Our privacy notice and your personal information
You trust us with a lot of information, when using our services or interacting with us.
We take this responsibility seriously and handle all your personal information in accordance with best confidentiality practices and the applicable laws on data privacy, notably the European Union General Data Protection Regulation n°2016/679 (hereafter “GDPR”).
This privacy notice applies to any processing by us of your personal information, including information provided by visitors on all our websites, apps, through the use of If Digital Services (e.g. our websites, Mypages, If Mobile app, My Business, If Login, If Mobile App, Volvia etc.), as well as, processing of your information as our current or potential customer, employees, cooperation partners etc.
Who is responsible for your personal information?
If Skadeförsäkring AB, registration number 516401-8102, address: 106 80 Stockholm, Sweden also active through its branches in Norway, Finland, Denmark, Estonia and Latvia (“If”, “we”, “us”) is the data controller of all personal information relating to the property & casualty insurance operation.
If Liv AB registration number 516406-0252, address: 106 80 Stockholm, Sweden is the data controller of all personal information relating to the life insurance operation.
If you have any questions regarding the processing of your personal information, please contact our data protection team by writing to us as set out in section Your contact.
Your personal information rights
Your personal information rights and how to exercise them
Transparency of the data
We want to be transparent regarding the information we hold about you and we want to make sure it is accurately updated. If you would like to exercise any of your rights below, you can always contact our Data Protection Officer on DPO@if.se or our local representatives. If you would like to receive a copy of the personal information we hold about you, a so called “data extract”, please send an e-mail to registerutdrag@if.se or send a letter to If Skadeförsäkring AB, Registerutdrag, 106 80 Stockholm.
Note that we will always verify your identify before enabling access to any information.
You can always read more information about your rights on the Data Protection Authority’s webpage.
Right to be informed
You have the right to be informed of how we process your personal information. We do this through this privacy notice and by answering your questions.
Right to have personal information deleted (“Right to be forgotten”)
You have the right to request that your personal information shall be deleted or removed from our systems and records. This right applies, for example to personal information in the following situations:
- when we hold personal information we no longer need for the purpose we collected it forg. you have terminated your insurance and there is no right to any compensation under the insurance (statute of limitation has occurred);
- you withdraw your consent for us to use your personal information e.g. you have previously consented to direct marketing through email or sms and you withdraw such consent;
- we rely on legitimate interest for our processing of your personal information and you are of the opinion that our interest does not outweigh your interests and rights, e.g. in cases where we are conducting marketing activities to you;
- we have used your personal information in an unlawful manner, e.g. if we have stored your data longer than necessary;
- we have a legal obligation to delete your personal information, e.g. in cases where there are time limits for how long time information may be stored according to local legislation; or
- no other legal justification supports our continued use of your personal information.
Note that this right only applies in certain circumstances since, we as an insurer are, according to for example insurance- and accounting laws obligated to store policies, claims and other information (including your personal information) for strictly defined periods.
There may also be other situations where we are unable to delete your personal information, for example, when the personal information is still necessary to process for the purpose for which the information was collected, our interest to process the personal information overrides your interest in having them deleted etc. Therefore, please take into account that large part of your information may be excepted from this right. In such cases we will stop processing your personal information for any other purposes.
Right to rectification
You have the right to ask us to correct, anonymise or delete personal information we hold about you, where it is incorrect, misleading or incomplete. You also have the right to supplement with additional information if something relevant is missing.
Right of access (the right to receive a “data extract”)
You have the right to receive a copy of the personal information we hold about you, information about how we use it and the purpose thereof.
Right to data portability
You have the right to obtain personal information which you have provided to us in a format which enables you to transfer the information to another organisation. Upon your request, a copy of the information can also be transmitted directly to another organisation, if it is technically feasible.
Right to restrict processing
You have the right to request that we restrict the processing of your personal information. This right applies for example in the following situations when you are of the opinion that:
- the personal information we hold about you is inaccurate and you have requested us to correct the information;
- the processing is considered to be unlawful;
- we do not need your personal information for the specific purpose it was collected for; or
- you have objected to us processing your personal information (as set out below) and such objection is pending review of whether our interests outweigh yours.
You also have the right to request that we stop processing your personal information while we assess your request.
Right to object to processing
You have the right to object to our use of your personal information in certain circumstances. For example where we process your personal information for marketing purposes or when we in any other situation rely on legitimate interest as a legal justification. If you object to such processing, we will only continue to process your personal information if we are of the opinion that our interests outweigh yours.
Note that this right only applies in certain circumstances since, we as an insurer are, according to for example insurance- and accounting laws obligated to store policies, claims and other information (including your personal information) for strictly defined periods.
There may also be other situations where we are unable to delete your personal information, for example, when the personal information is still necessary to process for the purpose for which the information was collected, our interest to process the personal information overrides your interest in having them deleted. Therefore, please take into account that large part of your information may be excepted from this right. In such cases we will stop processing your personal information for any other purposes.
Right to opt-out from direct marketing
You always have the right to object to the use of your personal information for direct marketing purposes at any time (including if we are carrying out profiling related to direct marketing). When you let us know that you no longer wish to receive direct marketing from us, we will turn off marketing for you, and stop sending it to you.
Right to object to an automated decision that significantly affects you
You have the right to object to an automated decision made by us if the decision produces legal effects or significantly affects you in a similar way. Please refer to the section “How we use your information for automated decision-making” for contact details and for further information on how we make use of automated decisions.
Right to withdraw your consent
Where we have relied upon your consent or explicit consent to process your personal information, you always have the right to withdraw that consent at any time (please note, it will not effect the processing of the personal data processed prior to the withdrawal).
When you withdraw your consent we will stop processing your personal information for such purposes. However, such withdrawal may affect the validity of your insurance coverage and your availability to use our services.
Right to complain to the relevant data protection authority
If you think that we have processed your personal information in a manner that is not in accordance with data protection law, you can make a complaint to the relevant data protection regulator. We are under the supervision of the Swedish Authority for Privacy Protection (IMY) and you have the right to contact IMY or your national corresponding personal data protection authority directly with complaints, but we encourage you to contact us in the first instance to handle your complaints. Please see below under “Your contact”.
Please see more about your rights as a customer from your country's Data Privacy Notice
What personal information do we collect?
Personal information that we collect is dependent on each individual relationship and/or the insurance product concerned. Different types of personal information will be held by and provided to us if you are a consumer insurance policyholder or claimant, compared to where you benefit from insurance coverage under an insurance policy taken out by another policyholder (for example, you are insured under a corporate policy taken out by your employer).
Likewise, we will hold and be provided with different personal information of you depending on if you are a commercial insurance broker or appointed representative, a website visitor, a witness, or another individual with whom we have a relationship with e.g. you are our cooperation partner or an employee or a potential employee. We may also receive personal information from official registers such as Statens personadressregister (”SPAR”), Vägtrafikregistret (”VTR”), Lantmäteriet and Fastighetsregistret as well as from our partners or other information marketing- and services companies (Dun & Bradstreet).
The personal information will often include information relating to:
- contact details;
- identification;
- administration of your insurance policy or a claim (which may include medical- or health information);
- financial information or other information relevant for your risk assessment;
- marketing preferences; or
- Use of If Digital Services.
Here you can find information categories and examples of information pieces to help you understand, what kind of information we collect (we very seldom collect all below information, it is only examples):
What personal data do we collect (pdf, 128 kb)
What personal information are used for what purpose?
We use personal information in almost everything we do as it enables us to carry out our business activities and to provide the best possible service to you. The purposes for which we use your personal Information will differ based on our relationship with you, including the type of communication between us and the services we provide to you.
The main purposes for which we use personal information are to:
A. Communicate with you and other individuals (marketing purpose please refer to H below).
B. Make assessments and decisions (automated and non-automated, including by profiling individuals) about: (i) the provision and terms of insurance (incl. underwriting) and (ii) settlement of claims. For this purpose, we record in- and outgoing calls to document what has been communicated.
Sometimes there is a lack of clarity about what has been communicated during a call, for example what has been said in a conversation about a claim or the purchase of insurance. In this case, we may need to listen to the conversation to clarify what was communicated.
C. Provide insurance-, claims- and assistance services, and other products and services which we offer by ourself or through partners, including repairshop- and towing services, medical assistance, claim assessment, administration, settlement and dispute resolution.
D. Process your premium and other payments.
E. Improve the quality of our products and services, for example providing staff training. An example of this is that we record in- and outgoing calls for quality and education purposes in order to develop and ensure the quality of our business and to ensure that the business meets the requirements set out in law and other regulations, e.g. when a manager listens to an employee's call to give advice on how to improve our customer service. Sometimes we also provide staff training through co-listening on phone call for the same purpose.
F. Prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks.
G. Carry out research and data analysis, including statistics and analysis of our customer base and other individuals whose personal information we collect, complete market research, including customer satisfaction surveys, and assess the risks faced by our business, in accordance with applicable law (including obtaining consent where required).
H. Provide marketing & Personalised experience; (i) provide marketing information in accordance with preferences you have told us or our partners about (marketing information may also include products and services offered by our partners subject to your expressed preferences). We may carry out marketing activities in accordance with your preferences by using email, SMS and other text messaging, post or telephone. (ii)
Personalised experience when you use If Digital Services or visit third party websites or social media by presenting information and advertisements tailored to you, identify you to an If employee to whom you send messages through the If Digital Services, and facilitate sharing on social media. You cand find more information under "Advanced analytics and advertising".
I. Manage our business operations and IT security and infrastructure, in line with our internal policies and procedures, including those relating to finance and accounting; billing and collections; IT systems operation; Tracking errors on customer service channel (incl. online behavioural data, to make sure our systems and services work as expected and intended); data and website hosting; data analytics; business continuity; records management; document and print management and Integrity and safety of services (e.g. internal audits, setting up incidents registers, warning systems).
J. Manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to personal information.
K. Comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to the conduct of insurance business, anti-money laundering, sanctions and anti-terrorism; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence).
L. Establish, enforce and defend legal rights to protect our business operations, and those of our group companies or partners, and secure our rights, privacy, safety or property, and that of our group companies or partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies and limit our damages.
M. Reinsurance, we reinsure most of our risks and can in limited cases share personal information with the reinsurer to reinsure those risks or to file a claim to the reinsurer.
The table below is a summary of the types of personal information used where necessary in connection with each main purpose described above. Personal information will only be processed for these purposes where permitted under applicable law.
What personal data is used for what purpose? (pdf, 162 kb)
Legal basis for using your personal information
The legal grounds on which we rely on for using your personal information, depend on the nature of- and on the purpose of the specific use. Please note that you are not obligated to disclose personal information to us.
However, in those cases in which the processing is based on the performance of a contract, we require your information to be able to fulfil our obligations. If you do not provide your personal information, there is a risk that we will not be able to provide you with our services.
Generally, we may be required to obtain personal information from you
- for the preparation, conclusion or for performance of an insurance contract with you (or someone else). For instance, information about the insured property and your belongings, risk related information provided prior contract is concluded, as well as any information provided during the claims handling process is processed lawfully based on this legal ground;
- for the purposes of legitimate interest of us or other third parties i.e. balancing interests. When balancing interests, we have determined that we have a legitimate interest in being able to perform the personal data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Processing based on this ground takes place when we process your data to prevent fraud or to send to you as our customer marketing communication, customer satisfaction surveys or to maintain security of our IT systems; or when it is necessary to cooperate with our partners to provide you services related to your insurance;
- to protect your or another person's vital interest. An example would be for travel insurance in case of accident, when we exchange information with hospitals to proceed with necessary medical manipulations;
- for compliance with a legal obligation to which the controller is subject. For instance, we are required to submit data about your Compulsory Motor Third Party Liability insurance to the Motor Insurance Bureau;
- where you as an individual have given us consent to process your personal information, such as that pertaining to health claims, or you have consented to Advanced Analytics and Targeting.
The table below describes the main legal grounds that apply to our purposes for using your personal information.
Legal basis of using you personal data (pdf, 80 kb)
How long do we keep your personal information?
We keep your personal information as long as necessary to (i) fulfil the purposes for which it was collected, (ii) execute your insurance agreement or to take steps prior to entering into your agreement, or to (iii) fulfill our legal and regulatory obligations and requirements. The retention period of your personal information is, inter alia, dependent on the law for the particular type of potential claim, accounting law requirements and other factors.
Unnecessary or irrelevant personal information is deleted or made anonymous. The anonymised information may be used for statistical or other business legitimate purposes. As this information can no longer be associated with you and, as such, will not constitute personal information anymore. We reserve the right to retain and use such anonymous information.
The collected personal information will be retained according to the following table:
How long do we keep your personal data? (pdf, 139 kb)
How we use your information for automated decision-making
Automated decision-making means that we make decisions without our employees being involved based on information provided from you or collected from other sources (please refer below). We will always inform you in advance when we use automated decision-making, if those automated decisions can affect you significantly and of course also ask for your consent, if legally required (e.g. automated claims decisions involving health data).
You can always contact us and ask for a review of the decision, taking into account any additional information and circumstances that you provide to us.
We use automated decision making in our sales- and claims processes and hope that we in this way, can offer you a better and smoother service.
Insurance sales process
We use automated decision-making in our insurance sales processes. This means that your insurance premium is computed and decided by an algorithm and our system automatically informs you about the insurance premium we offer to you.
The automated decision is based on information about you (such as your age, where you live, your previous insurances and claims at If, your household or your financial data) and the object you want to insure (such as vehicle or building information from official registers, telematics data, vehicle manufacturer or repair shop information). That information affects your claims risk.
Your information is analysed statistically together with all our customers’ claims risk. The resulting algorithm determines if we expect your future claims risk to be higher or lower depending on the information above. Your insurance premium is set as a result of this automated decision-making and is based on all information together.
Automated decision-making can be used to determine which coverage we offer to you. An automated decision can limit the coverage offered to you in our digital channels depending on your vehicle or building information and your previous insurances and claims at If.
If you do not want us to make an automated decision or are not satisfied with the decision, you can contact us to buy an insurance with the help of a sales agent instead, or to ask us to review the decision.
Insurance claims handling
We use automated decision-making in our claims handling process as part of our If Digital Services. Automated decisions are based on the information given to us (including photographs) by you and/or obtained from other sources (for example repair shop information). Depending on the insurance type, various sources may be used, for instance calculated market value for a stolen item or vehicle manufacturers’ and repair shop calculations, which can be used to automatically calculate the right amount of compensation.
To calculate and to assess a claims decision if uses algorithms which will result in a decision to fully or partly compensate or even to reject your claim. You cannot object to such automated decision making, however, you can contact us and ask us to review the claims decision.
Analytics and marketing communication
Introduction
We might collect and analyse your data, such as information collected through your interaction with us on our websites/apps in order to send you insurance related communication and other messages that you might find useful, as well as to provide you with customized advertising and content, and to perform analysis in our services.
In order to provide such communication, advertising or perform above mentioned analytics we usually do profiling. Profiling means understanding consumers behaviour or predict expected behaviour and interests based on various information we have about you. In marketing, we use profiles to send communication that we believe is most relevant to you and avoid sending or displaying irrelevant communication or advertising. You have the right to object to profiling related direct marketing. Please see section "Right to opt-out from direct marketing" and our cookie policy.
As a result, we might:
- Send you customized electronic and direct marketing (always subject to consent where needed).
- Customized content in our digital services, websites/ apps, e-mails and apps
- Provide relevant ads on social or other online media or internet
- Improve our services through analytics
Data sources
For advertising and analytic purposes we might use various data we have about you, collected from different sources see section "What personal information do we collect?"
In addition, we are using information collected through your interaction with us in our websites/apps. This information is collected with the help of cookies and other online identifiers and in line with your cookie choices and our Cookie policy.
We can also receive data from our partners or an association cooperating with us, so that we can contact you and e.g. give you offers on insurances.
For details, please review chapters: Legal basis and How long we store your data.
Advertising channels and purposes
3.1 Electronic and direct marketing
To make sure you are correctly insured, give you the best customer service and offer our insurance products, we might contact you on different communication channels such as telephone, sms or by e-mail (always subject to consent where needed). We do marketing communication based on various factors, such as data you have provided to us when you bought your insurance, or data we have about you from other sources. This could be non-governmental official register in which the data is allowed to be used for these specific purposes. We might also contact you based on your interactions with us through our websites/apps or based on data from our partners.
Even though we might have some types of sensitive information about you related to your insurances and claims, such as pregnancy or health claims, we never use it for marketing or advertising purposes unless you have explicitly requested either directly with us or through our partners. We also never use any other type of sensitive data, such as religious, political or sexual orientation, for marketing or advertising purposes.
In case you have indicated in a potentially existing state-maintained register or non-governmental official register that you do not want to be contacted for marketing purposes, we respect your will. You can also opt-out from marketing communications with us.
Examples
We believe in giving you the best offers.
- If you are a customer with If, but don’t have a house insurance with us, we might give you an insurance offer for house insurance if we believe this is relevant for you.
- If you are a member of one of our partners of interest association e.g. Unionen, we have the opportunity to give you an individual offer as a member.
- If you are pregnant and apply for a pregnancy insurance, and you have consented to it, we might offer you some additional covers for when the baby arrives.
For details, please review to chapters Legal basis and How long we store your data.
3.2 Customizing content in our digital services and websites/ apps
To give you the best user experience we may use the fact that you for example have clicked on an ad, or in an e-mail from us, visited a specific content on our websites/apps. This may be used to provide you with personalized content. You could be exposed of a picture or content on our websites/apps based on your behaviour or needs. We believe this is of value to you.
Examples
Example 1:
- To bring you added value as a house insurance customer at If, you might see customized content about e.g. house insurance when you log in to “My pages”.
- If you are a customer, owning a car but do not have a car insurance at If, we might provide you with customized content about this product.
Example 2:
If you as a customer have yearly payment on your insurances, we might use our digital channels to inform you about the possibility to have monthly payments.
Example 3:
If you click on one of our ads and visit our websites/apps, you might see that the web content is personalized. We only use data based on the ad you clicked on, and the media you came from.
For details, please review to chapters Legal basis and How long we store your data.
3.3 Advertising on social media platforms
We do advertising on social media platforms, and we use target groups to be able to provide you with ads and content that we believe is relevant for you.
Even though we might have some type of sensitive information about you related to your insurances and claims, such as pregnancy or health claims, we never use it for advertising on social media. We also never receive from social media and use any other type of sensitive data, such as religious, political or sexual orientation for marketing or advertising purposes, even if target groups based on sensitive data were made available by the social media.
3.3.1 Target groups created by If
When advertising in social media, we strive to provide you with relevant ads based on your relation to us as a customer, or as a potential customer.
We target in social medias based on data we have on you. This could be data about for example what insurances you have bought, or how you interact with us on our websites/apps based on cookies or other online identifiers.
To identify you in different social media we use a minimum number of personal identifiers for user matching. This is identifiers you already have provided to the social media. We only provide a minimum required data to the social media, this is data such as name and e-mail address. We never share information about how we have selected a target group, in order to display advertising to you.
The data with the created target groups are secured through “cryptographic hash functions”. This is done to ensure that the data transfer from If to the social media is protected during the transferring. The social media platforms are processing data only on behalf of If and are not allowed to use our customer data for other purposes than showing you, our advertising.
Removal of users who no longer belong to a specific target group follow the same workflow. The data are refreshed daily.
Examples:
- You have a new car, and the car is insured with standard insurance. We believe it is of your interest to show you the benefits with e.g our top insurance.
- You have bought dog insurance recently, then we will try to exclude you from the retargeting ads about dog insurance.
3.3.2 Target groups created by the social media
We can also do target group advertising, based on data held and controlled by the social media platform. This can be data such as age, gender, interests etc. depending on what kind of data the social media platform holds on.
According to the different social medias privacy policies, the social media collect various data about their platform users. The social media might categorize you in a specific target group, based on different characteristics. The social media offers us different advertising possibilities towards these target groups.
- If we assume you’re not a customer, but you belong to a certain target group that is of interest to us, we might expose you with a product we believe is at your interest.
- Our ads are shown to our selected target group only. We have no information on the identities of the individuals included in this target groups. But if you click on our ad and visit our website/apps, we might receive limited information about you.
Examples
- If you show interest in travelling, by e.g joining a Facebook traveling group or clicking on a Facebook ad containing travel content, you could be exposed to our travel insurance ad.
- If you recently have showed interest in groups on Facebook containing refurbishing sites like “How to renovate an old house” or “Real estate agent sites”, you might see ads about our house insurance.
3.3.3 Targeting based on online behavior data collected via pixels or other online identifiers on our website/apps
To identify you as a visitor of our website in different social media, pixel data, tracking scripts and other online identifiers are used (but only if you have given us consent for “advertising and targeting”). The data ends up being collected by servers hosted by the defined social media platform vendor. We do not include any personally identifiable information as a part of data collection from our websites/apps for the tracking scripts. However, the social media platform vendors may use identifiers that they generate, as a part of data collected through tracking scripts.
Social media platform vendors may be able to connect such identifiers to you as a social media platform user. This is something we can't affect, and usage of such identifiers and other data collected is described in each social media platform's privacy (see links below). Based on the pixel data, tracking scripts and other online identifiers we’re able to create target groups at the different social media platforms, based on the collected online behavioral data, such as visit to a specific page, calculate insurance price etc. Thereafter we can activate ads towards you. To read more about what a pixel is and what it does, please see our Cookie policy
Examples:
If you have shown interest in our dog insurance by browsing our websites/apps, and you have consented to our cookie consent for “advertising and targeting”, we might provide you with a dog insurance related ad on your private Instagram feed.
Please note that we have no influence on how the social media platforms collect data about you, or which individual users exactly belong to the different target groups. Still, we select for advertising only target groups which we believe are created based on data you have provided to social media yourself. For more information about how social media collect your data and create target groups, including information on legal basis, we refer you to the privacy policy of the respective social networks. Here you can find some of them:
3.4 Advertising on internet (online advertising in general)
We do advertising in online media, and we use target groups to be able to provide you with ads and content that we believe is relevant for you.
Even though we might have some types of sensitive information about you related to your insurances and claims, such as pregnancy or health claims, we never use it for advertising online. We also never use any other type of sensitive data, such as religious, political or sexual orientation for marketing or advertising purposes, even if they were made available by the media.
3.4.1 Target groups created by If based on your online behavior on our websites/ apps
When advertising in online media for instance with help of Google advertising network, we strive to provide you with relevant ads based on your relation to us as a customer or as a potential customer. We target based on data about how you interact with us on our websites/apps, and it is collected with help of cookies or other online identifiers. We use these types of data for online media advertising only if you have consented to “advertising and targeting” cookies. We do not include directly identifiable information in the target groups. The online advertising service providers we use, including Google, are not allowed to use information we have provided to them about you for other purposes than showing you our advertising.
Examples:
- If you have shown interest in our motorcycle insurance by browsing our websites/ apps, and you have consented to “advertising and targeting” cookies, we might provide you with a motorcycle insurance related ad, when browsing online media. This because we believe it’s of your interest.
- You have bought cat insurance recently in our webshop, then we will try to exclude you from the retargeting ads about cat insurance.
3.4.2 Target groups created by If based on other information we have about you
We may create target groups based on other information about you, such as your insurances and customer ship, for advertising purposes on online media. Data about individuals, included in the target groups, are secured through a “cryptographic” hash function. This is done to secure the data transfer from If to the online media vendors, during the transfer. The online media vendors are not allowed to use information we have provided for other purposes than showing you our advertising.
Examples:
- You have your house insured but not your inventory. We believe it is of your interest to show you our home insurance related ads.
3.4.3 Target groups created by If based on combined online behavior data on our websites/apps together with other information we have about you
We may also create target groups by combining other information we have about you with online behavior data, but only if you have consented to our «advanced analytics and targeting” cookies. We do not share directly identifiable information with the online media vendors. The online media vendors are not allowed to use information we have provided them for other purposes than showing you our advertising.
Examples:
- If you have purchased a motorcycle insurance at our customer center recently, we may use that information in order to exclude you from target groups, and thus no longer show you those ads.
3.4.4 Target groups created by Google or other online media service providers
If we assume you’re not a customer, but you belong to a certain target group that is of interest to us, we might expose you with a product we believe is at your interest.
Google is one of the largest online advertising channels. According to Googles privacy policy, Google collect various data about you as a user of their platform. Google might categorize you as a user in a specific target group based on what Google believe is of your interest. These categories are then available for us to advertise. You might therefore be exposed by our ads on e.g. the websites of your local newspaper.
Our ads are shown to our selected target group only. We have no information on the identities of the individuals included in this target groups. Only if you click on our ad and visit our websites/apps, we might receive limited information about you.
Please note that we have no influence on how Google collect data about you, or how the target groups are created. Still, for advertising we only select target groups which we believe are created based on data you have provided to Google yourself, or where we have reason to believe that Google has valid legal ground to use this data for advertising. For more information about how Google or e.g. the website of your local newspaper collect data about you and create target groups, including information on legal basis, we refer you to the privacy policy of the respective media. Here you can find some of them:
Your data matters (Sanoma privacy notice (FI)
Examples
- If you show interest in real estate by reading articles and visiting real estate agencies, you could be exposed to house insurance related ads.
- If you recently have showed interest in content containing used cars or “used cars for sale pages” we might show car insurance related ads.
Analysis and reporting
The general purpose of analytics and reporting is to create insight for our business development, to improve our products and services to you as customers. We also follow-up on key areas of our business, by providing key figures to management and business responsible.
The outcome of our analytic process is of a statistical nature, not showing any of your personal data to our employees. Processing of personal information is strictly limited to analysts who need it for technical purposes to combine data from different sources. All personal data is anonymized or pseudonymized before exposing it to our employees, according to data minimization principle.
Examples of typical reporting domains are sales, claims, online and offline customer service, product and customer portfolio, and financial reporting. The same data specific for one domain can also be used in combination with other domains. E.g your claims information would also be included in financial reporting.
4.1 Oline activity types and volumes monitoring & reporting
Sales
We collect anonymous or pseudonymous data on the various customer journeys that leads to sales. We build reports upon this for insight and to better understand our customers’ expectations so we can provide them with an even better digital experience.
Example
We report sales that has started from an online price calculation performed in our webshop. We also report sales that has started from an online price calculation and performed in one of our offline channels, such as our call center or one of our partners. To achieve this, we combine our online behavioral data with data where the actual sale ended. The combination is done on pseudonymized observed data, and the result is reported only on an aggregated level, meaning, only summarized information about sales and channels without any details on individuals are made available as a report. Pseudonymized data retention time is 37months, reports does not have a limit of retention as these reports are fully anonymized.
Customer self-service usage (e.g. My Pages and Claims handling)
In order to understand the functionality in “If My Pages” and how well our customers are able to handle their insurance business themselves such as change of profile, payment method, policy changes, claims reporting etc, we collect and report on pseudonymized data to identify problematic points and unmet needs so we can improve our services. Pseudonymized data retention time is 37 months. Reporting data does not have a limit of retention as it is anonymized.
Example
If you log into My Pages and try and change your milage for your insured car without confirming, we will collect data about where you stopped and look for patterns on an aggregated level. By observing these patterns, we are able to improve our services.
Features development and creation support
In order to fix or improve our overall digital offering such as websites/apps or mobile application “My If”, we analyze the usability by collecting and using behavioral data as well as collecting direct feedback from our customers via surveys and ratings. You might also receive a survey after being in contact with us.
If you receive a survey from If, we want to know more about the customers experience with us.
We use an AI algorithm-tool to analyse sales calls made to our customer centre in order to gain better knowledge of what makes customer satisfied or dissatisfied with the customer service during the call. The analysis is done on a transcription of the anonymized conversation and is based on which words are used. The purpose of the analysis is to improve our customer service in general. If you choose not to use the call for quality and training purposes, your call will not be transferred to the analysis tool.
Example
If you give us feedback in a survey, based on your experience with our website, we will do an in-dept anonymous analysis afterwards. If you report on a negative experience on the particular sites feature, we can use the reports to look at your online behavior and identify roadblocks, abnormal durations and unplanned action sequences. This helps us to improve our website.
This also apply if you give us feedback in a survey, based on e.g having a claims report handling in If. All the data we analyze is aggregated, and no identification is used.
In order to better understand our users’ needs and to optimize the service and experience, we use Hotjar. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click,.) and this helps us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. Hotjar as our processor is contractually forbidden to sell any of the data collected on our behalf or share it with other parties.
4.2 Financial and management reporting
We analyze online sales and claims information and other information we have collected about you, in order to get an overview of If's business results and to be able to report the results to financial supervisory authorities. The reports are also used for If management reporting to follow necessary key figures for the business. The reports are provided on an aggregated level.
If P&C operating in financial markets has legal obligation to report on business and financial figures to markets and financial supervisory authorities. Furthermore, we follow key areas of our business by producing reports and analyses based on our customer data. This enables us to develop our business, customer service, systems, and operations in a data driven way. Your personal customer-, policy-, and claims data is used to generate these figures are of statistical nature and do not contain any personal identifiers.
Example
When you buy a home insurance on our websites, the data related to the product you bought will be included in our sales reports. Your purchase will also be a part of financial reports for If P&C results, including reports for potential claims. We might also use the data to analyze our market share within a region based on location of your property.
Legal basis
We process, store and use data based on different legal basis as mentioned below and described in Section 3 “Advertising channels and purposes” and Section 4 “Analytics and reporting”):
- Legitimate interest
- Consents you have given
- a. to our cookie settings and other online identifiers
- b. to our partners to share data with us, 3rd party data
- c. to social media platforms or online media or your privacy settings in these media
- d. to our electronic and direct marketing
- Legal obligation
5.1 The legal basis for electronic and direct marketing (connected to section 3.1)
Legitimate interest
If you are our customer we will send you offers or information about insurances based on your existing relationship with us, either by e-mail, sms or ads, we will not send you any offers if you have opted out from receiving marketing materials from us.
If you have visited our websites/apps, we may contact you by either e-mail, sms or by phone when you calculate an insurance price in our webshop, but do not complete the purchase. This is a part of our quality assurance and proactive customer service process. We contact you based on the information you have provided us with earlier, or we may use contact information from sources such as public registers, for conducting phone calls (only if you haven’t opted out from being contacted for marketing purposes.).
To make sure you are correctly insured, we might use the data we have about you to inform you about other insurance products that we believe is beneficial for you.
Consent
If you are not our customer, in most cases the legal basis for processing is your given consent, see ii a) and ii d), provided to us through our different communication channels such as cookie consent or contact and marketing consent.
You might have consented to our partners, see ii b), for them to share data with us for agreed purposes, including marketing. E.g if you are a member of a trade union association who isa partner to If, we might contact you to offer you the partners insurance deal.
If you are a customer at If, we might send you e-mail or SMS regarding your insurance. This could e.g be if you have a house insurance, and we see a rainstorm forecast where you live. We can then send you a SMS, and urge you to close your windows etc. We can also send you e-mails regarding information and awareness about your insurance.
When we receive data from our partners about potential customers, we send marketing/offers information to you based on the consent you have given to them.
5.2 The legal basis for customizing content in our digital services and websites/apps (connected to section 3.2)
Legitimate interest
When you visit “If Digital Services” and experience customized content, usually we do it based on our legitimate interest to show you relevant information. In addition to legitimate interest, we also sometimes need to customize content based on local insurance laws.
Consent
You experience customized content when you return to our If Digital Services. You only experience this if you have given us consent to do “Advanced analytics and targeting”.
5.3 The legal basis for advertising in social media and online advertising in general (connected to section 3.3 and 3.4)
Legitimate interest
We target based on the data we have on you as our existing customer. This could be data about what insurances you have bought, or how you interact with us on our webpages/apps based on cookies or other online identifiers. For details, please review chapter 3.3.1 and 3.4.1.
Consent
Visiting a social media platform or a general webpage such as your daily newspaper, after visiting our websites/apps, we might expose you with an ad based on your visit. This is only done if you have prompt us with a consent for “advertising and targeting”.
In social media platforms you will only see ads from us if you have accepted this in your social media accounts personal settings. You might then see personalized ads based on your social media profile, your customer relationship with us and/or an earlier visit at our websites/ apps. We are also able to make look-a-like audiences based on your social media account and privacy settings in your social media platform.
5.4 Legal basis for analytics and reporting (connected to section 4.1, 4.2)
Legitimate interest
Anonymous reports are created by us to understand our customers’ patterns on using our digital services or sales channels, including for management reporting, and in order to understand our customers and improve our services.
Consent
Detailed reports on user patterns combining various data sources are created based on your consents. Such consents can be granted either through the cookie and marketing consent or separately.
Legal obligation
Various reports which we are required to share with supervisory authorities or publish as our annual or quarterly results of If as required under applicable Insurance activities acts and other laws and regulations.
How long we store your data
For the purpose of contacting you:
- If you have interacted with our websites, we are able to contact you for the upcoming three (3) months.
- If you are a former customer we might contact you within the next 37 months.
- Contacting member of our partners is based on the agreement we have with the different associations/partners but not more than 36 months.
- To ensure we are able to send you only relevant marketing communications, we keep the history of the communications we have sent you via email or SMS, or the telemarketing calls made, typically for 13 months. After this time the history is pseudonymized, and eventually removed after five (5) years.
Exceptions:
- For non-customers, we typically delete the data completely after 13 months
- In certain partnerships, such as Nordea, we keep the communications history for slightly extended periods to ensure longer-term follow-up of campaigns and communications.
For the purpose of customizing your customer experience:
We can keep your data for the purpose of customizing our customer experience for a maximum five (5) years, but we will always delete your data as soon as the purpose for which the data was collected for, has been fulfilled.
E.g if you are visiting our websites and we are testing the introduction text with two examples on the product page, we store the data for 30 days.
For the purpose of online and social media advertising
When we are the data controller and social media is the processor, the list with the targeting groups we provide to the different social media platform is deleted according to the different data processing agreement we have with the social media:
Please note that we do not control how long the social media store the data they have collected about you from other sources where they act as data controller.
For the purpose of analytics and reporting
For analytical purposes in Google Analytics we store the data for 26 months. However, for other purposes e.g insurance fraud detection, we might store the raw data originally collected with Google Analytics in a secured environment for a longer period, not exceeding more than five (5) years.
For reporting purposes we store only pseudonymized data for the maximum duration of 37 months.
These rules apply only to the web behavioral data, for other data we have about you we refer you to the Privacy notice.
Withdraw consent and opt out
Marketing activities:
You have the ability and right to opt out from marketing activities and change and withdraw your consent for processing cookies and other online identifiers at any time.
To change and withdraw your consent for processing cookies and other online identifiers from If see cookie policy
Withdraw your consent and opt out from direct marketing
You can always withdraw your consent for “advertising and targeting”, and “advanced analytics and targeting” and opt out from direct marketing.
How to opt out from the different social media channels
To change and opt out from marketing activities on social networks, we refer you to the different opt out solutions.
How we may share your personal information with others
As a main principle, we do not sell, rent, distribute, or otherwise make your personal information available to any third party for marketing purposes. In connection with the purposes described above (see section above 'How do we use Personal Information), we sometimes need to share your personal information with third parties.
Such third parties may both be independent third party controllers (i.e. third parties that have their own purpose for handling your personal information, for example other insurers/reinsurers) or, data processors operating on behalf of us and for the abovementioned purposes only (for example service providers that allow us to administer your policy and provide our service to you or suppliers maintaining and supporting our IT systems).
We always take appropriate technical, physical, legal (data processing agreements) and organisational measures, which are consistent with applicable privacy and data security laws to protect your personal information. Any service providers are selected carefully and are required to use appropriate measures to protect the confidentiality and security of your personal information.
For example we may, before storing personally identifiable information (such as social security numbers or vehicle registration numbers),anonymise or pseudonymise the information so that individuals cannot be identified solely based on the stored information.
Depending on the insurance product concerned and nature of the information, your personal information may be disclosed to how we may share your personal information with others (pdf, 81 kb)
Where we process your personal information
Your personal information is primarily processed and stored within the territory of European Union and the European Economic Area. Due to the global nature of our business and to technological solutions, for the purposes set out above, in certain cases we may transfer personal information to parties located in other countries.
The level of protection of your personal information in such countries might be lower than the regulation within the territory of the European Union and the European Economic Area provides for. Therefore, such transfers will only be performed subject to appropriate safeguards required by applicable data protection laws, meaning only to countries deemed to have an “adequate level of protection” (as set out on the European Commission’s website) or with the use of the European Commission standard contractual clauses.
We will also take appropriate technical and organisational measures against unauthorised or unlawful processing of your personal information and against accidental loss or destruction of, or damage to, your personal information in accordance with our internal security procedures.
We regularly check our security policies and procedures to ensure our systems and our service provider’s systems secure and protected. Only the personnel of us, the service provider’s personnel who need to process your personal information for the purposes mentioned have access to your personal information.
You can always contact us for more detailed information of the transfers located outside the EU/EEA and what safety measures we have taken to ensure a high level of protection corresponding to the level of protection afforded by the GDPR.
Updates to your Privacy Notice
We think privacy is very important and we are constantly striving to become even better in being transparent and accountable in how we process your personal information. This notice may therefore be updated from time to time and all changes will be published on this website.
If an update of a processing activity of your data requires a notice or consent in accordance with applicable law, you will be notified or given the opportunity to give your consent. It is also important that you read this privacy notice every time you use any of our insurances or related services, as the processing of your personal information may differ from your previous use of the insurance/related service in question.
Your contact
If you have any questions concerning our handling of your personal information you may contact our Data Privacy Officer on DPO@if.se or our local representatives.
If you would like to receive a copy of the personal information we hold about you, a so called “data extract”, please send an e-mail to registerutdrag@if.se or send a letter to If Skadeförsäkring AB, Registerutdrag, 106 80 Stockholm.
More about privacy in local languages
This page was updated 20th of May 2024.