Hedvig Privacy Policy

Personal data processing and purpose

If you provide information on our website or in our app to obtain a price estimate, but do not complete and submit your quote request, we process the personal data you have provided in order to save your partially completed request and make it easier for you to resume it at a later time.

Personal data processed

The specific personal data processed depends on the information you choose to provide, how far you progressed in the quote flow, and the type of insurance product you requested a price for. Below are the categories of personal data we may process:

• Identification data (personal identity number)

• Contact details (such as address and email address)

• Information about the insured object

• Technical information (such as information about your device and the time of contact)

Legal basis for processing

Processing of your personal data for this purpose is based on legitimate interests. We consider that we have a legitimate interest in managing and following up on initiated quote requests and providing a smooth customer experience. We also consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

We retain your personal data for 45 days from when the information was provided.

Personal data processing and purpose

We process your personal data to handle your request for an insurance quote and, if you choose to proceed, to enable you to enter into an insurance contract with us. The processing includes automated decision-making and profiling; please read more under “Automated decision-making and profiling”.

If you request an insurance quote, we process personal data in order to:

• verify your identity and ensure that we have accurate information about you,

• assess insurability, insurance risk, calculate premiums, and apply any applicable discounts,

• provide a correct and individually tailored insurance quote,

• communicate with you regarding your insurance quote,

• comply with legal requirements and document the basis and decisions related to your insurance quote and insurance,

• facilitate comparison and switching of insurance at your request, and

• enable you to take out insurance with us and, if you choose to do so, provide you with relevant information and confirmation when the policy is issued.

Personal data processed

• Identification data (name, personal identity number and age)

• Contact details (address, email address and phone number)

• Information about the insured object

• Data about co-insured where applicable (such as name, personal identity number and number of co-insured)

• Household-related data (such as information about the number of people in the household)

• Aggregated, area-based socio-economic data indirectly linked to you via address coordinates (such as average claims frequency in an area and statistics on housing types)

• Claims history with Hedvig

• Data regarding financial circumstances

• History with Hedvig of insurance fraud or attempted fraud

• Insurance quote data (such as price, type of insurance, date and time of your quote)

• Information on whether you hold other insurance with Hedvig and the type of such insurance

In addition to the personal data mentioned above, we also process the following data depending on the specific insurance you are requesting a quote for:

Home insurance:

• Information regarding existing home insurance for the address and, if applicable, the insurance provider.

Car insurance:

• Information from the Swedish Road Traffic Register (Sw. Vägtrafikregistret) (such as driving licence information and information about current insurance provider).

• A blocking indicator from our insurer affecting eligibility for automated quotation.

Legal basis for processing

Processing of your personal data is necessary in order to prepare an insurance quote and to enter into a potential insurance contract, in accordance with your request.

If you are co-insured and not the policyholder, we rely on the lawful basis of legitimate interests. We consider that the processing of your personal data is necessary in order to provide a quote and enter into an insurance contract, assess risk and calculate premiums. We also consider that these interests override any opposing interests and fundamental rights and freedoms.

Data regarding financial circumstances, data relating to suspected or established insurance fraud, and blocking indicators from our insurer (applicable only to car insurance) are processed on the basis of legitimate interests. We consider that processing of these personal data is necessary to protect our insurance business and prevent Hedvig and Hedvig’s insurer from being exposed to fraud, as well as to reduce credit losses and ensure a fair distribution of costs among our policyholders. We consider that this interest overrides any opposing interests and fundamental rights and freedoms.

You always have the right to object to processing based on legitimate interests, and you can read more about your rights under the heading “Your rights” below.

Processing of personal identity numbers is justified by the importance of secure identification.

Data that may relate to suspected or established criminal convictions and offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

How long we keep your personal data

At Hedvig, we keep your personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal requirements.

If an insurance policy is taken out, we retain your personal data throughout the insurance period and for 11 years thereafter, taking into account applicable limitation periods.

If you request an insurance quote but do not take out insurance, we retain personal data processed in connection with the quote for up to 1 year from when the quote was created, in order to handle questions and potential complaints even after the quote has expired.

If Hedvig decides not to offer insurance, we retain the personal data processed for 3 years from the decision date in order to handle potential complaints and legal claims.

Please see this privacy notice.

Personal data processing and purpose

If you have taken out insurance with us or are co-insured, we process your personal data to administer and fulfill the insurance contract, which includes, for example, carrying out a renewed risk assessment when calculating the premium upon renewal. We also use personal data to provide you with services linked to your insurance, such as providing an insurance overview and administering incoming premiums.

For renewed risk assessment and premium calculation, the processing corresponds to what is described under the heading “When you take an insurance quote in order to potentially take out insurance with us” above.

Personal data processed

We collect and process different types of personal data depending on the type of insurance you have. Below are the categories of personal data we may process:

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Information about the insured object

• Data about co-insured where applicable (such as name, personal identity number and number of co-insured)

• Payment information (such as direct debit authorisation, invoice numbers and payment reminders)

• Insurance data (such as type of insurance and policy number)

• Technical information (such as information about your device and the time of contact)

• Other personal data that you provide in your communications with us

Legal basis for processing

If you have taken out insurance with us, we process your personal data to perform our contract with you. If we process personal data about you as co-insured, the processing is carried out to comply with our legal obligations under the Swedish Insurance Contracts Act.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

If an insurance policy is taken out, we retain your personal data throughout the insurance period and for 11 years thereafter, taking into account applicable limitation periods.

Personal data processing and purpose

If you are insured through a mandatory group insurance policy via one of our partners, we process your personal data in order to enroll you in the insurance.

For information on how we administer your insurance contract, handle your data in the event of a claim, or for other purposes, please refer to the respective situations of this privacy policy.

Personal data processed

• Identification data (name and personal identity number)

• Contact details (address and email address)

• Insurance details (such as insurance type and insurance period)

• Information about the insured object

• Number of co-insured

Legal basis for processing

The processing of your personal data is based on legitimate interests. We consider that we have a legitimate interest in being able to provide and administer the insurance coverage agreed upon between Hedvig and the group representative (our partner) on your behalf. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment, and you can read more under the heading “Your rights” below.

The processing of personal identity numbers is justified by the importance of secure identification and to ensure that the correct person is covered by the group insurance.

How long we keep your personal data

Your personal data is retained throughout the contract period and for 11 years thereafter, taking into account applicable limitation periods.

Personal data processing and purpose

We process your personal data and, where applicable, personal data of co-insured, to handle and settle claims reported to us, which includes:

• investigation of claims,

• assessment of insurance claims and deciding on compensation,

• management of payments,

• coordination of tasks related to restoration of damaged property,

• recovery from the responsible party,

• recourse claims from and against other insurance companies,

• handling of legal claims or disputes, and

• communicating with the policyholder or other relevant parties.

Personal data processed

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Data about the insured object that has been damaged and documentation supporting the claim

• Communications related to the claim, including recorded voice messages and transcripts thereof, and files you share with us

• Health data where the claim is related to personal injury (collected only directly from you and may be shared with healthcare providers and medical advisors)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

• Claims history with Hedvig

• Insurance data (such as type of insurance and policy number)

• Financial data (such as bank account details)

• Technical information (such as information about your device and the time of contact)

Legal basis for processing

If you have taken out insurance with us, we process your personal data to perform our contract with you.

If you are co-insured, the processing is carried out to comply with our legal obligation to investigate insured events and settle claims under the Swedish Insurance Contracts Act.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal convictions and offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

If an insurance policy is taken out, we retain your personal data throughout the insurance period and for 11 years thereafter, taking into account applicable limitation periods.

Personal data processing and purpose

If you, as an existing or former customer (policyholder or co-insured), contact our customer service via email, phone or chat, we process your personal data in order to respond to your questions related to your current or previous insurance contract. If you choose to use our chat, we carry out an automated analysis of your messages to assess whether your message requires human handling or whether the question can be answered using an AI-generated response. If your message is answered using an AI-generated response, you will be informed of this in the chat.

If you are not and have not been a customer with us, the purpose of the processing is to answer questions and share information about us and our insurance products.

If you contact our customer service to obtain an insurance quote or in connection with a claim, our processing of personal data is described under the relevant sections above.

Personal data processed

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Insurance data (such as type of insurance, policy number, and information about insured persons or objects)

• Payment information (such as direct debit authorisation, upcoming and previous payments and discounts)

• Other personal data that you provide, or have previously provided, in your communications with us (such as information about your assets or co-insured) and files you share with us

• Recorded phone calls and transcripts thereof

• Technical information (such as information about your device and the time of contact)

Legal basis for the processing

If you have taken out insurance with us, processing of your personal data is necessary to perform our contract with you.

If you are not a customer, the processing is based on legitimate interests. We consider that we have a legitimate interest in providing good customer service and answering questions from co-insured about their insurance, as well as from potential customers and others who want to know more about us or our insurance products. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment, and you can read more under the heading “Your rights” below.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

If you are or have been a customer with us, or an insured party, we store your personal data for the entire duration of the contractual relationship and for 11 years thereafter.

If you are not and have not been a customer with us or an insured party, or if more than 11 years have passed since your contractual relationship with us ended, we store your personal data for 6 months from the time you contacted us, to enable us to resume a previous matter with you in a customer-friendly way.

Personal data processing and purpose

In the context of our business and product development, we may process your personal data in order to generate insights that support the development of our business and processes.

Personal data processed

• Identification data (such as name and customer number)

• Contact details (address, email address and phone number)

• Customer and contract information (such as type of insurance, claims history, payment history and information about previous use of our services)

• Technical information (such as information about your device, IP address and browser ID)

• Other data collected in connection with your request for an insurance quote, and data you have provided in your communications with us

Legal basis for processing

Processing of your personal data for this purpose is based on legitimate interests. We consider that we have a legitimate interest in analysing and developing our services in a way that is necessary to provide improved insurance products. We also consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

How long we keep your personal data

For policyholders and co-insured individuals, we process personal data for this purpose during the contractual period and for 11 years thereafter, however, if the storage of the data ceases earlier in accordance with the applicable retention period for the relevant processing under this policy, the data will only be processed until such time. After that, the data may only be used in aggregated and anonymized form.

For individuals who are not and have not been policyholders or co-insured, but whose personal data is processed in other situations described in this policy (for example, in connection with a quote or marketing), the data is processed for this purpose only for as long as the underlying processing continues. The retention period is set out in the relevant processing activity described in this policy. Thereafter, the data may only be used in aggregated and anonymized form.

Personal data processing and purpose

If you have taken out insurance with us, or have requested an insurance quote, we process your personal data in order to send marketing and relevant offers to you.

If you have taken out insurance with us and have accepted marketing cookies on our website, we share your personal data with our advertising partners to analyse the effectiveness of our marketing and show you more relevant Hedvig advertising in our advertising partners’ channels. You can read more about our advertising partners, and how they may use your personal data for their own purposes, in our cookie policy.

Personal data processed

• Identification data (name and customer number)

• Contact details (address, email address and phone number)

• Insurance data (such as type of insurance and premium)

• Digital interactions on our website

• Technical information (such as information about your device, IP address and browser ID)

Legal basis for processing

When we process your personal data for marketing purposes, the processing is based on legitimate interests. We consider that we have a legitimate interest in providing marketing and offers to you regarding our products. Our assessment is that this interest overrides any opposing interests or fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

If you no longer want to receive marketing messages via email, SMS or push notifications from us, you can easily opt out by clicking the unsubscribe link in the message, or by changing your notification settings in the app.

How long we keep your personal data

If an insurance policy is taken out, we retain your personal data throughout the insurance period and for 11 years thereafter, taking into account applicable limitation periods.

If you have requested an insurance quote but did not take out insurance, we retain your personal data for marketing purposes for 30 days from the date you requested the quote.

Personal data processing and purpose

We process your personal data to detect, prevent and manage insurance fraud. This may include investigating suspected activities that may indicate insurance fraud, managing cases of confirmed fraud, and activities related to preventing future attempted fraud.

This data may be shared with the insurance industry's “Gemensamma skadeanmälningsregister - GSR”, see further under the heading “With whom we share your personal data” below.

Personal data processed

• Identification data (name, personal identity number and customer number)

• Contact details (address, email address and phone number)

• Data about the insured object that has been damaged and documentation supporting the claim

• Communications related to the claim, including recorded voice messages and transcripts thereof and files you share with us

• Health data where the claim is related to personal injury (collected only directly from you and may be shared with healthcare providers and medical advisors)

• Insurance data (such as type of insurance, policy number, and information about insured persons or objects)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

• Technical information (such as information about your device and the time of contact)

Legal basis for processing

Processing of your personal data, including sharing your personal data with GSR, is based on legitimate interests. We consider that we have a legitimate interest in preventing and handling insurance fraud. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under “Your rights”.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

If an insurance policy is taken out, we retain your personal data throughout the insurance period and for 11 years thereafter, taking into account applicable limitation periods.

Personal data processing and purpose

If you submit a complaint to us, we process your personal data in order to:

• receive and register your complaint,

• investigate and handle the complaint,

• communicate with you in relation to the matter,

• document our handling and maintain records of complaints,

• make decisions in relation to the complaint, and

• where applicable, reassess previous decisions and handle legal claims.

Personal data processed

• Identification data (such as name, personal identity number, and customer number)

• Contact details (such as address, email address, and telephone number)

• Information included in your complaint

• Information relating to the relevant insurance policy, claim, or other matter to which the complaint relates, including previously reported claims to the extent necessary to investigate and handle the complaint

• Information regarding previous decisions and assessments in the relevant matter

• Communication relating to the complaint

• Information regarding the handling of the complaint, such as the date the complaint was received, actions taken, and outcome

Legal basis for processing

The processing of your personal data is necessary for us to comply with our legal obligations under applicable legislation on insurance distribution, including the Swedish Insurance Distribution Act (2018:1219), the Swedish Financial Supervisory Authority’s regulations on insurance distribution (FFFS 2018:10), and the Authority’s general guidelines on complaint handling in relation to financial services provided to consumers (FFFS 2022:23).

The processing of personal identity numbers is justified with regard to the importance of secure identification.

Special categories of personal data, such as health data, as well as data relating to suspected or confirmed criminal offences, are processed only to the extent necessary to establish, exercise, or defend legal claims.

How long we keep your personal data

Your personal data will normally be retained for three (3) years after the complaint matter has been closed. However, If the complaint results in or is related to proceedings before the National Board for Consumer Disputes (ARN), Personal Insurance Board (Sw. Personförsäkringsnämnden), a court, or another legal claim, your personal data may be retained for a longer period to the extent necessary to handle the matter and to establish, exercise, or defend legal claims.

Personal data processing and purpose

If you contact us to exercise your rights under the General Data Protection Regulation (GDPR), for example by requesting access, rectification, erasure, restriction of processing, data portability, or by objecting to processing, we process your personal data in order to:

• receive and register your request,

• verify your identity and ensure that we provide information or take action in relation to the correct individual,

• investigate and handle your request,

• communicate with you regarding your request,

• document our handling of the request and the measures taken, and

• comply with our obligations under the GDPR.

Personal data processed

• Identification data (such as name and customer number)

• Contact details (such as address, email address and phone number)

• Information provided in your request

• Information about the personal data and processing activities to which your request relates

• Communication related to your request

• Information relating to our handling of the request, such as the date the request was received, actions taken and outcome

Legal basis for processing

The processing of your personal data is necessary for us to comply with our legal obligations under the General Data Protection Regulation (GDPR).

How long we keep your personal data

We retain your personal data for as long as necessary to process and document your request. Documentation of the request, including communication with you, is generally retained for 1 year after the matter has been closed.

If we provide personal data to you in the form of a copy (data access request) or a data portability file, such data is generally retained for 30 days after the matter has been closed.

If your request leads to or is related to a complaint to a supervisory authority, legal proceedings, or other legal claims, the personal data may be retained for a longer period to the extent necessary to handle the matter and to establish, exercise or defend legal claims.

Personal data processing and purpose

If you have a protected identity, we process information about this in order to implement necessary protective measures in connection with the processing of your other personal data.

Personal data processed

Confidentiality marking for protected identity

Legal basis for processing

Information about a protected identity is not processed independently, but only if you have a protected identity and we process your personal data as part of another processing activity under this privacy policy. The legal basis for the processing is the same as that which applies to the relevant processing activity in this privacy policy, as set out under each respective processing activity.

How long we keep your personal data

This information is not processed separately, but is retained for as long as we process your other personal data (see retention periods under each relevant section).

Personal data processing and purpose

If you are an injured party or otherwise referenced in a claim but not insured with us, we process your personal data as part of our claims handling.

Personal data processed

Which personal data is processed depends on the information provided in connection with the claim. The categories below may be processed:

• Identification data (such as name, personal identity number and age)

• Contact details (such as address, email address and phone number)

• Data related to the claim (the type of data depends on the insurance product)

• Communications related to the claim, including recorded voice messages and transcripts thereof, and files you share with us

• Health data where the claim is related to personal injury (may be shared with healthcare providers and medical advisors)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

Legal basis for processing

Processing of your personal data is necessary to comply with our legal obligations under the Swedish Insurance Contracts Act, such as handling and settling insured events.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

If an insurance policy is taken out, we retain your personal data throughout the insurance period and for 11 years thereafter, taking into account applicable limitation periods.

Personal data processing and purpose

We process your personal data to administer and manage insurance claims in cases where you are an opposing party. This includes managing claims either made by you, or directed against you, by an insured person at Hedvig.

Personal data processed

• Identification data (such as name, personal identity number and age)

• Contact details (such as address, email address and phone number)

• Data related to the claim (the type of data depends on the insurance product)

• Communications related to the claim, including recorded voice messages and transcripts thereof, and files you share with us

• Health data where the matter is related to personal injury (collected only directly from you and may be shared with healthcare providers and medical advisors)

• Data relating to suspected or established criminal offences (such as information contained in police reports or other investigative material)

Legal basis for processing

Processing of your personal data is necessary to comply with our legal obligation to investigate insured events and settle claims under the Swedish Insurance Contracts Act.

Special categories of personal data, such as health data, as well as data that may relate to suspected or established criminal offences, are processed only to the extent necessary to establish, exercise or defend legal claims.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

If an insurance policy is taken out, we retain your personal data throughout the insurance period and for 11 years thereafter, taking into account applicable limitation periods.

Please find a separate privacy policy via this link.

Personal data processing and purpose

We process your personal data to communicate with existing and potential suppliers and partners in order to establish, maintain and develop our business relationship. This includes administration and negotiation of contracts, ongoing communication and follow-up to fulfil our obligations and safeguard our rights.

Personal data processed

• Identification data (such as name and personal identity number)

• Contact details (such as address, email address and phone number)

• Work-related information (such as role and title)

• Technical information (such as IP address collected in connection with digital signatures)

• Other information provided in email correspondence or other communications with us

This personal data is collected either directly from you or from your employer.

Legal basis for processing

If you represent a legal entity with which we intend to enter into, or have entered into, a business relationship, we process your personal data on the basis of legitimate interests. We consider that we have a legitimate interest in establishing, maintaining and developing our business relationship. We consider that this interest overrides any opposing interests and fundamental rights and freedoms. You always have the right to object to this assessment and can read more under the heading “Your rights” below.

If you are a private individual with whom we intend to enter into, or have entered into, a business relationship, we process your personal data on the basis of performance of a contract.

Processing of personal identity numbers is justified by the importance of secure identification.

How long we keep your personal data

We retain your personal data for as long as necessary to manage the business relationship and any related agreements, exercise our rights, and fulfill our obligations, or for as long as required to satisfy a legitimate interest.

This means that personal data processed in the context of a business relationship or in connection with an agreement, for example in relation to background checks or confidentiality undertakings, is retained for the duration of the relationship or agreement and thereafter for a period necessary for purposes such as follow-up, compliance with legal obligations, and the establishment, exercise, or defense of legal claims, with ongoing deletion based on a needs assessment.

Personal data processed to comply with obligations under accounting legislation is retained for seven (7) years.

Personal data processing and purpose

If we process your personal data in any of the situations described in this privacy policy, we may also process and share your personal data in connection with audits, supervision and controls of our operations. This may, for example, take place in connection with internal or external audits, internal control and compliance, and supervision by authorities or other competent bodies.

Personal data processed

The categories of personal data processed are those necessary for the relevant audit or supervision. This may include personal data processed within the scope of other processing activities described in this privacy policy.

Legal basis for processing

The processing of your personal data is necessary for us to comply with legal obligations to which we are subject, for example under the Insurance Business Act and regulations issued by the Swedish Financial Supervisory Authority.

How long we keep your personal data

We only retain personal data for this purpose for as long as necessary to carry out and manage the relevant audit, control and/or supervision. The retention period therefore depends on the type of review, audit or supervision involved, as well as the legal requirements applicable in the individual case.

Personal data processing and purpose

We process your personal data where necessary to comply with laws, regulations, and requirements from authorities governing our operations. This processing relates to legal obligations not explicitly detailed in other sections of this privacy policy, such as the management of complaints or your GDPR rights.

This may, for example, include the processing of personal data in connection with measures to prevent money laundering and terrorist financing, checks against sanctions lists and other relevant registers, accounting and bookkeeping requirements, as well as reporting to authorities or other competent bodies.

Personal data processed

The categories of personal data processed are those necessary to comply with the relevant legal obligation. This may include personal data processed within the scope of other processing activities described in this privacy policy.

Legal basis for processing

The processing of your personal data is necessary to comply with the legal obligations to which we are subject.

How long we keep your personal data

We retain your personal data for as long as necessary to comply with the relevant legal obligation. The retention period may therefore vary depending on the applicable legislation. Personal data may also be retained for a longer period where necessary to establish, exercise, or defend legal claims.

We obtain information from you, or from the main policyholder, when you or they interact with us via different communication channels (for example our website or app) and, for example, when expressing interest in purchasing insurance, purchasing insurance, or reporting a claim.

We use cookies and similar trackers when you visit our website. Read more about how we use cookies/trackers in our cookie policy.

In order to investigate and settle claims, improve the user experience, and prevent insurance fraud, we may obtain information from partners, healthcare providers, insurers and other insurance companies.

If we collect insurance data regarding your current insurance via Insurely, this privacy notice applies.

We may also obtain your personal data from partners in connection with offers, such as discounts or campaigns, so that you can benefit from these.

One of our partners is Skandinaviska Enskilda Banken AB (publ) (“SEB”). When you request a quote from Hedvig via SEB’s channels, SEB shares your personal data with us. For the transfer of your personal data from SEB to Hedvig, we act as joint controllers. This means that we have jointly determined the purposes and means of this specific part of the processing. SEB is responsible for the processing of your data until the transfer begins, and Hedvig is responsible for all further processing after we have received the data. As we are joint controllers, you may contact either us or SEB to exercise your rights in relation to the transfer of your personal data.

We use an insurance-industry joint claims register (Gemensamma skadeanmälningsregistret - GSR) containing information about claims and compensation requests. The purpose of GSR is to help insurance companies and authorities identify unclear cases and avoid incorrect payments. The controller for GSR is Skadeanmälningsregister (GSR) AB, Box 24171, SE-104 51 Stockholm. See www.gsr.se for more information about processing of data included in the register.

We may obtain personal data from information service providers and public authorities that maintain publicly available registers.

We may share personal data with financial partners for the administration of payments, etc.

We may share personal data with partners in repairs, claims inspection and valuation, such as building contractors, valuers and claims experts. Information about the content and scope of the insurance and contact details may be shared where necessary to value, inspect or settle a claim.

We may share personal data with external partners assisting with claims handling, investigation or claims management, including alarm centres and investigation companies, in order to investigate, administer or settle a claim.

We may share personal data with partners as part of our insurance distribution.

We may share personal data with communication and marketing partners to manage the distribution of communications. This includes sending information and documents related to your insurance, and communicating offers and carrying out analyses for marketing purposes.

If you have accepted marketing cookies on our website, we share your personal data with our advertising partners to analyse the effectiveness of our marketing and show you more relevant Hedvig advertising in our advertising partners’ channels.

We may share personal data with partners in business development and for market research, such as Svenskt Kvalitetsindex AB, where necessary for conducting market research or similar business development services.

In the event of illness or accident, we or our partners may share personal data with healthcare providers and/or medical advisors.

We may share personal data with our reinsurers when entering into and administering our insurance contract with you.

We share personal data with other insurance companies where required for correct claims handling, and in connection with recourse claims after a claim has been settled.

If you have Hedvig’s car insurance, we also share your personal data with Eir Försäkring AB, which is the insurer for the car insurance.

We use an insurance-industry joint claims register (Gemensamma skadeanmälningsregistret - GSR) containing information about claims and compensation requests. The purpose of GSR is to help insurance companies and authorities identify unclear cases and avoid incorrect payments. The controller for GSR is Skadeanmälningsregister (GSR) AB, Box 24171, SE-104 51 Stockholm. See www.gsr.se for more information about processing of data included in the register.

We may share personal data with courts, public authorities and legal counsel to safeguard legal interests in the event of a dispute and to comply with legal obligations and statutory/regulatory requirements.

We may share personal data with advisors and parties that support our operations in areas such as audit, control and compliance, including auditors, actuaries, and legal and financial advisors.

We may share personal data with IT suppliers for case management, data collection, operations, development and data storage, including integration platforms, as well as suppliers that provide AI tools.

You have the right to request confirmation as to whether we process personal data about you. You also have the right to request a copy of the personal data (a so-called data subject access request) and to receive information about how the personal data is processed. Certain information about which personal data we process about you can also be viewed directly on your profile page in the Hedvig app.

If you discover that any of your personal data is incorrect or incomplete, you have the right to request that we correct the data. It is important to us that your information is accurate and up to date.

You have the right to request that we erase your personal data, for example if the processing is no longer relevant in relation to the purposes for which the data was collected, or if you have objected to processing based on our legitimate interest and there are no compelling legitimate grounds for continuing the processing. Please note that we are not always able to erase your personal data. This is the case, for example, when your personal data is needed to comply with a legal obligation or where it is still necessary to process the data for the purposes for which it was collected, or if we need the data to establish, exercise or defend legal claims.

In certain cases, you may request that the processing of your personal data be restricted. This may be relevant, for example, if you contest the accuracy of the data, or if you have objected to the processing and are awaiting an assessment.

If we process your personal data on the basis of performance of a contract or consent, you may in certain cases have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit the data to another controller, or to have us assist you with this where technically feasible.

If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. If you withdraw your consent, we will stop processing personal data based on that consent with effect from the withdrawal.

You have the right to object to processing of your personal data based on legitimate interests. If we cannot demonstrate compelling legitimate grounds to continue the processing, we must stop. You always have the right to object to the use of your personal data for direct marketing, in which case we will stop processing for that purpose.

If you have concerns or objections regarding how we process your personal data, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, “IMY”), which is the supervisory authority for our processing of personal data. Read more about IMY at www.imy.se.