Tryg’s Privacy and Cookie Notice 

Here you can read more about our guidelines for handling your personal data. Updated 15 June 2021.

Data controller (‘we’)

Download full personal Privacy and cookie notice in pdf

 

Tryg Forsikring A/S, Klausdalsbrovej 601, 2750 Ballerup, Denmark, CVR no. 24260666, (‘we’) is the data controller of the personal data we process. Tryg Forsikring A/S also includes Alka, TJM, FDM Forsikring, Tryg Garanti.

The purpose of our privacy notice is that you should feel protected and cared for in relation to how we process your personal data. Here, you may find information about whom we process data about, which data we collect, which sources we collect data from, whom we share the data with, and for how long we store the data.

 

We are bound by confidentiality

We are bound by confidentiality pursuant to the Danish Financial Business Act (Lov om finansiel virksomhed), and we process your personal data in absolute confidence. The duty of confidentiality also applies internally between our employees. We do not disclose your personal data unless you have consented to this, or we have another legal basis for such disclosure pursuant to the Danish Financial Business Act and the personal data protection legislation.

How we process personal data depends on the purpose of our processing activities.

I. How we process personal data about you when we

A. Prepare a quote or effect an insurance policy

When we prepare a quote or enter into an insurance agreement, we process data about the party who takes out the insurance (the policyholder), see Article 6(1)(b) (necessary for the performance of a contract) of the General Data Protection Regulation, and about other persons who are covered by or otherwise related to the insurance, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation. If we obtain your civil registration (CPR) number or special categories of information, we obtain your consent, see Article 9 (2) (a), cf. 6(1)(a) of the General Data Protection Regulation.

Categories of data subjects in our systems may be:

  • The policyholder
  • The insured (typically spouses/cohabitants, children and the insured under group insurance policies such as health insurance paid by the employer)
  • Beneficiaries
  • Representatives/contacts
  • The owner/user of an insured item.

 

Categories of personal data we collect, use and process

We only collect and use data when it is necessary in order to enter into, manage and perform the insurance agreement and to administer our insurance business. The data we need to process in connection with quotes and the effectuation of insurance policies will depend on the concrete type of insurance. We do not request health data in connection with quotes and the effectuation of insurance policies.

Categories of personal data may be:

  • Contact details (e.g. name, address, email and telephone number)
  • Date of birth and, if necessary, civil registration (CPR) number in order to identify you
  • Payment details
  • Insurance data about you or the insured item (e.g. employment, registration number, data about your previous similar insurance policies and claims with other insurance companies)
  • Your connection to our business partners and, if relevant, trade union membership if you take out insurance through a member organisation, bank, association, employer or other parties with associated discounts and other benefits
  • Data about fees due in DFIM (Danish Motor Insurers’ Bureau)
  • Our assessment of your customer status and profitability, e.g. how many claims you have made compared to what we expected you would have
  • Information needed in order to determine the price of the insurance, including information from external registers, e.g. BBR
  • Driving behaviour (driving score) if you have pay-as-you-drive products (Tryg Drive) with us

 

We request your consent to process your civil registration (CPR) number and, if relevant, trade union membership.

 

Collection and disclosure of personal data

Sources of data and categories of data recipients may be:

  • The policyholder
  • The Central Office of Civil Registration (Det Centrale Personregister) (in order to update address and for information about opt-out registration for unsolicited advertising)
  • Virk.dk (in order to update address and for information about opt-out registration for unsolicited advertising for businesses)
  • BBR (Central Register of Buildings and Dwellings for information about your property)
  • DMR (Digital Motor Register) 
  • Bilstatistik.dk (information about motor vehicles)
  • DFIM (Danish Motor Insurers’ Bureau) • Other insurance companies
  • Business partners, including trade unions, which entitle you to discounts and other benefits
  • Business partners and suppliers who assist us in the management and performance of your insurance agreement e.g..insurance providers, or where our cooperation and/or your membership or customer advantage entitles you to special advantages (e.g.
    discounts or the right to subscribe to Alka Fordele)
  • Tryg Garanti and Tryg Invest A/S
  • Employers and pension providers (for registration under group insurance policies)
  • Representatives, contact persons, including attorneys
  • Insurance brokers and reinsurance brokers

We may disclose your information, provided we are entitled hereto pursuant to section 117 (1) of the Danish Financial Business Act, cf. Article 6(1), cf. (2), cf. (3) of the General Data Protection Regulation.

In some cases, we obtain data about your insurance policies from your current and previous insurance companies and exchange data with partners who entitle you to discounts and other benefits. We request your consent to do so.

 

Storage

We store personal data for as long as this is necessary for the purpose of our processing activities. This means that we store data during such period where we can be met by a claim, are obliged to do so pursuant to current legislation (e.g. the Danish Bookkeeping Act (Bogføringsloven) and financial supervisory legislation) or have another legitimate data storage purpose.

We store quotes to private individuals for up to six (6) months and quotes to sole proprietorships for up to twelve (12) months in cases where you do not accept the quote. If you take out an insurance policy, we generally base our data storage on the absolute limitation periods laid down in the Danish Limitations Act (Forældelsesloven) of 10 and 30 years, respectively, from termination of the policy and any additional deadlines in the event that a subsequent claim is made. We also store the insurance policy for as long as we have registered a claim.

Read about storage of data for statistical and analytical purposes etc. in section D below.

 

B. Handle claims

When we handle claims under private, business and group insurance policies, we only register personal data necessary to process the claim and assess the compensation payable under the claim, see Article 6(1)(b) (necessary for the performance of a contract), Article 9(2)(f) (necessary for the establishment, exercise or defence of legal claims) and Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

Categories of data subjects in our systems may be:

  • The policyholder
  • The insured, e.g. spouse/cohabitant and children or insured under group insurance policies
  • Beneficiaries
  • The claimant
  • The tortfeasor
  • Counterparties
  • Witnesses
  • Business partners and treatment providers
  • Representatives/contact persons
  • Attorneys involved in the claim

 

Categories of personal data we collect, use and process

During our claims handling, we only process and register the data necessary to assess the claim, which will depend on the specific case.

 

Categories of personal data may be:

  • Contact details (e.g. name, address, email and telephone number)
  • Date of birth and, if necessary, civil registration (CPR) number in order to identify you
  • Payment details 
  • Matters pertaining to employment contexts
  • Insurance data (on current and previous insurance policies with other insurance companies about claims, types of claims, details pertaining to the processing of specific claims, compensations paid, claims documentation and date and reason for termination)
  • Information about the damaged item (e.g. age, purchase price and examination results)
  • Events occurred in connection with the damage or injury (e.g. analysis, reconstruction of an accident, loss adjuster’s report and police reports)
  • Date, nature, type and cause etc. of the claim
  • Data about health, illness and contacts with health care services
  • Salary and social and financial circumstances (needed to calculate compensation)
  • Photos, film and telephone recordings of the damage or injury

 

Collection and disclosure of personal data

We only disclose personal data when this is necessary to enable us and our partners to process your claim, when we have a claim against others as a result of your claim, or if we are legally bound to do so (e.g. reporting to the Danish Customs and Tax Administration (SKAT) of compensations paid).

Sources of data and categories of data recipients may be:

  • The policyholder
  • The insured (typically spouses/cohabitants, children and insured under group insurance policies)
  • Beneficiaries 
  • The claimant
  • The tortfeasor
  • Witnesses and secondary parties
  • Partners and suppliers who assist us in the administration, handling, assessment or repair of the damage, e.g. loss adjusters, workshops, tradesmen, manufacturers, emergency call centres and carriers
  • Treatment providers, e.g. physicians, specialists, dentists, psychologists, physiotherapists etc.
  • Danish Labour Market Insurance (Arbejdsmarkedets Erhvervssikring) (AES)
  • Public authorities such as municipal authorities, the Danish Customs and Tax Administration (SKAT) and the police
  • The Central Office of Civil Registration (Det Centrale Personregister) (in order to update address)
  • Boards of appeal, appeal bodies and courts of law
  • Patienterstatningen (Patient Compensation Association)
  • Other insurance companies, including Sygeforsikringen “danmark” (e.g. in connection with recourse where we collect outstanding amounts under an insurance policy in another company, or where other insurance companies make claims against us)
  • Mortgagees
  • Leasing companies
  • Buyers of damaged goods (e.g. cars and machines declared total losses)
  • Representatives, contact persons including attorneys
  • Other departments in Tryg Forsikring A/S (e.g. in case of exchange of data between workmen’s compensation, liability and accident insurance concerning the same claim event such as local government documents, information about pay etc.)

We may disclose your information, provided we are entitled hereto pursuant to section 117 (1) of the Danish Financial Business Act, cf. Article 6(1), cf. (2), cf. (3) of the General Data Protection Regulation.

In personal injury claims cases, the informed consent form that you sign contains information about the sources which we may obtain information from and the parties which we may disclose data to with your consent. Such parties may include, for example, your current and former municipalities of residence and other expressly specified recipients. In the event of a recourse or double insurance claim, we may disclose information without your consent.

 

Storage

We store personal data for as long as this is necessary for the purpose of our processing activities. This means that we store data during such period where we can be met by a claim, are obliged to do so pursuant to current legislation (e.g. the Danish Bookkeeping Act and financial supervisory legislation) or have another legitimate data storage purpose.


As a general rule, we store claims in accordance with the absolute limitation periods of 10 and 30 years, respectively, stipulated in the Danish Limitations Act (Forældelsesloven), from when the notice of claim was reported as well as any additional deadlines in the event that the claim is resumed.

C. Investigate suspected fraud and otherwise manage insurance agreements

Investigate suspected fraud

We have a legitimate interest in verifying that your claim for compensation is legitimate, and in ensuring that our customers do not pay higher premiums due to insurance fraud, see Article 6(1)(f) (legitimate interests) and Article 9(2)(f) (necessary for the establishment, exercise or defence of a legal claim) of the General Data Protection Regulation.

You can read about our data processing in connection with our investigation of cases of suspected insurance fraud at https://tryg.dk/om-tryg/forsikringssvindel (in Danish). We follow the code of conduct of the industry organisation Forsikring & Pension (the Danish Insurance Association). In addition to the data and sources normally forming part of our claims handling, we also obtain data from publicly accessible sources and open profiles on social media in accordance with the guidelines laid down in the code of conduct. We continuously screen our customer portfolio to identify cases for investigation for fraud. This may mean that your case is selected for closer inspection based on a score (profiling). Tryg may also make use of recorded phone conversations relating to unravelling of fraud.

If we have found that you have committed insurance fraud against us, we may register this in our internal systems to protect our business and thus also our other customers from fraud in the future, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

 

Pay out bonus, administrate elections and right to vote

As a policyholder in Tryg you are automatically a member of TryghedsGruppen to whom we distribute data in order for them to administer your membership. Under certain circumstances, members of TryghedsGruppen  receive bonus payments calculated on the basis of insurance covers. Also, as a member you may run as a candidate for and vote at elections for the Board of Representatives of TryghedsGruppen. To enable TryghedsGruppen to administer your membership, we disclose your name, address, policy number and civil registration (CPR) number/company registration (CVR) number, account number and payable bonus.

 

Manage non-payment

If you fail to fulfil your payment obligations to us, we may report you to credit rating agencies or warning registers in accordance with applicable legislation. We may also register in our own systems that you have defaulted on your payments, or have fallen into arrears with us. This is done based on a concrete assessment to ensure our profitability of our business, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

D. Prepare profiling, statistics and analyses as well as automated decisions

Prepare profiling, statistics and analyses

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning this person.

We use profiling, for example, when we:

  • Calculate or change your prices and terms and give you product recommendations, see Article 6(1)(b)  (necessary for the performance of a contract) of the General Data Protection Regulation.
  • Assess whether we can make an automated decision in your case, see Article 6(1)(b) (necessary for the performance of a contract) of the General Data Protection Regulation.
  • Perform marketing and targeted communication, see Article 6(1)(f) (legitimate interests) of the  General Data Protection Regulation..
  • Assess the risk of fraud in your case, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.
  • Build predictive models for, for example, assessment of profitability, pricing, sales and upselling possibilities, churn risk, prediction of claim expense etc.

 

Profiling is made by automatically comparing your personal data, for example, your master data and contact information, information about your job and household, current and previous insurance coverage, information about our earlier contact with you, your address, home, business, age, claims history, your customer relation, your affiliation with our business partners, publicly available data (e.g. house data, telephone number and business data) as well as statistical information about the geographical area in which you live, e.g. average
income, assets, age, life phase, house type and risk of floods.

When we carry out profiling in order to perform marketing and targeted communication, we also make use of behavioural data and cookie data collected on the Internet and by use of our apps, services and websites, including what you may have searched and how long you spent on the website unless you have blocked cookies for marketing purposes.

Read more about our use of cookies in section F below.

We also use your information for statistics, analyses and predictive models, including profiling, in order to  improve our products, services, quotes, advisory services and technical solutions and to manage our insurance business, such as:

  • Statistics, analyses and predictive models used for risk management and insurance distribution, e.g. preparing of insurance tariffs, product recommendations, monitoring of profitability, general changes in terms of prices and conditions, insurance provisions, solvency and reinsurance. The basis for this is found, among other things, in the rules in the financial supervisory legislation, including the Danish Financial Business Act, the Solvency II Regulation and the regulation on product oversight and governance requirements for insurance undertakings and insurance distributors, see Article 6(1)(c) (legal obligation) and Article 9(2)(g) (substantial public interests) of the General Data Protection Regulation as well as section 10 of the Danish Data Protection Act (Databeskyttelsesloven).
  • Statistics, analyses and predictive models for management of our insurance business, including focus on profitability, growth, efficiency, sales and upselling, service and claims handling, new customers and churn of customers and policies, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.
  • Other statistics, analyses and predictive models in order to optimise our business, e.g. efforts to  investigate fraud, marketing initiatives and targeted communication, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

 

Make automated decisions

In certain situations, we make decisions which are based solely on automated processing, including profiling, and which produces legal effect or similar significant effect on you, see Article 22 of the General Data Protection Regulation. This means that the processing is made in our systems with no human involvement. In other words, a rule or an algorithm in our systems calculates and informs you of the result.

Such individual automated decisions are made, when we:

  • Sell an insurance product or provide a quote online. The price is calculated by comparing the information you give us in connection with the purchase to our assessment of your risk of claims. The higher/lower the risk of a claim being made during the insurance period, the higher/lower the price of your insurance will be. Factors which may lead to a higher price include, for example, a high risk of personal injury in your job, or living in an area where the risk of flooding or burglary is higher than in other places. Factors which may lead to a lower price include, for example, having a small house, or driving fewer kilometres a year than most other people. If we are unable to provide a quote or sell an insurance product to you online, e.g. because you have had more claims than we would have expected, you will instead be referred to contacting us for a quote or to buy an insurance product from one of our employees.
  • Process your claim online. We assess any claim for compensation you may make by comparing the information you provide when reporting the claim with your insurance coverage, your terms and conditions and your customer relationship in general, including number of claims. We can also provide you with an advance assessment of your cover on a travel insurance. The decision may result in full or partial acceptance of your claim/cover or in a rejection. If your claim cannot be processed automatically, e.g. because we need further information due to the complexity or scope of the claim, or because we are concerned about increased risk of fraud, your claim will be transferred for processing by one of our employees.

The purpose of our automated decisions is to make it possible for you to obtain a quote, buy an insurance product or have your claims handled quickly and efficiently at any hour of the day, see Article 6(1)(b) (necessary for the performance of a contract), Article 9(2)(f) (necessary for the establishment, exercise or defence of legal claims) and Article 22(2)(a) (necessary for entering into, or performance of, a contract) or Article 22 (2)(c) (consent) of the General Data Protection Regulation.

If your health or trade union information forms part of the automated decision, we ask for your consent, see Article 22(4) of the General Data Protection Regulation.

If you do not want us to make an automated decision, you can always contact us to request a quote, buy an insurance product or have your claim handled by one of our employees instead.

We regularly test our systems and data models to ensure decisions are made on a just, objective and correct basis. You can always contact us if you wish to express your point of view, want an explanation for the decision or wish to contest it.

 

Storage

We store personal data for as long as this is necessary for the purpose of our processing activities. This means that we store data during such period when we can be met by a claim, are obliged to do so pursuant to current legislation (e.g. the Danish Bookkeeping Act (Bogføringsloven) and the financial supervisory legislation, including the Solvency II Regulation) or have another legitimate reason for storing the data, e.g. to check the accuracy of our data models.

E. Market products and services to you

Through our marketing, we provide information about news, benefits and offers of insurance products and loss prevention products. Our legal basis for this handling is our legitimate interest in marketing relevant products and services of interest and relevance to you, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

Among other things, we collect data from the public telephone directory and other public registers, competitions in which you participate as well as from business partners where you are a member/customer or with whom you have another connection which entitles you to special discounts and other benefits.

In some cases, we disclose personal data from publicly available registers such as the telephone directory, DAR, BBR and the CVR register to our business partners for marketing purposes, see section 13(2) and (4) of the Danish Data Protection Act and Article 6(1)(f)(legitimate interests) of the General Data Protection Regulation. Prior to such disclosure, we sort out some of the information based on selected commercial criteria. We delete any information which we have received from public registers immediately after passing it on to our business partners, unless you are a customer with us already.

We may also disclose your personal data (name, telephone, address and email), which we have obtained from publicly available registers, as part of preparing an insurance offer for you, your registration for our newsletters or which we have in our customer systems in order to target marketing of our products and services on advertising platforms, e.g. on news media and social media. Our legal basis for collecting, using and disclosing your personal data is our legitimate interest in marketing relevant products and services of interest and relevance to you, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

As a customer with us, you may also be entitled to special discounts and benefits with our business partners. Should you wish to hear more about these discounts and benefits, we will ask you to give us consent to disclose your contact information to our business partners for this purpose, and they will then contact you. Our legal basis for obtaining and disclosing your information is consent, see section 121 (private customers) and section 117 (commercial customers) of the Danish Financial Business Act.

With regard to commercial customers, we may also disclose usual information about the company name and possibly contact data for employees (name, email and possibly a telephone no.) to our financial business partners for the purpose of them marketing their own products and services. Our legal basis for this is section 121(3) of the Danish Financial Business Act.

Before marketing our insurance products to you, we check that you have not opted out of receiving direct marketing from us or are registered on the Robinson list. Moreover, we do not disclose information from public registers to our business partners if you are registered on the Robinson list or have opted out of receiving direct marketing from us or if you have an unlisted address and/or telephone no.

You can always object to our direct marketing by contacting us on tel. +45 70 11 20 20.

F. We use cookies, are on social media, and when you visit our website

Use of cookies and similar tracking technologies

When you visit our website, we use cookies and similar tracking technologies as well as technologies for automatic data compilation such as flash cookies, session/local storage, pixels etc. (herein after referred to as ‘cookies’). Cookies may mean compilation and processing of your personal data, which you can read more about
below.

A cookie is a small data file that we create on your computer, smartphone, tablet, device or other IT equipment (“your equipment”) to keep track of what happens during your visit to our website. A cookie contains only text, it is not a program, and it does not contain viruses. Among other things, cookies help ensure the functionality of our website, recognise your unit and remember your favourite locations, preferences and search history.

A pixel is a small image found on webpages and in emails that sends information about your device and visits back to our servers. We use pixels to learn more about your interactions with content in emails or web content, for example whether you have interacted with advertisements or posts. Pixels may also enable us and third parties to create cookies in your browser.

Basically, there are two types of cookies; “temporary” and “permanent”. The temporary cookies are attached to a current visit to our website and is automatically deleted when you close your browser. The permanent cookies, on the other hand, will be stored on your unit. Permanent cookies delete themselves after a certain period of time but are renewed every time you visit our website.

On our websites we make use of both own cookies as well as cookies from third parties with whom we co-operate. Third party cookies are cookies placed by our business partners at our websites. Such cookies gather information about your behaviour and interests when you visit our websites and are used for traffic measuring, statistics, analysis of user behaviour, insight into target groups etc. Our business partners may use this information for their own purposes.

In relation to the collection and forwarding of personal data through cookies on our website, or the websites of third parties and social media, our cookies business partners may be data processors (i.e. they handle personal data on our behalf), joint controllers (i.e. both parties are mutually responsible for the collection and forwarding of your personal data) and/or separate data controllers (our business partners use the collected personal data for their own purposes). Read more about this under Section II L below and in the cookie directory.

We use four categories of cookies: necessary, functional, statistical and marketing. You can read more about the categories of the cookies we use, the purpose of the individual cookies, who places the cookie and how long a cookie is stored on your equipment in the cookie directory, to which you will find a link at our website www.tryg.dk/persondatapolitik. In the cookie directory, you may also find link to the personal data policies of our business partners, which apply in case they collect and process personal data for their own purposes, in which case they are separate data controllers.

When you visit Tryg’s websites

When you visit Tryg’s websites (tryg.dk, alka.dk, tjm-forsikring.dk, fdm-forsikring.dk, tryggaranti.dk, tryg.com as well as sub domains and underlying web pages relating hereto) we collect information about your cookie ID, type/ID of unit (including information sent automatically from your equipment in the form of language setting, IP address and demographic data) which websites and underlying pages relating hereto you see and when. We do this in order to ensure the necessary function of the website, remember your preferences, prepare statistics and target marketing to you at our websites and those of third parties.

Among other things, we use cookies on “My page” and “My Company” in order for us to remember the content of your cart so that you need not log on every time you visit an underlying page on “My page” and in order for the calculation functions on the website to work, e.g. calculation of a price of an insurance or a claim.

Our legal basis for collecting data about your behaviour on our websites and disclosing your personal data to our cookies business partners is consent, see Article 6(1)(a) (consent) of the General Data Protection Regulation.

 

When you visit other websites and social media

We advertise on websites and social media of third parties. From these websites we may collect and receive data such as your cookie ID, information about which advertisements you have seen and when. We do this in order to be able to target our marketing based on your interests (profiling) in order to measure the effect of our marketing and to prevent that you receive the same advertisement multiple times. We are joint controller with our third-party business partners for the collection and disclosing of information to us. We are separate data controller for our own use of such data. Consent is our legal basis for collection and processing of these data about your behaviour on third party websites for marketing purposes, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

From our business partners, we may also get your phone number, if you have called us by way of clicking an advertisement. Our legal basis for obtaining and processing this data is legitimate interests, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

 

Consent to cookies

In the cookie banner on our website you consent to which cookies you allow to be applied to your equipment. If you consent to cookies you also consent to the processing of your personal data relating thereto, which is obtained through cookies and which we have described above in this Section F, see Article 6(1)(a) of the General Data Protection Regulation (consent).

 

Withdrawal of cookie consent
You can always withdraw your consent to cookies by blocking and resetting cookies in your browser and rejecting cookies in the cookie banner, to which you will find a link at our website www.tryg.dk/persondatapolitik. However, you cannot block cookies which are necessary (‘necessary cookies’) for the functionality of the website, and these do not require consent. A cookie is also created in order to remember your choice of cookies.

Notice, however, if you block or deselect cookies this may result in certain functions and services, which you can then not use as these require the website to remember the choices you make.


We would like to point out that if you write to us via social media such as Facebook, Messenger, Twitter or LinkedIn, we cannot encrypt, protect, correct or delete your data. Therefore, we recommend that you call us on tel. +45 70 11 20 20 instead.

G. Communicate with you on other matters

When you contact us with questions about e.g. insurance policies or complaints, or if you are a representative or contact of one of our customers, suppliers or business partners, we process your personal data in order to provide you with the correct assistance, advice or service, see Article 6(1)(b) (necessary for the performance of a contract) and Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.


Satisfaction surveys
If you have participated in a satisfaction survey by phone or online, we store your responses with your telephone number or online identifier (IP address and cookie). We use this data for quality assurance, optimisation of customer satisfaction and training of our employees. Our legal basis for this is our legitimate interest in ensuring satisfied customers and optimisation of our services and products, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.


If you have signed for receiving a newsletter from us, we will store your contact details for this purpose, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

 

Interviews, surveys and test
If you participate in interviews and surveys about and/or test of new concepts and product designs, and the like, in order to establish insurance needs and development of new services, products and marketing initiatives (e.g. related to vehicles, health, comfort, housing conditions and measures creating peace of mind) we collect, process and store your answers and data for the development of new insurance products and services or the optimisation hereof. We may also use this data to optimise customer satisfaction and the training of our employees.


For these purposes, we may share your answers with business partners, e.g. professionals such as doctors, psychologists, physiotherapists and occupational therapists, organisations, trade unions, pension companies, suppliers of new technology, scientists etc.


Our legal basis for collecting, using and disclosing this data is consent, see Article 6(1)(a) (consent) of the General Data Protection Regulation (with regard to processing of personal data) and Article 9(2)(a), cf. 6(1)(a) of the General Data Protection Regulation (with regard to processing of special categories of data, including information about health and trade unions membership). You may withdraw your consent at any time, for further details see Section III. N below.

II. How we protect your personal data when we

H. Communicate by email

If we send you emails containing your civil registration number (CPR) or sensitive personal data, we encrypt the emails. Please note that we cannot guarantee confidentiality and use of encryption when you have received the email in your mail server, or when you send emails to us, as this will depend on your service provider. We can receive emails with Tunnel Layer Security (TLS) if your provider supports this feature.


It is important that you generally choose a trustworthy and secure provider that supports receiving email with TLS by default. You should also secure your account with a strong password and twofactor login.


Read more about being a digital customer at https://tryg.dk/digital.

I. Record telephone calls with you

We record our telephone call with you for educational and documentation purposes. We use the recordings for the internal evaluation and analysis of our customer service and of customer satisfaction with Tryg’s products.


We process recorded telephone calls based on the consent that you give in the telephone menu, see Article 6(1)(a) (consent) of the General Data Protection Regulation. The analysis of transcriptions is based on Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation. You have the right to withdraw your consent to the future processing of your personal data at any time by contacting us. You may also at any time object to Tryg’s processing of your personal data.


We store the recordings securely and generally store them for six months, after which they are deleted. Transcriptions of the telephone calls are used for analyses in connection with quality assurance and product development. The transcriptions are deleted after three (3) years.


If, within a period of six (6) months, your telephone call becomes part of a specific complaint, dispute or other form of processing, including disclosure for access or limitation, the recording may be stored for as long as is necessary to resolve the case in question in accordance with the rules of the Danish Limitations Act (Forældelsesloven).

J. Process your data digitally

When you fill in a contact form, buy an insurance policy, obtain a quote or file a notice of claim online, we register the data you give us. Your notice of claim will be encrypted. We store the data for as long as is needed in accordance with our general guidelines on data storage.

On ‘My Page’ and ‘My Company’ – your personal self-service universe – you can find information about your current insurance policies and claims. Read more about being a digital customer at https://tryg.dk/digital. You may be exempted from receiving mail in the customer portal if you are exempted from receiving digital mail from the public sector.

If you write to us through the chat function on our website, we register the information you give us to enable us to answer your enquiry. The chat function is encrypted, and we will delete the conversation after three months. We store data that we need in accordance with our general guidelines on data storage. We recommend that you do not chat with us about matters involving the processing of sensitive personal data, and that you instead call
us on tel. +45 70 11 20 20.

When you use our applications (apps), you can read more about our data processing in the conditions for the respective application that you use.

Read more about our use of cookies in section F above.

K. Experience personal data security breaches

We are obliged to report any data breaches that involve us and our data processors to the Danish Data Protection Agency. Our data processors work under our instructions and are subject to our requirements for organisational, technical and security measures.

If we experience a personal data breach, we are, as a rule, obliged to report the breach to the Danish Data Protection Agency within 72 hours from when we have become aware hereof, in accordance with the personal data protection legislation.

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we are also obliged to inform you directly. We will do this by telephone, email, text message, at our website or through the press, depending on the available contact details for the persons affected by the situation and the seriousness of the data breach.

If you erroneously receive a letter or an email addressed to one of our other customers, you can report this by email to dpo@tryg.dk.

L. Disclose personal data to other parties

We do not disclose your personal data to other parties unless you have given your consent, or we have another legal basis for such disclosure pursuant to the Danish Financial Business Act and the personal data protection legislation.

We only disclose personal data when necessary, for example to perform and manage your insurance agreement or process your claim, if we have a claim against others in connection with your claim, provide you with marketing or if you wish to use your affiliation with one of our partners to obtain a discount and other advantages.

Our business partners may act as our extended arm and work under our instructions, and where your data are used exclusively for our purposes (data processors), or they may act as separate data controllers, just like us. We may also be joint controllers, which means that we and our partners jointly define the purpose and means of processing your personal data.

Among other things, we engage with data processors for the purpose of development, hosting, support and operations.

When we enter into an agreement with a data processor on the processing of your personal data on our behalf, we attach importance to ensuring that the data processor is able to process your personal data in a secure manner and in accordance with all applicable legislation. We therefore perform a risk assessment of our data processors before entering into an agreement with them and disclosing your personal data to them.

If you have any questions about the rights of data subjects (e.g. your right to access, rectification, erasure etc.) in cases where we are joint data controllers, you may always approach us for guidance.

When our partners are separate data controllers, they are obliged to meet your wishes regarding the exercise of your personal data rights (right to access, rectification, erasure etc.). You may find more information about this in our cookie directory on our website.

M. Transfer data to third countries

We use data processors and sub-processors outside the EU/EEA in connection with technical IT development, hosting, support and operations. Furthermore, in specific individual cases we may transfer data to countries outside the EU/EEA, e.g. in connection with the processing of your claim(s).


When we use data processors outside the EU/EEA, we use the European Commission’s standard data protection clauses or another legal basis for data transfer, see Articles 45-49 of the General Data Protection Regulation, and we are also obligated to ensure that such organisational and technical measures are available as are required to ensure protection of the personal data which is disclosed to data processors in third countries.

III. Your personal data rights

N. Right to withdraw consent

Your consent may be given orally and/or in writing.


If the processing of your personal data is based on your consent, you have the right to withdraw your consent. This means that, going forward, we will stop processing your data based on your consent. Your withdrawal of consent will not affect the legality of the data processing we have performed before you withdrew your consent. Also, your withdrawal of consent will only apply to data which we have processed based on your consent but not to any data which we process on other legal grounds, see Article 6(1)(b) (necessary for the performance of a contract) of the General Data Protection Regulation.

You can withdraw your consent by calling us on tel. +45 70 11 20 20 or by contacting the Tryg department that originally obtained your consent.


Withdrawal of your consent to cookies and the processing of your personal data relating thereto, see Section F above.

O. Other personal data rights

When we process your personal data, you have a number of rights.

You have the right to obtain access to the personal data we process about you.

You have the right to rectification, i.e. to have inaccurate personal data about you corrected or your incomplete data supplemented with further data if this will make your personal data more complete or up to date. You can always change your master data on ‘My Page’ and ‘My Company’ at www.tryg.dk.

You have the right to erasure, which means that, in certain cases, you have the right to have personal data about you deleted before the time when we would normally delete such data.

You have the right to restriction of processing of your personal data. This means that, in certain cases, you have the right to demand that, in the future, your personal data will only be processed – with the exception of storage – with your consent, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

You have the right to object to the processing of your personal data in certain cases. This means that you have the right to object to our otherwise lawful processing of your personal data.

On grounds relating to your particular situation, you may object to our processing of your data based on Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation. This will be the case if

  • we process your information under an insurance policy or in connection with a claim without you having entered into an insurance agreement with us or without it being necessary for the assessment of a claim, e.g. if you are registered as a relative of a policyholder
  • we use your information for statistics, analyses and predictive models in order to improve our business model without being under a legal obligation to do so or without it being done to safeguard substantial public interests
  • we use your information to assess the risk of fraud
  • we use your information to target our communications or
  • we log your information to protect our systems.

You always have the right to object to the processing, including the profiling, of your personal data for direct marketing purposes.

 

You have the right to human intervention in connection with automated decision-making. This may, for example, be the case if you have received a quote or taken out an insurance policy online, or if you submit a claim digitally, and where our price and assessment of our insurance cover or the compensation to be paid are based on an automated decision. You have the right to talk to us if you want us to explain our decision or if you wish to contest it.

You have the right to data portability, which means that you have the right to receive the personal data you have given us in a structured, commonly used and machine-readable format and to have this data transmitted to another insurance company.

You can read more about your rights in the guidance of the Danish Data Protection Agency (Datatilsynet) on the rights of data subjects, which guidance you will find on www.datatilsynet.dk.

We store documentation showing that we have granted or rejected your request to exercise one of your  personal data rights for five years.

IV. How to contact us or complain

Contact information

Tryg Forsikring A/S

Klausdalsbrovej 601

DK-2750 Ballerup


If you have any further questions about how we process your personal data, or if you wish to exercise your personal data rights, you can always contact us on www.tryg.dk or call us on our main number +45 70 11 20 20, where you will be put through to the department responsible for handling your question.

If you wish to complain about our processing of your personal data, you can send an email to kvalitet@tryg.dk. You can also write to our Data Protection Officer at dpo@tryg.dk.


The Danish Data Protection Agency is the supervisory authority responsible for monitoring compliance with personal data protection legislation in Denmark. You can lodge a complaint with the Danish Data Protection Agency at Datatilsynet, Borgergade 28, 5., DK-1300 Copenhagen K, www.datatilsynet.dk.


We hope you will contact us first so we can help you assess any complaint you may wish to make and clarify and remedy any misunderstandings.