Privacy statement

Privacy statement ERGO

As of 2024

ERGO takes the protection of your privacy very seriously when you visit the ergo.com websites. We comply with all applicable data protection regulations and have also committed ourselves to implementing the data protection requirements of the insurance industry (Code of Conduct for Data Protection).

ERGO processes your personal data only to the extent permitted and in accordance with data protection regulations, in particular the EU General Data Protection Regulation (EU-GDPR) and the German Federal Data Protection Act (BDSG), and with your consent.

We have established this standard at ERGO. To this end, we use modern techniques to ensure the security of your data.

Further development of our websites and changes in technology mean that we occasionally need to make adjustments to our data protection declaration. Please note the current version of the data protection declaration when you visit our website.

The following data protection information applies to the ERGO Group AG company websites at www.ergo.com.

You can find information about the ERGO Group on our ergo.com websites.

The ergo.com websites contain links to third-party websites (external links). These websites are subject to the liability of the respective operators. If you notice that links on our website refer to websites whose content violates applicable law, please notify us at the e-mail address digitalcommunications@ergo.de. We will then immediately remove these links from our website. ERGO Group AG assumes no liability for the topicality, correctness, completeness or quality of the information provided.

Responsible for data processing on the ergo.com websites is

ERGO Group AG
ERGO-Platz 1
40198 Düsseldorf

Tel +49 211 477–7100
ergo-group@ergo.de

Detailed information on data processing when visiting the websites can be found under ‘Visiting the websites’.

Insofar as websites and apps refer to these websites, the above-named controller is responsible for data processing when visiting the ergo.com websites.

Insofar as ergo.com websites refer to other websites, the provider of that website is the controller under data protection law.

If you have any questions about data protection, please contact ERGO's data protection officer.

You can reach him using the contact details of the data protection officer or by e-mail to:

datenschutz@ergo.de

According to the EU-DSGVO (EU GDPR), you can assert the following rights with the controller:

  • Right of information about the data processed (Art. 15)
  • Right to correct of inaccurate data or completion of incomplete data (Art. 16)
  • Right to delete of unlawfully processed data or no longer required data (Art. 17)
  • Right to restrict the processing (Art. 18)
  • Right to object to processing based on the controller's legitimate interests (Art. 21)
  • Right to data portability (Art. 20)

If you have given your consent to processing (Art. 6 (1) (a) or Art. 9 (2) (a)), you have the right to withdraw the consent given at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to make a complaint, please contact the data protection officer or the data protection supervisory authority responsible for the controller.

The person responsible for the ergo.com websites is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information)
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
poststelle@ldi.nrw.de

ERGO uses modern technology to maintain a dialogue with you and to protect your data.

What measures do we take to protect your data?

We take appropriate technical and organisational precautions in line with the state of the art to protect data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

We use SSL (Secure Socket Layer) encryption to protect your data in the dialogue or contact forms provided on our ergo.com websites. This SSL connection protects your data from unauthorised access by third parties during transmission. For your own security, please always use these dialogue forms.

If you send us data in unencrypted form as a normal, unsecured e-mail, there is a possibility that your data may be viewed or modified by unauthorised persons during transmission over the Internet.

You can use our website to find information about the ERGO Group without having to enter any personal data. If data is collected without your intervention, this is done either on a statistically anonymous basis or you will be informed in advance and your consent will be obtained if necessary.

Cookies are small files that are stored on your computer and control the display and operation of our website.

Some cookies are technically necessary for communication over the internet and for the website to function properly. When you end the dialogue, these cookies are deleted.

We obtain your consent for all cookies that are not technically necessary. We obtain this consent via the Consent Tool from the company One Trust, which is provided to us by our service provider ITERGO.

We use cookies for usage statistics and the continuous improvement of our website (analytics) and to optimise our advertising with our partners (so-called 3rd party cookies). You will be informed in detail about these cookies within the consent tool.

In accordance with Article 13 of the GDPR, we are providing you with the following information about the service providers and procedures we use to collect data, including information about

  • the purpose,
  • scope,
  • legal basis,
  • duration of storage,
  • storage location,
  • possible disclosure and
  • the person responsible

for data processing.

Insurers keep a list of all service providers who may work for them under a contract. The obligation to keep this list arises from the new declarations of consent and release from confidentiality as well as the new rules of conduct (Code of Conduct Data Protection), which were agreed between the German Insurance Association (GDV) and the data protection supervisory authorities. The aim of this list is to create transparency regarding the processing of your data.

The list shows the service providers who, under contract, collect, process or use health data and/or other personal data on behalf of the ERGO insurance companies. The service providers are specifically named if their main task is the collection, processing and use of personal data. These include, for example, ERGO Group AG. Service providers whose main task is not the processing of personal data, such as the disposal company for paper waste and electronic data carriers, are only mentioned in service categories. The same applies to service providers who only work for ERGO occasionally. You can object to the transfer of your data to the service providers named in the list in individual cases, stating your reasons. We will then check whether your particular personal situation outweighs your legitimate interest in excluding the transfer.

Please note that the list includes all ERGO service providers. However, this does not mean that your data will always be passed on to all service providers. In general, ERGO Group AG, ITERGO Informationstechnologie GmbH and ERGO Direkt AG are commissioned as internal service providers of the ERGO companies to collect, process and use personal data.

service provider list (PDF)

This is where you will find information on how ERGO communicates through the various channels, what data is generated in the process and how it is handled.

In the majority of cases, correspondence addressed to ERGO is digitalised (scanned) immediately upon receipt and forwarded electronically to the responsible department. The digital document is stored there for as long as the purpose or the legal retention requirements require. The original document is destroyed in accordance with data protection regulations after a waiting period of 30 days.

ERGO uses the e-mail address you provide to send you the requested information by e-mail. ERGO only sends personal or confidential information in encrypted form, or if this is not possible, by post. If the content of your message relates to a contractual relationship, ERGO will store the e-mail. The e-mail address is only stored for the purpose of corresponding with you and is not passed on to third parties.

You will not receive any unsolicited e-mails from ERGO. If you do receive an unsolicited e-mail purporting to be from ERGO, it is a fake and should be deleted. Before sending an unencrypted e-mail to ERGO, please be aware that the content of the e-mail is not protected against unauthorised access, tampering, etc. on the internet. For this reason, we recommend that you use the contact form provided on the website if you wish to send a message to ERGO.

Our websites and apps use social plugins (‘plugins’) from several social networks, including Facebook, Twitter, Google+ and similar. The plugins are labelled with a logo or the addition ‘social plugin’. When you access a page of our website or an app that contains such a plugin, these plugins can establish direct connections with the social network and possibly transmit data. There is communication between the plugin, your browser and the social network.

By integrating the plugins, the social networks receive the information that you have accessed the corresponding page of our website. If you are already logged into the social network, the social network can assign the visit to your account. If you interact with the plugins, for example by clicking the ‘Like’ button or posting a comment, the corresponding information is transmitted directly to the social network and stored there in accordance with the guidelines of the respective social network.

The purpose and scope of the data collection and the further processing and use of the data by the social network, as well as your rights and setting options for protecting your privacy, can be found in the data protection information of the respective social network. If you do not want social networks to know about your visit to our websites, you must log out of the social networks before visiting our website or using the app.

If you use a voice assistant via a device with a built-in microphone (e.g. Amazon Echo, Google Home), your audio recording will be processed by the apps installed on that device (e.g. Amazon Alexa, Google Assistant). In particular, the processing of your complete audio recording and your use of the voice assistant takes place both on your end device and on the servers of these manufacturers. Their terms of use and privacy policy apply:

If you use these voice assistants to contact us, to receive general or contract-specific information or offers from us (‘voice services’), the respective provider of the voice assistant will transmit information to us. This is necessary for us to answer your request. However, we only receive the content of your request, not the voice recording itself. This is stored in your user account of the respective language assistant and can be managed (in particular deleted) by you there.

We only receive your location or email address if this is necessary to answer your request and you grant us access to this data in the respective language assistant.

If you wish to use an existing user account (e.g. Amazon Login) to use one of our voice services, we will only receive data from this account if you explicitly consent to this in advance. The legal basis for this is your consent, Art. 6 (1) a) GDPR. If you also agree to use the payment functions of one of your existing user accounts (e.g. Amazon Pay) in our language service, we will only receive your contact and address data for the payment from the payment service provider, but not your bank details. Otherwise, we will only receive a so-called token, which is technically necessary so that you can log in to our site with the existing user account and thus pay without having to provide us with login data. The legal basis for this data processing is therefore both your contract with us, Art. 6 (1) point b GDPR, and the legal obligation to determine the recipient of services in invoices, Art. 6 (1) point c GDPR in conjunction with Sec. 14 (4) German VAT Act (UStG).

Finally, we receive a number (so-called ID) in order to be able to transmit the answer to your request to your voice assistant. This ID is linked to our service in the voice assistant, but not to you as a person. This means that the information you request (e.g. offers, general information or contract information) can be sent to you again via the servers and systems of the voice assistant's manufacturer and your end device so that you can receive it as a voice or text message. We can only assign this ID to you personally if the content of your voice recording contains unique information about you (e.g. name, contract number).

The legal basis for this data processing is the pre-contractual information provided to you or the contract with you, Art. 6 (1) point b GDPR.

We also process data using the Adobe Analytics service. The legal basis for this is our legitimate interest in accordance with Art. 6 (1) point f GDPR. In this respect, the information on Adobe Analytics (see above, section 6.2) applies accordingly.

If you delete the ID associated with our service, we will no longer be able to associate your request and the respective response with any device or person. The only exception to this is if you have provided us with personal information yourself via the voice assistant. In general, we only process the above personal information for as long as is necessary to process your request. If the enquiry relates to a contract or a contract offer, our above-mentioned deletion periods apply (see section 2.11).

WhatsApp is a service of WhatsApp Inc., which in turn is part of Facebook Inc. ERGO uses this external application solely as a service channel. ERGO is in no way responsible for the content and data that is shared, uploaded and processed outside of the ERGO network via WhatsApp. The privacy policy of WhatsApp applies to this.

Please read WhatsApp's privacy policy carefully before using WhatsApp. By using WhatsApp, you automatically agree to these guidelines.

When you send us a message via WhatsApp, you provide us with your phone number. We use the number only for WhatsApp communication with you. We use the contents of the chat only to process your request.

Please note the WhatsApp terms of use, over which we have no control: when you install and use WhatsApp on your mobile phone, you agree to WhatsApp's terms of use. These include, among other things, that you grant WhatsApp Inc. access to your phone number and the contacts stored on your phone.

We do not answer personal or confidential questions (i.e. questions concerning personal data) via WhatsApp. Therefore, please provide an e-mail address or phone number for such matters.

Important: ERGO will never ask you to share personal data with us via WhatsApp. If we need your data, an employee will provide you with an option for exchanging data, e.g. a secure contact form.