How Dunstan Processes Your Personal Data
It is important to us that you feel secure when providing us with your personal data. We handle your information securely and use it only for the purposes we have informed you about. This document outlines how Dunstan processes your personal data and the rights you have under the General Data Protection Regulation (GDPR).
You are always welcome to contact Dunstan if you have any questions regarding how we handle your personal data at dataskyddsombud@dunstan.se.
What is Personal Data?
Personal data is any type of information that can be directly or indirectly linked to a natural person. Common examples of personal data include names, personal identification numbers, and addresses. Certain information, such as a car’s registration number, may sometimes be considered personal data but not always. If a person can be linked to the registration number, then it is personal data. If no physical person can be associated with the registration number, such as in the case of a company car, it is not considered personal data.
How Does Dunstan Collect Personal Data?
The personal data that Dunstan collects about you generally comes directly from you. However, Dunstan may also obtain additional personal data from external sources.
Examples of how we collect personal data include:
- From you when you contact Dunstan via email, chat, or phone.
- From ”My Pages” or other Dunstan services, such as when you use Dunstan’s calculation tools for insurance.
- From recorded phone calls made to Dunstan’s customer service for training purposes and to meet documentation requirements.
- From organizations or employers that have taken out insurance policies with Dunstan that cover you.
- From agents and insurance brokers handling your insurance matters.
- From other insurers dealing with the same claim as Dunstan.
- From external registers, such as the civil registration database, the vehicle registry, and credit information registers.
Even if you have not entered into an agreement with Dunstan, we may collect personal data about you. This may happen, for example, if you have been in contact with us, if you are a witness or responsible party in an insurance case, or if you are entitled to compensation in connection with an insurance claim. The same applies if you are a co-insured person or a contact person at a company insured by Dunstan.
What Personal Data Does Dunstan Process?
The personal data Dunstan processes depends on our interactions, such as whether you requested a quote, are involved in a claims process, participated in a competition, applied for a scholarship, or any other context. Depending on our relationship, Dunstan may process the following data:
- Name, address, phone number, and email address.
- Personal identification number or coordination number.
- Insurance details and financial information, such as information about insured persons or items, income details, account information, claims data, and information about co-insured persons or those affected by a claim.
- Health information and medical records.
- Information about criminal offenses, such as in cases of suspected insurance fraud or claims against liable parties.
Legal Basis for Dunstan’s Processing of Personal Data
Depending on the purpose of Dunstan’s processing of personal data, the processing is based on different legal grounds. Below are the legal grounds that Dunstan may apply.
Fulfillment of Contract
Dunstan processes your personal data to fulfill its obligations under an agreement between you and Dunstan or to take action at your request before an agreement is made. For example, collecting and recording information necessary for the contract, handling insurance premium payments, settling claims, or calculating premiums. In claims investigations and similar situations, Dunstan may process personal data for individuals who are not parties to the contract.
Legal Obligation
We process your personal data because it is required by law or other regulations. This could include reporting to authorities, such as the Financial Supervisory Authority and the Tax Agency, maintaining complaint records, and managing incidents.
Legitimate Interest
Dunstan processes personal data because it is necessary to satisfy Dunstan’s or another party’s legitimate interest. Such processing only occurs if the legitimate interest outweighs your and others’ interest in protecting personal privacy. Examples of processing where legitimate interest is applied as a legal basis include direct marketing, customer surveys, product improvement, loss prevention advice, producing statistics on areas affected by claims, preventing and investigating fraud through checks in external registers. In connection with competitions and scholarship applications, Dunstan processes personal data to communicate with participants.
Legal Claims
Dunstan processes your personal data when it is necessary to establish, assert, or defend legal claims. An example of when legal claims are applied as a legal basis could be in connection with a dispute.
Consent
Dunstan processes personal data based on your consent. This means that you must give Dunstan permission to process your personal data. An example of processing where consent is applied as a legal basis could be when you consent to us accessing your medical records in connection with a personal injury claim. When consent is the legal basis, you have the right to withdraw your consent at any time. Dunstan will then no longer have a legal basis for processing the personal data previously processed with your consent, and those data will be deleted.
Automated Decisions
In some cases, Dunstan may use automated decision-making, meaning decisions are made without human involvement. Examples of automated processing and decision-making include when you take out insurance with Dunstan, where our sales system automatically calculates pricing based on the information you provide. Another example of automated decision-making is in connection with the automatic payment of claim compensation based on the information you have provided to us or that is provided by a workshop or other party. Automated processing and decision-making enable better and more efficient service for you as a customer with Dunstan.
Information Security and Storage
Dunstan values your privacy by handling your information with care and by implementing appropriate and necessary protective and security measures when processing your personal data.
Dunstan retains your personal data as long as necessary to fulfill the purpose for which we store it or to comply with legal requirements. Examples of such legal requirements include those set forth in the Insurance Contracts Act and the Accounting Act. This means that Dunstan is required to retain your personal data even after our customer relationship or insurance contract has ended, for as long as legal claims can be made, and thereafter for at least 10 years in consideration of limitation rules.
How Dunstan Shares Personal Data with Others
Subject to confidentiality rules, Dunstan may disclose personal data to other parties. Such sharing occurs only if there is a legal basis for it. Examples of such sharing include:
- Companies within the Dunstan group
- Partners and subcontractors
- Partners involved in claims handling
- Insurance companies and the Swedish Motor Insurers (Trafikförsäkringsföreningen)
- Insurance intermediaries, agents, and others who have power of attorney
- Employers and organizations
- Authorities such as Larmtjänst AB and GSR AB
- Courts and insurance boards
Marketing Communications
If you are a customer or potential customer of Dunstan, you may receive information that we deem relevant and useful to you. Dunstan may contact you by phone, email, SMS, or postal mail. Dunstan may supplement marketing data with phone numbers and similar information from another provider. Dunstan never sells personal data to third parties.
Your Rights and Access to Your Personal Data
Below are some of your rights in relation to Dunstan’s processing of your personal data. If you wish to exercise any of your rights, you are welcome to call Dunstan at 010-179 84 00, and we will assist you further. We may conduct an ID check when you contact us to ensure that we are in contact with the right person.
You, as a data subject, have the right to lodge a complaint with the Swedish Authority for Privacy Protection. Information on how to file a complaint can be found at imy.se or by calling +4610-179 84 00.
Data Subject Access Request
You have the right to know what personal data Dunstan has about you. To find out what data Dunstan holds about you, you can request a so-called data subject access request.
Rectification and Restriction
You have the right to have your personal data corrected if you discover that Dunstan has incorrect or incomplete personal data about you. To change your contact details, the easiest way is to log in to ”My Pages.” Under certain conditions, you can also request that we restrict the processing of your personal data.
Objection
You have the right to object to the processing of your personal data on the grounds of legitimate interest. Dunstan will then reassess the balance of interests to determine whether we still have the right to process the personal data.
Erasure
You have the right to have certain personal data erased. However, erasure cannot occur for data that Dunstan needs to fulfill our contractual obligations to you. An example of such a situation could be when you have had insurance with us, or if Dunstan needs the personal data due to other legal requirements.
Opt-Out of Advertising
You have the right to opt out of advertising or other mailings from Dunstan at any time. Even if you have requested that your personal data be deleted from Dunstan, the data may still be available in public registers. Dunstan may then purchase your personal data from those sources. If you do not wish to receive direct marketing from Dunstan, the easiest way to opt out is by emailing info@dunstan.se.
Data Portability
You have the right to have the personal data you have provided to us transferred to another data controller.
Transfer of Your Data Outside the EU/EEA
Your personal data is primarily stored within the European Union (EU) and the European Economic Area (EEA). Personal data may be transferred outside the EU/EEA to a limited extent due to cloud services operating, for example, in the USA. If data is transferred, Dunstan ensures that
the transfer is conducted securely and that agreements are in place to protect your data.
International Sanctions
Dunstan adheres to the sanctions imposed by the UN or the EU regarding individuals’ involvement in terrorist activities, associations with terrorists, and connections to certain regimes. Therefore, in connection with compensation claims or premium refunds, Dunstan will cross-check your personal data against the UN and EU sanctions lists to ensure that no payments are made to individuals on these lists.
Data Controller
Dunstan AB
Org. No. 559313-7523
Östra Storgatan 67
553 21 Jönköping
To contact our Data Protection Officer, please email dataskyddsombud@dunstan.se.