WTW processes personal data within the scope of the administration of the company pension scheme as a processor and within the scope of insurance brokerage or actuarial activities or other consulting services as a controller.
The portal solution is a Willis Towers Watson GmbH proprietary development and is operated on WTW servers in a German data center. The login takes place by means of username and password and, if necessary, by using two-factor authentication.
If you do not use the Internet portal for 10 minutes without interruption, an automatic logout takes place. This is done for your security in order to exclude misuse by third parties.
Data subjects / personal data
Data subjects:
In addition to the user accounts set up, employee data is usually uploaded to the portal and exchanged. For the login data are the surname, first name, title, gender, personnel number, date of birth, language, company and official e-mail address being processed.
Personal data:
Various personal data may be found in the exchanged records, depending on the respective records.
Processing user data, metadata and exchanged personal documents
The data exchange portal is not public. Solely created users of our customers, service providers and consultants are granted access to an area which is delimited for them and contractually agreed upon. The purpose of the portal is to provide a secure and encrypted platform for the exchange of confidential information.
Categories of data transmitted
The transmitted categories of personal data include in particular:
- Master data (e.g.: name, date of birth, place of residence)
- Duration of employment within the company or group, status (active/not active), position, termination date
- Detailed information on remuneration and pension entitlements/employment benefit credits
- Insurance data
- If applicable, bank details (in case of payment of benefits)
- If applicable, comparable data of dependents entitled to benefits (in the case of payment of surviving dependents' benefits)
- Log data arising from the use of IT systems.
This may also include special categories of personal data such as health data.
Sources of personal data
Most of the personal data is transferred from the respective accounting or administrative system, on which basis, for example, the occupational pension is being calculated and paid out on.
Processing purposes and legal bases
The legal basis for the processing is the legitimate interests of WTW. The legitimate interests of WTW include the performance of daily business and customer orders. The processing of user data, meta information and documents containing personal data is necessary to ensure a secure data exchange between WTW and its customers.
Duration of storage
All files in the file-archive are stored for three years after setting. Upload/download meta information is also stored for three years. User data are stored for the duration of their active login and beyond that for three years.
Security of data processing
We take all necessary technical and organizational measures to ensure an adequate level of protection and to protect your processed data, in particular against the risks of accidental or unlawful destruction, manipulation, loss, alteration or unauthorized disclosure or access. Our security measures are constantly being improved in line with technological developments.
User rights
- You have the right to receive information about the processing of your data. To this end, you may assert a right of access in relation to the personal information we process about you.
- You may request to correct incorrect data and - insofar as the legal requirements are met - to complete or delete your data.
- This does not apply to data that is required for billing and accounting purposes or for the determination and administration of your benefits or is subject to statutory retention obligations. However, if access to such data is not required, its processing will be restricted (see below).
- You may request - insofar as the legal requirements are met - that we restrict the processing of your data.
- In addition, you have the right to object to data processing at any time. We will then stop processing your data unless we can prove - in accordance with the legal requirements - compelling reasons for further processing that are worthy of protection and which outweigh your rights, in particular your rights to object.
- In addition, you have the right to object to data processing at any time, insofar as this is based on the legal basis of legitimate interest. We will then stop processing your data unless we can prove - in accordance with the legal requirements - compelling reasons for further processing that are worthy of protection and which outweigh your rights, in particular your rights to object.
- If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.
- You also have the right to receive data that you have provided us with in a structured, common and machine-readable format or - if technically feasible - to request that the data be transferred to another responsible party.
- You have the right to lodge a complaint with a data protection authority. To do so, you can contact the data protection authority responsible for your place of residence or your federal state or the data protection authority responsible for us.
Contact information of the data protection officer
You can reach our data protection officer at:
Data Protection Officer of Willis Towers Watson GmbH
Wettinerstr. 3 / 65189 Wiesbaden / GERMANY
or privacy@willistowerswatson.com
To assert your rights and report data protection incidents, please contact one of these addresses.