MIRA - Insurance Broker & Consulting

Privacy Policy

last updated: 24.05.2018



MIRA Insurance Broker and Consulting GmbH ("MIRA", "us", "we", "our") understands the importance of protecting the privacy of users of this website and its clients ("you", "your"). This Privacy Policy ("Privacy Policy") together with our Terms of Use and any other documents referred to on it is valid for the online offer at www.miracgn.de and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us

Our Terms of Use set out, amongst other provisions, disclaimers, and limitations of liability governing the use of this website. Please also see the MIRA Terms of Use.

Who are we and what do we do?

MIRA offers a comprehensive insurance service, which has been specifically designed for customers of the Malca-Amit Group of Companies.

Controller in the meaning of data protection law for this website is MIRA Insurance Broker and Consulting GmbH, [Sophienstr. 1, 51149 Köln, Germany, email address: info@miracgn.de]. Exceptions from this will be explained in this Privacy Policy

What information do we collect?

We collect and process the following personal data about you:

Server data: For technical reasons, data such as the following, which your internet browser transmits to us or to our web space provider (so called server log files), is collected: - type and version of the browser you use - operating system - websites that linked you to our site (referrer URL) - websites that you visit - date and time of your visit - your Internet Protocol (IP) address. The data is used for statistical purposes in order to improve and protect our website and services. Please also refer to the "Log Files" section for further information.

Data deriving from communication with you:we offer you the opportunity to contact us, either by email and/or by using a contact form (e.g. Insurance Request Form, referred to as "IRF"). In such event, information provided by you is stored for the purpose of facilitating communications with you.

Details of your visits to our website (please refer to the sections on "Log Files" and "Cookies" for further information)

Do we process personal data?

All information which is related to an identified or identifiable natural person (e.g., name, address, phone number, date of birth or email address) is personal data. The processing of your personal data which we obtain either through this website or from the IRF forms filled out by you, entails for example the data's collection, recording, usage, transmission to third parties or deletion.

There are areas of the website that ask for your personal data. These include certain areas of the website which require registration or a password for access.

For example, when registering on, or otherwise using, the website, you may for example be asked to enter your Company Name, First Name, Last Name, Form of Corporation, Seat of Corporation, Authorized Representative & position, Address, Zip Code, City, Country, Telephone, Fax and Mobile. Personal data that we also obtain about you from other sources might include data from anti-fraud databases, sanctions lists, court judgements and similar databases as well as publicly available information from the internet.You may also visit our website without a prior registration, but may not be able to access all content areas in this case or use the services offered.

What are the purposes and legal bases for the processing of your data?

We process your personal data for the following purposes, based on the legal bases listed:

No Purpose for processing Legal basis for processing Description of legitimate interest for processing if applicable
1 To provide a website for the general public according to our Terms of Use Legitimate interest We have a legitimate interest in providing a website also for non-registered users, in order to generally inform about our business and our services.
2 To provide a protected website area for registered users in accordance with our Terms of Use Performance of a contract n/a
3 To provide our services and to fulfil our contract with you, i.e. negotiating insurance with (re)insurers and their agents; facilitating and bringing about your contract with (re)insurers; claims investigation and settlement; statistical analysis of your aggregated risk and claims data for reporting purposes and developing our insurance products. Performance of a contract n/a
4 To help us further develop our services. Legitimate interest We have a legitimate interest in developing and improving our services in order to preserve and grow our business.
5 To provide you access to valuable MIRA internet-based information and services, and to bill you for those services if you elect to use them. Performance of a contract n/a
6 To determine disruptions and to ensure the security of our systems, including the detection and tracing of (the attempt of) unauthorised access to our web servers. Compliance with the legal obligations regarding data security as well as legitimate interest We have a legitimate interest in resolving disruptions, ensuring the security of our systems and the detection and tracing of (the attempt of) unauthorised access.
7 To safeguard and defend our rights. Legitimate interest We have a legitimate interest in exercising and defending our rights.
8 To comply with relevant legal obligations, such as keeping accounting records; fulfilling our legal obligations under applicable anti-money laundering and counter-terrorism laws to which we are subject Compliance with legal obligations. n/a

How do we protect your personal data?

We implement a variety of security measures to maintain the safety of your personal data. We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our database to be only accessed by those authorized with special access rights to our systems, and are required to keep the information confidential.

Log files

We may collect information about your computer, including where available, your IP address, operating system and browser type, the internet address of the website from which you access our website and the date, time and duration of the access.

We save log files for the purposes of determining disruptions and for security reasons (e.g., to investigate attack attempts) for a period of 7 to 10 days and delete them thereafter. Log files which need to remain stored for evidence purposes are excluded from deletion until the respective incident has been finally resolved and may be forwarded to investigating authorities on a case-by-case basis.

Do we use cookies?

Yes (cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information).

We use cookies only in order to provide website functionalities ("strictly necessary cookies").

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all or some cookies via your browser settings. Also, depending on what type of web browser and what browser version you are using, you may be able to change the properties on your cookie file so that cookies are not used or saved. Cookies can also be removed from your hard drive. Please check with your browser provider for more information on removing cookies.

Like most websites, if you decline to accept cookies, some of our services may not function properly (for example, you will not be able to log on to any part of the website which is accessible only to registered users). Where you are unable to log on to the website due to your declining cookies, you can still place orders by contacting customer service.

We only use the following types of cookies:

Cookies strictly necessary for a service.

Some cookies are strictly necessary so we can offer our website safely. This category includes, e.g

- Cookies which serve the purpose of identifying or authenticating our users;.

- Cookies that temporarily store certain user entries (e.g. content of an online form)

Do we disclose any information to other parties (who are the recipients of your data)?

Except as set out in this Privacy Policy, we do not sell, trade, or otherwise transfer your personal data to outside parties. Your personal data may be transferred to the following categories of recipients:

Service providers (data processors)

The service providers we engage are not permitted to use the information collected and/or processed on our behalf except to help us conduct our business and subject to our instructions on the basis of a data processor agreement. We disclose your data to the following categories of service providers:

- IT service provider (hosting service)

- Provider of Software as a Service (SaaS)

Our service providers are located in the European Economic Area (EEA) respectively the European Union (EU),. See below for transfers of data to recipients in non-EEA countries.

Third parties

We also may disclose your personal data to our affiliates, parent and sister companies and other trusted third parties who assist us in conducting our business, or servicing you and the fulfilment of your order, so long as those parties agree to keep this information confidential. We may disclose your personal data to the following categories of third parties:

- (re)insurers and their agents, loss adjusters, independent experts (e.g. gemologists, lawyers), diamond & jewellery show or private events' organizers, IT service providers, finance companies used for insurance premium/claims payments; identity checking and screening services providers (in particular service providers such as Dow Jones/Factiva Ltd., Accuity and Thomson Reuters Ltd.) etc.

- in the event that we sell or buy any business or assets, in which case, we may disclose your personal data to the prospective seller or buyer of such business or assets if legitimate under applicable laws;

- if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets, if legitimate under applicable laws.

We may also release your data when we believe release is appropriate to comply with the law, enforce any website policies, or protect our or others' rights, property, or safety.

Third parties are located in the European Economic Area (EEA) respectively the European Union (EU) and the USA. See below for transfers of data to recipients in non-EEA countries.

Transfers of your data to countries outside the EEA

We also may forward personal data to data processors or third parties located outside the European Economic Area ("EEA"). In such cases we ensure prior to the transfer that the transfer is subject to appropriate safeguards, for example by self-certification of the recipient for the EU US Privacy Shield (Art. 45 GDPR) or by having agreed upon so-called standard data protection clauses of the European Union with the recipient (Art. 46 GDPR) or you have given your explicit consent.

You may also receive an overview of third country recipients and a copy of the appropriate or suitable safeguards in place. Please use the details provided in the "Contacting Us" section.

For how long do we keep your personal data?

We store your data as long as it is necessary to provide this website and the services connected with it or as long as we have a legitimate interest in continued storage. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this insurance In all other cases, we delete your personal data with the exception of such data that we are required to retain for the purpose of contractual or statutory (e.g., taxation or commercial law) retention periods (e.g., invoices).

What are your rights and how can you exercise them?

You have the following rights:

Right of access and rectification:

You have the right to obtain confirmation from us as to whether or not your personal data is being processed and a right to access your personal data that is being processed by us.

You also have the right to obtain without undue delay the rectification of any inaccurate personal data relating to you and to have any of your personal data that is incomplete completed.

In case we have transferred your personal data to third parties, we will inform them about this rectification and completion if required by law.

Right to erasure ('right to be forgotten')

You have the right to obtain the erasure of your personal data from us without undue delay and we have the obligation to erase your personal data without undue delay if one of the following grounds applies:

- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- the processing of your personal data is based solely on your consent and you have withdrawn your consent;

- you have objected to direct marketing;

- you have objected to the processing that is based on our legitimate interest on grounds that relate to your particular situation and there are no overriding legitimate grounds for the processing;

- your personal data have been unlawfully processed;

- your personal data have to be erased for compliance with a legal obligation

In case we have transferred your personal data to third parties, we will inform them about this erasure if required by law.

Please keep in mind that there are limitations to your right to erasure. We are for example not allowed to erase data that we are legally obliged to store. Also, your right to erasure does not apply if we need to store the data for the establishment, exercise or defence of legal claims.

Right to restriction of processing:

You have the right to restrict our processing of your personal data where

- you contest the accuracy of the personal data until we have taken sufficient steps to correct or verify its accuracy;

- the processing is unlawful but you do not want us to erase the data;

- we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or

- you have objected to processing based on our legitimate interest (see below) pending verification as to whether we have compelling legitimate grounds to continue processing.

Where personal data is subjected to restriction in this way, we will only process it with your consent or to a very limited extent, e.g. for the establishment, exercise or defence of legal claims.

Rights to object:

You have the right to object to the processing of your personal data that is based on our legitimate interest, on grounds relating to your particular situation, at any time. You also have the right to object to the processing of your personal data for marketing purposes at any time. Please also refer to the "Information on your rights to object" section.

Right to Data portability:

Where we are relying upon your consent or the fact that the processing is necessary for the performance of a contract to which you are party as the legal basis for processing, and that personal data is processed by automatic means, you have the right to receive all such personal data which you have provided to us in a structured, commonly used and machine readable format, and also to require us to transmit it to another controller where this is technically feasible.

Right to withdraw consent

Where we have relied on your consent to process particular information and you have provided us with your consent to process data, you have the right to withdraw such consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with the Supervisory Authority:

You have the right to lodge a complaint with a Supervisory Authority. You can appeal in particular to the Supervisory Authority, which is competent for your place of residence or your state or to the Supervisory Authority which is competent for us. This is:

Landesbeauftragte fuer Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4, 40213 Duesseldorf

Tel: +49 (0)211/38424-0

Fax: +49 (0)211/38424-10

E-Mail: poststelle@ldi.nrw.de

You may exercise your rights by contacting us via the contact details supplied in the "Contact Us" section Please ensure for this purpose that a clear identification of your person is possible for us.

Are you required to provide us with your data?

You can also visit our website without disclosing your personal data to us. For registration purposes you are, however, obliged to provide us with the personal data needed for contract establishment and performance (for example the name, address, e-mail address); we mark these mandatory details with an asterisk *. If you decide not to provide us with this information, you will unfortunately not be able to register or use any of our services which require a registration.

Online security

Unfortunately, the transmission of information via the internet is not completely secure. Whilst we will all reasonable endeavours to protect your personal data, we cannot guarantee the security of your data transmitted to the website: any such transmission is at your own risk.

Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. We may also include links to and from the websites of third parties. These third party websites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these third-party linked websites or for their independent privacy policies. You should consult the privacy policies at those sites to determine how your personal data may be used. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Online and Offline Privacy Policy

This Privacy Policy applies to personal data collected through the website, as well as to any personal data collected offline.

Changes to our Privacy Policy

If we decide to change this Privacy Policy, we will post those changes on this page, and update the Privacy Policy modification date below.

Contacting Us

If there are any questions regarding this Privacy Policy, you may contact us using the information below.

Our postal address is: Sophienstr. 1, 51149 Koeln, Germany.

We can be reached by telephone at +49 (0)2203-2203-96166-0.

We can be reached by email at info@miracgn.de.

This policy was last modified on 24.05.2018.



MIRA - Insurance Broker & Consulting

Information on your rights to object

Right to object to direct marketing

You may at all times object to the processing of your personal data for direct marketing purposes. Please take into account that, due to logistical reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.

Right to object to processing based on legitimate interest

Furthermore, you may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on the legal basis legitimate interests.

You may address your objections to:

Sophienstr. 1, 51149 Koeln, Germany

Tel +49 (0)2203-2203-96166-0

Email: info@miracgn.de