Data Protection

Information on Data Processing in Reinsurance

As at May 2018

With this Information we would like to inform you comprehensively about the processing of your Personal Data in the context of reinsurance. We only use your Personal Data if we are legally entitled or obliged to do so.

According to the so-called Code of Conduct of the German Insurance Industry the German Insurance Industry has committed itself not only to strictly observe the laws relevant to data protection, but also to promote data protection through further measures. Explanations can be found in the Code of Conduct on the Internet.

There you will also find all other companies of R+V Insurance Group which entered into the Code of Conduct on 1st of January 2014. At your request we will send you a printout of the Code of Conduct by mail. Please contact our Data Protection Officer in this case.

If you have any questions regarding data protection, please contact the Data Protection Officer of R+V Insurance Group:

Dr. Roland Weiß
Raiffeisenplatz 1
65189 Wiesbaden
E-Mail: datenschutz@ruv.de

Reinsurance is the transfer of risks from a primary insurer to a reinsurance company. Reinsurance enables the primary insurer to reduce its underwriting risk.

In order to be able to assess the risk to be underwritten within the framework of a reinsurance contract before concluding a contract or in order to execute the contractual relationship, e.g. in case of a claim or benefit, it might be necessary for the primary insurer to provide us with your Personal Data.

Generally speaking the primary insurer is obliged to provide us only with such data as it is necessary for the conclusion and performance of the reinsurance contract in question.

In addition, data can be processed for purposes that are not directly related to the reinsurance contract.

This can be the case, for example, in order to

  • meet admissible regulatory or supervisory requirements. In this regard, our main activity is subject to further special statutory regulations which require us to process your Personal Data: e.g. money laundering, legal reporting obligations to government agencies, requests for information from authorities abroad in the context of international requests for administrative assistance, etc. The data will not be passed on to third parties.
  • review and optimise processes for electronic data processing
  • generate tariff calculations and conduct internal controlling or
  • in case of a legal dispute respectively defend accordingly

Generally we process your Personal Data on the basis of a general consideration of interests, i.e. we balance our interests with the respective interests of the person concerned. Our interest is usually the economic interest of concluding and performing the contract.

If in exceptional cases we receive health data from the primary insurer in connection with the assessment of risks, claims or benefit, the legal basis is usually your consent, which the primary insurer obtains from you. For example this can be the case in liability insurance or in life insurance, health insurance or accident insurance.

Generally we receive your Personal Data from the primary insurer or from the intermediary in charge of the primary insurer. In this regard we receive in particular names, addresses, gender, marital status, age and information on claims or benefits (e.g. medical reports, police and medical records).

In exceptional cases we cover a risk together with other reinsurers and receive the Personal Data from the reinsurers involved.

Within the scope of the reinsurance contract, data might be transferred to third parties:

(a) Primary Insurers

In connection with the treaty conclusion and performance we transfer your Personal Data to the primary insurer and, if applicable, to the primary insurer’s intermediary.

(b) Other Reinsurers

In rare exceptional circumstances, e.g. in the event of a high financial default risk, we may transfer parts of the assumed risks on to other reinsurers (retrocessionaires). Here it may be necessary to provide the other reinsurer with appropriate underwriting information.

In addition, data may also be transferred to other reinsurers if they reinsure a risk together with us (coinsurance).

Data is generally transmitted to these other reinsurers as part of a general balance of interests. If it is necessary to transmit health-related information to other reinsurers, the legal basis usually is your consent which the primary insurer has obtained from you. Given consents can generally be revoked with effect for the future.

(c) Contractors and Service Providers

Contractors and service providers with whom we have long-term business relationships can be found listed on the internet.

By your request we will send you a printout by mail. Please contact our Data Protection Officer in this case.

Service providers do not only fulfill "auxiliary functions" and are bound by our instructions in this case. They may also fulfill further functions for us at their sole discretion. This so-called “functional transfer” is provided for in data protection law.

If you can prove that because of your individual situation your legitimate interests outweigh our interest, you can object to the data transmission in case of “functional transfers”.

However, it is not sufficient if you object to the data transfer to service providers in general or to a specific service provider without giving specific reasons. “Functional transfers” can also be found in the above mentioned list of service providers.

(d) Superordinate Financial Conglomerate Companies

We transmit Personal Data to DZ BANK AG as our superordinate financial conglomerate company if and only insofar as we are legally obliged to do so. Such an obligation may arise from the requirements on proper business organisation, e.g. an appropriate and effective risk management at Group level.

(e) Public Authorities and other bodies with public service functions

We transmit your Personal Data to authorities and other bodies with public cum legal tasks if we are legally or contractually entitled or obliged to do so.

Such data transmission may take place at the request of an authority. We will then verify whether the authority is allowed to receive the data in question.

In certain cases we are legally obliged to transmit your data to authorities, e.g. due to tax regulations or for statutory reporting requirements.

Especially in cases when the insured risk or the primary insurer is located in a non-EU/-EEA country (“third country”), it may be necessary to transfer data to a third country.

With regard to our transmission of Personal Data within the EU/EEA, we of course observe the strict legal requirements.

However, if necessary, we transfer your Personal Data to service providers in third countries outside the EU/EEA, e.g. within the framework of IT services or to authorised experts. The choice of service providers and the contractual agreements are of course based on the statutory rules.

In rare exceptional cases, we may transfer your data to other reinsurers (retrocessionaires) in third countries outside the EU/EEA.

In certain cases, there are also legal reporting obligations, which require us to transfer your data to authorities and comparable bodies in third countries outside the EU/EEA.

Such transmission may also be necessary in the event of legal disputes with foreign elements (e.g. lawyers).

If necessary, we process your Personal Data for the duration of our business relationship. This can also be the negotiation or settlement of a contract.

In addition, we are subject to various obligations to preserve records and for documentation purposes. These obligations result, among other things, from the German Commercial Code (HGB), the German Tax Code (AO), the German Money Laundering Act (GWG) or the German Insurance Company Accounting Ordinance (RechVersV). They contain specified deadlines for preservation and documentation which range from two to 30 years.

The maximum storage time is further based on the statutes of limitation which may be up to 30 years, e.g. in accordance with §§ 195 ff. of the German Civil Code (BGB). The regular limitation period is three years.

You can claim your legal rights to information, correction, deletion, restriction of processing and data transferability against our Data Protection Officer.

If data processing is based on a general balance of interests, you have the right of objection against this data processing, if reasons against data processing arise from your individual situation.

You have the right of appeal to a competent data protection supervisory authority (Article 77 of the General Data Protection Regulation).