Privacy policy of HanseMerkur

We at HanseMerkur take the protection and security of your data very seriously. Find out about your rights and the measures we have taken to protect you: The data controller within the meaning of the General Data Protection Regulation (EU-GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

HanseMerkur Reiseversicherung AG

Postfach
20352 Hamburg
Tel.: +49 40 4119-1919
Fax: +49 40 4119-3040
E-Mal: reiseinfo@hansemerkur.de

The data protection officer of the data controller is:
Mr Thomas Prigge
To contact the data protection officer, please use the above address or send an email to: datenschutz@hansemerkur.de.

Thank you for visiting our website. We are committed to protecting and respecting your privacy and we want you to feel secure. We collect, process or use your personal data in compliance with applicable laws and regulations. This privacy statement applies only to this website. It does not apply to websites linked or referred to from this website. You can find information about your rights here.

1 Provision of the website and creation of log files

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • Information about the browser type and version used
  • User’s operating system
  • Internet service provider of the user
  • IP address of the user
  • Date and time of access
  • Websites from which the user accessed our website
  • Websites accessed by the user's system via our website

The log files contain IP addresses or other data that can be traced back to the user. This could be the case, for example, if the link to the website from which the user accesses the website or the link used to switch to another website contains personal data. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. HanseMerkur cannot use this data to trace it back to you without involving your provider. For example, you can use the premium calculator "anonymously".

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f of the General Data Protection Regulation (GDPR).

Purpose of data processing: The temporary storage of the IP address by the system is necessary to display the website on the user’s computer. To do this, it is necessary to store the user’s IP address for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The data will be deleted when they are no longer necessary for the purposes for which they were collected. Where the data is collected for the purpose of providing the website, the data will be deleted at the end of the respective session.

If the data is stored in log files, they will be deleted after seven days at the latest. Data may be stored for other purposes. In this case, the IP addresses of the users are deleted or anonymised to prevent them from being traced to the calling client.

Collecting data for the purpose of providing the website and storing the data in log files is essential for the operation of the website. Users, therefore, do not have the option to object in this case.

2 Conclusion of an insurance contract via the website

The data given by you within the framework of the conclusion of an insurance contract will be processed for handling processes within the booking process and for any subsequent insurance pay-out process. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

The following customer data will be collected and saved by us:

  • Personal data (e.g. name, address, date of birth, e-mail address)
  • Travel information (e.g. travel date, travel destination, travel price, travel booking date)
  • Payment information (e.g. account holder, IBAN & BIC / credit card number, credit card company, credit card holder)
  • Date when the insurance was taken out

The legal basis for the data processing is Art. 6(1)(b) of the GDPR. The processing is necessary for the conclusion and the fulfilment of the contract.

3 Reporting of a claim via the website

The data given by you during a claim within the framework of the online reporting of a claim on our website will be processed to handle the insured event. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

The legal basis for the data processing is Art. 6(1)(b) of the GDPR. The processing is necessary to handle the insured event.

If special categories of personal data e.g. health data are collected, we will obtain your consent pursuant to Art. 9 (2) (a) in conjunction with Art. 7 of the GDPR.

4 Use of cookies

When you visit some websites, so-called cookies are stored on your computer. Cookies are small text files used by website operators to store relevant data to make the browsing experience more efficient and enjoyable. Cookies cannot be read by a website other than the one which set it. HanseMerkur does not store any of your personal data in cookies. The maximum lifetime of cookies is 90 days. At the end of this period they are deleted automatically. Every time you visit a website, a new cookie is set. If there is an existing cookie, the information is updated. This is equivalent to deleting and setting a new cookie.

The purpose of using technically necessary cookies is to facilitate the use of the website. Without the use of cookies we would not be able to offer some functions and features of our website. Cookies also help to recognise your browser again after you visit a different website.

The analysis cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to constantly improve the content of our website.

Advertising cookies are used to provide you with personalised ads.

When users visit our website, they see a banner informing them about the use of cookies for analytical purposes, which includes a link to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.

How can I manage cookies?

As an Internet user, you can decide whether you want to accept cookies or reject them altogether. However, if you disable cookies, we can no longer guarantee the proper display of the website or the availability of all functions and features.

Cookies are stored on the user's computer and transmitted to our site. This gives you as the user full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

What types of cookies do we use?

We use four types of cookies: Essential cookies, functionality cookies, performance cookies and advertising cookies.

We use essential cookies (session cookies) to facilitate the general use of our website. To do this, we record certain actions performed by the user. These cookies are necessary for functional navigation on the website and for the use of certain website functions. This makes it easier for the user to visit our website, as it makes it more convenient to use the various areas on our website.

Functionality cookies (session cookies) allow us to tailor our website to the personal preferences of our users by recording the inputs and choices made, such as the name, location or language settings. These preferences are valid only for our website and cannot be used by other websites.

Performance cookies (persistent cookies) help us measure the traffic and functionality of our website. The information supplied by these cookies helps us understand what parts of our website users visit most frequently and whether any error messages appear on these pages. This helps us to provide visitors with a better user experience.

We use advertising cookies (persistent cookies) to show users tailored adverts. We also use these cookies to understand how frequently a user sees certain ads.

Information about session cookies and persistent cookies

Session cookies store information that is used during the current browsing session. These cookies are automatically deleted when you close the browser. Persistent cookies store information between subsequent visits to the website to identify you as a returning user.

Basic information about cookies

You can prevent the setting of cookies – and thus your browser from storing and collecting data – by disabling the storage of cookies in your browser.

Cookies used on this website – overview

Following cookies are used on our website: overview

5 Newsletter

We will send you our free sales partner newsletter only with your express consent. Subscription to our newsletter may be terminated by the data subject at any time. You can unsubscribe by clicking on the unsubscribe link provided in every newsletter.

When you subscribe to our newsletter, the data is entered into an input mask and transmitted to us. In addition, we collect the following information: IP address of the calling computer and date and time of subscription. The collection of other personal data during the subscription process serves to prevent misuse of the service or the email address used. The legal basis for processing the data following the user's subscription to the newsletter is Art. 6 (1) lit. a GDPR. The data will be deleted when they are no longer necessary for the purposes for which they were collected. Accordingly, the email address of the user will be stored only as long as the subscription to the newsletter remains active.

We use the services of die direkten GmbH and kajomi GmbH for newsletter mailing.

6 Customer and product reviews

We have integrated company and product reviews on our website to give our customers the opportunity to post review insurance. At the same time, we want to improve our internal quality management. When you click on the customer review link after completing your online booking or online application, you will be redirected to a questionnaire at eKomi. To prevent multiple reviews, we forward an anonymised ID to eKomi. eKomi also stores your IP address. eKomi is committed to handling your transmitted data in compliance with data protection regulations and takes all organisational and technical measures to protect your data.

We also work with Trustpilot A/S ("Trustpilot") to collect customer feedback. Trustpilot also asks for your name and email address. If you would like to know more about how Trustpilot processes your data, you can view the company's privacy policy here.

The data is processed in accordance with Art. 6 (1) lit. a GDPR. Your feedback will help us to improve this process and products for all customers on a continual basis.

7 Online presence in social media

HanseMerkur has an online presence in social networks and platforms. This makes it possible for us to communicate actively with our existing and prospective customers and to inform them about our services. We point out that when visiting the respective networks and platforms the terms and conditions of business and data processing guidelines of the respective operators apply.

We integrate content or service offers from third-party providers within our website. The basis for this is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. DSGVO. The content may include videos, for example. The third-party providers can see the IP address of the user, otherwise the content could not be sent to the browser. The IP address is therefore required to display the content.

Third-party providers may use pixel tags for statistical or marketing purposes. This allows information such as visitor traffic on the pages of this website to be evaluated. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring websites, visit duration and other information about the use of our online services. This information may also be linked to information from other sources.

YouTube

Videos from the YouTube platform, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are embedded. You can find the privacy policy here: https://policies.google.com/privacy. If you want to prevent tracking, click here: https://adssettings.google.com/authenticated.

Google Maps

Maps from the ‘Google Maps’ service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA are integrated. You can find the privacy policy here: https://policies.google.com/privacy. If you wish to prevent tracking, click here: https://adssettings.google.com/authenticated.

Facebook 

On this website, we link to our presence on “Facebook” of Facebook Inc. (1601 S California Ave, Palo Alto, CA 94304 USA. If you click on our link and are logged into Facebook at the same time, this information will be assigned to your Facebook account. The same applies of course if you submit comments. The data privacy statement can be found here.

8 Security of your personal data when using this website

On our website, we provide a contact form and an online application, which can be used to send us a message or to take out an insurance policy directly via our website. If you use this option, the data you enter into the input mask will be transmitted to us and stored. The personal data that we collect through service functions and forms based on your consent to the collection, processing and use of your personal data are transmitted in encrypted form over a secure Internet connection to our computer, where they are stored and secured. The encryption process used complies with the latest technology standards (TLS or SSL). The other personal data processed during the sending is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

When you transmit your personal data – e.g. by submitting a claim notification, by using the HanseMerkur RechnungsApp (invoicing app), by making an online application, by requesting a quotation or advice and by confirming this privacy notice – you declare that you consent to the storage and processing of the data that you have submitted for the purpose of processing and responding to queries (where required) within the required scope. Depending on the matter in hand, it may be necessary to forward this data to authorised third parties, or to process it using an automated system.

Where we obtain the consent of the user to processing the data, the legal basis for data processing is Art. 6 (1) lit. a GDPR and with respect to online transactions, Art. 6 (1) lit. b GDPR. The legal basis for health data processing is Art. 9 (2) lit. a GDPR.

The data will be deleted when they are no longer necessary for the purposes for which they were collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter in question has been definitely resolved. The additional personal data collected during the sending process will be deleted at the latest after seven days.

Users are entitled to revoke their consent to the processing of personal data at any time.

9 Email use

Emails that you send us through your email application may under some circumstances be unencrypted. Please check the settings of your email application or consult your email provider. We routinely encrypt our email responses using transport layer security (TLS). We send unencrypted emails only if transport layer encryption is not supported by your provider. This form of encryption, however, is broadly supported by email providers.

If you prefer end-to-end encryption (S/MIME) of your email communications, we inform you that HanseMerkur uses domain keys for email encryption. You can find the certificates of HanseMerkur at www.openkeys.de:

For secure communications, we recommend the contact form on this website.

10 Service – request documents & change contact information

On our website, you have the possibility to request specific documents or to change your contact information using forms. Please note that we offer different forms for different purposes (e.g. copy of insurance policy or confirmation of Covid-19 travel conformation conformation or cancellation of insurance). In order to send you the requested documents or change confirmations, it is necessary for you to provide us with the personal data requested in the forms. This is the only way we can correctly process your requirements and send you the requested documents or change confirmations to the e-mail address stored for your contract. If the verification of your provided data is successful, your request can be processed automatically.

Please note that we always send the requested documents to the e-mail address you used while booking in order to ensure that no unauthorized persons can access your information. If no e-mail address is stored for your contract, we will check whether an alternative e-mail address is stored in the customer database of HanseMerkur, which can be used as a substitute.

Please understand that, for security reasons and to protect your data, we are unable to send the requested documents to an alternative e-mail address that is unknown to us. For any queries regarding the requested documents, please provide us with your preferred e-mail address. We will use that e-mail address only to contact you for clarification. This e-mail address will not be added to our databases and of course, the e-mail address will not be passed on to third parties.

Based on your entered name, insurance policy number and date of birth, we will check whether the processing can be automated or not. An automated process takes place if an exact assignment has been possible without doubt based oft the entered information.

On the basis of the opt-in provided by you in the context of the document request, processing takes place on the basis of consent pursuant to Art. 6 para. 1 lit. a EU-DSGVO.

11 Checklists

On our website, you have the possibility to compile checklists and to have them sent to your e-mail address. The e-mail address will only be used for the purpose of the mailing and will not be saved permanently. The legal basis for the processing is the consent granted by you when you send us your e-mail address pursuant to Art. 6 (1) Letter a GDPR.

Rights

Rights of data subjects

You can request information about the personal data we hold about you by writing to the above address. In addition, under certain circumstances, you may request your data to be rectified or deleted. You are also entitled to restrict the processing of your data and to have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format.

Right to object

You have the right to object to the processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you can object to the processing of data on compelling legitimate grounds relating to your particular situation.

Right to complain

You have the option to complain either to the data protection officer specified above or to a data protection supervisory authority. The data protection supervisory authority responsible for us is:

Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6,
20095 Hamburg