Privacy statement

Status October 2022

We know that protecting your private sphere when using our website is an important concern. We take our duty to ensure that your data remains confidential very seriously, and we comply with the applicable provisions governing data protection law. We use suitable technology to conduct a dialogue with you and to safeguard your data.

  • The following provisions governing our privacy policy apply to the ERGO Group’s websites as well as to its apps for mobile end devices.
    This website contains links to third-party websites (external links). These websites are subject to the liability of the respective operator. Should you discover that any link on our website links to content that violates governing law, please inform us at We will then delete these links from our website without delay.
    ERGO Group AG shall not accept any liability for ensuring that the information is up to date, accurate, complete and of high quality.

  • We would like to inform you here about the processing of your personal data when you use our website and its apps, and about your rights under data protection law.

    Who is responsible for processing the data and who is the Data Protection Officer?

    Controller for the data processing is

    ERGO Group AG
    ERGO-Platz 1
    40198 Düsseldorf

    You can contact our Data Protection Officer by writing to the above address and adding "For the attention of the Data Protection Officer" or at the email address

    What categories of data do we use and where do they come from?

    As a matter of principle you can use our website anonymously. We do not save any personal data or data which can be related to a person using the website (such as IP addresses). When visiting our website we collect data (the date, time, pages visited, navigation, and software used) in an anonymised form so that the usage pattern can be analysed, also anonymously, by an external service provider. The data is anonymised before it is saved by the service provider.

    You will find further information about our website in Point 6.

    What are the purposes for which data is processed?

    If you provide us with your personal data in specific circumstances we treat this data in accordance with the provisions of the data protection legislation applicable at the company's head office. If you send us an email or complete an online form on our website and send it to us we process the personal data indicated in the form (e.g. your name or email address) only for the purposes of our correspondence with you so we can send you the documents or information you requested, or for any other purposes you may have indicated on the form in question. 

    We will inform you in advance if we want to process your personal data for a purpose which is not indicated there.

    On what legal basis is your personal data processed?

    We process your personal data in compliance with the provisions of the European General Data Protection Regulation (GDPR), the NEW German Federal Data Protection Act (Bundesdatenschutzgesetz) and all other relevant legislation on the processing of personal data.

    The specific legal basis for processing the data depends on the context in which we receive the data and the purpose for which we receive it. In so far as is necessary, we will therefore inform you in the case of the relevant application.

    In general, the legal basis will either be "the legitimate interests of the controller for the purpose of conducting the communication" or, in the context of application procedures for undertaking pre-contractual measures which are necessary at the request of the person in question or, particularly in the context of exercises with a defined group of users (e.g. applicants' or shareholders' portals) the legal basis will be the consent of the user or the data subject, as applicable.

    Who will obtain your data?

    Within the controller (the ERGO Group AG), the only persons and departments to receive the relevant data are the persons and departments responsible for the process in question; in this respect there is a clear allocation of duties and a clear authorisation concept. The data may also be passed to service-providers for the purposes specified above. The involvement of service providers is necessary, for example, as part of the administration and maintenance of IT systems. The list of all service providers who process data on our behalf can be seen in Section 5. This list can also be downloaded or sent to you on request.

    Personal data can also be sent to other recipients in so far as this is necessary for the performance of contractual or statutory obligations (e.g. sent to supervisory authorities).

    This data can also be forwarded to Group companies e.g. as part of Group communications or Group management.

    Is your data sent to a third country?

    If personal data is sent to a service provider or Group company outside the European Economic Area (EEA), it is only sent if the EU Commission has confirmed that the country has an adequate level of data protection or if other adequate data protection guarantees (e.g. the agreement of EU standard contractual clauses or "Privacy Shield") are in place. You can also request the information from the places or persons specified as contacts at the beginning of this section.

    What measures do we take to protect your data?

    We take appropriate and state of the art technical and organisational security precautions to protect data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. In the case of the dialogue forms available on our website, we use SSL (Secure Socket Layer) encryption to protect your details. This SSL connection protects your data against scrutiny by unauthorised persons. For the sake of your own security, please always use these dialogue forms. If you send data to us in unencrypted form as normal non-secure emails, it is possible for these emails to be viewed or amended by unauthorised persons during transmission.

    What data protection rights do you have as a Data Subject?

    You can request information from the above address about your personal data which has been saved. Under certain conditions you can also require that your data is corrected or deleted. You also have a right to restrict the processing of your data and a right to the disclosure in a structured, customary and machine-readable format of the data you supplied.

    Right to object

    If we process your data to protect our legitimate interests you may object to this processing for reasons which arise from your particular situation. We will then cease processing your personal data unless we can demonstrate compelling reasons worthy of protection for the processing which override your interests, rights and freedoms or if the processing is for the assertion, exercise or defence of legal claims.

    If we process your data by reason of consent you have given, you may revoke this consent at any time with effect for the future.

    Where can you file complaints?

    You can file complaints either with the Data Protection Officer detailed above or with a data protection supervisory authority. The data protection supervisory authority responsible for us is:

    The North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information (LDI NRW):
    Kavalleriestrasse 2-4
    40213 Düsseldorf

    For how long is your data saved?

    e delete your personal data as soon as it is no longer required for the purposes stated above. This is done regularly as a result of statutory obligations to provide proof and also retention obligations which are defined, amongst other places, in the German Commercial Code, the Tax Code and other tax legislation. Under the above legislation the retention periods are normally up to ten years. In addition, it does sometimes happen that personal data is retained for the period in which claims may be asserted against us (the legal period of prescription varies between 3 and 30 years). You can find additional information,in so far as it is relevant, in the sections on the various data processing operations.

    Are you obliged to provide your data?

    If you are just using our website you are under no obligation to provide personal data. However, there are some services for which we need your personal data e.g. to send you the information you request, for example newsletters or to include you in an application procedure. We cannot provide the services you request without this information. In each case we only collect the data we actually need.

    To what extent are decisions on particular cases or profiling activities automated?

    If we use purely automatic processing method, including profiling, in a specific case to arrive at a decision, we will inform you as part of the procedure.

    Amendment of this Privacy Statement
    Enhancement of our website and changes in technology sometimes lead to changes in our Privacy Statement. When visiting our website please take note of the latest version of our Privacy Statement.

  • On 1 March 2013, the German insurance companies of the ERGO Group acceded the “Code of Conduct for handling personal data by the German insurance industry" (Data Privacy Code of Conduct).

    The Data Privacy Code of Conduct regulates the processing of your personal data in the insurance industry and specifies the requirements of the Basic Data Protection Ordinance. The rules of conduct define an industry-wide data protection standard.

    These rules of conduct have been agreed between the GDV (German Insurance Association) and the data protection supervisory authorities. The data protection authorities of the federal and state governments have confirmed that companies applying the rules of conduct thus ensure that the requirements of the basic data protection regulation for the insurance industry are substantiated in an industry-specific manner.

    You may find the rules of conduct for the handling of personal data by the German insurance industry here.

    Code of Conduct (in German, PDF file)

    We would also be pleased to provide you with the text in paper form. You can request it by telephone on the toll-free number 0800 3746-000, or by e-mail at

  • We maintain a list of all service providers who are able to work for ERGO companies within the framework of a contract. The duty to maintain this list is the result of the new consent forms and statements providing permission to disclose confidential information, as well as the new rules (Data Privacy Code of Conduct) agreed between the German Insurance Association (GDV) and the data protection supervisory authorities.
    The list aims to create transparency with regard to processing your data. It features service providers that collect, process or utilise health data and/or other personal details on behalf of German companies belonging to the ERGO Group as agreed in the respective contract.
    The service providers are named specifically if their main task is to record, process or utilise personal data. This includes, for example, ERGO Group AG. As regards service providers where the processing of personal data is not their main task, such as waste disposal companies for paper and electronic storage media, these are only named in the service categories. The same is true for service providers that only work for ERGO on a temporary basis. You may object to your data being transmitted to any particular service provider on the list by stating your reasons. We will then check whether, as a result of your own particular personal situation, the protection of your interests precludes your data from transmission.
    Please note that all service providers working for ERGO are named in the list. This does not, however, mean that your data will be forwarded to all our service providers. Generally speaking, ERGO Group AG and ITERGO Informationstechnologie GmbH, i.e. the Group itself and its information technology specialist company providing internal services to Group companies, are commissioned with recording, processing and utilising personal data.

    List of service providers (in German, PDF file)

  • 5.1 Use of cookies

    Cookies are small files that are stored on your computer and control the display and operation of our website. These cookies are deleted when the dialogue is terminated; no evaluation of the user behaviour takes place.  We use cookies to ensure the best possible website performance. To improve the website further, we store cookies – which do not identify individual users – and analyse their data.
    Statistical analyses of our website are carried out anonymously, meaning that they cannot be linked to the user as a person. We may request further voluntary information besides data required for the specific purpose of preparing an individual offer. The fields for this voluntary information are marked accordingly. Additional information helps us to get to know you better and advise you better, to improve our website and for advertising purposes.

    Furthermore, cookies are used in conjunction with using the personal customer portal. Cookies do not contain any personal information. In order to be able to request log-in data for ERGO online or to register with ERGO, cookies have to be permitted for the website via your browser. The settings of cookies vary from browser to browser.

    5.2 Using advertising analysis tools (Adobe Analytics)

    We use Adobe Analytics software from Adobe Systems for marketing and optimisation purposes in order to make your visit to our websites or apps even more user friendly. Data on user behaviour, including origin and page impressions, is stored online and offline. Further data such as sex, year of birth or postcode are also collected anonymously, but cannot be traced to you as a person. It is not possible to collate the data with your personal data (i.e. name, address or insurance policy number). Furthermore, your IP address is not processed by Adobe Systems but is merely stored in an abbreviated form. Information collected is stored by Adobe Systems within the European Union.

    For further details on data privacy at Adobe Systems as well as its data privacy statement, please visit Adobe website:

    5.3 Transferring information and encryption

    If you choose to send a message to ERGO by way of the contact form, the information is sent using an encryption technique known as SSL (secure socket layer) with a key length of at least 128 bit.

  • Our websites and our apps both use plug-ins of several social networks, including Facebook, Twitter, Google+ and others. The plug-ins are marked with a logo or with the add-on “social plug-in”.
    If you access one of our website pages or apps containing such a plug-in, these plug-ins can create a direct link with the social network and could transmit data. The plug-in, your browser and the social network will then all communicate with one another. Due to the incorporated plug-ins, the social networks will be informed that you have accessed a particular page on our website. If you are logged into the social network at the time, it can attribute the visit to your social network account.
    If you interact with the plug-ins, e.g. by clicking the “Like” button or making a comment, this information is transmitted directly to the social network and stored there in accordance with the guidelines of the relevant social network. For information on the purpose and scope of collecting this data and its subsequent processing and utilisation by the social network, as well as your rights in this regard and the settings available to protect your private sphere, please refer to the data privacy information available from the social network in question.
    If you do not wish social networks to collect data about you via our website, you will need to log out of all social networks before visiting our website or using our app.

  • ERGO uses the e-mail address provided in order to send you a reply with the details requested. However, we only send personal or confidential information once it has been encrypted, or, should this not be possible, by post. If the contents of your message relate to a contract, ERGO will archive the e-mail. The e-mail address will only be used to correspond with you and will not be forwarded to any third parties. You will not receive any unsolicited e-mails from us. If, however, you do receive an unsolicited e-mail which states that it has been sent by us, it has been sent fraudulently and should be deleted immediately.
    Before sending ERGO an e-mail that has not been encrypted, please remember that its contents are not safeguarded against other people viewing them or using them fraudulently. Consequently, we would recommend that you send any message to ERGO using the contact form.

    Contact form (in German)