Data Privacy Statement

CertAI GmbH is a wholly-owned subsidiary of Munich Reinsurance Company (Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München). The company is responsible for development, marketing and sale of products and services in the area of digital technologies, in particular for risk measurement, risk control and general business optimisation. It is in our mutual interest that we take our responsibility to guarantee the privacy of your data very seriously, in compliance with the applicable provisions of data protection law. We use state-of-the-art technology to communicate with you while keeping your data secure. 

The following data protection notice applies to CertAI GmbH’s websites. This website contains links to third-party websites (external links). These websites are the responsibility of the respective operators. Should you notice that our website contains a link to a site whose content violates applicable law, please let us know at info@certai.com. We will then remove such links from our website without delay.

We would hereby like to explain how your personal data will be processed when you visit CertAI GmbH’s websites, and to inform you of your rights under data protection law.

CertAI GmbH
Königinstraße 107
80802 München
Telefon: +49(89)3891-0
E-Mail: info@certai.com

You can reach CertAI GmbH by email at info@certai.com or by post at the address indicated above.

(i) We process the personal data that you provide us in the course of our business together. If you send us an email, or if you complete and submit an online form on our website, we will use any personal data you provide (such as your name, email address or telephone number) only to correspond with you, to send you the information you requested, or for the other purpose(s) stipulated on the particular form. Where allowed by law, we also process personal data that we have legitimately obtained from other sources, such as from Group companies or from public sources. For legal or technical reasons, personal data may also be collected and communicated to us in an encrypted form from areas on our website that are accessible only to users with special authorisation (for example, the shareholder portal or job application portal). The amount of data collected depends on the application used.

(ii) Use of contact data for marketing purposes or for sending information. When you agree to the data protection notice and fill out an electronic form, you provide CertAI GmbH with your consent to use your data (such as first and last names, email address, telephone number and postal address) to send you, in future, information about CertAI GmbH’s products and services, or to contact you for marketing purposes. This also applies if you subscribe to receive emails (such as a newsletter). In application of the dual opt-in process for legal reasons, a one-time confirmation email will be sent to the email address provided for the receipt of information. We also send such a one-time confirmation email to those who contact us using the online form. The confirmation email is intended to determine whether it was the owner of the email address who authorised receiving emails, and it thus serves as evidence of this authorisation.

(iii) In order for CertAI GmbH to receive information about the interactions with the email recipient, a function called “tracking pixel” will be used in the Microsoft Dynamics 365 Marketing module. This function identifies, using image resources, when a recipient opens an email sent using a Microsoft Dynamics 365 product. If an email is sent using the Dynamics 365 Marketing module or Microsoft Dynamic CRM, an image tag for a tiny image is inserted in the main portion of the email. If the recipient opens the email and his or her email client is appropriately configured, the email client sends a request for the image to the Microsoft Dynamics platform. This request is transferred to the email-opening rate that is provided to CertAI GmbH for analysis.

(iv) Use of cookies
During an online session, cookies are stored on your computer. These are small files that control the display and operation of our website. Cookies will not damage your computer and do not contain viruses.

When you visit our website, and wish to make use of the functions we offer, we use one group of cookies that are required for technical reasons. We also employ other cookies to carry out statistical evaluations of the reach of our websites. We perform anonymised statistical evaluations of these websites. We do not establish any personal link to you.

You may deactivate, in your browser, any cookies that are not necessary to display the website.

Most of the cookies we use are session cookies. They are automatically deleted at the end of your visit. Other cookies, such as those used for statistical evaluations, remain on your terminal device until you delete them. These cookies allow us to recognise your browser the next time you visit.

The cookies are as follows:

ARRAffinity (Domain: .biz.rmp.munichre.com)
This cookie is necessary to ensure that all of the user’s page views are sent to the same server. It is deleted when the browser is closed.

ASP.NET_SessionId (Domain: .biz.rmp.munichre.com)
This cookie is necessary to administer the user sessions. It is an anonymous cookie that is deleted when the browser is closed.

Dynamics365PortalAnalytics (Domain: .biz.rmp.munichre.com)
Service cookie to anonymously analyse the use of the service; will be aggregated for statistical purposes.

WT_FPC (Domain: .munichre.com)
This cookie is set by Webtrends Analytics. Its purpose is to track and report on user behaviour on a website in order to improve performance. The analysis is anonymous. Such data cannot be traced back to individual users. The data will not be merged with data from other sources. We reserve the right to review the information subsequently, and report it to authorities (such as the police or public prosecutor’s office), if there are concrete indications that our internet presence is being used illegally (for example, a hacking attack on our network).

We will process your data on the basis of the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and all other laws applicable to the processing of personal data. As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary, in the context of a user/contractual relationship, to fulfill a contract or during the pre-contractual process (for example, job application process), or at your request. Where an application or process requires restricted-access (for example the job applicant portal), the user or data subject’s consent may constitute the legal grounds. You may revoke such consent at any time. Any processing done before the revocation would remain valid, however.

The substantive legal grounds for the processing depend on the context and the purpose for which we process your data.

(i) To fulfil (pre-)contractual duties (Art. 6(1)(b) of the GDPR)

As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary in the context of a contractual relationship, to fulfil a contract or during the pre-contractual process, or at your request.

(ii) For the purpose of our legitimate interests (Art. 6(1)(f) of the GDPR)

This may apply, for example, to the sending of information to clients and business partners by post, or the saving of your contact data in our (Group-wide) IT systems. This may also include claims for the violation of legal rights. Using session cookies normally can also be justified as a legitimate interest.

(iii) Consent (Article 6(1)(a) of the GDPR)

The consent of the user or the data subject may also be necessary for sending information or for making contact for marketing purposes. The use of tracking pixels also requires your consent. You may revoke the declaration of consent and the consent to the saving of your personal data, which you issued to us, with future effect at any time, as per Clause 2.8 of this data protection notice. If you have subscribed to our email newsletter, you can also exercise your revocation by clicking on the link in the newsletter. Any processing done before the revocation would remain valid, however.

(iv) Based on legal compliance (Art. 6 (1)(c) of the GDPR)

We will also process your data to fulfil our legal duties, e.g. based on supervisory provisions, or to compare your data against sanctions lists to comply with counter-terrorism rules (e.g. Council Regulation 2580/2001).

Within CertAI GmbH, only those staff and departments who are responsible for the respective process will receive your data. The data may also be disclosed to Munich Reinsurance Company, which provides comprehensive services to CertAI GmbH, and to its service providers. Only those staff within Munich Re (Group) who need your data for the aforementioned purposes will have access to it. Munich Reinsurance Company uses external service providers to fulfil some of its contractual and statutory obligations. Outsourcing is necessary, for example, in the sales process, when creating the content for our website or sending newsletters. Corresponding data protection agreements have been concluded with such service providers. Service providers that are used to send you the requested information (such as brochures by mail, issuing electronic newsletters) will receive the necessary personal data. We also use external service providers for support when managing job applicants , for example. The categories of service providers can be found here .

If personal data needs to be transferred to service providers or Group companies outside the European Economic Area (EEA), this will be done only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if data protection is otherwise sufficiently guaranteed (for example through standard EU contractual clauses, Privacy Shield). You may also request the information from the aforementioned contact person.

We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorised third-party access during transfer. You can recognise an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.

For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected e-mail, it is possible that unauthorised parties may gain knowledge of or modify your data during transmission via the internet.

We will delete your personal data as soon as it is no longer required for the purposes set out above, and no legal documentation or retention requirements apply, for example in the German Commercial Code (HGB), fiscal laws or the General Tax Code (AO).

You are not required to provide personal data when accessing CertAI GmbH’s website. However, there are services for which we require personal data from you – for example, to send you information, a newsletter you have requested, details about a contract, or to take your application into account for a job opening. Without this data, CertAI GmbH cannot carry out the services you request.

In addition to your right to object, you have a right to information, a right to rectify or erase data under certain conditions, as well as a right to restrict data processing. Upon request, we will make the data that you provided available in a structured, accessible and machine-readable format. Please contact the above-mentioned address to exercise these rights.

Right to object

If we process your data for the purposes of protecting legitimate interests, you may object to this processing on grounds relating to your particular situation. We will then stop the processing, unless we have compelling legitimate interests to do so which override your grounds. Even after giving your consent, you are entitled to revoke it for the future without consequences.

If you have a complaint, you may contact the aforementioned address, or the state data protection authority. The authorities responsible for us are:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
91522 Ansbach
https://www.lda.bayern.de/de/kontakt.html
poststelle@lda.bayern.de

The continual improvement of our website, and the use of new technology, make it necessary to amend our data protection notice from time to time. When visiting our website, please read the current version of our privacy statement (current status: April 2020).