Data protection notice (Arts. 13, 14 of GDPR)
One of the key elements in the EU’s General Data Protection Regulation (GDPR) is transparency in data processing. We take data protection very seriously. In the present notice, we would therefore like to explain how your personal data will be processed by Munich Re Investment Partners GmbH (hereinafter: “Investment Partners”), and to inform you of your rights under data protection laws.
Responsible for processing your data
Munich Re Investment Partners GmbH
Germany +49 (89) 38 91-0
If you have any questions about this information, you can also contact the Munich Re Data Protection Officer by post at the above address or by sending an email to email@example.com.
About Data Processing
We only process personal data that is required to present our range of services. Exactly which data we process and how we process them depends mainly on the services you use.
We collect data either from you/your legal representative (Art. 13 GDPR) or from other sources of information (Art. 14 GDPR).
Our staff are obliged to maintain confidentiality and only gain access to your data if they require them for a certain processing purpose. The data may also be forwarded to service providers/third parties for the defined purposes. Service providers are called on in the context of the management and maintenance of IT systems, for instance. We only call on service providers that guarantee us an appropriate degree of data protection, and thus the protection of your data in line with our precautions.
We delete your personal data as soon as we no longer require them for processing. Under certain circumstances, EU directives, laws or other regulations that we are subject to prescribe that data be held for up to ten (10) years. Also, in very rare cases, personal data may be stored for up to thirty (30) years if demands of the parties involved or legal statute demands.
In such cases, we block the data in question from any other processing, and we delete all other data not required.
Rights of Data Subjects
If we process your personal data, you are a "data subject" in the sense of the GDPR. If you are, you have the following rights with regard to us, in addition to the right to object to the processing of your data:
Right to information/notification
You have the right to demand confirmation from us as to whether we are processing your personal data or not. If we are, you have a right to receive information about these data.
Right to rectification of the collected data
If data pertaining to you are incorrect or incomplete, you can demand their immediate correction and/or completion.
Right to erasure/"Right to be forgotten"
You can demand the immediate deletion of your personal data if:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent or object to the processing of your personal data, and there are no other legal grounds requiring the processing;
- Your data are being processed unlawfully;
- Your personal data have to be deleted to fulfil EU directives, laws or other regulations that we are subject to;
- The data of children were gathered without the consent of the parent or guardian.
Right to restriction of processing
You can demand that the processing of your personal data be restricted:
- In lieu of their deletion;
- If you contest the correctness of the data, for a period enabling us to verify their accuracy;
- If we no longer need the personal data for the purpose for which they were processed, but you require them to assert or defend against legal claims;
- If you have objected to the processing and it is not yet clear whether our justified interests outweigh your reasons.
If data are collected on the basis of a contract/consent, and if they are processed with the aid of automatic procedures, you have the right to receive the personal data that you have provided us with in a commonly used and machine-readable format.
Right to revoke you data protection declaration of consent
You can revoke your consent to the processing of your personal data at any time. The revocation will not apply to processing done prior to your objection.
Right to complain
If you think your rights have been violated, you may contact the aforementioned Data Protection Officer or the data protection authorities. The public authority responsible for Investment Partners is:
Bayerisches Landesamt für Datenschutzaufsicht (Data Protection Authority of Bavaria for the Private Sector), Promenade 27, 91522 Ansbach, Germany. Tel.: +49 (0) 981 53 1300 email: firstname.lastname@example.org or https://www.lda.bayern.de/en/contact.html
Which data and sources do we use?
Within our business relationships, we process personal data from you as a business partner or employee of a business partner. These data include in particular the master data of the contractual partner (first name, last name, titles), contact data (e.g. business address, business (mobile) telephone number, e-mail addresses), bank details and (electronic) correspondence, the protocol files generated when using the IT systems and where applicable other data necessary for an efficient customer relationship. Your date of birth and nationality are also required for the financial sanction examination required by law.
As a rule, your personal data will be gathered from you directly within the know-your-customer process prescribed by law, and to some extent before the contractual relationship actually begins. In certain constellations, your personal data may also be collected from other places. These can include, for instance, situational requests for tax-relevant information by the inland revenue authority or notifications from estate agents of potential buyers.
We also process personal data when required, which we have permissibly obtained from public sources (e.g. company publications, press, internet) or that are legitimately given to us from other companies of Munich Re Group.
For what purpose and on what basis do we process your data?
We process personal data on the basis of Art. 6 para. 1 lit. a and b GDPR if this is necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, including in particular client onboarding processes, to conduct legal and other regulatory compliance checks, managing our relationship with you, including communicating with you in relation to the products and services you obtain from us.
We further process personal data required to meet our legal or regulatory responsibilities, including when we make the disclosures to authorities, regulators and government bodies on the basis of Art. 6 para. 1 lit. c and f GDPR, in order to protect our justified interests or those of third parties (e.g. public authorities). This applies in particular within the context of investigating criminal acts or for the purpose of internal communication or other administrative purposes.
On the basis of the European directives 2580/2001 and 881/2002 and European Union embargo lists, such as the European directive 208/2014, we are obliged to check your first name, last name, date of birth, address and nationality against these lists, to ensure that no money or other resources are made available for terrorist purposes.
Who receives your data?
Within our company, only the people who need your data to meet the above purposes are given access to the data. You will find the categories of recipient that process your data for us or to which we send your data, here:
External service providers:
We use external service providers to meet some of our contractual and legal duties. The categories of service providers can be found here:
Munich Re Group Companies:
Data may also be passed on to companies within our company group, e.g. within the scope of corporate communications or the management of the company group.
We also forward your personal data to public authorities and institutions such as the German Federal Financial Supervisory Authority "BaFin", the European Banking Authority or law enforcement authorities if we are obliged by law or administrative order to do so.
We only forward your data to service providers from outside the European Economic Area (EEA) if the EU Commission confirms an appropriate level of data protection in the country in question, or if other reasonable data protection measures guarantee the safety of your data there (e.g. binding internal company data protection regulations or standard EU contractual clauses). You can request detailed information on this and on the data protection standards at our service providers from outside the EU using the contact details shown above.
How long do we store your data?
We delete personal data not subject to statutory retention periods at the end of our business relationship. If the business relationship does not eventuate, data gathered within the course of initiating the agreement will be deleted six (6) months after the decision is announced.
Is there an obligation to provide the data?
Within a business relationship, the personal data are to be provided that are required to found, execute and terminate agreements. Without these data we are not able to make decisions on initiating or executing a contractual relationship.
Does Investment Partners have automatic decision-making?
We do not have automatic decision-making/profiling.
Changes to this Information
From time to time, changes in our offering may lead to adjustments to this information. Please make sure you have the latest version of this information.
Last update: August 2021