We have a statutory duty of confidentiality under the Danish Financial Business Act (“Lov om finansiel virksomhed”) and therefore treat your personal information confidentially.
- What information we collect.
- How we use this information.
- The options we give you to enable and deselect data sharing and how to access and update the information.
- Your rights.
- Your redress options.
- Contact information for our Data Protection Officer.
ETU Forsikring A/S
CVR nr. 30072855
Data Protection Officer
Our Data Protection Officer can be contacted at [email protected]
Our processing of your personal data
We collect information about you and possibly the injured party to the extent necessary to purchase and manage insurance products and other related services as well as claims processing. This may include information such as names, addresses, social security number (“CPR-number”) and e-mail address, insurance information, payment information or information related to damages.
In addition to the information you provide yourself, we collect information, for example, from the Central Person Register (for the purpose of updating address information) as well as from other publicly available sources and registers. We may obtain information from organizations, associations, etc., whose membership of the organization, association, etc. is a prerequisite for you to buy or keep your insurance with us. We may also obtain information from others if you have given your consent or based on the law.
We store and use your personal data for administration, providing you advice about insurance products and for marketing purposes. We may also use the information for surveys and analysis in order to improve our products, consultancy and technical solutions. We often combine personal data from one service with information from other parts of the group – for example in order to provide you with the most relevant offers.
Whenever possible, we have tried to strike a balance between being fully transparent and detailed while still keeping information concise and understandable, when describing what information we collect, but some of our services and apps also use technologies such as cookies, pixel tags and device fingerprinting to handle sessions and perform web audience measurements, so we can improve our electronic services based on how you use them and in some cases integrate them with social media.
Among other things, we use Google Analytics to help us analyze traffic to our services. When used with our advertising services, e.g. those that use the Google DoubleClick cookie, information from us as well as from Google will be linked to information about visits to multiple websites using Google technology.
We work continuously to maintain a balance between developing our business and protecting your personal data.
If there is anything regarding privacy you have questions or comments about, you are most welcome to contact our Data Protection Officer.
Retention / deletion periods
We intend to delete (or anonymize) your personal data as soon as it is irrelevant, however, we always retain personal data related to financial transactions for a minimum of 5 years + current financial year for the purposes of the Accounting Act (“bogføringsloven”) and often we store information to the extent necessary longer for the sake of legal requirements regarding, among other things, provisions under the Financial Business Act (“Lov om finansiel virksomhed”).
Your rights according to the General Data Protection Regulation
In connection with our processing of your personal data, you have several rights:
- The right to receive information about the processing of your personal data (“disclosure obligation”)
- The right to access your personal data
- The right to correct incorrect personal data
- The right to have your personal data deleted
- The right to object to the use of personal data for direct marketing purposes
- The right to object to automatic individual decisions, including profiling
- The right to move your personal data (“data portability”)
All the above rights are handled manually by contacting us. When contacting us, remember to provide the customer number and insurance policy number.
We may reject requests that are unreasonably repetitive, require excessive technical intervention (such as developing a new system or substantially changing an existing process), affecting the protection of others' personal information, or anything that would be extremely impractical.
If we can correct information, we do this for free, except if it requires a disproportionate amount of effort. We strive to maintain our services in a way that protect information from accidental or harmful destruction. Therefore, when we delete your personal information from our services, we may not always be able to delete associated copies from our archive servers immediately, and the information may not be removed from our backup systems prior to expiration of the retention period.
You have the right to appeal to the Danish supervisory authority at any time (“Datatilsynet”) (https://www.datatilsynet.dk/borger/klage-til-datatilsynet/)
Information we share
We do not disclose personal data to companies, organizations and individuals outside the Group, except in these cases:
- When necessary
- We disclose personal information to others under the Financial Business Act and other applicable law, for example, if it is necessary to execute or administer an agreement with you or to handle your insurance claim. For example, we may disclose personal data to business partners for administrative purposes or to organizations, associations, etc., whose membership of the organization, association, etc. is a prerequisite for you to buy or keep your insurance with us.
- If we need to pay you through the “Nemkonto”, have your insurance payments processed through BetalingsService or MobilePay, we will pass on your CPR-number or bank registration and account number to our payment service providers, including Nets Denmark A/S and MobilePay A/S.
- With your consent
- We share your personal data to companies, organizations or individuals outside the group, if we have your consent to do so.
- We always require use of consent before sharing sensitive personal data.
- For external data processing.
- For legal reasons
We disclose personal information to companies, organizations or individuals outside the group if we believe in good faith that access, use, preservation or disclosure of the information is necessary to:
- Comply with applicable laws, regulations, legal proceedings or legal requests from public authorities.
- Enforce applicable terms of service, including investigation of potential violations.
- Register, prevent or otherwise protect against fraud, security or technical issues.
- Damage the group, our customers or the rights, property or security of the public, as required or permitted by law. If you breach your obligations to us, we may report you to credit reporting agencies and / or other warning records in accordance with applicable rules.
We may share anonymous information with the public and our partners - such as publishers, advertisers, and affiliate websites.
Technical and organizational security measures
We work hard to protect the group and our customers from unauthorized access, alteration, disclosure or destruction of personal data that we store. Therefore, we have implemented the following organizational and technical measures in general:
- We use strong encryption on our internet facing services.
- We apply antivirus / antimalware technologies to all IT systems that process personal data.
- We back up all IT systems that process personal data.
- We regularly review our procedures for gathering, storing and processing information, e.g. physical security measures to protect against unauthorized access to the systems.
- We have entered into data processing agreements with the suppliers who process personal data on our behalf and regularly carry out risk assessment and evaluation of them, including their level of security.
- We have conducted risk assessment and documentation of all systems that process personal data to ensure an informed basis for the level of security of the personal data processing, and we regularly review this.
- We restrict access to personal information to employees, subcontractors and representatives who need to know this information in order to process it for us. These individuals are subject to contractual confidentiality requirements and, if not complied with, may face sanctions or be fired.
Compliance and cooperation with regulators
Last updated May 9th, 2018