Säkra pursues business activities including insurance mediation, provision of financial advisory services, procurement procedures in administrative systems on insurance issues, and activities comparable therewith.
As part of its activities, Säkra enters into agreements on behalf of customers within the framework of its operational objects referred to above.
A precondition for the mediation of insurance or the provision of financial advice that results in an agreement, is that Säkra receives, registers and forwards the personal data necessary for a service or insurance product to be agreed with and mediated to the customer.
Säkra only processes such personal data as is necessary to perform the obligations contained in the agreement and for which the contracting party has also granted their written consent through this document, as provided by Articles 6 to 10 of GDPR.
The purposes of the processing are to fulfil the contractual obligation in relation to the data subject who has concluded an agreement with Säkra. The legal basis comprises first the need for the processing in order to perform the agreement and second that the data subject has granted their consent to the processing.
The legal basis may also, for example, comprise processing under the Measures against Money Laundering and Terrorism Financing Act (2017:630) or the Insurance Mediation Act (2005:405) or the Insurance Distribution Act (2018:1219).
In addition to Säkra itself processing the personal data to fulfil its part of the agreement, the personal data may need to be transferred to a recipient that performs the service to which the agreement relates, when applicable an insurance provider or other financial undertakings. However, recipients of the personal data are exclusively subjects encompassed by the agreement that Säkra has concluded with the data subject.
The personal data will be processed and stored throughout the term of the agreement or until, at the latest, the date on which the statutory period of limitation for claims under the agreement expires.
During the period when the personal data is being processed, the data subject is entitled to request access to this data to request rectification of inaccurate data, to request erasure of data or to object to processing, and also has a right to data portability in respect of the data.
If the data subject revokes their consent, there may be a contractual obligation to process the personal data. Nor does revocation affect the lawfulness of the processing before the consent was revoked.
The data subject is also obliged to provide the data, as the data subject’s provision of personal data to Säkra is a contractual requirement to enable performance of the agreed service. Failure to provide the data may entail a breach of contract with civil law consequences under Swedish law such as, for example, termination of the agreement.
Säkra does not process personal data for purposes other than those specified and for the balancing of interests required as a result of the performance of the agreement.
Complaints about the processing of personal data may be made to the supervisory authority – the Swedish Authority for Privacy Protection.
Säkra has appointed a data protection officer whose task is to ensure that the organization complies with the data protection regulations, which includes: