Quotation request
Besso Grimme Insurance Brokers GmbH
  • Slider image
    Slider image
    Slider image
  • Slider image
    Slider image
    Slider image

DATA PROTECTION NOTICE

1 OVERVIEW

With this data protection notice, we would like to inform you about what personal data we process in what way and for which purposes. The following information relates to the use of our website (www.bgib.com) and, to some extent, also to other aspects of our business.

The term “personal data” refers to all data that may be attributed to you personally, like your name, your e-mail address or your date of birth. We process personal data in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”) and all other applicable data protection laws.

Controller of the data, that is the body which determines the purposes and means of the processing of personal data, pursuant to Article 4 (7) GDPR is

Besso Grimme Insurance Brokers GmbH
Alstertor 17
20095 Hamburg

We have appointed an external data protection officer. You can contact the data protection officer at datenschutz.besso@two-towers.eu or by mail at Two Towers Consulting GmbH & Co. KG, Kaiser-Wilhelm-Ring 27-29, 50672 Koeln, Germany. Should you wish to contact the data protection officer using encrypted communication feel free to first request the S/MIME key from the e-mail address given.

2 DATA PROCESSING ACTIVITIES

2.1 Visiting our website

When visiting our website, we will record some basic connection data sent by your browser to our server for technical reasons. This information is necessary to display the website properly, to provide a stable connection and to protect ourselves against abuse of and damages through compromise of our IT-systems (cyber-crime). This basic connection data comprises

  • IP address
  • Time and data with time zone difference to UTC (coordinated universal time)
  • Type of browser, browser version and browser language
  • Operating system
  • Internet Service Provider (ISP)
  • Volume of transferred data
  • Referrer (the internet site which sent you to us)
  • The sub pages you visit on our website

The legal basis for processing of this data is Article 6 (1) lit f GDPR. We have a legitimate interest to make our website available for its users and to make it secure in order to prevent damages to the company. 

Cookies

We use cookies on our website. Cookies are small text files that are placed on your computer by websites that you visit. Cookies cannot execute any programs or carry malware. Cookies enable us to glean information on the use of our website and to make our website more efficient and user-friendly.

On this website, we use transient cookies only. Transient cookies are deleted automatically once you close your browser. The most common form of transient cookies are session-cookies. Session-cookies store a session-ID enabling our website to attribute different actions performed by your browser to the same session. This enables our server to recognize your browser when you return to our website. However, session-cookies are automatically deleted once your close your browser or you log out of an account.

For other cookies whose use requires your consent, please see below under “Google Analytics” and “Google Maps”.

You can delete cookies at any time using the respective setting in your browser. You can also configure your browser settings in a way that no cookies can be stored. If you deactivate cookies in general, some functions of our website might become unavailable to you.

The legal basis for the use of cookies is our legitimate interest pursuant to Article 6 (1) lit f GDPR. We have a legitimate interest to optimize our website for its users as part of our customer service.

Google Analytics

If you have consented to the use of Google Analytics via the cookie banner, Google Analytics 4 is used on this website. Google Analytics is a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that enable an data traffic analysis for our website. This data helps us to improve our service for you, e.g. with regard to the content of our website. The data collected by means of the cookies about your use of this website is typically transmitted to and stored on a Google-server in the USA.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

• Page views
• First visit to the website
• Start of session
• Your "click path", interaction with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• clicks on external links
• internal search queries
• interaction with videos
• file downloads
• seen / clicked ads
• language setting
• your approximate location (region)
• your IP address (in shortened form)
• technical information about your browser and the devices you use (e.g. language setting, screen resolution)
• your internet service provider
• the referrer URL (via which website/advertising medium you came to this website)
Google will use this information on our behalf and on the basis of a contract for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing activities.

Where data is processed outside the EU/EEA, e.g. on Google servers in the USA, and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google can, therefore, not be ruled out. We would like to point out that, from a data protection perspective, the USA is currently considered a third country without adequate data protection regulations. This means that you do not have the same rights there as within the EU/EEA and you may have no legal remedies against access to your data by authorities.

The data sent by us and linked to cookies will be automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.

Consent withdrawal: You can withdraw your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing on the basis of the consent until the withdrawal remains unaffected:

Cookie Einstellungen ändern

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by

a. Not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to disable Google Analytics HERE.

For more information on Google Analytics terms of use and Google's privacy policy, see Privacy & Terms – Google

Google Maps

If you have consented to the use of Google Maps via the cookie banner, Google Maps, a map service of Google LLC, is used on this website. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

This allows us to show you interactive maps directly on the website and enables you to comfortably use the map function, navigate to and find our business premises more easily. We regard this as part of our visitor and customer service.

By using Google Maps, data is transmitted to Google and stored on Google servers. Through your visit to the website, Google receives the information that you have called up the corresponding sub-page of our website. We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or information on the deletion of the data collected. The data processing takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Google servers are located in data centers around the world. However, most servers are located in America. For this reason, your data may also be stored in the USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. We would like to point out that from a data protection perspective, the USA is currently considered a third country without adequate data protection regulations. This means that you do not have the same rights there as within the EU/EEA and, if applicable, you have no legal remedies against access to your data by authorities.

For more information on the purpose and scope of data collection and processing, please refer to Google's privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: Privacy & Terms – Google

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.

2.2 Contacting us

You can get in touch with us by mail, e-mail, the website’s contact form or by telephone.

Contact via contact form

When you send us enquiries via the contact form on this website, your details from the enquiry form, including the contact data you provide, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The data entered in the contact form is processed either to prepare contractual measures in accordance with Art. 6 Para. 1 lit. b DSGVO or on the basis of our legitimate interest in responding to the enquiry (Art. 6 Para. 1 lit. f DSGVO).
The data entered by you in the contact form will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored ceases to apply (e.g. after your enquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Contact by e-mail or telephone

If you contact us without using the contact form provided, i.e. by calling us or writing an e-mail, the personal data you provide in the course of this contact will be processed to answer your request. The same conditions apply as for contacting us via the contact form. The legal basis is either to prepare contractual measures in accordance with Art. 6 Para. 1 lit. b DSGVO or our legitimate interest according to Art. 6 Para. 1 lit. f DSGVO. Our legitimate interest is to be able to comply with your request for contact and to respond to any queries.

2.3 Direct marketing

It is possible that we collect and process publicly available data for the purpose of advertising our products and services, such as the names and business addresses of managing directors or department heads, in order to send them information about our products and services by post. In doing so, we only process the personal data of those persons whom we assume have a particular interest in our products and services due to their position in the company or the industry.
The legal basis is our legitimate interest according to Art. 6 Para. 1 lit. f DSGVO. The legitimate interest is to publicize and advertise our company and its products and services as part of business development measures to persons whose activity profile suggests an interest in them.
Objection: If you do not wish to receive advertising from us, you can object to the further use of your data for advertising purposes at any time by using the contact details provided above.

 

2.4 Job applications

If you apply for an open position at BGIB or if you make a speculative application, we will process your data to carry out our recruitment procedures.
Should we hire you, we will store your application data to fulfil the employment contract requirements. Should we not hire you, we will delete your data after three months following our rejection letter, as long as no other legitimate interests are affected or unless you have consented to longer storage.

Legal basis for the processing of application data is in particular Section 26 (1) BDSG (Federal Data Protection Act).

2.5 Data transfer to third parties

We may share personal data with generally EU-based third parties, namely the insurers whose insurance we broker, co-brokers or service providers. We also share personal data with our affiliates (primarily our parent company Besso Group Insurance Limited, which is part of the UK-based Ardonagh Group), or business partners (e.g., co-brokers) or with public authorities (primarily the Federal Aviation Authority and, where applicable, foreign equivalents).

Your data will usually only be processed within the European Union and countries within the European Economic Area (EEA). As we are part of a UK group of companies, data may also be transferred to the UK, which has been determined by the European Commission to have an adequate level of data protection. Where a country to which we transfer your data has not been determined by the European Commission to have an adequate level of data protection, we ensure that appropriate assurances to protect your information are in place, e.g. so-called EU standard contractual clauses.

We will only transfer your personal data to third parties, if at least one of the following applies:
• You have given your explicit consent pursuant to Article 6(1) lit a GDPR.
• The transfer is necessary to perform a contract with you pursuant to Article 6(1) lit b GDPR.
• There is a legal obligation to forward the data pursuant to Article 6(1) lit c GDPR.
• The transfer is justified pursuant to Article 6(1) lit f GDPR to preserve our legitimate interests and there is no reason to assume that our legitimate interest is overridden by your interests which require protection of your personal data.

2.6 Retention periods

We will delete your personal data stored on our systems once we no longer require them for the purposes for which we have processed them. We will store the data for longer periods only, if we have your explicit consent or if there is a legal obligation to store such data, e.g. from the German Tax Code. To the extent the latter applies, we will restrict the processing of your data until the mandatory retention periods have expired.

3 Security of processing

In order to meet the requirements of Article 32 GDPR and thus achieve a level of protection appropriate to the risk, we maintain technical and organisational measures to ensure data security, in particular to protect your personal data from the risks presented in data transmission, unauthorised access or destruction. These will be adapted to the state of the art.

Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content. You can recognize such encryption by "https" instead of "http" at the beginning of the URL and by the lock icon next to it.

4 YOUR RIGHTS

The GDPR defines a number of rights listed below that you have when interacting with us or any other company processing your data. Below we have outlined these for your information:
• Access: You have right to access personal information which BGIB holds about you, free of charge.

• Rectification: You have a right to request us to correct your personal information where it is inaccurate or out of date.

• Erasure/“to be forgotten“: You have the right to have your personal information erased, unless there are conflicting legal reasons.

• Restriction: You have the right to restrict the processing of your personal information, unless there are conflicting legal reasons.

• Data portability: You have the right to data portability, which requires us to provide personal information to you or directly to another controller in a commonly used, machine readable format.

• Objection: You have the right to object the processing of your personal information. Where you have given your consent to processing your personal data, you may withdraw this consent at any time.

• Complaint: You have the right to complain to the responsible data protection supervisory authority, in our case the Hamburg Commissioner for Data Protection and Freedom of Information, about the processing of your personal data by BGIB.

5 VALIDITY AND CHANGES
This data protection notice is up to date and was published on 11th January 2023

We reserve the right to amend this privacy notice in case our website or services or the relevant laws change. You may access and print the current version of our data protection notice at any time on our website under https://www.bgib.com/privacy-policy.html.