Data privacy statement
We process personal data which is necessary to provide our customers with insurance services. Examples include; when an insured person suffers an injury, or a claim is made against a policyholder. In such cases we need personal data about the injured party in order to meet our obligations as per the insurance contract and to establish the eligibility of the claim. It is voluntary to provide personal data, but without necessary personal information we will not be able to provide the claimant with a correct compensation payment.
Protector Forsikring ASA (Protector) processes personal data in accordance with applicable laws. Your privacy is important to us, and we focus on ensuring that your personal data is processed in accordance with the principles of confidentiality, integrity, accessibility and robustness. If a security breach occurs, which entails a significant risk to our customer’s or others’ rights, we will report this to the relevant parties.
Please note that we recommend sending information containing sensitive personal data or social security number(s) via encrypted e-mail.
For information about our use of cookies – see our cookie policy.
Why and how do we process personal data?
We process personal data for the following main purposes:
- The administration of our insurance products, including providing offers on new insurance products. This may be in order to identify you as a policyholder or a claimant.
- Dealing with specific claims, including assessing whether compensation is payable.
- Human resources (HR) administration, including recruitment.
Our processing of personal data is handled by our competent staff. We use professional systems, with robust security to store and process your personal data.
Only a select group of people are able to process and access potentially sensitive information in our professional systems. Physical documents containing sensitive personal data are securely locked away when not being processed by the case handler.
All staff of Protector are subject to obligations of confidentiality. Our employees have a duty of confidentiality both in relation to external persons and companies as well as internally between colleagues. The duty of confidentiality does not cease upon the cessation of employment.
What types of personal data does Protector process?
Information processed at Protector can be categorized as follows:
- Administrative data such as name, address, phone number, e-mail address and civil registration number.
- Information about insured risk and coverage.
- Health information.
- Information about injury, loss and/or damage required to determine the outcome of an insurance claim.
- Information about a third party as a result of this person’s association with a policy, such as benefits
Subscription to newsletter
It is possible to subscribe to our newsletter at protectorforsikring.no. In order for us to send you our newsletter by e-mail, you must first register your e-mail address.
We use the service Mailchimp (The Rocket Science Group) to send out newsletters, and it is this company that stores your e-mail address.
MailChimp stores e-mail addresses and IP addresses as long as the registered person chooses to receive the newsletter from Protector. Should you wish to change your e-mail address or unsubscribe to the newsletter, you can do this by following the link at the bottom of the newsletter or by contacting Protector via the e-mail address: info@protectorforsikring.no.
Protector has entered into a data processing agreement with Mailchimp. Learn more here: https://mailchimp.com/legal/privacy/
Your e-mail address will only be used for sending the newsletter and not for any other purpose. We do not share e-mail addresses with third parties.
Which bases for processing does Protector use?
In connection with the above-mentioned main processing purposes, we process personal data on the following bases:
- Processing is necessary to conclude or fulfil an insurance contract.
- Processing is necessary to comply with the legal obligation incumbent on us as the data controller. For example, we may be required to share information with a public authority, such as a municipality or relevant tax authority.
- Processing is necessary for us or a third party to pursue a legitimate interest.
- Processing is necessary for the establishment, exercise or defense of a legal claim.
- If you have given your consent. For example, if you have consented to us obtaining information concerning your health.
Special categories of personal data
In some cases Protector will process special categories of personal data, including information about health. I these cases we will use consent to collect personal information about you from, for example; doctors, hospitals, other health personnel or public registers. In these cases you will receive a template where the purpose of the processing is described.
The consent is limited to just include necessary information so Protector will be able to fulfil its legal obligation.
If consent is not given it might have a consequence in the decision of the compensation claim.
Who do we share personal data with?
We may provide personal data to public authorities if required by a statutory obligation to disclose information.
We may disclose personal data to third parties if permitted by the General Data Protection Regulation (GDPR) and Personal Data Act. In some cases, we may need to provide personal information about you in order to fulfil our agreement with you as a policyholder/injured party. This applies, for example, in the event of an evaluation by a professional specialist. If we provide information to a third party in accordance with the law, we will inform you thereof, if it is not explicitly required in law or regulation that the disclosure of the information shall be kept confidential.
If it is necessary for us to use a data processor, the data processor will only process personal data in accordance with detailed instructions from Protector. This is to safeguard your rights and protect your data. Any third party receiving personal data from us is subject to the obligations of confidentiality by contractual agreement.
We may also provide information after obtaining your consent. For example, this could be health information provided to another insurance company with whom you have an accident insurance policy.
How long do we store personal information about you?
We do not store personal data longer than is necessary to fulfil the purpose of processing. If you have a customer relationship or personal injury claim registered with us, personal information about you will be stored. This is due to possible future claims, which can then be linked to the relevant insurance history. This information will usually be stored up to the expiry date of the current insurance policies, after which it will be deleted.
Protector will delete the personal data when there is no longer a basis for processing of personal data. This is in most cases dependent upon the statute of limitation for that specific insurance.
Personal information can be stored up to 20 years.
Your right to access, rectification, erasure and transferal of data
Right to access:
You have the right to obtain information about whether we process personal data about you and to request access to your personal data. In this context, you also have the right to receive information about which purposes and bases for processing we use, which data we process about you, the recipients or categories of recipients to whom your personal data is disclosed, how long the information is stored and where the information is collected.
Right to rectification and erasure:
If you believe that Protector has registered incorrect information about you, you have the right to have this information rectified without undue delay; for example by having incomplete personal data completed by submitting an additional declaration.
You have the right to have your personal data deleted without undue delay if any of the following conditions apply:
- The information is no longer necessary to fulfil the purpose of processing.
- You withdraw your consent, which has been used as the basis for processing and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate grounds for the processing.
- Your personal data has been processed illegally.
- Personal data must be deleted in order to comply with a legal obligation under EU or national law.
It should be noted that the right of erasure does not apply if, for example, the processing of personal data is necessary for the establishment, exercise or defence of a legal claim.
Right to data portability:
You have the right to receive any personal information we have stored about you in a structured, commonly used and machine-readable format. You also have the right to require us to transfer information we have received from you to another data processor, provided this is technically possible and the processing of the personal data is based on consent or agreement.
Contact information
Data Protection Officer (DPO):
If you have any questions regarding how we process personal data or wish to exercise any of your rights under the GDPR, please contact our Data Protection Officer using the following method:
E-mail address: DPO@protectorforsikring.no
A DPO has a duty of confidentiality and is obliged to prevent others from accessing or acquiring knowledge of your personal data unless you have given your consent in advance. This also applies after the processing has ended.
Data controller:
The data controller is the one who determines the purpose of processing personal data and any methods used. In its role as data controller, Protector monitors the processes, business areas and systems that process personal data, and carries out internal controls and risk assessments to ensure compliance with the GDPR.
You can contact the data controller via mail at:
Protector Forsikring ASA
Pb 1351 Vika
0113 OSLO
How to make a complaint about the processing?
The Norwegian Data Protection Agency is responsible for ensuring compliance with the GDPR. If you experience anything you believe is in breach of the rules, you can write to the Norwegian Data Protection Agency at: Datatilsynet, Postboks 8177, 0034 OSLO.