DATA PROTECTION NOTICE
1 OVERVIEW
With this data protection notice, we would like to inform you about what personal data we process in what way and for which purposes. The following information relates to the use of our website (www.bgib.com) and, to some extent, also to other aspects of our business.
The term “personal data” refers to all data that may be attributed to you personally, like your name, your e-mail address or your date of birth. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and all other applicable data protection laws.
Controller of the data, that is the body which determines the purposes and means of the processing of personal data, pursuant to Article 4 (7) GDPR is
Besso Grimme Insurance Brokers GmbH
Alstertor 17
20095 Hamburg
We have appointed an external data protection officer. You can contact the data protection officer at datenschutz.besso@two-towers.eu or by mail at Two Towers Consulting GmbH & Co. KG, Hohenzollernring 51, 50672 Koeln, Germany. Should you wish to contact the data protection officer using encrypted communication feel free to first request the S/MIME key from the e-mail address given.
2 DATA PROCESSING ACTIVITIES
2.1 Visiting our website
When visiting our website, we will record some basic connection data sent by your browser to our server for technical reasons. This information is necessary to display the website properly, to provide a stable connection and to protect ourselves against abuse of and damages through compromise of our IT-systems (cyber-crime). This basic connection data comprises
- IP address
- Time and data with time zone difference to UTC (coordinated universal time)
- Type of browser, browser version and browser language
- Operating system
- Internet Service Provider (ISP)
- Volume of transferred data
- Referrer (the internet site which sent you to us)
- The sub pages you visit on our website
The legal basis for processing of this data is our legitimate interest pursuant to Article 6 (1) lit f GDPR. We have a legitimate interest to make our website available for its users and to make it secure in order to prevent damages to the company.
Cookies
We use cookies on our website. Cookies are small text files that are placed on your computer by websites that you visit. Cookies cannot execute any programs or carry malware. Cookies enable us to glean information on the use of our website and to make our website more efficient and user-friendly.
On this website, we inter alia use transient cookies. Transient cookies are deleted automatically once you close your browser. The most common form of transient cookies are session-cookies. Session-cookies store a session-ID enabling our website to attribute different actions performed by your browser to the same session. This enables our server to recognize your browser when you return to our website. Session-cookies are automatically deleted once your close your browser or you log out of an account.
You can delete cookies at any time using the respective setting in your browser. You can also configure your browser settings in a way that no cookies can be stored. If you deactivate cookies in general, some functions of our website might become unavailable to you.
The legal basis for the use of cookies is Section 25 (2) no. 2 Telecommunications-Telemedia Data Protection Act (TTDSG) (for technically required cookies) in connection with our legitimate interest pursuant to Article 6 (1) lit f GDPR. We have a legitimate interest to optimize our website for its users as part of our customer service. For other cookies whose use requires your consent according to Article 6 (1) lit a GDPR, please see below under “Google Analytics” and “Google Maps”.
Google Analytics
If you have consented to the use of Google Analytics via the cookie banner, Google Analytics 4 is used on this website. Google Analytics is a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses cookies that enable a data traffic analysis for our website. This data helps us to improve our service for you, e.g. with regard to the content of our website. The data collected by means of the cookies about your use of this website is typically transmitted to and stored on a Google-server in the USA.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- clicks on external links
- internal search queries
- interaction with videos
- file downloads
- seen / clicked ads
- language setting
- your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
Google will use this information on our behalf and on the basis of a contract for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing activities.
For the USA, the European Commission adopted its adequacy decision on 10th July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.
The data sent by us and linked to cookies will be automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
The legal basis for this data processing is your consent pursuant to Art. 6 (1) lit. a DSGVO.
Consent withdrawal: You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing on the basis of the consent until the withdrawal remains unaffected.
You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
a. Not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics HERE.
For more information on Google Analytics terms of use and Google's privacy policy, see Privacy & Terms – Google
Google Maps
If you have consented to the use of Google Maps via the cookie banner, Google Maps, a map service of Google LLC, is used on this website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
This allows us to show you interactive maps directly on the website and enables you to comfortably use the map function, navigate to and find our business premises more easily. We regard this part of our visitor and customer service.
Google servers are located in data centers around the world. However, most servers are located in America. For this reason, your data may also be stored in the USA. For the USA, the European Commission adopted its adequacy decision on 10th July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.
By using Google Maps, data is transmitted to Google and stored on Google servers. Through your visit to the website, Google receives the information that you have called up the corresponding sub-page of our website. We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or information on the deletion of the data collected. The data processing takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, you must contact Google to exercise this right.
For more information on the purpose and scope of data collection and processing, please refer to Google's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: Privacy & Terms – Google
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.
Consent withdrawal: You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing on the basis of the consent until the withdrawal remains unaffected.
2.2 Contacting us
You can get in touch with us by mail, e-mail, the website’s contact form or by telephone.
Contact via contact form
When you send us enquiries via the contact form on this website, your details from the enquiry form, including the contact data you provide, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The data entered in the contact form is processed either to prepare contractual measures in accordance with Art. 6 (1) lit. b DSGVO or on the basis of our legitimate interest in responding to the enquiry (Art. 6 (1) lit. f DSGVO).
The data entered by you in the contact form will remain with us until you request us to delete it or the purpose for which it was stored ceases to apply (e.g. after your enquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
Contact by e-mail or telephone
If you contact us without using the contact form provided, i.e. by calling us or writing an e-mail, the personal data you provide in the course of this contact will be processed to answer your request. The same conditions apply as for contacting us via the contact form. The legal basis is either to prepare contractual measures in accordance with Art. 6 (1) lit. b DSGVO or our legitimate interest according to Art. 6 (1) lit. f DSGVO. Our legitimate interest is to be able to comply with your request for contact and to respond to any queries.
The data provided by you when contacting us will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your enquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
2.3 Direct marketing
It is possible that we collect and process publicly available data for the purpose of advertising our products and services, such as the names and business addresses of managing directors or department heads, in order to send them information about our products and services by post. In doing so, we only process the personal data of those persons whom we assume have a particular interest in our products and services due to their position in the company or the industry.
The legal basis is our legitimate interest according to Art. 6 (1) lit. f DSGVO. The legitimate interest is to publicize and advertise our company and its products and services as part of business development measures to persons whose activity profile suggests an interest in them.
Objection: If you do not wish to receive advertising from us, you can object to the further use of your data for advertising purposes at any time by using the contact details provided above.
2.4 Job applications
If you apply for an open position at BGIB or if you make a speculative application, we will process your data to carry out our recruitment procedures.
Should we hire you, we will store your application data to fulfil the employment contract requirements. Should we not hire you, we will delete your data after three months following our rejection letter, as long as no other legitimate interests are affected or unless you have consented to longer storage.
Otherwise, we will delete all your application documents and data three months after rejection, provided that this deletion does not conflict with any other legitimate interests or you have consented to a longer storage period.
Legal basis for the processing of your application data is Art. 6 (1) lit. b GDPR.
2.5 Data transfer to third parties
We may share personal data with generally EU-based third parties, namely the insurers whose insurance we broker, co-brokers or service providers. We also share personal data with our affiliates (primarily our parent company Besso Group Insurance Limited, which is part of the UK-based Ardonagh Group), or business partners (e.g., co-brokers) or with public authorities (primarily the Federal Aviation Authority and, where applicable, foreign equivalents).
Your data will usually only be processed within the European Union and countries within the European Economic Area (EEA). As we are part of a UK group of companies, data may also be transferred to the UK, which has been determined by the European Commission to have an adequate level of data protection. Where a country to which we transfer your data has not been determined by the European Commission to have an adequate level of data protection, we ensure that appropriate assurances to protect your information are in place, e.g. so-called EU standard contractual clauses.
We will only transfer your personal data to third parties, if at least one of the following applies:
- You have given your explicit consent pursuant to Article 6 (1) lit a GDPR.
- The transfer is necessary to perform a contract with you pursuant to Article 6 (1) lit b GDPR.
- There is a legal obligation to forward the data pursuant to Article 6 (1) lit c GDPR.
- The transfer is justified pursuant to Article 6 (1) lit f GDPR to preserve our legitimate interests and there is no reason to assume that our legitimate interest is overridden by your interests which require protection of your personal data.
2.6 Retention periods
We will delete your personal data stored on our systems once we no longer require them for the purposes for which we have processed them. We will store the data for longer periods only, if we have your explicit consent or if there is a legal obligation to store such data, e.g. from the German Tax Code. To the extent the latter applies, we will restrict the processing of your data until the mandatory retention periods have expired.
3 Security of processing
In order to meet the requirements of Article 32 GDPR and thus achieve a level of protection appropriate to the risk, we maintain technical and organisational measures to ensure data security, in particular to protect your personal data from the risks presented in data transmission, unauthorised access or destruction. These will be adapted to the state of the art.
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content. You can recognize such encryption by "https" instead of "http" at the beginning of the URL and by the lock icon next to it.
4 YOUR RIGHTS
The GDPR defines a number of rights listed below that you have when interacting with us or any other company processing your data. Below we have outlined these for your information:
- Access: You have right to access personal information which BGIB holds about you, free of charge.
- Rectification: You have a right to request us to correct your personal information where it is inaccurate or out of date.
- Erasure/“to be forgotten“: You have the right to have your personal information erased, unless there are conflicting legal reasons.
- Restriction: You have the right to restrict the processing of your personal information, unless there are conflicting legal reasons.
- Data portability: You have the right to data portability, which requires us to provide personal information to you or directly to another controller in a commonly used, machine readable format.
- Objection: You have the right to object the processing of your personal information. Where you have given your consent to processing your personal data, you may withdraw this consent at any time.
- Complaint: You have the right to complain to the responsible data protection supervisory authority, in our case the Hamburg Commissioner for Data Protection and Freedom of Information, about the processing of your personal data by BGIB.
5 VALIDITY AND CHANGES
This data protection notice is up to date and was published on 19th February 2024.
We reserve the right to amend this privacy notice in case our website or services or the relevant laws change. You may access and print the current version of our data protection notice at any time on our website under https://www.bgib.com/privacy-policy.html.