Privacy Policy
Last updated: 2026-04-23
Publisher
This Privacy Policy describes how we process your personal data when you use our public websites and related online services offered under the RELI brand, including www.reli-insurance.com, www.relisafety.com and www.relifleet.com (together the “Website” or “Services”), unless a separate notice applies to a specific product.
1. General
The controller for the processing of your personal data in connection with the Services, within the meaning of the General Data Protection Regulation (“GDPR”), is RELI GmbH, Prinzenstraße 34, 10969 Berlin, Germany (“RELI GmbH”, “RELI”, “we”, “us” or “our”).
We explain what data we process, for what purposes, and what rights you have. Our Services may link to other websites; those sites are not covered by this Privacy Policy.
2. Data we collect, process and use
We process personal data only where it is needed to run the Website, provide our content, or respond to your requests.
2.1 Visiting the website
You can use the Website without actively sending us your name or contact details. As with most websites, our systems automatically log each access. That information may be stored in server log files, including in particular:
- IP address of the accessing device
- Name and URL of the requested resource
- Date and time of the request
- HTTP status and amount of data transferred
- Browser and device identifiers sent with the request
2.2 Contact
You may contact us by email or through forms on the Website. We process the data you send us to handle your request. Providing data is voluntary. The legal basis is Article 6(1) sentence 1 (f) GDPR (legitimate interest in replying to your enquiry) and, where you contact us in view of a contract, Article 6(1) sentence 1 (b) GDPR.
2.3 Cookies and similar technologies
We use cookies and, where applicable, similar technologies (for example local storage) on the Website. These are used to make the site work, to remember your settings (including language and cookie choices), and—if you allow—to measure how the site is used and to support our marketing and analytics tools.
Some cookies and identifiers are used to recognise a browser or device over time, including in pseudonymous form. Analytics and marketing tools may combine usage data in ways that allow statistical or campaign-related evaluation. The exact data depends on your choices, your browser, and the tools you have consented to.
We use session cookies (deleted when you close the browser) and persistent cookies (kept for a set period, which can vary by purpose and provider). You can change your browser settings to block or delete cookies; some parts of the Website may not work fully if you do so.
Cookie banner and categories. On your first visit, you can accept optional categories, reject non-essential use, or customise choices. Your selection is stored on your device so we can respect it on later visits. You can open the settings again at any time using the cookie entry point in the interface (for example the cookie control in the page footer or the icon shown for that purpose on the site). The categories are:
- Essential – required to run the Website, remember your cookie choices (including the version of our consent record), support security-related processing, handle basic session needs, and remember language (or similar) when you select it. This category is always on and is not turned off by the banner; it reflects what we need to operate the site together with your explicit choices.
- Analytics – understanding how the Website is used in aggregate (for example Google Analytics, Hotjar, and Dreamdata where we deploy them).
- Marketing – measurement and personalisation in connection with campaigns and advertising partners (for example LinkedIn, Google ads or conversion-related tools, and similar technologies where we use them). If you enable Marketing in the customise dialog, Analytics is enabled as well, because our current implementation and tag configuration link marketing measurement to analytics-related consent and storage.
Optional tools are only used in line with the categories you have accepted (and with applicable law).
Legal basis for data processed in connection with cookies and similar technologies is Article 6(1) sentence 1 (f) GDPR (our legitimate interest in operating and improving the Website and, where you consent to optional categories, Article 6(1) sentence 1 (a) GDPR where required).
Overview of cookies and similar storage
The table below lists cookies and similar storage that may be set in connection with your use of the Services (including on our first-party domains such as .reli-insurance.com, .relisafety.com, and .relifleet.com) and, where our integrated tools use them, on third-party domains such as .linkedin.com, after you have allowed the relevant categories. For Dreamdata, additional names may apply in “compatibility mode”; see Dreamdata’s cookie documentation. Cookies placed only by other sites, apps, or accounts you use elsewhere (for example in another tab or outside the Website) are outside the scope of this Policy; we do not list them here and do not use them as part of the Services.
Typical retention is indicative: many cookies use a rolling expiry (renewed on activity), providers may change defaults, and your browser or settings can end storage earlier. Exact rules are in each provider’s documentation (links in the table below and in Third-party provider links).
| Name | Domain | Purpose | Consent category | Typical retention (indicative) |
|---|---|---|---|---|
reli_consent_v1 | First party | Stores your cookie choices (version and category flags) | Essential | 180 days (as configured in our Website implementation) |
NEXT_LOCALE | First party | Remembers the selected site language / locale | Essential | Session (deleted when you close the browser, unless your environment sets a longer expiry) |
_ga | First party | Google Analytics: distinguishes users and sessions | Analytics | Up to 2 years (rolling; Google) |
_ga_* (property suffix) | First party | Google Analytics 4: configuration and session state | Analytics | Up to 2 years (rolling; same family as _ga) |
_gcl_au | First party | Google: ad click and campaign measurement (Conversion Linker family) | Marketing | Up to ~90 days (Google) |
Other _gcl_* | First party | Google: further conversion / campaign linking where used | Marketing | Often up to ~90 days; depends on tag (see Google) |
hubspotutk | First party | HubSpot: visitor identity for forms and on-site features | Analytics (our integration loads HubSpot in line with analytics-related consent) | Up to 6 months (HubSpot) |
__hstc | First party | HubSpot: visit timeline (first / last visit, session count) | As above | Up to 13 months (rolling; HubSpot) |
__hssc | First party | HubSpot: session counter | As above | ~30 minutes (session segment) |
__hssrc | First party | HubSpot: new-session flag | As above | Session |
__hjSession_* | First party | Hotjar: session (suffix includes site id) | Analytics | ~30 minutes (Hotjar tracking code cookies) |
__hjSessionUser_* | First party | Hotjar: user identifier for product insight | Analytics | Up to 1 year (Hotjar tracking code cookies) |
dd_anonymous_id | First party | Dreamdata: anonymous visitor id across visits (also replicated in local storage; see their cookie FAQ) | Analytics | Up to ~1 year (rolling; see Dreamdata cookie FAQ) |
dd_group_id, dd_group_properties | First party / local storage | Dreamdata: organisation-related identifiers where used | Analytics | Per Dreamdata (cookie / storage; see their FAQ) |
dd_user_id, dd_user_traits | First party / local storage | Dreamdata: known-user attributes where identification is enabled | Analytics | Per Dreamdata (see their FAQ) |
dd_debug_mode, dd_has_identified | Local storage | Dreamdata: script and identification state | Analytics | No fixed browser expiry; until you clear site data or the value is overwritten |
li_gc | .linkedin.com | LinkedIn: guest / consent storage for LinkedIn features | Marketing | ~6 months (typical; LinkedIn) |
lidc | .linkedin.com | LinkedIn: routing / load balancing | Marketing | ~1 day (typical) |
bcookie | .linkedin.com | LinkedIn: browser and campaign-related identifier | Marketing | ~1 year (typical; LinkedIn) |
N.Rich and Heyflow may set additional first-party or third-party names as described in N.Rich’s notice and Heyflow’s data privacy information; we do not name every variant or retention here, as they depend on the embed and product version. Retention is described in those notices.
Third-party provider links
| Provider | Privacy policy or notice (external) |
|---|---|
| Google (Privacy Policy, Analytics, and partner site technologies) | policies.google.com/privacy |
| HubSpot | legal.hubspot.com/privacy-policy |
| Hotjar | hotjar.com legal privacy |
| linkedin.com/legal/privacy-policy | |
| Dreamdata | dreamdata.io/privacy-policy · Cookie FAQ (developer) |
| N.Rich | privacy.nrich.ai/privacy-notice |
| Heyflow | heyflow.com/legal/data-privacy |
2.4 Google (Analytics, Tag Manager, and related measurement)
We use Google services to operate measurement on the Website, including Google Tag Manager to load and coordinate scripts, Google Analytics (GA4) to understand usage, and—if you allow Marketing—Google tags used for ads and conversion measurement (including mechanisms sometimes referred to as Conversion Linker in Google’s documentation). Those services use cookies and similar data as listed in the table above and in Google’s privacy and product information.
Google Analytics processes information about how the Website is used. Data may be transferred to the United States and other countries. We use IP anonymisation for Google Analytics where available, as described in Google’s help materials. You can use Google’s Analytics opt-out add-on and your cookie settings to limit analytics storage.
Further references: Google Analytics Terms, Google’s Analytics privacy help. Transfers outside the EEA rely on appropriate safeguards (such as standard contractual clauses) as described in Google’s privacy policy.
2.5 HubSpot
We use HubSpot for forms, marketing automation, and meeting or content embeds where we integrate their script on the Website. In that context, HubSpot may set first-party cookies on our domains (for example hubspotutk, __hstc, __hssc, __hssrc) as listed in the table above. For how HubSpot processes data in general, see HubSpot’s privacy policy.
2.6 Hotjar
We use Hotjar to understand how visitors interact with the Website (for example attention to pages and UI elements) when you allow Analytics. Hotjar uses the __hjSession_* and __hjSessionUser_* cookies and related processing as described in Hotjar’s privacy policy. Hotjar is not allowed to use data collected for us in ways that conflict with our agreement with them.
2.7 LinkedIn
We use LinkedIn technologies for insight and conversion measurement when you allow Marketing. That may involve cookies on .linkedin.com as listed above. See LinkedIn’s privacy policy.
2.8 Dreamdata
We use Dreamdata for B2B analytics and attribution when you allow Analytics. Dreamdata’s script sets dd_anonymous_id and may set dd_group_*, dd_user_*, and related local storage keys to recognise visits and, where configured, organisations or identified users, as documented in Dreamdata’s cookie FAQ. In compatibility mode, different cookie names (for example ajs_*) may be used. See Dreamdata’s privacy policy.
2.9 N.Rich
We use N.Rich for website and audience-related features when you allow the Marketing (or as configured) category. Processing is subject to N.Rich’s privacy notice.
2.10 Heyflow
We use Heyflow for interactive flows embedded on some pages. Data collection through those embeds is described in Heyflow’s data privacy information and your choices on the Website.
3. Recipients, third countries, and service providers
We do not sell your personal data. We only share it where necessary to run the Website, where you have consented, or where we are legally required to. Some recipients are in third countries (outside the EEA). In those cases, we or the recipient use appropriate safeguards, such as standard contractual clauses approved by the European Commission, unless another legal basis for the transfer applies.
We work with contract processors (for example hosting, email, and tools named in this Policy) who process data on our instructions under Article 28 GDPR and, where required, a data processing agreement. Disclosures to public authorities only occur on a legal basis (Article 6(1) sentence 1 (c) GDPR where applicable).
4. Retention
We keep personal data only as long as needed for the purposes described in this Policy, unless a longer retention period is required by law. Log data and analytics-related data are kept for a limited period in line with our technical setup and legal obligations. For cookies and similar storage used on the Website, see the Typical retention column in the overview table above; that column is indicative (rolling expiry, provider changes, and your browser can alter actual duration).
5. Your rights
Under the GDPR, you may have the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing, and to withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority.
6. Contact
For questions about this Policy or the exercise of your rights, you can contact us at privacy@reli-insurance.com. You may also contact our data protection officer at the same company address and at dpo@reli-insurance.com:
RELI GmbH
Prinzenstraße 34
10969 Berlin
Germany
7. Security
We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse, and we review these measures in line with technical developments.
8. Changes to this Policy
We may update this Privacy Policy to reflect changes to our Services or the law. The “Last updated” date at the top of the page shows when the text was last revised. Please check this page from time to time.