Privacy notice - Insurely Connect App

Insurely AB, a company with registration number 559103-5646 and registered address Drottninggatan 71C, 111 36 Stockholm, Sweden (“Insurely”, ”we”, “us”) is the controller and responsible for the processing of your personal data in relation to the provision of our services. We are responsible for and committed to processing your personal data in accordance with applicable data protection laws, such as the EU General Data Protection Regulation 2016/679 (“GDPR") and other applicable EU or national data protection legislation.

This privacy notice (“Notice”) explains how we process your personal data when we provide our services to you (“End-User”, “you”, or “your”) via our app called Insurely Connect (“The App”). Our Services consist of ”Data Access Services” that collect certain information relating to your insurances from your insurance companies which is then compiled and presented to you (“Services”). 

To be able to provide our Services to you, we need to collect and further process personal data relating to your insurance. We are solely responsible for the processing of your personal data.

This Notice applies when we process personal data in order to provide our Services to you, that is any information (or combination of such information) that directly or indirectly can identify you as a unique person. We will collect and further process the following personal data categories when you use our Services.

We will collect this personal data either directly from you or by means of accessing your insurance account upon your specific authorisation.

1.1 User data

We collect and process the following information about you when you initiate to use the Service:
Social security number (to facilitate login via Bank-ID)

Time when you accepted Terms of Use for the Service.

1.2 Insurance data

When you use functionality within the Service (for instance, to automatically retrieve your insurance information), we will process additional personal data about you and in some cases about the other individuals who benefit from your insurance policies ("co-insured"). 

We collect the following personal data in these instances:

• Information about the insurance holder:
• Telephone number
• E-mail
• Address
• Birthdate
• Gender
• Occupation
• Information about your household, such as information about other family members covered by your policy and address
  
  

• Insurance name
• Insurance number
• Insurance company
• Start and end date of insurance policy
• Insurance premium
• Insurance amountInformation about objects you have insured (such as your registration number in the case of car insurance, or your address and size of your property, etc.)
• Number of claims

In this section, we explain the purposes for which we use your personal data, which personal data categories we process for each purpose, the legal basis on which we rely for each purpose of processing and the relevant retention time. 

In order to provide our services, we process the following categories of data:

• User data

• Insurance data

For this purpose, processing is based on the need to perform the contract entered into with you. Please note that we cannot provide you with the services if you do not provide us with or give us access to this personal information. We will process this personal data for 14 days from the date of collection.

In order to develop our services and provide a better user and customer experience, we process the following categories of data:

• User data

• Insurance data

For this purpose, processing is based on our legitimate business interest in developing and improving our services. We will anonymise your personal data before using it for analytical purposes. We will process your personal data for 14 days from the date of collection.

In order to establish, exercise or defend against legal claims or respond to requests from the authorities, we process the following categories of data:

• User data

• Insurance data

For this purpose, processing is based on our legitimate interest in protecting our business or if there is a legal obligation to process the data. We will process such personal data for as long as is necessary to fulfil the purpose.

We retain the personal data we collect from you where we have an ongoing legitimate business need or legal requirement to do so (e.g., to exercise or defend legal claims or respond to authority requests). Please see section 2 for information on the specific retention periods we apply for the purposes we have set out above.

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it.

We retain the personal data we collect from you where we have an ongoing legitimate business need or legal requirement to do so (e.g., to exercise or defend legal claims or respond to authority requests). Please see section 2 for information on the specific retention periods we apply for the purposes we have set out above.

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise it.

We disclose the personal data described above to the following categories of recipients:

1. Courts and similar judicial entities and/or authorities if we are required to do so by law.

2. Service providers upon which we rely for our core operational activities.

If there is a change of ownership of our business, we will share personal data with the new owners so that they can continue to operate our business, provided that the new owners will only process personal data as we have set out in this Notice.

Currently, our processing of your personal data takes place within the EU/EEA. However, if our processing, either directly by us or through our service providers, entails a transfer of your personal data outside the EU/EEA, we will ensure that adequate safeguards are in place to require that your personal data will remain protected in accordance with this Notice and applicable data protection laws. We will do this through one of the following measures:

1. By transferring the personal data to a country that is on the European Commission’s list of countries with an adequate level of protection, or;

2. By implementing a transfer mechanism such as the controller-to-controller or controller-to-processor standard contractual clauses that have been approved by the European Commission (as applicable from time to time) for the transfer of personal data to third countries.

If a standard contract is deemed ineffective due to the national law of the country of destination, we will take additional technical, organisational, or contractual measures to ensure an adequate level of protection when transferring personal data to countries covered by paragraph (ii) above.

6.1 Right of access

You have the right to access or receive a copy of the personal data that we process about you.

6.2 Right to accuracy 

You can challenge the accuracy of your personal data at any given time or request the completeness of your personal data.  If your personal data is indeed inaccurate or incomplete, you are entitled to have the inaccurate data removed, corrected, or completed, as appropriate.

6.3 Right to erasure

In certain cases, you are entitled to have your personal data erased (also known as the “right to be forgotten”), such as in cases where the personal data is no longer needed for the purpose for which it was collected, or if we no longer have a legal basis to continue processing it.

6.4 Right to object

You have the right to object to the processing of your personal data at any time. This means that we will stop or be prevented from processing further your personal data.

6.5 Right to restriction

By exercising this right, you limit the way we will process your personal data for a certain period of time. This right is an alternative to requesting the erasure, in case you don’t want the deletion of your personal data.

6.6 Right to data portability

You have the right to data portability, which means that (in some instances) you have the right to obtain your personal data in a structured, commonly used and machine-readable format and to transfer such data to another data controller without hindrance from us.

If you would like to exercise any of the rights set out above, you can do so by contacting us via email at privacy@insurely.com.

6.7 Right to file a complaint

If you are dissatisfied with the way we handle your personal data, you have the right to lodge a complaint with the Swedish data protection authority. Their contact details are provided below. However, we kindly ask you to contact us first, using Insurely’s contact details below.

Integritetsskyddsmyndigheten (IMY)
Address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm
Phone number: +46 (8) 657 61 00
IMY’s website: https://www.imy.se

Our contact information is:

Insurely AB

Drottninggatan 71C, 111 36 Stockholm, Sweden

Email address to the Data Protection Officer: privacy@insurely.com

If we make changes to this Notice, we will notify you on our Website. You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice. Significant changes to how we collect or process your personal data will be notified to you via email.

If you have any comments or complaints regarding Insurely’s processing of your pers onal data, please feel free to contact us at privacy@insurely.com. We would be happy to assist you.