This document provides information about
- Our relationship with you – We are data controllers
- The data we collect – Purpose and legal basis
- Who we share and transfer data with
- How long do we store your data
- Your rights under the Data Protection Legislation
Processing of personal data is regulated by the EU General Data Protection Regulation (“GDPR”) and the Data Protection Act (“DPA”) (collectively the “Data Protection Legislation”).
- OUR RELATIONSHIP WITH YOU – WE ARE THE DATA CONTROLLER
Ensure consists of three separate companies with which you can conclude an agreement depending on the type of advice you receive:
Ensure International Insurance Broker Copenhagen Ellenhard, Nygaard & Partners P/S
CVR-no. 37 16 27 60
Haldor Topsøes Allé 1
2800 Kongens Lyngby
Ensure International Insurance Broker A/S
CVR no.: 28 52 15 88
Rymarken 2 Hasle
8210 Aarhus V
Ensure International Pension Broker P/S
CVR-no.: 36 05 60 88
Haldor Topsøes Allé 1
2800 Kongens Lyngby
Ensure provides you with personalised advice, including advice about setting up and maintaining personal insurance and/or pension agreements, as well as assistance with claims and pension events. This may be regarding insurance and pensions set up through your employer or for insurance and pensions set up by yourself.
We can also provide insurance broker services to your employer. Insurance broking services are the provision of advice on, the proposal for or the preliminary work relating to the conclusion of insurance agreements, the conclusion of such agreements or assistance in the administration and performance of such agreements. We may receive data about you from your employer to the extent necessary to provide insurance broker services to your employer.
We are the data controller concerning the processing of your personal data. Section 7 provides more detailed information about how to contact us.
The data we collect – purpose and legal basis
We collect your data to enter into an agreement with you and to advise you. You provide the majority of the data we require. However, we may also receive data from other sources, including your employer and your insurance or pension provider, and with your specified consent from your doctor and other healthcare providers.
The data we request from you may be of such a nature that, in the absence of such data, we are unable to offer you advice.
We only collect and process your personal data if this is permitted by Data Protection Legislation.
We may need to collect and process data depending on the advice and assistance we provide to you:
CPR [Social Security] No.: We will request your data and ask for your consent on a separate form to process your CPR number. We need it to identify you accurately with your pension and insurance companies. We will share your CPR number with the selected pension and insurance companies to set up your insurance and pension. The legal basis for the processing is your consent in accordance with Art. 11(2) No. 2 of the Data Protection Act (DPA).
Health data: Generally, we do not need to use health data related to you. Insurance and pension companies will often request your health data. They will notify you of this separately. We can assist you in communicating your health data to pension and insurance companies. Exceptionally, we may need to see your health data, including any data concerning occupational incapacity, to advise you on establishing insurance and pension agreements, including in instances where a pension or insurance company has refused to accept your insurance or pension application based on your health data, and concerning claims where we are providing you with advice. Our processing of your health data in such instances will always be on the basis of your specific consent, which we will obtain on a separate form. The legal basis for the processing is your consent as per the Data Protection Regulation (GDPR) Art. 9(2)(a), cf. art. 6(1)(a).
Trade union membership: Some pension companies offer particularly favourable terms to members of certain trade unions. We may need your trade union membership details to advise and set up the correct insurance or pension contract and negotiate the most favourable price. Our processing of data relating to your trade union membership will, in these cases, always be on the basis of your specific consent, which we will obtain on a separate form. The legal basis for the processing is your consent as per the Data Protection Regulation (GDPR) Art. 9(2)(a), cf. Art. 6(1)(a).
Additional information: In addition to the information listed above, we will usually need to process the following categories of data about you including:
- Contact details, including name, address, telephone and email.
- Data relating to your employment, including job title, date of employment and length of service, salary and pension contributions, place of work and any secondment, information relating to resignation, etc.
- Information about your insurance and pension contracts, including coverages, deposits, investment choices, beneficiaries, claims history and current insurance relevant person or property claims, deposit statements, etc.,
- Details of other income, wealth and tax affairs, and your marital status and household information. When you provide us with information about your household, you must make sure that the household members you are providing information about consent to the sharing of the data and that they received a copy of this information.
The data is required for us to conclude an agreement with you, communicate with you and administer and deliver advisory services to you. The legal basis for the processing is as per the Data Protection Regulation (GDPR) Art. 6(1)(b).
We may also need to process information about you to fulfil our obligations under the Danish Bookkeeping Act and the Act on Money Laundering (AML). The legal basis for this is provided in the Data Protection Regulation (GDPR) Art. 6(1)(c)
We may also need to process your general personal data to pursue the legitimate interest of developing and optimising our advisory services. The legal basis for this is provided in the Data Protection Regulation (GDPR) Art. 6(1)(f)
Finally, processing your data may be necessary for the establishment, exercise or defence of legal claims, including if you or others bring claims against us. The legal basis for this is provided in the Data Protection Regulation (GDPR) Art. 6(1)(f) and Art. 9(2)(f).
If you have separately consented to us sending you newsletters and information about other services, we will process your contact details to communicate with you. To ensure that newsletters and other marketing initiatives are relevant to you, we may target our communications to you based on the data we keep about you and your pensions and insurance. The legal basis for this is provided in the Data Protection Regulation (GDPR) Art. 6(1)(a) and (f). You can always opt-out of receiving any future newsletters and marketing communications.
To provide insurance brokerage services to your employer, we may need to collect data about you as an employee of your employer’s company, including name and job title, gender and date of birth, salary, length of service and pension contribution rate. Generally, we obtain this data from your employer. We may also obtain information about your deposit contributions and savings from your employer’s pension and insurance providers. The legal basis for this is our legitimate interest in being able to advise your employer in accordance with the Data Protection Regulation (GDPR) Art. 6(1)(f)
When we assist in setting up relocation/secondment insurance or similar, we may need information about your household. We usually receive this information from you. Please make sure that the household members you provide information about consent to share the data and receive a copy of this information.
When assisting with claims, we may require information about you if you are the responsible party or the injured party, and the nature and extent of the injury, including health information. Data processing is necessary to establish, exercise or defend legal claims of your employer or others, and the legal basis is the Data Protection Regulation (GDPR) Art. 6(1)(f) and Art. 9(2)(f).
Your employer may disclose your CPR number to us so we can accurately identify you to the pension and insurance company in accordance with Art. 11(2)(3) of the Data Protection Act (DPA).
If we subsequently wish to process your personal data for purposes other than that for which the personal data was collected, we will provide you with information about the additional purpose, including the legal basis for the processing, prior to further processing the data.
Who we share and transfer information to
We share your personal data with the selected insurance and pension companies in the course of the establishment, amendment, administration and termination of the insurance and pension relationship by you or your employer, as well as in the course of assisting in the event of claims and other events relevant to pension and insurance. We may also share your personal data with courts, lawyers and accountants in specific instances.
We are part of a group and may, as far as relevant and permitted by Data Protection Legislation, disclose your personal data to other group-affiliated companies for group administrative and management purposes.
Your personal data may also be transferred to IT providers, mail providers, business partners or other third parties processing data on our behalf. When using these data processors, we ensure that a contractual legal relationship is concluded under which the data processor may only process personal data in accordance with our instructions and which requires the data processor to establish satisfactory organisational and security safeguards.
We only transfer personal data to data processors outside the EU and EEA where appropriate safeguards have been put in place to ensure an appropriate level of protection, including through the EU Commission’s model agreements on data transfers.
We have taken technical and organisational measures to prevent your personal data from being accidentally or unlawfully destroyed, lost or altered, or disclosed to unauthorised persons, misused or otherwise processed in breach of Data Protection Legislation.
How long do we store your data
Personal data is deleted when there is no longer an objective purpose for continued storage.
Generally, five (5) years after our advisory relationship with you or your employer has concluded, there will no longer be an objective purpose for the continued storage of personal data. However, we may determine that longer storage is necessary in specific cases if we consider it necessary for our ability to establish, assert or defend ourselves against legal claims.
Information relating to accounting records is kept for five (5) years from the end of the financial year the information concerns.
Personal data obtained under the Act on Money Laundering (AML) is deleted after five (5) years from the time the client relationship ceases or from the time of filing the case to which the data relates.
Consent to marketing is kept for two (2) years after the consent has been withdrawn.
Consent in accordance with the Data Protection regulations is kept for five (5) years after the consent is withdrawn or five (5) years after our advice is completed.
However, the data may be kept longer in anonymised form.
When we process information about you, you have several rights derived from the Data Protection Legislation. In this section, we explain your rights and how to exercise them.
Right to access
You have the right to ask us for information about, among other things, which categories of personal data we hold about you and for what purposes we process them, the recipients or categories of recipients to whom the data is or will be disclosed, information about the source of the data, etc. You have the right to obtain a copy of the personal data that process about you.
You can read more about your right of access in the Data Protection Regulation (GDPR) Art. 15 and on the exceptions to the right of access in Article 22 of the Data Protection Act (DPA).
Right to rectification
You have the right to have incorrect personal data about yourself rectified by us. If you discover errors in the information we have recorded about you, you are encouraged to contact us in writing so that the information can be corrected.
You can learn more about your right to rectification in the Data Protection Regulation (GDPR) Art. 16.
The right of deletion
In some instances, you have the right to have all or some of your personal data deleted by us, for example, if you withdraw your consent and we have no other legal basis to continue processing the data. Insofar as it is necessary to continue to process your data, for example, to comply with our legal obligations or to establish, exercise or defend legal claims, we are not required to delete your personal data.
You can read more about your right to deletion in the Data Protection Regulation (GDPR) Art. 17.
Right to limit the processing to storage
In certain instances, you have the right to restrict the processing of your personal data to storage only, for example, if you believe that the information we are processing about you is inaccurate.
You can learn more about your right to restriction in the Data Protection Regulation (GDPR) Art. 18.
Right to data portability
In certain instances, you have the right to have personal data that you supplied to us delivered in a structured, commonly used and machine-readable format and have the right, if technically possible, to have this data transferred to another data controller.
You can read more about your right to data portability in the Data Protection Regulation (GDPR) Art. 20.
Right to object
You have the right to object at any time to our processing of your personal data that we collect and process. If you objected to the processing and provided the objection is justified, we are no longer entitled to process your personal data unless we can demonstrate a legitimate basis to continue to process the data. You have an unconditional right to object to the processing of your data for direct marketing purposes.
You can read more about your right to object in the Data Protection Regulation (GDPR) Art. 21.
You have the right to withdraw your consent at any time. If you withdraw your consent, please be aware that, in some instances, we may no longer be able to provide you with the necessary advice. In such instances, you will be informed accordingly.
In some instances, we may continue to process your personal data regardless of your withdrawal of consent. This will be the case where there is a basis for the processing other than consent.
If you opt to withdraw your consent, it does not affect the lawfulness of the processing based on consent prior to the withdrawal.
If you wish to withdraw your consent, please contact us at firstname.lastname@example.org
Right to complain
You have the right at any time to file a complaint with the Danish Data Protection Authority, Carl Jacobsensvej 35, 2500 Valby, regarding our processing of your personal data. Complaints can be made via email to email@example.com or telephone at +45 33 19 32 00.
How to exercise your rights
If you have any queries or wish to exercise any of your rights, please contact us at firstname.lastname@example.org.