Processing and registration of personal data
At RiskPoint we process personal data. We only process data that is necessary for us, and in accordance with applicable law and guidelines. The type of necessary data depends on the purpose for which the data is collected for. At RiskPoint, we process the following types of personal data:
- Contact and information data
- Certificate and insurance information
- Claims information
- Payment information
- Health and medical information*
Disclosure of personal data
We treat your information confidentially. We only disclose personal data when necessary, and in accordance with applicable law. As RiskPoint is an insurance agency, we disclose personal data to the Insurer(s) of which your insurance is bound. You will find the name(s) of the Insurer(s) on your insurance certificate. We may also disclose personal data to loss adjusters in the event of a claim. We may be required by law to disclose information to public authorities. In addition, in certain cases, we disclose information about you when we have your consent to do so. If you have not consented to disclosure, then your customer information is only disclosed to others in the context of the Financial Business Act, and only for the purpose of administrating an agreement with you as a costumer or to process your case.
How long do we retain your personal data?
We will delete all information about you when the information is no longer needed. We will keep the information as long as the insurance is in force, and in accordance with applicable law.
Security of personal data
Your personal data is secured when processed at RiskPoint. We have made technical and organisational measures to protect the information we receive and process. That entails that we have:
- Encryption of data transmission and storage
- Virus scanners on our servers
- Back up procedure for all our servers
- Password protected IT-systems, based on user ID and personal password of minimum 8 characters.
- VPN and encryption when working on remote desktops and other mobile devices.
- Procedures and policies for processing and communication of personal data
- Employee training on data security
RiskPoint utilises data processors, hereunder suppliers of software, hosting, security and disposal. Your personal data may be processed by data processors. The data processors that RiskPoint use, will, however, have no direct access to your personal data. We have contracts with all our data processors, and we exercise control to make sure that they comply with our instructions for secure data processing. As a part of that instruction, we demand that the data processor has appropriate technical and organisational measures in place to avoid the accidental or illegal destruction of data, loss or deterioration, or disclose to unauthorised persons, and that data is processed in accordance with applicable law.
You may at any time claim your rights as a data subject – with certain regulatory exceptions:
- You have the right to be informed of the data we process on you.
- You have the right to restrict the processing, hereunder the right to object to automated individual decision-making
- You can require that we rectify or erase your personal data. We will however only delete your data, if you are no longer an customer of ours, and only when claims can no longer be directed against us as a result of past injuries and insurance.
- If you have given your consent, you can contact us for information concerning the extent of your consent, and you can at any time withdraw your consent. A withdrawn consent does not affect the lawfulness of the data processing conducted prior to the consent being withdrawn.
You can always contact us at:
1267 Copenhagen K
Phone: +45 3338 1330
If you are unsatisfied with the processing of your information conducted by RiskPoint, you may appeal to:
The Danish Data Protection Agency
Borgergade 28, 5.
1300 Copenhagen K
Phone: +45 3319 3200