We would like to inform you here about the processing of your personal data when you use our website and its apps, and about your rights under data protection law.
Who is responsible for processing the data and who is the Data Protection Officer?
Controller for the data processing is
ERGO Group AG
You can contact our Data Protection Officer by writing to the above address and adding "For the attention of the Data Protection Officer" or at the email address firstname.lastname@example.org.
What categories of data do we use and where do they come from?
As a matter of principle you can use our website anonymously. We do not save any personal data or data which can be related to a person using the website (such as IP addresses). When visiting our website we collect data (the date, time, pages visited, navigation, and software used) in an anonymised form so that the usage pattern can be analysed, also anonymously, by an external service provider. The data is anonymised before it is saved by the service provider.
You will find further information about our website in Point 6.
What are the purposes for which data is processed?
If you provide us with your personal data in specific circumstances we treat this data in accordance with the provisions of the data protection legislation applicable at the company's head office. If you send us an email or complete an online form on our website and send it to us we process the personal data indicated in the form (e.g. your name or email address) only for the purposes of our correspondence with you so we can send you the documents or information you requested, or for any other purposes you may have indicated on the form in question.
We will inform you in advance if we want to process your personal data for a purpose which is not indicated there.
On what legal basis is your personal data processed?
We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), the NEW German Federal Data Protection Act (Bundesdatenschutzgesetz) and all other relevant legislation on the processing of personal data.
The specific legal basis for processing the data depends on the context in which we receive the data and the purpose for which we receive it. In so far as is necessary, we will therefore inform you in the case of the relevant application.
In general, the legal basis will either be "the legitimate interests of the controller for the purpose of conducting the communication" or, in the context of application procedures for undertaking pre-contractual measures which are necessary at the request of the person in question or, particularly in the context of exercises with a defined group of users (e.g. applicants' or shareholders' portals) the legal basis will be the consent of the user or the data subject, as applicable.
Who will obtain your data?
Within the controller (the ERGO Group AG), the only persons and departments to receive the relevant data are the persons and departments responsible for the process in question; in this respect there is a clear allocation of duties and a clear authorisation concept. The data may also be passed to service-providers for the purposes specified above. The involvement of service providers is necessary, for example, as part of the administration and maintenance of IT systems. The list of all service providers who process data on our behalf can be seen in Section 5. This list can also be downloaded or sent to you on request.
Personal data can also be sent to other recipients in so far as this is necessary for the performance of contractual or statutory obligations (e.g. sent to supervisory authorities).
This data can also be forwarded to Group companies e.g. as part of Group communications or Group management.
Is your data sent to a third country?
If personal data is sent to a service provider or Group company outside the European Economic Area (EEA), it is only sent if the EU Commission has confirmed that the country has an adequate level of data protection or if other adequate data protection guarantees (e.g. the agreement of EU standard contractual clauses or "Privacy Shield") are in place. You can also request the information from the places or persons specified as contacts at the beginning of this section.
What measures do we take to protect your data?
We take appropriate and state of the art technical and organisational security precautions to protect data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. In the case of the dialogue forms available on our website, we use SSL (Secure Socket Layer) encryption to protect your details. This SSL connection protects your data against scrutiny by unauthorised persons. For the sake of your own security, please always use these dialogue forms. If you send data to us in unencrypted form as normal non-secure emails, it is possible for these emails to be viewed or amended by unauthorised persons during transmission.
What data protection rights do you have as a Data Subject?
You can request information from the above address about your personal data which has been saved. Under certain conditions you can also require that your data is corrected or deleted. You also have a right to restrict the processing of your data and a right to the disclosure in a structured, customary and machine-readable format of the data you supplied.
Right to object
If we process your data to protect our legitimate interests you may object to this processing for reasons which arise from your particular situation. We will then cease processing your personal data unless we can demonstrate compelling reasons worthy of protection for the processing which override your interests, rights and freedoms or if the processing is for the assertion, exercise or defence of legal claims.
If we process your data by reason of consent you have given, you may revoke this consent at any time with effect for the future.
Where can you file complaints?
You can file complaints either with the Data Protection Officer detailed above or with a data protection supervisory authority. The data protection supervisory authority responsible for us is:
The North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information (LDI NRW):
For how long is your data saved?
e delete your personal data as soon as it is no longer required for the purposes stated above. This is done regularly as a result of statutory obligations to provide proof and also retention obligations which are defined, amongst other places, in the German Commercial Code, the Tax Code and other tax legislation. Under the above legislation the retention periods are normally up to ten years. In addition, it does sometimes happen that personal data is retained for the period in which claims may be asserted against us (the legal period of prescription varies between 3 and 30 years). You can find additional information,in so far as it is relevant, in the sections on the various data processing operations.
Are you obliged to provide your data?
If you are just using our website you are under no obligation to provide personal data. However, there are some services for which we need your personal data e.g. to send you the information you request, for example newsletters or to include you in an application procedure. We cannot provide the services you request without this information. In each case we only collect the data we actually need.
To what extent are decisions on particular cases or profiling activities automated?
If we use purely automatic processing method, including profiling, in a specific case to arrive at a decision, we will inform you as part of the procedure.
Amendment of this Privacy Statement
Enhancement of our website and changes in technology sometimes lead to changes in our Privacy Statement. When visiting our website please take note of the latest version of our Privacy Statement.