Skip to content
Effective Date: [01/11/2022]

Privacy Policy for Testers

1. General

Insurely [with the registered name of The Great Collective AB”, org. no. 559103 -5646, a company registered in Sweden at the registered address Sveavägen 9, 111 57, Stockholm, Sweden] (Insurely”, we”, or us”), cares about your privacy and wants you to understand how we collect and use your personal data. This privacy notice (“Notice”) explains how we process your personal data when you help us test our infrastructure for insurtech products and services and how you can exercise your data protection rights. This Notice, therefore, applies to testers or prospective testers of our products and services (collectively called “Services”). 

Please note that we have a separate privacy notice explaining how we process your personal data when we provide our regular services to our customers in the ordinary course of our business, which is available here.

Insurely is the controller of your personal data, and we are responsible for and committed to processing your personal data in accordance with applicable data protection laws. You can get in touch with Insurely using the contact details set out in section 9 below.

We encourage you to read this Notice in full to ensure that you fully understand how we will process your personal data in relation to our Services testing. However, if you only want to access a particular section of this Notice, then you can click on the relevant link below to jump to that section:

2. WHAT PERSONAL DATA WE PROCESS AND HOW WE COLLECT IT

3. HOW, WHY AND ON WHAT LEGAL BASIS WE PROCESS YOUR PERSONAL DATA

4. SENSITIVE DATA

5. HOW LONG WE STORE YOUR PERSONAL DATA

6. RECIPIENTS OF PERSONAL DATA, AND TRANSFERS OF PERSONAL DATA

7. YOUR RIGHTS

8. INFORMING YOU OF CHANGES TO THIS NOTICE

9. CONTACT INFORMATION FOR COMPLAINTS

2. What personal data we process and how we collect it

In order to become a tester, or to facilitate the fulfilment by you of your contractual obligations as a tester we collect and use information about you that constitutes personal data, i.e, information that alone or in combination with other information identifies you or can reasonably lead to your identification. The personal data categories that we will process in connection with Services testing are:

  • Contact data, which includes your first and last name, your personal email address, and your phone number.
  • Authentication data, which includes personal data depending on the authentication method implemented in your country. For countries where logging in is supported by an electronic identification system (such as BankId for Sweden, MitID for Denmark, or any other electronic identification system applicable in your country), we will process your personal identity number. If a password-based authentication method is implemented, we will process your login credentials (email and password), while if a multi-factor authentication method is implemented, we will process your login credentials and your phone number. 
  • Insurance data, which includes any information relating to your insurance, such as the insurance name, insurance company, insurance number, insurance premium, start and end date of insurance policy, insurance amount payment method, or any information about the insured item or persons. Note that the category of "insured item or persons" will vary depending on the type of your insurance, e.g., home, pet or car insurance. In some cases, this will include special categories of personal data (i.e. certain data types of a particularly sensitive nature, such as health data).  You can read more about the basis on which we lawfully process this data in Section 4 of this Notice.

    Insurance data will sometimes also comprise personal data of a member of your household (for instance, where they are also insured under the same policy). Where this is the case, we ask that you notify those other individuals of this Privacy Notice.
  • Financial data, which includes information about the invoice you send to us, such as the amount of compensation, VAT ID, Tax ID, invoice ID, invoice date, task name, task duration, and bank count details such as bank name, country of the bank, IBAN, SWIFTS/BIC.
  • Communication data, which includes the content of our communications with you, such as emails that we may exchange or messages that we may exchange by another communication channel.

We will collect the abovementioned personal data directly from our testers and not from any other third party.

3. How, why, and on what basis we process your personal data

3.1 When you express interest in becoming a tester

We will process personal data about you when you express your interest in becoming a tester by submitting the interest form on our website. For this purpose, we will process the following personal data:

  • Contact data
  • Certain Insurance data such as the name of your insurance company and the type of your insurance

If your application is successful, we will contact you to schedule a call and discuss your application further. We will process your personal data described above on the basis that it is necessary to take steps at your request prior to entering into an agreement with you. 

If your application is not successful or does not proceed for any other reason, we will delete your personal data 6 months after the submission of your application.

3.2 Once you become a tester

Once your application moves forward and you become a tester by signing the tester agreement, we will process your personal data to test the quality of our Services, in accordance with the tester agreement.

We will access your insurance accounts for these purposes after you authenticate yourself using the authentication method used in your country. For example, in Sweden and Denmark, you can authenticate yourself by an electronic identification system (BankID and MitId respectively), while in other countries you can authenticate through a password-based or multi-factor authentication method.

We will process the following personal data for this purpose:

  • Contact data
  • Authentication data
  • Insurance data

We will process your personal data described above on the basis that it is necessary for the performance of the tester agreement we have entered into with you.   

When you enter into the tester agreement, you agree to give us access to your insurance account for six months to one year from the date on which you sign the tester agreement.  Note that we only access your insurance account after you have completed the authentication process yourself and we will not have constant access to your insurance account.

Each time we access your Insurance data, we will store it, together with your Authentication data, for 30 days. After this period, we will either delete this data or anonymise it. We will continue to store your Contact data to fulfil other purposes as described in other parts of this section 3. 

Our processing activities in relation to your Insurance data will be limited to accessing, storing, and deleting it. We will not alter or in any way modify your Insurance data.

By accessing your insurance account, we will also access certain Contact and Insurance data of other individuals that are covered by your insurance policy. As the tester agreement is not between us and the other person(s) that are covered by your insurance policy, we will process the co-insureds’ Insurance data on the basis that it is necessary for our legitimate interest to carry out testing and development of our Services. We store this information in the same way as we store your Insurance data (i.e. we delete or anonymise it 30 days after it is collected, each time we access your insurance account)

3.3 To compensate you

In accordance with the tester agreement, we will compensate you for testing our Services. To do that, we will process the following personal data:

  • Contact data
  • Financial data

We will process your personal data described above on the basis that it is necessary for the performance of the tester agreement that we have entered into with you. 

We will also store financial data for as long as this is required by applicable tax or accounting requirements. To the extent we are subject to these requirements, for this processing, our legal basis is that the relevant processing is necessary to comply with our legal obligations. As this period may change from time to time through an amendment of applicable law, for more information about the retention of your personal for this purpose, you can contact us at privacy@insurely.com.

3.4 To provide you with support and manage our communication

For as long as you are a tester, we will need to contact you from time to time to provide you with relevant information (such as access links) or to ask you to provide information about your experience with testing our Services, as set out in our tester agreement. It may also be the case that you will need to contact us to report any issues that you may have experienced when testing our Services. 

To administer and manage these communications with you, we will process the following personal data:

  • Contact data
  • Communication data

We will process your personal data described above on the basis that it is necessary for the performance of the tester agreement that we have entered into with you. 

Where you contact us for reasons other than in relation to your rights or obligations under the tester agreement, we will process this personal data on the basis that it is necessary for our legitimate interests in testing and developing our Services and in managing our relationship with Services testers.

We will store the personal data for as long as you are a tester in accordance with the tester agreement (which ends 6 months to 1 year after you have entered into it, unless otherwise stated in the tester agreement).

3.5 To establish, exercise, or defend against legal claims

We will store the personal data described under section 2 to the extent that it is necessary to establish, exercise or defend ourselves against legal claims and/or to deal with litigation or regulatory matters. The personal data that we will store for this purpose is:

  • Contact data
  • Authentication data
  • Insurance data
  • Financial data
  • Communication data

Where this is the case, our legal basis for this processing is that it is necessary for the purposes of our legitimate interest to establish, exercise, or defend against legal claims. 

The categories of personal data that we will process for this purpose, and the timeframe for which we will retain data for this purpose, will vary depending on the specific case at hand. However, in each case, we will only process your data for as long as we have a legitimate reason to do so lawfully. For further information, you can contact us at privacy@insurely.com for more information.

4. Sensitive data

When you become a tester, we will access all relevant data relating to your insurance. 

In some cases, depending on the insurance types linked with your account, this will include personal data classified as "special categories" of personal data under the UK/EU GDPR (sometimes also called “sensitive data”). Special categories of personal data are given extra protection under data protection law because of their inherently sensitive nature. Special category data that we may access includes:

  • personal data revealing racial or ethnic origin (which may derive from your name)
  • personal data revealing trade union membership;
  • data concerning health(which may derive from the type of your insurance, e.g., if it is pregnancy insurance)
  • data concerning a person’s sexual orientation (which may derive from the gender of your partner/co-insured).

In order to process such data, the UK/EU GDPR requires that we establish an additional legal basis. To this end, when you agree to carry out testing of our Services, we request your explicit consent according to Article 9.1 (a) of the UK/EU GDPR. 

You can withdraw your consent at any given time. If you withdraw your consent, we no longer have a legal basis to process the data and will then delete your data without delay. Note that such withdrawal will not affect the validity of the agreement we have with you (Tester Agreement).

5. How long we store your personal data

We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with information you have requested or to comply with applicable legal, tax or, accounting requirements, or to exercise, or defend legal claims). See section 3 for information on the particular retention periods we apply for the specific purposes described above. 

When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

6. Recipients of personal data, and transfer of personal data

We will disclose the personal data described above to the following categories of recipient:

  1. Courts and similar judicial entities and/or authorities, if required to do so by law.
  2. Service providers upon which we rely for our core operational activities. Our service providers are available here.
  3. To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice.

We store and process your personal data within the EU/EEA. We rely on the UK Secretary of State's "adequacy decision" for the EEA for the transfer of data from the UK to the EU/EEA.

If, in future, we make a change to the service providers we currently use and this involves a transfer of your personal data outside the EU/EEA, then we will ensure adequate safeguards are in place to ensure that your personal data is protected in accordance with this Notice and applicable data protection laws. We will do this through one of the following measures:

  1. Where the recipient country is on the UK Secretary of State's or European Commissions list of countries with an adequate level of protection (as applicable), by relying on that adequacy decision, or;
  2. By implementing controller-to-controller or controller-to-processor standard contractual clauses that have been approved by the UK Secretary of State or European Commission (as applicable) for the transfer of personal data to third countries.

If a standard contract is deemed ineffective due to national law, Insurely will take additional measures to ensure an adequate level of protection when transferring personal data to countries covered by paragraph (b) above.

You can find out more information about the transfers of your personal data and the safeguards we implement to protect your data by contacting us at privacy@insurely.com.

7. Your rights

You have certain data protection rights in relation to how we process your personal data. You can contact us at privacy@insurely.com at any time to exercise your rights as set out below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

7.1 Right to access

You have the right to access and receive a copy of your personal data that we process, as well as other supplementary information. 

7.2 Right to rectification

You have the right to have inaccurate personal data rectified and, depending on the purpose of the processing, have incomplete personal data completed.

7.3 Right to erasure

In certain cases, you have the right to request the erasure of your personal data, such as in cases where the personal data is no longer needed for the purpose for which it was collected, or if we no longer have a legal basis to continue processing it. 

7.4 Right to restriction of processing

In certain cases, such as when you have contested the accuracy of your personal data, you have the right to request that we restrict the processing of your personal data. In such a case, we will only store your personal data or further process it if permitted to do so by law.

7.5 Right to data portability

You have the right to data portability, which means that in certain cases you can receive the personal data you have shared with us in a structured, commonly used and machine-readable format and that you have the right to request that we transfer these data to other data controllers where this is technically possible.

7.6 Right to object

You have the right to object to the processing of personal data based on our legitimate interest. You also have the right to opt-out at any time to receiving any marketing communications we send you. Despite that, we will not send you any marketing communication when you are a tester or a prospective tester. 

7.7 Right to withdraw consent

If we process your personal data based on your consent, then you have the right to withdraw such consent at any given time. Note that withdrawal of your consent will not affect the lawfulness of the processing we carried out prior to such withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

7.8 Post-mortem right to privacy (applicable if you live in France)

During your lifetime, you may choose to designate someone to carry out your specific or general instructions on how to retain, delete or disclose your personal data after your death. If the instructions relate only to the personal data we process, you may choose to contact us directly at privacy@insurely.com.

8. Notice of policy changes

If we make changes to this Notice, we will take appropriate measures to inform you. For significant changes in how we collect or process your personal data, we will ask for your consent, if this is required by applicable law.

You can see when this Privacy Notice was last updated by checking the last updated” date displayed at the top of this Notice.

9. Contact information for complaints

If you have any comments or complaints regarding Insurelys processing of your personal data, please contact privacy@insurely.com. 

You have the right to contact and lodge a complaint with your national Data Protection Authority.  You can find the contact details of EEA supervisory authorities here and details of the UK's Information Commissioner here. 

You also have the right to contact and lodge a complaint with the Swedish Authority for Data Protection Authority (IMY”), which is the lead supervisory authority for the processing of personal data, since Insurely has its main establishment in Sweden. IMY can be reached at:

Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm, Sweden

Email: imy@imy.se
Phone number: +46 (0) 8-657 61 00

IMYs website: www.imy.se 

Note that certain data protection authorities may require that you exhaust Insurely's internal complaints process before looking into your complaint.

We have appointed a representative in the UK, which is Lionheart Squared Limited, a private limited company (no. 10819580) in England and Wales, with registered offices at 17 Glasshouse Studios, Fryern Court Road, Fordingbridge, Hampshire, SP6 1QX.