Data Protection Statement
Personal data is information that can be linked to an identified or identifiable person such as name, address, birthday, e-mail address and civil registration number. We may need to process such information in order to serve you as a customer or claimant.
We process personal data which is necessary to provide our customers with insurance services. Examples include when an insured person suffers an injury, or a claim is made against a policyholder. In such cases we need personal data about the injured party in order to meet our obligations as per the insurance contract and to establish the eligibility of the claim. Protector Forsikring ASA (Protector Insurance) processes personal data in accordance with applicable laws. Your privacy is important to us, and we focus on ensuring that your personal data is processed in accordance with the principles of confidentiality, integrity, accessibility and robustness. If a security breach occurs, which in all probability entails a significant risk to our customer’s or others’ rights, we will report this to the relevant parties.
We note that we recommend sending information containing sensitive personal data or civil registration number(s) via encrypted e-mail.
Why and how do we process personal data?
We process personal data for the following main purposes:
- The administration of our insurance products, including providing offers on new insurance products. This may be in order to identify you as a policyholder or a claimant.
- Dealing with specific claims, including assessing whether compensation is payable.
- Human resources (HR) administration, including recruitment.
Our processing of personal data is handled by our competent staff. We use professional systems, with sufficient security to store and process your personal data.
Only a select group of people are able to process and access potentially sensitive information in our professional systems. Physical documents containing sensitive personal data are securely locked away when not being processed by the case handler.
All staff of Protector Insurance are subject to obligations of confidentiality. Our employees have a duty of confidentiality both in relation to external persons and companies as well as internally between colleagues. The duty of confidentiality does not cease upon the cessation of employment.
What types of personal data does Protector Insurance process?
Information processed at Protector Insurance can be categorized as follows:
- Administrative data such as name, address, phone number, e-mail address and civil registration number.
- Information about insured risk and coverage.
- Health information.
- Information about injury, loss and/or damage required to determine the outcome of an insurance claim.
- Information about a third party as a result of this person’s association with a policy, such as benefits.
Which bases for processing does Protector Insurance use?
In connection with the above-mentioned main processing purposes, we process personal data on the following bases:
- Processing is necessary to conclude or fulfil an insurance contract.
- Processing is necessary to comply with the legal obligation incumbent on us as the data controller. For example, we may be required to share information with a public authority, such as a municipality or relevant tax authority.
- Processing is necessary for us or a third party to pursue a legitimate interest.
- Processing is necessary for the establishment, exercise or defence of a legal claim.
- If you have given your consent. For example, if you have consented to us obtaining information concerning your health.
Who do we share personal data with?
We may provide personal data to public authorities if required by a statutory obligation to disclose information.
We may disclose personal data to third parties if permitted by the General Data Protection Regulation (GDPR) and Personal Data Act. In some cases, we may need to provide personal information about you in order to fulfil our agreement with you as a policyholder/injured party. This applies, for example, in the event of an evaluation by a professional specialist. If we provide information to a third party in accordance with the law, we will inform you thereof.
If it is necessary for us to use a data processor, the data processor will only process personal data in accordance with detailed instructions from Protector Insurance. This is to safeguard your rights and protect your data. Any third party receiving personal data from us is subject to the obligations of confidentiality by contractual agreement.
We may also provide information after obtaining your consent. For example, this could be health information provided to another insurance company with whom you have an accident insurance policy.
How long do we keep your personal data?
We do not store personal data longer than is necessary to fulfil the purpose of processing. If you have a customer relationship or personal injury registered with us, personal information about you will be stored. This is due to possible future claims, which can then be linked to the relevant insurance history. This information will be stored up to the expiry date of the current insurance policies, after which it will be deleted.
Your right to access, rectification, erasure and transferal of data
Right of access:
You have the right to obtain information about whether we process personal data about you and to request access to your personal data. In this context, you also have the right to receive information about which purposes and bases for processing we use, which data we process about you, the recipients or categories of recipients to whom your personal data is disclosed, how long the information is stored and where the information is collected.
Right to rectification and erasure:
If you believe that Protector Insurance has registered incorrect information about you, you have the right to have this information rectified without undue delay; for example by having incomplete personal data completed by submitting an additional declaration.
You have the right to have your personal data deleted without undue delay if any of the following conditions apply:
- The information is no longer necessary to fulfil the purpose of processing.
- You withdraw your consent, which has been used as the basis for processing and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate grounds for the processing.
- Your personal data has been processed illegally.
- Personal data must be deleted in order to comply with a legal obligation under EU or national law.
It should be noted that the right of erasure does not apply if, for example, the processing of personal data is necessary for the establishment, exercise or defence of a legal claim.
Right to data portability:
You have the right to receive any personal information we have stored about you in a structured, commonly used and machine-readable format. You also have the right to require us to transfer information we have received from you to another data processor, provided this is technically possible and the processing of the personal data is based on consent or agreement.
Data Protection Officer (DPO):
If you have any questions regarding how we process personal data or wish to exercise any of your rights under the GDPR, please contact our Data Protection Officer using the following method:
E-mail address: DPO@protectorforsikring.dk
A DPO has a duty of confidentiality and is obliged to prevent others from accessing or acquiring knowledge of your personal data unless you have given your consent in advance. This also applies after the processing has ended.
The data controller is the one who determines the purpose of processing personal data and any methods used. In its role as data controller, Protector Insurance monitors the processes, business areas and systems that process personal data, and carries out internal controls and risk assessments to ensure compliance with the GDPR. You can contact the data controller via mail at:
Protector Forsikring ASA
P.O. Box 1351 Vika
N-0113 OSLO, Norway
Protector Forsikring Danmark
Kay Fiskerplads 9, 3. sal, Vest Tårn
2300 København S, Denmark
How to make a complaint about the processing
The Danish Data Protection Agency is responsible for ensuring compliance with the GDPR. If you experience anything you believe is in breach of the rules, you can write to the Danish Data Protection Agency at: Danish Data Protection Agency, Borgergade 28, 1300 København K, Denmark.