Hedvig Privacy Policy

Updated on November 29, 2024

This is our Privacy policy for Hedvig Försäkring AB ("Hedvig"). It explains what personal data we collect about you, and why we do so. The policy applies when we provide insurance services to you through our app or website and when we interact with you in other situations. It also applies if you represent a service provider or partner of ours. Please keep an eye on our website for any updates to this policy, at the top of the page you will find the date when the policy was last updated.

Personal data is information that can be directly or indirectly linked to you as an individual. We handle this data in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation. Your privacy is important to us, and we protect your data carefully.

When you visit our website, you can adjust your cookie settings. Here is the link to our cookie policy.

When do we process your personal data

The personal data we collect and process depends on the relationship we have with you. Below is a description of the situations where we process personal data. Each specific situation (processing activity) describes the purpose of the processing, the personal data being processed, the legal basis for the processing, and how long we store your personal data. Please note that not all of these situations may apply to you.

Personal data processing and purpose

We process your personal data to carry out a risk assessment and calculate the premium in the context of providing the quote for the insurance policies you have requested. We use your personal data to provide you with an accurate and customized insurance quote.

Personal data processed

  • Name

  • Contact details

  • Address

  • Personal identification number

  • Demographic data

  • Information on the object of insurance

  • Information from the road traffic register, e.g. driving license information (only relevant for car insurance quotes/prices).

  • Information about your current insurance

  • Claims history of Hedvig

  • Financial information

Legal basis for processing

The processing of your personal data is necessary for the purposes of drawing up an insurance quote and concluding any insurance contract, as requested by you.

In the event of any collection of insurance data relating to your current insurance policy via Insurely, this privacy notice applies.

The processing of social security numbers is justified by the importance of secure identification.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Your personal data will be stored for the duration of a valid quote. If you become a customer, please see the section "When you have signed up for an insurance with us and we administer your insurance contract".

Personal data processing and purpose

We process your personal data to administer and fulfill your insurance contract, which includes, for example, carrying out a renewed risk assessment in connection with calculating the premium at renewal. We also use the personal data to provide you with services related to your insurance contract, such as providing you with an insurance overview and administering incoming premiums.

Personal data processed

We collect and process different types of personal data depending on the type of insurance you have. Below is a list of the types of personal data we may process.

  • Name

  • Contact details

  • Personal identification number

  • Information on the object of insurance

  • Information from the road traffic register, e.g. driving license information (only relevant for the administration of car insurance).

  • Financial information

  • Claims history of Hedvig

  • Other personal data that you provide in your communication with us

Legal basis for processing

The processing of your personal data is necessary for the performance of our contract with you and for the fulfillment of our legal obligations under the Insurance Contracts Act.

The processing of social security numbers is justified by the importance of secure identification.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Your personal data will be kept for the duration of the insurance policy and for at least 11 years thereafter, depending on the type of policy taken out and the applicable statute of limitations. In some cases, the data may need to be kept longer if the right to compensation remains.

Personal data processing and purpose

We process your personal data in the context of our claims handling, which includes the following processing operations:

  • Investigation of claims

  • Assessment of insurance claims

  • Management of payments

  • Coordination of tasks related to the restoration of damaged property

  • Recovery from responsible party

  • Recourse claims from and against other insurance companies

The above-mentioned personal data processing operations are carried out for the purpose of managing your claims and settling your claims.

Personal data processed

Information that may be processed in the context of our claims handling:

  • Name

  • Contact details

  • Personal identification number

  • Details of the damaged object covered by the insurance and evidence of the loss event

  • Other information related to the claim. The type of information depends on the type of insurance

  • Communications related to the claim, including recorded voice messages and files you shared with us

  • Health data (only collected directly from you and may be shared with healthcare providers and medical advisors)

Legal basis for processing

The processing of your personal data is necessary for the performance of our contract with you and for the fulfillment of our legal obligations under the Insurance Contracts Act.

Health data is processed when it is necessary to carry out claims settlement, i.e. to establish a legal claim for insurance compensation.

The processing of social security numbers is justified by the importance of secure identification.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Your personal data is generally kept for 11 years after the claim has been finally settled.

Personal data processing and purpose

If you, as an existing or former customer, contact our customer service via email, phone or chat, we will process your personal data in order to answer your questions related to your current or previous insurance contract. If you are not or have not been our customer, the purpose of the processing is to answer questions and share information about us and our insurance products.

If you contact our customer service for a quote or in connection with a claim, our processing of personal data is described under the headings above.

Personal data being processed:

  • Name

  • Contact details

  • Personal identification number

  • Information about your current insurance policies

  • Other personal data that you provide in your communications with us (e.g. information about your assets, co-insured, etc.)

Legal basis for processing

  • If you are an existing customer, or have been a customer, the processing of your personal data is necessary for the performance of our contract with you. This includes, for example, dealing with questions about an active insurance policy, claims or renewal of the policy. Furthermore, the processing may be based on Hedvig's legitimate interest in providing good customer service.

  • If you are not a customer of ours, the processing of personal data is based on Hedvig's legitimate interest in responding to inquiries from potential customers, for example if you want to know more about our products.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Information linked to customer service matters, which is not linked to a claim or the administration of an insurance contract, is generally stored for 2 years to enable us to resume a previous case with you in a customer-friendly manner.

Personal data processing and purpose

In the context of our business development, we may process your personal data for the purpose of generating insights to support the development of our business and processes.

Personal data being processed:

  • Demographic data

  • Customer and contract information such as policy type, claims history, payment history and information on previous use of our services.

  • User data: Interactions with our digital platforms (e.g. website and app).

Legal basis for processing

The processing of your personal data for this purpose is based on a legitimate interest. We consider that we have a legitimate interest in analyzing and developing our services in a way that is necessary for us to provide improved insurance products.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Information used for business analysis is of different nature, and the retention period for each type of personal data is set out in the other situations described in this policy.

Personal data processing and purpose

If you are a customer of ours, we process your personal data for marketing purposes to send you offers and promotions. We may also use personal data and share it with marketing partners to analyze the effectiveness of our marketing.

  • Personal data processed

  • Name

  • Contact details

  • Demographic data

  • Digital interactions

Legal basis for processing

The processing of your personal data is based on our legitimate interest to promote products that we think you may be interested in, as well as to conduct marketing analysis.

You can easily choose to "opt out" and no longer receive marketing messages from us by clicking on the unsubscribe link in our emails, SMS and app notifications.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

We keep your personal data for marketing purposes as long as you are our customer.

Personal data processing and purpose

We may process your personal data for the purposes of detecting, preventing and managing insurance fraud. This may include investigating suspicious activities that may indicate insurance fraud, dealing with cases of established insurance fraud and activities linked to preventing future fraud attempts.

This data may be shared with the insurance industry's “Gemensamma skadeanmälningsregister - GSR”, as described below in the section "With whom do we share your personal data".

Personal data processed

  • Name

  • Contact details

  • Personal identification number

  • Details of the damaged object covered by the and evidence of the loss event

  • Data linked to the claim. The type of data depends on the type of insurance.

  • Communication related to the claim, including recorded voice messages and files shared in the Hedvig app

  • Health data (only collected directly from you and may be shared with healthcare providers and medical advisors)

Legal basis for processing

The processing of your personal data is necessary for the performance of our contract with you, in particular for the settlement of claims. We also have a legal obligation to investigate insurance claims and settle claims under the Insurance Contracts Act (2005:104). If the claim comes from someone other than the policyholder, we process your personal data to meet our legitimate interest in investigating insurance claims and preventing fraud.

Health data is processed when it is necessary to carry out claims settlement, i.e. to establish a legal claim for insurance compensation.

The processing of social security numbers is justified by the importance of secure identification.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Personal data related to the prevention and management of insurance fraud refers to information received in connection with a claim. As we describe in the section "When you submit a claim to us" above, this personal data is generally kept for 11 years after the claim has been finally settled.

Personal data processing and purpose

If you are a claimant but not insured by us, we may process your personal data in the context of our claims handling.

Personal data being processed:

  • Name

  • Contact details

  • Personal identification number

  • Data related to the claim. The type of data depends on the type of insurance

  • Communication related to the claim, including recorded voice messages and files shared in the Hedvig app

  • Health data (only collected directly from you and may be shared with healthcare providers and medical advisors)

Legal basis for processing

The processing of your personal data is necessary to fulfill our legal obligations under the Insurance Contracts Act, such as handling and settling claims. Furthermore, we have a legitimate interest in handling all claims correctly and ensuring that the right person receives compensation.

Health data is processed when it is necessary to carry out claims settlement, i.e. to establish a legal claim for insurance compensation.

The processing of social security numbers is justified by the importance of secure identification.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Personal data related to this situation refers to information received by us in connection with a claim event. As we describe in the section "When you submit a claim to us" above, this personal data is generally kept for 11 years after the claim has been finally settled.

Personal data processing and purpose

We may process your personal data for the purposes of administering insurance claims and claims settlement in cases where you are a counterparty to us in a claim. This includes handling claims that either you have made, or that have been made against you by someone insured with Hedvig.

Personal data processed

  • Contact details

  • Personal identification number

  • Data related to the claim. The type of data depends on the type of insurance

  • Communication related to the claim, including recorded voice messages and files shared in the Hedvig app

  • Health data (only collected directly from you and may be shared with healthcare providers and medical advisors)

Legal basis for processing

The processing of your personal data is necessary to fulfill our legal obligations under the Insurance Contracts Act, such as handling and settling claims. Furthermore, we have a legitimate interest in handling all claims correctly and ensuring that the right person receives compensation.

Health data is processed when it is necessary to carry out claims settlement, i.e. to establish a legal claim for insurance compensation.

How long we keep your personal data

At Hedvig, we only keep your personal data for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements.

Personal data related to this situation refers to information received by us in connection with a claim event. As we describe in the section "When you submit a claim to us" above, this personal data is generally kept for 11 years after the claim has been finally settled.

Personal data processing and purpose

We process your personal data to communicate with existing and potential suppliers and partners to establish, maintain and develop our business relationship. This includes for example communication during a contract negotiation.

Personal data processed

  • Name

  • Contact details

  • Personal identification number and Date of birth

  • Information provided in connection with email correspondence or other communication with us related to a specific transaction or contract

Legal basis for processing

The processing of your personal data is based on our legitimate interest to establish, maintain and develop business relationships. In the case of personal data processed in the context of signing a contract with the company you represent (including the maintenance of the contract), the legal basis is to take steps necessary for the conclusion of a contract and to perform the contract. The processing of personal identification numbers is justified in view of the importance of secure identification.

How long we keep your personal data

At Hedvig, we will retain your personal data only for as long as it is necessary for the purposes for which it was collected, or to comply with legal requirements. Please note that we may save your personal data even for a period of time after our last interaction with you in order to, for example, fulfill our remaining contractual obligations or handle legal claims related to our agreement with the company you represent.

How we collect information

We collect data about you from different sources depending on your relationship with us. Below are various examples of data we may collect.

We may collect data from you when you interact with us through various communication channels (for example, our website or app) and express interest in purchasing insurance, purchase insurance or report a claim.

We use online identifiers (cookies) when you use our app and visit our website. These are important to optimize your experience and use of the services we offer you. Read more about our use of cookies at hedvig.com/legal.

In order to provide an accurate price quote, to investigate and settle claims and improve the user experience, we may collect data from partners, healthcare providers and other insurance companies.

We also collect your personal data from certain partners in order to provide you with the relevant offer that the cooperation with the partner entails.

In the event of any collection of insurance data relating to your current insurance policy via Insurely, this privacy notice applies.

We use the Gemensamma skaderegistret “GSR” in the insurance industry, which contains data on claims and claims payments. The purpose of the GSR is to help insurers and authorities identify unclear cases and avoid incorrect payments. The controller of the GSR is Skadeanmälningsregister (GSR) AB, Box 24171, 104 51 Stockholm. See www.gsr.se for more information about the processing of data in the register. Sharing of data via the GSR is necessary to prevent and investigate insurance fraud and to establish legal claims.

We may obtain personal data from authorities and institutions that keep publicly available records.

With whom we share your personal data

We may disclose your personal data to third parties in certain situations, but only if there is a legal basis for the transfer.

Depending on the type of insurance you have and the type of personal data involved, your data may be shared with the following external parties:

We may share personal data with financial partners for the administration of payments etc.

We may share personal data with repair and claims partners such as building contractors and claims experts, to whom information about the content and scope of the policy and contact details may be shared if necessary to inspect or settle a claim.

We may share personal data with partners in the context of our insurance distribution.

We may share personal data with marketing partners to manage mailings, communicate offers and conduct analytics for marketing purposes.

In the event of illness or accident, we or our partners may share personal data with healthcare providers.

We may share personal data with our reinsurers when underwriting and administering our insurance contract with you.

We may share personal data with other insurance companies if it is necessary for the proper settlement of claims, as well as in relation to recourse claims after a claim has been settled.

We also share personal data with Eir Försäkring AB, the insurer of Hedvig's car insurance.

We use the Gemensamma skaderegistret “GSR”Common Claims Register (CCR) in the insurance industry, which contains data on claims and claims payments. The purpose of the GSR is to help insurers and authorities identify unclear cases and avoid incorrect payments. The controller of the GSR is Skadeanmälningsregister (GSR) AB, Box 24171, 104 51 Stockholm. See www.gsr.se for more information about the processing of data in the register. Sharing of data via the GSR is necessary to prevent and investigate insurance fraud and to establish legal claims.

We may share personal data with courts, authorities and legal representatives in order to protect legal interests in the event of a dispute and to fulfill legal obligations and comply with legal and regulatory requirements.

We may share personal data with IT providers in the context of data collection, operation of our systems and data storage.

Your rights

At Hedvig, we are committed to ensuring that your personal data is always handled transparently and correctly. Below we describe your rights in relation to our processing of your personal data:

You have the right to access the personal data we process about you. You can see certain information directly on your profile page in our app. If you would like more detailed information, you can request a so-called register extract in accordance with the GDPR. The registry extract provides an overview of what personal data is collected, how it is used, and for what purposes.

If you discover that any of your personal data is incorrect or incomplete, you have the right to request that we correct this information. It is important to us that your data is always accurate and up-to-date.

You have the right to request the erasure of your personal data if there is no legal basis for us to continue processing it. Please note that some information may be exempt from this right under applicable law, which means that we cannot always delete all information at your request.

In some cases, you can request that the processing of your personal data be restricted. This may be relevant if you question the accuracy of the data or if you have objected to the processing and are awaiting a hearing.

If technically possible, you can request that a copy of the personal data you have provided to us be transferred directly to another company. This will allow you to easily move your personal data between different services.

You have the right to object to the processing of your personal data. If you do so, we will examine whether there are legitimate grounds for continuing to process your data. If there are no such grounds, we will cease processing your personal data.

If you need to exercise any of these rights, you can contact us. You can reach us by email at team@hedvig.com.

Automated decision-making and profiling

At Hedvig, we use automated decision-making processes and profiling to provide you with fast and efficient service. This means that certain decisions are made automatically without human intervention, which we explain below.

When you request a quote for any of our insurance policies, and in connection with the renewal of an existing insurance contract, automated decisions are used to calculate your insurance premium. This is done by an algorithm analyzing the information you provide, together with any insurance history stored with us and the data we collect from external sources. Based on this analysis, your insurance premium is calculated.

Automated decisions can also be used in our claims handling process. Here, decisions are based on information you provide us with, such as photographs, as well as data from external sources such as repair shops or market values of stolen items. Algorithms assess the damage and decide on the amount of compensation, or whether to reject the claim in full or in part.

In order to provide you with relevant information and avoid sending you unwanted offers, we use profiling. This means that we analyze your data to offer you the most relevant products and services.

If you are not satisfied with an automated decision, you always have the right to contact us for further information, or to request a review of the decision.

How we protect your personal data

At Hedvig, we prioritize your privacy and security. We take appropriate technical, legal and organizational measures to protect your personal data. If we use external parties to process your data, we ensure that they comply with the GDPR.

Personal data is processed and stored mainly within the EU and the EEA. In some cases, data may be transferred to other countries in connection with the use of technical solutions. Such transfers will only take place if appropriate safeguards under applicable data protection laws are in place and it can be ensured that your personal data remains protected.

To ensure that your personal data is protected against unauthorized access, loss or damage, we continuously monitor our implemented security measures (encryption, anonymization etc) as well as ensure that access permissions are in line with stated purposes.

Contact information

Hedvig Försäkring AB, reg. no. 559245-5223, with registered address Tulegatan 2A, 113 58 Stockholm, is the data controller for your personal data and is therefore responsible for ensuring that your personal data is processed in accordance with current legislation. To ensure this, we have appointed a data protection officer.

For questions about our processing of your personal data, please contact us by e-mail at team@hedvig.com or our Data Protection Officer at dataskyddsombud@hedvig.com.

You can also send letters to:

Hedvig Försäkring AB
Data Protection Officer
Tulegatan 2A
113 58 Stockholm

You also have the right to submit any complaints you may have about our use of your personal data with the Data Protection Authority.

Swedish Authority for Privacy Protection
Box 8114
104 20 Stockholm
www.imy.se