Automated decisions means that we sometimes make decisions without any human interaction involved. It may involve automatic pricing based on the processed data, or automatic payment of compensation based on the provided information. We will inform you before fully automated decisions are applied if these affect you to a significant extent.
Personal data: personal data is every kind of information that can be directly or indirectly attributed to a living, natural physical person such as the latter’s name, personal ID number, booking number and IP number where such information can be linked to a physical person.
Personal data controller: the personal data controller is an administrator who, alone or together with others determines the purpose and means of processing personal data.
Profiling: When personal data is used to evaluate personal characteristics, analyse or make predictions concerning various matters.
The European Economic Area (the EU member states and Norway, Iceland and Liechtenstein).
Sensitive personal data (special categories of personal data): These are categories of personal data that disclose race or ethnic origin, political opinions, religious or philosophical conviction, membership of a trade union, the processing of genetic data, biometric data to unequivocally identify a physical person, data concerning health, physical person's sexuality or sexual preference.
The personal data we collect
The personal data we collect depends on our relationship with you and your involvement with us. For example, depending on whether you are a customer, i.e. if you are covered by any of our policies, if you use any of our smartphone applications, or if you are not a customer and we process your personal data e.g. on the basis of you making a claim against anyone who has third-party insurance with us; if we want to market our services to you, if you are in contact with us or communicate with us in any other way.
The data we collect can be split into the following categories:
General personal data and contact information – name, date of birth, personal ID number, address, email address, mobile telephone number. This data is collected to identify you and to communicate with you. We also control if you have a protected identity to be able to communicate with you in a secure manner.
Payment data – if you’re a policyholder, if you pay for an insurance or if we pay compensation we may, depending on the type of policy and the payment method chosen, collect data concerning direct debit, credit and debit card data (card number, validity date and the CVV/CVC code), invoice information and bank account number.
Official data from government agencies and other external sources – depending on your involvement with us, we may collect data from public sources about vehicles you own, your registered address, driving license information, if you have children or if you have pets. To supplement and keep data up-to-date, we collect supplementary information from external sources such as publicly available information, commercially available sources and information from our redundant partners.
To comply with applicable legislation – in certain cases we are obliged to process personal data to meet the requirements of applicable and relevant legislation such as the Swedish Act on Measures against Money Laundering and the Swedish Bookkeeping Act.
Marketing preferences – For example, if you have refused direct marketing.
Specific data regarding insurance and claims – taking out and managing insurance contracts may require the collection of necessary insurance and claim information. The data varies depending on the policy, type of damage and circumstances concerning the claim event and may consist of the following categories of information:
- Previous and current health status and condition, data about previous injuries and disabilities, medical treatments and examinations carried out and planned for, lifestyle habits (e.g. tobacco), pregnancy, prescriptions.
- Property data such as mortgage, type of building, size, water connections, tax assessment, condition, age, residents and any tenants, alarms and locks.
- Information on any trades union membership if your policy (content, scope and price) depends on union affiliation.
- Information on legal proceedings relating to you as a result of a criminal act, e.g. if you are the victim of an assault. We also collect necessary data for the prevention of insurance fraud and for the investigation of unclear claims.
- Other data necessary for taking out, renewing or amending a policy and other insurance administration, and data gathered about the settlement of claims. The data requested will vary depending on the policy taken out, the nature of the loss that has occurred and other circumstances relating to the loss. The data may consist of payment card details for verification of insurance, your profession, employment, employer, travel details (ticket, date, destination, etc.), information on occupation, nationality, economic circumstances, the value of possessions information posted on social media, vehicle service dates, receipt for the product purchased, etc.
Data already in our possession – billing information, email address, existing insurance policies, pending and completed claims and stated preferences, e.g. if you prefer digital communication rather than letters etc. We may check health declarations, when managing or signing a policy, we may review health attestations or declarations, medical journals and questionnaires concerning your health, where deemed necessary.
How we collect your personal data
You provide us with personal data in a number of different ways, directly or indirectly, such as when you calculate the price of an insurance policy on our website, when you make or change a policy, or if you contact us with questions about an insurance. You also provide personal data when you report a loss and during the subsequent stages of claims process; whenever you are in contact with us whether it be by email, telephone, chat, regular mail, social media, or any other of our services. We describe the process in more detail below.
Data you provide us directly – when you get in touch with us through any of our communications channels (e.g. mail, chat, telephone or regular mail), when you submit data on any of our websites (e.g. by filling in a form); when you express interest in purchasing a policy, purchase a policy or report a loss. We may record conversations with you (telephone and face-to-face meetings).
Data provided by a group representative – if you are part of a group (organisation, association or other group) whose representative has signed a policy with us, your personal data is submitted to us by the organisation that has taken out a group policy with us.
Information from business partners, other insurance companies, your employer, medical institutions, government agencies and other companies belonging to the same group as Tryg – in order to collect, supplement and keep your personal data up-to-date, we will collect data from external sources, such as publicly available information, commercially available sources, your employer and government agencies.
Data about others – we may process data about co-insured parties, premium payers, beneficiaries, collateral takers, perpetrators, injured parties, etc., to the extern of which it is necessary for the resolution of a contract with you, or if it concerns data that we otherwise have the right or obligation to process. If another person uses your personal data to take out a policy or to contact us regarding a case in which you are involved, we use the personal data this person provides about you. When you provide personal data about other persons, you must be sure that these persons are aware of this and that you have their permission to provide the data. If appropriate, you should also make sure that they understand how their personal data may be used by us.
The use of your personal data
We use your personal data for the purposes described below. We save your data for if necessary to fulfil the purpose for which it was saved; this includes any deadlines under applicable law, such as a period of limitation.
To interact with you – we process personal data to identify you, communicate with you and provide you with relevant information, regardless of communication channel.
For the sales and administration of policies – we process personal data to conclude insurance contracts with you and for their subsequent insurance administration (such as renewal, amendment and termination). For this purpose, we need to identify your need for insurance (relevant insurance policies, appropriate insurance amount and scope); we also need to calculate your insurance risk (insurance price in relation to the insured risk) and check if you have the right to take out certain policies.
For the management of losses and claims – we process personal data to settle claims and to determine, assert and defend legal claims.
For the marketing of products and services – we process personal data that helps us to present information and offer policies that we believe are relevant to you. Coincidentally, we strive to avoid sending or displaying information we believe is of no interest to you.
Obligations under the law – we process personal data to fulfil our obligations under applicable and relevant for law, e.g. to counter money laundering and terrorist financing. We are also required to provide data when government agencies request it as part of their duties.
Statistical base – we process personal data to calculate the insurance risks and improve the pricing of our policies.
Investigation – we process personal data for the investigation, detection and prevention of fraud.
Reinsurance – in some cases, we may process personal data to underwrite reinsurance and make claims under such cover.
Provision of services from others - we process personal data so that our business partners can offer services that are related to our policies.
Quality purposes – we process personal data to develop our business, our products and services, and to conduct market research and other analyses such as customer satisfaction surveys. For quality purposes, we may record telephone conversations between you and our employees.
Legal grounds for processing personal data
We will only collect and use your personal data if at least one of the following criteria is met:
We have your consent;
Examples: Automatic settlement of claims involving health data
You give us permission to automatically process your personal data to take a decision on an application for insurance coverage. Please note that when the legal basis for processing personal data consists of your consent, you have the right at any time to withdraw said consent, without prejudice to the legality of the processing that occurred before consent was withdrawn. However, if you withdraw your consent, it may mean that we are no longer able to provide a particular service to you, which may affect your right to insurance or compensation.
It is necessary for the performance of a contract with you or to take measures upon your request before a contract is concluded.
Examples: To enter an insurance contract
We may process the necessary data related to the insurance contract, including data about the policyholder and co-insured parties, the insured property and the risk related to the insurance as well as data necessary to establish the right to claims incurred.
The processing is necessary to determine, assert and defend legal claims.
Examples: For processing health information when settling claims
We may process personal data necessary for determining your right to take out certain policies or your right to certain insurance cover.
It is in our own or a third party's legitimate interests and where this does not entail disregard of your interests or rights.
Examples: To improve our adapted offers to you
This legal basis is applied to adapt our offers and communications with you, for direct marketing, to prevent fraud, for cooperation with business partners and for the development of our IT systems.
It is necessary to protect your vital interests, or those of others.
Examples: In an emergency
We may submit data to a healthcare institution in emergency medical circumstances when abroad.
The processing is necessary for compliance with a legal obligation.
Examples: Providing information to government agencies
For example, we are obliged to provide data to the Danish tax agency about compensation paid in certain circumstances, and we are obliged to prevent money laundering.
Profiling, marketing and automated decisions
Marketing and profiling – we use profiling in our marketing to provide you with the information that we think is most relevant to you and to avoid sending you unnecessary information. To do this, we may use your personal data by analysing your past purchases, browsing habits and the search settings you use on our website. We therefore make use of profiling to call up the products, services and information you may be most interested in. This allows us to adapt our communications to make them of greater relevancy and interest to you. To understand your needs as a customer better, and to provide services and marketing (including online advertising through e.g. social media), we may also combine the personal data we collect when you make purchases with personal data collected from our websites, mobile apps and other sources.
We would like to send offers and news about our products and services that are relevant to you. Accordingly, we may contact you with marketing communications via email, messaging, push notifications, mail shots and telephone.
Setting premiums and discounts – we use automated decision-making when selling in the form of automatic premium calculations. In some of our policies where the premium is affected either by your driving behaviour or the number of steps you take over a certain period, automated decisions are used. The decisions are based on the data you submit to us (either directly or indirectly). You always have the right to contact us for a personal review if you’re not satisfied with such an automated decision.
Claims settlement – we use automated decision making as part of our claims settlement process through our online services. The decisions are based on the data you provide us with and is then assessed in compliance with the provisions of the insurance terms. You always have the right to contact us for a personal review if you are not satisfied with such an automated decision.
Sharing personal data with others
We transfer personal data to other parties only when there is a legal basis for such a transfer, e.g. when you have given your consent to this.
Depending on the personal data processed and your involvement with us, we may share your personal data with the following categories of recipients:
- Insurance brokers – personal data is shared to the extent necessary under the insurance broker's assignment from you; if it is necessary for the performance of the contract or to take measures prior to taking out a policy.
- Group representatives - in the case of a group insurance, personal data may be shared in accordance with the group insurance policy.
- Healthcare providers – we may share your personal data with your healthcare provider.
- Partners in repair and damage inspections (such as workshops, veterinary clinics and inspectors) – personal data may be shared where necessary for processing claims.
- Other insurance companies – personal data may be shared with other insurance companies when necessary for recourses and reinsurance protection.
- Government agencies and lay judges – we share personal data with government agencies and lay judges when required to do so or to safeguard our interests.
Other business partners and service providers – we may share your personal data to offer you additional services or e.g. if we engage a lawyer to defend our interests.
Transfer to countries outside the EEA
We mainly process personal data within the European Economic Area (EEA), but due to globalisation and technological developments we may, to a limited extent transfer or allow access to data from outside of the EEA.
Your rights and your point of contact
If you would like additional data, you have the right to a copy of the personal data we hold pertaining to you. By contacting us, you also have the right to receive more detailed information about how your personal data is processed.
Note that we will verify your identity before we disclose any data.
We will verify that the personal data we have about you is correct and up-to-date. If any of the information we have is incorrect, you can request to have your personal data corrected. You also have the right to request erasure of your personal data unless there is a legal basis for our processing it, but we must inform you that some data may be exempt from your right to erasure under applicable law.
You also have the right under certain circumstances to demand that the processing of your personal data be restricted, and you may at any time object to the processing of your personal data.
Under certain circumstances, you may also demand that the processing of your personal data be restricted.
At your request, a copy of the personal data that you provided to us may be transferred by us directly to you or to another company if it is technically feasible. You also have the right to lodge an objection with us and have the processing of your personal data assessed.
You may also contact us if you have any complaints regarding how we collect, store and use your personal data. We endeavour to resolve any complaints, but if you are dissatisfied with our response you may lodge your complaint with the local supervisory authority at https://www.datatilsynet.dk/
If you do not want to receive marketing from us, you may at any time decline by using the unsubscribe link which can be found in the offers we send to you via email, messaging, social media or by contacting us.
You can contact us at:
Address: Tryg Forsikring A/S, Dusager 18, DK- 8200 Århus N, Denmark
Personal data controller
The data controller responsible for processing your personal data is Tryg Forsikring A/S Denmark (Co. reg no. 24260666). This means it is our responsibility to make sure all processing takes place in a secure manner and in compliance with applicable legislation and regulations.
Last updated: MAY 2018