Processing of personal data

We collect your personal data when you enter into a contract with a company within the Länsförsäkringar Alliance or through other means of contact between you and Länsförsäkringar, e.g. through online forms on our website, chat, paper applications or recorded telephone calls. We may also obtain personal data from other companies within the Länsförsäkringar Alliance, your employer or from our other business partners. In some cases, we may also obtain health data from health care providers; however, in such cases we will first obtain a power of attorney from you. In addition, we regularly collect personal data from publically available sources, such as private and public records.

Personal data can also be collected from a third party, for example in case of group insurances, from the organisation that enters into the group insurance contract with us or, in case of claim adjustment, from an injured third party or another insurance company whose client also is involved in the same injury.

Länsförsäkringar processes your personal data e.g. if you are a policyholder, a bank customer, insured, co-insured, payer, beneficiary, injured, pledgee, legal guardian, administrator, proxy holder, contact person or representative of a legal person, beneficial owner or website visitor.

The personal data that we process may include name, civil status, contact information, social security number and, in some cases, information about your profession, citizenship, economic circumstances as well as health data. We also process online identifiers such as IP addresses, MAC addresses or equivalent.

In order for Länsförsäkringar to be able to provide you with the relevant service or product, or take other measures that you request during the contract period such as in connection with claim adjustments, you will have to provide the personal data that Länsförsäkringar requests. Such personal data is necessary for entering into or the performance of a contract with Länsförsäkringar.

We may also process personal data in order to fulfil legal obligations, such as the Swedish Money Laundering Act or the Swedish Financial Supervisory Authority's general guidelines and regulations.

If Länsförsäkringar transfers your personal data to a recipient outside of the EU/EEA, Länsförsäkringar will take appropriate safeguards, to ensure your rights and freedoms, such as entering into standard data protection contracts.

Personal data will be stored for the duration of our contract with or other commitments to you or as long as legal claims can be exercised and thereafter up to 10 years in addition to the current year with regard to statutory limitation. In some cases, personal data may be stored for a longer period of time due to other legislation, such as the Swedish Insurance Contract Act (Sw: Försäkringsavtalslagen) or regulations on capital adequacy requirements which Länsförsäkringar must comply with from time to time. Other retention periods may also apply when personal data is processed for other purposes than for the contractual relationship, and in order for Länsförsäkringar to fulfil applicable legal obligations with regard to e.g. preventing money laundering (5 years after the customer relationship has ended) and accounting (7 years).

Personal data that is only processed for marketing purposes and does not result in a contract will normally be stored up to a maximum of six months.

Profiling means any form of automated processing of personal data that is used to evaluate certain personal aspects relating to a natural person, such as e.g. personal preferences, interests and location. Länsförsäkringar processes personal data for profiling for marketing purposes in order to be able to provide you with customised products and services. Profiling may also be used for determining premiums and automated decisions, as well as in order to prevent fraud.

The insurance companies within Länsförsäkringar Alliance may also register and collect data from the insurance industry's joint damage claims records (GSR). This record contains certain information about the damages, as well as information about who has requested compensation, and is only used in connection with claim adjustment. This means that the insurance company will receive information if you have previously reported damages to another insurance company. The purpose of the GSR is to provide information to insurance companies to identify unclear or dubious insurance cases, so the companies can prevent paying compensation based on false information. The data may also be anonymised and used for statistical purposes.

The data controller for GSR is Skadeanmälningsregister (GSR) AB, Box 24171, 104 51 Stockholm. Please see www.gsr.se for more information about the processing of personal data contained in the register.

Insurance companies within the Länsförsäkringar Alliance may also transfer personal data to Larmtjänst, which is the joint agency for the insurance industry regarding the investigation of unclear or dubious information and searching for stolen property. The data controller is Larmtjänst AB, Box 24158, 104 51 Stockholm.

In some cases Länsförsäkringar uses automated decision-making, i.e. decisions that are based solely on automated processes without human intervention that have legal effects for you or significantly affects you. This could for example be an automated approval or rejection of a credit application via the internet.

Länsförsäkringar will never sell your personal data. However, we will transfer your data to other companies within the Länsförsäkringar Alliance for statistical and marketing purposes, taking into account, when applicable, banking and insurance secrecy. Personal data may also be transferred to other companies with whom companies within the Länsförsäkringar Alliance cooperate in order to provide their services, such as Bankgirocentralen, suppliers of IT-infrastructure services, insurance intermediaries and reinsurance companies. This may occur both within and outside of the EU and EEA. See further information about non-EU and EEA recipients below (section Transfer of personal data outside of EU/EEA).

Furthermore, your personal data will be transferred to public authorities if it is required by law. In the event of disputes and other procedures in order to establish, exercise or defend legal claims, your personal data may be transferred to courts, tribunals and opponents. Personal data may also be transferred to creditors with mortgage liens on insured property or site leasehold rights. In addition, information about your property and casualty insurance may be disclosed to persons in your household.

The legal basis for transfer your personal data with other companies is for the performance of our contract with you or due to a legal obligation. In some cases, the legal basis may be our legitimate interests to market products and services from other companies within the Länsförsäkringar Alliance.

The processing of your personal data is necessary for our performance of a contract to which you are a party or in order to take steps requested by you prior to entering into a contract. Please see examples of our processing activities under Managing Contracts, Applications & Offers.

The processing of your personal data is necessary for our performance of a contract to which you are a party or in order to take steps requested by you prior to entering into a contract. Please see examples of our processing activities under Managing Contracts, Applications & Offers.

The processing of your personal data is necessary for compliance with legal obligations. This may be processing activities described under Compliance with Legal Obligations, but also processing when you are not a party to a contract but where we still have a legal obligation to fulfil.

When consent is used as legal basis for our processing of your personal data, it is necessary that you give us permission to process your personal data.

You have the right to withdraw your consent at any time. In such case, we will have no right to continue to process your personal data based on the consent and if a certain processing has been carried out based on your consent, we will not be able to complete the processing. This means that, for example, if processing of an application is carried out on the basis of a given consent, and the consent is withdrawn during the ongoing processing, we will no longer be able to process your application. The withdrawal of your consent will not affect the lawfulness of Länsförsäkringar's processing based on the consent before its withdrawal.

In some cases, we may need to collect sensitive data, such as health data and information about trade union membership. Unless the processing is necessary in order to establish, exercise or defend legal claims, we will require your consent in order to be able to process such data.

The processing is necessary in order to be able to establish, exercise or defend legal claims in connection with disputes and other procedures, e.g. recourse claims.

You have the right to request information about what personal data we process or we have access to about you (subject access request). In order to ensure that nobody else is allowed access to your personal data, you will be required to identify yourself when requesting such access.

If you would like to make a subject access request, please contact us via "My Pages", post mail or telephone. As Länsförsäkringar consists of several companies, it is important that you specify what company your access request regards.

You have the right to object to processing of your personal data based on our
legitimate interests. You also have the right to object to direct marketing. If you would like to exercise your right to objection, please contact us via Mina sidor, telephone or post mail.

Länsförsäkringar is obliged to only process correct and up-to-date personal data about you. If your personal data are incorrect, you have the right to request rectification or completion of such data. You also have the right to request that we restrict the processing of your personal data, e.g. while assessing our legitimate interests.

The data controller for the processing of your personal data is the company within the Länsförsäkringar Alliance that you have entered into a contract with or otherwise provided your personal data to, or who has obtained your personal data from a third party, such as your employer.

Companies within the Länsförsäkringar Alliance also have joint customer database with general information about you, such as your name, contact details and information about your engagements. Your personal data will be processed e.g. for automatic updates of your address and for the coordination of the companies' information and marketing to you. The companies within the Länsförsäkringar Alliance are the joint controllers for the processing of personal data in joint databases, and have therefore entered into a so-called data sharing agreement.

In some cases you have the right to request that your personal data are erased when they are no longer necessary for the purposes which they were collected. Länsförsäkringar will erase personal data about you when the data are no longer needed, but may store your personal data if required by law.