(Revised by Ho, Wong & Wong on 22 Feb 2021)


Data protection statement for the use of our websites

(Last updated: 05/2018)

Below, we have provided you with information about how we collect personal data when you use our website. Personal data is all data which concerns you personally, such as your name, address, email addresses and user behaviour. We have taken extensive technical and operational protective measures to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorised individuals. Our security procedures are regularly reviewed and adjusted in line with technological progress.


  1. The controller is
    Funk Gruppe GmbH

    International Insurance Brokers and Risk Consultants
    Valentinskamp 20
    20354 Hamburg
    +49 40 35914-0
    Fax +49 40 35914-407
    Email: welcome@funk-gruppe.de


  1. How to contact the data protection officer
    If you have any questions or concerns about this data protection statement or related matters, you can contact our data protection officer on datenschutz@funk-gruppe.de or by using our postal address with the add-on “FAO Data Protection Officer”.
  1. Subject of data protection
    The subject of data protection is personal data within the meaning of the Personal Data (Privacy) Ordinance, Chapter 486, Laws of Hong Kong SAR (the “Ordinance”). This is all information which relates to an identified or identifiable natural person from which it is practicable for the identity of the person to be directly or indirectly ascertained and in a form in which access to or processing of the data is practicable. It generally includes all information which could be used to identify a natural person directly or indirectly . This could be, for example, a person’s name or contact details (e.g. telephone number, postal address and email address). The IP address can also represent personal data in this sense.
  1. Collection, processing, maintaining and use of personal data
    Funk only collects, processes, maintains and uses your personal data insofar as this is permitted or required by applicable law or insofar as you, as a user of our website, have consented to such collection, processing, maintaining and use. 

    In addition to our duty of confidentiality to you as the data subject, we will observe the following data protection principles required under the Ordinance in collecting, processing, maintaining and using your personal data, unless otherwise agreed by you:

    a. collection of personal data from you shall be for purposes relating to our business and related services and in a fair manner;

    b. all practical steps will be taken to ensure that personal data are accurate and will not be kept longer than necessary or will be destroyed in accordance with the internal retention period;

    c. personal data will not be used for any purposes other than the data that were to be used at the time of collection or purposes directly related thereto;

    d. personal data will be protected against unauthorized or accidental access, processing or erasure;

    e. we will disclose publicly our policy and practice when we handle personal data; and

    f. you have the right of access to and for correction of your personal data held by us and that your request for access or correction will be dealt with in accordance with the laws.

    You are not required by law to provide the personal data for the purpose of using the website and your supply of personal data is voluntary. However, we may be unable to provide the requested information, facilities or services to you unless you provide us with the requested personal data for the purposes of our administration, security and other legitimate grounds.

  1. Your rights
    You have the following rights vis-à-vis us with regard to the personal data concerning you:

5.1 General rights
To the extent provided by applicable law, you have a right of access, correction, deletion, restriction of processing, objection to processing and data portability. Insofar as processing is based on your consent, you have the right to revoke this consent you gave us with effect for the future.

5.2 Rights with regard to data processing according to a legitimate interest
To the extent provided by applicable law, you have the right, on grounds relating to your particular situation, to object at any time to processing of the personal data concerning you based on a public or legitimate interest. This also applies to profiling based on this regulation. If you object, we shall no longer process your personal data unless we can demonstrate compelling and legitimate grounds (including orders or directions from courts of competent jurisdiction, law enforcement agencies or regulatory bodies) for processing which outweigh your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.

5.3 Right to lodge complaints with a supervisory authority
To the extent provided by applicable law, you also have the right to lodge complaints regarding our processing of your personal data with a responsible data protection supervisory authority.

  1. Collection of personal data when you visit our website

    When you are merely using the website for information purposes, i.e. if you do not register or otherwise transfer information to us, we only collect the personal data which your browser transfers to our server. When you visit our website, we collect the following data, which is technically necessary for us to enable you to view the website and to guarantee stability and security. The legal basis for this is our legitimate interest:

    IP address, date and time of the request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific page), access status / HTTP status code, and the amount of data transferred.

Contact by email, WeChat or using the contact form
If you contact us by email, WeChat or using the contact form, the data you share (your email address and possibly your name and telephone number) shall be stored by us for the purpose of answering your questions. We use this information to substantiate your enquiry and to improve handling of your request. The legal basis for the processing of your personal Data is our legitimate interest or, if required, your consent. Our legitimate interest is to respond to your inquiry. If this information relates to communication channels (e.g. your email address), you are also consenting to the fact that we may, if necessary, contact you using these communication channels to respond to your request. You may naturally revoke this consent at any time with effect for the future.
We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist

  1. Consent-based processing and use of your data for customer service purposes

    If you have provided us with your consent to this effect, we use the data collected for the purposes described under 9, 10, 11 and 12 for customer service purposes too. This means that we store your data for information purposes and use the same to be able to respond to your enquiries in the event that repeated contact is made or a business relationship is initiated.

    The legal basis for processing your data is, if provided, your consent. We delete the data collected in this regard once storage is no longer necessary, or we restrict processing if legal retention requirements exist.

  1. Use of cookies

    When you use our website, cookies are stored on your computer. Cookies are small text files that are saved on your hard drive, are assigned to the browser you use and through which the party that sets the cookie receives certain information. Cookies cannot run any programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective on the whole.

    This website uses the following types of cookies, the scope and functions of which are explained below:

8.1 Transient cookies
These cookies are automatically deleted when you close the browser. They particularly include session cookies. These save a ‘session ID’ which can be used to assign various requests from your browser to the same session. Your computer can therefore be recognised if you return to our website. The session cookies are deleted if you log out or close the browser.

8.2 Persistent cookies
These cookies are automatically deleted after a specified period of time, which can vary depending on the cookie in question. You can delete the cookies at any time in your browser’s security settings.

8.3 Flash cookies
The flash cookies used are not recorded by your browser, but rather by your Flash plugin. We also use HTML5 storage objects, which are stored on your terminal device. These objects store the data required regardless of the browser you use and do not have an automatic expiry date. If you do not want the flash cookies to be processed, you must install a corresponding add-on, such as ‘Better Privacy’ for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using your browser in Private mode. We also recommend manually deleting your cookies and browser history on a regular basis.

8.4 Preventing cookies
You can configure your browser settings in line with your requirements and refuse to accept third-party cookies or all cookies, for example. Please note that if you do so, you may not be able to use all the functions of this website.

8.5 Legal bases and duration of storage
The legal bases for potential processing of personal data and the data storage durations vary, and are described in the sections below.


  1. Website analysis
    We use various services for the purposes of analysing and optimising our website; these services are described below. We can use them, for example, to analyse how many users visit our page, what information is desired most or how users discover our offering. We collect data that includes the website from which a data subject has arrived at another (called the ‘referrer’), the pages that are accessed on a website and how often and for how long a page is viewed. This helps us to make our website user-friendly and also to improve it. The data collected in this way is not used to identify individual users personally. Data is collected anonymously or, at most, under pseudonyms. The legal basis for this is your consent.
  1. Matomo

Our website uses the web analytics service Matomo. Matomo is an open source project and is legally represented by its founder Matthieu Aubry. Matomo uses “cookies”, through which an analysis of the use of the website becomes possible. For this purpose, the information collected in the cookie (including your shortened IP address) is transmitted to our servers and stored for usage analysis purposes. No data is transmitted to servers that are outside of our control. Your IP address is immediately anonymized during this process, so that you as a user are not identifiable to us. The information collected about your use of this website is not shared with third parties. We use the collected data for statistical analysis of user behavior, for the purpose of optimizing the functionality and stability of the website and for marketing purposes.
In the context of the use of Matomo, we collect your IP address. Your IP address is anonymized immediately after collection. We are subsequently no longer able to re-identify individual persons.
The cookies set in the context of the use of Matomo are cookies for range measurement. The legal basis for the data processing that takes place in connection with the use of cookies for range measurement is your consent.
Your consent is voluntary and can be revoked at any time with effect for the future. If you wish to withdraw your consent, simply change the settings on the consent management service we provide on our website.

  1. Data transfer

    Funk discloses personal data within the Group’s companies (as listed on the website in the company profiles found under the section ‘Legal information’) within permissible limits, if such data is required for the purposes listed under Sections 8 to 12. Your personal data is processed on behalf of Funk.

    To the extent required, we also disclose personal data to companies outside of the Funk Group in exceptional circumstances if we use these companies to process your data. In these cases, however, the amount of data transferred is restricted to the minimum required. Insofar as recipients outside of the Funk Group come into contact with your personal data, we ensure that these parties owe us a contractual duty of confidentiality and comply with the regulations set down in data protection legislation at least in the same way and level as we do in Hong Kong and have contractually imposed internal binding corporate rules to protect data privacy . Please also note the providers’ respective privacy policies. The respective service provider is responsible for the contents of external services, whereby we check, within reasonable limits, that the services comply with the legal requirements.

    Insofar as no deviating regulations result from this privacy policy, in principle your data is not transferred to third parties unless we are obligated to this effect by law (including the Ordinance, a court order or a request of law enforcement agencies or regulatory bodies) or you have previously given your express consent to your data being disclosed.

    Since our Website is based in Hong Kong, your personal data is being processed in Hong Kong. The level of protection of personal data may differ from that in the European Union or the European Economic Area. We would like to inform you that the processing of your personal data through your visit to our website is carried out at your express request.

  1. Data security
    We have taken extensive technical and operational protective measures to protect your data from accidental or deliberate manipulation, modification, loss, destruction, erasure,  access by unauthorised individuals. Our security procedures are regularly reviewed and adjusted in line with technological progress.
  1. Breach notification
    We have taken extensive technical and operational protective measures to protect your data from accidental or deliberate manipulation, modification, loss, destruction, erasure,  access by unauthorised individuals. Our security procedures are regularly reviewed and adjusted in line with technological progress.
  2. Erasure of personal data
    In addition to the requirements relating to rights of erasure of personal data under the GDPR, we will generally erase your personal data held by us if such data are no longer required for the purpose for which they have been collected or used or exceed our internal retention period unless the erasure is prohibited by law or contrary to the public interest.
  3. Access and correction of personal data
    You can request for access to personal data or update or correct your personal data by sending a request to our data protection officer by email on datenschutz[at]funk-gruppe.de or by using our postal address with the add-on “FAO Data Protection Officer”, We will take reasonable steps to verify your identity before granting access or making corrections to your personal data.
  4. Fee
    In accordance with the terms of the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request.

  5. No limitation of rights
    Nothing in this Statement will limit your rights under the Ordinance.

  6. Change of data protection statement
    We will change this statement from time to time. We encourage you to check our statement occasionally to ensure that you are aware of the most recent version.

  7. Agreement to data protection statement
    By continuing accessing this website or clicking onto any of its pages or using this website including logging-in or emailing, you are deemed having agreed to the terms and conditions of this Data Protection Statement.