Website Privacy Statement
Markel Insurance, German Office (hereinafter referred to as “Markel”) attaches particular importance to the protection of your personal data. We would like to transparently show you which data we process when you visit our website. We would also like to explain how we process the personal data of job applicants.
1. Data Controller
Markel Insurance SE, German Office
2. Processing of Personal Data
Personal data are individual details that can be used to directly or indirectly identify a person, such as a name or address. Personal data may be processed during visits to our website in the following cases:
a) Access data / server log files
Markel processes a limited amount of data (so-called “connection data”) for technical reasons every time its website is accessed. This data is technically required to establish and maintain a connection between your device and our servers. Data is processed on the basis of Section 13 Paragraph 1 and Section 15 Paragraph 3 of the German Telemedia act (Telemediengesetz; TMG). The following data and data categories may be collected:
- Name of the accessed website
- Date and time of access
- Browser type and version
- User’s operating system
- Referrer URL (previously accessed page)
- IP address
b) Registration function
You can open a user account to take part in our webinars offered through the Markel Academy. The following data must be provided to complete the registration process:
- Email address
- First name
- Last name
You may voluntarily provide us with further information to make it easier for us to get in touch with you in the event of problems and questions, etc. The data collected during registration is processed and used for the information society to provide its services and send email marketing. The data is processed on the basis of Article 6.1 a) of the General Data Protection Regulation (GDPR).
We would like to send you regular offers, news and other interesting information via email. If you are interested, you can sign up for our newsletter with your email address. An activation link will then be sent to your email address, and you can click on it to confirm your registration. Alternatively, you can copy and paste the link into the address bar of your web browser. You will then complete the registration process and give your consent to receive the newsletter (double opt-in process).
The data is processed on the basis of Article 6.1 a) of the GDPR. The following personal data is processed during registration and when receiving and using the newsletter:
- Email address
- First name
- Last name
You may revoke your consent at any time without stating reasons. There are two ways of doing this:
- You may unsubscribe from our newsletter by clicking on the “Unsubscribe” link found in every issue.
- You may send an informal email to firstname.lastname@example.org, stating your wish to unsubscribe.
Cookies are text files that enable the storage of device-specific information on the device used. This information is required to offer the information society’s services on our website and ensure that this works with as few errors as possible. This also includes the identification and rectification of errors. Data is processed on the basis of Section 13 Paragraph 1 and Section 15 Paragraph 3 of the TMG. If you would like to stop the placement of cookies, all major browsers have settings to block and delete them. However, blocking cookies may prevent you from accessing all or parts of the website.
e) Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics has various systems that let us analyse user behaviour. Personal data is transferred and saved on Google’s server in the USA. Before data is transferred, the function “_anonymizelp” and/or “ga(‘set’, ‘anonymizelp’, true)” is used to shorten your IP address by its last octet (i.e. by three places). Data is processed on the basis of Section 13 Paragraph 1 and Section 15 Paragraph 3 of the TMG. You can find more detailed information about data protection and the functions of Google Analytics at http://www.google.com/analytics/terms/de.html.
This website uses the chat software “Userlike” provided by Userlike UG. Markel uses Userlike to let you quickly and easily get in touch with a consultant. Communication will either be via live chat or email. The following personal data will either be collected automatically or provided by the user: Name, email address, IP address, user agent (browser), location data (maximum detail up to postcode). Data is processed on the basis of Section 13 Paragraph 1 and Section 15 Paragraph 3 of the TMG. If the screenshot function is employed by a user, other personal data may be collected from the browser window. This data is processed on the basis of Article 6.1 a) of the GDPR. You can find more detailed information about data protection and the functions of Userlike at https://www.userlike.com/de/terms.
The data controller has integrated YouTube features on its website. YouTube is a free Internet portal that lets video publishers post video clips and allows other users to watch, rate and comment on them. As YouTube allows the publication of all kinds of videos, the Internet portal can be used to access full-length films and television programmes, music videos, trailers and self-made videos uploaded by users.
The operating company behind YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time a user accesses one of the pages on this website operated by the data controller with an integrated YouTube feature (YouTube video), the Internet browser on the IT system run by the data subject is automatically directed to download and stream the respective feature from YouTube. You can find more information about YouTube at https://www.youtube.com/yt/about/de/. This technical process allows YouTube and Google to discover which specific sub-page on our website has been visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube will identify the specific sub-page containing a YouTube video on our website that has been visited by the data subject. This information is collected by YouTube and Google and matched to the YouTube account of the data subject.
If the data subject is logged in to YouTube when accessing our website, YouTube and Google will always receive a notification via the YouTube component that the data subject has visited our website; this happens regardless of whether the data subject clicks on a YouTube video. If the data subject does not want this information to be transferred to YouTube and Google, they may stop this transfer by logging out of their YouTube account before accessing our website.
The data protection regulations published by YouTube can be accessed at https://www.google.de/intl/de/policies/privacy/; they provide more information on the collection, processing and use of personal data by YouTube, as well as the legal foundation of this processing.
3. Categories of Data Recipient
Personal data may be transferred to the following types of recipient:
- Public bodies to comply with statutory regulations;
- Affiliated companies to fulfil contractual duties and/or provide the information society’s services;
- Processors to carry out data processing on behalf of a controller, as described in Article 28 of the GDPR;
- Other third parties whenever roles are transferred.
4. Transfers to Third Countries
Personal data may be transferred to third countries outside the European Union and/or EEA on the basis of:
- an adequacy decision issued by the European Commission, as described in Article 45 of the GDPR;
- standard data protection provisions issued by the Commission through the committee procedure pursuant to Article 93.2 of the GDPR.
Your personal data collected on our website is not used to carry out automated individual decision-making, including profiling, as described in Article 22.1 and 22.4 of the GDPR.
Markel carries out the legally required technical and organisational measures to protect personal data against loss, destruction, manipulation and unauthorised access.
7. Data Retention Period
Personal data is only stored for as long as required to fulfil the purposes described here or to comply with legally prescribed retention periods. Once a particular purpose is no longer required or a retention period has expired, personal data is deleted in accordance with statutory provisions.
8. The Rights of Data Subjects
As a data subject, you may exercise the following rights at any time:
- Right of access to data pursuant to Article 15 of the GDPR;
- Right to rectification pursuant to Article 16 of the GDPR;
- Right to erasure pursuant to Article 17 of the GDPR;
- Right to the restriction of processing pursuant to Article 18 of the GDPR;
- Right to data portability pursuant to Article 20 of the GDPR;
- Right to object to the processing of personal data pursuant to Article 21 of the GDPR.
If you would like to exercise your rights, please send your request via email to email@example.com or by post to the address noted in Point 1 above. You also have a right to lodge a complaint with a supervisory authority in accordance with Article 77.1 of the GDPR. You can receive more information from your local supervisory body.
9. Data Protection in the Job Application Process
The data controller collects and processes the personal data of job applicants to carry out the application process. Personal data may also be processed electronically. This will especially be the case if applicants submit their application documents to the data controller electronically, such as via email. If the data controller concludes an employment contract with an applicant, the transferred data will be stored in accordance with statutory provisions for the purposes of the ensuing employment relationship. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision has been announced, provided the data controlled has no other legitimate interests against such a deletion. An example of “another legitimate interest” in this sense is the obligation to provide evidence in legal proceedings in accordance with the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz; AGG).
10. Data Protection Officer
Holzhofer Consulting GmbH
Lochhamer Str. 31
D–82152 München – Planegg