TOP

Data Privacy

Gen Re is committed to conducting business in a compliant manner and takes data privacy seriously. When we receive personal data we take steps to handle the data in a responsible manner that is consistent with our core values and business objectives.

Handling Your Personal Data

Visitors to our website and users of our web-based services can find a detailed digital marketing privacy statement here.

Policyholders, insured persons, beneficiaries, claimants or applicants from the European Union can find our Reinsurance Privacy Notice (PN) pursuant to Art. 14 General Data Protection Regulation here.

Business Contacts, participants of Gen Re Business School’s further education and training program, and Job applicants can find our Privacy Notices pursuant to Art. 13 General Data Protection Regulation here.

Our Data Protection Officer

You can pose any question regarding data privacy, this Website or a claim you want to make according to this Statement or applicable data privacy laws by sending an email to Andrew Gifford.

Data Privacy Statement

Regional Privacy Policies: Chinese (Simplified)  |  Chinese (Traditional)  |  French  |  German  |  Italian  |  Japanese  |  Spanish

General Reinsurance Corporation (“Gen Re”, “us”, “our” or “we”) understands that visitors to our website (www.genre.com/de.genre.com) (“website”) are concerned about the privacy of personal information. We have established policies and procedures concerning the collection, processing and security of personal information that will help protect the privacy of our website users. Our information privacy standards are designed to help us serve our users while maintaining our own strict security standards, and are intended to comply with the applicable privacy and data protection laws where we do business. We want you to understand how and why we collect, use and disclose personal information about you on our website. This Data Privacy Statement (“Statement”) provides you with information concerning our practices and procedures as they relate specifically to information we collect on this Website.

This Website is operated by

General Reinsurance Corporation
120 Long Ridge Road, Stamford, Connecticut 06902, U.S.

This legal entity would be called the “data controller” or “controller” in some data protection laws.

Representative in the European Union

General Reinsurance AG
Theodor-Heuss-Ring 11, 50668 Cologne, Germany

Our Data Protection Officer

You can send us your questions regarding the collection and use of your personal data by us, or send us your request regarding your rights (see below).

by emailandrew.gifford@genre.com
by phone: +1 203 328 6171

In case you would like to contact our EU Data Protection Officer, please contact:

by email: DPO_EU@genre.com

Click here to see a listing of our Legal Entities

We process personal information of our website visitors (e.g. customers, prospective customers or users looking into our job section).

  • Contact data and content data as far as you submit such data actively through our website (e.g. by entering into web forms or subscribing to our newsletter).
  • Data requested by our webserver in order to deliver the website content (refer to section “Data We Collect Automatically” and “Data We Collect Optionally” for more details). 

In the following, you will find an overview of the legal basis on which we process your personal data. Please note that the wording we use (e.g. Performance of a contract) may vary slightly depending on the jurisdiction in which you reside. If you have any further questions on the legal bases on which we rely for our processing activities, feel free to contact us. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in this Statement or another applicable data protection statement.

  • Consent: The data subject has given consent to the processing of his or her personal data for one or more specific purposes, e.g. if you consent to the use of cookies on our website or if you subscribe to our newsletter.
  • Performance of a contract and prior requests: Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Compliance with a legal obligation: Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Permitted by law: When processing is permitted by applicable law.

Users of our website are not required to share data through the website that is deemed as sensitive by applicable data protection laws. Such data may include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If it is necessary to share such data through the website, you can reach out to your contact person in our company or feel free to contact DPO_EU@genre.com so that we can find a quick and safe way together.

We will collect personal information from visitors to this website, including automated data collected in server log files; personal data deliberately provided by the website user through web forms, subscription pages and similar means; and personal data collected through cookies, web beacons and similar technology as far as you consent to us using such technology while you are visiting our website.

When you use our website, we automatically collect your IP address, traffic source, search keywords, page views, visits, language (aggregate), location (aggregate), browser and operating systems (aggregate), network (aggregate), device (aggregate), as well as other connection data such as time and transferred data (collectively referred to as “automated data”). That data is necessary (for technical reasons) for the functionality of the website.

We use your IP address to guess the country you are residing in to deliver our website in the language we assume you are speaking. The data on your geolocation is sourced from the publicly available ICANN database.

We store and use this automated data in server log files for the reason of system integrity and security and in order to be able to investigate and prosecute infringements or abuse of our website and to cooperate with authorities involved (security and prosecution purposes). We also use this information in order to enhance our services and to provide you with a positive user experience (marketing and analytics purposes).

In order to pursue these purposes, we make accessible and share automated data with our IT security team, supervisory authorities and/or prosecution departments (for security and prosecution purposes).

We store the information required for security and prosecution purposes on a legitimate interest basis, for the period necessary to pursue the purposes outlined in this section, or as permitted by statutory laws.

We do not rely on our legitimate business interests (but obtain your prior consent), if they are overridden by your personal interests or fundamental rights and freedoms which require protection of personal data.

For some data processing activities that we can rely on our legitimate interests, we may utilise third-party service providers (as listed below in section “List of Third-Party Service Providers”) that provide sufficient technical and organisational measures to ensure an adequate level of data protection. 

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and usability.
  • Legal basis: Legitimate interests.

Apart from the data mentioned under section 4, which are necessarily collected, we would like to process additional data, e.g. in order to make the website more user-friendly, to use third-party plug-ins/providers (as listed below) or to statistically evaluate pseudonymised user data to know how we can improve the website in the future.

We will process only data covered by the use-cases described in the following subsections upon consent or if the processing is strictly necessary for us to provide our website. This consent can be given with our cookie management tool when visiting our website the first time. Clicking the button below will allow you to review how we use cookies, and depending on the local laws where you reside, update these preferences.

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (“third-party providers”). These may, for example, be graphics, videos or city maps (“content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents whose respective offerers use the IP address only for the distribution of the content.

Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact data (e.g. email, telephone numbers); content data (e.g. text input, photographs, videos).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online services and usability; provision of contractual services and customer support; profiles with user-related information (creating user profiles); marketing; feedback (e.g. collecting feedback via online form).
  • Legal basis: Legitimate interest.

We use marketing automation software, databases and other tools (the “tools”) to disseminate our marketing content, such as publications, blogs, event invitations and other information. Providers are HubSpot Inc., Cambridge, Massachusetts (“HubSpot”); Microsoft Corp., Redmond, Washington (“Microsoft”); and Greenvelope, LLC, Seattle, Washington (“Greenvelope”).

If you register for one of our offers via a web form, contact data such as name, email address, company name, address, and telephone number are collected and stored in one or more of the above mentioned tools.

HubSpot uses a cookie that is stored on the user’s computer to collect data. The following data is collected: information about the computer you use and your visit to our website, in particular your IP address, your location (aggregate), domain, initial timestamp, last timestamp, current timestamp and session number, the browser you use, referral source and the length of your visit to the website (Online Access Data). This information is stored on a server of HubSpot and synchronised to our customer relationship management system (Microsoft Dynamics) after obtaining prior consent where necessary.

We use the Online Access Data for statistical evaluations in order to ensure the smooth operation of our website and to continuously optimise it. Furthermore, we use the data to optimise our services, products and marketing measures.

  • Processed data types: Contact data (e.g. email, telephone numbers); content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
  • Legal basis: Consent.

On our website, you have the opportunity to pose questions or get in touch with us through web forms, ordering pages, subscribing to our blogs and e-newsletters or event alerts, or by registering for special services, such as receiving special publications.

We may collect, store and use your name, company name, email address, IP address, documents or files, content of your request or query and other personal information you provide with your submission for the purpose of getting in contact with you, responding to your request, answering your questions or providing information as requested.

We will also collect data about the content visitors access through this website, such as newsletters or articles visitors read or the information topics contained therein, or by sending information to a Gen Re email address provided on a Gen Re website. We will use this data to manage visitor subscriptions and to inform visitors about Gen Re services and information that may be of interest, unless visitors inform us that they no longer wish to receive any publications/promotional material from Gen Re.

  • Processed data types: Contact data (e.g. name, addresses, email, telephone numbers); content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners (recipients of emails, letters, etc.); users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); direct marketing (e.g. by email or post).
  • Legal basis: Consent; performance of a contract (in case you send us a message that is aimed at entering into a contract with us).
  • Opt-out/withdrawal of consent: You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the contact options listed above, preferably email.
  • Measurement of opening rates and click rates: The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from its server. Within the scope of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval points (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until the profiles are deleted. The evaluations serve us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of opening rates and click rates as well as the storage of the measurement results in the profiles of the users and their further processing are based on the consent of the users. A separate objection to the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled or objected to. In this case, the stored profile information will be deleted.

When you are contacting us (e.g. via contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the enquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

The response to the contact enquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the enquiries and maintaining user or business relationships.

  • Processed data types: Contact data (e.g. email, telephone numbers); content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners (recipients of emails, letters, etc.).
  • Purposes of processing: Contact requests and communication; managing and responding to inquiries; feedback (e.g. collecting feedback via online form); provision of our online services and usability; provision of contractual services and customer support.
  • Legal basis: Performance of a contract and prior requests; legitimate interests.

Further information on processing methods, procedures and services used:

  • Contact form: When users contact us via our contact form, email or other communication channels, we process the data provided to us in this context to process the communicated request. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships to the extent necessary for their fulfillment and otherwise on the basis of our legitimate interests as well as the interests of the communication partners in responding to the concerns and our legal archiving requirements.
  • Legal basis: Performance of a contract and prior requests; legitimate interests.

Some of our services and content of the website are reserved for “clients only” and require access to a closed membership area. We will use your registration data (name, company name, email address, phone number, password) for authentication purposes and store your registration data until you opt out from the services.

  • Processed data types: Registration data (name, company name, email address, phone number, password).
  • Data subjects: Clients.
  • Purposes of processing: Offer industry-specific knowledge and support customers with a professional database.
  • Legal basis: Performance of a contract.

The videos available on our website are offered via third-party video platforms. When a video is opened, the respective website is called up and data is transmitted to the provider.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times).
  • Data subjects: User of the website.
  • Purposes of processing: to provide industry-specific knowledge.
  • Legal basis: Legitimate interest.

We store our documentation on obtained consents for up to three years after unsubscribing based on our legitimate interests before deleting them to provide evidence that such prior consent has been given. Please note that under certain circumstances your email address may also be processed in other systems (e.g. in case of business relations, etc.). The processing of these data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of an obligation to permanently observe an objection, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

In the following we will list all third-party service providers we utilize for the use-cases mentioned in sections “Data We Collect Automatically” and “Data We Collect Optionally”. If you have questions regarding personal data usage of these service providers, please refer to the data privacy notices as linked below.

  • Adobe Analytics: Web analytics; Service Provider: Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland; Legal Basis: Consent; Website: https://www.adobe.com/analytics/adobe-analytics.html; Privacy Policy: https://www.adobe.com/privacy.html. The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy policy for more information.
  • YouTube: Social network and video platform (video contents); Service Provider: for users outside the EU/EEA: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.; for users in the EU/EEA: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent; Privacy Policy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Advertisements: https://adssettings.google.com/authenticated. The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy Policy for more information.
  • LinkedIn plug-in: Our website uses functions of the LinkedIn network. Service Provider: for users outside the EU/EEA: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, U.S.; for users in the EU/EEA: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland. If you click on the “Share button” for LinkedIn and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We point out that we as provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn. Legal Basis: Consent; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data Processing Agreement: https://legal.linkedin.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy Policy for more information.
  • XING plug-in: Our website uses functions of the XING network. Service Provider: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. To our knowledge, personal data will not be stored. In particular, no IP addresses are stored or the usage behaviour is evaluated. Legal Basis: Consent; Privacy Policy: https://www.xing.com/app/share?op=data_protection
  • Google Maps: We use the Google Maps service to display the nearest branch office on the map. After consent and by using this service, data such as IP address, browser type, location and possibly also cookie information are processed and forwarded to Google. This data is required to display corresponding locations, to calculate distances and routes, etc.; Service Provider: for users outside the EU/EEA: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.; for users in the EU/EEA: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate interest; Website: https://www.google.com/maps/about/#!/; Privacy Policy: https://policies.google.com/privacy. The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy Policy for more information.
  • reCAPTCHA: We integrate the “reCAPTCHA” function to be able to recognise whether entries (e.g. in online forms) are made by humans and not by automatically operating machines (so-called “bots”). The data processed may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, time spent on websites, previously visited websites, interactions with reCAPTCHA on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images). The data processing is based on our legitimate interest to protect our online services from attacks, abusive automated crawling (data automatically collected by web robots) and spam; Service Provider: for users outside the EU/EEA: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.; for users in the EU/EEA: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests; Website: https://www.google.com/recaptcha/; Privacy Policy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en; Settings for the Display of Advertisements: https://adssettings.google.com/authenticated. The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy Policy for more information.
  • Shariff: We use the privacy-secure “Shariff” buttons. Shariff was developed to provide more privacy on the internet and to replace the usual “share” buttons of social networks. It is not the browser of the user, but the server on which this online offer is located, which establishes a connection with the server of the respective social media platforms and queries, for example, the number of Likes, etc. The user remains anonymous. More information about the Shariff project can be found at the developers of the magazine: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html; Service Provider: Heise Medien GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Hannover, Germany; Legal Basis: Legitimate Interests; Website: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html; Privacy Policy: https://www.heise.de/Datenschutzerklaerung-der-Heise-Medien-GmbH-Co-KG-4860.html
  • X plug-ins and contents: Twitter plug-ins and buttons: This can include content such as images, videos or text and buttons with which users can share content from this online service within Twitter; Service Provider: for users outside the EU/EEA: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.; for users in the EU/EEA: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal Basis: Consent; Website: https://twitter.com; Privacy Policy: https://twitter.com/privacy, (Settings for non-essential cookies: https://twitter.com/personalization; settings for Twitter users with an account: https://twitter.com/account/settings). The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy Policy for more information.
  • Vimeo: Social network and video platform (video contents); Service Provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, U.S.; Legal Basis: Consent; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-Out: We point out that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) as well as opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=en) or the settings of Google for data use for marketing purposes (https://adssettings.google.com/). The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy Policy for more information.
  • HubSpot: Email marketing platform; Service provider: HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, U.S.; Legal Basis: Consent; Website: https://www.hubspot.com; Privacy Policy: https://legal.hubspot.com/privacy-policy; Data Processing Agreement: https://legal.hubspot.com/dpa; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.hubspot.com/dpa; Further Information: https://legal.hubspot.com/dpa. The use of this third-party service provider involves transfer of personal data to a third country. Please refer to the service provider’s Privacy Policy for more information.

Cookies are small data files or other data records that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the contents accessed, or the functions used. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and convenience of online offers as well as the creation of analyses of visitor flows.

Processing cookie data on the basis of consent: We use a cookie management solution in which users’ consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user or and/or his/her device. Subject to individual details of the providers of cookie management services, the following information applies: the duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored with the date/time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and used end device.

Legal bases: The legal basis under data protection law on which we process users’ personal data with the use of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in a business operation of our online services and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations. For which purposes the cookies are processed by us, we do clarify in the course of this privacy policy or in the context of our consent and processing procedures.

Retention period: With regard to the retention period, a distinction is drawn between the following types of cookies:

  • Temporary cookies (also known as “session cookies”): Temporary cookies are deleted at the latest after a user has left an online service and closed his or her end device (i.e. browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after the terminal device is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again.
  • General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and also file an objection to processing in accordance with the legal requirements in Article 21 GDPR. Users can also declare their objection by means of the settings of their browser, e.g. by deactivating the use of cookies (whereby this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/

Further information on services used:

In the context of our processing of personal data, it may happen that the data is transferred to other places, companies or persons or that it is disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such a case, the legal requirements will be respected and in particular corresponding contracts or agreements, which serve the protection of your data, will be concluded with the recipients of your data.

Data transmission within the group of companies: We may transfer personal data to other companies within our group of companies or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfil our contractual obligations or if the consent of the data subjects or otherwise a legal permission is present.

Data transfer within the organisation: We may transfer or otherwise provide access to personal information to other locations within our organisation. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfil our contractual obligations or if the consent of those concerned or otherwise a legal permission is present.

We entered into data processing agreements as required with third-party recipients in order to protect your personal information and interests. In these data processing agreements, the service providers undertake measures to protect the data of our users, to process them on our behalf in accordance with the applicable data protection regulations and, in particular, not to pass the data on to third parties. Gen Re thus ensures that your data are processed at an adequate level of data protection at all times that corresponds to the level of data protection in the areas we are doing business in.

Your data will not be passed on to other third parties for other purposes, in particular for advertising purposes unless you have given your explicit consent.

If we process data e.g. by way of transmission in a third country (e.g. outside the EU, or the European Economic Area [EEA]) or the processing takes place in the context of the use of third-party services or disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the applicable legal requirements.

Subject to express consent or transfer required by contract or law, we process or have processed the data only (i) in third countries with a recognised level of data protection, (ii) on the basis of special guarantees, such as a contractual obligation (e.g. through so-called standard protection clauses of the EU Commission for transfers from the EU/EEA to third countries), (iii) in case the transfer is made between a data exporter in the EU/EEA and a data importer in the U.S., and the data importer in the U.S. is self-certified under the EU U.S. Data Privacy Framework, or (iv) if certifications or binding internal data protection regulations justify the processing.

Please refer to the list of third-party service providers in section “List of Third-Party Service Providers” of this Notice where we inform you about third-country transfers regarding to specific service providers.

The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or they are not required for the purpose). If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

We are committed to preserving online privacy for all of the visitors to our website, including children. Our website is a general audience website, and we do not knowingly collect information about children or provide services to children. Consistent with applicable laws, we will not knowingly collect any information from children under the age of 13. The website is not designed to attract anyone under the age of 18.

We restrict access to personal information collected about you at our website to our employees, our affiliate’s employees, or others who need to know that information to provide services to you or in the course of conducting our normal business operations. For this we have taken security measures to meet the highest requirements of the law as well as our own. These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.

In order to protect your data transmitted via our online services in the best possible way, we use SSL encryption.

We have taken all necessary and adequate steps to protect your personal data and ensure your rights as a Data Subject.

According to the applicable data protection laws, you may have certain rights as described below. Please note that limitations may apply to your ability to exercise these rights, for example, when your right to obtain the information is found to be overwritten by essential considerations of overriding interests. Furthermore, depending on the jurisdictions you are residing in, the rights as described below may vary.

  • Right of access. You have the right to request access to the personal data we process about you. We will provide you with a copy of the personal data undergoing processing as a starting point, free of charge or by electronic means, if the request has been submitted in a commonly used electronic form.
  • Right to rectification. You have the right to rectification of inaccurate personal data concerning you, including completion of incomplete personal data.
  • Right to erasure (right to be forgotten). Under certain circumstances, you have the right to the erasure of the personal data concerning you.
  • Right to restriction. Under certain circumstances, you have the right to restrict our processing of personal data concerning you.
  • Right to data portability. Where processing is based on consent or a contract and the processing is carried out by automated means, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You have the right to transmit this personal data to a third party without hindrance from us, if technically possible.
  • The right to object. Under certain circumstances, you have the right to object at any time to our processing of personal data concerning you. For example, if you have requested to receive information from us, e.g. newsletters, but do not wish to receive further information, you can easily opt out of receiving further information from us.
  • Automated individual decision-making, including profiling. As a general rule you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or affects you significantly. This does not apply if among other things automated decision-making and profiling is necessary for entering into, or performance of, a contract between you and us.
  • Right to withdraw from consent with effect for the future. If processing of your personal data is based on your consent, you may withdraw your consent at any time with effect for the future, e.g. by unsubscribing from a newsletter or by sending us an email specifying the consent that you wish to withdraw. Please note that this does not affect the processing of your personal data prior to the withdrawal of your consent.
  • Exercising your rights. If you want to exercise any of your rights as described above or have any question to that, please contact our Data Protection Officer by sending an email to the email address specified below.
  • Filing of a complaint. If you wish to file a complaint regarding our processing of your personal data, you can choose to file a complaint to a competent supervisory Data Protection Authority. You can always lodge complaints with the data protection authority in the state or country you are residing in. For more information, please refer to section “Competent Data Protection Authorities” of this Statement.

If you are visiting our website or purchasing our products or services from outside of the United States or otherwise contacting us from outside of the U.S., please be aware that your personal information may be transferred to, stored or processed in the U.S., where our servers are located and our central database is operated or where web content is hosted by our service providers. The data protection and other laws of the U.S. and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to protect your privacy. For example, our service providers will be contractually bound to process personal information only on behalf of and under the instructions of Gen Re and to adhere to similar data privacy standards as provided by the EU. By using our services or purchasing our products, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Statement.

For your convenience, we may provide links to other websites and web pages that we do not control. We cannot be responsible for the privacy practices of any websites or pages not under our control, and we do not endorse any of these websites or pages, the services or products described or offered on such sites or pages, or any of the content contained on those sites or pages. Please check the applicable privacy policies of the respective operator of those third party websites.

We are an international corporation with business entities and branches in many countries. Please refer to the list above (“Who is Responsible for the Processing of your Personal Information?”) if you want to learn what legal entity is present in the country you are residing. The list also contains the competent data protection authority for that country. According to the applicable data protection laws, you may lodge complaints with the data protection authority of your residency. You may also contact the data protection authority responsible for the controller or processor that processes your personal data.

Gen Re will take reasonable measures to protect the confidentiality of Social Security numbers and limit access to those with a need for such information. Gen Re prohibits the unlawful disclosure of Social Security numbers.

Our website does not respond to “Do Not Track” (DNT) signals. DNT is a preference that users can set on their browser (if supported) to opt out from online behavioural tracking.

This Privacy Notice for California Residents supplements the information contained in our general Privacy Policy and applies solely to individuals who are California residents (“consumers” or “you”). We adopt this Notice to provide information about collection, use, and sharing of personal information and provide notice to consumers of their privacy rights under the California Consumer Privacy Act of 2018 (the “CCPA”). Any terms defined in the CCPA have the same meaning when used in this Notice. In the event that this Privacy Notice conflicts with our general Privacy Policy, the terms of this Notice shall prevail.

This Notice does not apply to employment-related personal information collected from employees, job applicants, contractors, or similar individuals.

Among other exceptions, the CCPA also currently exempts personal information reflecting a written or verbal business-to-business communication or transaction (“B2B personal information”) from certain of its requirements.

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer (“personal information”). Personal information does not include deidentified or aggregated consumer information or information otherwise excluded from the CCPA’s scope.

In particular, we have collected the following categories of personal information from consumers within the last 12 months:

  • Identifiers. For example, a real name, postal address, driver’s licence number, or other similar identifiers.
  • Protected classification characteristics under California or federal law. For example, age, citizenship, marital status, medical condition, or veteran or military status.
  • Commercial information. For example, products or services purchased, obtained, or considered.
  • Financial account information.
  • Internet activity or history or other electronic network activity information.
  • Professional, educational, or employment-related information. For example, current or past job history.
  • Inferences drawn from other personal information. For example, information reflecting a person’s preferences, characteristics, or attitudes.

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you or from the entity with which you have a direct relationship
  • Directly or indirectly through our website
  • Consumer reporting agencies
  • Other insurance companies

We may use or disclose the personal information that we collect for one or more of the following purposes:

  • To fulfil or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to facilitate the provision of our products or services.
  • To provide, support, personalise, and develop our website, products, and services.
  • To create, maintain, customise, and secure your account with us.
  • To process your requests, purchases, transactions, and payments and prevent fraud.
  • For testing, research, analysis, and product development, including to develop and improve our website, products, and services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of our assets.

We share your personal information with the following recipients:

  • Analytics providers
  • Website hosting providers
  • Marketers
  • Payment processors
  • Affiliated companies within the Gen Re Group
  • Other insurance companies
  • Persons who perform a business or professional service for us, such as a consultant

In the preceding 12 months, we have disclosed all of the categories of personal information that we collect for a business purpose.

We do not sell any personal information.

The CCPA provides consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

You may request certain information from or certain action by us, such as exercising the access and deletion rights described below, or you may authorise an agent to make such a request on your behalf. We will seek to verify your identity and your agent’s authority when we receive an individual rights request from you or on your behalf to ensure the security of your personal information, and may need to collect additional personal information to do so.

Please direct any such rights requests (as further described below) or additional questions that you may have regarding this Statement to the addresses found in the Contact Information section above (“Who is Responsible for the Processing of your Personal Information?”).

California residents have the right to request the deletion of personal information, but we may not delete some or all personal information, as required or permitted by applicable law, such as if the requested information is necessary to:

  • Complete your transaction;
  • Provide you a good or service;
  • Perform a contract between us and you;
  • Protect your security and prosecute those responsible for breaching it;
  • Protect the free speech rights of you or other users;
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 et seq.);
  • Engage in public or peer-reviewed scientific, historical, or statistical research;
  • Comply with a legal obligation; or
  • Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

If you are a California resident, you may also request to receive details about how we collect, use, and share your personal information. You may also request to receive the specific pieces of personal information that we have collected about you.

If a business sells personal information, you have a right to opt out of that sale. We do not, and do not intend to, sell the personal information of California residents and, furthermore, do not have actual knowledge that we sell the personal information of consumers under 16 years old.

Businesses may not, and we do not, discriminate against you for exercising any CCPA rights, such as the access and deletion rights described above.

Changes to Our Data Privacy Statement

We may change this Statement at any time and from time to time. The most recent version of the Statement is reflected by the version date located at the bottom of this Statement. This Statement is not intended to, and does not, create any contractual or other legal right in or on behalf of any party.

Version Date: November 2023

EU Reinsurance Privacy Notice

Privacy Notice pursuant to Art. 14 GDPR

for applicants, policyholders, insured persons, beneficiaries or injured parties (English)

Datenschutzhinweise nach Art. 14 DS-GVO

für Antragsteller, Versicherungsnehmer, Versicherte Personen, Bezugsberechtigte oder Geschädigte (Deutsch)

Aviso Sobre Protección De Datos conforme al art. 14 RGPD

para solicitantes, tomadores de seguros, personas aseguradas, personas beneficiarias o perjudicados (Español)

Informations Concernant la Protection Des Données selon l’article 14 RGPD

à l’attention des demandeurs, preneurs d’assurance, personnes assurées, bénéficiaires ou sinistrés (Français)

Notifica Sulla Protezione Dei Dati ai sensi dell’Art. 14 RGPD

per richiedenti, persone assicurate, beneficiari o parti lese (Italiano)

Informacje o ochronie danych osobowych zgodnie z art. 14 RODO

dla wnioskodawców, ubezpieczających, osób ubezpieczonych, uprawnionych do świadczeń lub poszkodowanych (polska)

隐私声明基于GDPR第14条

投保人、保单持有人、被保险人、受益人、受损方的隐私声明 (中文)

Other Privacy Notices

Privacy Notice for Gen Re Business Contacts

Privacy Notice for Education

Participants of Gen Re Business School’s Further Education and Training Program