<img alt="" src="https://secure.leadforensics.com/262915.png?trk_user=262915&amp;trk_tit=jsdisabled&amp;trk_ref=jsdisabled&amp;trk_loc=jsdisabled" height="0px" width="0px" style="display:none;">
Skip to content

Privacy Policy for Testers

Effective Date: [20/09/2022]

1. General

Insurely [with the registered name of “The Great Collective AB”, org. no. 559103 -5646, a
company registered in Sweden at the registered address Sveavägen 9, 111 57, Stockholm,
Sweden] (“Insurely”, “we”, or “us”), cares about your privacy and wants you to be familiar
with how we collect and further use your personal data. This privacy policy (“Policy”)
explains how we process your personal data when you wish to help us test our
infrastructure for insurtech products and services and how you can exercise your data
protection rights. This Policy, therefore, applies to testers or prospective testers of our
products and services (collectively called “Services”). Please note that the processing of
your personal data taking place in relation to the provision of our regular Services is subject
to its own privacy policy, which is available here.

Insurely is the controller of your personal data, and we are responsible for and committed
to processing your personal data in accordance with applicable data protection laws.

We, therefore, encourage you to read this Policy in full to ensure that you fully understand
how we will process your personal data.

2. What personal data we process and how we collect it

In order to become a tester or to fulfil your contractual obligations as a tester we collect
and further process information about you that constitutes personal data, i.e, information
that alone or in combination with other information identifies you or can reasonably lead to your identification. The personal data categories that we will process are:

  • Contact data, which includes your first and last name, your personal email address,
    and your phone number.
  • Authentication data, which includes personal data depending on the
    authentication method implemented in your country. For countries where logging
    in is supported by an electronic identification system (such as BankId for Sweden,
    MitID for Denmark, or any other electronic identification system applicable in your
    country), we will process your personal identity number. If a password-based
    authentication method is implemented, we will process your login credentials
    (email and password), while if a multi-factor authentication method is
    implemented, we will process your login credentials and your phone number.
  • Insurance data, which includes any information relating to your insurance, such as
    the insurance name, insurance company, insurance number, insurance premium,
    start and end date of insurance policy, insurance amount payment method, or any
    information about the insured item or persons. Note that the latter will vary
    depending on the type of your insurance, e.g., home, pet or car insurance. As such,
    this category may include special categories of personal data, data of a sensitive
    nature, or data that concern a member of your household. You can read more
    about this processing in Section 4 of this Policy.
  • Financial data, which includes information about the invoice such as the amount of compensation, VAT ID, Tax ID, invoice ID, invoice date, task name, task duration, and bank count details such as bank name, country of the bank, IBAN, SWIFTS/BIC.
  • Communication data, which includes the content of our communication, such as
    emails that we may exchange or by use of another appointed communication
    channel.

We will collect the abovementioned personal data directly from you and not from any
other third party.

3. How, why, and on what basis we process your personal data

The GDPR requires that we establish that a legal ground (or otherwise called “legal basis”)
exists, allowing us to use your personal data. In this section, we explain the different
purposes for which we will process your personal data, how we will process it, our legal
basis, and how long we will store it.

3.1 When you express interest in becoming a tester

We will process personal data about you when you express your interest to become a
tester, by submitting the interest form on our website. For this purpose, we will process the
following personal data:

  • Contact data
  • Certain Insurance data such as the name of your insurance company and the type
    of your insurance

In case your application is successful, we will contact you to schedule a call and discuss your
application further. We will process your personal data described above on the basis that it
is necessary to enter into an agreement with us. In case your application does not go
through, we will delete your personal data 6 months after the submission of your
application.

3.2 Once you become a tester

Once your application moves forward and you become a tester by signing the tester agreement, we will process your personal data to test the quality of our Services, in accordance with the tester agreement. We will access your insurance accounts by you authenticating yourself according to the authentication method used in your country. For
example, in Sweden and Denmark, you can authenticate yourself by an electronic identification system (BankID and MitId respectively), while in other countries you can authenticate through a password-based or multi-factor authentication method.

We will process the following personal data:

  • Contact data
  • Authentication data
  • Insurance data

We will process your personal data described above on the basis that it is necessary to fulfil the tester agreement. According to our tester agreement, you will be giving us access to your insurance account for one year upon signing the tester agreement. After every access to your Insurance data, we will store it, together with your Contact and Authentication data for 30 days and then delete it or anonymise it. We will though store your Contact data to fulfil other purposes as described in section

3. Please note that we will only access your
insurance account for the times that you have given us access by authenticating yourself.
Our processing activities, in relation to your Insurance data, will be limited to accessing,
storing and anonymising it. Note that we will not alter or in any way modify your Insurance
data.

By accessing your insurance account, we will also access certain Contact and Insurance data
of other individuals that are covered by your insurance policy. As the tester agreement is
not between us and the other person(s) that are covered by your insurance policy, we will
process the co-insureds’ Insurance data based on our legitimate interest to get an overview
of your insurance policy and store it in the same way as your Insurance data (30 days after
each access to your insurance account).

3.3 To compensate you

In accordance with the tester agreement, we will compensate you for testing our Services. To do that, we will process the following personal data:

  • Contact data
  • Financial data

We will process your personal data described above on the basis that it is necessary to fulfil the tester agreement. We will store financial data for as long as required by applicable tax or accounting requirements and therefore for this processing, our legal basis is to comply with our legal obligations. As this period may change from time to time through an amendment of applicable law, for more information about the retention of your personal
for this purpose, contact us at privacy@insurely.com.

3.4 To provide you with support and manage our communication

For as long as you are a tester, we will need to contact you from time to time to provide
you with the access link or to ask you about your experience with testing our Services, as
per our tester agreement. It may also be the case that you will need to contact us to report
any issues that you may have experienced. To do that we will process the following
personal data:

  • Contact data
  • Communication data

We will process your personal data described above on the basis that it is necessary to fulfil the tester agreement. We will store the personal data for as long as you are a tester in accordance with the tester agreement (1 year upon signing or as otherwise stated in the tester agreement).

3.5 To establish, exercise, or defend against legal claims

In certain cases, we may need to store the personal data to establish, exercise or defend ourselves against legal claims and we will need to store your personal data to deal with litigation or regulatory matters. The legal basis for this processing is our legitimate interest to establish, exercise or defence against legal claims. The categories of personal data that we will process, and the retention time may vary depending on the specific case at hand. In
any case, contact us at privacy@insurely.com for more information.

4. Sensitive data

When you become a tester, we will access all relevant data relating to your insurance, which may also include personal data classified as special categories of personal data according to the GDPR or otherwise called “sensitive data”. In order to process such data, we request your explicit consent according to Article 9.1 (a) of the GDPR. You can withdraw your consent at any given time. If you withdraw your consent, we no longer have a legal
basis to process the data and will then delete your data without delay.

5. How long we store your personal data

We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a Service you have requested or to comply with applicable legal, tax or, accounting requirements or to exercise, or defend legal claims). See section 3 for information on the particular retention periods we apply for the specific purposes described above.

When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

6. Recipients of personal data, and transfer of personal data

We will disclose your personal to the following recipients:


(i) Courts and similar judicial entities and/or authorities, if required to do so by
law.
(ii) Service providers upon which we rely for our core operational activities.
(iii) To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this privacy policy.


We normally store and process your personal data within the EU/EEA. However, upon change of our current service providers, your personal data may be transferred to, and processed in, countries outside the EU/EEA. If we transfer data outside the EU/EEA, we will ensure adequate safeguards are in place to ensure that your personal data is protected in accordance with this Policy through one of the following measures:


The country of destination is on the European Commission’s list of countries with an adequate level of protection, or;


The transfer is made by otherwise ensuring an adequate level of protection through standard contractual clauses.

If a standard contract is deemed ineffective due to national law, Insurely will take additional measures to ensure an adequate level of protection when transferring personal data to countries covered by paragraph (b) above.


You can find out more information about the transfers of your personal data and the
safeguards we implement by contacting us at privacy@insurely.com.

7. Your rights

You have the right to have inaccurate personal data rectified and, depending on the purpose of the processing, have incomplete personal data completed. You may contact Insurely at any time to request correction or completion.

7.1 Right to access

You have the right to access and receive a copy of your personal data that we process, as
well as other supplementary information.

7.2 Right to rectification

You have the right to have inaccurate personal data rectified and, depending on the
purpose of the processing, have incomplete personal data completed.

7.3 Right to erasure

In certain cases, you have the right to request the erasure of your personal data, such as in
cases where the personal data is no longer needed for the purpose for which it was
collected, or if we no longer have a legal basis to continue processing it.

7.4 Right to restriction of processing

In certain cases, such as when you have contested the accuracy of your personal data, you
have the right to request that we restrict the processing of your personal data. In such a
case, we will only store your personal data or further process it if permitted to do so by law.

7.5 Right to data portability

You have the right to data portability, which means that in certain cases you can receive the
personal data you have shared with us in a structured, commonly used and machine-
readable format and that you have the right to request that we transfer these data to other
data controllers where this is technically possible.

7.6 Right to object

You have the right to object to the processing of personal data based on our legitimate
interest.

7.7 Right to withdraw consent

In case we process your personal data based on your consent, then you have the right to withdraw such consent at any given time. Note that withdrawal of your consent will not affect the lawfulness of the processing we carried out prior to such withdrawal.


7.8 Post-mortem right to privacy (applicable if you live in France)

During your lifetime, you may choose to designate someone to carry out your specific or
general instructions on how to retain, delete or disclose your personal data after your
death. If the instructions relate only to the personal data we process, you may choose to
contact us directly at privacy@insurely.com.

8. Notice of policy changes

If we make changes to this Policy, we will take appropriate measures to inform you. For significant changes in how we collect or process your personal data, we will ask for your consent, if required by applicable law. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Policy.

9. Contact information for complaints 

If you have any comments or complaints regarding Insurely’s processing of your personal data, please contact privacy@insurely.com.

You have the right to contact and lodge a complaint with your national Data Protection Authority. You can find the contact details of your supervisory authority here.

You also have the right to contact and lodge a complaint with the Swedish Authority for Data Protection Authority (“IMY”), which is the lead supervisory authority for the processing of personal data, since Insurely has its main establishment in Sweden. IMY can be reached at:
Integritetsskyddsmyndigheten
Box 8114, 104 20 Stockholm, Sweden
Email: imy@imy.se
Phone number: +46 (0) 8-657 61 00
IMY’s website: www.imy.se

Note that certain data protection authorities may require that you exhaust our own internal
complains process before looking into your complaint.