For Location Risk Intelligence, Online Services integrated in the Munich Re Location Risk Intelligence Platform, this notice explains how data is processed and informs you of your rights as client and/ or user of such software-as-a-service solution under data protection law.

1. Who is responsible for the processing of personal data?

Munich Re Service GmbH
Königinstr. 107
80802 Munich, Germany

Contact e-mail: geoweb@munichre.com

2. Which data will be processed?

In Location Risk Intelligence, we record all location requests effected by the users via the Online Services, i.e. unique identifiers of relevant users, geolocations requested, time of effected requests.

We use essential technical cookies which are required to execute the Online Services. Such cookies help to make the Online Services usable by enabling basic functions such as authentication and access to secure areas. In addition, they serve the anonymous evaluation of user behavior, which we use to develop our Online Services constantly for you.

As Consent Management Platform (CMP) we use an online service by Usercentrics GmbH, Rosental 4, 80331 Munich.

3. For what purpose and on which legal basis will your data be processed?

We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable laws. We process data generated by you using Location Risk Intelligence as follows:

3.1. To fulfill (pre-)contractual duties, Art. 6 para 1 lit b) GDPR

The information described under item 2 is primarily tracked in order to allow accurate use-based remuneration for the services provided. For this purpose, it is necessary to authenticate a user (by its unique identifier in the Online Services) and to record its user behavior within the Online Services (geolocations requested, time of effected requests). The same applies to the user tracking on a test account which is limited in time and number of location requests.

For transparency and comprehensibility reasons regarding the invoice and upon request by a subscription client, the number of location requests per user (identified via its unique identifier) may be forwarded.

Where you have consented to our processing of your personal data for specific purposes, this constitutes the legal basis. You may revoke your consent at any time. Revoking the consent applies only for the future and does not affect the validity of the data processing until the revocation.

Such consent may refer to the enhancing the functionalities of the Online Services on the basis of the data arising from the tracking of the users’ behavior.

4. Who receives your data? What categories of recipients might we disclose your data to? Where is your data being transmitted to?

Only those employees and agents within Munich Re Group, especially of Munich Re Service GmbH and Münchener Rückversicherungs- Gesellschaft Aktiengesellschaft in München (Munich Reinsurance Company), who need your personal data for the purposes laid down in clause 3 will have access to it. They all are, however, strictly obliged to confidentiality and data protection.

In certain cases, we use external service providers to meet our contractual and legal duties. Outsourcing is necessary, for example, for the development of various functionalities of Location Risk Intelligence. It cannot be excluded that such service providers get in contact with the personal data specified under clause 2.

However, strict confidentiality and data protection agreements have been concluded with these service providers. The categories of service providers can be found under the following link.

5. How do we transmit data to countries outside Europe?

If we need to transfer personal data to service providers outside the European Economic Area (EEA), we will do so only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example, through binding, in-house data protection provisions, or the European Commission’s standard contractual clauses).

6. How long do we store your data?

As a rule, we anonymise or delete your personal data as soon as it is no longer necessary for the aforementioned purposes, unless statutory documentation and retention rules (e.g. Commercial Code (HGB) or Tax code (AO)) require us to keep it for longer. We will store your personal data for longer than that only in exceptional cases, where necessary in connection with claims asserted against Munich Re (Group) (statutory limitation period of up to 30 years).

7. Which data protection rights do you have?

In addition to your right to object, you have a right to information, a right to rectify or erase data under certain conditions, as well as a right to restrict data processing. Upon request, we will make the data that you provided available in a structured, accessible and machine-readable format. Please contact the aforementioned address to exercise these rights.

Right to revoke your consent: If we process your personal data on the basis of your consent, you may revoke the consent for the future at any time without consequences. We will then stop the processing.

8. Would you like to file a complaint about how your data is being handled?

You may contact geoweb@munichre.com or the data protection authorities. The authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
(Data Protection Authority of Bavaria for the Private Sector),
Promenade 27, 91522 Ansbach, Germany,

Tel.: +49 (0) 981 53 1300
E-mail: poststelle@lda.bayern.de or
Web: https://www.lda.bayern.de/en/contact.html

9. Are you obliged to provide your data?

We need your personal data to fulfill the contract with you, Without this data, Munich Re cannot carry out the services you request.

10. How are you informed about changes of the privacy information?

If we change this privacy information, it will be updated in the Location Risk Intelligence Online Services.

(Last updated: January 2022)