Hedvig Privacy Policy

Personal data processing and purpose

We process your personal data to handle your request for an insurance quote and, if you choose to proceed, to enable you to enter into an insurance contract with us. The processing includes automated decision-making and profiling; please read more under “Automated decision-making and profiling”.

If you request an insurance quote, we process personal data in order to:

• verify your identity and ensure that we have accurate information about you,

• assess insurability, insurance risk and calculate premiums,

• provide a correct and individually tailored insurance quote,

• communicate with you regarding your insurance quote,

• comply with legal requirements and document the basis and decisions related to your insurance quote and insurance,

• facilitate comparison and switching of insurance at your request, and

• enable you to take out insurance with us and, if you choose to do so, provide you with relevant information and confirmation when the policy is issued.

Personal data processed

• Identification data (name, personal identity number and age)

• Contact details (address, email address and phone number)

• Information about the insured object

• Data about co-insured where applicable (such as name, personal identity number and number of co-insured)

• Household-related data (such as information about the number of people in the household)

• Aggregated, area-based socio-economic data indirectly linked to you via address coordinates (such as average claims frequency in an area and statistics on housing types)

• Claims history with Hedvig

• Data regarding financial circumstances

• History with Hedvig of insurance fraud or attempted fraud

• Insurance quote data (such as price, type of insurance, date and time of your quote)

• Information on whether you hold other insurance with Hedvig and the type of such insurance

In addition to the above, the following personal data is processed when requesting an insurance quote for car insurance:

• Information from the Swedish Road Traffic Register (Sw. Vägtrafikregistret) (such as driving licence information)

• A blocking indicator from our insurer affecting eligibility for automated quotation.

If you allow us to retrieve your insurance information via Insurely, the following personal data is also processed:

• Insurance-related information from your current insurer

Legal basis for processing

Processing of your personal data is necessary in order to prepare an insurance quote and to enter into a potential insurance contract, in accordance with your request.

If you are co-insured and not the policyholder, we rely on the lawful basis of legitimate interests. We consider that the processing of your personal data is necessary in order to provide a quote and enter into an insurance contract, assess risk and calculate premiums. We also consider that these interests override any opposing interests and fundamental rights and freedoms.

Data regarding financial circumstances, data relating to suspected or established insurance fraud, and blocking indicators from our insurer (applicable only to car insurance) are processed on the basis of legitimate interests. We consider that processing of these personal data is necessary to protect our insurance business and prevent Hedvig and Hedvig’s insurer from being exposed to fraud. We consider that this interest overrides any opposing interests and fundamental rights and freedoms.

You always have the right to object to processing based on legitimate interests, and you can read more about your rights under the heading “Your rights” below.

If we collect insurance data regarding your current insurance via Insurely, this privacy notice applies.

Processing of personal identity numbers is justified by the importance of secure identification.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal convictions and offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

How long we keep your personal data

At Hedvig, we keep your personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal requirements.

If an insurance policy is taken out, we retain your personal data throughout the insurance period and thereafter for at least 11 years, depending on the insurance product and applicable limitation periods. In some cases, the data may need to be retained for longer if the right to compensation remains.

If you request an insurance quote but do not take out insurance, we retain personal data processed in connection with the quote for up to 1 year from when the quote was created, in order to handle questions and potential complaints even after the quote has expired.

If Hedvig decides not to offer insurance, we retain the personal data processed for 3 years from the decision date in order to handle potential complaints and legal claims.

Personal data processing and purpose

If you have taken out insurance with us or are co-insured, we process your personal data to administer and fulfill the insurance contract, which includes, for example, carrying out a renewed risk assessment when calculating the premium upon renewal. We also use personal data to provide you with services linked to your insurance, such as providing an insurance overview and administering incoming premiums.

For renewed risk assessment and premium calculation, the processing corresponds to what is described under the heading “When you take an insurance quote in order to potentially take out insurance with us” above.

Personal data processed

We collect and process different types of personal data depending on the type of insurance you have. Below are the categories of personal data we may process:

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Information about the insured object

• Data about co-insured where applicable (such as name, personal identity number and number of co-insured)

• Payment information (such as direct debit authorisation, invoice numbers and payment reminders)

• Insurance data (such as type of insurance and policy number)

• Technical information (such as information about your device and the time of contact)

• Other personal data that you provide in your communications with us

Legal basis for processing

If you have taken out insurance with us, we process your personal data to perform our contract with you. If we process personal data about you as co-insured, the processing is carried out to comply with our legal obligations under the Swedish Insurance Contracts Act.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

Your personal data is retained throughout the insurance period and thereafter for at least 11 years, depending on the insurance product and applicable limitation periods. In some cases, the data may need to be retained for longer if the right to compensation remains.

Personal data processing and purpose

We process your personal data and, where applicable, personal data of co-insured, to handle and settle claims reported to us, which includes:

• investigation of claims,

• assessment of insurance claims and deciding on compensation,

• management of payments,

• coordination of tasks related to restoration of damaged property,

• recovery from the responsible party,

• recourse claims from and against other insurance companies,

• handling of legal claims or disputes, and

• communicating with the policyholder or other relevant parties.

Personal data processed

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Data about the insured object that has been damaged and documentation supporting the claim

• Communications related to the claim, including recorded voice messages and transcripts thereof, and files you share with us

• Health data where the claim is related to personal injury (collected only directly from you and may be shared with healthcare providers and medical advisors)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

• Claims history with Hedvig

• Insurance data (such as type of insurance and policy number)

• Financial data (such as bank account details)

• Technical information (such as information about your device and the time of contact)

Legal basis for processing

If you have taken out insurance with us, we process your personal data to perform our contract with you.

If you are co-insured, the processing is carried out to comply with our legal obligation to investigate insured events and settle claims under the Swedish Insurance Contracts Act.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal convictions and offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

Your personal data is retained throughout the insurance period and thereafter for at least 11 years, depending on the insurance product and applicable limitation periods. In some cases, the data may need to be retained for longer if the right to compensation remains.

Personal data processing and purpose

If you, as an existing or former customer (policyholder or co-insured), contact our customer service via email, phone or chat, we process your personal data in order to respond to your questions related to your current or previous insurance contract. If you choose to use our chat, we carry out an automated analysis of your messages to assess whether your message requires human handling or whether the question can be answered using an AI-generated response. If your message is answered using an AI-generated response, you will be informed of this in the chat.

If you are not and have not been a customer with us, the purpose of the processing is to answer questions and share information about us and our insurance products.

If you contact our customer service to obtain an insurance quote or in connection with a claim, our processing of personal data is described under the relevant sections above.

Personal data processed

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Insurance data (such as type of insurance, policy number, and information about insured persons or objects)

• Payment information (such as direct debit authorisation, upcoming and previous payments and discounts)

• Other personal data that you provide, or have previously provided, in your communications with us (such as information about your assets or co-insured) and files you share with us

• Recorded phone calls and transcripts thereof

• Technical information (such as information about your device and the time of contact)

Legal basis for the processing

If you have taken out insurance with us, processing of your personal data is necessary to perform our contract with you.

If you are not a customer, the processing is based on legitimate interests. We consider that we have a legitimate interest in providing good customer service and answering questions from co-insured about their insurance, as well as from potential customers and others who want to know more about us or our insurance products. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment, and you can read more under the heading “Your rights” below.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as necessary for the purposes for which it was collected, or to comply with legal requirements.

Information related to customer service matters that is not linked to a claim or administration of an insurance contract is generally retained for 3 years, to enable us to resume a previous matter with you in a customer-friendly way.

Personal data processing and purpose

In the context of our business and product development, we may process your personal data in order to generate insights that support the development of our business and processes.

Personal data processed

• Identification data (such as name and customer number)

• Contact details (address, email address and phone number)

• Customer and contract information (such as type of insurance, claims history, payment history and information about previous use of our services)

• Technical information (such as information about your device, IP address and browser ID)

• Other data collected in connection with your request for an insurance quote, and data you have provided in your communications with us

Legal basis for processing

Processing of your personal data for this purpose is based on legitimate interests. We consider that we have a legitimate interest in analysing and developing our services in a way that is necessary to provide improved insurance products. We also consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

How long we keep your personal data

At Hedvig, we retain your personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal requirements.

Information used for business analytics varies in nature, and the retention period for each category of personal data is stated in the other relevant sections of this policy.

Personal data processing and purpose

If you have taken out insurance with us, or have requested an insurance quote, we process your personal data in order to send marketing and relevant offers to you.

If you have taken out insurance with us and have accepted marketing cookies on our website, we share your personal data with our advertising partners to analyse the effectiveness of our marketing and show you more relevant Hedvig advertising in our advertising partners’ channels. You can read more about our advertising partners, and how they may use your personal data for their own purposes, in our cookie policy.

Personal data processed

• Identification data (name and customer number)

• Contact details (address, email address and phone number)

• Insurance data (such as type of insurance and premium)

• Digital interactions on our website

• Technical information (such as information about your device, IP address and browser ID)

Legal basis for processing

When we process your personal data for marketing purposes, the processing is based on legitimate interests. We consider that we have a legitimate interest in providing marketing and offers to you regarding our products. Our assessment is that this interest overrides any opposing interests or fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

If you no longer want to receive marketing messages via email or SMS from us, you can easily opt out by clicking the unsubscribe link in the message, or by changing your notification settings in the app.

How long we keep your personal data

If you have taken out insurance with us, we retain your personal data for marketing purposes throughout the insurance period.

If you have requested an insurance quote but did not take out insurance, we retain your personal data for marketing purposes for 30 days.

Personal data processing and purpose

We process your personal data to detect, prevent and manage insurance fraud. This may include investigating suspected activities that may indicate insurance fraud, managing cases of confirmed fraud, and activities related to preventing future attempted fraud.

This data may be shared with the insurance industry's “Gemensamma skadeanmälningsregister - GSR”, see further under the heading “With whom we share your personal data” below.

Personal data processed

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Data about the insured object that has been damaged and documentation supporting the claim

• Communications related to the claim, including recorded voice messages and transcripts thereof and files you share with us

• Health data where the claim is related to personal injury (collected only directly from you and may be shared with healthcare providers and medical advisors)

• Insurance data (such as type of insurance, policy number, and information about insured persons or objects)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

• Technical information (such as information about your device and the time of contact)

Legal basis for processing

Processing of your personal data, including sharing your personal data with GSR, is based on legitimate interests. We consider that we have a legitimate interest in preventing and handling insurance fraud. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under “Your rights”.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

Your personal data is retained throughout the insurance period and thereafter for at least 11 years, depending on the insurance product and applicable limitation periods.

Personal data processing and purpose

If you have a protected identity, we process information about this in order to implement necessary protective measures.

Personal data processed

Confidentiality marking for protected identity

Legal basis for processing

Processing is based on legitimate interests. We consider that we have a legitimate interest in ensuring secure handling and protecting policyholders from serious risk of harm through disclosure of protected personal data. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

How long we keep your personal data

This information is not processed separately, but is retained for as long as we process your other personal data (see retention periods under each relevant section).

Personal data processing and purpose

If you are an injured party or otherwise referenced in a claim but not insured with us, we process your personal data as part of our claims handling.

Personal data processed

Which personal data is processed depends on the information provided in connection with the claim. The categories below may be processed:

• Identification data (such as name, personal identity number and age)

• Contact details (such as address, email address and phone number)

• Data related to the claim (the type of data depends on the insurance product)

• Communications related to the claim, including recorded voice messages and transcripts thereof, and files you share with us

• Health data where the claim is related to personal injury (may be shared with healthcare providers and medical advisors)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

Legal basis for processing

Processing of your personal data is necessary to comply with our legal obligations under the Swedish Insurance Contracts Act, such as handling and settling insured events.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

Your personal data is retained for as long as the policyholder’s insurance is in force, and thereafter for at least 11 years, depending on the insurance product and applicable limitation periods.

Personal data processing and purpose

We process your personal data to administer and manage insurance claims in cases where you are an opposing party. This includes managing claims either made by you, or directed against you, by an insured person at Hedvig.

Personal data processed

• Identification data (such as name, personal identity number and age)

• Contact details (such as address, email address and phone number)

• Data related to the claim (the type of data depends on the insurance product)

• Communications related to the claim, including recorded voice messages and transcripts thereof, and files you share with us

• Health data where the matter is related to personal injury (collected only directly from you and may be shared with healthcare providers and medical advisors)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

Legal basis for processing

Processing of your personal data is necessary to comply with our legal obligation to investigate insured events and settle claims under the Swedish Insurance Contracts Act.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

Your personal data is retained for as long as the policyholder’s insurance is in force, and thereafter for at least 11 years, depending on the insurance product and applicable limitation periods.

Please find a separate privacy policy via this link.

Personal data processing and purpose

We process your personal data to communicate with existing and potential suppliers and partners in order to establish, maintain and develop our business relationship. This includes administration and negotiation of contracts, ongoing communication and follow-up to fulfil our obligations and safeguard our rights.

Personal data processed

• Identification data (such as name and personal identity number)

• Contact details (such as address, email address and phone number)

• Work-related information (such as role and title)

• Technical information (such as IP address collected in connection with digital signatures)

• Other information provided in email correspondence or other communications with us

This personal data is collected either directly from you or from your employer.

Legal basis for processing

If you represent a legal entity with which we intend to enter into, or have entered into, a business relationship, we process your personal data on the basis of legitimate interests. We consider that we have a legitimate interest in establishing, maintaining and developing our business relationship. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

If you are a private individual with whom we intend to enter into, or have entered into, a business relationship, we process your personal data on the basis of performance of a contract.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

At Hedvig, we retain your personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal requirements.

Please note that we may retain your personal data for a period after our most recent interaction with you, for example to fulfil any remaining contractual obligations or to handle legal claims related to our agreement with the company you represent.

We obtain information from you, or from the main policyholder, when you or they interact with us via different communication channels (for example our website or app) and, for example, when expressing interest in purchasing insurance, purchasing insurance, or reporting a claim.

We use cookies and similar trackers when you visit our website. Read more about how we use cookies/trackers in our cookie policy.

In order to investigate and settle claims, improve the user experience, and prevent insurance fraud, we may obtain information from partners, healthcare providers, insurers and other insurance companies.

If we collect insurance data regarding your current insurance via Insurely, this privacy notice applies.

We may also obtain your personal data from partners in connection with offers, such as discounts or campaigns, so that you can benefit from these.

One of our partners is Skandinaviska Enskilda Banken AB (publ) (“SEB”). When you request a quote from Hedvig via SEB’s channels, SEB shares your personal data with us. For the transfer of your personal data from SEB to Hedvig, we act as joint controllers. This means that we have jointly determined the purposes and means of this specific part of the processing. SEB is responsible for the processing of your data until the transfer begins, and Hedvig is responsible for all further processing after we have received the data. As we are joint controllers, you may contact either us or SEB to exercise your rights in relation to the transfer of your personal data.

We use an insurance-industry joint claims register (Gemensamma skadeanmälningsregister - GSR) containing information about claims and compensation requests. The purpose of GSR is to help insurance companies and authorities identify unclear cases and avoid incorrect payments. The controller for GSR is Skadeanmälningsregister (GSR) AB, Box 24171, SE-104 51 Stockholm. See www.gsr.se for more information about processing of data included in the register.

We may obtain personal data from information service providers and public authorities that maintain publicly available registers.

We may share personal data with financial partners for the administration of payments, etc.

We may share personal data with partners in repairs, claims inspection and valuation, such as building contractors, valuers and claims experts. Information about the content and scope of the insurance and contact details may be shared where necessary to value, inspect or settle a claim.

We may share personal data with external partners assisting with claims handling, investigation or claims management, including alarm centres and investigation companies, in order to investigate, administer or settle a claim.

We may share personal data with partners as part of our insurance distribution.

We may share personal data with communication and marketing partners to manage the distribution of communications. This includes sending information and documents related to your insurance, and communicating offers and carrying out analyses for marketing purposes.

If you have accepted marketing cookies on our website, we share your personal data with our advertising partners to analyse the effectiveness of our marketing and show you more relevant Hedvig advertising in our advertising partners’ channels.

We may share personal data with partners in business development and for market research, such as Svenskt Kvalitetsindex AB, where necessary for conducting market research or similar business development services.

In the event of illness or accident, we or our partners may share personal data with healthcare providers and/or medical advisors.

We may share personal data with our reinsurers when entering into and administering our insurance contract with you.

We share personal data with other insurance companies where required for correct claims handling, and in connection with recourse claims after a claim has been settled.

If you have Hedvig’s car insurance, we also share your personal data with Eir Försäkring AB, which is the insurer for the car insurance.

We use an insurance-industry joint claims register (Gemensamma skadeanmälningsregister - GSR) containing information about claims and compensation requests. The purpose of GSR is to help insurance companies and authorities identify unclear cases and avoid incorrect payments. The controller for GSR is Skadeanmälningsregister (GSR) AB, Box 24171, SE-104 51 Stockholm. See www.gsr.se for more information about processing of data included in the register.

We may share personal data with courts, public authorities and legal counsel to safeguard legal interests in the event of a dispute and to comply with legal obligations and statutory/regulatory requirements.

We may share personal data with IT suppliers for case management, data collection, operations, development and data storage, including integration platforms, as well as suppliers that provide AI tools.

You have the right to request confirmation as to whether we process personal data about you. You also have the right to request a copy of the personal data (a so-called data subject access request) and to receive information about how the personal data is processed. Certain information about which personal data we process about you can also be viewed directly on your profile page in the Hedvig app.

If you discover that any of your personal data is incorrect or incomplete, you have the right to request that we correct the data. It is important to us that your information is accurate and up to date.

You have the right to request that we erase your personal data, for example if the processing is no longer relevant in relation to the purposes for which the data was collected. Please note that we are not always able to erase your personal data. This is the case, for example, when your personal data is needed to comply with a legal obligation or where it is still necessary to process the data for the purposes for which it was collected.

In certain cases, you may request that the processing of your personal data be restricted. This may be relevant, for example, if you contest the accuracy of the data, or if you have objected to the processing and are awaiting an assessment.

If we process your personal data on the basis of performance of a contract or consent, you may in certain cases have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit the data to another controller, or to have us assist you with this where technically feasible.

If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. If you withdraw your consent, we will stop processing personal data based on that consent with effect from the withdrawal.

You have the right to object to processing of your personal data based on legitimate interests. If we cannot demonstrate compelling legitimate grounds to continue the processing, we must stop. You always have the right to object to the use of your personal data for direct marketing, in which case we will stop processing for that purpose.

If you have concerns or objections regarding how we process your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, “IMY”), which is the supervisory authority for our processing of personal data. Read more about IMY at www.imy.se.