Processing of personal data in Topdanmark

In Topdanmark, we want our customers to always trust us. When you supply us personal data, we know that it is our responsibility to protect it. Therefore, we have IT systems, procedures and controls which ensure that we comply to the General Data Protection Regulation (GDPR) and the Data Protection Act, and that your personal data is processed and stored in a way that respects your privacy.
Topdanmark does not sell personal data.

Processing of personal data in Topdanmark

In Topdanmark , we want our customers to always trust us. When you supply us personal data, we know that it is our responsibility to protect it. Therefore, we have IT systems, procedures and controls which ensure that we comply with the General Data Protection Regulation (GDPR) and the Data Protection Act, and that your personal data is processed and stored in a way that respects your privacy.  

Topdanmark does not sell personal data.

What data is collected?

We only collect the personal data, which is necessary and we process the personal data in compliance with current legislation.The purpose of the personal data determines which persoanl data is necessary In Topdanmark, we process the following types of personal data:

  • Contact information and identifiers 
  • CPR numbers/Civil Registration Numbers  
  • Policies and information from when the policies were written 
  • Claims information 
  • Payment information 
  • Statement of health 
  • Information on income and financial circumstances 
  • Information on trade union membership 
  • Information on criminal offence 
  • Information for investigations 
  • Operation data from IOT (Internet of Things) solutions such as e.g. water damage sensors, fertiliser sensors or fire alarms. 

We only register data on persons if it is necessary. When processing your insurance, claim or buying shares, it can be necessary to collect data on the following categories of persons: 

  • Policyholder and insured 
  • Beneficiaries 

  • Next-of-kin 

  • Claimant  

  • Counterparty 

  • Guardians 

  • Mortgagees 

  • Advisers (bank, lawyer, accountant) 

  • Therapists (doctor, psychologist, physiotherapist, etc.) 

  • Shareholders 

  • Real owners.

Where and how do we collect the data?

We collect the data both from you and from third parties such as your former insurance company, your doctor and  Topdanmark's collaboration partners (for example: Coop, Sydbank, Varelotteriet, suppliers of fertiliser sensors and Leakbot etc.) 

We collect data about you e.g. via cookies, telephone calls or chats with you. We also receive data, if you make use of social media such as Facebook, where you follow us actively write comments or in other ways communicate with us. If you participate in surveys or answer questionnaires, we gather the information from your replies. 

Furthermore, we collect data from public and private registers such as the CPR register, CVR register, trade unions, the Register of Motor Vehicles, BBR, DFIM, credit reporting agencies and telephone book information.

Facebook 

When you make use of Facebook, Facebook installs a cookie on your computer, telephone or tablet, which collects data about you. The data is collected if you share, comment or like a post. Both Facebook and Topdanmark are responsible for this data collection. Facebook is the data controller, when your personal data is used for marketing and advertising on Facebook. Topdanmark is the data controller, when we receive statistics regarding Facebook users, which we then apply to target our marketing.
Facebook’s policy for processing personal data is available at:
https://www.facebook.com/privacy/explanation

The purpose of processing your data

We make use of your data when processing your insurances and claims, give you advice and keep you up to date on the products we, and our collaboration partners, can offer within insurance and banking. Furthermore, we make use of the data when processing complaints and lawsuits, as well as for making surveys and analyses to continuously improve our advice, service and technical solutions. If you have an IOT solution (Internet of Things), we will make use of the data to assess whether the data can be used to prevent damages. 

The data collected from public and private registers are used for

  • Updating addresses  
  • Ensure that you are entitled to discounts via your trade union membership 
  • Collect information on your property and motor vehicle 
  • Verify that you are not registered with a credit reporting agency 
  • Verify the accuracy of the received information.

If you are a shareholder, the purpose of processing your data is to update the register of shareholders and manage your transactions. 

Recording of telephone calls 

When you call us, we will sometimes ask your permission to record the call. The recording of calls  will always recuire your consent, thus it will never take place without you actively accepting that the call can be recorded. We use the recorded calls in the training of our employees, and to continuously improve our customer service, insurances and pension schemes, and also as documentation. A limited circle of employees has access to the recordings. The recordings are deleted or anonymised after 6 months.

We save our chat conversations 

When you chat with us, your chat conversation will be saved. Chat conversations are used for writing new policies, claims, policy questions and for training our employees. We do not use the chat for exchange of statements of health. If you are a customer, we will save the chat on your file. If you are not a customer, we save the chat centrally for 12 months.   

We save the data on your use of our website 

When you log on to Mit Topdanmark, we identify you. The data on your use of the website is processed confidentially and in the same way as all other customer data.  

When you use our website, we use cookies to save the data on your use of the sites. We use the data to make it easier for you to use our website as well as to improve the website.  

Read more about Cookies

Legal foundation for Topdanmark’s processing of your data 

The legal foundation for Topdanmark processing your data is the financial regulations (The Financial Business Act etc.) and other relevant legislation including: 

  • The Danish Money Laundering Act 
  • The Tax Control Act 
  • The Bookkeeping Act 
  • The Credit Contract Act 
  • The Payments Act 
  • The Data Protection Act etc.  

Topdanmark also process your data if necessary, as consequence of a contract you have entered or are considering entering with us, or if you have given your consent cf. the General Data Protection Regulation, article 6, paragraph 1, see paras (a) and (b), or if any other rules for processing according to the General Data Protection Regulation, article 6 or article 9 apply.   

Moreover, Topdanmark process your data when necessary to pursue lawful interests. This could be preventive action against abuse and loss, to strengthen our IT security, and for direct marketing etc. 

Categories of recipients 

As a financial institution, we are subject to a strict duty of confidentiality according to the Financial Business Act. Therefore, your data is processed confidentially, and we only disclose your personal data if you have given your consent, or if we have legitimate interest by law.

Topdanmark discloses data to the following recipients:

  • Persons related to an insurance or pension scheme e.g. policyholder, next-of-kin, claimant, beneficiaries and counterparties 

  • Other insurance companies 

  • Mortgagees 

  • Public authorities (police, tax authorities, municipal authorities etc.) 

  • Repairers e.g. skilled workers 

  • Lawyers 

  • Banks 

  • Doctors and other therapists 

  • Collaboration partners 

  • Data processors

For how long is the data stored?

Topdanmark is obliged to erase personal data when no longer relevant. This means that we on an on-going basis erase data for which we no longer have a reasoned purpose, has a legal obligation to store, or when we no longer can be met by a claim.

Topdanmark's rules of erasure is based on the absolute limitation rules in the limitation act and the storage requirements in the bookkeeping act.  

The standard rules of erasure for Topdanmark are as follows:

Data security 

Your security is important to us. Therefore, we have taken both technical and organisational measures to protect the data we receive. This means that we have: 

  • Work-induced access at all locations 
  • Encryption of data transmissions and storage 
  • Virus scanners on servers 
  • Restore and back-up of all servers 
  • IT systems with access control based on user ID and personal passwords that must be a minimum of eight characters 
  • VDI, VPN with two-factor authentication and encryption for remote workstations and other mobile units 
  • Procedures and policies for processing and communicating personal data 
  • E-learning for all employees 
  • Employees certified in data protection. 

Profiling and automated rulings 

In Topdanmark, we make use of profiling and data modelling to be able to provide you the right insurances, fix prices, reveal fraud and risk of fraud, assess the probability of breaches, assess assets and for marketing purposes.  

We are also working on automated rulings for some of the rulings we make. This means that a robot will make the ruling on whether a claim is covered by the insurance, or if we can make an insurance quote. If a ruling is automated, you will be informed hereof in the specific ruling.  

In Topdanmark, we have adopted ethical principles for the use of artificial intelligence. You can read the principles here: 

> Read more about Topdanmark's principles on the use of artificial intelligence (in Danish only)

Secure email

Nearly all emails to and from Topdanmark are encrypted by TLS (Transport Layer Security), thus the e-mail is protected during transport. We also encrypt emails, thus we can send and receive emails containing sensitive personal information.

If you want to send emails encrypted with certificate to Topdanmark, please send your emails to sikkermail@topdanmark.dk after downloading the certificate at https://service.nemid.nu/dk-da/support/soeg_certifikat/

Read more about secure e-mail (in Danish only)

 

e-boks 

You can also write to us via your e-boks. All you need to do is log in to your e-boks, choose “Skriv ny post” and choose “Topdanmark” as the recipient.

Read more about how e-Boks handles secure communication (in Danish only)

 

Processing with data processors

Topdanmark may choose to make use of data processors, including suppliers of software, hosting, security and storage. Therefore, your data can be disclosed to data processors.  

All data processors are subject to a written directive and control to ensure that your personal data is solely used for the specific purpose for which the data was collected.  

Topdanmark has chosen to outsource some services to countries outside the EU/EEA; this includes IT technical development and support. When doing so, we ensure your rights by applying the EU Commission’s standard contract, binding corporate rules or the so-called “Privacy Shield” approved by the EU Commission.   

We have written contracts with all data processors, and we perform on-going audits to ensure that they comply with our directive on secure processing. As part of the directive, we require the data processors to treat your data as confidential and take the appropriate technical and organisational measures to prevent your data, unforeseen or illegally, from being destroyed, lost, impaired, abused, divulged to any unauthorised persons, or in any other way processed in contravention of the General Data Protection Regulation. 

Your rights

At any time, you can exercise your rights – however, with certain statutory exceptions.

  • You have the right to access to your personal data which we are processing. 
  • You have the right to object to the collection and processing of your data, including for automated individual rulings 
  • You can require that we correct or erase data. However, we only erase your data, when you are no longer a customer – and only when no claim can be made against us for any previous claims and insurances. 
  • You can get insight into how an automated rulling is made and you have the right to manual processing of any automated assessment 
  • You have the right to receive your personal data in a machine-readable format as well as have the personal data transmitted to another data controller (data portability) 
  • When you have given your consent, you can always contact us to learn to what extent. At any time, you can revoke your consent. Subsequently, we will cease to process your data, unless we can continue the processing on a different basis.  

Complaints 

If you are dissatisfied with how Topdanmark is processing your data, you can send your complaint to Datatilsynet (The Danish Data Protection Agency), Carl Jacobsens Vej 35, 2500 Valby, Tel. +45 33 19 32 00, email dt@datatilsynet.dk, website www.datatilsynet.dk.

Contact Topdanmark

Topdanmark A/S, Topdanmark Forsikring A/S and Topdanmark Livsforsikring A/S , Borupvang 4, 2750 Ballerup are data controllers.

If you have any questions regarding the processing of personal data, or if you want to exercise your rights, please contact us at www.topdanmark.dk, or call us at +45 44 68 31 11. You can also contact our Data Protection Advisor at  persondata@topdanmark.dk.