Privacy Policy & Cookies
Privacy Policy
How do we process your personal data?
Eir Försäkring AB (“Eir “), Corp. ID No 559166-0617, is an insurance company and insurance provider. As a result, Eir is the personal data controller and is responsible for the processing of your personal data. This personal data is comprised of details which can directly, or indirectly, be related to you as a customer. Eir determines the purpose and the method of implementing the data processing. Respect for your privacy is of utmost importance to Eir and we have, therefore, taken measures to ensure that your personal data is processed in a responsible and secure manner. All processing of personal data by Eir is undertaken in accordance with the General Data Protection Regulations (“GDPR”) and other applicable regulatory frameworks. Please feel free to contact us if you have any questions.
What is personal data and why do we process this data?
Personal data is all information that can be linked to a given person. This can pertain, for example, to personal identity numbers, home addresses or registration numbers. Eir is required to obtain sufficient detail regarding you as a person in order to provide, according to the laws in effect, insurance and in order to make it possible for Eir to fulfill our obligations under such insurance. An example of such an obligation is if we would advise you to refrain from subscribing to insurance which is not appropriate to your circumstances.
Eir can process your personal data for the following purposes:
To prepare for the sale of, and advice regarding, insurance and insurance related services.
In order to enter into, administer and execute agreements regarding insurance and related services.
To settle insurance claims and handle compensation paid under insurance agreements.
For risk management, calculation of premiums, determination of insurance terms and conditions, and for reinsurance purposes.
In order to comply with the laws and regulations applying to our operations.
To provide you with focused marketing offers for insurance and related services.
Always included in each of the above-mentioned purposes is the production of statistics required in our operations.
Where does Eir obtain your personal data
Eir can obtain information from you which you, yourself, provide when you fill in in any of our distribution partners’ home pages. Eir also receives information from, for example, institutions and registers. Examples of these are SPAR/BASUN, the Swedish Transport Agency, the Road Traffic Registry, Bisnode, banks, credit institutes, other insurance companies, TFF, etc. In the case of claims, information can also be obtained from workshops, valuators, hospitals, witnesses and counterparties.
Below is a list of definitions with the terms being defined shown in italics.
By general personal and contact information is meant: name, date of birth, personal identity number, contact details such as address, e-mail, telephone number. This information is used, for example, to be able to identify you and in order to communicate with you.
By other identification number assigned by authorities is meant: personal identity number, car registration number, passport number or coordination number.
By financial details and account details is meant: information regarding your income, payment card number, bank account number and account details, credit history, credit rating, assets and other financial details.
By health details is meant: In order to execute certain of Eir’s services, we must obtain and process special categories of personal data. This can pertain to information about your health. The collection of such details takes place if you have, for example, informed Eir of injury to your person due to a car crash. This can comprise of the information usually included in doctors’ journals and can also pertain to information regarding existing or previous physical or mental illnesses, your health status, details of injuries, impaired functional abilities, operations, personal habits, such as smoking, information regarding prescriptions, history of illness, work capacity, absence due to illness or the history of family illnesses.
By information required to deliver the products and services is meant: addresses, details regarding cars, registration number, type of vehicle, and aspects such as effect and fuel quality, vehicle history and ownership and mileage.
By legal processes, fraud and information regarding crimes is meant: We obtain the necessary information to prevent money laundering, insurance fraud and to investigate questionable insurance claims cases.
By electronic tracing is meant: Information regarding behavioral patterns is considered to comprise of personal identity numbers and these details are registered when you visit our web pages. Behavioral patterns are processed, for example, as regards the pages you visit and the links you click on. Eir also collects: IP addresses, visit duration, type of browser and hardware, as well as the link you use to access www.eirforsakring.se
How can Eir use your personal detail?
Offers, purchases and renewal of insurance
Eir processes personal data in conjunction with offers regarding, or the purchase of insurance, or in conjunction with the renewal of insurance agreements. The legal basis for this is that the processing of personal data is required in order to be able to enter into and fulfill the insurance agreement with you, or in order to implement the measures to be undertaken at your request prior to the signing of an agreement.
Customer administration and claims management
Eir processes your personal data with the purpose of taking care of the customer relationship with you. Eir’s customers are registered in a customer register in order to make the communication with you efficient if there is a possible change in our insurance, change in the terms and conditions of the insurance, change in our electronic services and in order to provide important information. The legal ground for is that the processing of personal data is required in order to be able to fulfil the agreement with you.
Eir processes personal data in conjunction with claims registration which involves, for example, the valuation of the claim, processing of the claims case and execution of claims settlement, In certain cases, the handling of health information is included to assess the claim, for example, if you have had a car crash and personal injury has taken place.
The legal ground for this is that the processing of personal data is required in order to fulfill the agreement with you. If the processing of particularly sensitive personal data is required to handle the claim and execute settlement, the basis of this is that such processing is required in order to determine the legal right to claims compensation.
Prevention and investigation of criminal offences
Eir processes personal data with the aim of preventing and identifying criminal offences. This can pertain, for example, to fraud. We execute investigations whereby we create profiles by grouping customers in various customer segments, based on the information we have about you as a customer, or which we obtain from third parties, and we adapt these investigations accordingly. Details obtained in this context can also be obtained from and can also be provided to other financial companies, the police and other authorities. This processing is based on Eir’s legitimate interest in protecting itself against criminal offences and ensuring that settlements are correct.
Customer follow-up and marketing
Eir processes personal data with the purpose of following-up the customer relationship by providing information and offering activities.
We execute no direct marketing with the exception of the following.
If you have no customer relationship with Eir, we have a legitimate interest in marketing our products and services to you, but only if you have not made a reservation requesting that we do not undertake such marketing, or if you have stated this in the NIX register.
Customer and market surveys, analyses, reports and statistics
Eir processes personal data with the aim of executing market and customer surveys and in analysing replies to such surveys. This can take place, for example, when we ask you if you are satisfied with the service after having spoken with us, or in conjunction with claims management. In such surveys, we can group customers in various customer segments based on the details we have about you in order that our contact with you can be adapted to your requirements in terms of the information we have received from you, or from a third party. We also process personal data in order to improve the quality of our services and in providing educational/training activities.
The processing of your personal data is based on Eir’s legitimate interest in receiving information as to how we are experienced as a brand, and what you and others think about our products, services and Eir’s handling of customers.
Eir also processes personal data when we execute customer analyses at an overall level, for example, in determining price levels, producing analyses of profitability and in conjunction with the development of products and services.
The processing of your personal data in the above-mentioned cases is based on Eir’s legitimate interest in executing customer analyses to achieve an increased knowledge of its customers.
Compliance with legal obligations and processes, complaints handling, legal recourse
Eir processes personal data when this is required to comply with applicable laws and regulations issued by authorities regarding insurance agents, insurance products, the fight against terrorism, reporting to authorities, legal ordinances, security requirements, and in replying to queries from authorities.
Eir processes your personal detail with the aim of identifying, implementing and defending legal requirements. This can have to do with the handling of complaints, legal recourse, and/or in legal processes.
Security and visits to Eir’s home page
In order to secure the company’s assets, such as the operating of infrastructure and firewalls, it is necessary for Eir to process personal data based on Eir’s legitimate interest in maintaining operational security. This applies, in particular, to the digital operations undertaken by Eir.
Eir tracks, on an ongoing basis, the manner in which you use www.eirforsakring.se with the aim of improving its home page, and this is based on Eir’s legitimate interest in tailoring content so that it is easier for you to use. Eir also uses information tracked from the pages for other purposes, such as statistics and for the maintenance of the home page.
Development of new and existing services
Eir processes personal data in order to identify possible requests for new products and services or in order to improve the functionality in already existing products and services, including the analysis and testing undertaken in conjunction with the development of such products and services. Eir processes personal data in order to calculate insurance risks, and for the follow-up and improvement of the pricing of Eir’s insurance. The legal ground for this is that Eir processes personal data based on Eir’s legitimate interest in developing new and existing services.
Recording of incoming messages/conversations
Eir can, in certain cases, record and save telephone calls for documentation purposes with the based on the requirement of a balancing of interest test and for educational/training purposes. According to the law, conversations can also be recorded with the purpose of, for example, ensuring that you as a customer have received the correct information and that no misunderstandings have arisen if such information would be referred to at a later date. Such recordings take place when our legitimate interest in recording and saving telephone conversations is deemed to override the interest of the data subject or is greater than the basic rights and liberties of the data subject. Conversations which are saved due to suspicion of fraud or threat are saved until the investigation and possible legal process is completed. Other conversations which are saved for reasons of documentation based on a balancing of interest test of interests, and for educational purposes, are archived for 30 days.
To whom can Eir provide personal data and execute a possible transfer of data outside the EU/EES?
Eir will not share, sell, transfer, or in another manner, provide personal data, except as stipulated in this Integrity Policy, if we do not have a legal obligation to do so. Eir will only provide your personal data to the degree such provision is relevant to the purpose of the processing of such data.
Your personal data can be transferred to and processed by customer companies and partners of Eir within the EU/EES. If Eir, for some reason in fulfilling such a purpose is required to transfer your personal data outside the EU/ESS, Eir will undertake the appropriate security measures and will ensure that the transferred data is handled in accordance with the applicable laws and in accordance with its (Eir’s) Integrity Policy. This protection includes, amongst other things, but is not limited to, the applicable contractual clauses included in standard contractual clauses approved by the EU Commission, and other relevant security measures. We can also require the execution of an impact assessment in order to ensure that the security measures have been carefully investigated.
There can also exist parties handling personal data, for instance, as regards operations and support of IT environments, who receive access to certain of your details as a registered customer. These parties cannot, on the other hand, process your personal data for any reason other than the stipulated purpose.
How long can Eir save your data?
Your personal data can be erased or made anonymous when such data is no longer relevant for the purposes for which it has been obtained.
As regards documentation presuming a certain form of distribution, such documentation must be saved in a secure manner during a minimum of one year after the termination of Eir’s obligation, and the period of time during which a claim can be made, has been terminated, that is, ten years from the point of distribution.
What are your rights?
By contacting Eir, you can request written information about the personal data Eir processes about you and how this information is used. You also have the right to object to the processing of your personal data, and you can also request that we correct, limit the processing of or delete personal data in accordance with that which is stated in GDPR. You also have the right, in some cases, to request that the personal data you have provided to us be transferred to another person responsible for your particular personal data (so-called data reporting). To make a request for such transfer, please submit a written and signed application to dataskyddsombud@eirforsakring.se
In case personal data is processed for direct marketing, you have the right to object to such processing. To make a such a request, please submit a written and signed application to Eir via the address below.
If you consider that the processing of your personal data violates GDPR, you have the right to file a complaint with the supervisory authority, which in Sweden is the Swedish Authority for Privacy Protection, www.imy.se
Cookies
Eir’s cookies
To make Eir’s home pages work properly, Eir sometimes places small data files called cookies into your computer. A cookie is a small text file that a website saves on your computer or mobile device when you visit our website and accept our cookies. Eir never saves cookies without your approval. Cookies make it possible to remember how a website is used and can remember, for example, login details and similar information during a more limited period of time. Cookies can also be used to analyze users and user behavior to determine the aspects of the communication and services Eir needs to improve.
What type of cookies does Eir use?
Eir can also use cookies from third parties in cases where Eir uses external services to make improvements. Eir uses two types of cookies, session-based which disappear as soon you close your browser, and cookies for specific purposes that remain for a longer period of time. The main purpose of Eir’s cookies is to improve the services and products Eir offers to you.
How can you manage cookies?
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer or mobile. You can also often set your browser to block tracking, thereby, blocking the use of cookies. If you chose to erase cookies, the website can incur reduced functionality and result in a less favourable experience.
Contact
If you have any questions regarding the content of this intergrity policy or wish to exercise any of the rights set forth above, please contact our data protection officer at dataskyddsombud@eirforsakring.se.
Other contacts:
info@eirforsakring.se
Postal address:
Eir Försäkring AB
Box 3132
103 62 Stockholm