Contact
Report a claim

Data protection at HanseMerkur

The protection and security of your data is a very important matter to HanseMerkur. Find out here about your rights and about measures we have taken to protect you: The data controller within the meaning of the General Data Protection Regulation (EU-GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

HanseMerkur Reiseversicherung AG

Postfach
20352 Hamburg
Telephone: 040 4119 - 1919
Fax: 040 4119 - 3040
Email: reiseinfo@hansemerkur.de

The data protection officer of the data controller is:
Mr. Thomas Prigge
Please use the above address to contact us or send an email to: datenschutz@hansemerkur.de

We look forward to your visit to our website. We take the protection of your privacy in the collection, processing and use of your personal data in accordance with the statutory provisions very seriously, and we want you to feel secure. This privacy statement applies only to this website. It does not apply to websites linked to from this website. You can find a notice about your rights here.

Provision of the website and creation of log files.

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and version used
  • The operating system of the user
  • The user's internet service provider
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites that are accessed by the user's system via our website

The log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user arrives at the website or the link to the website to which the user goes contains personal data. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. A reference to your person could not be established by HanseMerkur without involving your provider. You can, therefore, use the "anonymous" rate calculator, for example.

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f GDPR.

Purpose of data processing: The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In cases involving the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or rendered unusable so that an assignment of the accessing client is no longer possible.

Collecting data for the purpose of providing the website and storing the data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to lodge an objection.

Purchase insurance via the website

The data given by you within the framework of the conclusion of an insurance contract will be processed for handling processes within the booking process and for any subsequent insurance pay-out process. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

  • The following customer data will be collected and saved by us:
  • Personal data (e.g. name, address, date of birth, email address)
  • Travel information (e.g. travel date, travel destination, travel price, travel booking date)
  • Payment information (e.g. account holder, IBAN & BIC / credit card number, credit card company,
  • credit card holder)
  • Date when the insurance was taken out

The legal basis for the data processing is Art. 6 (1) Sentence 1 lit. b GDPR. The processing is necessary for the conclusion and the fulfilment of the contract.

Submission of a claim via the website

The data given by you during a claim within the framework of the online reporting of a claim on our website will be processed to handle the insured event. Only data will be collected, saved and used that are absolutely necessary for the handling processes.

The legal basis for the data processing is Art. 6 (1) Sentence 1 lit. b GDPR. The processing is necessary to handle the insured event.

If special categories of personal data e.g. health data are collected, we will obtain your consent pursuant to Art. 9 (2) lit. a in conjunction with Art. 7 GDPR.

Use of cookies

Depending on the area, so-called cookies are stored on your computer when you visit the websites. Cookies are small text files in which the provider of an Internet page stores data relevant to him in order to facilitate surfing on the web page. Such a cookie cannot be read by any other website than the one that placed the cookie. HanseMerkur does not store any of your personal data in cookies. The maximum life of the cookie is 90 days. At the end of this period they are deleted automatically. A new cookie is set each time you visit the websites. If a cookie exists, the information is updated. This is equivalent to deleting and resetting the cookie.

The purpose of using cookies that are necessary from a technical perspective is to simplify the use of websites for users. Without the use of cookies we would not be able to offer some functions and features of our website. Cookies also help to recognise your browser again after you visit a different website.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

The use of advertising-related cookies is for the purpose of presenting you with tailored advertisements.

When accessing our website, users are notified by way of an information banner about the use of cookies for analysis purposes and referred to this data protection declaration. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.

How can I manage cookies?

As an Internet user, you can decide whether you want to accept cookies or reject them altogether. However, if you disable cookies, we can no longer guarantee the proper display of the website or the availability of all functions and features.

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you – as a user – also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

What types of cookies do we use?

We use four types of cookies on our website: Generally required cookies, function-related cookies, performance-related cookies and advertising-related cookies.

We use generally necessary cookies (session cookies) for the general use of our website. In this way, certain actions performed by the user are saved. These cookies are necessary for a functional navigation on the website and for the use of certain website functions. This makes it easier for the user to visit our website, as he or she can conveniently make optimal use of various areas on our site.

Functional cookies (session cookies) enable us to tailor our website to the personal preferences of our users by storing the entries and selections made, such as name, region or language settings. These preferences are valid only for our website and cannot be used by other websites.

Performance-related cookies (persistent cookies) help us measure the traffic and functionality of our website. This allows us to see which areas of our site users visit most frequently and whether any error messages appear on those pages. In this way, we create a higher user comfort for the use of our website.

We use advertising-related cookies (persistent cookies) to present the user with advertisements tailored to him or her. Likewise, we use these cookies so that we can track how often certain ads appear to a user.

Further information on session cookies and persistent cookies

Session cookies store information used during your current browser session. As soon as you close the browser, these cookies are automatically deleted. Persistent cookies store information between two visits to the website so that you are recognised as a returning user on a subsequent visit.

Basic information about cookies:

You can prevent the setting of cookies – and thus your browser from storing and collecting data – by disabling the storage of cookies in your browser.

Internet Explorer

Mozilla Firefox

Google Chrome

Safari

Opera
 

Overview of cookies used

The following cookies are used by us: To overview

Newsletter

We will send you our free sales partner newsletter only with your express consent. The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

When registering for the newsletter, the data from the input mask is transmitted to us. In addition, the following data will be collected during registration: IP address of the accessing computer and date and time of registration. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used. The legal basis for processing the data following the user's subscription to the newsletter is Art. 6 (1) lit. a GDPR. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the email address of the user will be stored only as long as the subscription to the newsletter remains active.

We have commissioned die direkten GmbH and kajomi GmbH to carry out the newsletter mailing.

Customer and product reviews

We have integrated company and product ratings on our website to give our customers the opportunity to evaluate the conclusion of an insurance policy. At the same time, we would like to improve our internal quality management. If you have explicitly clicked on the link to the customer review after completing our online booking process or online application, you will be redirected to a questionnaire at eKomi. To prevent multiple reviews, we forward an anonymised ID to eKomi. eKomi also stores your IP address. eKomi is committed to handling your transmitted data in compliance with data protection regulations and takes all organisational and technical measures to protect your data.

We also work with Trustpilot A/S (“Trustpilot”) to collect customer feedback. Therefore, we transfer your reference number. Trustpilot also gets your name and email address. If you want to know more about how Trustpilot processes your data, you can view the company's privacy policy here.

The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR. Your feedback will help us to improve this process and products for all customers on a continual basis.

Online presences in social media

HanseMerkur has an online presence in social networks and platforms. This makes it possible for us to communicate actively with our existing and prospective customers and to inform them about our services. We point out that when visiting the respective networks and platforms the terms and conditions of business and data processing guidelines of the respective operators apply.

On this website, we link to our presence on “Facebook” of Meta Platforms Ireland Limited. If you click on our link and are logged into Facebook/Instagram at the same time, this information will be assigned to your Facebook/Instagram account. The same applies, of course, if you submit comments. You can find the privacy policy here: https://www.facebook.com/about/privacy/update.

The security of your personal data when using this website

On our website, we provide a contact form and an online application, which can be used to send us a message or to take out an insurance policy directly via our website. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. The personal data that we collect through service functions and forms based on your consent to the collection, processing and use of your personal data are transmitted in encrypted form over a secure Internet connection to our computer, where they are stored and secured. The security procedure used corresponds to current technological standards (TLS or SSL). The other personal data processed during the sending is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

When you transmit your personal data – e.g. by submitting a claim notification, by using the HanseMerkur RechnungsApp (invoicing app), by making an online application, by requesting a quotation or advice and by confirming this privacy notice – you declare that you consent to the storage and processing of the data that you have submitted for the purpose of processing and responding to queries (where required) within the required scope. Depending on the matter in hand, it may be necessary to forward this data to authorised third parties, or to process it using an automated system.

Where we obtain the consent of the user to processing the data, the legal basis for data processing is Art. 6 (1) lit. a GDPR and with respect to online transactions, Art. 6 (1) lit. b GDPR. If health data are processed, this is done on the basis of Art. 9 (2) lit. a GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and that sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

The user has the option to revoke his consent to the processing of personal data at any time.

Email use

Emails that you send us through your email application may under some circumstances be unencrypted. Please check the settings in your email application or ask your email provider. On their way back to you, emails are regularly transport-encrypted (TLS). Only if transport encryption is not offered by your provider is the transmission unencrypted. As a rule, however, this form of encryption is supported by your email provider.

If you also wish end-to-end encryption (S/MIME) for your email communication, we hereby inform you that HanseMerkur uses domain keys for email encryption. You can find HanseMerkur certificates at www.openkeys.de at the following addresses:

We generally recommend secure communication using our on this website.

Service - Request documents

You have the option to request specific documents using forms on our website. Please note that we offer different forms for different purposes (e.g. copy of insurance policy or confirmation of Covid-19 travel conformation). In order to send those documents, it is necessary for you to provide us with the personal data requested in the forms. This is the only way we can correctly create the requested document and send it to the e-mail address stored for your contract.

Please note that we always send the requested documents to the e-mail address you used while booking in order to ensure that no unauthorized persons can access your information. If no e-mail address is stored for your contract, we will check whether an alternative e-mail address is stored in the customer database of HanseMerkur, which can be used as a substitute.

Please understand that, for security reasons and to protect your data, we are unable to send the requested documents to an alternative e-mail address that is unknown to us. For any queries regarding the requested documents, please provide us with your preferred e-mail address. We will use that e-mail address only to contact you for clarification. This e-mail address will not be added to our databases and of course, the e-mail address will not be passed on to third parties.

Based on your entered name, insurance policy number and date of birth, we will check whether the processing can be automated. An automated process takes place if an exact assignment has been possible without doubt based oft he entered information.

On the basis of the opt-in provided by you in the context of the document request, processing takes place on the basis of consent pursuant to Art. 6 para. 1 lit. a EU-DSGVO.

Rights

Data subjects' rights

You can request information about the data stored about you at the above address. Furthermore, under certain conditions, you may also request that your data be rectified or erased. You may also have a right to restrict the processing of your data and a right to receive the data you have provided in a structured, commonly used and machine-readable format.

Right of objection

You have the right to object to the processing of your personal data for direct advertising purposes. If we process your data to safeguard justified interests, you can object to this processing if reasons result from your special situation that argues against data processing.

Right to lodge a complaint

You have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority with a complaint. The data protection supervisory authority responsible for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
[The Hamburg Commissioner for Data Protection and Freedom of Information]
Ludwig-Erhard-Str. 22, 20459 Hamburg