ERV is aware that the protection of your privacy is an important concern for you when visiting our web pages. We take our remit, guaranteeing the confidentiality of your data within the framework of applicable regulations of data privacy law, very seriously in the interests of both parties. We use the latest techniques for holding dialogues with you and safeguarding your data.
The following data privacy information applies for the web presence of ERV as well as its apps
for mobile devices.
This website contains external links to third party websites. These websites are subjected to the liability of the respective site operators. If you notice that links on our website reference web pages the contents of which breach applicable law, please notify us by sending an email to email@example.com . We will then immediately take down these links on our web pages. ERV assumes no liability whatsoever for how up-to-date the information provided is, nor for its correctness, completeness and quality.
We hereby inform you about the processing of your personal data when using our web pages and the apps, and the rights you have under data protection legislation.
Responsible for data processing:
ERV (Europäische Reiseversicherung AG)
Rosenheimer Straße 116
You can contact our Data Protection Officer at the above address (FAO: Data Protection Officer) or use email address firstname.lastname@example.org .
You can always use our web pages anonymously. We do not store any personal data of website users or data that can be associated with individuals (such as IP addresses). For the anonymous analysis of user behaviour when our web pages are visited, information (date, time, pages visited, navigation and software used) is collected by us (so as to be anonymous) using an external service provider. Anonymisation is performed before the information is stored at the service provider.
Please refer to Section 6 for more information on our web presence.
When, in certain circumstances, you communicate to us your personal details, we keep them confidential in accordance with the data privacy regulations applicable at the company head office. When you send us an email, or complete an online form on our website and send it in, we only process the personal details specified therein (such as your name or email address) for our correspondence with you for sending over the documents or information requested, or for any other purposes stated on the individual form.
If our intention is to process your personal details for a purpose that is not stated, we will inform you of this beforehand.
We process your personal data in line with the provisions laid down in the European General Data Protection Regulation (GDPR), the revised Federal Data Protection Act (BDSG) and all other authoritative laws on the processing of personal data.
The specific legal basis for data processing is dependent upon the circumstances in which and for what purpose we receive your data. Every time it is applied, we will therefore draw your attention to it separately if so required.
Normally the legal basis will be “legitimate interests of the party responsible for transacting communication” or as part of application processes for taking pre-contractual steps on request of the person in question, in particular as part of applications with a finite number of users (such as applicant or shareholder portal), and also where applicable consent of the user or person in question.
At the place responsible, only those individuals and departments responsible for the respective transaction receive the data in question; a clear-cut allocation of duties and an authorisation scheme are in place for this. Data can also be sent to service providers for the aforementioned purposes. The involvement of service providers is necessary as part of the administration and maintenance of IT systems for example. The list of all service providers processing data on our behalf can be seen in Section 5 (and also downloaded or be sent on request).
Furthermore, personal data can be sent to additional recipients (such as regulatory authorities) provided this is necessary to fulfil contractual or statutory obligations.
Such data can also be forwarded to affiliated companies, for example as part of corporate communication or governance.
In the event personal data is sent to service providers or group companies outside the European Economic Area (EEA), it is only sent once an appropriate level of data protection has been ratified for the third country by the EU Commission, or other appropriate data privacy guarantees are in place (such as the agreeing of standard EU contract clauses and Privacy Shield). You can request this information from the contact details given at the start of this document.
We take in each case appropriate, state-of-the-art technical and organisational safety measures to protect data from manipulation (deliberate or not), loss, permanent erasure and unauthorised access. To protect your information, we deploy SSL (Secure Socket Layer) encryption for our dialogue forms on our web pages. When sent, your data is protected by this SSL connection from landing in the hands of unauthorised third parties. Please always use these dialogue forms for your own security. When you send us information unencrypted in normal, non-secure emails, it is possible for your data when sent to end up in the hands of or be changed by unauthorised individuals.
Contact the above address to request information on the data stored about yourself. Also, you can under certain circumstances request your data to be corrected or erased. Furthermore, you can be entitled to the right for processing of your data to be restricted and the right for data provided by you to be disclosed in a structured, established and machine-readable format.
If we process your data for the protection of legitimate interests, you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or processing serves the purposes of enforcing, exercising or defending legal claims.
If we process your data on the basis of consent issued by yourself, you are able to retract this consent at any time so as to be effective in the future.
You are able to contact the aforementioned Data Protection Officer or a Data Protection Supervisory Authority about an objection. The Data Protection Supervisory Authority responsible for us:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
91522 Ansbach, Germany
We erase your personal data as soon as it is no longer required for the aforementioned purposes. This is a regular process on account of the statutory obligations for producing supporting documents and compulsory safe custody, regulated by the commercial code, fiscal laws and the general tax code for example. Maximum storage periods are then generally up to 10 years. It might also be the case that personal data is stored for the period during which claims can be asserted against us (statutory limitation period of three or up to 30 years). Supplementary information, if relevant, can be found with the individual data processing tasks.
You are not obligated to provide personal data when using the website. However, there are services for which we need personal data from you - to send you information for example, such as newsletters required and to include you in an application process. The services required cannot be rendered without these details. In each case, we only collect the information actually required.
If we only use automated processing methods to bring about a decision in an individual case, including profiling, we will inform you about it every time they are applied.
Under the terms of the GDPR, statutory information obligations are in place in the future as
soon as, and to the extent which, personal data is collected from you for processing. So in the
future, in insurance applications in particular, corresponding information on the specific use of
your personal data will be included.
Below you can access individual, selected versions of the information on data use:
Information on data privacy (ERV data privacy clause)
The respective version for each insurance application and contract is disclosed with the insurance application.
The continued development of our web pages and advances in technology result from time to time in modifications to our Data Privacy Statement. When visiting our website, always ensure you refer to the latest version of our Data Privacy Statement.
18 June 2013 saw ERV become a signatory to the German insurance industry Code of Conduct for handling personal data. The Code of Conduct for data privacy regulates the collection, processing and use of your personal data.
It was agreed jointly between the German Insurance Association (GDV) and the data privacy regulatory authorities. The Berlin representative for data privacy has checked the Code of Conduct for data privacy and ascertained that the regulations contained therein are consistent with applicable data privacy law.
Companies that have signed up to the Code of Conduct commit to observing the requirements agreed therein and duly implementing as applicable any regulations still outstanding. The Code of Conduct specifies for the first time an industry-wide data privacy standard. Previously applicable regulations in the Federal Data Protection Act are being formalised and data protection issues are being included to the extent stipulated legally.
The Code of Conduct means additional consents are no longer necessary in many cases. For particularly sensitive information, such as health details, we continue however to require consent for the collection and use of health details and the release from confidentiality declaration. The German insurance industry Code of Conduct for handling personal data is here.
We will be glad to also make the text available in paper form. You can request it by phone by calling freephone number 0800 3746-000 or by sending an email to email@example.com.
Since 1 January 2013, ERV has been using new consent and release from confidentiality declarations in its applications. The declarations used have been agreed jointly between the German Insurance Association (GDV) and the data privacy regulatory authorities. They provide you even more transparency in the handling of your personal data.
We keep a list of all service providers who can be active for ERV as part of a contract. The
obligation to maintain this list is given from the new consent and release from confidentiality
declarations, and the new Code of Conduct for data privacy, agreed jointly between the German
Insurance Association (GDV) and the data privacy regulatory authorities.
The purpose of this list is to establish transparency regarding the processing of your data.
In the list are the service providers that collect, process or use as agreed health details
and/or other personal data on behalf of ERV insurance companies.
The service providers are named specifically when their primary remits are collecting, processing and using personal data. You can object to the sending of your data to the service providers in the list on a case-by-case basis specifying reasons. We will then check whether, in light of your specific personal situation, your interest worthy of protection outweighs exclusion of data being sent.
Please note that all ERV service providers are in the list. This does not mean however that your data is always passed to all service providers.
The list of ERV service providers is here.
“Session cookies” are stored on your computer during an online session. They are small files used for flow control and for sending details entered from subsequent pages. When a dialogue is ended, these cookies are deleted and there is no analysis of user behaviour. Statistical analyses for checking the success of our web presence are performed anonymously - no association to you as an individual is established. If, in addition to the mandatory details required for an individual quotation, we request optional information (to improve our website, for advertising purposes or to simply get to know and advise you better), the entry fields for this information are denoted accordingly.
Also, cookies are deployed in conjunction with usage in the personal customer area. Cookies do not contain any personal data. To be able to request access details for, and to log into, ERV online, the cookies of the www.erv.de website must be enabled. The settings for cookies are different from browser to browser.
To make visits to the web pages and use of the apps more user friendly, we use the Adobe
Analytics software from Adobe Systems for marketing and optimisation purposes. Information on usage
behaviour is stored, including origin and page accesses. Also, information such as gender, year of
birth and postcode are collected in anonymised form
without there being any inferences to you as an individual. It is not possible to
combine the details with your personal data (name, address or insurance number). Furthermore, your
IP address is not processed by Adobe Systems, only stored in truncated
form. Information collected by Adobe Systems is stored within the European Union.
By using this website, you agree to the collection and storage of data collated about you by Adobe Systems in the way described above and for the purpose stated above.
If you do not agree to the collection and storage of this data by Adobe Systems, please revoke it here.
More information on data privacy at Adobe Systems and the Data Privacy Statement are available from http://www.adobe.com/de/privacy.html .
When you send ERV a message using the contact form, the SSL (Secure Socket Layer) encryption technique (with a minimum key length of 128 bits) is used to send this information. Purchasing from us is secure using credit cards. We comply with PCI DSS – the security standard of Visa, MasterCard and American Express. Independent checks regularly confirm to us we are adhering to these requirements. This is how we ensure that nobody without authorisation can gain access to your card details.
Our web presence uses the social plugins (plugins) of several social networks, including Facebook, Twitter and Google+. The plugins are identified by a logo or words “Social plugin”.
When you access a page on our website that contains such a plugin, it can establish direct connections to the social network and send data as required. Communication takes place between the plugin, your browser and the social network. By integrating the plugins, the social networks receive the information that you have accessed the relevant page on our website. If you are already logged in to a social network, it can assign the visit to your account.
When you interact with the plugins, such as by pressing the “Like” button or posting a comment, the corresponding information is sent directly to the social network, where it is saved in line with the guidelines for that social network.
Please refer to the data privacy information for the relevant social network for the purpose and scope of data collection, other additional processing and use of data by the social network, your rights in this regard and the setting options for protecting your privacy.
If you do not want social networks to record information about your visit to our web pages, you must log out of the social networks before visiting our web pages or using the app.
ERV uses the email address specified by you to send reply emails with the information requested. We only send personal and confidential information in encrypted format, and if this is not possible, by post. If the content of your message pertains to a contractual relationship, ERV keeps the email. The email address is only stored for the purposes of correspondence with you and is not forwarded to third parties. You receive no unsolicited emails from us. If however you do receive an unsolicited email claiming to be from us, it is bogus and should be deleted.
Before sending ERV an unencrypted email, please remember that its contents are not protected in the Internet against falling into unauthorised hands, falsification, etc. For this reason, the recommendation is to use our contact form to send messages to ERV.
ERV is continually aligning itself to the most state-of-the-art technology to guarantee the security of its information and communication systems. ERV deploys national and international standards for its implementation.
The in-house Data Protection Officer and his/her employees ensure the principles of data privacy are observed. Please write to us if you have further questions about data privacy at ERV.
Europäische Reiseversicherung AG
Data Protection Officer
Rosenheimer Str. 116