This notice explains how your data will be collected and dealt with, and your rights concerning that data. In this notice, ‘we’, ‘us’ or ‘our’ refers to HDI Global Specialty SE and its agents, co-insurers and reinsurers. ‘You’ or ‘your’ refers to the individual whose personal data we are processing.

1. Responsible data controller

      HDI Global Specialty SE
      Roderbruchstraße 26
      30655 Hannover
      Tel. +49 511 5604-2909

HDI Global Specialty SE is a Data Controller as defined under the EU General Data Protection Regulation (‘GDPR’).

You can reach our Data Protection Officer by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox:

2. Data protection when visiting our website

2.1. Log files

Upon each visit of our website, your browser automatically sends information to the servers of our website, which is temporarily stored in a so-called log file. The following data is recorded without any action on your part and stored until automatic deletion:

  • IP address of the computer issuing the request,
  • date and time of access,
  • name and URL of the file(s) accessed/retrieved,
  • website which directed you to our Internet presence (referrer page),
  • operating system and browser employed,
  • name of your internet access provider.

Collecting and processing of this data takes place to make the use of our website possible (for establishing the connection), to ensure continuous system security and stability, to allow for technical administration of our network infrastructure and optimization of our website, as well as for internal statistics use. The IP address is only used in the event of attacks on the network infrastructure as well as for statistical purposes without us drawing any conclusions with regard to your identity. It takes place under consideration and within the scope of the weighing of interests according to article 6 para 1 (f) of the General Data Protection Regulation (GDPR). To the extent that further storage of log files is required for purposes of proof, these are excluded from deletion until the respective incident has been finally clarified.
The data collected will be deleted after four weeks at the latest.

2.2. Cookies and web analysis

We are continuously working on improving and optimizing our online services and offering you a pleasant visit of our website. Logging your access to our website into log files, as well as employing cookies and web analysis, are important for this. The legal basis for data processing using cookies – also for purposes of web analysis – is our legitimate interest in the analysis, the optimization and the commercially viable operation of our website pursuant to article 6 para 1 (f) GDPR.

2.3. Cookie information and cookie management

Cookies are automatically stored onto your computer when you visit our website. Cookies are text files which contain a pseudonymized alias and thus do not permit any form of attribution to a specific person. Only we are able to read these cookies.

The cookies that we employ may be categorized as follows: generally required cookies, function-related cookies, and service-related cookies.

Generally required cookies are used to make our website user-friendly. Certain actions you perform are stored for the duration of the respective visit to our website with the purpose of optimizing your user experience. These cookies are deleted when you close/exit the browser.

Function-related cookies enable us to adjust our website to the personal preferences of our users.

Service-related cookies help us to measure usage of our website. With these cookies, we can determine which areas of our website are visited most frequently. This information helps us to identify potentials to further improve our website.

As a user of our website, you are asked to select your own privacy settings to determine if you accept or reject cookies, or wish to be notified about receiving a new cookie. In addition, you can delete previously stored cookies. If you delete your cookies, this may result in opt-out cookies being deleted. The affected opt-outs must then be reactivated to become effective again. Deactivating cookies may lead to parts of our website not being fully functional or not being displayed correctly.

Additionally, you can adjust your settings in our Cookie Management Center.

2.4. Web analysis

We use cookies for our website that enable the analysis of your surfing behavior (service-related cookies). For this, we use the web analysis service “Piwik Pro”. This service only uses data with shortened IP addresses such as date and time of page view, duration of the visit, frequency of page view or pages referring you to our website. You can activate and deactivate these cookies as outlined in section Cookie information and cookie management.

2.5. Notice of the right to object

If we process your personal data on the legal basis of our legitimate interests pursuant to article 6 para 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to article 21 GDPR, provided that there are grounds related to your particular situation, or you object to the processing of your personal data for direct marketing purposes. In the latter case, we will comply with your objection regardless of grounds relating to your particular situation. Please contact our data protection team (contact details above) if you wish to exercise your right of revocation or objection.

3. Personal data we may collect about you

  • Individual details such as name, address, proof of address, contact details (including emails and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title, employment history and family details (including their relationship to you)
  • Identification numbers issued by government bodies, agencies or similar such as national insurance, passport, tax identification or driving licence numbers
  • Financial information such as bank account or payment card details, income or transaction histories
  • Insurance policy information including information about quotes you receive and policies you take out
  • Credit and anti-fraud data including credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you
  • Information about previous and current claims (including in connection with other related or unrelated insurance) which may include data about your health, criminal convictions, or special categories of personal data and, in some cases, surveillance reports
  • Technical information including your computer’s IP address
  • Special categories of personal data which have additional protection under the GDPR, namely health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation

4. Where we may collect your personal data from

We may collect your personal data from various sources:

  • You (including, from time to time, recordings of your telephone calls with us)
  • Your family members, employer or agent/representative (including your broker)
  • Our agents, other insurers, insurance brokers, or reinsurers
  • Credit reference agencies
  • Websites or software applications for use on computers or mobile devices and/or social media content, tools and applications
  • Anti-fraud databases, sanctions lists, court judgments and other databases
  • Government agencies
  • Any open electoral register; or
  • In the event of a claim, third parties including the other party or parties to the claim, witnesses, experts, loss adjusters, solicitors, claims handlers, translators, surveillance agents, engineers and others

5. Identities of Data Controllers and Data Protection Contacts

The operation of the insurance market means that personal data may be shared between insurance brokers, insurers, reinsurers and other market participants. You can find out the identity of the controller or controllers of your personal data in the following ways:

  • If you took out the insurance yourself, get in touch with the data protection contact at your insurance broker or the entity you dealt with in taking out the insurance
  • If your employer or another organisation took out the insurance for your benefit, you should get in touch with the data protection contact at your employer or the organisation that took out the insurance
  • If you are not a policyholder or an insured under the insurance, you should get in touch with the organisation that collected your personal data

6. The purposes, categories, legal grounds and recipients of our processing your personal data

Your personal data may be processed for the following purposes:


  • Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks
  • Evaluating the risks and matching them to appropriate policy terms/premium
  • Payment of premium where the insured is an individual

Policy administration:

  • Client care, including communicating with you and sending you updates
  • Payments to and from individuals

Claims processing:

  • Managing insurance and reinsurance claims
  • Defending or prosecuting legal claims or regulatory proceedings
  • Investigating or prosecuting fraud


  • Contacting you/the insured to renew the insurance
  • Evaluating the risks and matching them to appropriate policy terms/premium
  • Payment of premium where the insured is an individual

Other purposes including:

  • Complying with our regulatory or legal obligations
  • Risk modelling
  • Effecting reinsurance contracts
  • Transferring books of business, company sales, restructuring and reorganisation

We may also disclose personal data to the following non-exhaustive list of entities:
reinsurers, financial institutions, service providers, contractors, agents, tax authorities, law enforcement and other regulators and group companies in connection with the above purposes. You will find the current list of service providers and our companies who participate in data-processing operations here on our website or by emailing

We process your data on one of the following legal grounds:

  • in order to place and operate the contract(s) of insurance;
  • where a legitimate interest to do so has been identified for which processing of your data is necessary and which balances your interest, rights and freedoms e.g. protecting you from fraud or personalising the insurance product to you; or
  • where we have a legal obligation to do so e.g. to prevent money laundering.

7. Consent

To provide insurance and deal with insurance claims in certain circumstances we may need to process special categories of your personal data (see 1.8 above), such as medical or criminal records. Your consent to this processing may be necessary to achieve one or more of the purposes set out above.

Where this is the case, you may withdraw your consent to such processing at any time by notifying If you do withdraw your consent, however, this may mean we cannot provide insurance or pay claims.

8. Profiling

When calculating insurance premiums, we may compare your personal data against other data such as industry averages or fraud patterns. Your personal data may also be used to create such other data to ensure, among other things, that premiums align to risk.

We may make decisions based on profiling and without staff intervention (known as automatic decision making).

9. Storage and retention of your personal data

Data is held by us on servers and in printed form, as well as on our behalf in off-site storage facilities. We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, so long as there is any possibility that either you or we may bring or face legal claims in connection with the insurance contract(s), or if there are legal or regulatory reasons to retain your data, we must do so.

10. International transfer of data

We may need to transfer your data to third parties outside the European Economic Area. These transfers will be made in compliance with the GDPR.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact

11. Amendment

We may amend this Privacy Notice from time to time. We will let you know if we make any significant changes.

12. Your rights

If you have any questions about our use of your personal data, please contact the relevant data protection contact as explained above. In certain circumstances you may have the right to require us to:

  • Provide you with further details about the use we make of your personal data
  • Provide you with a copy of the personal data we hold
  • Correct any inaccuracies in the personal data we hold
  • Delete any personal data we no longer have any lawful ground to use
  • Where the processing requires your consent, to withdraw that consent so we stop the processing in question
  • Transfer your personal data to another organisation
  • Object to any processing based on the legitimate interests ground at paragraph 4, bullet point 3 above unless our reasons for that processing outweigh any prejudice to your data protection rights
  • Object to automated processing, including profiling
  • Restrict how we process or use your personal data in certain circumstances e.g. whilst a complaint is being investigated

In certain circumstances we may need to restrict the above rights to safeguard the public interest (e.g. prevention or detection of crime) or our interests (e.g. legal or litigation privilege).

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think we have breached the GDPR, you have the right to complain to the relevant national authority, detailed below.

      Germany (lead supervisory authority)
      Die Landesbeauftragte für den Datenschutz Niedersachsen
      Prinzenstraße 5
      30159 Hannover
      Phone: +49 (0511) 120 45 00
      Fax: +49 (0511) 120 45 99

      Drottninggatan 29
      5th Floor
      Box 8114
      104 20 Stockholm
      Tel. +46 8 657 6100
      Fax +46 8 652 8652

      Garante per la protezione dei dati personali
      Piazza di Monte Citorio, 121
      00186 Roma
      Tel. +39 06 69677 1
      Fax +39 06 69677 785

      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      SK9 5AF
      Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

      Information Commissioner’s Office
      45 Melville Street
      EH3 7HL
      Tel: 0131 244 9001

      Information Commissioner’s Office
      2nd Floor
      Churchill House
      Churchill Way
      Cardiff CF10 2HH
      Tel: 029 2067 8400

      Northern Ireland
      Information Commissioner’s Office
      3rd Floor
      14 Cromac Place
      BT7 2JB
      Tel: 0303 123 1114 (local rate) or 028 9027 8757 (national rate)

13. Contact Us

Head Office:
Data Protection Officer
Roderbruchstraße 26
30655 Hannover
Tel. +49 511 5604-2909

UK Branch:
Legal & Compliance
10 Fenchurch Street
Tel. +44 (20) 7015 4000

Scandinavian Branch:
Legal & Compliance
Hantverkargatan 25
P.O Box 22085
SE-104 22 Stockholm
Tel. +46 8 617-5485

Italian Branch:
Data Protection Officer
Roderbruchstraße 26
30655 Hannover
Tel. +49 511 5604-2909

Australian Branch - Privacy Policy

We comply with the Privacy Act 1988 (the Privacy Act) and, where applicable, State or Territory legislation in relation to health information. The Privacy Act sets out the requirements for Companies with regard to their handling of your personal information.

The HDI Global Specialty SE - Australian Branch has established a Data Breach Notification Scheme, to ensure that affected individuals are notified about serious data breaches.

A breach occurs where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals AND this event is likely to result in serious harm to an individual:

  • Financial harm that could allow identity theft or fraud (e.g. Loss of financial data, credit card information, etc.)
  • Any other harm that, if the information was disclosed, could be deemed sensitive by that person and may subject them to discriminatory treatment, humiliation or damage to their reputation (e.g. health and other private information)
  • Harm may be physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation

What happens after a breach?

If a breach occurs we must, within 30 days of any breach or data loss, notify all affected customers and the Government Privacy Commissioner and disclose the information involved. We must also advise the affected customers what they should do to protect themselves.

If you wish to contact us about the handling of your personal information, accessing or correcting your information or to make a complaint, please contact:

      Privacy Officer
      HDI Global Specialty SE - Australian Branch
      Tower 1, 100 Barangaroo Avenue
      Level 40, Suite 40.3
      Sydney NSW 2000
      Tel +62 2 8646 8320
      E-mail address:

Download Australian Privacy Policy (PDF)

Canadian Branch Privacy Policy

We comply with the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and, where applicable, with the “PIPA Alberta”, “PIPA BC', and “Quebec Privacy Act” (collectively: “Canadian Privacy Statutes”).

These Canadian Privacy Statutes set out the requirements for HDI Global Specialty SE Canadian Branch with regard to the handling of your personal information.

If you wish to contact us about the handling of your personal information, accessing or correcting your information or to make a complaint, please contact:

      Privacy Officer
      HDI Global Specialty SE - Canadian Branch
      Suite 400, 220 Bay Street,
      Toronto, ON  M5J 2W4
      Tel +1 416-867-9712
      E-mail address: