For Location Risk Intelligence, the online services that are integrated in Munich Re’s Location Risk Intelligence platform, this document explains the data processing involved and informs you about your data protection rights as a client or user of this software-as-a-service solution.
1. Who is responsible for the processing of personal data, and how can you contact the Data Protection Officer?
Munich Re Service GmbH
You can contact our Data Protection Officer by writing to them at the above address with the reference “Data Protection Officer”.
2. What data categories do we use, and for what purposes, and what is the legal basis for processing your personal data?
We process your personal and personally identifiable data in compliance with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other applicable laws and regulations.
2.1 Use of data
You can use the Location Risk Intelligence landing page anonymously. When you visit our internet pages, data such as date, time, pages viewed, navigation and software used are only collected if you have consented to the processing of your user behaviour data for the purpose of anonymous statistical analysis (Article 6(1)(a) GDPR). Your full IP address is transferred and abbreviated – and thus anonymised – before storage, so that nothing can be deduced about you as a natural person.
2.2. Registration process
When you register for the first time on the Location Risk Intelligence platform, your email address is validated and your first name and surname are recorded and saved.
2.3 Login process
During the login process, we record your email address in order to identify you as an authorised user. When you use Location Risk Intelligence, we store all the location requests made by the individual users via the online services, in other words the unique identifiers for the particular users, the geolocations requested and the time of the requests. This is necessary to safeguard our legitimate interest (Article 6(1)(f) GDPR) in precise usage-based billing of the services provided to the company you work for. The user agreement forms the basis for our processing (Article 6(1)(b) GDPR) if it has been concluded directly with you. The same applies for test accounts, where the period of use and the number of location queries are limited. For the sake of transparency and plausibility of the invoice and at the request of a user company (subscription client), the latter can be sent the user data collected (the number of location queries and the times they were made) for each of its users (based on their unique identifiers).
In addition, we use a consent management platform to document your cookie settings and apply them on the website. The consent management platform we use was developed by Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany, and is operated by Usercentrics on our behalf. In order to store your settings, small files (similar to cookies) are stored on your end device in your browser’s local cache. This happens regardless of whether you have consented to or rejected certain cookies. Unless you clear your cache, these small files remain permanently stored, even after you have closed the browser window or ended the browser session.
Provided you have given your consent, we also employ cookies to carry out statistical evaluations of the reach of our websites. We perform anonymised statistical evaluations of these websites. We do not establish any personal reference to you. These cookies allow us to recognise your browser the next time you visit, and remain stored on your device until you delete them.
3. Who receives your data? What recipient might we disclose your data to?
Within the Munich Re Group, and in particular at Munich Re Service GmbH and Munich Reinsurance Company in Munich, only those employees and agents who require your personally identifiable data for the purposes set out in Section 2 receive access to it. All of these parties are under strict obligations to maintain confidentiality and ensure data protection.
For the sake of transparency and plausibility of the invoice, and at the request of a user company (subscription client), the latter can be sent the user data collected (the number of location queries and the times they were made) for each of its users (based on their unique identifiers).
We operate Location Risk Intelligence as a cloud solution within the European Union. The data specified in Section 2 is transferred to a cloud server in Europe and stored there. In certain cases, we make use of external service providers to help us meet our contractual and legal obligations. For example, outsourcing is required for the development of various Location Risk Intelligence functionalities. The possibility cannot be ruled out that such service providers encounter the personally identifiable data specified in Section 2. However, strict confidentiality and data protection agreements have been concluded with these service providers. You will find the list of service providers that exclusively provide their services within Location Risk Intelligence here.
4. How do we transfer data to countries outside Europe?
If we need to transfer personal data to service providers outside the European Economic Area (EEA), this is only done if the European Commission has confirmed that the level of data protection in the country in question is adequate, or if data protection is suitably guaranteed in some other way (e.g. through binding, internal company data protection regulations, or the standard contractual clauses of the European Commission).
The data to evaluate the reach of our website is stored and processed in Europe (in Ireland and France). However, for maintenance purposes. access is also given to Adobe employees from outside the EU (in Switzerland, Canada, the United Kingdom, India and the USA). While Switzerland, Canada and the United Kingdom have a level of data protection that is considered appropriate by the EU, the level in India and the United States does not correspond to data protection standards within the EU. In these countries, there is the risk that your data may be processed by the authorities, and potentially without the option of legal remedy. Your consent to the evaluation of your user behaviour for statistical purposes therefore also extends to possible access from India and the USA.
5. How long do we store your data?
In general, we anonymise or delete your personally identifiable data as soon as it is no longer required for the above-mentioned purposes, unless statutory documentation and data retention regulations – e.g. the German Commercial Code (HGB) or German Tax Code (AO) – oblige us to retain it for longer. A period of storage of your personally identifiable data longer than this only occurs in exceptional cases where it is required in connection with the assertion of claims (with a statutory limitation period of up to 30 years) against the Munich Re Group.
6. What data protection rights do you have?
If you have consented to the evaluation of your user behaviour for statistical purposes, you may revoke this consent at any time. Such revocation applies for future processing only and does not affect the validity of data processing up to the point when consent was revoked.
The only way you can object to the recording of your personal login and user data (email address, number of location queries and the times they were made) is by not using Location Risk Intelligence, as otherwise it is not possible for us to invoice you or the company you work for.
You also have a right to information, under certain circumstances a right to have your data rectified or deleted, and a right to restricted processing. On request, we will make the collected data available to you in a structured, accessible and machine-readable format. Please contact us via the contact details above if you wish to exercise these rights.
7. Would you like to file a complaint about how your data is being handled?
You can either contact firstname.lastname@example.org or the data protection authorities. The authority responsible for us is the:
Bayerisches Landesamt für Datenschutzaufsicht
(Data Protection Authority of Bavaria for the Private Sector)
Promenade 18, 91522 Ansbach, Germany
8. How will you be informed about changes to data protection information?
Should we make changes to this data protection information, it will be updated in the Location Risk Intelligence online services.
(Last updated: November 2022)