Säkra’s Privacy Policy
Personal data processing by Säkra
We value the integrity of our clients, employees, and partners and we take all necessary precautions in order to comply with relevant regulations, including EU’s General Data Protection Regulation (GDPR), when processing personal data. Your personal data is processed by us in a responsible and lawful manner. Through this Privacy Policy, we want to communicate how we collect, use, share and protect your personal data through the services we provide and in other situations when we process your personal data.
Who is responsible for the personal data?
This Privacy Policy describes how Säkra AB (556534-9270), Säkra Spar AB (556547-9309) and Säkra Koncept AB (556857-5574), collectively known as “Säkra” in this Privacy Policy, processes personal data. The companies are a part of the same corporate group, however, each company is individually responsible for their processing of personal data. This implies that the company which you have a contractual relation to, is the one which is responsible for making sure that the processing of your personal data is compliant with relevant regulations. Your personal data can however be shared between the companies which are a part of the Säkra corporate group, for further information see When does Säkra share personal data with others?. When your personal data is shares with others, you can feel confident that it only occurs when permitted by applicable legislation. If you have any questions regarding how Säkra processes your personal data, please contact your already established person of contact at Säkra or Säkra’s Data Protection Officer, who’s contact information you will find at the end of this page.
What is personal data?
Personal data includes all information that belongs to you, which on its own or with other pieces of information can be used to identify you. This includes, but is not limited to, your name, social security number, address, phone number, financial information like insurance premium, risk assessments, which are required by the anti-money laundering regulations, and IP-address. If certain personal data is classified as sensitive by law or due to its nature, for example information regarding your health, the requirements of how we handle your personal data in a secure manner is higher.
Säkra only collects and processes personal data to the extent which is necessary to meet the purposes for which they are collected. Your personal data that are processed by us, are necessary in order for us to provide our services to you as well as to fulfill our legal obligations. You can however object to your personal data being processed in certain cases, for example when they are used for marketing, for more information see section What rights do I have and how can I exercise them?
Säkra’s websites uses cookies. Read more about how we use cookies here: Cookie policy - Säkra (sakra.se).
Why does Säkra process your personal data?
The primary purpose of Säkra’s processing of your personal data is to ensure that we can provide you with those services and products which we have agreed upon. Which personal data we process depends on what relationship you have with us. You can read more about for what purposes Säkra process your personal data below.
If Säkra has an agreement with you or your employer regarding distribution of insurances, we use your personal data to meet the following purposes.
- Providing quotes
To provide quotes for our contracted insurance solutions, we need to process your name, information regarding employment, contact information, social security number, financial information, other relevant information, which is given in an advisory meeting and, when applicable, the object which is to be insured.
If you represent a company, we process your name, title, and social security number. - Establishing and entering into an agreement or power of attorney
To enter into contractual agreements, service contracts, or power of attorney with you or with the company you represent, we need to process your name, contact information, title, and social security number. - Consultation and documentation
In order for us to fulfill the obligations we have towards you, including assessing yours or the company which you represent insurance needs, arrange and administrate selected insurance, and document the advice we provide, we need to process, for example your name, contact information, information regarding employment, financial information, social security number, family relationships, corporate engagements, health information, information regarding leave of absence from work and when applicable, information regarding the object which is to be insured.
If you represent a company, we process your name, title, and social security number. - Customer due diligence (know your customer)
In order for us to fulfill our obligations under anti-money laundering regulations, we need to process personal data about representatives and beneficial owners, as well as name, social security number, contact information, corporate engagement, citizenship, financial information, whether you are a political exposed person (or related to such person), and where your assets come from. Other personal data can be processed if we assess it to be necessary in order to achieve satisfactory customer due diligence on you or the company you represent. - Other legal obligations
When Säkra provides you with distribution of insurances, we are obliged to follow comprehensive regulations. In order for us to fulfill our obligations according to relevant regulations, for example preventing crime, reporting to authorities and accounting, we need to process your personal data, for example your name, social security number, contact information, financial information, information regarding taxes, citizenship and other data which is assessed to be necessary.
If Säkra has an agreement with you regarding the delivery/provision of investment services, we will process your personal data to fulfill the following purposes.
In order for us to be able to enter into a contractual agreement or to act in accordance with a power of attorney with you or the company which you represent, we need to process your name, contact information, title and social security number.
To fulfill our commitments towards you, including advisory services, handling of depositories, execution of orders, according to our agreement and for documentation purposes regarding the advising we give you, we will for example have to process your name, contact information, employment information, financial information, social security number, family relationships, depository information and corporate engagements.
In order for us to fulfill our obligations under anti-money laundering regulations, we need to process personal data about representatives and beneficial owners, as well as name, social security number, contact information, corporate engagement, citizenship, financial information, whether you are a political exposed person (or related to such person), and where your assets come from. Other personal data can be processed if we assess it to be necessary in order for us to achieve satisfactory customer due diligence on you or the company you represent.
When Säkra provides you with investment services, we are obliged to comply with extensive regulatory requirements. In order for us to be able to fulfill our obligations according to applicable regulations, for example preventing criminal actions, reporting to authorities and accounting, we need to process your personal data. This can include name, social security number, contact information, financial information, information regarding taxes, citizenship and other personal data which is assessed to be necessary.
What is Säkra’s legal basis?
Säkra can only process your personal data if the processing is based on a legal basis according to article 6 in the GDPR. When Säkra processes your personal data, it occurs primarily for us to be able to fulfill our contractual obligations towards you (article 6.1 b) and in order for us to meet our legal obligations (article 6.1 c). When applicable, we process your personal data based on our legitimate interests (article 6.1 f) or your consent (article 6.1 a). You can at any point after having consented to Säkra processing of your personal data revoke the consent.
When Säkra processes your personal data on the legal basis of our legitimate interests, a weighing of interests has been conducted, meaning that Säkra has evaluated that Säkra’s interests in processing your personal data in such manner outweigh your interests.
Below you can read more about Säkra’s legitimate interests in processing your personal data and for what purposes.
- Performing tests and analyses
Your personal data may be used by Säkra for the purpose of performing tests and analyses regarding improvements of our services and development of systems. Which personal data used for this purpose depends on what is being tested, analyzed or developed. Your address can for example be used if we want to analyze in what geographical locations our clients reside. - Marketing
Your personal data may be used by Säkra for the purpose of conducting marketing activities, such as marketing to individuals who are not currently customers to any of the companies within the Säkra group. If you currently are a customer to Säkra, your personal data may be used to market services provided by other companies within the Säkra group. Your name, personal number, contact information and when applicable, your contractual relation to Säkra may be used for marketing purposes. - Invitation to events and other occasions
Your personal data is used by Säkra in order for us to invite you and/or the company which you represent to events, courses/trainings and other occasions which are organized by Säkra. Your name, title, contractual relation to Säkra and contact information may be processed for this purpose. - Customer surveys
Your personal data is used by Säkra for the purpose to conduct customer surveys. Your name and contact information may be processed for this purpose. - Scheduling of meetings
Your personal data such as name and contact information are used by Säkra to administrate scheduling of meetings between you and your advisor.
You are welcome to contact Säkra if you would like further information regarding our legitimate interests and conducted weighing of interests.
Where does Säkra collect your personal data from?
Säkra collects your personal data directly from you or your employer. If you are a beneficiary or related to one of Säkra’s customer, we collect your personal data from your relative who is our customer.
To fulfill our obligations under agreements with you or your employer, we also collect your personal data from other depository companies, insurance intermediaries or insurers.
For marketing purposes regarding our services, we might collect your personal data from other parties.
When does Säkra share personal data with others?
You can feel confident that Säkra does not sell your personal data to other companies. However, your personal data can be shared within the Säkra group when Säkra has a legitimate interest in sharing the data and also when another company within the Säkra Group carries out administrative tasks for the company which you have a relation to, meaning that the receiving company in the Säkra Group is a personal data processor to the company which you have a relation to.
Other parties which receive your personal data are for example, depending on what service we provide, chosen insurer, your employer, and the company with which you have your depository. For Säkra to fulfill its legal obligations, we will also share your personal data for example to the Swedish authorities Skatteverket and when necessary, Finanspolisen.
Säkra uses external suppliers for various purposes such as IT, communication, contractual management, storage, invoicing and marketing. Säkra may therefore share your personal data with these suppliers and partners which Säkra uses. Such suppliers are personal data processor to Säkra and we require them to meet the same standards as we do ourselves regarding confidentiality and security when processing your personal data.
In the event of Säkra being a part of a legal process or dispute, we may share your personal data with a court of law, committee, and lawyers/legal counsel to fulfill legal obligations or in order for Säkra to protect or make legal claims.
We have several collaborations with other companies regarding services which are not offered by Säkra. You can ask us to share your personal data with our partners if you would like to use a service which is offered by such partners.
The processing of your personal data primary takes place within Sweden or the EU/EES. Säkra’s suppliers and subcontractors can however reside outside of Sweden and the EU/EES. Säkra takes necessary precautions to ensure that such usage of suppliers and subcontractors is compliant with the requirements under the GDPR regarding third country data transfers. This includes for example ensuring the supplier is located in a country which has adequate level of protection or by using standard contractual data protection clauses in conjunction with supplementary safeguards.
For how long do we save your personal data?
Generally, Säkra will only keep your personal data for as long as it is considered necessary to fulfill those purposes for which they were collected. What this means is that we keep your personal data for as long as you have a contractual or customer relation to Säkra or, when applicable, until we do not have a legitimate interest in keeping them or until you revoke your consent.
Due to the nature of the work we do at Säkra, we are obliged to comply with comprehensive regulatory requirements, this means that we may be required to process your personal data for a longer time than your contract or the time which you have a customer relation to us. According to for example regulations regarding insurance distribution, we are obliged to save certain personal data even after your relation to us ceases. Additionally, we process your personal data during the general statute of limitation period to defend or assert legal claims.
What rights do I have and how can I exercise them?
Transparency and safety are two elements which are always a priority when Säkra processes personal data. According to the GDPR you have several rights. For example, you have the right to know if and which of your personal data we process. If you would like to exercise any of your rights, please contact your already established person of contact at Säkra or Säkra’s Data Protection Officer. Exercising your rights are free.
You can read more about what rights you have below.
- Right of access
You have the right to receive information regarding how Säkra processes your personal data. If Säkra processes your personal data, you have the right to receive information regarding what personal data is processed and for what purposes. - Right to be forgotten
You have the right to be forgotten, you can demand that Säkra deletes your personal data. Säkra can honor your demand if we do not need to process your personal data to fulfill a legal obligation or to fulfill our contractual obligations. - Right to object
You have the right to object to Säkra using your personal data for our legitimate interests, which normally is done when we contact you for marketing purposes. - Correction and limitation
You have the right to demand that any of your personal data which is incorrect is to be corrected by Säkra. If you demand correction or supplementation of your personal data, you can also demand that Säkra limits the processing of your personal data until the information is corrected or supplemented. In addition, you can always demand that Säkra limits the processing of your personal data if the processing is based on our legitimate interests or if the processing is not legal. If you exercise your right to limit the processing of your personal data, Säkra will only process your personal data to investigate whether it needs to be corrected, if we have a legitimate interest or if the processing is legal. - Portability of data
You have the right to have your personal data transferred to you or someone else. In order for us to be able to honor this right, is that we process you personal data based on the legal basis of fulfilling our obligation under a contract or consent. The personal data also needs to be collected directly from you. This right can only be exercised if electronic transfers of the personal data is technically possible.
How can I contact Säkra?
If you have any questions regarding how Säkra processes your personal data, would like to submit a complaint regarding how we process your personal data or would like to exercise your rights, please contact your already established person of contact at Säkra or Säkra’s Data Protection Officer. If you would like to contact the data protection officer at Säkra, please use the following email address:
Säkra AB
Att: Dataskyddsombud
Box 5775
114 87 Stockholm
Säkra’s Data Protection Officer monitors how Säkra processes personal data according to applicable regulations.
If you would like to submit a complaint regarding our processing of your personal data to the supervisory authority (Integritetsmyndigheten) you can do so by contacting the authority in any of the following ways:
Integritetsskyddsmyndigheten | IMY
08-657 61 00
Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm
If you reside in another country than Sweden, you can also contact the supervisory authority in your country of residence.
We are constantly working on improving and developing our services and operations, therefore, the content of this Privacy Policy may change over time.
Latest update: 2024–02–28