DATA PROTECTION NOTICE
With this data protection notice, we would like to inform you about what personal data we process in what way and for which purposes. The following information relates to the use of our website (www.bgib.com) and, to some extent, also to other aspects of our business.
The term “personal data” refers to all data that may be attributed to you personally, like your name, your e-mail address or your date of birth. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and all other applicable data protection laws.
Controller of the data, that is the body which determines the purposes and means of the processing of personal data, pursuant to Article 4 (7) GDPR is
Besso Grimme Insurance Brokers GmbH
We have appointed an external data protection officer. You can contact the data protection officer at firstname.lastname@example.org or by mail at Two Towers Consulting GmbH & Co. KG, Hohenzollernring 51, 50672 Koeln, Germany. Should you wish to contact the data protection officer using encrypted communication feel free to first request the S/MIME key from the e-mail address given.
2 DATA PROCESSING ACTIVITIES
2.1 Visiting our website
When visiting our website, we will record some basic connection data sent by your browser to our server for technical reasons. This information is necessary to display the website properly, to provide a stable connection and to protect ourselves against abuse of and damages through compromise of our IT-systems (cyber-crime). This basic connection data comprises
- IP address
- Time and data with time zone difference to UTC (coordinated universal time)
- Type of browser, browser version and browser language
- Operating system
- Internet Service Provider (ISP)
- Volume of transferred data
- Referrer (the internet site which sent you to us)
- The sub pages you visit on our website
The legal basis for processing of this data is Article 6 (1) lit f GDPR. We have a legitimate interest to make our website available for its users and to make it secure in order to prevent damages to the company.
On this website, we use transient cookies only. Transient cookies are deleted automatically once you close your browser. The most common form of transient cookies are session-cookies. Session-cookies store a session-ID enabling our website to attribute different actions performed by your browser to the same session. This enables our server to recognize your browser when you return to our website. However, session-cookies are automatically deleted once your close your browser or you log out of an account.
You can delete cookies at any time using the respective setting in your browser. You can also configure your browser settings in a way that no cookies can be stored. If you deactivate cookies in general, some functions of our website might become unavailable to you.
In order to make a visit on our website more enjoyable, we use fonts provided by Google WebFonts. When you access our website, your browser will download the respective fonts into your browser cache. This enables your browser to present the fonts in the intended way. To load these fonts, your browser will contact the servers of Google, which might be located in the USA. Google will receive and possibly store your IP address as a result of this process. Google emphasize that they do not place any cookies when a user visits a website using their web fonts.
For further information on the processing of personal data by Google, please refer to their data privacy notice
(https://policies.google.com/privacy?hl=en-UK). Google processes your personal data in the UA also and is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
The legal basis for the use of web fonts is Article 6 (1) lit f GDPR. We have a legitimate interest to optimize our website for its users.
On this website we use the services of Google Maps. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently.
By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of processing, the storage periods or information on the deletion of the collected data. The data processing takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in on Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out. Google stores your data as user profile and uses the data for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right of objection to the creation of these user profiles; you must contact Google in order to exercise this right.
2.2 Contacting us
You can get in touch with us by mail, e-mail, the website’s contact form or by telephone.
Contact via contact form
If you send us enquiries via the contact form on this website, your details from the enquiry form, including the contact data you provide, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The data entered in the contact form is processed either to prepare contractual measures in accordance with Art. 6 Para. 1 lit. b DSGVO or on the basis of our justified interest in answering the enquiry (Art. 6 Para. 1 lit. f DSGVO).
The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.
Contact by e-mail or telephone
If you contact us without using the contact form provided, i.e. by calling us or writing an e-mail, the personal data you provide in the course of this contact will be processed to answer your request. The same conditions apply as for contacting us via the contact form. The legal basis is either to prepare contractual measures in accordance with Art. 6 Para. 1 lit. b DSGVO or our legitimate interest according to Art. 6 Para. 1 lit. f DSGVO. The legitimate interest is to be able to comply with your request for contact.
2.3 Job applications
If you apply for an open position at BGIB or if you make a speculative application, we will process your data to carry out our recruitment procedures. Should we hire you, we will store your application data to fulfil the employment contract requirements. Should we not hire you, we will delete your data after three months following our rejection letter, as long as no other legitimate interests are affected.
Legal basis for the processing of application data is provided in particular by Section 26(1) BDSG.
2.4 Data transfer to third parties
We may share personal data with, typically EU-based third parties, that is with insurers, whose insurance products we broker, with group companies, (in particular our parent company Besso Insurance Group Limited, UK), authorised (IT) service providers or business partners (e.g. co-brokers) in other countries, who provide services on our behalf, as well as, potentially, with authorities (e.g. Federal Office of Civil Aviation).
Your data will usually only be processed within the European Union and countries within the European Economic Area (EEA). As we are part of a UK group of companies, data may also be transferred to the UK, for example. Where a country to which we transfer your data has not been determined by the European Commission to have an adequate level of data protection, we ensure that appropriate assurances to protect your information are in place, e.g. so-called EU standard contractual clauses.
We will only transfer your personal data to third parties, if at least one of the following applies:
- You have given your explicit consent pursuant to Article 6(1) lit a GDPR.
- The transfer is necessary to perform a contract with you pursuant to Article 6(1) lit b GDPR.
- There is a legal obligation to forward the data pursuant to Article 6(1) lit c GDPR.
- The transfer is justified pursuant to Article 6(1) lit f GDPR to preserve our legitimate interests and there is no reason to assume that our legitimate interest is overridden by your interests which require protection of your personal data.
2.5 Retention periods
We will delete your personal data stored on our systems once we no longer require them for the purposes for which we have processed them. We will store the data for longer periods only, if we have your explicit consent or if there is a legal obligation to store such data, e.g. from the German Tax Code. To the extent the latter applies, we will restrict the processing of your data until the mandatory retention periods have expired.
3 Security of processing
In order to meet the requirements of Article 32 GDPR and thus achieve a level of protection appropriate to the risk, we maintain technical and organisational measures to ensure data security, in particular to protect your personal data from the risks presented in data transmission, unauthorised access or destruction. These will be adapted to the state of the art.
Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content. You can recognize such encryption by "https" instead of "http" at the beginning of the URL and by the lock icon next to it.
4 YOUR RIGHTS
The GDPR defines a number of rights listed below that you have when interacting with us or any other company processing your data. Below we have outlined these for your information:
- Access: You have right to access personal information which BGIB holds about you, free of charge.
- Rectification: You have a right to request us to correct your personal information where it is inaccurate or out of date.
- Erasure/“to be forgotten“: You have the right to have your personal information erased, unless there are conflicting legal reasons.
- Restriction: You have the right to restrict the processing of your personal information, unless there are conflicting legal reasons.
- Data portability: You have the right to data portability, which requires us to provide personal information to you or directly to another controller in a commonly used, machine readable format.
- Objection: You have the right to object the processing of your personal information. Where you have given your consent to processing your personal data, you may withdraw this consent at any time.
- Complaint: You have the right to complain to the responsible data protection supervisory authority, in our case the Hamburg Commissioner for Data Protection and Freedom of Information, about the processing of your personal data by BGIB.
5 VALIDITY AND CHANGES
This data protection notice is up to date and was published on 28th May 2020.
We reserve the right to amend this privacy notice in case our website or services or the relevant laws change. You may access and print the current version of our data protection notice at any time on our website under https://www.bgib.com/privacy-policy.html.