rules safeguard the necessary level of data privacy also in connection with such data transfers.
All data that you transmit using the e-mail form on our website is encrypted to protect it against misuse by third parties. We currently use TLS (Transport Layer Security (formerly SSL, Secure Sockets Layer)) encryption as recommended by the Federal Office for Information Security (BSI). We cannot, however, guarantee the security of data transmitted to us over the Internet.
5. Third-party contents and technologies, social media
You also have the possibility to follow us on YouTube, XING and LinkedIn. For information about the purpose and scope of data collection and the further processing and use of the data by the respective social network as well as your rights and setting options to protect your private sphere, please consult the data privacy statements / notices of the relevant social network, for which we have provided corresponding links below:
6. Use of videoconferencing and collaboration tools
We use the videoconferencing and collaboration apps Microsoft Teams and Cisco Webex Teams for online collaboration within the Hannover Re Group and with external guests.
Purposes of data processing
The following personal data is processed
Legal bases of data processing
Categories of recipients of personal data and further information on data protection
The providers of the online collaboration platforms, the providers of the apps made available on these platforms as well as the external participants / cooperation partners are recipients of the personal data used through these services and/or shared with them.
7. Period of data storage
The connection and device data is stored in log files for a period of 12 months. It may otherwise be noted that we erase your personal data as soon as they are no longer required for the aforementioned purposes. It may occur that personal data is stored for the period in which claims can be asserted against our company (statutory limitation period of three or up to thirty years). In addition, we store your personal data to the extent required by law.
8. Data transfer to a third country
If we transfer personal data to companies / service providers and/or authorities outside the European Economic Area (EEA), such transfer will only take place if the third country has been confirmed by the European Commission as having an appropriate level of data protection or if other appropriate data protection guarantees (e.g. mandatory internal corporate data protection rules or EU standard contract wordings) are in place. Detailed information in this regard and concerning the level of data protection at our service providers in third countries can be requested from the aforementioned contact information.
9. Automated decision-making and profiling
We process your data on a partially automated basis in order to support our employees' decision-making in certain situations. Should we fully automate these operations in the future we shall inform you accordingly in advance in order to enable you to exercise your rights.
10. Rights of data subjects
You can request information about the data stored on your person from the aforementioned address. Under certain conditions, you can also request that your data be rectified or erased. You may also have the right to restrict the processing of your data and to have the data that you made available provided to you in a structured, commonly used and machine-readable format. Consent that has been given may be withdrawn at any time with future effect.
If we process your data to protect legitimate interests, you may register your objection to this processing with our Data Protection Officer at the aforementioned address if there are reasons associated with your particular situation that oppose such data processing. We shall then no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing which outweigh your interests, rights and freedoms, or if the intention of processing is to assert, exercise or defend legal claims.
12. Right to complain
You may address a complaint to our Data Protection Officer (contact information as above) or a competent data protection supervisory authority.
The data protection supervisory authority responsible for our company is:
Die Landesbeauftragte für den Datenschutz Niedersachsen (Data Protection Commissioner for Lower Saxony)
Prinzenstraße 5
30159 Hannover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: poststell[at]lfd.niedersachsen.de
13. Reservation of right of modification
We reserve the right to modify these data privacy rules at any time within the limits set by applicable laws.
Information valid as of November 2020
By means of this notice we are informing you about the processing of personal data by Hannover Rück SE insofar as it may be possible for us in certain cases to associate a recording with individual persons in the context of video surveillance. In addition, we would refer to our General Data Privacy Statement pursuant to Art. 13 and 14 EU General Data Protection Regulation (GDPR).
1. Responsible data controller
Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover
Tel. +49 511 5604-0
Fax +49 511 5604-1188
You can reach our Data Protection Officer if you have any questions regarding this notice by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox at privacy[at]hannover-re.com.
2. Purposes and legal bases of data processing
We process personal data in conformity with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other relevant laws.
Video surveillance takes place to protect domiciliary rights and our own legitimate interests or those of third parties (Art. 6 (1) f) GDPR) in assuring the necessary high standards of safety and security. Insofar as video surveillance takes place in the context of the employment relationship with employees to whom the corresponding Company Agreement on Video Surveillance applies, Art. 88 GDPR in conjunction with Section 26 (4) BDSG additionally constitutes the legal basis of data processing. Hannover Rück SE is responsible for the safety of employees and the security of property on and at our office premises.
Recording in the context of video surveillance primarily serves to protect premises, persons and property, facilitate access control as well as to identify and avert technical problems. Recordings may also be used in the prosecution of crimes (e.g. in cases of burglary or property damage).
3. Location of video surveillance
Camera equipment has been installed, in particular, in the areas where visitors enter our office premises, at the access points to the underground parking garages, in parking areas and delivery zones, at emergency exits and at the staff entrances/exits. Audio is not recorded.
Camera installations that facilitate the monitoring of publicly accessible areas are made identifiable by appropriate signage.
4. Recipients of the data
Only a small number of authorised persons on our Facility Management team are permitted to access the recordings made by the camera equipment. The Employee Council and the Data Protection Officer are also integrated into the procedure.
5. Duration of data storage
Video recordings are stored for a period of at most 7 days and then automatically erased through re-recording, unless one of the purposes defined for storage exists or, as appropriate, longer retention is necessary due to forwarding to the police or other regulatory agencies.
6. Rights of data subjects
You may require information about the data stored on your person by contacting the address specified above. In addition, you may, under certain circumstances, require the erasure of your data. Furthermore, you may be entitled to a right to restrict the processing of your data.
If we process your data to protect legitimate interests, you may register your objection to this processing with our Data Protection Officer at the aforementioned address if there are reasons associated with your particular situation that oppose such data processing. We shall then no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing which outweigh your interests, rights and freedoms, or if the intention of processing is to assert, exercise or defend legal claims.
8. Right to complain
You have the option to complain to the aforementioned Data Protection Officer or to a responsible data protection supervisory authority.
The data protection supervisory authority responsible for our company is the Data Protection Commissioner for the State of Lower Saxony:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Phone: +49 511 120 45 00
Fax: +49 511 120 45 99
E-mail: poststelle[at]lfd.niedersachsen.de
9. Reservation of right of modification
We reserve the right to modify these data privacy rules at any time within the limits set by applicable laws.
Information as of November 2020
1. Data privacy policy in connection with our use of social media (LinkedIn)
This data privacy policy applies to our social media presence on the social network LinkedIn of LinkedIn Ireland Unlimited Company (hereinafter also referred to as "platform operator") available at https://www.linkedin.com/company/hannover-re.
Our social media presence is operated under joint control with the platform operator in terms of data protection law. For the essential content of our corresponding agreement pursuant to Art. 26 GDPR on joint control with the platform operator, please refer to Section 12 of this data privacy policy below.
We would like to point out that you use the service of the platform operator (including the available functions) on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
Even though we inform you about data protection at the platform operator under transparency aspects, this data privacy policy is limited to such data processing and purposes that are determined or carried out by us.
With regard to other data processing and purposes over which we have no influence and which are determined and carried out by the platform operator alone, we refer to the contact details below and linked data protection information of the platform operator.
If you have any further questions regarding data protection, please also refer to our General Data Privacy Policy in accordance with Art. 13 and 14 of the EU General Data Protection Regulation (GDPR) on our website.
You can contact our data protection officer by post at our address with the addition - Data Protection Officer - or by e-mail via our data protection group mailbox at datenschutz[at]hannover-re.com.
2. Controller for the data processing
Hannover Rück SE
Karl-Wiechert-Allee 50
30625 Hannover
Germany
Phone +49 511 5604-0
Fax +49 511 5604-1188
www.hannover-re.com
and
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland
www.linkedin.com
3. General information on data processing by the platform operator
When you visit our social media presence, the platform operator collects, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us with statistical information about the usage of our social media presence.
The data collected about you in this context will be processed by the platform operator and may be transferred to countries outside the European Union or the European Economic Area. Which information the platform operator receives and how this information is used is described in general terms by the platform operator in its corresponding data privacy notices. There you will also find information on how to contact the platform operator, your rights as a data subject and how to place advertisements. The data protection information of the platform operator can be found under https://www.linkedin.com/legal/privacy-policy.
In which way the platform operator uses the data from your visit for its own purposes, to what extent activities on our social media presence are assigned to individual users, how long the platform operator stores this data and whether data from a visit to our social media presence is passed on to third parties can only be communicated to you by the platform operator for certain and is not conclusively known to us.
When you access our social media presence, the IP address assigned to your terminal device is transmitted to the platform operator. The platform operator also stores information about the terminal devices of its users (e.g. as part of the "login notification" function); if necessary, the platform operator may be able to assign IP addresses to individual users.
If you are currently logged on to the platform operator as a user, a cookie with an individual identifier is stored on your terminal device. This enables the platform operator to understand that you have visited this site and how you have used it. This also applies to all other pages of the platform operator (e.g. contacts or other company presences).
By means of buttons of the platform operator integrated into websites, it is possible for the platform operator to record your visits to these websites and to assign them to your profile on the platform. This data can be used to offer content or advertising tailored to your needs. If you want to avoid this, you should log out from the platform operator or deactivate the "stay logged in" function, delete the cookies on your device, close your browser and restart it. After a possible renewed registration, you will again be recognisable as a specific user by the platform operator.
4. Purposes and legal bases of data processing
Data processing in connection with our social media presence is carried out to increase the reach of our communication with employees and interested parties, for general presence in the social media sector, to enhance our image and increase our attractiveness as an employer and potential employer, and to evaluate whether and how many employees are associated with us as an employer in the social media sector.
The legal basis for the data processing is Art. 6 Para. 1 f) GDPR (legitimate interest). The pursuit and achievement of the above-mentioned purposes is our legitimate interest.
If you have consented to data processing in individual cases, the legal basis for the respective data processing is Art. 6 Para. 1 a) GDPR (consent). You can revoke your consent at any time with effect for the future to the person to whom you have given your consent.
5. Categories of data concerned
The personal data that you have provided to the platform operator is processed, in particular first and last name, profile image, function, country, industry, seniority, company size, possibly different profile name on the social network, interactions on the platform (e.g. follow, like, share) and times of the interactions. If you provide us with data directly, this may also be affected.
6. Origin, collection and processing of your data
If you have not provided us with personal data directly, the origin of the data is the platform operator, who collected the data from the users directly when they logged in/registered for the service. We process personal data by communicating with users (e.g. through employee news) or by recording the type and number of interactions on our social media presence. The specific type of processing depends on your particular interactions with our social media presence. In this respect we refer to the corresponding data privacy notices of the platform operator.
7. Duration of data storage
We have no influence on the deletion of your personal data by the platform operator. As long as you follow or interact with our social media presence, your data will be stored on the platform in a way visible to us. By deactivating your respective interaction or deleting your profile, you can ensure that the data is no longer accessible to us. Any storage beyond this does not take place through us. For further information, please refer to the relevant notes of the platform operator.
8. Transfer of data to a third country
Although the platform operator is based in Ireland, personal data is also transferred to the US and therefore to a so-called third country. In this case, the platform operator has agreed to carry out the transfer only if an adequate data protection guarantee in accordance with Articles 44 et seq. of the GDPR exists (e.g. Binding Corporate Rules or Standard Contractual Clauses of the European Commission). For detailed information on this, please see the contact details given above.
9. Rights of data subjects
You can request information about your personal data stored at the above address. In addition, under certain circumstances, you can demand the correction or deletion of your data. You may also have a right to restrict the processing of your data and a right to have the data you provide released in a structured, common and machine-readable format. You can revoke any consent you have given with effect for the future.
If we process your data to protect legitimate interests, you can object to this processing by contacting our data protection officer at the above address if your particular situation gives rise to reasons that speak against data processing. We will then no longer process your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms. Or the processing serves the assertion, exercise or defence of legal claims.
11. Right of appeal
You have the possibility to address a complaint to the above-mentioned data protection officer or to a competent data protection supervisory authority.
The data protection supervisory authority responsible for us is
The State Commissioner for Data Protection of Lower Saxony
Prinzenstrasse 5
30159 Hannover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail poststelle[at]lfd.niedersachsen.de
12. Use of "Page Insights”
We use the "Page Insights" function of the platform operator. When a LinkedIn user visits, follows, or engages with our presence on LinkedIn, LinkedIn processes the personal data provided by the user or arising from that use.
The "Page Insights" data provided by LinkedIn consists of aggregated data that cannot be easily traced back to individual users.
Essential content of the agreement of the joint controllers according to Art. 26 GDPR
The joint controllers have reached an agreement with the "Page Insights Joint Controller Addendum" in accordance with Art. 26 GDPR. This agreement applies if data subjects (members, users) from the European Economic Area and Switzerland are affected by the processing in question here. The agreement is available at https://legal.linkedin.com/pages-joint-controller-addendum.
LinkedIn guarantees the security of the processing of user data and the provision of "Page Insights" data by implementing appropriate technical and organisational measures. You can find further information here: https://security.linkedin.com.
Users can exercise their rights as data subjects through their account settings or by contacting LinkedIn directly.
LinkedIn agrees to assume responsibility under the EU Data Protection Regulation for the provision of the "Page Insights" function and will comply with all applicable obligations under the EU General Data Protection Regulation with respect to processing within the framework of "Page Insights" (including but not limited to Articles 12-22 and 32-34 of the GDPR).
This means that LinkedIn will, among other things, ensure that members are informed about the data processed. Furthermore, LinkedIn will support the right to information and deletion. LinkedIn will determine at its own discretion how to perform its obligations under this agreement.
As part of our responsibility, we will also comply with the applicable legal obligations, including the obligations arising from the EU General Data Protection Regulation.
The platform operator and we will cooperate in the processing of requests from data subjects.
Irrespective of the above-mentioned right of appeal to the data protection supervisory authority responsible for us, the platform operator and we determine as the so-called lead supervisory authority in accordance with Art. 56 GDPR: Irish Data Protection Commissioner, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.
13. Subject to change
We reserve the right to change these data protection regulations at any time within the framework of the applicable laws.
Status June 2020