Thank you for visiting our website and for your interest in msg life Iberia. In addition to providing our customers with holistic support, the protection of your personal data is extremely important to us.
The most important categories of data protection information are set out below.
The data controller responsible for collecting, processing and using your personal data in the sense of the European General Data Protection Regulation (GDPR) is:
msg life Iberia
Paseo de la Castellana nº93, 2ª planta
ES-28046 Madrid, Spain
Phone: + +34 917 941 796
You can contact the data protection officer by e-mail or postal mail:
msg life Iberia – C/o Data Protection Officer
Paseo de la Castellana nº93, 2ª planta, ES-28046 Madrid, Spain
1) Why we use data
We aim to continuously improve our website, products and services and make them more attractive. Only when we know what sections of our website are visited most frequently and for the longest can we optimize the content of the msg life Iberia website in line with your requirements. If you entrust us with personal information, it will be used by msg life Iberia for the purposes of technical administration of the website, customer management, product surveys and marketing. The better we understand your wishes, the faster you will be able to find the information on our website.
2) Data processing
In this section, we describe the collection of data when you use our website. Personal data are all data that can be attributed to you personally, for example, your name, address, email addresses and user habits.
Besides the data that you provide to us, we use information based on how you use our website in order to guide you to information that might be of interest to you as quickly as possible and optimize our website continuously.
When you visit our website, we only collect the personal data that your browser sends to our server. If you would like to view our website, we collect data that are technically necessary for us to display our website and ensure its stability and security. The following data are collected:
In addition, our Internet site offers a contact form that can be used to contact us electronically. When a user takes advantage of this option, the information they enter on the input screen is transferred to us and stored. That data is:
The following information is also stored when you submit your message:
3) Legal basis
Personal data is collected through the contact form available on this website and its processing is based on the pre-contractual steps requested by the personal data subject – Article 6 (1) (b) of the GDPR.
We may also send you promotional messages or newsletters, ensuring that before the first message the data subject’s express consent will be requested for the sending of such messages – Article 6, paragraph 1, point (a), of the European General Data Protection Regulation (GDPR) serves as legal grounds.
Article 6, paragraph 1, point (c), of the GDPR serves as legal grounds for the processing of personal data where processing is necessary for compliance with a legal obligation to which our company is subject.
Additionally, we process personal data for the purposes of our legitimate interests and the legitimate interests of third parties in accordance with Article 6, paragraph 1, point (f), of the GDPR. Such legitimate interests include preserving the functionality of our IT systems, marketing our own and third-party products and services and the legally necessary documentation of business contacts.
4) Purpose of processing
5) Conservation Period
The personal data of the data subject will be erased or blocked as soon as the purpose for which they were stored has been achieved. Data can only be stored beyond this point if provided for by European or national legislation in European regulations, laws or other ordinances to which the controller is subject. The data will then be blocked or erased at the end of a storage period prescribed by these legal standards unless it is necessary to continue storing the data for the conclusion or performance of a contract.
If the data have been stored in log files, they will be deleted within no more than seven (7) days. It is possible to store the data for a longer period. In this case, the IP addresses of the user will be deleted or anonymized in order to prevent them from being associated with the visiting client.
Your data are processed in Germany. Data are also processed in European and third countries within the boundaries of the law.
In order to protect your data from being hacked and misused, msg life ag has taken extensive technical and operational security precautions in line with European legislation.
The transfer of personal data to recipients outside of the msg life Group is subject to admissibility criteria concerning the processing of personal data.
The recipient of the data is contractually obliged to process the data, to only use the data for the stated purposes and to process the data in line with the instructions of the msg life Group.
If personal data are transferred by a company based in the European Economic Area to a company based outside of the European Economic Area (a third country), the importing company is obliged to cooperate with any and all queries made by the supervisory authority responsible for the exporting company and heed the conclusions of the supervisory authority with regard to the transmitted data. The same applies analogously to data transfers by companies from other countries. If they are participating in an international certification system for binding data protection regulations for companies, they must ensure that they cooperate with the certification bodies and authorities in accordance with the rules of the system.
In cases of cross-border data processing, each set of national requirements concerning the disclosure of personal data abroad must be met. In particular, personal data are only transferred from the European Union and European Economic Area to a third country if the specific requirements of the GDPR concerning data transfers to third countries are met and the processing of the personal data is lawful. The following are examples of suitable instruments:
If personal data concerning you are processed, you are a data subject in the sense of the GDPR and you have the following rights with regard to the controller:
1) Right to information
You are entitled to request free information on the scope, origins and recipients of the stored data as well as the purpose for which the data were stored.
2) Right to rectification
You are entitled to obtain from the controller the rectification and/or completion of the personal data concerning you, provided that they are inaccurate or incomplete. The controller must carry out the rectification without delay.
3) Right to erasure
You are entitled to obtain from the controller the erasure of personal data concerning you without delay and the controller is obliged to erase personal data without delay where one of the following grounds applies:
(1) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Article 6, paragraph 1, point (a), of the GDPR, or Article 9, paragraph 2, point (a), of the GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21, paragraph 1, of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21, paragraph 2, of the GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1, of the GDPR.
4) Right to data portability
In certain circumstances, you are entitled to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format.
5) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6, paragraph 1, points (e) or (f), of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The user can revoke his/her consent to the processing of their personal data at any time. If the user contacts us by email, he/she can object to the storage of his/her personal data at any time. If you wish to withdraw your consent or modify the personal data you have provided for the purposes of correspondence, registration, etc., please send an email to the Marketing department of msg life Iberia at Iberia@msg-life.com.
6) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
To request the exercise of any of the rights listed above, you may contact the DPO by email or postal mail.
1) What are cookies and the cookies we use
The provider of the pages automatically collects and stores information in server log files, which your browser sends to us automatically. This information includes:
your browser type and version, your operating system, the referrer URL, the hostname of the visiting computer, the date and time of the server request and your IP address.
Such data cannot be attributed to individual people. These data are not merged with other sources of data. We reserve the right to subsequently examine these data if we have specific indications of unlawful use. These data are not merged with other sources of data.
You can set your browser to inform you whenever cookies are in use and allow cookies only in individual cases, to accept cookies in certain situations or to prohibit their use altogether, as well as activate the option to have them automatically deleted when you close the browser. Deactivating the cookies may prevent certain functions of the website from working properly.
2) Legal basis for data processing
Article 6, paragraph 1, point (f), of the GDPR serves as the legal basis for the processing of personal data collected by cookies. We have a legitimate interest in the storage of functional and necessary cookies in order to optimize the provision of our services with no technical errors. In another cases, such as marketing and analytical cookies, your consent will be requested for the storage – Article 6, paragraph 1, point (a), of the European General Data Protection Regulation (GDPR).
3) Rights to object and erasure
Cookies that are already on your computer can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, this might result in some of the features of the website not being fully available. You can withdraw your consent provided at any time, by modifying the choice at the cookies preference of the website.
Find out how to manage cookies on popular browsers:
4) Use of Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses so-called “Cookies”. Cookies are text files that are stored on your computer, enabling the analysis of your website usage.
It cannot be excluded that the collected information may be transferred to a Google server in a third country and saved there, especially a server of Google’s parent company, Google LLC, based in 1600 Amphitheatre Parkway, Mountain View, California, USA.
The IP anonymization function is activated on this website, Google will shorten your IP address prior to storing it; this shall be done for all member states of the European Union or in other states where the agreement pertaining to the European Economic Area applies. Only in cases of exception will the full IP address be sent to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use said information to analyze your use of this website, to create reports on website activities and to provide other services affiliated with the website usage and internet usage for the operator of the website. It this case, pseudonymous user accounts can be created based on the processed data. The IP address delivered from your browser and shortened by Google Analytics will not be combined with other data of Google.
You can prevent the storage of cookies by activating the corresponding setting in your browser software. However, disabling the cookies used by our website may means you will not have full access to all of the functions of our website.
You may also prevent Google from collecting the data generated by the cookie and data related to your use of the website (including your IP address), as well as the processing of said data by Google, by downloading and installing the Browser Add-On: https://tools.google.com/dlpage/gaoptout?hl=en
More information on Google’s use of data for advertising purposes and possibilities concerning the settings and contradiction can be found on Google’s websites:
In order to virtualise meetings, msg life ag organises videoconferences in which participants’ voices and potentially also their images are transmitted to all of the other participants by microphone and webcam (‘videoconferences’).
In the process, msg life ag uses service providers which provide msg life ag with their software and potentially also technology (‘videoconference systems’). Pursuant to Article 28 GDPR, msg life ag has entered into a processing agreement with each of these service providers
a) Processing of data by msg life ag for the purposes of videoconferences
We have to process various types of data in order to use videoconferences. The total amount of data processed as part of videoconferences depends on the features of the videoconference system provided by the videoconference service provider and on the data each user provides before, during and after taking part in a videoconference.
As a rule, the following personal data can be processed for the purposes of a videoconference:
Data relating to the user: such as the user’s display name, online status (optional), status notifications, profile picture (optional), email address (under certain circumstances) and preferred language.
Meeting metadata: such as the date, time, duration, meeting ID, phone number (under certain circumstances) and location.
Text, audio, video and other multimedia data: Data from your microphone, your webcam or a device display (if you use a screen or content-sharing tool) will be processed for the duration of the meeting for the purposes of displaying video signals and audio signal and multimedia file playback. For example, the latter is necessary if you have to give a screen presentation. Each user can activate and deactivate the transmission of data from their camera and microphone at any time. A user has to actively turn on the screen/content-sharing tool and can turn it off again at any time.
You can also use the chat feature simultaneously in a videoconference. In this context, the text you type, the links or content you share and your social interactions (such as emojis, pictograms, ‘liking’ comments or sending GIFs) will be processed in order to show them to the participants in the videoconference.
b) Legal grounds for data processing
The legal grounds differ depending on whether employees of msg life ag are taking part in the videoconference organised by msg life ag:
If the personal data of employees of msg life ag are processed, the data processing is based on Section 26 of the German Federal Data Protection Act (BDSG) in conjunction with Article 88 GDPR in order to establish, execute (i.e. organise) and terminate the employment relationship.
For other videoconferences and if we have no contractual relationships with the participants (i.e. employment), we organise videoconferences on the basis of point (f) of Article 6(1) GDPR. In this context, we also have a legitimate interest in the effective execution of videoconferences for and with third parties.
c) Storage of data
Videoconferences are not recorded. If a videoconference is set to be recorded, msg life ag will inform all participants transparently and, if necessary, ask for their consent.
Microsoft logs the content of chats when Microsoft Teams is used. Files that users share in chats are stored in the OneDrive for Business account of the user who shared the file. Files that team members share in a channel are stored on that team’s SharePoint website.
No automated decision-making as defined by Article 22 GDPR is used.
d) Recipients of data
Personal data that are processed in connection with participation in videoconferences are only shared with our processors, i.e. the service providers who help us execute the videoconferences.
Otherwise, the data will only be disclosed to third parties if msg life ag is legally obliged to do so (e.g. by a court order) or if the data subject expressly consents to the disclosure of his/her data.
e) Data processing outside of the European Union
Where possible, msg life ag has restricted its storage sites to data centres in the European Union. Therefore, no data processing takes place outside of the European Union.
Our website uses social plug-ins. These are currently the plug-ins provided by Facebook, Twitter, LinkedIn and YouTube. Through these plug-ins, data – including personal data – can be sent to and potentially used by service providers in the United States.
1) Shariff security tools
The website itself does not collect personal data through the social plug-ins or through their use. msg life Iberia uses Shariff in order to prevent data from being sent to service providers in countries such as the United States without the knowledge of the user. This solution ensures that, initially, no personal data are disclosed to the providers of the individual social plug-ins when you visit our website. Only when you click on one of the social plug-ins can the data be sent to and stored by the service provider.
For more information on Shariff, please visit the website of the provider Heise Medien Gmbh & Co. KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
Our website features plug-ins from the social network Facebook, which is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, United States. You can identify Facebook plug-ins on our website by the Facebook logo or the ‘Like’ button. An overview of the Facebook plug-ins is available here: http://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our website with your Facebook account, please log out of Facebook.
You can change your privacy settings on Twitter in your account settings at http://twitter.com/account/settings.
Our website uses features of the network LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States.
Whenever you visit one of our pages that contains features of LinkedIn, a connection is established with LinkedIn servers. LinkedIn is notified that you have visited our website with your IP address. When you click the LinkedIn ‘Recommend’ button whilst logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. Please note that, as the provider of the website, we have no knowledge of the content of the transmitted data or how they are used by LinkedIn.
5) Google Maps
We use Google Maps on this website to visualize geographical information and to construct directions. Google Maps is a map service operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland („Google“).
While using Google Maps, Google will collect data concerning your use of google maps functions including your IP address. It cannot be excluded that the collected information may be transferred to a Google server in a third country and saved there, especially a server of Google’s parent company, Google LCC, based in 1600 Amphitheatre Parkway, Mountain View, California, USA.
If you are logged onto your Google account, Google can add the processed data to your account and treat them as personal data. This depends on your account settings (https://policies.google.com/technologies/partner-sites?hl=en).
The possibility of visualization is considered a legitimate interest as defined in Numeral 6, Para. 1, Item f of the General Data Protection Regulation (GDPR).
YouTube videos are embedded into our website. Operator of the relevant plugins is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. It works with the double click procedure. At first, our website just shows a thumbnail without establishing a connection to YouTube. When clicking on the thumbnail, a connection to YouTube will be established and your IP address will be transferred to the YouTube servers. YouTube will be informed that our website has been visited with your IP address. We do not receive information about this data and its use.
If you are logged onto your YouTube or Google account, Google can add the processed data to your account and treat them as personal data. This depends on your account settings (https://policies.google.com/technologies/partner-sites?hl=en).
We embed YouTube videos into our website that allow you to watch them directly. By integrating external videos, we relieve our servers and can use corresponding resources elsewhere in order to increase the stability of our servers. This is considered a legitimate interest as defined in Numeral 6, Para 1, Item f of the General Data Protection Regulation (GDPR).
Further information on the data processing by Google can be found at: https://policies.google.com/privacy?hl=en
Vimeo videos are embedded into our website. Operator of the relevant plugins is Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA. It works with the double click procedure. At first, our website just shows a thumbnail without establishing a connection to Vimeo. When clicking on the thumbnail, a connection to Vimeo will be established and your IP address will be transferred to the Vimeo servers. Vimeo will be informed that our website has been visited with your IP address. We do not receive information about this data and its use.
If you are logged onto your Vimeo account, Vimeo can add the processed data to your account and treat them as personal data. This depends on your account settings and you can adjust your cookie preferences (https://vimeo.com/cookie_policy).
Further information on the data processing by Google can be found at: https://vimeo.com/privacy
Our website uses Marketo, a web analysis and marketing service provided by Marketo EMEA Ltd. in Dublin, Ireland (‘Marketo’). The information generated by the cookie on how the user uses the website is normally sent to and stored by Marketo. Marketo will use this information on our behalf for the purposes of evaluating how users use the website, compiling reports on website activity and providing us with other services relating to website activity and Internet usage. Additionally, Marketo is used to store the data you input in the forms on our website in a cookie.
See here for more information on data protection at Marketo.
You can prevent the installation of feature and advertising cookies by changing the settings in your browser; in this case, you might not be able to make full use of all of the features of the website. Additionally, you can object to the collection of the data generated by the cookie concerning your use of the website by Marketo as well as the processing of the data by Marketo by clicking on the following link:
Please note that if you delete this cookie or all cookies, the information that you have exercised your right to object will be erased as well.
If you wish to withdraw your consent or modify the personal data you have provided for the purposes of correspondence, registration, etc., please send an email to the Marketing department of msg life Iberia at Iberia@msg-life.com.
Marketo EMEA Ltd.
Cairn House, South County Business Park
msg life Iberia stores and uses the data you enter on the website in systems belonging to the company salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (‘Salesforce’), for the purposes of customer relationship management (‘CRM’). The address of the US parent company is as follows: The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.
Salesforce may only access the data within the scope of our instructions (order processing). Salesforce also takes strict technical measures in order to protect your personal data. Salesforce does not give your personal data to third parties unless this is required for the rendering of the agreed services or Salesforce must do so in order to comply with the law or a valid and binding instruction from any governmental or regulatory authority. The data provided in such cases is limited to the minimum required.
A contract for order processing was concluded with Salesforce which includes the standard EU contract clauses if data is processed in the United States for maintenance purposes.
The legal basis for processing your data is Article 6, paragraph 1, point (f), of the General Data Protection Regulation (GDPR). msg life Iberia uses the CRM system from the provider Salesforce in order to more quickly and efficiently process the requests of users.
The duration of data storage is determined by the legal requirements for data retention.
See the following link for more information on data protection at Salesforce: https://www.salesforce.com/de/company/privacy/.
This website uses SalesViewer® technology from SalesViewer® GmbH, on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimization purposes.
The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
Last amended: 29 December 2021
Table of Content
msg life Iberia
Paseo de la Castellana nº93, 2ª planta
ES-28046 Madrid, Spain