Home>Data protection

Data protection

Data protection declaration of the BGI Bertil Grimme AG Insurance Brokers Zweigniederlassung (Hamburg) (hereinafter BGI)

The requirements of the EU General Data Protection Regulation (hereinafter GDPR) apply across Europe. We would like to inform you about the processing of personal data carried out by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this data protection declaration, you can send them to the email address given in section 2 or 3 at any time.

In this data protection declaration, the masculine form of nouns is used, even if there is a feminine form for this, a discrimination is not associated with this, but takes place exclusively on the basis of linguistic requirements.

  1. overview

In this section of the data protection declaration you will find information on the scope, the person responsible for data processing, his data protection officer and data security.

1. Scope

The data processing by the BGI can essentially be divided into two categories:

– For the purpose of customer service, all data required for the implementation of customer service are processed by BGI. If external service providers are also involved in the processing of the contract, e.g. in inventory management or claims processing, your data will be passed on to them to the extent required.

– When you access the BGI website / application, various information is exchanged between your device and our server. This can also be personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your device.

This data protection declaration applies to the following offers:

– our online offer is available at http://bgi.ag

– Whenever a reference is made to this data protection declaration from one of our offers (e.g. websites, subdomains, mobile applications, web services or integration in third-party sites), regardless of how you access or use it.

All of these offers are collectively referred to as “services”.

2. Responsible

The person responsible for data processing – i.e. the person who decides on the purposes and means of processing personal data – is in connection with the services

BGI Bertil Grimme AG Insurance Brokers (Hamburg branch)

represented by Mr. Georg Hardegger

Gänsemarkt 35

20354 Hamburg

Phone: +49 (40) 3808786-0

Fax: +49(40) 3808786-85

Email: hamburg@bgi.ag

3. Data protection officer

You can contact our data protection officer as follows:

Contact form:

Mr. Gerd Bielfeldt

BGI Bertil Grimme AG Insurance Brokers (Hamburg branch)

Gänsemarkt 35

Phone: +49 (40) 3808786-15

Email: datenschutz@bgi.ag

4. Data security

In order to develop the measures required in Art. 32 GDPR and thus to achieve a level of protection appropriate to the risk, we have established an information security management system in our company.

II. The data processing in detail

In this section of the data protection declaration, we will inform you in detail about the processing of personal data in the context of our services. For the sake of clarity, we have broken down this information according to certain functionalities of our services. With the normal use of the services, different functionalities and thus also different processing can come into effect one after the other or at the same time.

1. General information on data processing

Unless otherwise stated, the following applies to all processing operations shown below:

a. No obligation to provide

There is neither a contractual nor a legal obligation to provide personal data. You are not obliged to provide data.

b. Consequences of failure to provide

If data is required, failure to provide it means that the service in question cannot be provided.

c. consent

In various cases it will be necessary for you to give us your consent to further processing (possibly for part of the data) in connection with the processing described below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes that we pursue with this processing.

d. Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legally regulated admissibility requirements. The admissibility requirements are regulated by Art. 44 -49 GDPR.

e. Hosting with external service providers

Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection with the help of the EU standard data protection clauses.

f. Transmission to state authorities

We transmit personal data to state authorities (including law enforcement authorities) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 c) GDPR) or if it is necessary to assert, exercise or defend legal claims (Legal basis Art. 6 Para. 1 f) GDPR).

G. Storage period

We do not store your data longer than we need it for the respective processing purposes. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted; The retention requirements are usually for:

– the fulfillment of commercial and tax retention obligations; this is usually 7 years;

– the receipt of evidence for legal disputes within the framework of the statutory statute of limitations;

– In the case of personal data that we store as part of the accompaniment in claims processing, the statutory period is 10 years from the completion of claims processing.

It is also possible for us to store your data with us if you have given your express consent for this.

H. Data categories

Personal master data: title, first name, last name, date of birth

Address data: street, house number, if necessary additional address, zip code, city, country

Risk-relevant data: owner of the aircraft; Registration number of the aircraft; Sums insured;

Claims data: Claim date; Amount of damage; Information on the course of the damage;

Physical damage information

Contact details: Telephone number (s), fax number (s), email address (es)

Payment details: account details

Access data: date and time of your visit to our service; the page from which the accessing system came to our page; pages called up during use; Session identification data (Session ID); In addition, the following information from the accessing computer system: Internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

Personnel and application data: curriculum vitae, references, evidence, work samples, certificates, pictures, social security data, salary details.

2. Calling up the website

This describes how we process your personal data when you access our services. In particular, we would like to point out that the transmission of access data to external service providers (see under b.) Is inevitable due to the technical functioning of information transmission on the Internet.

a. Information on operating the website

Data category

Access data, such as the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Intended use

Establishing a connection, displaying the content of the service, detecting attacks on our site based on unusual activities, diagnosing errors

Legal basis

Art. 6 para. 1 lit. f, DSGVO

Legitimate interest, if applicable

Proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems

Storage period

7 days

b. Recipients of the personal data

Recipient category

BGI , IT security service provider; also in the context of remote maintenance

Affected data

all under 2. a. mentioned data, all under 2. a. mentioned data

Legal basis for the transfer

Art. 6 para. 1 lit. a. DSGVO

Order processing (Art. 6 Para. 1 lit. a.I.V.m. 28 GDPR)

Legitimate interest, if applicable

Proper functioning of the services, (accelerated) presentation of the content

Prevention of attacks by exploiting security gaps / weak points

3. Execution of the collection

We describe here what happens to your personal data in connection with the collection of insurance premiums. We expressly point out that due to legal requirements in the event of non-payment of the initial or subsequent premium for certain contracts, we are obliged to transmit data to the respective insurance company.

a. Processing information

Data category

Name / address of the policyholder

Policy number Bank details

Intended use

Collections of the premium

Legal basis for the transfer

Art. 6 para. 1 lit. a. DSGVO

Storage period

7 years after termination of the contract.

b. Recipients of the personal data

Recipient category

BGI

Transmission to the respective insurance company (risk carrier)

Co-insurance broker

Contract data processors such as lawyers and software providers

Affected data

all under 3a. mentioned data

Legal basis for the transfer

Art. 6 para. 1. lit.b. i.V.m. 28 DSGVO

4. Distribution of services

You can find out here how we process personal data as soon as you request offers for insurance cover from us:

a. Processing information

Data category

E-mail address; Contact details; risk-relevant

Information, information on insurance coverage

Intended use

Risk-adequate preparation of offers

Legal basis for the transfer

Art. 6 para. 1. lit.b. i.V.m. DSGVO

Legitimate interest, if applicable

Required for the preparation of the offer

Storage period

1 year

b. Recipients of the personal data

Recipient category

Management and clerk at BGI

Insurance companies and co-insurance brokers

Contract data processor

Affected data

all under 4.a. mentioned data

Legal basis for the transfer

Art. 6 para. 1 lit. a. and b. DSGVO

Art. 28 GDPR; Art. 6 para. 1 lit. a. DSGVO

5. Accompanying the handling of claims

The way in which we accompany the processing of claims and how we deal with the processing of personal data is described here:

a. Processing information

Data category

Contact details; data relevant to risk and damage, bank data; Health data (damage-related injuries)

Intended use

Fulfillment of the contract

Carrying out proper claims processing

Legal basis

Art. 6 para. 1 lit. b

DSGVO

Art. 9 para. 2 DSGVO

Storage period

During the settlement of the claim and 10 years after the settlement of the claim.

Due to legal obligations, a longer storage period can also be considered. ten years

b. Recipients of the personal data

Recipient category

Management and clerk at BGI;

Insurers, data processors, experts, external lawyers

Affected data

all under 5. a. mentioned data

Legal basis for the transfer

Art. 6 para. 1 lit. a. DSGVO

Order processing Art. 6 para. 1 lit. a. in conjunction with Art. 9

Paragraph 2 a. u. f., Art. 28 GDPR

6. Implementation of payroll accounting and management of personnel files

As an employee of BGI, you can find out here how we process personal data:

a. Processing information

Data category

Names, address details; Account details; HR master data; Social security numbers; Certificates, qualifications; Health data.

Intended use

Proper management of personnel files; Payment of social security contributions

Legal basis

Art. 6 para. 1 lit. b); GDPR; Art 9 para. 2 lit. a. DSGVO

Storage period

7 years after termination of the employment contract

b. Recipients of the personal data

Recipient category

Management of BGI and clerk

Contract data processors

Affected data

all under 6. a. mentioned data

Legal basis for the transfer

Art. 6 para. 1 lit.a DSGVO

Order processing (Art. 28 GDPR)

Legitimate interest, if applicable

7 years after termination of employment

7. Contact management

If you are interested in our products and contact us or are already a customer, and we support you in your insurance matters, you can see here how we handle the processing of personal data. The contact details are transmitted via SSL encryption.

a. Processing information

Data category

Contact details and risk-relevant information as a prospect

Contact details and risk-relevant information as a customer of BGI

Intended use

Risk-based preparation of offers

Fulfillment of the contract

Legal basis

Art. 6 para. 1 lit. a.+ b. DSGVO

Legitimate interest, if applicable

Preparation of offers upon request by the interested party

Storage period

1 year after contact

For the duration of the contractual relationship up to 7 years after termination of the contract

b. Recipients of the personal data

Recipient category

BGI

Contract data processors

Affected data

all under 7. a. mentioned data

Legal basis for the transfer

Art. 6 para. 1 lit. a. DSGVO

Art. 6 para. 1 lit. a. i. V. m. Art. 28 GDPR

8. Complaint Management

In the event that you are not satisfied with the way BGI provides customer support, you can of course file a complaint. You can read here how we handle the processing of personal data in the context of this complaint:

a. Processing information

Data category

E-mail address; Contact details and risk-related information

Intended use

Examination of the complaint

Legal basis

Art. 6 para. 1 lit. a. +

f. DSGVO

Legitimate interest, if applicable

Customer-related image maintenance

Storage period

Duration of the processing of the reason for the complaint

b. Recipients of the personal data

Recipient category

Management and clerk at BGI

Affected data

all under 9. a. mentioned data

Legal basis for the transfer

Art. 6 para. 1 lit. a. DSGVO

9. Application

In an ongoing application process, we process your personal data in the following way:

a. Processing information

Data category

Address data, contact details; Personal master data

Application data

Intended use

Identification, contact, communication to initiate a contract

Applicant selection

Legal basis

Art. 6 para. 1 lit. a. + b DSGVO

Storage period

6 months

b. Recipients of personal data

Recipient category

Management, HR department of BGI

Affected data

all under 10. a. mentioned data

Legal basis for the transfer

Art. 6 para. 1 1b) DSGVO

III. Use of cookies and tracking

1. Cookies

This website fulfills the obligation to indicate the use of cookies. By using cookies, websites can be made user-friendly, effective and safer. Text files with information points based on user activities are temporarily stored in the user’s browser. Visiting preferences and website settings can thus be defined and saved. The stored cookies can be viewed and managed for each website:

Browser type Change of settings

Chrome: Click on the lock (for SSL-certified sites) or the information symbol (i) at the top next to the address line. Select [Zahl] are used.

Firefox: Click the icon in the top left next to the web address. Follow the click box to the right and select “More information”. The cookie management is located under “Data protection & history”

Internet Explorer: Select the “Tools” “Internet Options” button behind the cogwheel symbol. Click the “Privacy” tab. Under Settings you will find the item “Advanced” with the management options for cookies.

By storing cookies, you enable the content and structure of this website to be adapted to individual visitor needs. Website settings are saved for a limited period of time and retrieved when you visit again. With the application of the GDPR 2018, webmasters are obliged to follow the basic regulation published at https://eu-datenschutz.org/ and to inform their users accordingly about the collection and evaluation of data. The lawfulness of the processing is justified in Chapter 2, Article 6 of the GDPR.

2. Tracking

In the following, we describe how your personal data is processed using tracking technologies to analyze and optimize our services and for advertising purposes.

The description of the tracking process also contains information on how you can prevent or object to data processing. Please note that the so-called “opt-out”, i.e. the rejection of processing, is usually saved via cookies. If you use our services via a new device or in a different browser, or if you have deleted the cookies set by your browser, you must declare your rejection again.

The tracking procedures shown process personal data only in pseudonymous form. A connection with a specific, identified natural person, i.e. a merging of the data with information about the bearer of the pseudonym, does not take place.

Tracking to analyze and optimize our services and their use as well as to measure the success of advertising campaigns and optimize the display of advertising

Purposes of processing

The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and to adapt them to the needs of the users as well as to correct errors. In addition, it is used to statistically determine key values about the use of our services (range, usage intensity, surfing behavior of users) – on the basis of uniform standard procedures – and thus to obtain values that are comparable across the market.

Tracking to measure the success of advertising campaigns is used to optimize our ads for the future and to enable marketers and advertisers to optimize their ads accordingly. Tracking to optimize the display of advertising has the purpose of showing users advertising tailored to their interests, increasing the success of the advertising and thus also the advertising revenue.

Legal basis for processing

For services that make the behavior of data subjects traceable on the Internet and for the creation of user profiles, it is an informed consent within the meaning of the d. GDPR required.

The tracking processes used in detail

Name of the service

Google Maps

functionality

Web analysis

Possibility to prevent processing (opt-out)

tools.google.com/ dlpage/gaoptout? hl=de)

Data transfer to third countries?

no

If you would like to opt out of interest-based advertising, you can also visit the website http://www.youronlinechoices.com/de/, click on “Preference Management” and follow the instructions to prevent the use of data for interest-based advertising to prevent the service providers listed there wholly or individually. You will still receive advertising that is not interest-based.

IV. Affected Rights

1. Right to object

If we process your personal data in order to operate direct mail, you have the right to object at any time with effect for the future to the processing of personal data concerning you for the purpose of such advertising.

You also have the right, for reasons that arise from your particular situation, at any time with effect for the future against the processing of personal data relating to you, which pursuant to Art. 6 Para. 1 letter e) or f) GDPR takes place, to file an objection.

You can exercise your right of objection free of charge.

You can contact us using the contact details given under I.2.

2. Right to information

You have the right to find out whether we are processing personal data concerning you, which personal data this may be, and to request further information in accordance with Art. 15 GDPR.

3. Right to rectification

You have the right to request us to correct any incorrect personal data concerning you without delay (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – including by means of a supplementary declaration.

4. Right to erasure (“right to be forgotten”)

You have the right to request that we delete personal data relating to you immediately, provided that one of the reasons listed in Art. 17 Para. 1 GDPR applies and the processing is not for one of the reasons listed in Art. 17 Para. 3 GDPR regulated purposes is required.

5. Right to restriction of processing

You are entitled to request a restriction in the processing of your personal data if one of the reasons listed in Art. 18 Para. 1 letters a) to d) GDPR is met.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from us or to have us transmit it directly, provided that this is technically possible. This should always apply if the basis for data processing is consent or a contract and the data is processed automatically. This does not apply to data that is only kept in paper form.

7. Right of withdrawal with consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. This does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

8. Right to complain

You have the right to lodge a complaint with a supervisory authority.

V. Glossary

Processor: A natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: The term “cookie” actually comes from the English vocabulary and can be translated into German as “biscuit” in its original meaning. In connection with the World Wide Web, on the other hand, a cookie describes a small text file that is stored locally on the user’s computer when a website is visited. This file stores data about the behavior of the user. If the browser is called up and the corresponding website is visited repeatedly, the cookie is used and uses the stored data to give the web server information about the user’s surfing behavior.

In this context, cookies are not about cookies, but about information that a website saves locally in a small text file on the visitor’s computer. This can involve settings on a page that the user has already made, but also information that the website has collected completely independently from the user. These locally stored text files can later be read out again by the same web server from which they were created. Most browsers accept cookies automatically. You can manage cookies using the browser functions (mostly under “Options” or “Settings”). This means that the storage of cookies can be deactivated, made dependent on your consent in individual cases, or otherwise restricted. You can also delete cookies at any time.

Third countries: Country that is not bound by the legal requirements of the EU data protection directive (country outside the EU)

Personal data: All information relating to an identified or identifiable natural person. A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Services: Our offers to which this data protection declaration applies (see scope).

Tracking: The collection of data and its evaluation with regard to the behavior of visitors to our services.

Tracking technologies: Tracking can take place both via the activity logs (log files) stored on our web servers and by collecting data from your device using pixels, cookies and similar tracking technologies.

Processing: Any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, Disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

Location & phone

BGI Bertil Grimme AG
Baarerstraße 112
CH-6300 Zug

phone +41 41 726 43 43
E-Mail: zug@bgi.ag

BGI Bertil Grimme AG
Hamburg branch
Gänsemarkt 35
20354 Hamburg

phone +49 40 380 87 86-0
E-Mail: hamburg@bgi.ag

GBJ Grimme Butcher Jones Ltd.
Boundary House
7-17 Jewry Street
GB-London EC3N 2EX
Great Britain

phone +44 207 264 0420
E-Mail: gbj@bgj-ltd.co.uk

BGI Bertil Grimme AG
c/o Accademia de Aviation International
Avenida Caracas No. 38-34
Bogota D.C.
Colombia

phone +57 (310) 300-2583
E-Mail: colombia@bgi.ag