The website is used for internal applications for donations and memberships in accordance with the ERGO Donations and Memberships Guideline, as well as for administration and maintenance. Access to this system is administered by the responsible ERGO departments Sustainability and Strategic Marketing & Customer Communications. The employee's e-mail address and a password of their choice are used as access data.

The controller responsible for data processing is
ERGO Group AG
ERGO-Platz 1
40477 Düsseldorf
Germany

You can contact our Data Protection Officer at the above address, adding ‘Data Protection Officer’, or by emailing dp-international@ergo.de.

Data processed, purpose and legal basis
The name and work email address of the applicants (employees of ERGO companies) and their superiors are processed for the purposes of user authentication and use of the system's content. Use of the system is necessary for the performance of tasks within the employment relationship (Section 26 (1) German Federal Data Protection Act, BDSG).

Transfer of data, in particular to third countries
The data is only received by those ERGO employees who are responsible for the respective process. For the purposes mentioned above, it may also be transferred to the service provider of the tool and to the service providers contracted by them for cloud hosting. Service providers only receive the data necessary for them to fulfil their tasks and, like our own employees, are obliged to maintain confidentiality. Your data will not be passed on to third parties for any purposes other than those mentioned above. The data will only be processed within the EU. The servers are located in Frankfurt (Germany) and Dublin (Ireland).

Storage duration
The storage duration is subject to the statutory retention requirements, max. 10 years.

Your rights
According to the EU General Data Protection Regulation (GDPR), you have the following rights: You have the right to request information about the data stored about you (Art. 15 GDPR). If incorrect personal data is processed, you have the right to request its correction (Art. 16 GDPR). If the legal requirements are met, you can request the deletion or restriction of the processing and object to the processing (Art. 17, 18 and 21 GDPR).