1. Access and Data Processing

1.1 Access details

Upon commencement of its user licence, the Client will receive customer account details to access the On-line Services.

1.2 Data upload

In order to use the Editions, the Client transmits its risk data on its own responsibility to the On-line Services.

1.3 Data format

The data shall be in a predefined structure and format (templates can be found in the On-line Services) in order to ensure best results.

1.4 Result generation

The On-line Services will then automatically geocode the data, link it to CRESTA or to natural hazard information and provide various scores.

1.5 Result download
The Client may download the results (risk analyses and risk reports) as csv and/ or PDF files directly from the On-line Services.

2. Request Protocol

MR Service will record all location requests effected via the On-line Services (unique identifiers of relevant users, geolocations requested, time of effected requests) to allow accurate, use-based remuneration and in order to improve the functionalities of the On-line Services.

3. Technical Environment (Log-on Version and API Version)

Authentication & authorisation mechanisms OAuth2.0 authentication with a JWT Bearer token. Authentication by email and self-generated password via https.
User on boarding process and user access management features Invitation is sent to the user where he has to confirm his email and insert first name, last name and date of birth. In addition, a self-service user management portal (GRAM) can be used by an admin user to invite additional users from his company.
Type of On-line Services Software-as-a-Service (SaaS).
Confidentiality and data protection Multi-tenant solution with complete isolation & of customer account data, policy and configuration settings.
Details on cloud service Hosted on a public cloud in a member state of the European Union with connections to dedicated Munich Re on-premise systems.
Data security mechanisms & data encryption All data in transit and at rest is encrypted at any time with state-of-the-art encryption methods.
Disaster Recovery (DR) facility available All production systems and databases are backed up on daily basis in geo-redundant mode.
Auditable logging and tracing capability Yes, for logging (pseudonymised). The logging information is primarily tracked in order to allow accurate use-based remuneration for the services provided. For this purpose, it is necessary to authenticate a user (by its unique identifier in the On-line Services) and to record its user behaviour within the On-line Services (geolocations requested, time of effected requests). The same applies to the user tracking on a test account which is limited in time and number of location requests.
Software development process and security review Every application has to run through a compliance gate process, where data protection is audited, legal and compliance issues are verified, and the entire application architecture is assessed by IT security and IT compliance including penetration tests. In addition, an external penetration test is executed on regular basis.
Data retention times The Client can request to delete the uploaded data at any time.If the contract is cancelled, the accounts and all Client-relevant data are deleted automatically 90 days after contract termination.

4. Support Services

Regarding the Natural Hazards Edition, MR Service provides the following Support Services in English and as a remote service:

Maintenance Releases Included
Email address for Client to log support cases
Target Response Time P1 Cases: 4 hours, P2 Cases: 8 hours, P3 Cases: 12 hours
Service Hours Business hours

5. Definitions

Business Hours
06:30 – 20:30 CET Monday to Friday, excluding local public holidays in Munich, Germany.

A failure of the On-line Services, as defined as P1 Case, P2 Case or P3 Case and item 9 of the Risk Suite On-line Services Terms.

Maintenance Releases
New versions, major and minor releases, patches and updates of the On-line Services.

P1 Case (Critical)
Inability to access On-line Services.

P2 Case (High)
Loss of a major job function. Example: Users cannot run reports, inability to use feature(s) for which no immediate workaround exists.

P3 Case (Low)
There is an incident to be resolved (not classified as Critical or High) but the On-line Services is still functional and the Client has other options available. This case is an immaterial defect in the sense of the Risk Suite On-line Services Terms.

Service Hours
The time period during which the On-line Services are available and during which the Target Response Time is measured.

Support Case
A request for MR Service to provide Support Services in relation to a suspected Defect.

Target Response Time
The time period from receipt of a Support Case during which MR Service will acknowledge the initial notification of the Support Case, communicate an incident reference number, allocate the relevant priority level and take all reasonable steps to resolve the Defect.

6. Availability

6.1 There may be events that from time to time will make the On-line Services inaccessible for a limited period in time due to unforeseen software, hardware, network, power and/ or internet outages. MR Service, however, ensures that the On-line Services will be available at least 98% of the annual time of each calendar year (“Agreed Availability”).

6.2 The Agreed Availability per twelve (12) months period of subscription (“Subscription Period”) is calculated as follows:

Availability per Subscription Period net of agreed maintenance windows (see below) 98% of annual time net of agreed maintenance windows
Agreed maintenance windows (not included in the calculation of Agreed Availability) Agreed 4 weekends per Subscription Period

6.3 In the event that the aforesaid percentage is below 98%, the Client may request MR Service reimbursement as described in the table below, provided that the Client makes such request within ten (10) business days after being informed by MR Service of the availability level falling below 98%.

Actual Percentage the On-line Services are available as per the above calculation Reimbursement
Annual 98% or more None
Less than 98% 15% of remuneration paid or payable by the Client for relevant 12 month period

(Last updated: October 2021)