Tryg’s Privacy and Cookie Notice 

Here you can read more about our guidelines for handling your personal data. Updated 15 May 2020

Data controller (‘we’)

Download full personal Privacy and cookie notice in pdf

 

Tryg Forsikring A/S, Klausdalsbrovej 601, 2750 Ballerup, Denmark, CVR no. 24260666, (‘we’) is the data controller of the personal data we process. Tryg Forsikring A/S also includes Alka, TJM and FDM Forsikring.

The object of our privacy and cookie notice is that you should feel protected and cared for in relation to how we process your personal data. Here, you may find information about whom we process data about, which data we collect, which sources we collect data from, whom we share the data with, and for how long we store the data.

 

We are bound by confidentiality

We are bound by confidentiality pursuant to the Danish Financial Business Act (Lov om finansiel virksomhed), and we process your personal data in absolute confidence. The duty of confidentiality also applies internally between our employees. We do not disclose your personal data unless you have consented to this, or we have another legal basis for such disclosure pursuant to the Danish Financial Business Act and the personal data protection legislation.

In Part I, you can read about how we process personal data about you when we

A Prepare a quote or effect an insurance policy

When we prepare a quote or enter into an insurance agreement, we process data about the party who takes out the insurance (the policyholder), see Article 6(1)(b) (necessary for the performance of a contract) of the General Data Protection Regulation, and about other persons who are covered by the insurance, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation. If we obtain your civil registration (CPR) number or special categories of information, we obtain your consent, see Article 6(1)(a) of the General Data Protection Regulation.

Categories of data subjects in our systems may be:

  • The policyholder • The insured (typically spouses/cohabitants, children and the insured under group insurance policies such as health insurance paid by the employer)
  • Beneficiaries
  • Representatives/contacts
  • The owner/user of an insured item.

 

Categories of personal data we collect, use and process

We only collect and use data when it is necessary in order to enter into, manage and perform the insurance agreement and to administer our insurance business. The data we need to process in connection with quotes and the effectuation of insurance policies will depend on the concrete type of insurance. We do not request health data in connection with quotes and the effectuation of insurance policies.

Categories of personal data may be:

  • Contact details (e.g. name, address, email and telephone number)
  • Date of birth and, if necessary, civil registration (CPR) number in order to identify you
  • Payment details • Insurance data about you or the insured item (e.g. employment, registration number, data about your previous similar insurance policies and claims with other insurance companies)
  • Your connection to our business partners and, if relevant, trade union membership if you take out insurance through a member organisation, bank, association, employer or other parties with associated discounts and other benefits
  • Data about fees due in DFIM (Danish Motor Insurers’ Bureau)
  • Our assessment of your customer status and profitability, e.g. how many claims you have made compared to what we expected you would have
  • Information needed in order to determine the price of the insurance, including information from external registers, e.g. BBR
  • Driving behaviour (driving score) if you have pay-as-you-drive products (Tryg Drive) with us

We request your consent to process your civil registration (CPR) number and, if relevant, trade union membership.

 

Collection and disclosure of personal data

Sources of data and categories of data recipients may be:

  • The policyholder
  • The Central Office of Civil Registration (Det Centrale Personregister) (in order to update address and for information about opt-out registration for unsolicited advertising)
  • Virk.dk (in order to update address and for information about optout registration for unsolicited advertising for businesses)
  • BBR (Central Register of Buildings and Dwellings for information about your property)
  • DMR (Digital Motor Register) • Bilstatistik.dk (information about motor vehicles)
  • DFIM (Danish Motor Insurers’ Bureau) • Other insurance companies
  • Business partners, including trade unions, which entitle you to discounts and other benefits
  • Business partners and suppliers who assist us in the management and performance of your insurance agreement (e.g. insurance provider)
  • Tryg Garanti and Tryg Invest A/S
  • Employers and pension providers (for registration under group insurance policies)
  • Representatives/contact persons.

In some cases, we obtain data about your insurance policies from your current and previous insurance companies and exchange data with partners who entitle you to discounts and other benefits. We request your consent to do so.

 

Storage

We store personal data for as long as this is necessary for the purpose of our processing activities. This means that we store data during such period where we can be met by a claim, are obliged to do so pursuant to current legislation (e.g. the Danish Bookkeeping Act (Bogføringsloven) and financial supervisory legislation) or have another legitimate data storage purpose.

We store quotes to private individuals for up to six (6) months and quotes to sole proprietorships for up to twelve (12) months in cases where you do not accept the quote. If you take out an insurance policy, we generally base our data storage on the absolute limitation periods laid down in the Danish Limitations Act (Forældelsesloven) of 10 and 30 years, respectively, from termination of the policy in the event that a subsequent claim is made. We also store the insurance policy for as long as we have registered a claim.

Read about storing of data for statistical and analytical purposes etc. in section D below.

 

B Handle claims

When we handle claims under private, business and group insurance policies, we only register personal data necessary to process the claim and assess the compensation payable under the claim, see Article 6(1)(b) (necessary for the performance of a contract), Article 9(2)(f) (necessary for the establishment, exercise or defence of legal claims) and Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

Categories of data subjects in our systems may be:

  • The policyholder
  • The insured, e.g. spouse/cohabitant and children or insured under group insurance policies
  • Beneficiaries
  • The claimant
  • The tortfeasor
  • Counterparties
  • Witnesses
  • Business partners and treatment providers
  • Representatives/contact persons

 

Categories of personal data we collect, use and process

During our claims handling, we only process and register the data necessary to assess the claim, which will depend on the specific case.

 

Categories of personal data may be:

  • Contact details (e.g. name, address, email and telephone number)
  • Date of birth and, if necessary, civil registration (CPR) number in order to identify you
  • Payment details • Matters pertaining to employment contexts
  • Insurance data (on current and previous insurance policies with other insurance companies, about types of claims, details pertaining to the processing of specific claims, compensations paid, claims documentation and date and reason for termination)
  • Information about the damaged item (e.g. age, purchase price and examination results)
  • Events occurred in connection with the damage or injury (e.g. analysis, reconstruction of an accident, loss adjuster’s report and police reports) 
  • Date, nature, type and cause etc. of the claim
  • Data about health, illness and contacts with health care services
  • Salary and social and financial circumstances (needed to calculate compensation)
  • Photos, film and telephone recordings of the damage or injury

 

Collection and disclosure of personal data

We only disclose personal data when this is necessary to enable us and our partners to process your claim, when we have a claim against others as a result of your claim, or if we are legally bound to do so (e.g. reporting to the Danish Customs and Tax Administration (SKAT) of compensations paid).

Sources of data and categories of data recipients may be:

  • The policyholder
  • The insured (typically spouses/cohabitants, children and insured under group insurance policies)
  • Beneficiaries • The claimant
  • The tortfeasor
  • Witnesses and secondary parties
  • Partners and suppliers who assist us in the administration, handling, assessment or repair of damage or injury, e.g. loss adjusters, workshops, tradesmen, emergency call centres and carriers
  • Treatment providers, e.g. physicians, specialists, dentists, psychologists, physiotherapists etc.
  • Danish Labour Market Insurance (Arbejdsmarkedets Erhvervssikring)
  • Public authorities such as municipal authorities, the Danish Customs and Tax Administration (SKAT) and the police
  • The Central Office of Civil Registration (Det Centrale Personregister) (in order to update address)
  • Boards of appeal, appeal bodies and courts of law
  • Other insurance companies, including Sygeforsikringen “danmark” (e.g. in connection with recourse where we collect outstanding amounts under an insurance policy in another company, or where other insurance companies make claims against us)
  • Mortgagees
  • Leasing companies
  • Buyers of damaged goods (e.g. cars and machines declared total losses)
  • Representatives/contact persons
  • Other departments in Tryg Forsikring A/S (e.g. in case of exchange of data between workmen’s compensation, liability and accident insurance concerning the same claim event)

In personal injury claims cases, the informed consent form that you sign contains information about the sources which we may obtain information from and the parties which we may disclose data to with your consent. Such parties may include, for example, your current and former municipalities of residence and other expressly specified recipients. In the event of a recourse or double insurance claim, we may disclose information without your consent.

 

Storage

We store personal data for as long as this is necessary for the purpose of our processing activities. This means that we store data during such period where we can be met by a claim, are obliged to do so pursuant to current legislation (e.g. the Danish Bookkeeping Act and financial supervisory legislation) or have another legitimate data storage purpose.

As a general rule, we store claims in accordance with the absolute limitation periods of 10 and 30 years, respectively, stipulated in the Danish Limitations Act (Forældelsesloven), from when the notice of claim was reported in the event that the claim is resumed.

C Investigate suspected fraud and otherwise manage insurance agreements

Investigate suspected fraud

We have a legitimate interest in verifying that your claim for compensation is legitimate, and in ensuring that our customers do not pay higher premiums due to insurance fraud, see Article 6(1)(f) (legitimate interests) and Article 9(2)(f) (necessary for the establishment, exercise or defence of a legal claim) of the General Data Protection Regulation.

You can read about our data processing in connection with our investigation of cases of suspected insurance fraud at https://tryg.dk/om-tryg/forsikringssvindel (in Danish). We follow the code of conduct of the industry organisation Forsikring & Pension (the Danish Insurance Association). In addition to the data and sources normally forming part of our claims handling, we also obtain data from publicly accessible sources and open profiles on social media in accordance with the guidelines laid down in the code of conduct. We continuously screen our customer portfolio to identify cases for investigation for fraud. This may mean that your case is selected for closer inspection based on a score (profiling).

If we have found that you have committed insurance fraud against us, we may register this in our internal systems to protect our business and thus also our other customers from fraud in the future, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

 

Pay out bonus

As a policyholder in Tryg you are automatically a member of TryghedsGruppen to whom we distribute data in order for them to administer your membership. Under certain circumstances, members of TryghedsGruppen receive bonus payments calculated on the basis of insurance covers. Also, as a member you may run as a candidate for and vote at elections for the Board of Representatives of TryghedsGruppen. To enable TryghedsGruppen to administer your 4/10 | Tryg | Tryg’s Privacy and Cookie Notice 15 May 2020_UK membership, we disclose your name, address, policy number and civil registration (CPR) number/company registration (CVR) number, account number and payable bonus.

 

Manage non-payment

If you fail to fulfil your payment obligations to us, we may report you to credit rating agencies or warning registers in accordance with applicable legislation. We may also register in our own systems that you have defaulted on your payments, or have fallen into arrears with us. This is done based on a concrete assessment to ensure our profitability of our business, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

D Prepare profiling, statistics and analyses as well as automated decisions

Prepare profiling, statistics and analyses

Profiling is any type of automated processing of personal data which involves using personal data to evaluate certain personal circumstances concerning a natural person, especially to analyse or predict circumstances relating to this person.

We use profiling, for example, when we:

  • Calculate or change your prices and terms and give you product recommendations, see Article 6(1)(b) (necessary for the performance of a contract) of the General Data Protection Regulation.
  • Assess whether we can make an automated decision in your case, see Article 6(1)(b) (necessary for the performance of a contract) of the General Data Protection Regulation.
  • Perform marketing and targeted communication, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.
  • Assess the risk of fraud in your case, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.
  • Build predictive models for, for example, assessment of profitability, pricing, sales and upselling possibilities, churn risk, prediction of claim expense etc.

 

Profiling is made by automatically comparing your personal data with, for example, your master data and contact information, information about your job and household, current and previous insurance coverage, information about our earlier contact with you, your address, home, business, age, claims history, your customer relation, your affiliation with our business partners, publicly available data (e.g. house data, telephone number and business data) as well as statistical information about the geographical area in which you live, e.g. average income, assets, age, life phase, house type and risk of floods.

When we carry out profiling in order to perform marketing and targeted communication, we also make use of behavioural data and cookie data collected on the Internet and by use of our apps, services and websites, including what you may have searched and how long you spent on the website unless you have blocked cookies for marketing purposes.

Read more about our use of cookies in section F below.

We also use your information for statistics, analyses and predictive models, including profiling, in order to improve our products, services, quotes, advisory services and technical solutions and to manage our insurance business, such as:

  • Statistics, analyses and predictive models used for risk management and insurance communication, e.g. preparing of insurance tariffs, product recommendations, monitoring of profitability, general changes in terms of prices and conditions, insurance provisions, solvency and reinsurance. The basis for this is found, among other things, in the rules in the financial supervisory legislation, including the Danish Financial Business Act, the Solvency II Regulation and the regulation on requirements for product supervision and management for insurance companies and insurance distributors, see Article 6(1)(c) (legal obligation) and Article 9(2)(g) (substantial public interests) of the General Data Protection Regulation as well as section 10 of the Danish Data Protection Act (Databeskyttelsesloven).
  • Statistics, analyses and predictive models for management of our insurance business, including focus on profitability, growth, efficiency, sales and upselling, service and claims handling, new customers and churn of customers and policies, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.
  • Other statistics, analyses and predictive models in order to optimise our business, e.g. efforts to investigate fraud, marketing initiatives and targeted communication, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

 

Make automated decisions

In certain situations, we make decisions which are based solely on automated processing, including profiling, and which have a legal effect or similar substantial effect on you, see Article 22 of the General Data Protection Regulation. This means that the processing is made in our systems with no human involvement, and that an algorithm in our systems calculates and informs you of the result.

Such individual automated decisions are made, when we:

  • Sell an insurance product or provide a quote online. The price is calculated by comparing the information you give us in connection with the purchase to our assessment of your risk of claims. The higher/lower the risk of a claim being made during the insurance period, the higher/lower the price of your insurance will be. Factors which may lead to a higher price include, for example, a high risk of personal injury in your job, or living in an area where the risk of flooding or burglary is higher than in other places. Factors which may lead to a lower price include, for example, having a small house, or driving fewer kilometres a year than most other people. If we are unable to provide a quote or sell an insurance product to you online, e.g. because you have had more claims than we would have expected, you will instead be referred to contacting us for a quote or to buy an insurance product from one of our employees.
  • Process your claim online. We assess any claim for compensation you may make by comparing the information you provide when reporting the claim with your insurance coverage, your terms and conditions and your customer relationship in general, including number of claims. We can also provide you with an advance assessment of your cover on a travel insurance. The decision may result in full or partial acceptance of your claim/cover or in a rejection. If your claim cannot be processed automatically, e.g. because we need further information due to the complexity or scope of the claim, or because we are concerned about increased risk of fraud, your claim will be transferred for processing by one of our employees.

The purpose of our automated decisions is to make it possible for you to obtain a quote, buy an insurance product or have your claims handled quickly and efficiently at any hour of the day, see Article 6(1)(b) (necessary for the performance of a contract), Article 9(2)(f) (necessary for the establishment, exercise or defence of legal claims) and Article 22(2)(a) (necessary for entering into, or performance of, a contract) or Article 22 (2)(c) (consent) of the General Data Protection Regulation.

If your health or union information forms part of the automated decision, we ask for your consent, see Article 22(4) of the General Data Protection Regulation.

If you do not want us to make an automated decision, you can always contact us to request a quote, buy an insurance product or have your claim handled by one of our employees instead.

We regularly test our systems and data models to ensure decisions are made on a just, objective and correct basis. You can always contact us if you wish to state your point of view, want an explanation for the decision or wish to contest it.

 

Storage

We store personal data for as long as this is necessary for the purpose of our processing activities. This means that we store data during such period when we can be met by a claim, are obliged to do so pursuant to current legislation (e.g. the Danish Bookkeeping Act (Bogføringsloven) and the financial supervisory legislation, including the Solvency II Regulation) or have another legitimate reason for storing the data, e.g. to check the accuracy of our data models.

E Market products to you

Through our marketing, we provide information about news, benefits and offers of insurance products and loss prevention products, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

Among other things, we collect data from the public telephone directory and other public registers, competitions in which you participate as well as from business partners where you are a member/customer or with whom you have another connection which entitles you to special discounts and other benefits.

In some cases, we disclose personal data from publicly available registers such as the telephone directory, DAR, BBR and the CVR register to our business partners for marketing purposes, see section 13(2) and (4) of the Danish Data Protection Act and Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation. Prior to such disclosure, we sort the information based on selected commercial criteria. We delete any information which we have received from public registers immediately after passing it on to our business partners, unless you are a customer with us already.

Before marketing our insurance products to you, we check that you have not opted out of receiving direct marketing from us or are registered on the Robinson list. Moreover, we do not disclose information from public registers to our business partners if you are registered on the Robinson list or have opted out of receiving direct marketing from us.

You can always object to our direct marketing by contacting us on tel. +45 70 11 20 20.

F Use cookies, are on social media, and when you visit our website

Use of our website and cookies

When you use our website, we use cookies and other similar tracking technologies, including flash cookies, session/local storage, pixels etc. (‘cookies’), which collect information about how you move about on our website. We use both our own and third-party cookies. You can read more about the individual cookies in our cookie summary, to which you will find a link at www.tryg.dk/persondatapolitik.

A cookie is a small data file that we create on your computer, smartphone, tablet or other IT equipment to keep track of what happens during your visit to our website. A cookie contains only text, it is not a program, and it does not contain viruses. Among other things, cookies help ensure the functionality of our website, recognise your computer and remember your favourite locations, preferences and search history so we can show you what you last searched for. We use persistent cookies that remain in your browser for a certain amount of time, and session cookies that are only stored temporarily until you close the program.

A pixel is a small image found on webpages and in emails that sends information about your device and visits back to our servers. We use pixels to learn more about your interactions with content in emails or web content, for example whether you have interacted with advertisements or posts. Pixels may also enable us and third parties to create cookies in your browser.

We collect information about how you use our website and which pages you look at. We do this to understand how our website is used, to provide you with a better user experience, compile statistics, remember your preferences and ensure the functionality of the website. For example, we use cookies on ‘My Page’ (“Min Side”)so that we can remember the contents of your shopping cart, so that you do not have to log in every time you visit a ‘My Page’ subpage and to ensure that the calculation features of our website work, for example in connection with price calculations or claims assessments. Our basis for processing is our legitimate interest in ensuring a user-friendly and functional website, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

We also collect information about your behaviour on websites we advertise on or on the websites of our business partners to see if you have looked at an advertisement or post of us, or if you have ‘liked’ a post from us on social media such as Facebook and LinkedIn. We do this in order to measure the impact of our marketing campaigns and to be able to target marketing at you (profiling). If you call us after visiting our website, we can link your telephone call with data from your behaviour on our website prior to your call, e.g. to see that you have calculated a price, purchased insurance or are making contact via a contact form. We also use the information to ensure that you do not receive the same advertisement multiple times. Our legal basis for collecting and processing information about your behaviour on our website and our partners’ websites and for profiling your personal data for direct marketing purposes is consent, see Article 6(1)(a) (consent) of the General Data Protection Regulation.

Third-party cookies are cookies created by our collaborating partners on our website. Such cookies collect information about the behaviour of visitors to our website for the purpose of measuring traffic, compiling statistics and analysing user behaviour. We use such data to measure the impact of our marketing activities and to 6/10 | Tryg | Tryg’s Privacy and Cookie Notice 15 May 2020_UK target advertising at you on our own website or on third-party websites (remarketing).

From our collaborating partners (e.g. Facebook and Google), we may also receive information about users’ interests based on what they have looked at or searched for, ‘liked’ etc. We use such data to tailor our marketing on websites to different target groups and leads. Our partners can either be data processors for us, act as data controllers jointly with us, or they can be independent data controllers. Read more about this in section II.L below.

You can read more about the cookies we use, including third-party cookies, the purpose of collecting personal data, how long the data are stored etc. in our cookie summary, to which you will find a link in the cookie consent at our website or here www.tryg.dk/persondatapolitik In the cookie summary, you will also find links to our partners’ personal data policies, which apply if they collect and process personal data for their own purposes (independent data controller).

Withdrawal and change of cookie consent You can always withdraw your consent to cookies by blocking and resetting cookies in your browser and rejecting cookies in the cookie summary on our website www.tryg.dk or here www.tryg.dk/persondatapolitik. However, you cannot block cookies that are necessary (‘necessary cookies’) for the functionality of the website. Further we create a cookie to remember your choice of cookies.

You can always change your choice of cookies and block cookies via the cookie summary. However, you should know that if you block cookies, there may be features and services that you cannot use because they require the website to remember the choices you make.

 

Our use of social media

Collection of personal data via our website

When you visit our website, e.g. a Facebook cookie and a LinkedIn cookie (pixel) may be created in your browser or device. Data is collected for statistical and analytical purposes, and to be able to target marketing (remarketing) on, for example, Facebook and LinkedIn to visitors who have visited our website, and who have a Facebook or LinkedIn profile. We do not disclose data from our customer system (CRM system) to Facebook or LinkedIn, nor do we disclose information that you are our customer.

We are joint data controllers with Facebook and LinkedIn for the collection and disclosure of personal data to them that takes place on our website, to the extent that it is done both for our purposes and their purposes (statistics, analysis and marketing). Our legal basis for collecting and disclosing personal data via cookies to Facebook and LinkedIn is Article 6(1)(a) (consent) of the General Data Protection Regulation.

 

Collection of personal data on Facebook and LinkedIn

When you visit our social media sites, such as Facebook (including Instagram and Messenger) or LinkedIn, the sites collect and process personal data about you, as detailed in their personal data and cookie policies, to which you will find links in our cookie summary at www.tryg.dk/persondatapolitik. The information is collected through, for example, Facebook creating a cookie (pixel) on your computer or device when you visit our Facebook page, when you ‘like’ or share a post or otherwise interact with the content on the page.

We are joint data controllers with Facebook and LinkedIn for data collection related to activity on our site on these media, as we, Facebook and LinkedIn have a purpose for collecting the data (statistics, analysis and marketing).

For example, Facebook and LinkedIn use the information for statistical and analytical purposes to improve their advertising and tailor their marketing. From Facebook and LinkedIn, we receive aggregated statistics on users who have carried out an activity on our pages. The information may concern users’ interests based on user behaviour (Facebook) or about a company’s name, industry, size, profession and geography (LinkedIn). We use such statistics to tailor our marketing to different audiences on Facebook or LinkedIn (remarketing).

We would like to point out that if you write to us via social media, such as Facebook, Messenger, Twitter or LinkedIn, we cannot encrypt, protect, correct or delete your data. Therefore, we recommend that you instead call us on tel. +45 70 11 20 20.

 

G Communicate with you on other matters

When you contact us with questions about, for example, insurance policies or complaints, or if you are a representative or contact of one of our customers, suppliers or business partners, we process your personal data in order to provide you with the correct assistance, advice or service, see Article 6(1)(b) (necessary for the performance of a contract) and Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

If you have participated in a satisfaction survey on the telephone or online, we store your responses with your telephone number or online identifier (IP address and cookie), see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

If you have signed up to receive a newsletter from us, we will store your contact details for this purpose, see Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation.

In Part II, you can read about how we protect your personal data when we

H Communicate by email

If we send you emails containing your civil registration (CPR) number or sensitive personal data, we encrypt the emails. Please note that we cannot guarantee confidentiality and use of encryption when you have received the email in your mail server, or when you send emails to us, as this will depend on your service provider. We can receive emails with Tunnel Layer Security (TLS) if your provider supports this feature.

It is important that you generally choose a trustworthy and secure provider that supports receiving email with TLS by default. You should also secure your account with a strong password and two factor login.

Read more about being a digital customer at https://tryg.dk/digital.

I Record telephone conversations with you

We record our telephone conversations with you in order to continuously improve and quality-assure our customer service and products. The recordings may also be used for documentation purposes. We use the recordings for the internal evaluation and analysis of our customer service and of customer satisfaction with Tryg’s products.

We process recorded telephone calls based on the consent that you give in the telephone menu, see Article 6(1)(a) (consent) of the General Data Protection Regulation. The analysis of transcriptions is based on Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation. You have the right to withdraw your consent to the future processing of your personal data at any time by contacting us. You may also at any time object to Tryg’s processing of your personal data.

We store the recordings securely and generally store them for six months, after which they are deleted. Transcriptions of the interviews are used for analyses in connection with quality assurance and product development. The transcriptions are deleted after three (3) years.

If, within a period of six (6) months, your conversation becomes part of a specific complaint, dispute or other form of processing, including disclosure for access or limitation, the recording may be stored for as long as is necessary to resolve the case in question in accordance with the rules of the Danish Limitations Act (Forældelsesloven).

J Process your data digitally

When you fill in a contact form, buy an insurance policy, obtain a quote or file a notice of claim online, we register the data you give us. Your notice of claim will be encrypted. We store the data for as long as is needed in accordance with our general guidelines on data storage.

On ‘My Page’ and ‘My Business’ – your personal self-service universe – you can find information about your current insurance policies and claims. Read more about being a digital customer at https://tryg.dk/digital. You may be exempted from receiving mail in the customer portal if you are exempted from receiving digital mail from the public sector.

If you write to us through the chat function on our website, we register the information you give us to enable us to answer your enquiry. The chat function is encrypted, and we will delete the conversation after three months. We store data that we need in accordance with our general guidelines on data storage. We recommend that you do not chat with us about matters involving the processing of sensitive personal data, and that you instead call us on tel. +45 70 11 20 20.

When you use our applications (apps), you can read more about our data processing in the conditions for the respective application that you use.

Read more about our use of cookies in section F above.

K Experience personal data security breaches

We are obliged to report any data breaches that involve us and our data processors to the Danish Data Protection Agency. Our data processors work under our instructions and are subject to our requirements for organisational, technical and security measures.

If we experience a personal data breach, we are obliged to report the breach to the Danish Data Protection Agency within 72 hours in accordance with the personal data protection legislation.

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we are also obliged to inform such natural persons directly. We will do this by telephone, email, text message, at our website or through the press, depending on the available contact details for the persons affected by the situation and the seriousness of the data breach.

If you erroneously receive a letter or an email addressed to one of our other customers, you can report this by email to dpo@tryg.dk.

L Disclose personal data to other parties

We do not disclose your personal data to other parties unless you have given your consent, or we have another legal basis for such disclosure pursuant to the Danish Financial Business Act and the personal data protection legislation.

We only disclose personal data when necessary, for example to perform and manage your insurance agreement or process your claim(s), if we have a claim against others in connection with your claim(s), or if you wish to use your affiliation with one of our partners to obtain a discount and other advantages.

Our business partners may act as our extended arm and work under our instructions, and where your data are used exclusively for our purposes (data processors), or they may act as independent data controllers, just like us. We may also be jointly responsible, which means that we and our partners jointly define the purpose and means of processing your personal data.

Among other things, we engage with data processors for the purpose of development, hosting, support and operations.

When we enter into an agreement with a data processor on the processing of your personal data on our behalf, we attach importance to ensuring that the data processor is able to process 8/10 | Tryg | Tryg’s Privacy and Cookie Notice 15 May 2020_UK your personal data in a secure manner and in accordance with all applicable legislation. We therefore perform a risk assessment of our data processors before entering into an agreement with them and disclosing your personal data to them.

When our partners are independent data controllers like us, they are also obliged to meet your wishes regarding the exercise of your personal data rights (see below).

M Transfer data to third countries

We use data processors and sub-processors outside the EU/EEA in connection with technical IT development, hosting, support and operations. Furthermore, in specific individual cases we may transfer data to countries outside the EU/EEA, e.g. in connection with the processing of your claim(s).

When we use data processors outside the EU/EEA, we use the European Commission’s standard data protection contracts or other legal basis for data transfer, see Articles 45-49 of the General Data Protection Regulation.

In Part III, you can read about your rights as a data subject

N Right to withdraw consent

Your consent may be given orally and/or in writing.

If the processing of your personal data is based on your consent, you have the right to withdraw your consent. This means that, going forward, we will stop processing your data based on your consent. Your withdrawal of consent will not affect the legality of the data processing we have performed before you withdrew your consent. Also, your withdrawal of consent will only apply to data which we have processed based on your consent but not to any data which we process on other legal grounds, see Article 6(1)(b) (necessary for the performance of a contract) of the General Data Protection Regulation.

You can withdraw your consent by calling us on tel. +45 70 11 20 20 or by contacting the Tryg department that originally obtained your consent.

O Other personal data rights

When we process your personal data, you have a number of rights.

You have the right to obtain access to the personal data we process about you.

You have the right to rectification, i.e. to have inaccurate personal data about you corrected or your incomplete data supplemented with further data if this will make your personal data more complete or up to date. You can always change your master data on ‘My Page’ and ‘My Business’ at www.tryg.dk.

You have the right to erasure, which means that, in certain cases, you have the right to have personal data about you deleted before the time when we would normally delete such data.

You have the right to restriction of processing of your personal data. This means that, in certain cases, you have the right to demand that, in future, your personal data will only be processed – with the exception of storage – with your consent, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

You have the right to object to the processing of your personal data in certain cases. This means that you have the right to object to our otherwise lawful processing of your personal data.

 

For reasons related to your particular situation, you may object to our processing of your data based on Article 6(1)(f) (legitimate interests) of the General Data Protection Regulation. This will be the case if

  • we process your information under an insurance policy or in connection with a claim without you having entered into an insurance agreement with us or without it being necessary for the assessment of a claim, e.g. if you are registered as a relative of a policyholder
  • we use your information for statistics, analyses and predictive models in order to improve our business model without being under a legal obligation to do so or without it being done to safeguard substantial public interests
  • we use your information to assess the risk of fraud • we use your information to target our communications or
  • we log your information to protect our systems.

You always have the right to object to the processing, including the profiling, of your personal data for direct marketing purposes.

 

You have the right to human intervention in connection with automated decision-making. This may, for example, be the case if you have received a quote or taken out an insurance policy online, or if you submit a claim digitally, and where our price and assessment of our insurance cover or the compensation to be paid are based on an automated decision. You have the right to talk to us if you want us to explain our decision or if you wish to contest it.

You have the right to data portability, which means that you have the right to receive any personal data you have given us in a structured, commonly used and machine-readable format and to have this data transmitted to another insurance company.

You can read more about your rights in the guidance of the Danish Data Protection Agency (Datatilsynet) on the rights of data subjects, which guidance you will find on www.datatilsynet.dk.

We store documentation showing that we have granted or rejected your request to exercise one of your personal data rights for five years.

In Part IV, you can read about how you can contact us and make a complaint

Contact information

Tryg Forsikring A/S

Klausdalsbrovej 601

DK-2750 Ballerup

If you have any further questions about how we process your personal data, or if you wish to exercise your personal data rights, you can always contact us on www.tryg.dk or call us on our main number +45 70 11 20 20, where you will be put through to the department responsible for handling your question.

If you wish to complain about our processing of your personal data, you can send an email to kvalitet@tryg.dk.

You can also write to our Data Protection Officer at dpo@tryg.dk.

The Danish Data Protection Agency is the supervisory authority responsible for ensuring compliance with personal data protection legislation in Denmark. You can lodge a complaint with the Danish Data Protection Agency at Datatilsynet, Borgergade 28, 5., DK-1300 Copenhagen K, www.datatilsynet.dk.

We hope you will contact us first so we can help you assess any complaint you may wish to make and clarify and remedy any misunderstandings.