How Hedvig handles personal data
When you use the service and interact with us, you share personal information at the same time. We use that information to provide you with insurance, but also to adapt our offerings to you and to develop and improve our products and services.
When we say personal data, we mean information that can be directly or indirectly attributed to you as an individual. For us, it is important that it is clear to you what data we collect, and how we use it. Therefore, this policy provides detailed information about everything that has to do with the processing of your data.
We handle your personal data in accordance with the General Data Protection Regulation (also known as GDPR), other applicable legislation and regulations from different authorities. All updates related to the processing of your personal data will be announced on our website.
Your privacy is important to us. Therefore, we do our best to protect your data and manage your information carefully, encrypting all sensitive data.
The Personal Data We Collect
The personal data we collect depends on the relationship we have with you. The information below provides examples of information we may process. The information does not have to apply to you, but is an example of the types of information we may process about our users.
You can change your cookie settings here.
General information is collected to identify you as an existing or potential user, to provide you with better service through Hedvig's communication channels, to communicate with you and to handle different types of payments (e.g. payment of compensation if you have had a claim.
Personal Information You Share With Us
Name, contact details, family status, date of birth, employment and employer, marketing preferences.
Social Security Number and Other Official Information
Social security number, driving licence details and registered address.
Financial and Account Information
Bank account number, credit details, account details and other payment information.
We collect insurance information (as well as claims information) to enter into the insurance contract and to settle claims. For example, we or our partners may need information about the property covered by the insurance or medical records to regulate whether you have become ill or had an accident abroad. Here we list more examples of data collected.
Property/Real Estate Data
Address and property designation, building type and characteristics of the building, condition of the property, age and accessories of the building, residents and tenants, alarms and lock protection.
Hotel bookings, ticket details, travel information.
Previous claims history at Hedvig.
Claims Data From Other Insurance Companies
Information from the Common Claims Register.
Sensitive Personal data
Besides general information, we may also collect certain sensitive information about you. Below you will see examples of such data.
In connection with illness and accident abroad, past and current health conditions, information about injuries and disabilities, completed and planned medical treatments and examinations, pregnancy and prescriptions.
Legal Proceedings and Information on Criminal Offences
Information about legal proceedings concerning you, such as liability or assault protection claims resulting from a criminal act. We also collect the necessary information to prevent money laundering, insurance fraud and investigate certain difficult insurance cases.
Besides general and sensitive information, you will see below examples of other personal data that Hedvig processes.
Phone Calls and Voice Recordings
We record phone calls between you and our employees, as well as analyze and listen to voice recordings you've made in the app.
Images and Video Recordings
We analyze and view images and video recordings related to insurance claims, which you have uploaded to the app or sent to us.
Your Contact With Us
Chat messages, emails and other communications.
Information From Social Media
Information published on social media.
Information From External Sources
To supplement and keep the information you have provided to us up-to-date, we collect additional information from external sources, such as publicly available information, commercially available sources and information from our partners.
How We Collect Information
We collect information about you from different sources depending on your relationship with us. Next to it are various examples of data we can collect.
Directly From You or the Main Insurer
We may collect information from you when you interact with us through various communication channels (e.g. our website or app) and show interest in buying insurance, buying insurance or reporting a claim.
Directly From Partners, Other Insurance Companies, Authorities and Institutions
In order to investigate, settle claims and improve the user experience, we may obtain information from partners, healthcare providers, other insurance companies, the police and other authorities and institutions.
Registers From Public Authorities, Insurers and Other External Parties
We may collect information about the property you hold from available register.
How We Use Your Personal Data
We use personal data to conduct and offer the best possible service for you and our other users. Here we list various areas of use for the personal data we process.
Distribution and Administration of Insurance
We need to process personal data in order to be able to distribute insurance contracts with you, and to be able to administer such an agreement. The information is used to enable us to give you an accurate price in terms of your risk profile and to ensure that your insurance has the right scope. We also use the data for administration and to offer you services related to your insurance and engagement with Hedvig.
We may compile and disclose personal data to our insurer.
We use personal data to perform our claims management and confirm legal claims.
Manage Our Relationship
We use personal data to identify you as a user, communicate with you in our channels and provide you with relevant information.
Provision of Services From Partners
We use your personal data to enable our partners to offer services related to our insurance.
We use personal data, such as recorded phone calls, voice recordings, images and video recordings, to develop our business, products and services and to conduct market research and other analyses.
We collect and analyze personal data, such as behavior in our app and on our website (including geo-based information) in order to send you insurance offers and other useful information tailored to you. You may receive insurance offers that we believe may be interesting and relevant to you. We never sell information about you to any third party.
Investigation and Money Laundering
We use personal data to prevent money laundering and terrorist financing and to prevent, investigate and avert fraud. We also use personal data to manage other commercial risks.
We use personal data to fulfil our obligations under applicable law and to be able to respond to authorities upon request when they have the right to access data by law.
Establishment of Statistics
We use personal data to produce statistical data for our risk assessments and insurance products.
Legal Grounds for Processing Personal Data
Depending on the purpose and type of information, we process personal data on the basis of one or more of the following legal grounds:
The processing is necessary for the performance of a contract to which the person concerned is a party or to take action at the request of such person before such a contract is concluded. For example, information about the policyholder, other insured persons, the insured property and the risk related to the insurance, as well as information necessary to establish the right to insurance compensation.
You may have given us your consent for your personal data to be processed for certain purposes. In such case, you have the right to withdraw your consent at any time. However, the withdrawal of consent will not affect the legality of the processing based on the consent, before this is revoked. Please note that a withdrawal of consent may affect the right to insurance or compensation.
The processing is necessary for purposes relating to the legitimate interests of Hedvig or a third party provided that your privacy is adequately protected. This basis applies to processing for the purpose of countering fraud, for direct marketing, for maintaining and developing the security of Hedvig's systems or where it is necessary for cooperation with our partners.
The processing is necessary to protect interests that are of fundamental importance to you or to another physical person, for example when we provide information to hospitals in order for them to be able to help you in case of travel claim.
The processing is necessary to establish, enforce or defend legal claims. For example, to determine your right to take out certain insurance or establish the right to insurance compensation. The processing is necessary in order to fulfil a legal obligation.
Automatic Decisions and Profiling
Automatic Decisions and Profiling
At Hedvig, we can make decisions automatically, i.e. without human influence. These include automatic pricing, risk analysis and compensation payments. By automating these processes, we can offer you as a user better and faster help.
We use automated decisions as an important part of our claims management. Decisions are based on the information you provide to us, and are analysed against your insurance policy. Decisions may include both the right to compensation and the amount of the compensation. If you are not satisfied with a decision, you always have the right to contact us.
The Onboarding Process
We use automated decisions as part of our onboarding process in the app. By onboarding we mean when you sign up as a user. Automated decisions are based on the information provided to us and our systems then calculate the price of the insurance based on data we receive from you, as well as external data sources. Automatic premium calculation occurs for all our insurances.
In marketing, we use profiling to provide you with the information that we believe is most relevant to you and to avoid you getting information you don't want.
Security and Deleting
We do our best to protect your privacy, and all your personal data is encrypted.
Your data is stored for as long as it is necessary to fulfil the purpose for which we save it or the longer time set up by applicable law. You have the right to submit a request for your data to be deleted at any time.
We always take appropriate technical, legal and organizational security measures to protect your privacy. If any other party outside Hedvig processes personal data on our behalf, we are responsible for ensuring that it is carried out with care and with a requirement that the Data Protection Regulation's requirements for personal data processors are met.
How We Share Information
We treat all information regarding users as confidential, and encrypt all sensitive information.
However, in some cases we may transfer personal data to other parties but only when there is legal support for such transfer or that the individuals concerned have consented to this.
The processing of personal data by means of personal data processors does not constitute such a transfer but is considered to take place within the framework of Hedvig's control.
Depending on the nature of the insurance and the nature of the personal data, your personal data may be transferred to or processed by:
Banks and financial corporations for e.g. administration of payments;
Repair and damage inspection partners such as building contractors and damage experts, to whom information about the content and scope of the insurance and contact details may be shared if necessary to inspect or settle a claim;
Healthcare providers – in the event of illness and accidents abroad, we or our partners may share your information with healthcare providers;
Other insurance companies – we provide claims information to other insurance companies when it is necessary to be able to settle a claim or to be able to regress against such insurance company;
Authorities and boards – we provide information to authorities and boards when we are obliged to provide the information in order to fulfil a legal obligation or to safeguard our interests in a descendant procedure;
Service providers – we may also share your data with other service providers within the framework of e.g. our claims settlement;
IT providers – we may use certain specialist suppliers for the analysis, maintenance and development of Hedvig's IT systems;
GSR – through our insurer, we have access to a common claims register (GSR) for the insurance industry. This register contains certain information about the damage as well as an indication of who has claimed compensation and is used only in connection with claims settlement. This means that we can find out if you have previously reported any damage to another insurance company. The purpose of the GSR is to provide a basis for insurance undertakings to identify unclear insurance cases. This will allow companies to discourage the payment of compensation based on incorrect data. The data can also be used in de-identified form for statistical purposes.
The data controller for GSR is The Common Claims Register (GSR) AB, Box 24171, SE-104 51 Stockholm, Sweden. See gsr.se for more information on the processing of data contained in the register.
Rights and Access
For us, it is important that we always handle your personal data in a legal and transparent manner and that your data is accurate and up-to-date.
You can see some information under your profile page in the app. If you would like more information, just order a copy of the personal data we process about you by emailing email@example.com. You also have the right to receive more detailed information about how your personal data is processed. Before you access the information, we will confirm your identity.
You always have the right to request correction or deletion of information that you think is incorrect. You also always have the right to request that your personal data should be deleted, unless there is a legal basis for our processing. You may also, in some cases, request that the processing of your personal data should be restricted.
Certain information may be exempt from your right to erasure under applicable law. At your request, a copy of the personal data you have provided to us may be transferred by us directly to another company if technically possible. You also have the right to contact us with an objection and have the processing of your personal data reviewed.
Who You Can Contact
Hedvig is the data controller and is responsible for ensuring that your personal data is processed in accordance with applicable legislation. Hedvig has also appointed a data protection officer for the processing of personal data, see next to it.
You have the right, under applicable law, to request access to and rectification or deletion of your personal data, restriction of personal data processing concerning you, to object to personal data processing, and to data portability. You are entitled to this free of charge. In the case of unfounded or unreasonable requests (e.g. because they are made very often), Hedvig may charge an administrative fee – you will be notified in advance.
If you have any questions about how we process your personal data, please contact us! You can either email directly to Hedvig's support at firstname.lastname@example.org or contact our Data Protection Officer at email@example.com.
If you want to write a letter, of course it is also fine. In that case you send it to:
Data Protection Officer
SE-113 58 Stockholm
Should you still be dissatisfied after contact with us, you can contact the Privacy Protection Authority, which is the supervisory authority for personal data processing, and to which you can report your complaint:
Privacy protection agency Box 8114 104 20 Stockholm www.imy.se