Data protection

Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München (hereinafter: “Munich Re”) knows that it is important to you to be able to maintain your privacy while visiting our website. It is in our mutual interests that we take our responsibility to guarantee the privacy of your data very seriously, in compliance with the applicable provisions of data protection law. We use state-of-the-art technology to communicate with you while keeping your data secure.

Scope of application

The following data protection notice applies to Munich Re API Developer Portal.

Who will be responsible for processing your data, and how can you reach the Data Protection Officer?

Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in Munich
Königinstrasse 107
80802 München, Germany

You may contact our Data Protection Officer at “Data Protection Officer” at the aforementioned address, or via the e-mail address .

What categories of data will we use, and for what purposes do we process personal data?

Munich Re does not save any personal or traceable data (e.g. IP addresses) of visitors to its website. We collect impersonal data about visits to our website (date, time, pages visited, navigation, software used) to have user habits anonymously analysed by an external service provider. The data is rendered anonymous before it is saved by the service provider.

When you access our web pages, you transmit data to the web server (from a technical necessity) via your Internet browser. For the communication between your Internet browser and the Web server your IP address, data and time of your request, the requested page / file and information about your webbrower and your operation system is recorded during an ongoing connection. This data is also recorded for security reasons and cannot be traced to individual people. We do not merge this data with other data sources. We reserve the right to review the information subsequently, and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our internet presence is being used illegally (for example, a hacking attack on our network).

Use of cookies
While you are on-line, your computer saves so-called cookies. These are small files that control how our website is displayed and operates. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our internet presence more user-friendly, effective and secure.

The cookies we use are “session cookies” to improve the usability of the website, which are automatically deleted as soon as you leave the site.

You can change your browser settings so that you are notified when cookies are being used, and you can allow them only once, or refuse them in certain cases or completely. You may also activate the automatic deletion of cookies when you close your browser. Deactivating cookies may restrict website functionality.

What is the legal basis for our processing of your personal data?

We process your data on the basis of the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and all other laws applicable to the processing of personal data.

The substantive legal grounds for the processing is based on GDPR Article 6, (1)(f). The processing is necessary to provide Munich Re API information services in a user-friendly and secure way.

Who receives your data?

Munich Re only receives anonymized data that is used by staff and departments who are responsible for the website and web services. The data may also be disclosed to service providers for security purposes. Using service providers is necessary, for example, for providing the technical platform, the administration and maintenance of our IT systems.

A list of all service providers that we use for data processing is available for downloading here .

Will we send your data to third countries?

If personal data needs to be transferred to service providers or Group companies outside the European Economic Area (EEA), this will be done only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example through standard EU contractual clauses, Privacy Shield). You may also request the information from the aforementioned contact person.

What measures do we have in place to protect your data?

We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorised third-party access during transfer. You can recognise an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.

For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected e-mail, it is possible that unauthorised parties may gain knowledge of or modify your data during transmission via the internet.

What data protection rights can you claim as a data subject?

At the address indicated above, you may request information about the personal data we have stored. In addition, under certain conditions you may request that your data be deleted or corrected. Furthermore, you may also have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format.

Right to object

If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

Who can you contact if you have a complaint?
If you have a complaint, you may contact the aforementioned Data Protection Officer, or the state data protection authority. The authority responsible for us is:

Data Protection Authority of Bavaria for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht)
Promenade 27
91522 Ansbach, Germany:

How long will your data be stored?
We will delete your personal data as soon as it is no longer required for the purposes set out above, and no legal documentation or retention requirements apply, for example in the German Commercial Code (HGB), fiscal laws or the General Tax Code (AO). Further details can be found, where applicable, under the respective types of data processing.

Amendments to this data protection notice

The continual improvement of our website, and the use of new technology, make it necessary to amend our data protection notice from time to time. When visiting our website, please read the current version of our data protection notice (current version: May 2018).