Säkra's Privacy Policy
Säkras Integritetspolicy
Säkra’s processing of personal data
Who is responsible for the personal data?
What is personal data?
Personal data is all information that we have about you which, alone or together with other information, can be used to identify you. This includes, for example, name, personal identity number, address, telephone number, financial information such as insurance premium, assessments required under anti-money laundering legislation, and IP address If certain personal data is classified as sensitive by law or due to its nature, for example information regarding your health, we apply stricter requirements for how we securely process the data.
Säkra only collects and processes personal data that is necessary to fulfil the purposes for which it is collected. The personal data we process about you is necessary for us to be able to provide our services to you and to fulfil our legal obligations. You may, however, object to the processing of your personal data for, for example, marketing – see more under the heading What rights do I have and how do I exercise them?
Säkra uses cookies on its websites. Read more about how we use cookies here:
What is Säkra’s legal basis?
Säkra may only process your personal data if the processing is based on a legal ground in accordance with Article 6 of the GDPR. When Säkra processes your personal data, it is mainly to enable us to fulfil our obligations under the agreement we have with you, or your employer, (Article 6.1(b)) and to fulfil our legal obligations (Article 6.1(c)), for example under the Swedish laws lagen (2018:1219) om försäkringsdistribution, lagen (2007:528) om värdepappersmarknaden, Bokföringslagen (1999:1078) and lagen (2017:630) om åtgärder mot penningtvätt och finansiering av terrorism.
Where applicable, we process your personal data based on the legal ground of legitimate interest (Article 6.1(f)) or consent (Article 6.1(a)). When Säkra processes your personal data after you have given your consent, you may withdraw your consent at any time.
When Säkra uses the legal ground of legitimate interest, it is done after a so-called legitimate interest assessment, which means that Säkra has assessed that Säkra’s interest in processing your personal data in this way outweighs your interests. You are welcome to contact Säkra if you would like more information about our legitimate interests and the legitimate interest assessments carried out. Contact details can be found at the end of this Privacy Policy.
Why does Säkra process your personal data?
To enable us to carry out our business as an insurance distributor and securities company, Säkra processes personal data of customers, including employees of customers and their representatives, relatives of customers, prospective customers, representatives of a supplier or business partner, job applicants and employees within the Säkra corporate group. If you are a customer, Säkra primarily processes your personal data to provide the services and products that we have agreed with you or your employer.
Below you can read more about the purposes for which Säkra processes your personal data.
When we provide you, or your employer, with insurance distribution, we process your personal data to fulfil the following purposes.
Establishing and entering into agreements or powers of attorney
To be able to provide insurance distribution to you and/or your employer, we need to enter into an agreement or receive a power of attorney from you or your employer. In order to enter into an agreement with you or your employer, we process your name, employer, title, email address, telephone number, address and personal identity number.
If you represent a company, we process your name, email address, telephone number, title, employer and personal identity number.
Legal basis: fulfillment of contractual obligations
Advisory services/consultation
To be able to provide advice to you or your employer regarding the choice of insurance cover, we need to process your name, email address, telephone number, address, personal identity number, information about existing insurance, premium, income and, where applicable, employer and title.
For certain insurances, we also need to process financial information (income, expenses, assets, liabilities), employment information (employer, form of employment, absence from work, title), marital status, information about children, experience and knowledge of financial instruments, risk appetite and other information that is relevant to assess which financial instrument(s) are suitable for you, health information (for example sick leave) and, where applicable, information about the object to be insured.
If you represent a company, we process your name, email address, telephone number, title, employer and personal identity number.
Legal basis: fulfillment of contractual obligations
Providing quotes
To be able to provide quotes for our contracted insurance solutions to you or your employer, we need to process your name, information about existing insurance, personal identity number, email address, telephone number, address and, where applicable, employment information (employer, form of employment, title) and information about the object to be insured.
If you represent a company, we process your name, email address, telephone number, title and employer.
Legal basis: fulfillment of contractual obligations
Insurance signing and administration
To be able to sign and administrate the insurance that you or your employer have chosen, we need to process your name, address, email address, telephone number, personal identity number and, where applicable, employer.
For certain insurances, we also need to process employment information (employer, title, form of employment, absence from work), financial information (income, assets), marital status, information about children and information about the object to be insured.
If you represent a company, we process your name, email address, telephone number, title and employer.
Legal basis: fulfillment of contractual obligations
Documentation of insurance distribution
To be able to fulfil our obligations according to regulatory requirements regarding documentation, we need to process the personal data included in our insurance distribution to you or your employer.
Legal basis: legal obligation
Customer due diligence (know your customer)
To be able to fulfil our obligations according to regulatory requirements regarding anti-money laundering and counter-terrorist financing, we need to process your name, personal identity number, copy of ID document if identification is not carried out through BankID, email address, telephone number, address, corporate affiliations, citizenship, financial information (income, assets, liabilities, tax information, origin of funds), occupation, whether you are a politically exposed person (PEP) or related to such a person, whether you appear on the EU sanctions lists and the reason for this, and other information that we consider necessary to achieve customer due diligence on you.
If you represent a company or are a beneficial owner, we process your name, corporate affiliations, address, telephone number, email address and personal identity number.
Legal basis: legal obligation
When we provide you with investment services and ancillary services, such as investment advice, portfolio management, custody of financial instruments and handling of customers’ funds, we process your personal data to fulfil the following purposes.
Establishing and entering into agreements or powers of attorney
To be able to enter into an agreement or act under a power of attorney with you, we need to process your name, email address, telephone number, address, personal identity number and, where applicable, employer, title and custody account number.
If you represent a company, we process your name, email address, telephone number, title, employer and personal identity number.
Legal basis: fulfillment of contractual obligations
Advisory services and portfolio management
In order to be able to provide you with appropriate investment advice or to asses weather, and if so which, portfolio management is suitable for you, we need to process your name, email address, telephone number, address, personal identity number, financial information (income, expenses, assets, liabilities), employment information (form of employment, title), marital status, information about children, experience and knowledge of financial instruments, risk appetite and other information that is relevant to assess which financial instrument(s) or services are suitable for you.
If you represent a company, we process your name, email address, telephone number, title, employer and personal identity number.
Legal basis: fulfillment of contractual obligations
Custody account management and order execution
To be able to fulfil your instructions regarding custody account management and order execution, we need to process your name, email address, telephone number, address, personal identity number, buy and sell orders, custody account number and bank account number.
Legal basis: fulfillment of contractual obligations
Documentation of investment services
To be able to fulfil our obligations according to regulatory requirements regarding documentation, we need to process the personal data included when we provide you, or the company you represent, with investment services.
Legal basis: legal obligation
Customer due diligence (know your customer)
To be able to fulfil our obligations according to regulatory requirements regarding anti-money laundering and counter-terrorist financing, we need to process your name, personal identity number, copy of ID document if identification is not carried out through BankID, email address, telephone number, address, corporate affiliations, citizenship, financial information (income, assets, liabilities, tax information, origin of funds), occupation, whether you are a politically exposed person (PEP) or related to such a person, whether you appear on the EU sanctions lists and the reason for this, and other information that we consider necessary to achieve customer due diligence on you.
If you represent a company or are a beneficial owner, we process your name, corporate affiliations, address, telephone number, email address and personal identity number.
Legal basis: legal obligation
Other legal obligations
Your personal data is also processed to enable Säkra to fulfil other obligations under applicable laws, for example to prevent criminal acts, report to authorities, receive and handle complaints, manage rights under the GDPR and for accounting purposes. To fulfil these obligations, we may process, for example, your name, personal identity number, email address, telephone number, information about your transactions, tax information, citizenship and other information that may be necessary.
Legal basis: legal obligation
Marketing and telemarketing
Säkra uses your personal data to carry out marketing activities, for example direct marketing, to you if you are not a customer of any of the companies within the Säkra corporate group. If you are a customer, we use your personal data to market services provided by other companies in the Säkra corporate group. For marketing purposes, we use your name, personal identity number, email address, telephone number, address and, where applicable, details of your contractual relationship with Säkra and existing products.
To make the marketing as relevant as possible for you, we may carry out profiling, which means we may use the personal data described above to select and contact you for marketing purposes based on, for example, your place of residence or age.
Legal basis: Säkra’s legitimate interest in marketing its products and services to you
Invitations to events and other occasions
Säkra uses your personal data to invite you and/or the company you represent to events, training sessions and other occasions organized by Säkra. For this purpose, we process your name, personal identity number, email address, telephone number, address and contractual relationship with Säkra.
To invite you to relevant events and other occasions, we may carry out profiling, which means we may use your personal data described above to select and contact you with invitations based on, for example, your place of residence or age.
Legal basis: Säkra’s legitimate interest in inviting you to events and other occasions
Newsletters
Säkra uses your name and email address to send newsletters to you.
Legal basis: your consent if you are not a customer. If you are a customer, newsletters are sent based on Säkra’s legitimate interest in informing you about, for example, Säkra’s services and products as well as developments in the financial sector.
Testing and analysis
Säkra may use your personal data to carry out tests and analyses to improve our services and develop systems. Which personal data is used for this purpose depends on what is being tested, analyzed or developed. For example, your address may be used if we want to analyze the geographical areas in which our customers are located.
Legal basis: Säkra’s legitimate interest in improving services and developing systems
Customer surveys
Säkra uses your personal data to carry out customer surveys. For this purpose, your name and contact details are used.
Legal basis: Säkra’s legitimate interest in conducting customer surveys
Scheduling of meetings
Säkra uses your personal data, such as name and email address, to arrange meetings between you and your advisor.
Legal basis: Säkra’s legitimate interest in scheduling meetings with you
Defending or asserting legal claims
Säkra may use your personal data to defend against or assert legal claims. For this purpose, your name and other information relevant to the specific case are used.
Legal basis: Säkra’s legitimate interest in defending or asserting legal claims
Security
Säkra uses your personal data to ensure a high level of security when providing our services to you, for example to detect, prevent and handle unauthorized access, attempted fraud and other forms of abuse or unauthorized use. For this purpose, we may use, for example, the date and time when you log in to our customer portal.
Legal basis: Säkra’s legitimate interest in protecting our business and you from harm
Representatives of partners and suppliers
Säkra processes your personal data to manage the contractual relationship we have with the partner or supplier you represent. For this purpose, we use your name, telephone number, email address, personal identity number, employer and title.
Legal basis: Säkra’s legitimate interest in managing and fulfilling agreements with our partners and suppliers
Where does Säkra obtain your personal data from?
Säkra normally collects your personal data directly from you or your employer. If you have a relationship with someone who, in order to fulfil their obligations towards you, needs to provide us with your personal data, we also collect your data from that party – for example, if you are a member of one of our partner organizations. If you are a beneficiary or relative of one of Säkra’s customers, we collect your personal data from your relative who is our customer.
To fulfil our obligations under agreements with you or your employer, Säkra also collects information from other custody account companies, insurance intermediaries or insurers.
For the purpose of marketing our services to you, we may also collect your personal data from other parties, for example suppliers of marketing lists.
When does Säkra share personal data with others?
Your personal data may be shared within the Säkra corporate group when Säkra has a legitimate interest in doing so and in cases where another company in the group performs administrative tasks for the company you have a relationship with, which means that the receiving company acts as a personal data processor for the company you have a relationship with.
Other recipients of your personal data, depending on the service we provide, may include your chosen insurer, your employer, the company where you have your custody account, companies involved in executing your orders and companies where your assets are held. To fulfil our legal obligations, your personal data is also shared with, for example, the Swedish Tax Agency (Skatteverket) and, where applicable, the Swedish Financial Intelligence Unit (Finanspolisen).
Säkra uses external suppliers for IT, communication, contract management, storage, invoicing and marketing. Säkra may therefore share your personal data with suppliers and partners we use. These suppliers are personal data processors for Säkra, and we require the same level of confidentiality and security from them as when we process your personal data ourselves.
If Säkra is involved in legal proceedings or a dispute, we may share your personal data with a court, tribunal or lawyer to fulfil a legal obligation or to enable Säkra to defend or assert legal claims.
We have several collaborations with other companies for services not provided by Säkra. If you want to use a service provided by one of our partners, you can request that we share your personal data with them.
Processing of your personal data mainly takes place in Sweden or within the EU/EEA. However, suppliers (processors) and their subprocessors may be located outside Sweden and the EU/EEA. When Säkra uses such, we take necessary measures to ensure that the transfer meets the protection requirements under the GDPR for transfers to third countries, for example by ensuring that the processor is located in a country with an adequate level of protection or by using standard contractual clauses together with supplementary safeguards. For information about the safeguards used, please contact us via one of the contact details at the end of this Privacy Policy.
How long do we keep your personal data?
As a general rule, Säkra only keeps your personal data for as long as necessary to fulfil the purposes for which it was collected. In practice, this means that we keep your personal data for as long as you have a contractual or customer relationship with Säkra or, where applicable, until we no longer have a legitimate interest in keeping it or until you withdraw your consent.
Due to the nature of Säkra’s business, we must comply with extensive regulations, which means we may be required to keep your personal data longer than the period of your contractual or customer relationship with us. For example, under Swedish law lagen (2018:1219) om försäkringsdistribution, we are required to keep certain personal data even after your relationship with us has ended. In addition, we may keep your personal data for the general statute of limitation period to defend or assert legal claims.
What rights do I have and how do I exercise them?
Transparency and security are always important elements in Säkra’s processing of personal data. Under the GDPR, you have several rights. For example, you have the right to know whether we process personal data about you and, if so, which data. If you want to exercise any of your rights, please contact us via the contact details at the end of this Privacy Policy.
Exercising your rights is free of charge.
Below you can read more about your rights.
Right to be informed
You have the right to receive clear information about Säkra’s processing of your personal data.
Right of access
You have the right to receive confirmation of whether Säkra processes your personal data and, if so, access to the personal data and information about the purposes of the processing.
Right to erasure
You have the right to request that Säkra erase your personal data. Säkra can grant your request unless we need to process your personal data to fulfil a legal obligation or our contractual obligations.
Right to object
You have the right to object to Säkra processing your personal data when the processing is based on legitimate interest, which is normally the case when we contact you for marketing purposes.
Right to rectification
You have the right to request that Säkra correct incorrect data about you or complete incomplete data we have about you.
Right to restriction
You have the right to request that Säkra restrict the processing of your personal data until the data is corrected or completed. You can also request restriction when the processing is based on our legitimate interest or if the processing is unlawful. During the restriction period, Säkra will only process your personal data to investigate whether it should be corrected, whether we have a legitimate interest, or whether the processing is lawful.
Right to data portability
You have the right to have your personal data transferred to yourself or another party. This applies where the processing is based on a contract or consent and the data has been collected directly from you. This right can only be exercised where it is technically possible for us to transfer the data electronically.
Right not to be subject to automated decision making (including profiling)
You have the right not to be subject to decisions based solely on automated processing, including profiling.
Säkra does not make decisions based solely on automated processing. However, we use profiling to improve our communication and marketing to you, which you have the right to object to.
How can I contact Säkra?
If you have questions about how Säkra processes your personal data, want to complain about our processing of your personal data, or want to exercise any of your rights, you should:
- First – Contact your advisor via the logged-in customer portal: Leo.
- Second – Send a letter to:
Säkra AB
Att: Security and Data Protection Function
Box 5775
114 87 Stockholm - Third – Send an email to our Security and Data Protection Function:
This email address is being protected from spambots. You need JavaScript enabled to view it.
If you choose to send an email, please do not include any personal data in the email.
When exercising your rights, please state which right you are invoking.
Säkra’s Data Protection Officer
Säkra has appointed a Data Protection Officer, who monitor that we process your personal data in accordance with applicable legislation. To contact Säkra’s Data Protection Officer, send an email
Säkra AB
Att: Data Protection Officer
Box 5775
114 87 Stockholm
If you choose to send an email, please do not include any personal data in the email.
If you want to complain about our processing of your personal data to the Swedish Authority for Privacy Protection, Integritetsskyddsmyndigheten, you can contact them via:
Swedish Authority for Privacy Protection | IMY
Email:
Telephone: +46 8 657 61 00
Adress:
Integritetsskyddsmyndigheten
Box 8114
104 20 Stockholm
If you live in a country other than Sweden, you can also contact the supervisory authority in that country.
We continuously work to improve and develop our services and our business. Therefore, the content of this Privacy Policy may change over time.
Last updated 2025-08-18
