Mesterheide Rockel Hirz Trowe AG Holding is pleased to welcome you to its website. The protection of your personal data when collected, processed and used is important to us. Below we specify which personal data we collect and use during your visit.
1. The name and contact details of the controller
Mesterheide Rockel Hirz Trowe AG Holding
60594 Frankfurt am Main
1.1 Name of the company data protection officer
You can reach our external data protection officer, Mr Oliver Maisel, at the address cited above or at the email address firstname.lastname@example.org
2. Processing of personal data, legal bases and purposes of use
a) When visiting the website
When you call up our MRH Trowe website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention and stored until automated erasure:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- The browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.
The data cited will be processed by us for the following purposes:
- To ensure a smooth connection of the website,
- To ensure convenient use of our website,
- Evaluation of system safety and stability, as well as
- for other administrative purposes.
The legal basis for the data processing is Article 6(1)(1)(f) GDPR. Our legitimate interest arises from the purposes listed above for the collection of data. Under no circumstances do we use the collected data for the purpose of drawing conclusions about you as an individual.
b) When registering for our newsletter
If you have expressly given your consent in accordance with Article 6(1)(1)(a) GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, it suffices to provide us with an email address.
You can unsubscribe at any time, for example, via a link at the end of each newsletter. Alternatively, you can also unsubscribe at any time by sending an email in this regard to email@example.com.
c) When using our contact form
If you have any questions, you have the possibility of contacting us via a form provided on the website. In this regard specification of a valid email address is required so that we know from whom the inquiry originated and so that we can respond to it. Additional information can be provided voluntarily.
Data processing for the purpose of contacting us is executed in accordance with Article 6(1)(1)(a) GDPR on the basis of your voluntary consent.
The personal data collected by us for use of the contact form will be automatically deleted after the completion of your request.
3. Disclosure of data
- Your personal data will not be transferred to third parties for purposes other than the purposes listed below.
We will only pass on your personal data to third parties if:
- You have given your express consent in accordance with Article 6(1)(1)(b) GDPR, the passing on in accordance with Article 6(1)(1)(b) GDPR is necessary for fulfilment of a contract with you or for implementation of pre-contractual measures that occur at your request.
- this is necessary in accordance with Article 6(1)(1)(c) GDPR to fulfil a legal obligation, to which the controller is subject
- this is necessary in accordance with Article 6(1)(1)(f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-dissemination of your data.
Information is stored in the cookie, which arises in each case in conjunction with the end device that is specifically used. This does not mean, however, that we obtain immediate knowledge of your identity.
In addition, we also use temporary cookies to optimise user-friendliness; these temporary cookies are stored on your end device for a specified period of time. If you visit our website again to make use of our services, we automatically recognize that you have already visited us and we identify what inputs and settings you have made so that you do not have to re-enter these inputs and settings.
The data processed by cookies are necessary for the purposes cited, in order to safeguard our legitimate interests and the legitimate interests of third parties in accordance with Article 6(1)(1)(f) GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that cookies will not be stored on your computer or so that a message always appears before a new cookie is created. However, if you disable cookies completely, you may not be able to use all the functions of our website.
According to your settings, we’ll use these cookies. [Customize settings]
|__cfduid||Third Party Cookie||.cloudflare.com||https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do-||A cookie, associated with pages, that use Cloudflare as a service, to optimize page loading times. It won’t use any user-identification data.|
|First Party Cookie||.mrh-trowe.com||Save cookie banner settings.|
|_ga||Third Party Cookie||.mrh-trowe.com||https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage|
|Used to differenciate between users. Storage period: 2 years.|
|Third Party Cookie||.mrh-trowe.com||https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage|
|Used to throttle the request rate. Storage period: 1 minute.|
|_gid||Third Party Cookie||.mrh-trowe.com||https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage|
|Used to differenciate between users. Storage period: 24 hours.|
|1P_JAR, CONSENT, NID||Third Party Cookie||.google.com||https://policies.google.com/?hl=de||Used to save Google user settings – e. g. language, font size, SafeSearch filter etc.|
|et_oip||Third Party Cookie||.etracker.com||https://www.etracker.com/docs/integration-setup/einstellungen-accounts/etracker-cookies/verwendete-cookies-zaehlung/||eTracker feature “Signalize” is not used, so the cookie is set with the value “no” and a term of 30 days. No data is collected or sent.|
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are executed on the basis of Article 6(1)(1)(f) GDPR. With the tracking measures employed, we want to ensure that our website is designed in-line with demand, and that it can be continually optimised. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate this use for the purpose of optimising our offering for you. These interests must be deemed as legitimate according to the provision cited above.
The data processing purposes and data categories are provided in the respective tracking tools.
This website uses the analysis service etracker. The provider of this service is the etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
etracker allows us to analyze the behavior patterns of our website visitors. For this purpose, etracker, among other things, records your abridged IP-address, geographic information (does not exceed details such as the city level), log files and other information your browser transfers to our webserver when you access the website. As a result, we are able to measure the website interactions, such as the length of the visit, conversions (e.g., registrations, purchase orders), scroll events, clicks and page access by the website visitor. These interactions are allocated to the website visitor for the duration of the current day, so that the data can be recognized during follow-up visits. Once the day has ended, visitor recognition is no longer possible.
No cookies will be stored in your browser in the absence of your consent. Moreover, no information is read in the archive of your device. Using this analysis tools without cookies occurs on the basis of Art. 6(1)(f) GDPR. The website operator has legitimate interest in the analysis of user patterns so that the operator can optimize the web portfolio and the ads. The rights and principal liberties of the data subject are protected. During the analysis with etracker, the IP address is anonymized as soon as possible, and the recognition of visitors is possible only for the duration of the current day.
If your respective consent has been obtained, processing will occur exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
You have the option to deactivate etracker here:
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Our website provides the option of subscribing to our newsletter.
If you subscribe to receive our newsletter, and therefore consent to it being sent to you, your details are solely used in order to send you the newsletter and analyse your use of the email newsletter. You can withdraw this consent at any time. The relevant link is included in each copy of our newsletter. We will make a note of the fact that you have unsubscribed from the newsletter in our database.
7. Our Social Media Pages
Privacy information when you use one of our social media sites.
The protection of your privacy when processing personal data is important to us. We process personal data transmitted to us, which is collected during your visit to our respective social media page, confidentially and only in accordance with the statutory provisions.
Responsible for the processing of your data via our social media site is the respective operator of the social media site together with us. As far as the processing of these data takes place within our area of responsibility, we are available to you in all questions concerning data protection and the exercise of your rights in accordance with the information in this data protection information.
Data processing by the Social Media Service
The social media service processes your personal data as soon as you use our respective social media site. Processing is linked, for example, to the following usage processes:
- View a page or post or video from a page
- Subscribe or unsubscribe to a page
- Mark a page or post with “I like” or “I don’t like anymore” or similar functions
- Recommend a page in a post or comment
- Comment on, share or respond to a page post (including the type of response)
- Hide a page contribution or report as spam
- From another site, click on the social media provider or from a Web page outside the social media provider on a link that leads to the page.
- Move the mouse over the name or profile picture of a page to see a preview of the page contents.
- Use functions of the social media provider, such as the website, phone number, “plan route” button or any other button on a page.
- The information whether the login is made via a computer or a mobile device.
You can find out which personal data is collected by the social media provider, how it is processed and which data protection rights you have vis-à-vis the social media provider in the following data protection guidelines of the social media provider. We have no influence on the data processing by the social media provider following the survey.
Data processing by us
On the website provided by us via the social media provider, the social media provider grants us access to the following data categories:
- The social media provider grants us access to statistical analyses that provide information about the use of our social media website. The analyses visible to us do not allow us to individually analyze the usage behavior of individuals. We can only view aggregated data (such as number of hits, likes, followers, region of origin, age group, gender, etc.) that tells us about our audience and the use of our social media site. The data of the respective user on which the analyses are based are not transmitted to us.
- We can set the target group to be reached for the social media website or for individual published articles. The setting is based on general parameters (e.g. age group, language, region, interests) that can be used to align our content with specific groups. It is not possible for us to address or identify individual persons on the basis of the data provided to us by the social media provider.
- If you contact us directly via the social media provider or interact with us in any other way and consciously transmit personal data (e.g. direct networking with our social media website), we store and process this personal data for the purposes for which you transmitted it to us.
- We process this data exclusively for the purpose of making content on our social media website known to the target group and to better understand and optimise the use of our social media website.
In addition, we cannot influence the data processing (for the provision of this data upstream) by the social media provider.
Which personal data is collected from the respective social media provider in detail, how these are processed and which data protection rights you have vis-à-vis the respective social media provider, please refer to the following data protection guidelines of the respective social media provider:
Our website uses a rating seal of the page provenexpert.com operated by the company Expert Systems AG.
The site is run by Expert Systems AG, Quedlinburger Strasse 1, 10589 Berlin.
If you visit one of our sites equipped with a ProvenExpert plug-in, a connection to the servers of Expert Systems AG will be established. The ProvenExpert server will be informed which of our sites you have visited.
We do not conduct separate reviews of reviews to ensure that the reviews shown actually come from consumers.
We use “hCaptcha” (hereinafter referred to as “hCaptcha“) on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter referred to as “IMI”).
hCaptcha is being used to determine whether the entry of data into this website (e.g., into a contact form) is being processed by a person or an automated program. For this purpose, hCaptcha analyzes the behavior patterns of website visitors on the basis of several characteristics.
This analysis begins automatically as soon as the website visitor enters a website with the activated hCaptcha feature. For the analysis, hCaptcha uses a wide range of information (e.g., the IP address, time spent on the website or mouse actions taken by the user). The data recorded during this analysis is forwarded to IMI. If hCaptcha is used in the “invisible mode,” the analyses are completely conducted in the background. Website visitors are not alerted to the performance of an analysis.
The storage and analysis of the data occurs on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting the operator’s web presentations against abusive automatic spying and SPAM. In the event that respective consent has been obtained, the data will be processed exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, if the consent comprises the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in the TTDSG (German Telecommunications Act). Such consent may be revoked at any time.
The processing of data is based on Standard Contract Clauses, included in the Data Processing Supplement to the General Terms and Conditions of IMI or in the data processing agreements.
10. rexx systems GmbH
The site is run by rexx systems GmbH Headquarters, Süderstrasse 75-79, 20097 Hamburg.
11. Rights of the affected person (data subject)
You have the right:
- to request information concerning your personal data that is processed by us in accordance with Article 15 GDPR. In particular, you may request information concerning the purposes of the processing, the category of personal data, the categories of recipients, to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right to rectification, erasure, to restrict processing or right to object, the existence of a right to appeal, the origin of your data if it has not been collected by us, as well information concerning the existence of an automated decision-making process, including profiling and, if applicable, meaningful information concerning the details in this regard;
- in accordance with Article 16 GDPR to immediately request the rectification of incorrect or incomplete personal data stored by us;
- to demand the erasure of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for assertion, exercise or defence of legal claims;
- to demand the restriction of the processing of your personal data in accordance with Article 18 GDPR, if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you need it for assertion, exercise or defence of legal claims, or if you have objected to the processing in accordance with Article 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another controller;
- in accordance with Article 7(3) GDPR to revoke your consent that you have granted to us, at any time. This results in the situation that we are no longer allowed to continue the data processing based on this consent for the future, and
- to appeal to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority responsible for your usual place of residence or workplace or for our registered office.
12. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Article 6(1)(1)(f) GDPR, you have the right, in accordance with Article 21 GDPR, to object to the processing of your personal data if there are reasons for doing so that arise from your particular situation or if the objection is against direct advertising. In the latter case, you have a general right to object; we will implement your objection without specification of a special situation being required on our part.
If you want to exercise your right to revoke or right to object, an email to firstname.lastname@example.org suffices.
13. Data security
We use the common TLS (Transport Layer Security)/SSL (Secure Socket Layer) method in conjunction with the highest level of encryption that is supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, then we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the representation of closed key or lock symbol in the lower status bar of your browser.
We also employ suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Data privacy information concerning the obligation to provide information
The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR)
With these notices we are informing you concerning the processing of your personal data by Mesterheide Rockel Hirz Trowe AG Holding
The GDPR governs the information obligations of the controller relative to the data subject, depending on whether personal data are collected from the data subject (direct collection, Article 13 GDPR) or from third parties (third-party collection, Article 14 GDPR).
We process your personal data exclusively within the framework of the statutory regulations. This includes the following categories of personal data:
Master data (e.g. last name, first name, address), contract data (e.g. customer number, insurance number), billing data, bank data, as well as comparable data.
1. Party responsible (controller) for data processing
Mesterheide Rockel Hirz Trowe AG Holding
60594 Frankfurt am Main
You can reach our data protection officer by post or email:
2. Purposes and legal bases of the data processing
2.1 Data processing for the purpose of contract initiation and contract execution (Article 6(1)(b) GDPR)
Processing of the data is necessary for contract initiation, execution and the billing of your contract.
2.2 Data processing based on your consent (Article 6(1)(a) GDPR)
If we have obtained your consent to the processing of personal data for specific purposes (e.g. to pass on data within the Group), the processing on this basis is lawful. A consent granted can be revoked at any time. This also applies to the revocation of declarations of consent that you granted to us before the GDPR went into effect on 25 May 2018. The revocation of consent occurs for the future and does not affect the legality of the data processed until the revocation.
2.3 Data processing for legitimate reasons (Article 6(1)(f) GDPR)
We process your data in a permissible manner to protect our legitimate interests. This also includes the use of your personal data in order to
- Provide you with product information on various insurance products
- To implement measures for the improvement and development of services and products, in order to offer you a customer-specific approach with tailored offerings and products
- To carry out market and opinion research or to have such research carried out by market and opinion research institutes. This gives us an overview of the transparency and quality of our products, services and communication and enables us to align and shape these offerings in the interests of our customers
- In consultation and data exchange with credit agencies (e.g. Schufa, Creditreform) to determine creditworthiness and default risks, in particular if the prerequisites of § 31 of the Federal Data Protection act (BDSG) are met
- To assert legal claims and for defence in legal disputes
- To investigate or prevent criminal offences (e.g. electricity theft)
- Execute address determination (for example, in the case of relocations)
- Use your data anonymously for analysis purposes
Should we desire to process your personal data for a purpose not cited above, we will inform you of this beforehand within the framework of the statutory provisions.
2.4 Data processing based on legal requirements (Article 6(1)(c) GDPR) or in the public interest (Article 6(1)(e) GDPR)
As a company we are subject to various legal obligations (e.g. insurance law, tax laws, commercial code) that make it necessary to process your data in order to comply with the law.
3. Categories of recipients of personal data
Within our company, those departments that need your data for fulfilment of the purposes cited above have access to your data (in this regard see Purpose and legal basis of the processing of personal data). This also applies to service providers and vicarious agents that we employ. We only transmit personal data to third parties if this is necessary for the purposes cited above or if you have given your prior consent.
For example, recipients of personal data can be: Brokers, print service providers, call centres, analysis specialists, credit agencies.
A data transmission, in particular by way of administrative access to entities or states outside the European Union (third country transmission), is possible on the basis of the purposes and legal grounds cited. Access to data in these cases also only occurs, if either an adequacy decision on the part of the Commission exists for the respective country, if we have agreed with the service providers on the standard contractual clauses provided by the EU Commission for these cases, or if the respective company has established its own internal binding data protection regulations that have been recognised by the supervisory data protection authorities. (https://ec.europa.eu/info/law/law-to-pic/data-protection_en).
4. Duration of data storage
We store your personal data for the purposes cited above. Your data will be processed for the first time, starting from the time of collection if you or a third party provides us with your data. We will delete your personal data when the contractual relationship with you has ended, all mutual claims have been met and there are no other statutory retention obligations or legal justifications for the storage. These include, among other things, retention obligations stipulated in the German Commercial Code (HGB) and the German Tax Code (AO). This means that we will delete your personal data at the latest after the legal retention obligations expire; as rule this is 10 years after the end of the contract.
5. Rights of the affected person (data subject)
At the above address you can demand information, Article 15 GDPR, concerning the personal data stored concerning yourself. In addition, you may, subject to the provisions of the GDPR, request the rectification, Article 16 GDPR, the erasure, Article 17 GDPR and the restriction of processing, Article 18 GDPR, of your data. You have the right to have the data you have provided issued to you in a structured, common and machine-readable format. The rights may be subject to the restrictions of both legal and operational interests – in which case information will be made available to you on the basis of your rights to information.
5.1 Right to object
If we process data to safeguard our legitimate interests (see 2.3 Processing data for legitimate interests), you have the right to object to this processing at any time for reasons arising from your particular situation. This also includes the right to object to processing for advertising purposes.
5.2 Right to revoke if consent has been granted
A consent that has been granted can be revoked at any time (see 2.2 Data processing based on your consent).
6. Provision of personal data
Within the framework of our business relationship, you must provide us with the personal data that is required for the establishment and execution of the business relationship and fulfilment of the associated contractual obligations, or that we are legally obligated to collect. Without this data we cannot enter into the contract.
7. Automated decision-making
There is no automated decision-making, including profiling, for the purpose of establishing and implementing this contract.
8. Data sources
We process personal data that we receive from our customers within the framework of our business relationship. We also process personal data that we are permitted to obtain from publicly accessible sources, such as debtor registers, land registers, trade registers and association registers, the press and the Internet. We also use personal data that we are permitted to obtain from companies within our group or from third parties, e.g. credit agencies.
9. Revision clause