impressum-bg
impressum-bg

Data privacy - statement

Information in accordance with Art. 12 ff. of the General Data Protection Regulation (GDPR) In the following, we will inform you about how we process your personal data and the claims and rights to which you are entitled under data protection regulations, in particular the European General Data Protection Regulation (GDPR). Personal data within the meaning of the GDPR is all data that can be related to you personally, e.g. name, address, email address and date of birth. We use the data protection terms used in our data protection information in the sense of the definitions of the GDPR. These include terms such as personal data, processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, company, supervisory authority and international organisation. For these terms, you can refer to the definitions in Article 4 of the GDPR.
Note on the transmission of third-party data by you:
If you transmit personal data about your spouse, life partner, relative or other third party (such as guarantors), please inform them about the processing of their personal data by us and refer them to this data protection information. It may be necessary for these persons to consent to the transmission of data.

1. Who is responsible for data processing and who can I contact?

Responsible:
MEAG MUNICH ERGO ASSETMANAGEMENT GMBH
Am Münchner Tor 1
80805 München

Please address data protection inquiries to:
datenschutz@meag.com

2. For what purposes and on what legal basis do we process your data?

We process personal data that we receive in the course of your use of our website and on the basis of an ongoing or emerging business relationship with you.
If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you visit our website for informational purposes only, we collect the following access data, which is technically necessary for us to display our website to you and to ensure its stability and security. This access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, the amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, browser type and language, version of the browser software and the message about the successful retrieval.
Furthermore, we receive your personal data if you contact us, for example, via a contact form or email. Personal data in this case includes, for example, name, address, email, telephone number and, if applicable, the data that you send us as a message (hereinafter referred to as ‘contact data’). We process personal data for the following purposes and on the following legal bases:

Implementation of pre-contractual measures at the request of the data subject, Art. 6 (1) (b) GDPR

When you contact us (using the contact form or by email), your details are processed in order to handle and process your enquiry.

In the context of the weighing of interests for the protection of legitimate interests, Art. 6 para. 1 lit. f DSGVO

We process your access data to protect our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests:

  • Ensuring IT security, in particular the security of the website;
  • Advertising or market and opinion research, provided you have not objected to the use of your data;
  • Asserting legal claims and defending legal disputes.

3. Who receives my data?

Within our company, access to your data is restricted to those departments that require it to fulfil our contractual and legal obligations. External recipients include companies in the categories of IT services for maintaining our hardware and software, logistics and mail delivery. Insofar as we use processors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
Data is passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary for contractual purposes, e.g. on the basis of Art. 6 para. 1 lit. b DSGVO, or on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO in the economic and effective operation of our business, or if you have consented to the data transfer. Under these conditions, recipients of personal data may in particular be:

  • Suppliers, IT service providers, insofar as these are not processors
  • Brokerage firms
  • Marketing companies

In the event of a contact request or contract initiation, we may pass on your data to the property owner, namely: Münchener Rückversicherungs-Gesellschaft
Aktiengesellschaft in München
Königinstr. 107
80802 München

4. How long are my data kept?

For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidential purposes is excluded from deletion until the respective incident has been definitively clarified.
Where necessary, we process and store your personal data for the duration of our business relationship, which, for example, also includes the initiation and execution of a rental agreement.
In addition, we are subject to various storage and documentation requirements, which arise, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods for storage and documentation specified there are between two and ten years. For example, we must store the rental contract containing your personal data for at least 10 years, calculated from the end of the rental contract.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years, with the regular limitation period being three years.

5. Is data transferred to a third-party country or an international organisation? The data provided will be processed within the European Union and, to some extent, in third countries, in particular the United States. In addition, we have agreed EU standard data protection clauses with recipients of your data in third countries.

6. Which data protection rights do I have?

Every data subject has

  • the right of access under Article 15 of the GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right to rectification under Article 16 of the GDPR (i.e. in the event that your personal data is incorrect or incomplete, you can request that this data be rectified),
  • the right to erasure under Article 17 of the GDPR and the right to restriction of processing under Article 18 of the GDPR (i.e. you have the right, where applicable, to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and statutory retention requirements do not necessitate further storage),
  • the right to data portability under Art. 20 GDPR (i.e. you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance).

Furthermore, you can revoke consent, generally with effect for the future. Furthermore, you have the right to file a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
In addition, we would like to draw your attention to your right to object according to Art. 21 GDPR:
Information about your right to object under Article 21 GDPR:
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6 para. 1 lit. f DSGVO (data processing based on a balance of interests); this also applies to profiling based on this provision within the meaning of Ar. 4 no. 4 DSGVO, which we use for questionnaire evaluation or for advertising purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. The objection can be made without observing any formal requirements and no costs will be incurred other than the transmission costs according to the basic rates. The objection is to be addressed to the contact details given above.

7. To what extent does automated decision-making, including profiling, take place in individual cases?

We do not use automated decision-making in accordance with Art. 22 GDPR. We also do not process your data in an automated manner with the aim of evaluating certain personal aspects (profiling).

8. Am I obliged to provide data?

Within the framework of our website, you must provide the personal data that is technically or for IT security reasons necessary for the use of our website. If you do not provide this data, you will not be able to use our website. When contacting us using a form or by email, you only have to provide the personal data that is necessary for processing your request. Otherwise, we will not be able to process your request.