Tryg takes your privacy seriously. We are a data controller and are responsible for ensuring that the data we hold on you are used in accordance with data protection legislation.
What are personal data? Personal data are pieces of information that can be linked to you as an individual. Examples of personal data include: names, addresses, phone numbers, email addresses, car registration numbers, photos and dates of birth etc.
What is meant by processing of personal data?
The Norwegian Personal Data Act defines the processing of personal data as follows:
« Any operation or range of operations performed with personal data, whether automated or not, e.g. collection, registration, organisation, structuring, storage, adaptation or amendment, retrieval, consultation, disclosure upon transfer, dissemination or other forms of disclosure, compilation or combination, limitation, deletion or destruction »
Tryg registers and retains necessary personal data in our customer records.
Data processed can be categorised as follows:
Administrative details such as names, addresses, phone numbers, email addresses and dates of birth/personal identification numbers. Details about insurance agreements and any insured events. Details that are necessary to resolve claims for payment in the event of an insured event.
Details of third parties linked to insurance agreements, such as an injured party or a beneficiary. Payment details, primarily for the payment of the insurance policy and/or payments related to insured events.
Communication, for example when you contact us in connection with the insurance agreement or an insured event.
Technical information, such as PC/mobile, internet connection, operating system, browser and IP address. We collect these data using cookies.
Usage data, such as when you log in and out of your account, when you purchase insurance, notifications of insured events and navigation on our platforms. We collect these data using cookies.
Purpose of processing personal data
- 1. We use personal data to identify you as a customer or injured party in order to administer your insurance agreement.
- 2. We also handle our ongoing communications with you so that we are able to provide you with the best possible service at any given time.
- Tryg also processes personal data for following up with customers and for marketing purposes. Personal data may be used to show you interest-based advertising from Tryg online. These personal data are processed on the basis of Article 6(1)(f).
- 4. We are focused on the quality of our work and your customer experience. After contacting us, you may be sent a customer survey by text message or email. All responses are voluntary. These personal data are processed on the basis of Article 6(1)(f).
- Phone calls may be recorded for training and quality purposes. You will be informed of this when you contact us, and will also be given the opportunity to decline to be recorded. These personal data are processed on the basis of Article 6(1)(f).
- Customer authentication when using electronic services: When logging into your account and sending electronic forms, we primarily use BankID to confirm your identity and allow the use of electronic signatures. In connection with this, we record information about who has logged in or signed electronically at what time.
- Prevention and discovery of criminal activities. Tryg processes personal data for the purpose of preventing, discovering, resolving and managing fraud and other criminal activities directed at customers and/or Tryg. These kinds of data may be obtained from and disclosed to other financial institutions, the police and other public authorities. Such data may be retained for up to ten years after being recorded. These personal data are processed on the basis of Article 6(1)(b) in relation to you as the policyholder/insured party, and on the basis of Article 6(1)(f) if you have any other connection to the insurance agreement or claim.
- Money laundering notifications: Tryg will process personal data in order to prevent and discover transactions connected to the proceeds of crime or terrorist financing. The Norwegian Money Laundering Act requires Tryg to investigate suspicious transactions, and to report details of suspicious transactions to the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime. The Money Laundering Act requires Tryg to retain this type of data for five years. These personal data are processed on the basis of Article 6(1)(c). There are restrictions on the right of access to data that Tryg processes for these purposes, see Articles 16(1)(b) and (e) of the Personal Data Act.
- Accounting purposes.
The legal basis for processing personal data for purposes no. 1, 2 ,6 and 7 is that such processing is necessary for the administration of your insurance agreement.
The legal basis for processing personal data for purposes no. 3, 4, 5 and 7 is that we have a legitimate business interest in providing you with customised marketing and preventing insurance fraud and other criminal activities.
The legal basis for processing personal data for purposes no. 8 and 9 is that such processing is necessary for the fulfilment of legal requirements.
Collection of personal data
Tryg collects personal data directly from you, in addition to sources such as the National Registry (Det Sentrale Folkeregisteret), the Central Motor Vehicle Registry (Det Sentrale Motorvognregisteret), the Property Register (Eiendomsregisteret), other financial institutions, credit referencing agencies and other publicly available sources, as well as technical information and usage data when you use our electronic services. This information is only collected to the extent that it is necessary and relevant for the fullfilment of the purposes described above.
As a rule, you will be notified if we collect personal data about you from sources other than these. However, this does not apply if we are legally obliged to obtain the information, you are already aware of the information or if it is impossible or disproportionately difficult to inform you.
Where personal data legislation permits, personal data may be disseminated to third parties to fulfil your agreement with Tryg. Such third parties may be subcontractors, distributors, valuers etc. Such dissemination is the responsibility of Tryg, based on agreements that ensure that privacy is protected.
We transfer data outside of the EEA, partly because some of our suppliers are located there. We ensure that data about you are secured in a responsible manner through the use of recognised standard agreements with recipients that ensure that privacy is protected.
Who has access to the personal data?
Access to personal data is based on professional requirement. Employees of Tryg who work with insurance sales, the production of insurance, processing of insurance claims and other administration of insurance agreements will have access to personal data.
Specific provisions relating to health data
Only employees who work directly with health data will have access to health-related information. Health data, and potentially other specific categories of personal data, will be stored and processed in separate systems with strict access controls in place. Processing of health data is generally based on consent from the person to whom the data relate, see Article 6(2)(a), but in certain circumstances it may be processed based on the same Article(2)(f).
Confidentiality at Tryg
All employees of Tryg are subject to a statutory duty of confidentiality. In this context, employees also include temporary staff and hired consultants. The duty of confidentiality applies not only outside the company, but also internally between colleagues. The duty of confidentiality applies in perpetuity.
Disclosure of personal data
Personal data will be disclosed to the Register of Insurance Applicants and Insured Parties (Register over forsikringssøkere og forsikrede – ROFF) and the Central Insurance Claim Register (Sentralt skaderegister – FOSS). These are shared registers for the insurance industry, which have the purpose of preventing/limiting insurance fraud and ensuring uniform risk assessment.
Personal data and other information about the insurance relationship will also be disclosed to the public authorities (the Norwegian Tax Administration, the Norwegian Labour and Welfare Administration, the police etc.) when required by law. Corresponding data may be disclosed to other finance companies in cases where this is legal in accordance with the Norwegian Financial Institutions Act (Finansforetaksloven).
How long is data retained for?
According to the Personal Data Act, personal data must be deleted when retention is no longer necessary for the fulfilment of the purpose of processing. This means that as long as you remain a customer, your personal data will be retained in order for us to administer your insurance agreement. If you terminate your agreement with us, we will continue to retain your personal data in order to respond to you in the event of any future compensation claims that may be reliant upon the insurance relationship. Personal data will therefore be stored until the period of limitation for the relevant insurance policies has expired.
Your privacy rights
You have a range of privacy rights. You may exercise these by logging into your account or by contacting us. Your rights include:
Access.Receive a copy of any data we hold on you.
Correction. Correct and supplement data we hold on you.
Deletion. Request the deletion of data that we no longer have grounds to retain.
Limitation. Request that we limit the use of your data.
DataportabilitetRequest that your data is transferred to you or another company in a structured, commonly used and machine-readable format.
Objection. Request to object to our use of your data for direct marketing, including profiling. You may also object to being subject to individual decisions of a legal nature that are purely automated.
Please note that these rights are subject to restrictions set out by law. We will respond to your inquiry as soon as possible, and generally within one month.
Requests for access and data portability should be sent to:
Att: Konsernjuridisk og Kvalitet
Automated decision-making and profiling
Tryg is working to digitise processes which involve the processing of personal data. This means that in some cases fully automated decisions may be made. You will be informed if such a decision applies to you, and in connection with this you will be given the option to decline or to opt for purely manual processing. If the purely automated decision concerns the processing of health data or other specific categories of personal data, we will request your consent prior to making a decision.
Profiling is used by Tryg in connection with the preparation and implementation of marketing campaigns, for customer follow-up purposes and for the preparation of insurance offers. A personal profile is a collection and compilation of your personal data, e.g. address, age, details of your customer relationship with Tryg etc.
Tryg uses email to communicate with our customers. We will not send emails that are not sufficiently secured against unauthorised access (i.e. that are not encrypted), unless you have consented to receiving unencrypted emails. If the email contains sensitive personal data (such as health details), the email will always be sent encrypted. According to the Norwegian Insurance Contracts Act (Forsikringsavtaleloven), some messages must be sent in writing. Such messages may, however, be sent electronically if you consent to this, see Article 20-3 of the Insurance Contracts Act.
We recommend that you never send sensitive data by email. Instead, log into your account Min sideat tryg.no and send us a message there.
Tidsbegrensning på Min side
When you are logged into secure pages at tryg.no, you must remember to log out when you are done. If you forget to log out, you will automatically be logged out after a while.
Chat on tryg.no
When you use the chat function on our website, we will record the information you provide in the chat to be able to respond to and process your enquiry in the best possible way. All chat conversations will be deleted three months after having taken place. If, for instance, your enquiry concerns the conclusion of a new insurance agreement, we will retain the necessary information for this as long as it is relevant for your customer relationship with us.
The chat function is encrypted. Please note that you cannot chat with us about personal injury claims or matters that involve sensitive information, e.g. health information. If you have any questions regarding such matters, please call us at +47 915 04040.
When you use our chatbot at tryg.no, the conversation will be kept anonymous unless you choose to continue the conversation with one of our customer consultants. All personal data shared with the chatbot will automatically be deleted after one hour. With a view to training the chatbot in understanding human language better, any remaining information that does not include personal data will be used for training purposes. All conversations with the chatbot will be deleted in their entirety within one year.
Tryg on social media
You can find Tryg on Facebook, Twitter, LinkedIn, Instagram and YouTube. Tryg does not post personal data on any of these media platforms. On Facebook, Twitter and Instagram, you can delete your own posts. Tryg reserves the right to delete information about any third parties in posts.
Data security at tryg.no
In accordance with the Norwegian Data Protection Authority’s recommendations, personal data transferred from the user’s device to Tryg via tryg.no are protected by strong encryption (128 bit SSL). After the transfer, the personal data are kept in such a way that they cannot be read by unauthorised persons. Please note that Tryg cannot guarantee the confidentiality of any unencrypted emails you submit to us.
Right to complain to supervisory authority
The Norwegian Data Protection Authority is responsible for ensuring that Norwegian businesses comply with the Personal Data Act. If you believe that we are processing your data improperly, you may complain to the Norwegian Data Protection Authority. We hope that you will initially contact us so that we can evaluate your point of view and resolve any misunderstandings.
You can find contact details and information on how to complain to the Norwegian Data Protection Authority on its website: www.datatilsynet.no
Tryg Forsikring, corporate identification no. 989 563 521,
branch of Tryg Forsikring A/S, CVR-nr. 24260666
Visiting address: Folke Bernadottes vei 50
Postal address: Postboks 7070, 5020 Bergen
Telephone: 915 04040
Data Protection Officer
Tryg has a Data Protection Officer whom you can contact via email at firstname.lastname@example.org or by calling +47 915 04040. You can also write a letter to the Data Protection Officer. To do so, use the above address and mark the letter ‘Att. Personvernombud i Tryg’.