msg Logo

Privacy policy of msg life ag/msg nexinsure ag

Introduction

Thank you for visiting our website (www.msg-insurit.com) and for your interest in our products and services.

www.msg-insurit.com is a joint website of msg life ag and msg nexinsure ag (hereinafter referred to as service providers) under the shared brand name msg insur:it.

The service providers within the meaning of Article 5, paragraph 1, of the Telemediengesetz (TMG – German Telemedia Act) for the website at www.msg-insurit.com are the following companies: msg life ag and msg nexinsure ag.

In addition to providing our customers with holistic support, the protection of your personal data is extremely important to us.

This privacy policy details what activities we perform as part of your visit to our website and in accordance with the relevant statutory data protection regulations, what information we might collect and in what format it is processed.

Any amendments to this privacy policy will be published on this page in order to notify you of what data is stored and used by the service providers.
The most important categories of data protection information are set out below.

I) Name and address of the controllers

The data controllers responsible for collecting, processing and using your personal data in the sense of the European General Data Protection Regulation (GDPR) are:

 

msg life ag
Humboldtstrasse 35,
70771 Leinfelden-Echterdingen, Germany
Tel.: +49 (0)711 949 580, fax: +49 (0)711 949 589 949
Email: info@msg-life.com

 

msg nexinsure ag
Robert-Bürkle-Strasse 1,
85737 Ismaning, Germany
Tel.: +49 (0)89 961 017 100
Fax: +49 (0)89 961 011 113
Email: nexinsure@msg.group

If you wish to object in general to the collection, processing and use of your data by the service providers in line with this privacy policy or specific aspects thereof, you can send your notice of objection to the addresses above by email, fax or post.

II) Name and address of the data protection officer

The data protection officer of the service providers is:

Claus Bauer
msg systems ag
Robert-Bürkle-Strasse 1,
85737 Ismaning, Germany
Fax: +49 (0)89 961 011 113
Email: Datenschutz@msg.group

III) General information on data processing

1) Why we use data

We aim to continuously improve our website, products and services and make them more attractive. Only when we know what sections of our website are visited most frequently and for the longest can we optimise the content of the msg insur:it websites in line with your requirements. If you entrust us with personal information, it will be used by the service providers for the purposes of technical administration of the website, customer management, product surveys and marketing. The better we understand your wishes, the faster you will be able to find the information on our website.

 

2) Collection and processing of personal data

In this section, we describe the collection of personal data when you use our website. Personal data is all data that can be attributed to you personally, for example, your name, address, email addresses and user habits.

If our website prompts you to provide personal information such as your name, address or phone number, it is subject to special conditions of which you are made aware through the formulation below:

‘I consent to the collection, processing and use of my personal data, for example, for the purposes of registration, a contact form, a survey, a competition, a request for a publication, a newsletter subscription, the execution of a contract or customer relations and promotional measures. I can withdraw this consent at any time by sending notice to msg life ag, Data Protection, Humboldtstr. 35, 70771 Leinfelden-Echterdingen, Germany, or to msg nexinsure ….’

Besides the data that you provide to us, we use information based on how you use our website; this helps us guide you to information that might be of interest to you as quickly as possible and optimise our website continuously.

When you visit our website, we only collect the personal data that your browser sends to our server. If you would like to view our website, we collect data that is technically necessary for us to display our website and ensure its stability and security. The following data is collected:

  • IP address of the user
  • date and time of the request or registration
  • content of the request (specific page)
  • volume of data transferred in each case
  • source of the request
  • information about the browser type
  • operating system of the user
  • language and version of the browser software
  • websites from which the system of the user accesses our website
  • websites visited by the system of the user through our website

The data is also stored in log files on our system.

We only store other personal data if you provide us with it, for example, for the purposes of registration; a contact form; a survey; a competition; a request for a publication; a newsletter subscription; the execution of a contract; or attracting, surveying and notifying potential customers, and in such cases only insofar as permissible on the basis of consent you have granted or in line with the relevant statutory regulations. The data is entered into a form, encrypted and sent to us and then stored by us.

If a contact makes use of the form, the data entered in the contact form will be transmitted to us and stored. For example, this data includes your first name, surname, job title, company, email address, phone number, your message or comment, your address, postcode, town or city, country and website.

Your consent to the processing of the data will be requested as part of the sending process, and you will be referred to this privacy policy.

Alternatively, you can also contact us via the email address provided. In this case, the personal data of the user that is transmitted along with the email will be stored.

 

3) Legal grounds for the processing of personal data

When we obtain the consent of a data subject to the processing of personal data, Article 6, paragraph 1, point (a), of the GDPR serves as legal grounds.

Article 6, paragraph 1, point (b), of the GDPR serves as legal grounds for the processing of personal data where the processing is necessary for the performance of a contract to which the data subject is party. This also applies to data processing that is necessary to take steps prior to entering into a contract.

Article 6, paragraph 1, point (c), of the GDPR serves as legal grounds for the processing of personal data where processing is necessary for compliance with a legal obligation to which our company is subject.

Additionally, we process personal data for the purposes of our legitimate interests and the legitimate interests of third parties in accordance with Article 6, paragraph 1, point (f), of the GDPR. Such legitimate interests include preserving the functionality of our IT systems, marketing our own and third-party products and services and the legally necessary documentation of business contacts.

 

4) Purpose of processing

  1. a) The temporary storage of an IP address by the system is necessary for the purpose of transmitting the website to the computer of the user. For this purpose, the IP address of the user must remain stored for the duration of the session. The IP addresses are required to diagnose problems and manage the website, and for demographic information.
    The logged data is used exclusively for the purposes of data security, especially to prevent attempts at hacking our server and for statistical evaluations.
  2. If you provide us with other personal data, for example, for the purposes of registration; a contact form; a survey; a competition; a request for a publication; a newsletter subscription; the execution of a contract; or attracting, surveying and notifying potential customers, we will use the data for the purposes of customer management and – if necessary – processing and settling any transactions to the extent required in each case.
  3. If the data subject contacts a company of the service providers with a request for information (e.g. a request for information to be sent through our website), the processing of data is permissible for us to comply with the request. Personal data may be processed for promotional purposes or for market and opinion research as long as it is consistent with the purpose for which the data were originally collected.
  4. If the data subject contacts us by email, the processing of personal data establishes the necessary legitimate interest in the processing of the data.
  5. The other personal data processed during the sending procedure serve to prevent the misuse of the contact form and ensure the security of our IT systems.

 

5) Erasure of data and duration of storage

The personal data of the data subject will be erased or blocked as soon as the purpose for which it was stored has been achieved. Data can only be stored beyond this point if provided for by European or national legislation in European regulations, laws or other ordinances to which the controller is subject. The data will then be blocked or erased at the end of a storage period prescribed by these legal standards unless it is necessary to continue storing the data for the conclusion or performance of a contract.

If the data has been stored in log files, they will be deleted within no more than seven (7) days. It is possible to store the data for a longer period. In this case, the IP addresses of the user will be deleted or anonymised in order to prevent them from being associated with the visiting client.

 

6) Rights to object and erasure

The collection of the data in order to make the website available and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, the user has no right to object.

The user can revoke their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. If you wish to withdraw your consent or modify the personal data you have provided for the purposes of correspondence, registration, etc., please send an email to the Marketing departments of the service providers at contact.insurit@msg-life.com.

In this case, all personal data that have been stored will be erased.

IV) Use of cookies

1) Description and scope of data collection

Our website uses cookies. Cookies are text files which are stored in or by the internet browser on the computer of the user. If the user visits a website, a cookie can be stored on the operating system of the user. This cookie contains a unique character string that makes it possible to unequivocally identify the browser when it visits the website again. Cookies cannot run programs or transmit viruses to your computer.

We use cookies to make our website more user-friendly. Some elements of our website require the visiting browser to be identifiable even after a change of page.

The provider of the pages automatically collects and stores information in server log files, which your browser sends to us automatically. This information includes:

Your browser type and version, your operating system, the referrer URL, the host name of the visiting computer, the date and time of the server request and your IP address.

Such data cannot be attributed to individual people. This data is not merged with other sources of data. We reserve the right to subsequently examine this data if we have specific indications of unlawful use. This data is not merged with other sources of data.

You can set your browser to inform you whenever cookies are in use and allow cookies only in individual cases, to accept cookies in certain situations or to prohibit their use altogether, as well as activate the option to have them automatically deleted when you close the browser. Deactivating the cookies may prevent certain functions of the website from working properly.

 

2) Legal grounds for data processing

Article 6, paragraph 1, point (f), of the GDPR serves as the legal grounds for the processing of personal data collected by cookies. We have a legitimate interest in the storage of cookies in order to optimise the provision of our services with no technical errors.

 

3) Purpose of data processing

Technically necessary cookies are used to simplify the use of the website for the user. Some features of our website cannot be provided without cookies. They require the browser to be identifiable even after changing pages.

The user data collected through technically necessary cookies will not be used to create user profiles.

We also have a legitimate interest in processing personal data for these purposes in accordance with Article 6, paragraph 1, point (f), of the GDPR.

 

4) Duration of storage

Cookies are stored on the computer of the user and transmitted to our website from there. Consequently, as the user, you can also have full control over the use of cookies. You can change the settings in your browser to deactivate or restrict the transfer of cookies.

 

5) Rights to object and erasure

Cookies that are already on your computer can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, this might result in some of the features of the website not being fully available.

 

6) Cookie settings


 

V) Applicant management

If you submit an application through the online application form for one of the open positions at msg life or msg nexinsure or send a speculative application to msg life or msg nexinsure, all the data you provide will be stored in our applicant management system. Within the application process, we conduct time-shifted video interviews for selected positions on a case-by-case basis. The creation of the video files is optional and this data is also stored in the applicant management system and on the associated video platform.

 

For certain positions we offer the possibility to apply via WhatsApp. This is a fully-integrated add-on to our applicant management system. WhatsApp itself is not used during the application process by msg life or msg nexinsure. The application via WhatsApp is optional. Data which is collected throughout this process will also be stored in the applicant management system. If you choose to use the application via WhatsApp, the legal basis for the communication is your anytime revocable consent (Article 6, paragraph 1a GDPR). The company PitchYou GmbH (Campusallee 9, 51379 Leverkusen, www.pitchyou.de) acts as processor and has access to your data. You can find more information in German here: www.pitchyou.de/datenschutz. You can find the data protection information of WhatsApp, e.g.concerning the processing of your data or your data protection rights towards WhatsApp, here: www.whatsapp.com/legal/privacy-policy-eea. We concluded a corresponding data processing agreement with PitchYou GmbH according to Article 28 GDPR.

 

msg life and msg nexinsure will not pass on any data provided to us as part of an application to third parties outside the respective corporate group. We will only review your application for further employment opportunities in both companies with your express consent that you actively agree to an extended use your application documents as part of the application process. Upon completion of the application process, msg life and msg nexinsure will only store the application data (incl. video recordings) beyond the conclusion of the application process for as long as legally permissible, especially in accordance with the provisions of the Bundesdatenschutzgesetz (BDSG – German Federal Data Protection Act) and the GDPR. Therefore, msg life and msg nexinsure will delete your personal data six months after the end of the application process, unless you have entered into an employment contract with us. This does not apply if the erasure of the data is prevented by statutory provisions, if it is necessary to continue storing the data for the purposes of having evidence or if you have consented to a longer storage period.

 

Further detailed information on how msg life and msg nexinsure handle the data provided by applicants can be found in the respective privacy policy on applicant data, which is displayed in the application form during the application process. Together with the confirmation of receipt of your application, you will also receive the respective privacy policy from msg life or msg nexinsure on the handling of application data by email.

VI) E-mail/contact form

1) Description and scope of data collection

Our internet site offers a contact form that can be used to contact us electronically. If a user makes use of the form, the data entered in the contact form will be transmitted to us and stored. This data includes:

  • form of address
  • title
  • first name
  • surname (required field)
  • position (required field)
  • company (required field)
  • country (required field)
  • email address (required field)
  • telephone
  • your message (required field)

The following information is also stored when you submit your message:

  • the user’s IP address
  • date and time of sending the contact form

Your consent to the processing of the data will be requested as part of the sending process, and you will be referred to this privacy policy.

Alternatively, you can also contact us via the email address provided. In this case, the personal data of the user that is transmitted along with the email will be stored.

The information obtained in this context is not transferred to third parties outside the service providers. The information is only used to process the conversation.

 

2) Legal grounds for data processing

Legal basis for processing information once the user’s consent has been obtained is Article 6, paragraph 1, point (a), of the GDPR.

 

3) Purpose of data processing

The personal information provided on the input screen is used for the sole purpose of handling the contact request. In case of contact by email, the information is processed as a necessary legitimate interest.

The other personal data processed during the sending procedure serves to prevent the misuse of the contact form and ensure the security of our IT systems.

 

4) Duration of storage

Data is deleted as soon as it is no longer required for the purpose it was collected. In regard to personal information from the input screen of the contact form and personal information sent by email, such information is deleted when the respective conversation with the user is terminated. A conversation is considered terminated when the circumstances indicate that the subject under discussion has been fully clarified.

Any further personal information collected during the transmission is deleted no later than within a period of seven days.

 

5) Rights to object and erasure

The user can revoke their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. It will not be possible to continue a conversation in such cases.

If you would like to revoke your consent/the storage of your information, please contact the marketing team of the service providers at this address: contact.insurit@msg-life.com

Any personal information stored as part of the contact request will be deleted.

VII) Virtual meetings (videoconferences)

In order to virtualise meetings, the service providers organise videoconferences in which participants’ voices and potentially also their images are transmitted to all of the other participants by microphone and webcam (‘video conferences’).

In the process, the service providers make use of other service providers which supply their software and potentially also technology (‘videoconference systems’). Pursuant to Article 28 of the GDPR, the service providers have entered into a processing agreement with each of these service providers.

 

a)    Processing of data by the service providers for the purposes of videoconferences

We have to process various types of data in order to use videoconferences. The total amount of data processed as part of videoconferences depends on the features of the videoconference system provided by the videoconference service provider and on the data each user provides before, during and after taking part in a videoconference.

As a rule, the following personal data can be processed for the purposes of a videoconference:

Data relating to the user: such as the user’s display name, online status (optional), status notifications, profile picture (optional), email address (under certain circumstances) and preferred language.

Meeting metadata: such as the date, time, duration, meeting ID, phone number (under certain circumstances) and location.

Text, audio, video and other multimedia data: Data from your microphone, your webcam or a device display (if you use a screen or content-sharing tool) will be processed for the duration of the meeting for the purposes of displaying video signals and audio signal and multimedia file playback. For example, the latter is necessary if have to give a screen presentation. Each user can activate and deactivate the transmission of data from their camera and microphone at any time. A user has to actively turn on the screen/content-sharing tool and can turn it off again at any time.

You can also use the chat feature simultaneously in a videoconference. In this context, the text you type, the links or content you share and your social interactions (such as emojis, pictograms, ‘liking’ comments or sending GIFs) will be processed in order to show them to the participants in the videoconference.

 

b)    Legal grounds for data processing

The legal grounds differ depending on whether employees of the service providers are taking part in the videoconference organised by the service providers:

If the personal data of employees of the service providers is processed, the data processing is based on Section 26 of the BDSG in conjunction with Article 88 of the GDPR in order to establish, execute (i.e. organise) and terminate the employment relationship.

For other videoconferences and if we have no contractual relationships with the participants (i.e. employment), we organise videoconferences on the basis of Article 6, paragraph 1, point (f), of the GDPR. In this context, we also have a legitimate interest in the effective execution of videoconferences for and with third parties.

 

c)    Storage of data

Videoconferences are not recorded. If a videoconference is set to be recorded, the service providers will inform all participants transparently and, if necessary, ask for their consent.

Microsoft logs the content of chats when Microsoft Teams is used. Files that users share in chats are stored in the OneDrive for Business account of the user who shared the file. Files that team members share in a channel are stored on that team’s SharePoint website.

No automated decision-making as defined by Article 22 of the GDPR is used.

 

d)    Recipients of data

Personal data that is processed in connection with participation in videoconferences are only shared with our processors, i.e. the service providers who help us execute the videoconferences.

Otherwise, the data will only be disclosed to third parties if the service providers are legally obliged to do so (e.g. by a court order) or if the data subject expressly consents to the disclosure of their data.

 

e)    Data processing outside of the European Union

Where possible, the service providers have restricted their storage sites to data centres in the European Union. Therefore, no data processing takes place outside of the European Union.

VIII) Google Tag Manager

On our website, we use the service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google Tag Manager). Google Tag Manager offers a technical platform for the execution and bundling of other web services and web-tracking programs using so-called ‘tags’. In this context, Google Tag Manager stores cookies on your computer and, insofar as web-tracking tools are executed using Google Tag Manager, analyses your surfing behaviour (so-called ‘tracking’). This data sent by individual tags integrated into Google Tag Manager is merged, stored and processed by Google Tag Manager under a uniform user interface. All integrated tags are listed separately in this privacy policy. For more information on the data protection of the tools integrated into Google Tag Manager, please refer to the relevant section of this privacy policy. When you use our website with Google Tag Manager tags activated, data, in particular your IP address and your user activities, are transmitted to servers of Google Ireland Limited. With regard to web services integrated using Google Tag Manager, the provisions in the relevant section of this privacy policy apply. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager prior to transmission by IP anonymisation of the source code. In this case, Google Tag Manager only enables the anonymised collection of IP addresses (so-called IP masking).

Pursuant to Article 6, paragraph 1, point (a), of the GDPR, the legal basis for data processing is your consent in our notice banner regarding the use of cookies and web tracking (consent by clear affirmative action or behaviour).

On our behalf, Google will use the information obtained via Google Tag Manager to evaluate your visit to this website, compile reports on website activity and provide us with other services related to website and internet usage.

Google will store the data relevant to the functionality of Google Tag Manager for as long as is necessary to fulfil the booked web service. Data is collected and stored anonymously. If there is a personal reference, the data will be deleted without delay, provided that it is not subject to any statutory storage obligations. In any case, the data will be deleted once the storage obligation has expired.

You can prevent the collection and transmission of personal data to Google (in particular your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser or activating the ‘Do Not Track’ setting in your browser. You can also prevent Google from collecting and processing the data generated by the Google cookie relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en. Google’s security and data protection principles can be found at https://policies.google.com/privacy.

IX) Use of Google Analytics

We use Google Analytics, a web analytics service operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (‘Google’). Google Analytics uses so-called ‘cookies’. Cookies are text files that are stored on your computer, enabling the analysis of your website usage.

It cannot be excluded that the collected information may be transferred to a Google server in a third country and saved there, especially a server of Google’s parent company, Google LLC, based in 1600 Amphitheatre Parkway, Mountain View, California, USA.

The IP anonymisation function is activated on this website, so that Google truncates your IP address prior to storing it; this shall be done for all member states of the European Union or in other states where the agreement pertaining to the European Economic Area applies. Only in exceptional cases is the full IP address forwarded to a Google LLC server in the United States and truncated there.

On behalf of the operator of this website, Google will use said information to analyse your use of this website, to create reports on website activities and to provide other services affiliated with the website usage and internet usage for the operator of the website. It this case, pseudonymous user accounts can be created based on the processed data. The truncated IP address provided by your browser as part of Google Analytics is not combined with other data by Google.

You can prevent the storage of cookies by activating the corresponding setting in your browser software. However, disabling the cookies used by our website may means you will not have full access to all of the functions of our website.

You may also prevent Google from collecting the data generated by a cookie and data related to your use of the website (including your IP address), as well as the processing of said data by Google, by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en.

The analysis of the use of the website is considered a legitimate interest as defined in Article 6, paragraph 1, point (f), of the GDPR.

More information on Google’s use of data for advertising purposes and possibilities concerning the settings and contradiction can be found on Google’s websites:

X) Online appearance in social media

We operate publicly available profiles in social networks to get in touch with active users, interested parties and customers and to inform them about our services.

Data of social network users on platforms such as Instagram, YouTube and Facebook may be processed in third countries – for example the USA. Therefore, the enforcement of the user’s rights can be more difficult.

If you are logged onto your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

With the collected data, the operators of the social media portals can create user profiles in which your preferences and interests are saved. The data is usually used for market research and advertising purposes. In this way, personalised advertising can be shown to you within and outside the respective social media presence. If you have an account with the respective social network, the interest-related advertisement may be shown on all devices and platforms where you are or were logged onto.

Please also note that we cannot reconstruct all processes on the social media portals. Depending on the provider, operators of social media portals may carry out further processes. More details concerning the terms of use and privacy policies can be found on the respective social media portals.

 

1) Legal basis

Our social media efforts are intended to ensure the widest possible presence online. This represents a legitimate interest in the sense of Article 6, paragraph 1, point (f), of the GDPR. The analytic processes initiated by social networks may be based on a different legal basis that is to be indicated by the social network operators (e.g. agreement based on Article 6, paragraph 1, point (a), and Article 7 of the GDPR).

 

2) Responsible party and enforcement of rights

If you visit one of our social media sites (e.g. Facebook), we, together with the operator of the social media platform, are responsible for the data processes that have been produced. In principle, you can assert your rights (disclosure, correction, deletion, restriction of processing, objection and complaint) both to us and the operator of the respective social media portal (e.g. to Facebook).

Despite having joint responsibility with the social media portal operators, please note that we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

 

3) Duration of storage

Data collected directly by us through our social media presence will be deleted from our systems as soon as the purpose for storage ceases to apply, you ask us to delete the data, you revoke your consent to storing the data or the purpose for storing the data ceases to apply. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We do not have any control over the storage time of your data collected by the social network operators for their own purpose. For more details, please contact the operators of the social networks (e.g. in their privacy policy, see below).

 

4) Social networks in detail

XI) Use of social media follow buttons

Our website uses individual ‘social plug-ins’ as well as follow buttons. Through these plug-ins, data – including personal data – can be sent to and potentially used by service providers in the United States.

 

1) Shariff security tools

The website itself does not collect personal data through the social plug-ins or through their use. As service providers, we use Shariff in order to prevent data from being sent to service providers in countries such as the United States without the knowledge of the user. This solution ensures that, initially, no personal data is disclosed to the providers of the individual social plug-ins when you visit our website. Only when you click on one of the social plug-ins can the data be sent to and stored by the service provider.

For more information on Shariff, please visit the website of the provider Heise Medien Gmbh & Co. KG: https://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

 

2) Follow buttons for Facebook, Instagram, Xing and LinkedIn

Facebook, Instagram, Xing and LinkedIn follow buttons are integrated into website footers on our pages. You can recognise these buttons by the respective company logo. When clicking on these buttons, website visitors are directed to our social media accounts.

If you visit our website, clicking on the button establishes a direct connection between your browser and the operators of the social media platforms. This notifies the operators of the social media platforms that you have visited our website via your IP address. Please note that, as the provider of the website, we have no knowledge of the content of the transmitted data or how they are used. You can find more information on this in the privacy policy of the social media platform operator listed above.

If you do not want the operators of the social media platforms to be able to associate your visit to our website with your user accounts, please log out of your user accounts.

 

3) YouTube

We have embedded videos from YouTube (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) into our website. It works with the double-click procedure. At first, our website just shows a thumbnail without establishing a connection to YouTube. When clicking on the thumbnail, a connection to YouTube will be established and your IP address will be transferred to the YouTube servers. YouTube is notified that you have visited our website with your IP address. We do not receive any information about the data collected in this way and how the data is used.

If you are logged onto your YouTube or Google account, Google can add the processed data to your account and treat them as personal data. This depends on your account settings; see in particular: https://policies.google.com/technologies/partner-sites?gl=de&hl=en.

We embed YouTube videos into our website, allowing you to watch them directly. By integrating external videos, we relieve our servers and can use corresponding resources elsewhere in order to increase the stability of our servers. This is considered a legitimate interest as defined in Article 6, paragraph 1, point (f), of the GDPR.

Further information on data processing by Google can be found at: https://policies.google.com/privacy.

 

4) Vimeo

Vimeo videos are embedded into our website. Operator of the relevant plugins is Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA. It works with the double click procedure. At first, our website just shows a thumbnail without establishing a connection to Vimeo. When clicking on the thumbnail, a connection to Vimeo will be established and your IP address will be transferred to the Vimeo servers. Vimeo will be informed that our website has been visited with your IP address. We do not receive information about this data and its use.

If you are logged onto your Vimeo account, Vimeo can add the processed data to your account and treat them as personal data. This depends on your account settings and you can adjust your cookie preferences (https://vimeo.com/cookie_policy).

Further information on the data processing by Google can be found at: https://vimeo.com/privacy

 

5) Google Ads

We use Google Ads to draw attention to our offers in Google search results and on third-party websites. Google Ads is an analytics service operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (‘Google’).

If you click on an ad placed via Google, a cookie for conversion tracking is stored on your device. This cookie is valid for a limited period of time. If you visit certain pages of our website and the cookie has not yet expired, we, along with Google, may recognise that you have clicked on the ad and been redirected to that page.

It cannot be excluded that the collected information may be transferred to a Google server in a third country and saved there, especially a server of Google’s parent company, Google LLC, based in 1600 Amphitheatre Parkway, Mountain View, California, USA.

If you are logged onto your Google account, Google can add the processed data to your account and treat them as personal data. This depends on your account settings; see in particular: https://policies.google.com/technologies/partner-sites?gl=de&hl=en.

Targeted advertising and the analysis of the impact and efficiency of such advertising is considered a legitimate interest as defined in Article 6, paragraph 1 sentence 1, point (f), of the GDPR.
For more information on how Google Ads works and how Google processes data, please visit:

XII) Use of Marketo and Salesforce

Our website uses Marketo, a web analytics and marketing service provided by Adobe (Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland).

The information generated by the cookie on how the user uses the website is normally sent to and stored by Marketo. Marketo will use this information on our behalf for the purposes of evaluating how the website is used, compiling reports on website activity and providing us with other services relating to website activity and internet usage. Additionally, Marketo is used to store the data you input in the forms on our website in a cookie.

Marketo is used on the basis of Article 6, paragraph 1, point (f), of the GDPR and serves to optimise our marketing measures.

Further information on data protection at Marketo can be found here: https://www.adobe.com/privacy/policy.html

You can prevent the installation of feature and advertising cookies by changing the settings in your browser; in this case, you might not be able to make full use of all of the features of the website. Additionally, you can object to the collection of the data generated by the cookie concerning your use of the website by Marketo as well as the processing of the data by Marketo by clicking on the following link:

https://docs.marketo.com/display/public/DOCS/Understanding+Privacy+Settings

Please note that if you delete this cookie or all cookies, the information that you have exercised your right to object will be erased as well.

If you wish to withdraw your consent or modify the personal data you have provided for the purposes of correspondence, registration, etc., please send an email to the Marketing department of the service providers at: contact.insurit@msg-life.com.

 

2) Salesforce

The service providers store and use the data you provide on the website in systems belonging to the company salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (‘Salesforce’), for the purposes of customer relationship management (‘CRM’). The address of the US parent company is as follows:  The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.

Salesforce may only access the data within the scope of our instructions (order processing). Salesforce also takes strict technical measures in order to protect your personal data. Salesforce does not give your personal data to third parties unless this is required for the rendering of the agreed services or Salesforce must do so in order to comply with the law or a valid and binding instruction from any governmental or regulatory authority. The data provided in such cases is limited to the minimum required.

A contract for order processing was concluded with Salesforce which includes the standard EU contract clauses if data is processed in the United States for maintenance purposes.

The legal basis for processing your data is Article 6, paragraph 1, point (f), of the General Data Protection Regulation (GDPR). The service providers use the CRM system from the provider Salesforce in order to process the requests of users more quickly and efficiently.

The duration of data storage is determined by the legal requirements for data retention.

See the following link for more information on data protection at Salesforce: https://www.salesforce.com/company/privacy/

XIII) Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Article 6, paragraph 1, point (f), of the GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a JavaScript-based code, which is used to capture company-related data and corresponding website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.

The data stored by SalesViewer® will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it.

In order to prevent SalesViewer® from recording your data, your consent for data recording and storage can be revoked at any time with immediate effect for the future by clicking on https://www.salesviewer.com/opt-out. In this case, an opt-out cookie for this website is saved on your device. If you delete your cookies in this browser, you will need to click on this link again.

XIV) Privacy policy for use of Qualification Suite

What data do we collect?

When you open an account with us, we will ask you to provide the following data: first name, surname, email address and a password of your choosing. The verification code that we send you and you provide during registration designates your employer. This information is used for billing purposes. Additionally, you are free to upload a profile picture to the application.

After you register, you will receive a verification email in order to confirm your identity. The verification link is valid for two weeks.

 

For what purposes and on what legal grounds is your data used?

On the one hand, we process this data in order to create your account so you can access the services we provide and we can execute the contract. On the other hand, we process the data so you can create a profile.

As long as we require your data in order to execute the contract with you and provide you with our services or take steps prior to entering into a contract due to an enquiry you have submitted, the data processing is based on Article 6, paragraph 1, point (b), of the GDPR. If you voluntarily provide details in order to complete your profile, the data processing is based on Article 6, paragraph 1, point (a), of the GDPR.

 

Processing of personal information

Your data is stored on highly secure servers within the European Union. Technical and organisational measures have been implemented in order to protect your data from loss and destruction and from being accessed, altered and disseminated by unauthorised parties. Your data can only be accessed by a few authorised people. These people are responsible for technical server maintenance, server administration or editing. However, despite regular checks, complete security against all risks cannot be guaranteed.

Your personal data will be encrypted when transmitted over the internet. Data transfers will be subject to SSL and TLS encryption (Secure Socket Layer / Transport Layer Security).

 

Disclosure of personal data to third parties

As a rule, we shall only use your personal data to provide the services you require. In order to provide digital training courses, we use the study platform provided by Magh und Boppert GmbH, Schulze-Delitzsch-Str. 8, 33100 Paderborn, Germany.

The following data is processed on the platform: first name, surname, email address and study history (completed courses, event participation, feedback and certifications).

Magh und Boppert GmbH can access your data in situations in which you require support. The sole purpose of this access is to provide the service.

Furthermore, the data shall not be shared with third parties, either in full or as extracts. The data shall not be compared with other databases. We shall not share your data with third parties, especially for advertising purposes, without your express consent. We shall only disclose your personal data if you have consented to the disclosure or if we are entitled or obliged to do so under statutory provisions and/or official or court orders. In particular, the purpose of such a disclosure might be to provide information for prosecution, avert a dangerous situation or enforce intellectual property rights.

 

Erasure of data and duration of storage

As a rule, we shall always erase or block your personal data when it is no longer necessary for the purpose for which it was originally stored. However, the data can be stored for longer if this is required by legal regulations to which we are subject, potentially with regard to statutory duties of storage and documentation. In such a case, we shall erase or block your personal data after the regulations cease to apply.

You can delete your voluntarily uploaded profile picture – which we store with your consent – at any time by clicking on ‘Delete picture’ in your profile. This constitutes a withdrawal of consent in the sense of Article 7, paragraph 3, of the GDPR.

We shall store the data in the user account for as long as you remain an active user. If you are inactive for one year, your account status shall be set to inactive. You can request the deletion of your user account at any time.

 

Registration

You must register to use our online service. To do so, you must provide the data required by the registration process such as your name, address and email address. Additionally, we shall document the date and time of registration and your IP address. As part of the registration process, we shall ask for your consent to use the data.

If you grant consent, your registration data shall be processed on the basis of Article 6, paragraph 1, point (a), of the GDPR. If you register with us in order to perform or initiate a contract, the data shall also be processed on the basis of Article 6, paragraph 1, point (b), of the GDPR.

The mandatory information you are asked to provide during the registration process is necessary in order to execute or initiate a contract with us regarding certain services. When you register, a user account shall be created for you.

When you use Qualification Suite, your activity will be documented in your user account, especially the content you view. The purpose of the user account is to manage the content you view and provide the correct content each time. Therefore, the processing of data is based on Article 6, paragraph 1, point (b), of the GDPR.

XV) Where is my data processed?

Your data is processed in Germany. Data is also processed in European and third countries within the boundaries of the law.

XVI) How secure is my data?

In order to protect your data from being hacked and misused, the service providers have taken extensive technical and operational security precautions in line with European legislation.

XVII) Transfer of personal data

The transfer of personal data to recipients outside of the service providers shall be subject to admissibility criteria concerning the processing of personal data.

The recipient of the data is contractually obliged to process the data, to only use the data for the stated purposes and to process the data in line with the instructions of the service providers.

If personal data is transferred by a company based in the European Economic Area to a company based outside of the European Economic Area (a third country), the importing company is obliged to cooperate with any and all queries made by the supervisory authority responsible for the exporting company and heed the conclusions of the supervisory authority with regard to the transmitted data. The same applies analogously to data transfers by companies from other countries. If they are participating in an international certification system for binding data protection regulations for companies, they must ensure that they cooperate with the certification bodies and authorities in accordance with the rules of the system.

In cases of cross-border data processing, each set of national requirements concerning the disclosure of personal data abroad must be met. In particular, personal data is only transferred from the European Union and European Economic Area to a third country if the specific requirements of the GDPR concerning data transfers to third countries are met and the processing of the personal data is lawful. The following are examples of suitable instruments:

  • Agreement of standard European contractual clauses for data processing in third countries with the contractor and any subcontractors.
  • Participation of the provider in a certification system recognised by the European Union and designed to establish an adequate level of data protection.
  • Acknowledgement of binding corporate rules of the contractor to establish an adequate level of data protection by the supervisory authorities responsible for data protection.

XVIII) Rights of the data subject

If personal data concerning you is processed, you are a data subject in the sense of the GDPR and you have the following rights with regard to the controller:

 

1) Right to information

You are entitled to request information on the scope, origins and recipients of the stored data as well as the purpose for which the data was stored free of charge.

  1. a) If personal data is transmitted to third parties, information must also be provided on the identity of the recipient or the categories of recipients.
  2. b) The data subject may object to the processing of their personal data for the purposes of advertising or for market and opinion research. For these purposes, the data must be erased.

 

2) Right to rectification

You are entitled to obtain from the controller the rectification and/or completion of the personal data concerning you, provided that it is inaccurate or incomplete. The controller must carry out the rectification without delay.

 

3) Right to erasure

You are entitled to obtain from the controller the erasure of personal data concerning you without delay and the controller is obliged to erase personal data without delay where one of the following grounds applies:

(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2) You withdraw consent on which the processing is based according to Article 6, paragraph 1, point (a), of the GDPR, or Article 9, paragraph 2, point (a), of the GDPR, and where there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21, paragraph 1, of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21, paragraph 2, of the GDPR.

(4) The personal data concerning you has been unlawfully processed.

(5) The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) The personal data has been collected in relation to the offer of information society services referred to in Article 8, paragraph 1, of the GDPR.

 

4) Right to data portability

You are entitled to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format.

 

5) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6, paragraph 1, points (e) or (f), of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

6) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

 

Last amended: 12.2.2024