Skip to content

Data Protection Information

§ 1 Name and Address of the Controller

Controller in terms of the General Data Protection Regulation and other national privacy laws of the member states of the European Union as well as further privacy provisions is:

GMBC RE GmbH
Kaiser-Wilhelm-Str. 93
20355 Hamburg
Germany

§ 2 Privacy Officer

You can reach the appointed privacy officer under:
Deutsche Datenschutz Consult GmbH
www.deutsche-datenschutz-consult.de
Stresemannstraße 29
22769 Hamburg
Germany
Phone: +49 40 228 60 70 402
E-Mail: privacy@gmbcgroup.com

§ 3 Business Correspondence

If you correspond with us via email, we collect, store and process your name, email address and all contents of the correspondence. This data is processed for the purpose of initiating or conducting a contractual relationship with the controller that you represent.

As a rule, the legal basis for the processing is Art. 6 (I) lit. f GDPR, whereby our legitimate interest lies in the establishment and support of business relationships. In individual cases, processing may also be based on Art. 6 (1) lit. a GDPR if you have given us your consent for contact and/or correspondence. In the rare cases where we enter into contracts with natural persons, the communication required for this is based on Art. 6 (1) lit. b GDPR.

Where required for the fulfilment of a contract or by law, we disclose or transfer personal data of our customers to third parties if and insofar as this serves the provision of our services pursuant to Art. 6 (1) lit b. GDPR, is required by law according to Art. 6 (1) lit c. GDPR, serves our interests or those of our customers in the efficient and cost-effective provision of services as a legitimate interest pursuant to Art. 6 (1) lit. f. GDPR, or in the context of consent pursuant to Art. 6 (1) lit. a. GDPR. Possible third parties to whom your personal data may be transferred are
• external professionals involved in the provision of services, and
• third parties necessarily or typically involved in the performance of the contract, such as companies in the insurance chain.

As a matter of principle, your data will only be kept for as long as it is needed to process the correspondence. In addition, we are legally obliged to retain business correspondence for a period of 6 years. In individual cases, a retention period of 10 years under tax law may also be relevant. In this respect, your data is stored based on Art. 6 (1) lit. c GDPR for the fulfilment of the statutory retention obligations. After expiry of these retention obligations, your data will be deleted, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

§ 4 Processes on the Website

1. Server Statistics

Upon visiting our website, we collect the following data that is transmitted by your browser:
• Domain
• IP address
• content of the request
• user agent
• HTTP status code
• Timestamp

The data is collected on the basis of Art. 6 sec. 1 lit. f GDPR.

The temporary storage and processing of the IP address is required for delivery of the requested website to your system. This constitutes our legitimate interest for processing the IP address.

The website hoster stores this data in an access log which will be overwritten after 7 days. The access log is stored in order to analyze threats and protect against misuse, which also constitutes a legitimate interest for processing the data.

2. Cookies

Cookies are small text files that help collect standard internet log data and information about how visitors use our website. When you access our site, such data may be gathered automatically through cookies or similar technologies.

How we use cookies
GMBC currently does not use cookies. This may change in the future.

Consent information
We would only use cookies only in accordance with legal requirements. Where required by law, we obtain users prior consent. Consent is not necessary for cookies that are strictly necessary to provide the online service explicitly requested by the user. These may include cookies essential for displaying the website, load balancing, security, storing user preferences, or other functions required for delivering the core services. Users receive clear and revocable consent information before such cookies are used.

Managing cookies
You can configure your browser to refuse or delete cookies. Instructions can be found on the website linked above. Please note that some website functions may not work correctly if cookies are disabled.

§ 5 Your Rights

1. Right of Access

You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Upon request we gladly inform you in writing about which personal data are being processed by us, including their origin, any recipients of your personal data as well as the purpose of processing.

2. Right to rectification

You have the right to obtain from us rectification of personal data concerning you to the extent we save such data and provided it is inaccurate.

3. Right to restriction of processing

You have the right, under the preconditions of art. 18 sec. 1 GDPR (for example if the accuracy of the data is disputed or the processing is unlawful), to obtain from us restriction of processing, which means that we may only process your personal data subject to such restriction under the preconditions of art. 18 sec. 2 GDPR (for example with your consent or for the exercise or defence of legal claims).

4. Right to erasure

You have the right to obtain from us the erasure of your personal data under the preconditions of art. 17 sec. 1 lit. a-f GDPR (for example if the personal data is no longer needed or processing is unlawful) unless exceptions following art. 17 sec. 3 lit. a-e GDPR apply (for example if there are legal obligations to process the personal data).

5. Right to data portability

You have the right to receive from us your personal data that you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us.

6. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, if you feel our processing of your personal data is unlawful. The supervisory authority responsible for us is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
https://datenschutz-hamburg.de

7. No automated Decision-Making

While using our services, you are not subject to any exclusively automatic decision-making process – including profiling – that takes legal effect or affects you significantly in any similar manner.

§ 6 IT Security Notice

For our website we make use of ssl encryption (secure socket layer) with the highest encryption level supported by your browser. Usually this will be 256-bit encryption. If your browser doesn’t support this, our website falls back to 128-bit technology. Most browsers show encryption status by displaying a closed lock icon next to the URL or in the status bar.

We may need to update our Privacy Notice. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice, for example how we use your personal data, the identity of the Controller or your rights.