Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherlands
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Data protection information for customers and business partners
DATA PROTECTION INFORMATION PURSUANT TO ART. 13 / ART. 14 GDPR
The protection of your personal data is very important to us. We therefore process your personal data (hereinafter referred to as "data") exclusively on the basis of the statutory provisions. With this general data protection information, we would like to provide you with comprehensive information about the processing of your data in our company and your data protection rights and entitlements in accordance with Art. 13 / Art. 14 of the General Data Protection Regulation (GDPR).
1. Who is responsible for data processing and who can you contact?
The responsible party is
Howden Deutschland AG
Mies-van-der-Rohe-Straße 6
80807 Munich
Germany
Phone: +49 89 54329-0
E-Mail: [email protected]
The company data protection officer is
Robert Heindl
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: [email protected]
2. What data is processed and from which sources does this data originate?
We process the data that we receive from you or our business partners in the course of contract initiation or processing or on the basis of your consent.
Personal data includes:
Master and contact data (e.g. surname and first name, address data, email addresses, bank details, date of birth)
Data for the preparation of applications or contracts (e.g. salary, professional position, preliminary contracts)
Data for claims settlement (e.g. surname and first name, contact details)
In addition, we also process the following other personal data:
- Information about the type and content of contract data, order data, sales and document data, customer and supplier history, and consulting documents
- Advertising and sales data,
- Information from your electronic communication with us (e.g. IP address, login data),
- other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
- Data that we generate ourselves from master/contact data and other data, e.g. through customer needs and customer potential analyses.
3. For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:
• To fulfil (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
Your data is processed for the purpose of contract execution. The data is processed in particular during the initiation of business and during the execution of contracts, including the processing of claims.
• To fulfil legal obligations (Art. 6 para. 1 lit. c GDPR):
Your data is processed for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code, the German Fiscal Code or sanctions checks.
• To protect legitimate interests (Art. 6(1)(f) GDPR):
Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Data processing to protect legitimate interests takes place, for example, in the following cases:
- Advertising or marketing (see No. 4),
- Measures for business management and the further development of services and products;
- Maintaining a group-wide customer database to improve customer service
- within the scope of legal proceedings
- Sending non-promotional information and press releases.
4. Processing of personal data for advertising purposes
We are entitled under the legal provisions of Section 7 (3) of the German Unfair Competition Act (UWG) to use the email address you provided when concluding the contract for direct marketing of our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by email, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form is sufficient for this purpose. Of course, every email always contains a link to unsubscribe.
5 Who receives my data?
If we use a service provider for order processing, we remain responsible for the protection of your data. All order processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision. The processors commissioned by us will receive your data if they need it to perform their respective services. These include, for example, IT service providers that we need for the operation and security of our IT system, as well as advertising and address publishers for our own advertising campaigns.
Your data is processed in our customer database. The customer database supports the improvement of the data quality of existing customer data (duplicate cleansing, moved/deceased flags, address correction) and enables enrichment with data from public sources.
This data is made available within the group of companies if necessary for contract processing. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.
If it's needed to start or fulfil a contract, we'll pass on your data to reinsurers, co-insurers or brokers.
In the event of a legal obligation or in the context of legal proceedings, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies, experts or service providers may receive your data for the purpose of contract initiation and fulfilment.
6 How long will my data be stored?
We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code or the Working Hours Act); beyond that, until the end of any legal disputes in which the data is required as evidence.
7. is personal data transferred to a third country?
Data processing generally takes place within the EU/EEA. If data is transferred to a third country, this will only be done if an adequate level of protection is guaranteed on the basis of one of the measures specified in Art. 44 ff GDPR (e.g. adequacy decision, standard contractual clauses).
8 Where do we obtain your personal data?
In principle, we collect the data directly from you. In some cases, however, we also receive your data from our contractual partners (e.g. brokers, insurance companies) in order to fulfil our contractual obligations.
9. What data protection rights do I have?
You have the right to obtain information about your stored data, to have it corrected or deleted, to restrict its processing, to object to its processing, to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You can request that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of statutory retention obligations.
Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, unless there is a legal or contractual obligation to retain it.
Right to restriction of processing:
You may request that we restrict the processing of your data if
- you dispute the accuracy of the data, for a period enabling us to verify the accuracy of the data,
- the processing of the data is unlawful, but you refuse to have it deleted and instead request that its use be restricted,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have objected to the processing of the data.
Right to data portability:
You can request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transfer this data to another controller without hindrance from us, provided that
- we process this data on the basis of your revocable consent or to fulfil a contract between us, and
- this processing is carried out using automated procedures.
If technically feasible, you may request that we transfer your data directly to another controller.
Right of object:
If we process your data on the basis of legitimate interests, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You may object to the processing of your data for direct marketing purposes (see point 4) at any time without giving reasons.
Right to lodge a complaint:
If you believe that we are processing your data in violation of German or European data protection law, please contact us so that we can clarify any questions. You also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to exercise any of the above rights, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
10. Am I obliged to provide data?
In most cases, the processing of your data is necessary for the conclusion or fulfilment of your contract with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it.
However, you are not obliged to give your consent to the processing of data that is not relevant for the fulfilment of the contract or is not required by law.
11. Up-to-date data protection information
This privacy policy is current as of July 2025, but is subject to regular review and revision. The current version can be found at www.howdengroup.com/de-de/datenschutz.