The following privacy notice applies to visits to the www.ergo.de website, where you will find information on products and services.

This website contains links to third-party websites (external links). These websites are subject to the liability of the respective operators. Should you notice any links on our websites that direct to websites with content that breaches applicable law, please notify us by sending an email to

info@ergo.de

We will then remove such links from our websites without delay. The providers assume no liability whatsoever for the up-to-dateness, correctness, completeness or quality of the information provided.

The controller for data processing on the www.ergo.de website is
ERGO Direkt AG
Karl-Martell-Strasse 60
90344 Nuremberg

Tel.: 0800 666 9000
Email: beratung@ergo.de

Detailed information on data processing when you visit our website can be found under “Visiting the website”.
The controller for data processing in relation to the products sold on this website is the respective risk carrier. Contact details can be found under “Services contact information”.
Detailed information on data processing as part of the insurance relationship can be found under “Information for prospects and insurance customers”.
Where websites and apps direct to this website, the above-mentioned data controller for visits to the www.ergo.de website is responsible.
Where the www.ergo.de website directs to other websites, the provider of those sites is the controller under data protection law.

Should you have any questions regarding data privacy, please contact ERGO’s Data Protection Officer.

He can be reached under the contact details of the controller or by email at:
datenschutz@ergo.de.

Under the EU GDPR, you can assert the following rights against the controller:

• Right of access to the data processed (Art. 15)
  
• Right to rectification of inaccurate data or completion of incomplete data (Art. 16)
  
• Right to erasure of data that has been unlawfully processed or is no longer required (Art. 17)
  
• Right to restriction of processing (Art. 18)
  
• Right to object to processing which the controller bases on the safeguarding of a legitimate interest (Art. 21)
  
• Right to data portability (Art. 20)
  
  If you have consented to processing (Art. 6(1)(a) or Art. 9(2)(a)), you have the right to withdraw that consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out up to that point.
  
  If you wish to complain, please contact the Data Protection Officer or the data protection supervi-sory authority responsible for the controller. You will find this in the respective legal entity’s infor-mation sheet on how your data is used under “Information for prospects and insurance customers”.
  
  The responsible authority for the controller of the www.ergo.de website is:

Data Protection Authority of Bavaria for the Private Sector (BayLDA)
Promenade 18
91522 Ansbach

ERGO uses the latest techniques for holding dialogues with you and safeguarding your data.

What measures do we take to protect your data?

We take appropriate state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.
To protect your details, we use SSL (secure socket layer) encryption for the dialogue forms or contact forms on our web pages. This SSL connection protects your data against unauthorised third-party access during transmission. For your own security, please always use these dialogue forms.

If you send us unencrypted data in a normal, unsecured email, it is possible for your data to be viewed or amended by unauthorised persons during transmission via the internet.

Security of your data in the customer portal

(1) You sign into the customer portal with your personal login details (username and password).

(2) We have taken the following security measures:

• Additional authentication for certain business transactions by means of a mobile transaction authentication number (mTAN).
• SSL encryption for communication via “My Insurance Policies”.
• Automatic checking of password security (compliance with password restrictions).

(3) You can contribute to the security of your data through a responsible approach to login data. Please note the following:

• Change your password regularly, and also as soon as you have the slightest suspicion that it may have been compromised. Regardless of this, we recommend that you change your password every year.
  
• Don’t use any unfamiliar systems, e.g. in a hotel or internet café, to carry out transactions in “My Insurance Policies”.
• Always end “My Insurance Policies” sessions with the logout button.
• Look out for anomalies in the appearance of our website.
• We will never ask you for confidential information such as your password.
  

In the case of anomalies, please contact our Customer Service Centre on the following number: 0800 3746 016.
 

On our website, you can find out what products and services we offer without entering personal data. Should data be collected without any action on your part, this will happen either on a statistical and anonymous basis, or you will be informed about it in advance and your consent will, if necessary, be obtained.

To use services on the basis of your individual needs, it will in most cases be necessary for you to provide information such as your postcode, circumstances (single, married, children, church tax liability) or housing situation (renter, owner-occupier, number of square metres). These details are only saved while you are visiting a website.

You can in principle find out about financial and insurance products without providing personal details. However, in order to calculate the correct insurance premium for you, we will of course ask you for the necessary details, such as age, height, weight, habits (smoker/non-smoker), type of car, mileage. To save you having to enter details twice, details you have given during a visit to the website are displayed again.

Obtaining insurance quotes

If you request a binding quotation for an insurance policy or a financial product, you will need to provide personal identifying details (surname, first name, address, contact details). These details will then be saved at ERGO Direkt AG for 180 days, together with other price- and risk-relevant details for that quote (date of birth, living/housing situation, etc.).

Applying for and taking out insurance online or accepting insurance quotes

If you apply for or take out insurance online, your bank details for making payment will also be saved, and possibly other attributes such as your IP address for identification purposes.

These details are transmitted to the ERGO insurance companies, where they are saved as application data and used to create the insurance contract and for future contract and customer support. 
Similarly, details of insurance quotes that you accept and lead to a contract are saved and processed.

Cookies are small files that are stored on your computer and control the display and operation of our website.

Some cookies are technically necessary for communication via the internet and the website as such to work properly. These cookies are deleted when the dialogue ends.

For all cookies that are not technically necessary, we obtain your consent. We do this via the OneTrust consent tool, which is provided by our service provider ITERGO.

We use cookies for usage statistics and to continually improve our website (analytics), as well as to optimise our advertising with our partners (third-party cookies). You are given detailed information about these cookies within the consent tool.

Below we inform you in accordance with Article 13 GDPR about the service providers and procedures we use to collect data and provide information on

• the purpose,
  
• the scope,
  
• the legal basis,
  
• the period of storage,
  
• the storage location,
  
• any transfer and
  
• the controller

of the data processing.
 

This section provides information on data privacy in your role as a prospect, in your role as a customer, as well as on the service providers we use and the embedding of our privacy policy in the insurance industry’s agreements with the supervisory authorities.

7.1. Contact as a prospect with agencies or ERGO Direkt AG 

To obtain information on ERGO’s products and services, you can either contact an agency or get in touch with ERGO Direkt. 

In each case, you will be dealing with our own officers, who will take care of data privacy for you. See also the information under “Communication” in this connection.

7.1.1. What data must be provided and what is processed? 

You are not obliged to provide personal data for an informal chat or to use our websites. However, there are services for which our officers will need personal information from you, for example in order to send you information or a newsletter. Without this data, we cannot provide the services required. In each case, we collect only the data that is actually necessary.

7.1.2 For what purposes and on what legal basis do we process the data provided? 

We process the data you provide in order to handle your enquiry.

Requests for advice and product information

If, when circumstances require, you leave contact details in order to receive advice on specific topics, or because you would like to receive further information on advertised products, we base the processing on your and our legitimate interest in answering your enquiry pursuant to Art. 6(1)(f) GDPR. 

Enquiries for concluding and implementing an insurance contract

If you would like to take out insurance with ERGO, the ERGO adviser or ERGO Direkt and the insurer will need your data to negotiate and conclude the contract (and for an identity check where required) and to assess the risk that is to be assumed. 

If the insurance contract comes into being, the insurer will process this data to issue your policy or send you an invoice. The insurer needs details of claims and payments made in order to assess precisely what cover you have taken out and what payments you have received under that cover. It is not possible to negotiate, conclude or implement an insurance contract without processing your data. The data is processed on the basis of Art. 6(1)(b) GDPR in order to carry out pre-contractual measures or fulfil a contract. 

7.1.3. How long do we save your data?

Our officers delete your personal data as soon as it is no longer required for the purposes mentioned above. This situation will occur regularly due to statutory record-keeping and retention requirements governed, inter alia, by the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention periods according to these are generally up to ten years. It is also possible that personal data may be saved for the period in which claims can be made against you (statutory limitation period of three or up to thirty years). Additional information, where relevant, may be found in association with the individual data processing operations.

7.2. Insurance customer

Below you will find information on how your data is dealt with when you make an insurance application, have taken out insurance, make a claim, or the contract is terminated.

7.2.1. Use of your data 

Under the GDPR, there are statutory duties to provide information as soon as and insofar as personal data is collected from you for processing. Insurance applications, in particular, therefore contain relevant information on the specific use of your personal data. You can access individual selected versions of information on how your data is used (in German) below:

Information sheet on how your data is used by ERGO Vorsorge Leben

Information sheet on how your data is used by ERGO Leben

Information sheet on how your data is used by Victoria Leben

Information sheet on how your data is used by ERGO Pensionsfonds

Information sheet on how your data is used by ERGO Pensionskasse

Information sheet on how your data is used by ERGO Krankenversicherung AG

Information sheet on how your data is used by DKV

Information sheet on how your data is used by ERGO Kraftfahrt

Information sheet on how your data is used by ERGO Hausrat Wohngebäude Privathaftpflicht

Information sheet on how your data is used by ERGO Rechtsschutz

Information sheet on how your data is used by ERGO Schutzbrief

Information sheet on how your data is used by ERGO Unfall

Information sheet on how your data is used by ERGO Individualgeschäft

Information sheet on how your data is used by ERGO Direkt Versicherung AG

Information sheet on how your data is used by ERGO Annex

Information sheet on how your data is used by ERGO Reiseversicherung

Information sheet on how your data is used in a monthly access account contract

Information sheet on how your data is used for alternative account holders

Further information on the “HIS” centralised database for medical and non-medical substandard risks used by the insurance industry can be found here:

Information on HIS - Query

Information on HIS - Registration

Further information on the credit agencies we obtain information from can be found here:

Infoscore information sheet on Art. 14 EU GDPR ICD customer

The relevant version for the respective insurance application or contract is handed out with the insurance application.

7.2.2. Are automated individual decisions or profiling carried out?

Where in an individual case the insurer uses purely automated processing operations to reach a decision, including profiling, the insurer will inform you of this in the respective application.

7.3. List of service providers 

The insurers keep a list of all the service providers that may work for you as part of a contract. The obligation to keep this list arises from the new declarations of consent and release from the duty of confidentiality, as well as from the new code of conduct (Data Privacy Code of Conduct) agreed between the German Insurance Association (GDV) and the data protection supervisory authorities. The aim of this list is to create transparency about the processing of your data. The list specifies the service providers that collect, process or use health data and/or other personal data as agreed on behalf of ERGO insurance companies. The service providers are mentioned specifically if their main task is collecting, processing and using personal data. This includes ERGO Group AG, for example. Service providers whose main task does not involve the processing of personal data, for example companies that dispose of paper waste and computer storage media, are only mentioned in service categories. The same goes for service providers that work for ERGO only occasionally. You can opt out of having your data transferred to the service providers mentioned on the list on a case-by-case basis, stating the reasons. We will then consider whether, because of your particular personal situation, your legitimate interest in excluding transfer prevails. Please note that all of ERGO’s service providers are mentioned in the list. However, this doesn’t mean that your data is, in principle, shared with all the service providers. ERGO Group AG, ITERGO Informationstechnologie GmbH and ERGO Direkt AG, as the ERGO companies’ internal service providers, are generally the ones tasked with collecting, processing and using personal data.

You will find ERGO Direkt AG’s list of service providers here.

You will find ERGO’s service providers here.

You will find DKV’s list of service providers here.

You will find ERGO Reiseversicherung’s list of service providers here.

7.4. Declaration of consent and release from the duty of confidentiality 

Since 1 January 2013, ERGO’s German insurance companies have been using new declarations of consent and releases from the duty of confidentiality in their applications, enquiries and enrolment declarations. The declarations used have been standardised between the German Insurance Association (GDV) and the data protection supervisory authorities. They offer you even more transparency in the way your personal data is handled. You will find a specimen here.

7.5. Code of Conduct for the handling of personal data by the German insurance industry (Data Privacy Code of Conduct) 

ERGO’s German insurance companies adopted the “Code of Conduct for the handling of personal data by the German insurance industry” (Data Privacy Code of Conduct) on 1 March 2013. The Data Privacy Code of Conduct governs the collection, processing and use of your personal data. This Code of Conduct was agreed between the German Insurance Association (GDV) and the data protection supervisory authorities.

The German federal and state data protection authorities have confirmed that companies which follow the Code of Conduct thereby ensure that the requirements of the General Data Protection Regulation are put into concrete form for the insurance industry in a sector-specific way.

You will find the Code of Conduct for the handling of personal data by the German insurance industry here. We will be happy to provide you with the text in paper form too. You can request this by phone on the freephone numbers 0800 3746 000, or by email at info@ergo.de and datenschutz@ergo.de.

Here you will find information on how ERGO communicates via the various channels, what data is produced as a result, and how it is handled.

Besides the communication channels described below, some information and services are also provided by your agency and are its responsibility. 

If you contact your agency owner direct, without using ERGO systems, the data transferred will then be beyond ERGO’s control. Examples: 

• WhatsApp communications via your agency’s number, as well as other messenger services such as Facebook Messenger
• Your agency’s Facebook Page
• Email communications to email addresses not ending in “ergo.de”

For information in this regard, please contact your agency owner.

8.1. Written communication

In the vast majority of cases, correspondence sent to ERGO is digitised (scanned) immediately upon receipt and forwarded electronically to the relevant department.. There, the digital document is stored for as long as its purpose or statutory retention requirements require. The original document is destroyed in line with data privacy legislation after a waiting period of 30 days.

8.2. Email correspondence

ERGO uses the email address you provide to send you a reply with the information requested. However, ERGO only sends personal or confidential information once it has been encrypted, or, should this not be possible, by post. If the content of your message relates to a contract, ERGO will archive the email. The email address will be saved exclusively for corresponding with you and will not be shared with third parties.

You will not receive any unsolicited emails from ERGO, so if ever you do receive an unsolicited email that purports to be from ERGO, it is fake and should be deleted. Before sending ERGO an unencrypted email, please remember that on the internet its contents are not protected against unauthorised access or falsification. Consequently, we would recommend that you send any message to ERGO using the contact form indicated on our website.

8.3. Privacy notice in relation to voice recording during telephone contact with ERGO Direkt AG

This privacy notice informs you who is responsible for voice recording on the phone, when and for what purpose voice recording is carried out, and what rights you have as the data subject. The privacy notice applies to phone contact both by you with ERGO Direkt AG and by ERGO Direkt AG with you. The company responsible for processing the data is ERGO Direkt AG, Karl-Martell-Strasse 60, 90344 Nuremberg.

You can reach the Data Protection Officer at this address – by adding the words “Data Protection Officer” – or by email at datenschutz@ergo.de.

We use call recordings (voice data) and the resulting text files (transcripts) to derive your wishes and requirements from the information you provide. We also store technical call data such as the phone number, the start of the call, the end of the call and the call duration.

If, before or during the call, you agree to it being recorded, we will use the information and data obtained for the following purposes:

8.3.1. Training and quality assurance

We analyse some calls with regard to customer communication, compliance with company standards and optimisation potentials. The results are discussed with the member of staff concerned. In individual cases, certain parts of the telephone call are referred to for this purpose. This is used for training our staff. The aim is to constantly improve communication with our customers, so that we can offer them a better quality of service and advice.

8.3.2. Individual analyses

We analyse individual calls with regard to relevant information about you as an individual. This information also helps us to offer you an optimised quality of service and advice. Here, a high-quality approach that is relevant (only of interest to you) is of particular importance to us. This means that, in future, we want to speak to you in a more individual and targeted way and avoid offering services and products that are not relevant to you.

8.3.3. Statistical analyses (cumulative)

In collaboration with research projects, we carry out statistical analyses of all the calls recorded. In this way, we identify significant and relevant accumulations of words (call categories) which provide information on our customers’ wishes and needs. These analyses are carried out with anonymised data.

8.3.4. Documentation and erasure of data

We save the call recordings (voice data) and resulting text files (transcripts) for documentation purposes. All call recordings are deleted after 13 months at the latest, or even before then, if you have withdrawn your consent. The text files produced are anonymised and permanently processed for analysis purposes.

The legal basis for the processing of personal data is your consent. We obtain this for call recording and call documentation, as well as for the subsequent individual analyses of calls. There is no requirement for you to provide data or give your consent to the recording of calls. If you are not in agreement with the recording and further use of the call, we will of course take that into account.

If necessary, we make written notes on the course of the call. These notes are used to document the content of the call. The data collected is processed and used only by internal departments of ERGO Direkt AG and is not shared with third parties.

You have the right of access to, rectification, erasure and restriction of, and objection to the processing of data, as well as a right to data portability. If you would like to make use of your rights, please contact the address mentioned above.

If you think that the processing of your data breaches data protection law or that your data protection rights have been violated, you can also complain to the competent supervisory authority. The competent data protection supervisory authority for us is: Data Protection Authority of Bavaria for the Private Sector (BayLDA), Promenade 18, 91522 Ansbach.

8.4 Social networks 

The websites and our apps use social plug-ins of several social networks, including Facebook, Twitter, Google+ and the like. The plug-ins are marked with a logo or with the add-on “social plug-in”. If you access one of our website pages or an app containing such a plug-in, these plug-ins can create direct links to the social network and could transmit data. The plug-in, your browser and the social network will then all communicate with one another.

Through the integration of the plug-ins, the social networks receive the information that you have accessed a particular page on our website. If you are logged into the social network at the time, it can attribute the visit to your social network account. If you interact with the social plug-ins, for example by clicking the “Like” button or making a comment, this information is transmitted directly to the social network and stored there in accordance with the respective social network’s policy.

For information on the purpose and scope of the data collection and the further processing and use of the data by the social network, as well as your rights in this regard and setting options for protecting your privacy, please refer to the relevant social network’s privacy notice. If you don’t want social networks to know about your visit to our websites, you will need to log out of the social networks before visiting our website or using our app.

8.5 Voice assistants

If you use a voice assistant via a device with a built-in microphone (e.g. Amazon Echo, Google Home), your audio recording will be processed via the apps installed there (e.g. Amazon Alexa, Google Assistant). In particular, your complete audio recording and your use of the voice assistant are then processed both on your device and on those manufacturers’ servers. Their Terms of Use and Privacy Notices apply:

Amazon Alexa Privacy Notice

Google Home Privacy Notice

If you use these voice assistants to contact us, obtain general information, information relating to a specific contract, or quotations (“voice services”), the provider of the voice assistant in question passes information to us. This is necessary if we are to be able to respond to your enquiry. However, we only receive the content of your enquiry, not the voice recording itself. This is retained in your user account of the relevant voice assistant where you can manage it (in particular delete it).

We only receive your location or email address if this is necessary to respond to your enquiry and you have granted us access to this information when speaking to the voice assistant.

If you want to use an existing user account (e.g. Amazon Login) to use one of our voice services, we only receive information from this account if you have previously given your express consent. The legal basis is then your consent as per Art. 6(1)(a) GDPR. If you also agree to the use of the payment functions of one of your existing user accounts (e.g. Amazon Pay) in our voice service, then we only receive your contact and address data for the payment from the payment service provider but not your bank details. Otherwise, all we receive is what is known as a “token”, which is needed for technical reasons so that you can sign in with us using the existing user account and then pay without giving us login details. The legal basis for this data processing is therefore both your contract with us, Art. 6(1)(b) GDPR, and the legal obligation to specify the service recipient in invoices, Art. 6(1)(c) GDPR in conjunction with Section 14(4) of the German Value Added Tax Act (UStG).

Finally, we also receive a number (called an ID) so that we can pass the answer to your enquiry to your voice assistant. This ID is linked to our service in the voice assistant but not to you as a person. In this way, the information you requested (e.g. quotations, general information or information about a contract) can be sent to you again via the voice assistant manufacturer’s servers and systems and your device, so that you can receive it as a voice message or text message. We can only attribute this ID to you personally if the content of your voice recording contains unambiguous information about you (e.g. name, contract number).

The legal basis for this data processing is the pre-contractual information provided to you or the contract with you, Art. 6(1)(b) GDPR.

We also process data with the help of the Adobe Analytics service. The legal basis for this is our legitimate interest in accordance with Art. 6(1)(f) GDPR. In this respect, the remarks concerning Adobe Analytics (see section 6.2 above) apply accordingly.

If you delete the ID that is allocated to our service, we can no longer attribute your enquiry and its answer to any device and person. This does not apply, however, if you yourself have passed personal information to us via the voice assistant. In general and in principle, we process the above personal information only for as long as is necessary for us to deal with your enquiry. If your enquiry relates to a contract or a contract proposal, our retention periods set out in section 2.11 above apply.

8.6. Text chat on ERGO.de

ERGO.de offers you the possibility of communicating via live chat. 

Your consent to storage of the resulting data is obtained at the start of the communication. Your rights as a data subject apply in the same way and to the same extent as described under “Your rights”.

Controller: ERGO Direkt AG, 90344 Nuremberg

Data processed: communication metadata (time, duration), communication content data, identification data (if exchanged)

Purpose: communication with prospects and customers, obligation to provide proof of the contents

Legal basis: consent (Art. 6(1)(a) GDPR)

Recipients/transfer: does not take place

Retention period at ERGO Direkt AG: maximum of 180 days

8.7. Use of WhatsApp

WhatsApp is a service of WhatsApp Inc., which is in turn part of Facebook Inc. ERGO uses this external application exclusively as a service channel. ERGO is in no way responsible for the content and data shared, uploaded and processed via WhatsApp outside its own ERGO network. For this, the WhatsApp Privacy Policy applies.

Please carefully read through WhatsApp’s Privacy Policy before using WhatsApp since, by using WhatsApp, you automatically agree to that policy. When you write us a message via WhatsApp, you send us your phone number. We only use the number to communicate with you via WhatsApp. We use the chat content only to process your enquiry. Please observe the WhatsApp Terms of Use, on which we have no influence: If you install and use WhatsApp on your mobile phone, you agree to the WhatsApp Terms of Use. These include, amongst other things, that you grant WhatsApp Inc. access to your telephone number and the contacts stored on your phone. We don’t reply to personal or confidential questions (i.e. with content relating to personal data) via WhatsApp. You should therefore provide an email address or phone number for such questions.

Important: ERGO will never ask you to share personal data with us via WhatsApp. If we need your data, one of our staff will tell you what options there are for exchanging data, for example a secure contact form.

8.8 Privacy notice in relation to the comments function in the ERGO blog 

If you want to write a comment in our blog, we need your name and email address to check your identity. Your email address isn’t published and nor is it shared with third parties. In the blog, only your (nick)name and the comment you have written are published.

8.9 Privacy notice for visitors and in relation to video surveillance at the ERGO locations

• Nuremberg
  
• Hamburg
• All other locations

The “My Insurance Policies” customer portal (hereinafter “My Insurance Policies”) is an offering of ERGO Group AG1 and ERGO Direkt AG2 for their insurance customers. ERGO Group AG and ERGO Direkt AG are hereinafter called “ERGO”.
Once you have registered for “My Insurance Policies”, we provide you with information on your policies and claims, as well as your post in electronic form. You can manage your insurance policies with ERGO companies online in “My Insurance Policies”. We take particular care when handling your personal data, especially health data.
This is to inform you about how your personal data is processed in the customer portal. We also provide you with information on the security of your data.
1 ERGO Versicherung AG, ERGO Vorsorge Lebensversicherung AG, ERGO Lebensversicherung AG, DKV Deutsche Krankenversicherung AG, MEAG Munich ERGO AssetManagement GmbH
2ERGO Direkt AG is the central service provider of the ERGO Direkt companies and ERGO Krankenversicherung AG and processes any personal data on their behalf.

9.1. One customer portal for all policies

(1) If you have several policies with ERGO Group insurers, you can manage these in a single customer portal.
(2) There is no change to the processing of your personal data in the respective portfolio systems.

9.2. Information on the processing of your data in the customer portal

9.2.1. Controller for data processing

ERGO Group AG
ERGO-Platz 1
40198 Düsseldorf
Phone: 0800 3746-016
Email address: info@ergo.de

ERGO Direkt AG
Karl-Martell-Strasse 60
90344 Nuremberg
Phone: 0800 44-1000
Email address: beratung@ergo.de

You can contact our Data Protection Officer at the above address and the email address: datenschutz@ergo.de.

9.2.2. Purpose of data processing

In “My Insurance Policies” you have the possibility of managing your policies and using numerous services. In order to be able to make these available to you, we process your data and forward it to the insurance companies’ relevant departments. This includes:

• Personal data:
  Personal data includes, for example, master data, quotation and policy data, communication data, customer portal and usage data, as well as claims and payment data.
  You also have the possibility to store third-party policies in your policy overview as well. For this, you have to enter the third-party policies yourself, specifying the type of insurance, the insurer, when the policy was taken out, and the plan name. The data is only stored and is not further processed without your consent.
  If we receive information about you via third parties, we display this data in “My Insurance Policies”.
• Services:
  We need the data collected in order to be able to provide you with the service and implement the desired changes, notifications, requirements, etc. We pass on your data to the insurance companies’ relevant departments for processing. You also have the possibility of uploading various documents in different data formats, for example in order to report a loss, submit invoices or photos or the like. If you use such a self-service feature to upload documents, the data is processed by ERGO. It is automatically forwarded for further processing to the relevant department of the individual insurance company responsible.
  
  

9.2.3. Legal basis

(1) The legal basis for this processing of personal data for pre-contractual and contractual purposes is Art. 6(1)(b) GDPR. Insofar as specific categories of personal data, e.g. your health data, are necessary, we will obtain your consent in accordance with Art. 9(2)(a) GDPR in conjunction with Art. 7 GDPR. If we create statistics with these data categories, this will be done on the basis of Art. 9(2)(j) GDPR in conjunction with Section 27 of the Federal Data Protection Act (BDSG).
(2) We also process data to protect our legitimate interests or those of third parties (Art. 6(1)(f) GDPR). This can be necessary, for example,

• to ensure IT security and IT operations,
• to prevent and investigate criminal offences; in particular, we use data analysis to identify signs that could indicate insurance fraud.
  (3) We also process your personal data to comply with legal obligations such as regulatory requirements, retention requirements under commercial and tax law, or our duty to provide advice. In such cases, the relevant legal regulations in conjunction with Art. 6(1)(c) GDPR form the legal basis for the processing.
  (4) Should we wish to process your personal data for a purpose not listed above, we will inform you of this in advance.

9.2.4. Adobe Analytics and cookies

For the use of Adobe Analytics and cookies, see the information under “Visiting the website”.

9.2.5. Data subject’s rights

See the information under “Your rights”.

9.2.6. Categories of recipients

The recipients of the data collected are: ERGO advisers, relevant departments of ERGO, cooperation partners and service providers in accordance with the legal basis and your consent.

9.3. Information on the security of your data in the customer portal

(1) You have the possibility to register and sign in using a username and password.
(2) We have also taken the following security measures:

• Additional authentication for certain business transactions by means of a mobile transaction authentication number (mTAN).
• TLS encryption for communication via “My Insurance Policies”.
• Automatic checking of password security (compliance with password restrictions).

(3) Security can also be increased primarily through a responsible approach to login data. In this respect, we would draw your attention to the following:

• Change your password regularly.
• Don’t use any unfamiliar systems, e.g. in a hotel or internet café, to carry out transactions in “My Insurance Policies”.
• Always end “My Insurance Policies” sessions with the logout button.
• Look out for anomalies in the appearance of our website.
• We will never ask you for confidential information such as your password.

In the case of anomalies, please contact our Customer Service Centre on the following number: 0800 3746 016.
If you have further questions about data privacy, please contact us via datenschutz@ergo.de.

9.4. Additional privacy notice for use of the ERGO app

The following privacy notice supplements the previous one in relation to use of the ERGO app.

9.4.1. Simplified login (PIN and fingerprint)

(1) In the app you have the possibility of logging in more easily and yet securely for “My Insurance Policies”. To do this, you can replace your username and password with a PIN or a fingerprint. That way, you permanently store your login details on your device. Your PIN or fingerprint is stored on the device in encrypted form until you disable the feature.
(2) You can delete the stored PIN and fingerprint by turning off the feature or deleting the app.

9.4.2. ERGO adviser search

(1) You can use the ERGO app to search for an ERGO adviser near you. To do this, you can enter your postcode, or we can retrieve your current location via GPS. We obtain your consent separately before accessing your device’s location. Your location data is only used to process your enquiry and is transmitted via an encrypted link.
(2) You can withdraw your consent to location access at any time in your operating system’s settings.

9.4.3. ERGO Rechtsschutz callback form

(1) We use the data you enter in the callback form to provide you with the service and to be able to perform it. We process your personal data in compliance with the EU General Data Protection Regulation and all other relevant laws.

9.4.4. Tracking/Adobe and Cookies

(1) Use of Adobe Analytics in the ERGO app: Adobe Systems stores the information collected in our ERGO app (data on usage behaviour – including origin and page views) within the European Union. If you are not in agreement with this, you can of course opt-out of the collection and storage of your data in the app settings.
(2) Our customer portal uses cookies in accordance with Section 15(3) of the German Telemedia Act (TMG). These are small text files that are stored on your device and accessed by your browser. The cookies we use are technically necessary in order to provide you with access to the customer portal. No processing of personal data is involved. The use of cookies increases the user-friendliness and security of your customer portal. If you access another website via the customer portal, the operator of that site is responsible for the cookies.

If you have further questions about data privacy, please contact us via datenschutz@ergo.de.