Euler Hermes Rating GmbH, (“EHRG”, “we”, “us”, or “our”) is an independent subsidiary of the Euler Hermes Group which is part of the Allianz Group. Euler Hermes Rating GmbH is the leading Rating Agency for medium-sized companies.
This privacy notice pertains to the following legal entity:
Euler Hermes Rating GmbH
(“EHRG”, “we, “us” or “our”)
At EHRG we care about your personal data. This privacy notice explains the kinds of personal data we collect about you, how and why we collect and use it and how long it is kept. We also explain your rights to access, correct, or object to the processing of this data (including requesting deletion, subject to applicable laws and regulations).
Please read this notice carefully. And in case you have any questions, contact us firstname.lastname@example.org
1 General Information
1.1 This section pertains to customers, business partners, applicants and third parties, as well as individuals who are just visiting our websites.
1.2 Is EHRG a “data controller”? What does that mean?
Yes, EHRG is a “data controller” as defined by applicable laws and regulations (specifically, the EU General Data Protection Regulation). This means that EHRG is the legal entity in control of the personal data it collects and is required by law to ensure policies, processes and procedures are in place to safeguard this data and respect the rights of the individuals whose data is collected. Personal data is all data that can be related to you personally, e.g. name, address, email address, user behavior.
1.3 What kind of personal data does EHRG collect about you?
Depending on what information you provide or preferences you select, EHRG may collect the following categories of personal data about you:
- If you subscribe to our Newsletter (Info-email) we collect your name, your email address and information on user behavior.
- If the use of the website is limited to informational purposes – i.e. if you do not use our contact form – the personal data we collect is limited to the data that your browser sends to our server. If you want to view our website we collect the following data that is required to display the website and to ensure stability and security: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/ HTTP status code, the respective amount of transferred data, the website that forwarded the request, browser, operating system and the language and version of your browser.
1.4 For which purposes and on which legal basis does EHRG use your personal data?
We use your data on the basis of
- our legitimate interests, to
- provide, maintain, improve, and develop our services and tailor them to your needs and interests
- enhance the security of EHRG’s IT-systems for the benefit of all our users
- communicate with you
- Compliance with legal obligations to
- comply with law enforcement requests or discovery procedures, or where required or permitted by applicable laws, court orders, government regulations, or government authorities, where it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our policies or terms
- your consent, to
- provide, maintain, improve, and develop our services and tailor them to your needs and interests
- communicate with you
- inform and advice you on products of EHRG (e.g. by sending you advertisements)
- for the preparation and/or performance of a contract with you, to
- prepare offers for one of our products, deliver our services to you and fulfill our mutual contractual obligations
- carry out the application process
- set up and maintain your user accounts, for technical support or for other related purposes
If we use your data for any other purposes than described in this policy, we will inform you about such other purpose and will obtain your consent where required.
1.5 Where will your personal data be processed?
Personal Data collected by EHRG may be processed both inside and outside of the European Union (“EU”) and the European Economic Area (“EEA”), subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.
Please note that EU / EEA Member States and other countries all have different laws regarding the protection of personal data. When your personal data is transferred from your own country to another country, the laws and rules that protect your personal data in the country to which your information is transferred to may be different (or less protective) from those in your country of residence. For example, the circumstances in which law enforcement can access personal data may vary from country to country.
Whenever we transfer your personal data for processing outside of the EEA, we will implement effective transfer mechanisms (e.g. EU Standard Contractual Clauses or Binding Corporate Rules) to ensure an adequate level of data protection.
1.6 How long do we keep your personal data?
We will not retain your personal data longer than necessary to fulfil the purposes for which it was collected for or to fulfil legal obligations, or as permitted by law, e.g. to defend legal claims. Afterwards, we will delete your personal data. The individual retention periods depend on the type of personal data and the purpose of its processing.
1.7 What are your rights in respect of your personal data?
To the extent permitted by applicable data protection laws and regulations, you have the right to:
- access personal data held about you, including information such as, for example, the source and the categories of the data, the purposes of the processing, the recipients (or categories thereof) and the respective retention period;
- request the update or correction of your personal data so that it is always accurate;
- obtain your personal data in an electronic format for you or for another controller;
- request the deletion of your personal data if it is no longer needed for the purposes for which they were collected or otherwise processed;
- restrict the processing of your personal data in certain circumstances, for example, where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
- object to the processing of your personal data on specific grounds relating to your particular situation that overrides our compelling legitimate grounds for the processing; and
- withdraw your consent at any time where your personal data is processed with your consent, without affecting the lawfulness of processing based on consent before its withdrawal or where there is another legal basis for processing your data (e.g. overriding legitimate interests);
- file a complaint with the data controller and/or the relevant data protection authority.
- you may exercise these rights by contacting us via email@example.com and providing your name and email address as well as the purpose of your request.
2.1 How does EHRG collect your data?
There are several types of cookies:
(a) Session Cookie (or “temporary cookie”)
A session cookie allows us to store your action during your browser session (e.g. your log-in data). Session cookies are erased when you close your browser or exit our website.
(b) Persistent Cookie (or “tracking cookies”)
A persistent cookie is stored on your device in between browser sessions. These cookies help us to remember your preferences or actions every time you visit our website until the expiry date of the cookie. You can delete the cookies in the security settings of your browser at any time.
(c) Third-Party Cookie
These cookies are set by a third party separate from our website, for example to provide advertisements like banners for third-party products or social media buttons.
On our website, we use the following cookies:
|name of cookie||usage||storage time||type of cookie|
|.ga||Google Analytics cookies to differentiate between users||2 years||Third party cookie|
2.3 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. „(„Google“). Google Analytics uses „cookies“, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will shorten your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.
The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
This website uses Google Analytics with the extension „_anonymizeIP()“. As a result, IP addresses are processed in abbreviated form, so that a personal reference can be ruled out. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Par. 1 S. 1 lit f DSGVO.
3 Newsletter (Info-emails)
3.1 By providing your consent you can subscribe to our Newsletter which we use to provide you with information on current industry assessments, our methodologies, products and publications. The advertised services and products are stated in the declaration of consent.
3.2 The subscription to our Newsletter is performed with a double opt-in procedure. This means we will send you an email to the email address you provided and ask you to confirm your subscription to the Newsletter. If you do not confirm your subscription within 24 hours we will block access to your information and delete it after a month. We also store the IP address you used to subscribe and the timestamp for the subscription and confirmation. We do this to be able to prove that you subscribed and to be able to resolve a possible misuse of your personal data.
3.3 In order to be able to send the Newsletter we need your email address and we collect your name and form of address so we can address you personally. Once you have given your consent we will save this data for the purpose of sending the Newsletter. The legal basis is Art. 6 Par. 1 a GDPR.
3.4 You can withdraw your consent to the sending of the Newsletter at any time and unsubscribe. You can withdraw your consent by clicking the link that is included in every Newsletter email, by sending an email to firstname.lastname@example.org or with a message sent to the imprint contact data.
3.5 We evaluate your user behavior when sending the Newsletter. For the purpose of this evaluation the emails contain so-called web-beacons/ tracking-pixel which are one-pixel images that are stored on our server, or on the server of our email service provider. For the evaluation we link the data mentioned in 1.3 and the web-beacons to your email address and an individual ID. With the resulting data we create a user profile that we use to tailor the Newsletter to your individual interests. We record when you read our Newsletter, which of the links contained in the Newsletter you click and use this to draw conclusions on your personal interests.
You can object to this tracking at any time by unsubscribing to the Newsletter. You can do this by clicking the link that is included in every Newsletter email or by contacting us at email@example.com. The Information is only stored for as long as you have subscribed to the Newsletter. After you unsubscribe we anonymize the data and store it for statistical purposes.
3.6 Email service provider MailChimp
4 Third parties
When providing our rating services and other analysis related services we may collect information about you and your company provided by third parties and publicly available information. Additionally, we might collect information that you directly disclose to us. We collect data regarding:
- Sector, company name, legal form, names of representatives (e.g. directors) as well as contact persons, email address, address and information regarding your creditworthiness (e.g. payment and risk incidents)
5 How can you contact us?
If you have any queries about your personal data, you can contact us at firstname.lastname@example.org
6 How often do we update this privacy notice?
We regularly review this privacy notice and make changes to it from time to time. We will ensure the most recent version is available here and we may additionally notify you directly (e.g. via email) in the event of significant changes. This privacy notice was last updated in September 2018.