Privacy Policy

Other languages

• DE: Datenschutzhinweise

• ES: Aviso de protecciòn de datos

• FR: Notice d’information relative à la protection des données personnelles

• IT: Informativa sulla protezione dei dati

Introduction

The protection of your personal data is of utmost importance to Advanzia Insurance AB, Vasagatan7, 111 20 Stockholm, Sweden, organisation no. 559498-7652 (“Insurance Distributor”, “we”, “us”). This Data Protection Notice (“Notice”) applies to our customers, web users, or individuals (“you”) contacting us.

This Notice is to inform you about what data we process, why, who can access your data, how long it is stored, and what your rights are. This Notice was drafted in respect of the General Data Protection Regulation (Regulation (EU) 2016/679 or “GDPR”) and the Swedish Act containing supplementary provisions to the EU General Data Protection Regulation SFS 2018:218, as amended.

This Data Protection Notice applies exclusively to insurance distribution services. Instead, for information regarding services provided by Advanzia Bank S.A. (“Bank”), including those related to the issuance of the credit card, please refer to the Bank’s general Data Protection Notice available at https://www.advanzia.com/en-gb/privacy-policy.

What data categories are processed?

Depending on the situation, we process the following personal data:

• First name, last name.

• Contact details: e-mail address, phone number, postal address.

• Your identity data: gender, date of birth, place of birth, country of residence, passport or ID number (only in Spain), nationality.

• Financial data: card details (in case of reimbursements), credit limit, outstanding balance, statements (occasionally), premium amounts and costs, insurance contract.

• Internal customer number and other internal identifiers.

• Health data: processed strictly by the insurance providers, e.g. medical certificates.

Please be aware that if you decide not to provide the above data, we will not be able to proceed with the conclusion of the insurance contract.

Why do we process your data?

Based on your consent

You can consent to marketing purposes by a specific tickbox (opt-in). This will allow us to inform you via telephone, SMS or e-mail about insurance services brokered by us (Article 6(1)(a) GDPR).

To fulfil contractual obligations

Processing your data is necessary for fulfilling contractual obligations by us and providing services to you for the purposes below (Article 6(1)(b) GDPR):

• Processing your application for the selected insurance product.

• Providing the selected insurance service to you.

• Residual debt insurance.

• Communication with our contact centres (e-mails, calls, postal mails, etc.).

The comply with legal obligations

We are required to process your data for compliance with legal obligations under both EU law, the law of Sweden or the law applicable in the respective market (Article 6(1)(c) GDPR). With this in mind, we have legal obligations to process your personal data within the following frameworks:

• the Swedish Act (2018:1219) on Insurance Distribution;

• the Swedish Act (2017:630) on Measures Against Money Laundering and Terrorist Financing;

• the Swedish Financial Supervisory Authority’s Regulations (FFFS 2018:10) on Insurance Distribution; and

• the Swedish Financial Supervisory Authority’s Regulations (FFFS 2017:11) on Measures Against Money Laundering and Terrorist Financing.

Based on legitimate interest

We have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including the processing of clients’ personal data (Article 6(1)(f) GDPR). The Bank may also process and store data as part of outsourced services provided to us, particularly in connection with IT systems and administrative tasks, based on a servicing agreement.

Who can access your data

Depending on the market you applied from, your data may be processed by one of the following insurance providers as separate data controllers:

• AmTrust International Underwriters DAC, 6-8 College Green, Dublin 2 D02 VP48, Ireland;

• AXA France Vie and AXA France IARD, 313 Terrasses de l’Arche 92727 Nanterre Cedex, France;

• AXA France Vie and AXA France IARD (Spanish branches), C/ Arequipa 1, esc. izquierda 3ª Planta, CP 28043 de Madrid, Spain;

• Cigna Life Insurance Company of Europe S.A.-N.V. and Cigna Europe Insurance Company S.A.-N.V., Avenue de Cortenbergh 52, B-1000 Brussels, Belgium.

• Contact centres to ensure communication with you and to process your inquiries. Contact centres are managed by Transcom Worldwide GmbH, Trellegorger Straße 5, 18107 Rostock (Germany), with operating contact centres in Croatia, Serbia and Bosnia and Herzegovina. Transcom acts as a data processor on our behalf.

• Advanzia Bank S.A. may process and store for IT and administrative purposes.

International data transfers

International data transfers mean transfers of personal data outside the EU/EEA. In principle, your data is processed within the EU/EEA, with the following exceptions:

• Some of our contact centres are based outside the EU/EEA (Serbia, Bosnia and Herzegovina): transfers are based on Standard Contractual Clauses and transfer impact assessments. Contact centre agents may access your data, but it is not stored outside the EU/EEA as such.

• IT providers may access personal data from the US. In that case, we rely either on the EU-US Data Privacy Framework (“DPF”) or Standard Contractual Clauses.

How long is your data stored

Your personal data is stored for a period of up to 10 years after the end of our business relationship in accordance with our legal obligations with regard to AML/CTF and the general statute of limitation pursuant to Swedish law.

Which rights do you have?

Right of access

If you wish to have access to your personal data, we will provide you a copy of your personal data in accordance with your request and the relevant information under Art. 15 GDPR.

Right of rectification

If you believe that your personal data is inaccurate or incomplete, you can ask us to correct it. We recommend exercising this right by calling us to facilitate your request. Please note that we may request supporting documentation to verify your data.

Right of erasure (“right to be forgotten”)

If you wish, you can ask us to delete your personal data, within the limits of our legal obligations. In general, you may request to delete your personal data if you are an applicant for our insurance distribution services. If you are a customer, please be aware of the data retention obligations specified in Section 6.

Right to restriction of the processing

You can also ask to restrict the processing of your personal data, in particular if you consider it inaccurate or if you object to the processing of your personal data. Please note that in that case the data in question will be restricted for the time it takes us to investigate your request, and we may not be able to provide you with our services during this period.

Right to data portability

You can request us to receive your personal data in a structured, commonly used and machine-readable format. We can also send it to third parties if you wish so. However, please note that this right is limited to personal data where it is processed based on your consent or contract, and where the processing is carried out by automated means (i.e. not paper-based).

Right to object

You may object to the processing of your personal data, in particular if you do not agree with a process carried out based on legitimate interest, for reasons specific to your specific circumstances, by precisely indicating which processing you are objecting to. If you object to a processing activity, we will stop processing your personal data related to that activity, unless there are compelling legitimate grounds for us, or if this is necessary in order to establish, exercise or defend legal claims.

Your rights related to automated decision-making

You have the right not to be subject to automated decision-making, including profiling, with exceptions permitted by the GDPR. However, we do not rely on such processing.

Right to withdraw you consent

You can withdraw your consent at any time in relation to the processing activities based on your consent.

How can you contact us?

Should you have any questions related to the protection of your personal data, or if you would like to exercise your rights under the GDPR, please contact us at dataprotection@advanzia-insurance.com. We are also at your disposal via post at the following address: Data Protection Officer, Advanzia Insurance AB, Vasagatan 7, 111 20 Stockholm, Sweden.

Where can you file a complaint?

Should you wish to lodge a complaint at a supervisory authority, you can contact the Swedish Authority for Privacy Protection, IMY via email (imy@imy.se), via phone (+4686576100) or via post at Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden as described on IMY’s website: https://www.imy.se/en/complaint. You may also file a complaint at the authority of your residence.