What information we collect

‍
We may process personal data such as:
‍
- Contact details (name, address, phone, email)
- Policy and risk information
- Payment and bank details
- Claims information, including relevant health and/or incident details
- Broker and distribution partner information
‍
We only collect the data necessary to deliver our insurance services and only with prior explicit consent regarding health and/or incident details.

‍
‍
How and why we use your data

‍
We use your data to:
‍
- Issue and manage insurance policies
- Handle and assess claims
- Provide customer and broker support
- Prevent fraud and meet regulatory requirements
- Improve our services and operations
‍
Our legal basis includes contract performance, legal obligations, legitimate interests, and —in limited cases— your consent.
‍

‍
Who we share data with

‍
We may share your information with trusted partners such as:
‍
- Insurance carriers and underwriting partners
- Brokers and intermediaries
- Claims adjusters, medical professionals, and external experts
- IT and cloud service providers
- Regulatory authorities where required
‍
If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place.

‍
‍
How long do we keep your data

‍
We retain personal data only as long as necessary to fulfil our legal and business obligations,
typically 5–10 years for insurance and claims data. When no longer needed, data is securely
deleted or anonymised.

‍
‍
Your rights

‍
As a data subject you may at any time claim your rights with certain regulatory exceptions.
‍
- Right to be informed (GDPR Articles 12 to 14): Data subjects have the right to be informed about the collection and use of their personal data.
- Right to access (GDPR Article 15): Data subjects have the right to view and request copies of their personal data.
- Right to rectification (GDPR Article 16): Data subjects have the right to request inaccurate or outdated personal information be updated or corrected.
- Right to be forgotten/Right to erasure (GDPR Article 17): Data subjects have the right to
request their personal data be deleted. Note that this is not an absolute right and may be
subject to exemptions based on certain laws. We will only delete your data if you are no
longer a client of ours, and only when claims can no longer be directed against us as a
result of past injuries and insurance.
- Right to data portability (GDPR Article 20): Data subjects have the right to ask for their data to be transferred to another controller or provided to them. The data must be provided in a machine-readable electronic format.
- Right to restrict processing (Article 18): Data subjects have the right to request the
restriction or suppression of their personal data.
- Right to withdraw consent (GDPR Article 7): Data subjects have the right to withdraw
previously given consent to process their personal data. If you have given your consent,
you can contact us for information concerning the extent of your consent, and you can at
any time withdraw your consent. A withdrawn consent does not affect the lawfulness of the
data processing conducted prior to the consent being withdrawn.
- Right to object (GDPR Article 21): Data subjects have the right to object to the processing of their personal data.
- Right to object to automated processing (GDPR Article 22): Data subjects have the right to object to decisions being made with their data solely based on automated decision making or profiling.

‍
‍
Complaints

‍
If you are dissatisfied with the processing of your personal information, you may appeal to:
‍
The Danish Data Protection Agency
Carl Jacobsens Vej 35
DK - 2500 Valby
‍
E-mail: dt@datatilsynet.dk
Telephone: +45 33 19 32 00
Website: http://www.datatilsynet.dk
‍

‍
Contact

‍
If you have any questions about how we handle your personal data or wish to exercise your rights, please contact:
‍
NordicRisk A/S
Silkegade 8
DK – 1113 København K
CVR no.: 45335704
Att. Rasmus Toft Jørgensen
E-mail: rasmus.jorgensen@nordicrisk.eu
Telephone: +45 52 58 01 58

‍