ERV is aware that the protection of your privacy is an important concern for you when visiting our web pages. We take our remit, guaranteeing the confidentiality of your data within the framework of applicable regulations of data privacy law, very seriously in the interests of both parties. We use the latest techniques for holding dialogues with you and safeguarding your data.
The following data privacy information applies for the web presence of ERV as well as its apps for mobile devices. This information also applies for our presences in social networks and in voice-supported services.
This website contains external links to third party websites. These websites are subjected to the liability of the respective site operators. If you notice that links on our website reference web pages the contents of which breach applicable law, please notify us by sending an email to firstname.lastname@example.org . We will then immediately take down these links on our web pages. ERV assumes no liability whatsoever for how up-to-date the information provided is, nor for its correctness, completeness and quality.
We hereby inform you about the processing of your personal data when using our web pages and the apps, and the rights you have under data protection legislation.
Responsible for data processing:
ERV (Europäische Reiseversicherung AG)
Rosenheimer Straße 116
You can contact our Data Protection Officer at the above address (FAO: Data Protection Officer) or use email address email@example.com .
You can always use our web pages anonymously. We do not store any personal data of website users or data that can be associated with individuals (such as IP addresses). For the anonymous analysis of user behaviour when our web pages are visited, information (date, time, pages visited, navigation and software used) is collected by us (so as to be anonymous) using an external service provider. Anonymisation is performed before the information is stored at the service provider.
Please refer to Section 6 for more information on our web presence.
When, in certain circumstances, you communicate to us your personal details, we keep them confidential in accordance with the data privacy regulations applicable at the company head office. When you send us an email, use one of our voice assistants or complete an online form on our website and send it in, we only process the personal details specified therein (such as your name or email address) for our correspondence with you for sending over the documents or information requested, or for any other purposes stated on the individual form.
If our intention is to process your personal details for a purpose that is not stated, we will inform you of this beforehand.
We process your personal data in line with the provisions laid down in the European General Data Protection Regulation (GDPR), the revised Federal Data Protection Act (BDSG) and all other authoritative laws on the processing of personal data.
The specific legal basis for data processing is dependent upon the circumstances in which and for what purpose we receive your data. Every time it is applied, we will therefore draw your attention to it separately if so required.
Normally the legal basis will be “legitimate interests of the party responsible for transacting communication” or as part of application processes for taking pre-contractual steps on request of the person in question, in particular as part of applications with a finite number of users (such as applicant or shareholder portal), and also where applicable consent of the user or person in question.
At the place responsible, only those individuals and departments responsible for the respective transaction receive the data in question; a clear-cut allocation of duties and an authorisation scheme are in place for this. Data can also be sent to service providers for the aforementioned purposes. The involvement of service providers is necessary as part of the administration and maintenance of IT systems for example. The list of all service providers processing data on our behalf can be seen in Section 5 (and also downloaded or be sent on request).
Furthermore, personal data can be sent to additional recipients (such as regulatory authorities) provided this is necessary to fulfil contractual or statutory obligations.
Such data can also be forwarded to affiliated companies, for example as part of corporate communication or governance.
In the event personal data is sent to service providers or group companies outside the European Economic Area (EEA), it is only sent once an appropriate level of data protection has been ratified for the third country by the EU Commission, or other appropriate data privacy guarantees are in place (such as the agreeing of standard EU contract clauses and Privacy Shield). You can request this information from the contact details given at the start of this document.
We take in each case appropriate, state-of-the-art technical and organisational safety measures to protect data from manipulation (deliberate or not), loss, permanent erasure and unauthorised access. To protect your information, we deploy SSL (Secure Socket Layer) encryption for our dialogue forms on our web pages. When sent, your data is protected by this SSL connection from landing in the hands of unauthorised third parties. Please always use these dialogue forms for your own security. When you send us information unencrypted in normal, non-secure emails, it is possible for your data when sent to end up in the hands of or be changed by unauthorised individuals.
Contact the above address to request information on the data stored about yourself. Also, you can under certain circumstances request your data to be corrected or erased. Furthermore, you can be entitled to the right for processing of your data to be restricted and the right for data provided by you to be disclosed in a structured, established and machine-readable format.
If we process your data for the protection of legitimate interests, you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or processing serves the purposes of enforcing, exercising or defending legal claims.
If we process your data on the basis of consent issued by yourself, you are able to retract this consent at any time so as to be effective in the future.
You are able to contact the aforementioned Data Protection Officer or a Data Protection Supervisory Authority about an objection. The Data Protection Supervisory Authority responsible for us:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
91522 Ansbach, Germany
We erase your personal data as soon as it is no longer required for the aforementioned purposes. This is a regular process on account of the statutory obligations for producing supporting documents and compulsory safe custody, regulated by the commercial code, fiscal laws and the general tax code for example. Maximum storage periods are then generally up to 10 years. It might also be the case that personal data is stored for the period during which claims can be asserted against us (statutory limitation period of three or up to 30 years). Supplementary information, if relevant, can be found with the individual data processing tasks.
You are not obligated to provide personal data when using the website. However, there are services for which we need personal data from you - to send you information for example, such as newsletters required and to include you in an application process. The services required cannot be rendered without these details. In each case, we only collect the information actually required.
If we only use automated processing methods to bring about a decision in an individual case, including profiling, we will inform you about it every time they are applied.
Under the terms of the GDPR, statutory information obligations are in place in the future as
soon as, and to the extent which, personal data is collected from you for processing. So in the
future, in insurance applications in particular, corresponding information on the specific use of
your personal data will be included.
Below you can access individual, selected versions of the information on data use:
Information on data privacy (ERV data privacy clause)
The respective version for each insurance application and contract is disclosed with the insurance application.
The continued development of our web pages and advances in technology result from time to time in modifications to our Data Privacy Statement. When visiting our website, always ensure you refer to the latest version of our Data Privacy Statement.
18 June 2013 saw ERV become a signatory to the German insurance industry Code of Conduct for handling personal data. The Code of Conduct for data privacy regulates the collection, processing and use of your personal data.
It was agreed jointly between the German Insurance Association (GDV) and the data privacy regulatory authorities. The Berlin representative for data privacy has checked the Code of Conduct for data privacy and ascertained that the regulations contained therein are consistent with applicable data privacy law.
Companies that have signed up to the Code of Conduct commit to observing the requirements agreed therein and duly implementing as applicable any regulations still outstanding. The Code of Conduct specifies for the first time an industry-wide data privacy standard. Previously applicable regulations in the Federal Data Protection Act are being formalised and data protection issues are being included to the extent stipulated legally.
The Code of Conduct means additional consents are no longer necessary in many cases. For particularly sensitive information, such as health details, we continue however to require consent for the collection and use of health details and the release from confidentiality declaration. The German insurance industry Code of Conduct for handling personal data is here.
We will be glad to also make the text available in paper form. You can request it by phone by calling freephone number 0800 3746-000 or by sending an email to firstname.lastname@example.org.
Since 1 January 2013, ERV has been using new consent and release from confidentiality declarations in its applications. The declarations used have been agreed jointly between the German Insurance Association (GDV) and the data privacy regulatory authorities. They provide you even more transparency in the handling of your personal data.
We keep a list of all service providers who can be active for ERV as part of a contract. The
obligation to maintain this list is given from the new consent and release from confidentiality
declarations, and the new Code of Conduct for data privacy, agreed jointly between the German
Insurance Association (GDV) and the data privacy regulatory authorities.
The purpose of this list is to establish transparency regarding the processing of your data.
In the list are the service providers that collect, process or use as agreed health details
and/or other personal data on behalf of ERV insurance companies.
The service providers are named specifically when their primary remits are collecting, processing and using personal data. You can object to the sending of your data to the service providers in the list on a case-by-case basis specifying reasons. We will then check whether, in light of your specific personal situation, your interest worthy of protection outweighs exclusion of data being sent.
Please note that all ERV service providers are in the list. This does not mean however that your data is always passed to all service providers.
The list of ERV service providers is here.
“Session cookies” are stored on your computer during an online session. They are small files used for flow control and for sending details entered from subsequent pages. When a dialogue is ended, these cookies are deleted and there is no analysis of user behaviour. Statistical analyses for checking the success of our web presence are performed anonymously - no association to you as an individual is established. If, in addition to the mandatory details required for an individual quotation, we request optional information (to improve our website, for advertising purposes or to simply get to know and advise you better), the entry fields for this information are denoted accordingly.
Also, cookies are deployed in conjunction with usage in the personal customer area. Cookies do not contain any personal data. To be able to request access details for, and to log into, ERV online, the cookies of the www.erv.de website must be enabled. The settings for cookies are different from browser to browser.
To make visits to the web pages and use of the apps more user friendly, we use the Adobe
Analytics software from Adobe Systems for marketing and optimisation purposes. Information on usage
behaviour is stored, including origin and page accesses. Also, information such as gender, year of
birth and postcode are collected in anonymised form
without there being any inferences to you as an individual. It is not possible to
combine the details with your personal data (name, address or insurance number). Furthermore, your
IP address is not processed by Adobe Systems, only stored in truncated
form. Information collected by Adobe Systems is stored within the European Union.
By using this website, you agree to the collection and storage of data collated about you by Adobe Systems in the way described above and for the purpose stated above.
If you do not agree to the collection and storage of this data by Adobe Systems, please revoke it here.
More information on data privacy at Adobe Systems and the Data Privacy Statement are available from http://www.adobe.com/de/privacy.html .
As a client of Google Adwords we use Google Conversion Tracking, an analysis service of Google
Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). As part of this process
Google Adwords places a cookie in your computer (a "conversion cookie") if you were directed to our
site by a Google advertisement. These cookies cease to operate after 30 days and do not serve any
purpose related to personal identification. If you visit certain of our pages and the cookie is
still operational we and Google can see that someone has clicked on the advertisement and was then
directed to our site. Every AdWords client receives a different cookie. Cookies cannot therefore be
tracked via the websites of AdWords clients. The information obtained with the aid of conversion
cookies is used to compile conversion statistics for AdWords clients who have opted for conversion
tracking. The AdWords clients learn the total number of users who have clicked on their
advertisement and were then directed to a page equipped with a conversion tracking tag. However,
they do not receive any information with which users can be identified.
If you do not want to be involved in tracking, you can object to this use by setting your browser software to prevent the installation of these cookies (the deactivation facility). You will then not be included in the conversion tracking statistics.
You will find further information and Google's data protection policy at: http://www.google.de/policies/privacy/.
We use the remarketing technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA
94043, USA; "Google"). Users who have already visited our Internet pages and online services and
have shown interest in what we have to offer are approached again with the aid of this technology
using targeted advertising on the pages of the Google partner network. The advertising is displayed
computer. The user's behaviour during the visit to the website can be analysed with the help of the
text files and then used for targeted product recommendations and interest-based advertising.
You can find further information on Google remarketing and Google's data protection policy at: https://www.google.com/policies/technologies/ads/ .
By using our site you are stating that you agree to Google processing the data collected about you in the manner described here for the purpose specified above. We wish to point out that Google has its own data protection guidelines which are quite separate from ours. We accept no responsibility or liability for these guidelines of processes.
In order to evaluate and support our online marketing activities we also use the "visitor action pixel" of Facebook, Inc., 1601 S. California Ave, Palo Alto, CA 94304 , USA ("Facebook"). By using this facility we can track the activities of users after they have seen or clicked on a Facebook advertisement. We can measure the effectiveness of Facebook advertisements for statistical and market research purposes in this way. The data we capture in this manner is anonymous: this means that we do not see the personal data of individual users. However, this data is saved and processed by Facebook, about which we would now like to share with you what we know about this subject. Facebook can link its data with your Facebook account and also use it for their own promotional purposes in line with Facebook's data use policy (http://www.facebook.com/about/privacy). You can enable Facebook and its partners to display advertisements both on Facebook and elsewhere. A cookie can also be saved on your computer for this purpose.
On our website we use the remarketing or custom audience function in joint responsibility with
Facebook. The purpose of this function is to show interest-related advertising to users of our
website when they are visiting the Facebook social network. To make this possible we have
implemented the Facebook pixel on this website. When a person visits our website this pixel creates
a link to the Facebook servers. This link tells Facebook that you have visited our website and also
which pages were accessed. Facebook assigns this information to your Facebook account.
The Facebook pixel enables us to measure, evaluate and optimise the effectiveness of our Facebook advertising for statistical and market research purposes. It also enables the visits to the various web pages (the "customer journey") to be tracked. We receive reports from Facebook only in anonymised form. This means that we do not receive any personal data belonging to individual users.
You will find more detailed information on the collection and use of data by Facebook and about your related rights and opportunities to protect your privacy in the Facebook data policy statement https://www.facebook.com/privacy/explanation.
We do not save the personal data of website visitors. Our advertisements will appear on your screen if you use Facebook after visiting our website. It is highly likely that these will relate to product and information pages which you previously accessed.
We make use of retargeting. In online marketing, "retargeting" denotes a process in which visitors to a website are identified by cookies and then shown targeted advertising on other websites. No personal data relevant to the website visitors is saved. We use temporary cookies which are active for 90 days for retargeting. As is the case with web tracking, we collect data for retargeting in anonymised form.
When you send ERV a message using the contact form, the SSL (Secure Socket Layer) encryption technique (with a minimum key length of 128 bits) is used to send this information. Purchasing from us is secure using credit cards. We comply with PCI DSS – the security standard of Visa, MasterCard and American Express. Independent checks regularly confirm to us we are adhering to these requirements. This is how we ensure that nobody without authorisation can gain access to your card details.
Our web presence uses the social plugins (plugins) of several social networks, including Facebook, Twitter and Google+. The plugins are identified by a logo or words “Social plugin”.
When you access a page on our website that contains such a plugin, it can establish direct connections to the social network and send data as required. Communication takes place between the plugin, your browser and the social network. By integrating the plugins, the social networks receive the information that you have accessed the relevant page on our website. If you are already logged in to a social network, it can assign the visit to your account.
When you interact with the plugins, such as by pressing the “Like” button or posting a comment, the corresponding information is sent directly to the social network, where it is saved in line with the guidelines for that social network.
Please refer to the data privacy information for the relevant social network for the purpose and scope of data collection, other additional processing and use of data by the social network, your rights in this regard and the setting options for protecting your privacy.
If you do not want social networks to record information about your visit to our web pages, you must log out of the social networks before visiting our web pages or using the app.
ERV uses the email address specified by you to send reply emails with the information requested. We only send personal and confidential information in encrypted format, and if this is not possible, by post. If the content of your message pertains to a contractual relationship, ERV keeps the email. The email address is only stored for the purposes of correspondence with you and is not forwarded to third parties. You receive no unsolicited emails from us. If however you do receive an unsolicited email claiming to be from us, it is bogus and should be deleted.
Before sending ERV an unencrypted email, please remember that its contents are not protected in the Internet against falling into unauthorised hands, falsification, etc. For this reason, the recommendation is to use our contact form to send messages to ERV.
If you use a voice assistant via a terminal incorporating a microphone (e.g. Amazon Echo, Google Home), your audio recording made is also processed with the aid of the apps installed there (e.g. Amazon Alexa, Google Assistant). Your complete audio recording in particular and your use of the voice assistant is processed at this time both on your terminal and on these providers' servers. Their Terms and Conditions of Use and Data Privacy Conditions apply:
If you use these voice assistants to contact us, to obtain general information, information relating to a specific contract, or offers ("voice services"), the provider of the voice assistant in question passes information to us. This is necessary if we are to be able to respond to your enquiry. However, we only receive the content of your enquiry, not the voice recording itself. This is retained in your user account of the relevant voice assistant where you can manage it (in particular, delete it).
We only receive your location or email address in this communication if this is necessary to respond to your enquiry and you have granted us access to this information when speaking to the voice assistant.
If you want to use an existing user account (e.g. Amazon login) to take advantage of one of our voice services we only receive information from this account if you have previously given your express consent. The legal basis is then your consent as set out in Article 6, Paragraph 1, Letter a) of the GDPR. If you also agree to the use of the payment functions of one of your existing user accounts (e.g. Amazon Pay) in our voice service, then we only receive your contact and address data for the payment from the payment service provider but not your bank details. Other than that, all we receive is what is called a "token" which is needed for technical reasons so that you can approach us with the existing user account and can pay without providing us with registration data. The legal basis for this data processing is therefore both your contract with us, Article 6, Paragraph 1, Letter b) of the GDPR and also the legal obligation of defining the beneficiary in invoices as required by Article 6 Paragraph 1, Letter c) of the GDPR in conjunction with § 14, Paragraph 4 of the German Value Added Tax Act (Umsatzsteuergesetz).
Finally, we also receive a number (called an ID) so that we can pass the answer to your enquiry
to your voice assistant. This ID is linked to our service in the voice assistant but not to you as
a person. In this way the information you requested (e.g. offers, general information or
information about a contract) can be sent again via the server and systems of the providers of your
voice assistant, and your terminal. We can only allocate this ID to your person if the content of
your voice recording includes unambiguous information about yourself (e.g. your name or contract
The legal basis for this data processing is the pre-contractual information about you or the contract with you, Article 6 Paragraph 1, Letter b) of the GDPR.
We also process data with the aid of the Adobe Analytics service. The legal basis in this is our legitimate interest in accordance with Article 6 Paragraph 1, Letter f) of the GDPR. Remarks concerning Adobe Analytics (see above, section 6.2.) apply accorndingly.
If you delete the ID which is allocated to our service we can no longer attribute your enquiry and its answer to a terminal and a person. However, this does not apply if you yourself have passed personal information to us via the voice assistant. In general and in principle we process the above personal information only for as long as is necessary for us to deal with your enquiry. If your enquiry relates to a contract or a contract proposal our storage periods set out above in Section 2.11 apply.
ERV is continually aligning itself to the most state-of-the-art technology to guarantee the security of its information and communication systems. ERV deploys national and international standards for its implementation.
The in-house Data Protection Officer and his/her employees ensure the principles of data privacy are observed. Please write to us if you have further questions about data privacy at ERV.
Europäische Reiseversicherung AG
Data Protection Officer
Rosenheimer Str. 116