Privacy Policy

Processing and Registration of Personal Information

In accordance with applicable law and guidelines, we collect and process personal information that is necessary for us and our work. The information we collect depends on the context of your interaction with us. The below list includes the types of personal information we normally collect:

  • Contact information
  • Certificate and insurance information
  • Claims information
  • Payment information
  • Health and medical information*

We collect the above information to be able to issue quotes and administer insurance products. E-mail addresses and phone numbers are used primarily for communication purposes.

*Health and medical information is only processed when we have obtained explicit consent.

Disclosure of Personal Information

We treat your information confidentially. We only disclose personal information when necessary, and in accordance with applicable law. As the RiskPoint Group is an insurance intermediary, we disclose personal information to the Insurer(s) of which your insurance is bound when necessary. You will find the name(s) of the Insurer(s) on your insurance certificate. We may also disclose personal information to loss adjusters in the event of a claim. We may be required by law to disclose information to public authorities. In addition, in certain cases, we disclose information about you when we have your consent to do so. If you have given consent, then your customer information is only disclosed to others in the context of the Financial Business Act, and only for the purpose of administrating an agreement with you as a customer or to process your case.

How Long Do We Retain Your Personal Information?

We will delete personal information about you when the information is no longer needed. We will keep the information as long as the insurance is in force, and in accordance with applicable law.

Protection of Personal Information

Your personal information is secured when processed at the RiskPoint Group. We have taken technical and organizational measures to protect the information we receive and process. These measurements entail:

  • Encryption of data transmission and storage
  • Virus scanners on our servers
  • Backup procedure for all our servers
  • Password protected IT-systems based on user ID and personal password
  • VPN and encryption when working on remote desktops and other mobile devices
  • Procedures and policies for processing and communicating personal information
  • Employee training on data security

Data Processors

We utilize data processors, hereunder suppliers of software, hosting, security, and disposal. Your personal information may be processed by data processors. The data processors that we use will, however, have no direct access to your personal information. We have contracts with all our data processors, and we exercise control to make sure that they comply with our instructions for secure data processing. As a part of that instruction, we demand that the data processor has appropriate technical and organizational measures in place to avoid the accidental or illegal destruction of data, loss or deterioration, or disclosure to unauthorized persons, and that data is processed in accordance with applicable law.

Your Rights

As a data subject you may at any time claim your rights with certain regulatory exceptions.

  • Right to be informed (GDPR Articles 12 to 14): Data subjects have the right to be informed about the collection and use of their personal data.
  • Right to access (GDPR Article 15): Data subjects have the right to view and request copies of their personal data.
  • Right to rectification (GDPR Article 16): Data subjects have the right to request inaccurate or outdated personal information be updated or corrected.
  • Right to be forgotten/Right to erasure (GDPR Article 17): Data subjects have the right to request their personal data be deleted. Note that this is not an absolute right and may be subject to exemptions based on certain laws. We will only delete your data if you are no longer a client of ours, and only when claims can no longer be directed against us as a result of past injuries and insurance.
  • Right to data portability (GDPR Article 20): Data subjects have the right to ask for their data to be transferred to another controller or provided to them. The data must be provided in a machine-readable electronic format.
  • Right to restrict processing (Article 18): Data subjects have the right to request the restriction or suppression of their personal data.
  • Right to withdraw consent (GDPR Article 7): Data subjects have the right to withdraw previously given consent to process their personal data. If you have given your consent, you can contact us for information concerning the extent of your consent, and you can at any time withdraw your consent. A withdrawn consent does not affect the lawfulness of the data processing conducted prior to the consent being withdrawn.
  • Right to object (GDPR Article 21): Data subjects have the right to object to the processing of their personal data.
  • Right to object to automated processing (GDPR Article 22): Data subjects have the right to object to decisions being made with their data solely based on automated decision making or profiling.

You can always contact us at:

RiskPoint Group A/S
Hammerensgade 4
1267 København K

Telephone: +45 33 38 13 30

Complaints

If you are dissatisfied with the processing of your personal information, you may appeal to:

The Danish Data Protection Agency
Carl Jacobsens Vej 35
2500 Valby

Telephone: +45 33 19 32 00
E-mail: Website: http://www.datatilsynet.dk

English