DATA PROTECTION NOTICE

1 OVERVIEW

With this data protection notice, we would like to inform you about what personal data we process in what way and for which purposes. The following information relates to the use of our website (www.bgib.com) and, to some extent, also to other aspects of our business.

The term “personal data” refers to all data that may be attributed to you personally, like your name, your e-mail address or your date of birth. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and all other applicable data protection laws.

Controller of the data, that is the body which determines the purposes and means of the processing of personal data, pursuant to Article 4 (7) GDPR is

Besso Grimme Insurance Brokers GmbH
Alstertor 17
20095 Hamburg

We have appointed an external data protection officer. You can contact the data protection officer at datenschutz.besso@two-towers.eu or by mail at Two Towers Consulting GmbH & Co. KG, Kaiser-Wilhelm-Ring 27-29, 50672 Koeln, Germany. Should you wish to contact the data protection officer using encrypted communication feel free to first request the S/MIME key from the e-mail address given.

2 DATA PROCESSING ACTIVITIES

2.1 Visiting our website

When visiting our website, we will record some basic connection data sent by your browser to our server for technical reasons. This information is necessary to display the website properly, to provide a stable connection and to protect ourselves against abuse of and damages through compromise of our IT-systems (cyber-crime). This basic connection data comprises

  • IP address
  • Time and data with time zone difference to UTC (coordinated universal time)
  • Type of browser, browser version and browser language
  • Operating system
  • Internet Service Provider (ISP)
  • Volume of transferred data
  • Referrer (the internet site which sent you to us)
  • The sub pages you visit on our website

The legal basis for processing of this data is Article 6 (1) lit f GDPR.

Cookies

We use cookies on our website. Cookies are small text files that are placed on your computer by websites that you visit. Cookies cannot execute any programs or carry malware. Cookies enable us to glean information on the use of our website and to make our website more efficient and user-friendly.

On this website, we use transient cookies only. Transient cookies are deleted automatically once you close your browser. The most common form of transient cookies are session-cookies. Session-cookies store a session-ID enabling our website to attribute different actions performed by your browser to the same session. This enables our server to recognize your browser when you return to our website. However, session-cookies are automatically deleted once your close your browser or you log out of an account.

You can delete cookies at any time using the respective setting in your browser. You can also configure your browser settings in a way that no cookies can be stored. If you deactivate cookies in general, some functions of our website might become unavailable to you.

The legal basis for the use of cookies is Article 6 (1) lit f GDPR. We have a legitimate interest to optimize our website for its users.

Google WebFonts

In order to make a visit on our website more enjoyable, we use fonts provided by Google WebFonts. When you access our website, your browser will download the respective fonts into your browser cache. This enables your browser to present the fonts in the intended way. To load these fonts, your browser will contact the servers of Google, which might be located in the USA. Google will receive and possibly store your IP address as a result of this process. Google emphasize that they do not place any cookies when a user visits a website using their web fonts.

The legal basis for the use of web fonts is Article 6 (1) lit f GDPR. We have a legitimate interest to optimize our website for its users.

For further information concerning the processing of your data by Google, please consult Google‘s web font information and privacy policy (https://developers.google.com/fonts/faq and https://policies.google.com/privacy) or contact Google directly:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

2.2 Contacting us

You can get in touch with us by mail, e-mail or by telephone. We will store the personal data received from you when contacting us, e.g. your name, your e-mail address, your phone number etc. to facilitate our communication with you. If there is no further need for any of these contact data, we will either delete your information or restrict its use where there are legal obligations to retain the data.

Legal basis for this processing are Article 6 (1) lit b, lit c or lit f GDPR.

2.3 Job applications

If you apply for an open position at BGIB or if you make a speculative application, we will process your data to carry out our recruitment procedures. Should we hire you, we will store your application data to fulfil the employment contract requirements. Should we not hire you, we will delete your data after three months following our rejection letter, as long as no other legitimate interests are affected.

Legal basis for the processing of application data is provided in particular by Section 26(1) BDSG.

2.4 Data transfer to third parties

We may share personal data with, typically EU-based third parties, that is with insurers, whose insurance products we broker, with group companies, authorised (IT) service providers or business partners (e.g. co-brokers) in other countries, who provide services on our behalf, as well as, potentially, with authorities (e.g. Federal Office of Civil Aviation).

Your data will usually only be processed within the European Union and countries within the European Economic Area (EEA). As we are part of a UK group of companies, data may also be transferred to the UK, for example. Where a country to which we transfer your data has not been determined by the European Commission to have an adequate level of data protection, we ensure that appropriate assurances to protect your information are in place, e.g. so-called EU standard contractual clauses.

We will only transfer your personal data to third parties, if at least one of the following applies:

  • You have given your explicit consent pursuant to Article 6(1) lit a GDPR.
  • The transfer is necessary to perform a contract with you pursuant to Article 6(1) lit b GDPR.
  • There is a legal obligation to forward the data pursuant to Article 6(1) lit c GDPR.
  • The transfer is justified pursuant to Article 6(1) lit f GDPR to preserve our legitimate interests and there is no reason to assume that our legitimate interest is overridden by your interests which require protection of your personal data.

2.5 Retention periods

We will delete your personal data stored on our systems once we no longer require them for the purposes for which we have processed them. We will store the data for longer periods only, if we have your explicit consent or if there is a legal obligation to store such data, e.g. from the German Tax Code. To the extent the latter applies, we will restrict the processing of your data until the mandatory retention periods have expired.

3 Security of processing

In order to meet the requirements of Article 32 GDPR and thus achieve a level of protection appropriate to the risk, we maintain technical and organisational measures to ensure data security, in particular to protect your personal data from the risks presented in data transmission, unauthorised access or destruction. These will be adapted to the state of the art.

Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content. You can recognize such encryption by "https" instead of "http" at the beginning of the URL and by the lock icon next to it.

4 YOUR RIGHTS

The GDPR defines a number of rights listed below that you have when interacting with us or any other company processing your data. Below we have outlined these for your information:

  • Access: You have right to access personal information which BGIB holds about you, free of charge.
  • Rectification: You have a right to request us to correct your personal information where it is inaccurate or out of date.
  • Erasure/“to be forgotten“: You have the right to have your personal information erased, unless there are conflicting legal reasons.
  • Restriction: You have the right to restrict the processing of your personal information, unless there are conflicting legal reasons.
  • Data portability: You have the right to data portability, which requires us to provide personal information to you or directly to another controller in a commonly used, machine readable format.
  • Objection: You have the right to object the processing of your personal information. Where you have given your consent to processing your personal data, you may withdraw this consent at any time.
  • Complaint: You have the right to complain to the responsible data protection supervisory authority, in our case the Hamburg Commissioner for Data Protection and Freedom of Information, about the processing of your personal data by BGIB.

5 VALIDITY AND CHANGES

This data protection notice is up to date and was published on 26th April 2019.

We reserve the right to amend this privacy notice in case our website or services or the relevant laws change. You may access and print the current version of our data protection notice at any time on our website under https://www.bgib.com/privacy-policy.html.