Data privacy at ERGO

Copyright 2021. All rights reserved.

ERGO takes protecting your privacy when you visit the website and within insurance relationships very seriously.

We comply with all the applicable data protection rules and are also committed to implementing the insurance industry’s data protection requirements (Data Privacy Code of Conduct).

ERGO processes your personal data only within the permitted framework and scope of the data protection provisions, in particular the EU General Data Protection Regulation (EU GDPR) and the Federal Data Protection Act (BDSG), and with your consent.

We have established this criterion at ERGO and accordingly use the latest techniques to safeguard your data.
Our evolving websites and changes in technology make it necessary to amend our privacy statement from time to time. When visiting our website, please take note of the latest version of the privacy statement.

The following privacy notice applies to visits to the website, where you will find information on products and services.

This website contains links to third-party websites (external links). These websites are subject to the liability of the respective operators. Should you notice any links on our websites that direct to websites with content that breaches applicable law, please notify us by sending an email to .

We will then remove such links from our websites without delay. The providers assume no liability whatsoever for the up-to-dateness, correctness, completeness or quality of the information provided.

The controller for data processing on the website is

ERGO Reiseversicherung AG
Thomas-Dehler-Straße 2
81737 Munich

Detailed information on data processing when you visit our website can be found under “ Visiting the website”.

The controller for data processing in relation to the products sold on this website is the respective risk carrier. Contact details can be found under “Services contact information”.

Detailed information on data processing as part of the insurance relationship can be found under “Information for prospects and insurance customers”.

Where websites and apps direct to this website, the above-mentioned data controller for visits to the website is responsible.

Where the website directs to other websites, the provider of those sites is the controller under data protection law.

Should you have any questions regarding data privacy, please contact ERGO’s Data Protection Officer.

He can be reached under controllers contact details:


ERGO Reiseversicherung AG

- Data protection officer -

Thomas-Dehler-Straße 2

81727 Munich



Under the EU GDPR, you can assert the following rights against the controller:

  • Right of access to the data processed (Art. 15)
  • Right to rectification of inaccurate data or completion of incomplete data (Art. 16)
  • Right to erasure of data that has been unlawfully processed or is no longer required (Art. 17) 
  • Right to restriction of processing (Art. 18)
  • Right to object to processing which the controller bases on the safeguarding of a legitimate interest (Art. 21)
  • Right to data portability (Art. 20)

If you have consented to processing (Art. 6(1)(a) or Art. 9(2)(a)), you have the right to withdraw that consent at any time. Such withdrawal will not affect the lawfulness of the processing carried out up to that point.

If you wish to complain, please contact the Data Protection Officer or the data protection supervisory authority responsible for the controller. You will find this in the respective legal entity’s information sheet on how your data is used under “Information for prospects and insurance customers”.


The responsible authority for the controller of the website is:

Data Protection Authority of Bavaria for the Private Sector (BayLDA)
Promenade 18
91522 Ansbach

ERGO uses the latest techniques for holding dialogues with you and safeguarding your data.

What measures do we take to protect your data?

We take appropriate state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.

To protect your details, we use SSL (secure socket layer) encryption for the dialogue forms or contact forms on our web pages. This SSL connection protects your data against unauthorised third-party access during transmission. For your own security, please always use these dialogue forms.

If you send us unencrypted data in a normal, unsecured email, it is possible for your data to be viewed or amended by unauthorised persons during transmission via the internet.

In the case of anomalies, please contact our Customer Service Centre on the following number: 0800 3746 016.

On our website, you can find out what products and services we offer without entering personal data. Should data be collected without any action on your part, this will happen either on a statistical and anonymous basis, or you will be informed about it in advance and your consent will, if necessary, be obtained.

To use services on the basis of your individual needs, it will in most cases be necessary for you to provide information such as your postcode, circumstances (single, married, children). These details are only saved while you are visiting a website.

You can in principle find out about financial and insurance products without providing personal details. However, in order to calculate the correct insurance premium for you, we will of course ask you for the necessary details, such as age, height, weight, habits (smoker/non-smoker), type of car, mileage. To save you having to enter details twice, details you have given during a visit to the website are displayed again.

Obtaining insurance quotes

If you request a binding quotation for an insurance policy or a financial product, you will need to provide personal identifying details (surname, first name, address, contact details). These details will then be saved at ERGO Reiseversicherung AG for 20 days, together with other price- and risk-relevant details for that quote (date of birth, living/housing situation, etc.).

Applying for and taking out insurance online or accepting insurance quotes

If you apply for or take out insurance online, your bank details for making payment will also be saved, and possibly other attributes such as your IP address for identification purposes.
These details are transmitted to the ERGO insurance companies, where they are saved as application data and used to create the insurance contract and for future contract and customer support.
Similarly, details of insurance quotes that you accept and lead to a contract are saved and processed.

Cookies are small files that are stored on your computer and control the display and operation of our website.

Some cookies are technically necessary for communication via the internet and the website as such to work properly. These cookies are deleted when the dialogue ends.

For all cookies that are not technically necessary, we obtain your consent. We do this via the OneTrust consent tool, which is provided by our service provider ITERGO.

We use cookies for usage statistics and to continually improve our website (analytics), as well as to optimise our advertising with our partners (third-party cookies). You are given detailed information about these cookies within the consent tool.

Below we inform you in accordance with Article 13 GDPR about the service providers and procedures we use to collect data and provide information on

  • the purpose,
  • the scope,
  • the legal basis,
  • the period of storage,
  • the storage location,
  • any transfer and
  • the controller

of the data processing.

This section provides information on data privacy in your role as a prospect, in your role as a customer, as well as on the service providers we use and the embedding of our privacy policy in the insurance industry’s agreements with the supervisory authorities.

7.1. Contact as a prospect with agencies or ERGO Reiseversicherung AG

To obtain information on ERGO Reiseversicherung products and services, you can do this either on Webpage  or get in touch with the Service Center via Telephone (+49 89 4166-1102 (Mon to Fri from 8am – 7pm & Sat from 9am – 1pm .)
In each case, you will be dealing with our own officers, who will take care of data privacy for you. See also the information under “Communication” in this connection.

7.1.1. What data must be provided and what is processed?

You are not obliged to provide personal data for an informal chat or to use our websites. However, there are services for which our officers will need personal information from you, for example in order to send you information or a newsletter. Without this data, we cannot provide the services required. In each case, we collect only the data that is actually necessary.

7.1.2 For what purposes and on what legal basis do we process the data provided?

We process the data you provide in order to handle your enquiry.

Requests for advice and product information
If, when circumstances require, you leave contact details in order to receive advice on specific topics, or because you would like to receive further information on advertised products, we base the processing on your and our legitimate interest in answering your enquiry pursuant to Art. 6(1)(f) GDPR.

Enquiries for concluding and implementing an insurance contract
If you would like to take out insurance with ERGO Reiseversicherung, the adviser and the insurer will need your data to negotiate and conclude the contract (and for an identity check where required) and to assess the risk that is to be assumed.
If the insurance contract comes into being, the insurer will process this data to issue your policy or send you an invoice. The insurer needs details of claims and payments made in order to assess precisely what cover you have taken out and what payments you have received under that cover. It is not possible to negotiate, conclude or implement an insurance contract without processing your data. The data is processed on the basis of Art. 6(1)(b) GDPR in order to carry out pre-contractual measures or fulfil a contract.

7.1.3. How long do we save your data?

Our officers delete your personal data as soon as it is no longer required for the purposes mentioned above. This situation will occur regularly due to statutory record-keeping and retention requirements governed, inter alia, by the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention periods according to these are generally up to ten years. It is also possible that personal data may be saved for the period in which claims can be made against you (statutory limitation period of three or up to thirty years). Additional information, where relevant, may be found in association with the individual data processing operations.

7.2. Insurance customer

Below you will find information on how your data is dealt with when you make an insurance application, have taken out insurance, make a claim, or the contract is terminated.

7.2.1. Use of your data

Under the GDPR, there are statutory duties to provide information as soon as and insofar as personal data is collected from you for processing. Insurance applications, in particular, therefore contain relevant information on the specific use of your personal data. You can access individual selected versions of information on how your data is used (in German) below:

7.3. List of service providers

The insurers keep a list of all the service providers that may work for you as part of a contract. The obligation to keep this list arises from the new declarations of consent and release from the duty of confidentiality, as well as from the new code of conduct (Data Privacy Code of Conduct) agreed between the German Insurance Association (GDV) and the data protection supervisory authorities. The aim of this list is to create transparency about the processing of your data. The list specifies the service providers that collect, process or use health data and/or other personal data as agreed on behalf of ERGO insurance companies. The service providers are mentioned specifically if their main task is collecting, processing and using personal data. This includes ERGO Group AG, for example. Service providers whose main task does not involve the processing of personal data, for example companies that dispose of paper waste and computer storage media, are only mentioned in service categories. The same goes for service providers that work for ERGO only occasionally. You can opt out of having your data transferred to the service providers mentioned on the list on a case-by-case basis, stating the reasons. We will then consider whether, because of your particular personal situation, your legitimate interest in excluding transfer prevails. Please note that all of ERGO’s service providers are mentioned in the list. However, this doesn’t mean that your data is, in principle, shared with all the service providers. ERGO Group AG, ITERGO Informationstechnologie GmbH and ERGO Direkt AG, as the ERGO companies’ internal service providers, are generally the ones tasked with collecting, processing and using personal data.

7.4. Declaration of consent and release from the duty of confidentiality

Since 1 January 2013, ERGO’s German insurance companies have been using new declarations of consent and releases from the duty of confidentiality in their applications, enquiries and enrolment declarations. The declarations used have been standardised between the German Insurance Association (GDV) and the data protection supervisory authorities. They offer you even more transparency in the way your personal data is handled. You will find a specimen here.

7.5. Code of Conduct for the handling of personal data by the German insurance industry (Data Privacy Code of Conduct)

ERGO’s German insurance companies adopted the “Code of Conduct for the handling of personal data by the German insurance industry” (Data Privacy Code of Conduct) on 1 March 2013. The Data Privacy Code of Conduct governs the collection, processing and use of your personal data. This Code of Conduct was agreed between the German Insurance Association (GDV) and the data protection supervisory authorities.

The German federal and state data protection authorities have confirmed that companies which follow the Code of Conduct thereby ensure that the requirements of the General Data Protection Regulation are put into concrete form for the insurance industry in a sector-specific way.

You will find the Code of Conduct for the handling of personal data by the German insurance industry here. We will be happy to provide you with the text in paper form too. You can request this by phone on the freephone numbers 0800 3746 000 , or by email at and .

Here you will find information on how ERGO communicates via the various channels, what data is produced as a result, and how it is handled.
Besides the communication channels described below, some information and services are also provided by your agency and are its responsibility.
If you contact your agency owner direct, without using ERGO systems, the data transferred will then be beyond ERGO’s control. Examples:

  • WhatsApp communications via your agency’s number, as well as other messenger services such as Facebook Messenger
  • Your agency’s Facebook Page
  • Email communications to email addresses not ending in “” or ""

For information in this regard, please contact your agency owner.

8.1. Written communication

In the vast majority of cases, correspondence sent to ERGO is digitised (scanned) immediately upon receipt and forwarded electronically to the relevant department. There, the digital document is stored for as long as its purpose or statutory retention requirements require. The original document is destroyed in line with data privacy legislation after a waiting period of 30 days.

8.2. Email correspondence

ERGO Reiseversicherung uses the email address you provide to send you a reply with the information requested. However, ERGO Reiseversicherung only sends personal or confidential information once it has been encrypted, or, should this not be possible, by post. If the content of your message relates to a contract, ERGO Reiseversicherung will archive the email. The email address will be saved exclusively for corresponding with you and will not be shared with third parties.

You will not receive any unsolicited emails from ERGO Reiseversicherung, so if ever you do receive an unsolicited email that purports to be from ERGO Reiseversicherung, it is fake and should be deleted. Before sending ERGO Reiseversicherung an unencrypted email, please remember that on the internet its contents are not protected against unauthorised access or falsification. Consequently, we would recommend that you send any message to ERGO Reiseversicherung using the contact form indicated on our website.

8.3. Privacy notice in relation to voice recording during telephone contact with ERGO Direkt AG

This privacy notice informs you who is responsible for voice recording on the phone, when and for what purpose voice recording is carried out, and what rights you have as the data subject. The privacy notice applies to phone contact both by you with ERGO Reiseversicherung AG and by ERGO Reiseversicherung AG with you. The company responsible for processing the data is ERGO Reiseversicherung AG, Thomas-Dehler-Str. 2, 81737 München.

You can reach the Data Protection Officer at this address – by adding the words “Data Protection Officer” – or by email at .

We use call recordings (voice data) and the resulting text files (transcripts) to derive your wishes and requirements from the information you provide. We also store technical call data such as the phone number, the start of the call, the end of the call and the call duration.

If, before or during the call, you agree to it being recorded, we will use the information and data obtained for the following purposes:

8.3.1. Training and quality assurance

We analyse some calls with regard to customer communication, compliance with company standards and optimisation potentials. The results are discussed with the member of staff concerned. In individual cases, certain parts of the telephone call are referred to for this purpose. This is used for training our staff. The aim is to constantly improve communication with our customers, so that we can offer them a better quality of service and advice.

8.3.2. Individual analyses

We analyse individual calls with regard to relevant information about you as an individual. This information also helps us to offer you an optimised quality of service and advice. Here, a high-quality approach that is relevant (only of interest to you) is of particular importance to us. This means that, in future, we want to speak to you in a more individual and targeted way and avoid offering services and products that are not relevant to you.

8.3.3. Statistical analyses (cumulative)

In collaboration with research projects, we carry out statistical analyses of all the calls recorded. In this way, we identify significant and relevant accumulations of words (call categories) which provide information on our customers’ wishes and needs. These analyses are carried out with anonymised data.

8.3.4. Documentation and erasure of data

We save the call recordings (voice data) and resulting text files (transcripts) for documentation purposes. All call recordings are deleted after 13 months at the latest, or even before then, if you have withdrawn your consent. The text files produced are anonymised and permanently processed for analysis purposes.

The legal basis for the processing of personal data is your consent. We obtain this for call recording and call documentation, as well as for the subsequent individual analyses of calls. There is no requirement for you to provide data or give your consent to the recording of calls. If you are not in agreement with the recording and further use of the call, we will of course take that into account.

If necessary, we make written notes on the course of the call. These notes are used to document the content of the call. The data collected is processed and used only by internal departments of ERGO Direkt AG and is not shared with third parties.

You have the right of access to, rectification, erasure and restriction of, and objection to the processing of data, as well as a right to data portability. If you would like to make use of your rights, please contact the address mentioned above.
If you think that the processing of your data breaches data protection law or that your data protection rights have been violated, you can also complain to the competent supervisory authority.

The competent data protection supervisory authority for us is: Data Protection Authority of Bavaria for the Private Sector (BayLDA), Promenade 18, 91522 Ansbach.

8.4 Social networks

The websites and our apps use social plug-ins of several social networks, including Facebook, Twitter, Google+ and the like. The plug-ins are marked with a logo or with the add-on “social plug-in”. If you access one of our website pages or an app containing such a plug-in, these plug-ins can create direct links to the social network and could transmit data. The plug-in, your browser and the social network will then all communicate with one another.
Through the integration of the plug-ins, the social networks receive the information that you have accessed a particular page on our website. If you are logged into the social network at the time, it can attribute the visit to your social network account. If you interact with the social plug-ins, for example by clicking the “Like” button or making a comment, this information is transmitted directly to the social network and stored there in accordance with the respective social network’s policy.
For information on the purpose and scope of the data collection and the further processing and use of the data by the social network, as well as your rights in this regard and setting options for protecting your privacy, please refer to the relevant social network’s privacy notice. If you don’t want social networks to know about your visit to our websites, you will need to log out of the social networks before visiting our website or using our app.

8.5 Voice assistants

If you use a voice assistant via a device with a built-in microphone (e.g. Amazon Echo, Google Home), your audio recording will be processed via the apps installed there (e.g. Amazon Alexa, Google Assistant). In particular, your complete audio recording and your use of the voice assistant are then processed both on your device and on those manufacturers’ servers. Their Terms of Use and Privacy Notices apply:
Amazon Alexa Privacy Notice
Google Home Privacy Notice

If you use these voice assistants to contact us, obtain general information, information relating to a specific contract, or quotations (“voice services”), the provider of the voice assistant in question passes information to us. This is necessary if we are to be able to respond to your enquiry. However, we only receive the content of your enquiry, not the voice recording itself. This is retained in your user account of the relevant voice assistant where you can manage it (in particular delete it).

We only receive your location or email address if this is necessary to respond to your enquiry and you have granted us access to this information when speaking to the voice assistant.

If you want to use an existing user account (e.g. Amazon Login) to use one of our voice services, we only receive information from this account if you have previously given your express consent. The legal basis is then your consent as per Art. 6(1)(a) GDPR. If you also agree to the use of the payment functions of one of your existing user accounts (e.g. Amazon Pay) in our voice service, then we only receive your contact and address data for the payment from the payment service provider but not your bank details. Otherwise, all we receive is what is known as a “token”, which is needed for technical reasons so that you can sign in with us using the existing user account and then pay without giving us login details. The legal basis for this data processing is therefore both your contract with us, Art. 6(1)(b) GDPR, and the legal obligation to specify the service recipient in invoices, Art. 6(1)(c) GDPR in conjunction with Section 14(4) of the German Value Added Tax Act (UStG).

Finally, we also receive a number (called an ID) so that we can pass the answer to your enquiry to your voice assistant. This ID is linked to our service in the voice assistant but not to you as a person. In this way, the information you requested (e.g. quotations, general information or information about a contract) can be sent to you again via the voice assistant manufacturer’s servers and systems and your device, so that you can receive it as a voice message or text message. We can only attribute this ID to you personally if the content of your voice recording contains unambiguous information about you (e.g. name, contract number).

The legal basis for this data processing is the pre-contractual information provided to you or the contract with you, Art. 6(1)(b) GDPR.

We also process data with the help of the Adobe Analytics service. The legal basis for this is our legitimate interest in accordance with Art. 6(1)(f) GDPR. In this respect, the remarks concerning Adobe Analytics (see section 6.2 above) apply accordingly.

If you delete the ID that is allocated to our service, we can no longer attribute your enquiry and its answer to any device and person. This does not apply, however, if you yourself have passed personal information to us via the voice assistant. In general and in principle, we process the above personal information only for as long as is necessary for us to deal with your enquiry. If your enquiry relates to a contract or a contract proposal, our retention periods set out in section 2.11 above apply.

8.6 Privacy notice for visitors and in relation to video surveillance at the ERGO locations