PRIVACY POLICY

Click here to view PDF, which includes this declaration in German and English

As of: May 2018

Legal Note: The only legally binding language of this Data Protection Declaration is German.
Preamble

With the following Data Protection Declaration we would like to inform you about the type, scope and purpose of the collection, processing and use of personal data when using the data collected by the International Union of Marine Insurance e. V., Große Elbstraße 36, 22767 Hamburg, Germany, phone: +49 40 2000 747-0 (hereinafter also referred to as “IUMI”) on the websites https://iumi.com/.

Personal data is all data that can be referred to you personally, e.g. name, address, email address, user behaviour.

1. Who is responsible for data processing and who can I contact

Responsible pursuant to Article 4, para. 7 of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”)

International Union of Marine Insurance e.V.

Große Elbstraße 36

22767 Hamburg, Germany

phone: +49 40 2000 747-0

fax: +49 40 2000 747-0

email: data-protection@iumi.com

(see imprint https://iumi.com/imprint)

2. Your rights

You have the following rights vis-à-vis IUMI with regard to the personal data concerning you:

– Right of access pursuant to Article 15 GDPR,

– Right to rectification pursuant to Article 16 GDPR,

– Right to erasure (right to be forgotten) pursuant to Article 17 GDPR,

– Right to restriction of processing pursuant to Article 18 GDPR

– Right to restriction of processing pursuant to Article 21 GDPR (for more information see Clause 13),

– Right to data portability pursuant to Article 20 GDPR.

With regard to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 German Federal Data Protection Act (hereinafter referred to as “BDSG”) apply.

You also have the right to complain to a data privacy supervisory authority about the processing of your personal data by IUMI (Article 77 GDPR in conjunction with Section 19 BDSG).

3. Collection of personal data when contacting us

When you contact us by e-mail, the data provided by you (your e-mail address, possibly your name and telephone number) will be stored by IUMI in order to answer your question. IUMI deletes the data arising in this context after storage is no longer necessary or restricts the processing if legal storage obligations exist.

In case we use contracted service providers for individual features of our service or if we intend to use your data for commercial purposes, we will inform you in detail about the respective processes below. We also state the specified criteria for the storage duration.

4. Collection of personal data when visiting our website

If you use the website purely for informational purposes, i. e. if you do not register or otherwise provide us with information, IUMI only collects the personal data that your browser transmits to IUMI’s server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to guarantee stability and security (the legal basis for which is Article 6, para. 1, p. 1, lit. f GDPR):

– IP address

– Date and time of the request

– Browser

In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using and through which certain information flows to the site that places the cookie (IUMI in this case). Cookies cannot run programmes or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective. We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

This website only uses Transient cookies:

Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This means that your computer can be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

You can configure your browser settings according to your wishes and, for example, refuse the acceptance of cookies. Please note that in this case you may not be able to use all of the website’s features.

5. Collection of personal data for additional services

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. In order to do this, you will usually be asked to provide further personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.

We store and use data provided by you when opening a user account for the purpose of providing our services in accordance with the contract. This data usually includes, among other things, email address, password, name, title, employer.

The legal basis for the above data usage is

Article 6, para. 1, p. 1, lit. b) GDPR.

6. Purpose of processing and its legal basis

We process the aforementioned personal data in accordance with the provisions of GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). In detail:

a. For the fulfilment of contractual obligations (Article 6 para. 1 b DSGVO)

The processing of personal data is carried out for the purpose of providing services in the context of the membership opposite our members and opposite third parties, which take place on your request.

The purposes of data processing may include, among other things, the creation of a member account, the provision of educational content, the processing of user content and hosting of conferences.

b. In the context of the balancing of interests (Article 6, para. 1, p. 1, lit. f GDPR)

As far as necessary, we process your data beyond the actual fulfilment of the contract to protect legitimate interests of us or third parties. Examples:

— Advertising or market and opinion research, as far as you have not objected to the use of your data

— Ensuring IT security

— Prevention of crime

— Measures for business management and further development of services and products

c. On the basis of your consent (Article 6, para. 1, p. 1, lit. a GDPR)

Insofar as you have given us your consent to the processing of personal data for certain purposes (such as fulfilling contractual obligations), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the application of the EU General Data Protection Regulation, i. e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing carried out prior to revocation shall not be affected. You can request a status overview of the consents you have given at any time from us.

7. Is data transferred to a third country

We work with certain external service providers to process your data. Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the fulfilment of our contractual obligations, if it is legally required, if you have given us your consent or if the data transfer is carried out within the scope of commissioned data processing. If service providers are deployed in the third country, they are obliged to comply with the data protection level in Europe by the agreement of the EU standard contractual clauses.

The legal basis for this is Article 46, para. 1 GDPR.

8. How long is my data stored

We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its further processing – limited in time – is necessary for the following purposes:

— Fulfilment of commercial and fiscal retention periods: The Commercial Code (Handelsgesetzbuch) and the Tax Code (Abgabenordnung) are to be mentioned.

— Preservation of evidence under the statute of limitations. According to Sections 195 et seq. of the German Civil Code ( Bürgerliches Gesetzbuch, BGB), these periods of limitation can be up to 30 years, whereas the regular period of limitation is three years.

9. Is there an obligation for me to provide data

Within the scope of our business relationship, you must provide personal data that is necessary for the initiation and execution of our business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will usually have to reject the conclusion of the contract or the membership or will no longer be able to carry out an existing contract and may have to terminate it.

10. Miscellaneous

You may contact us any time if you have questions regarding the data protection practices or want us to delete your profile or any personal data.

In the course of the continuous development of our services and the implementation of new technologies, IUMI reserves the right to update this Data Protection Declaration any time. Therefore we suggest you read our Data Protection Declaration again once in a while on https://iumi.com .

Please do not hesitate to contact us if you have any questions about data protection. Simply send us an email to: data-protection@iumi.com or write to us at the above address.

11. Right of revocation and objection against the processing of your data

a. Revocation

If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the admissibility of the processing of your personal data only after you have expressed it to us.

b. Objection

Your right of objection follows from Article 21 GDPR.

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you on the basis of Article 6, para. 1, p. 1, lit. e GDPR (data processing in the public interest) and Article 6, para. 1, p. 1, lit. f GDPR (data processing on the basis of a balance of interests).

If you exercise your right of objection, we will no longer process your personal data, unless we can prove compelling grounds worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Furthermore you have the right to object at any time to the processing of personal data concerning you for the purpose of direct advertising.

If you object to the processing for purposes of direct advertising, we will no longer process your personal data for these purposes.

The objection and revocation can be made without observing formal requirements under the following contact data: