Privacy Statement

ITIA is aware that the protection of your privacy is an important concern for you when visiting our web pages. We take our remit, guaranteeing the confidentiality of your data within the framework of applicable regulations of data privacy law, very seriously in the interests of both parties. We use the latest techniques for holding dialogues with you and safeguarding your data.

1. Scope

The following data protection information applies to the web presence of ITIA.

2. Use of your data

We hereby inform you about the processing of your personal data when using our web pages and the rights you have under applicable data protection legislation.

2.1. Who is responsible for data processing and who is the Data Protection Officer?

Responsible for data processing:

International Travel Insurance Alliance e.V.
c/o ERGO Reiseversicherung AG
Thomas-Dehler-Str. 2
81737 Munich
Tel: +49 (0) 89 4166 00
E-Mail: info(at) 

You can contact our Data Protection Officer at the above address (FAO: Data Protection Officer) or use the email address datenschutz(at) 

Data protection regulatory authority:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach

2.2. Which data categories do we use and where do they come from?

Personal data we automatically process

When visiting our website, we automatically obtain and use information transmitted by your device’s browser only as much as necessary to provide the website and the services, to identify potential cases of abuse and to establish statistical information regarding the usage and traffic of the website. These information include browser type, IP address, device type and URLs to member websites. The statistical information does not allow us to identify any particular user.

Personal data you provide to us

Our website offers services and functionalities that require the processing of personal data (for example your name, contact details like email address), such as our online contact form.

2.3. For what purposes and on what legal basis is your data processed?


PurposesLegal bases
Provision of our website and its functionalitiesWe base the processing of your personal data on our legitimate interests to have an online presence and promote our organization. (Art. 6 (1)(f) GDPR) Insofar as we collect your consent for certain processing activities (e.g. user of functionality cookies) we base the processing on this consent. (Art. 6(1)(a) GDPR) You can withdraw your consent at any time with effect for the future.
Provision of our internal ITIA member servicesWe base the processing of your personal data on the performance of a contract to which you are party or in order to take steps at the request of the data subject prior to entering into a contract. (Art. 6 (1)(b) GDPR)
Newsletter subscription managementWe rely on your voluntary consent. (Art. 6 (1)(a) GDPR) You can withdraw your consent at any time with effect for the future.
Fraud and misuse preventionWe base the processing of your personal data on our legitimate interests in protecting our organization, its website, functionalities and users. (Art. 6 (1)(f) GDPR)
Management of queries and requestsWe base the processing of your personal data on our legitimate interests in enhancing our reach, managing our public relations and assisting(prospective) members (Art. 6 (1)(f) GDPR)

2.4. Who are the recipients of your data?

Data will be sent to service providers (such as hosting providers and communication providers) for the aforementioned purposes.

Recipient of personal dataPurpose
TOUGH werbeagentur GmbH, a corporation organized and existing under the laws of Germany, with its head office located at: Sulzbacher Str. 35, 90489 Nürnberg, GermanyProviding, maintaining and managing the webpage
Regulatory authoritiesIf necessary to fulfil contractual or statutory obligations
Affiliated companiesAs part of corporate communication or governance

2.5. Is your personal data sent to a third country outside of the European Union and European Economic Area?

In the event personal data is sent to service providers or group companies outside the European Union (EU) and European Economic Area (EEA), it is only sent once an appropriate level of data protection has been ratified for the third country by the EU Commission, or other appropriate data protection safeguards are in place (such as EU standard contractual clauses). You can request further information from the contact details given at the start of this document.

2.6. What data subject rights do you have?

You have the right to access the personal data in accordance with Art. 15 GDPR. 
You have the right to request your data to be rectified in accordance with Art. 16 GDPR. 
You have the right to have your data erased in accordance with Art. 17 GDPR. 
Youhave the right to request restriction the processing of your personal data in accordance with Art. 18 GDPR. 
You have the right to data portability in accordance with Art. 20 GDPR. 
You also have the right to withdraw your consent at any time with effect for the future, Art. 7 (3) GDPR. 

Right of objection, Art. 21 GDPR
If we process your personal data based on our legitimate interests, you have the right to object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or processing serves the purposes of enforcing, exercising or defending legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal datafor such marketing, which includes profiling to the extent that it is related to such direct marketing.


To exercise any of the above rights, please contact our Data Protection Officer as described above in Section 1. 
You have the right to lodge a complaint with a data protection supervisory authorityin accordance with Art. 77 GDPR.

2.7. How long is your data stored?

We erase your personal data as soon as it is no longer required for the aforementioned purposes. This is a regular process based on statutory obligations for producing documents and compulsory safe custody under, notably, the commercial code, fiscal laws and the general tax code. Maximum storage periods are generally up to 10 years. It might also be the case that personal data is stored for the period during which claims can be asserted against us (statutory limitation period of three or up to 30 years).

3. Use of cookies

Cookies are small pieces of data stored in text files that are saved on your computer or other devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a "session cookie") or for multiple repeat visits (using a "persistent cookie"). 
Session cookies are temporary cookies that are used during the course of your visit to the Website, and they expire when you close the web browser. 
Persistent cookies are used to remember your preferences within our Website and remain on your desktop or mobile device even after you close your browser or restart your computer. They ensure a consistent and efficient experience for you while visiting the Website and Services. 
Cookies may be set by the Website ("first-party cookies"), or by third parties, such as those who serve content or provide advertising or analytics services on the Website ("third party cookies"). These third parties can recognize you when you visit our website and also when you visit certain other websites.

What type of cookies do we use?

This website uses no cookies.

4. Links to external websites

Our website may contain links or references to other websites outside of our control and responsibility. Please be aware that this notice does not apply to these websites. We encourage you to read the Privacy Statement and terms and conditions of linked or referenced websites you enter. These third-party websites may send their own cookies and other tracking devices to you, log your IP address, and otherwise collect data or solicit personal data.ITIA assumes no liability whatsoever for how up-to-date the information provided is, nor for its correctness, completeness and quality.

5. Changes to this statement

The continued development of our web pages and advances in technology result from time to time in modifications to our Privacy Statement. In case of changes or amendments to this Statement, we will give you proper notice.