How we process your personal data
At Afa Försäkring, we we process many types of personal data daily. We want you to always feel confident about providing us with your personal data. We always protect your privacy and handle your personal data with due care.
Here we provide information on how we ensure that personal data is processed in accordance with applicable legislation, what rights you have, where your personal data is processed and stored, and where you can turn if you believe that our processing is not in accordance with applicable legislation.
If you have any questions, please do not hesitate to contact us.
Print this page
If you want to print this information, click the "Skriv ut"-link at the bottom of this page.
Afa Försäkring tjänstepensionsaktiebolag (Afa Försäkring), corporate registration number 502033–0642.
We take appropriate technical and organisational measures to protect your personal data and to ensure that the processing is carried out in accordance with current data protection legislation and our internal guidelines and procedures for processing personal data.
We mainly store and process your personal data within the EU/EEA. Your personal data may in some cases be transferred to countries outside the EU/EEA, for example if you contact us when you are abroad.
Below is a description of the rights you have as an individual to your personal data processed by Afa Försäkring. If you wish to exercise any of your rights, please contact us via the information under 7 Contact details.
You have the following rights:
Access to your personal data (register extract) - you have the right to receive an extract of the personal data that we process and information about Afa Försäkring’s personal data processing.
Rectification – you have the right to have inaccurate or incomplete information corrected.
Withdraw consent – you have the right to withdraw consent you have given for the processing of personal data. If you contact us and tell us that you no longer consent to the processing, we will immediately end it. The withdrawal will only have effect for the future and will not affect processing that has already been carried out.
Erasure – you have the right to have your personal data erased under certain specific circumstances, e.g. if you revoked your consent.
Restriction - you have the right to demand the restriction of a personal data processing, e.g. if you object to the accuracy of the data, please note that this may affect Afa Försäkring’s handling of your case.
Automated decision-making – you have the right to not be subject to automated decision-making or profiling if the decision has legal consequences for you or significantly affects you. However, there are cases where automated decision-making may be allowed despite such objection.
Objection – you have the right to object to processing based on legitimate interest, however, Afa Försäkring may continue to process your personal data if there are compelling reasons to do so that outweigh the privacy interest.
Data portability – you have the right to request that personal data is transferred from us to another party (this right is limited to data that you have provided to us yourself).
If you believe that our processing of your personal data is not in accordance with applicable data protection legislation, please contact us so that we can investigate the matter. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection.
Use your rights
You can log in to exercise your rights regarding how we process your personal data here: Log in.
3. Processing personal data
The personal data we process is divided into the following categories:
Identification data,such as name, year of birth, photo of identification, customer number, personal identity number, coordination number.
Contact details, such as name, marital status, place of residence, address, telephone number or e-mail address.
Case data/claim and case information, such as data on insured persons or data on beneficiaries and reported claims.
Employment/organisational/company data, such as employer, position within the company, job title, length of employment, ownership data (if own company), employer contact details, collective agreement affiliation and user ID.
Health data, such as copies of medical or disability certificates, medical reports, health authorisations, code of diagnosis, medical documents or medical assessments.
Judicial documents, such as copies of police reports and decisions from authorities or judgments from courts.
Technical information, e.g. IP address and user-generated data.
Financial data, such as income data, account information, bank details or payment details.
User- generated data, your use of our website and digital channels and services.
Information required by law, such as tax residence, data required for basic customer knowledge and anti-money laundering or counterterrorism.
Special categories of personal data (sensitive data), such as data about health or belonging to an insured group that may, for example, be a trade union or a health organisation in cases where the processing is necessary for insurance purposes.
Information about criminal convictions and offenses, such as when reporting suspected insurance fraud or claims against the responsible party.
Information about communication such as emails, chats and messages, IP address, recorded phone calls, documents and images received and statistics on the use of our digital services.
Data that can be indirectly linked to you, such as case number.
Camera surveillance material, photographs and videos taken when you visit our premises.
Merits, such as CV, grades, references, results of personal profiles and capability tests (the answers you provide to the questions asked in the forms).
Results of background checks, e.g. confirmed identity, education or work experience.
Information about you from a job interview, when you are interviewed for a job at Afa Försäkring.
Food preferences, e.g. information about the food you prefer when you participate in our training courses or events.
Data on your application for health and safety education or for a grant, such as company details (e.g. corporate registration number, number of employees, contact details), information about the education (e.g. name of education, education level, number of days) and education participant details (e.g personal identity number or email address).
Information in your grant application, e.g. information on the research question, planned use of research results, management plan, information on the competences of co-applicants, planned costs and any other information you provide to us in your application.
Tax control information, e.g. information on compensation and deducted tax.
The individuals whose personal data we process are divided into different categories of data subjects and the personal data processed depends on which category of data subject you belong to. Below we list the categories of data subjects. You can read more about the processing of data of each category by clicking on the links below. Please note that the information that is translated into English is “Insured, relatives of the insured and beneficiaries”.
Insured, relatives of the insured and beneficiaries
Test panel registrants and participants in user tests and similar
Users and recipients of digital communication, such as our websites and digital tools
Job applicants when you apply for a job at Afa Försäkring/Fastigheter
Visitors to our premises
Lecturers, insurance informants, participants in courses/events/competitions organised by Afa Försäkring
Researchers receiving funding and scientific assessors at Afa Försäkring
Authorised representative, proxy and deputy of the insured party in a claim settlement case
Consultants and staff from service providers at Afa Försäkring
Contact persons at suppliers or partners of Afa Försäkring
Members/alternate member of the planning/decision-making groups, board members, committee members at Afa Försäkring
We process your personal data for various purposes, which we in turn base on different legal grounds.
Claims handling (handling of insurance claims) is the purpose that process the most personal data and the largest amount of sensitive personal data. This purpose involves settling the insured party’s claim and assessing their entitlement to insurance compensation.
To pay compensation over time, we need to calculate insurance risks. This means that we calculate our actuarial provisions, prepare reporting documents to the Swedish Financial Supervisory Authority and quality assure our underlying data and calculation models.
We follow up, plan and quality assure our claims handling and other parts of our operations, which means testing, improving and developing our operations. We do this, among other things, through various types of customer surveys.
Afa Försäkring processes personal data for research purposes in areas such as work environment, health and the insurance policies provided by Afa Försäkring. Other research purposes include conducting injury prevention projects and activities to reduce occupational injuries and illness, as well as following up on preventive projects and activities.
Statistics is another purpose for which we process personal data. Afa Försäkring produces various types of statistics, including research grants, types of occupational injuries in different types of industries, etc. The statistics can be sent to external parties, such as clients, trade unions and employers’ associations, employers and authorities.
Further, there are administrative purposes, such as managing agreements, assignments, authorisations (access/infrastructure authorisations, security in our premises), and more.
Afa Försäkring also aims to disseminate information about the company to attract new employees, as well as to inform about research and research findings and other information that is to the labour market parties to take part in.
Afa Försäkring may also process the personal data collected for claims handling to investigate unclear insurance claims where we suspect irregularities. We do this to investigate whether insurance compensation is to be paid or if we need to make a claim for damages from the responsible party or if other measures need to be taken to protect or interests as well as those of other insurance companies and the insurance community. For example, we may check previously reported claims in a common claims register for the insurance industry (GSR) or with other insurance companies. We may also collect information or disclose information to law enforcement authorities through a notification.
The most common legal grounds that Afa Försäkring bases its processing of personal data are:
Fulfilling legal obligations: Afa Försäkring is subject to several different Swedish laws, such as the Accounting Act, the Occupational Pension Companies Act, the Insurance Contract Act (FAL) and various collective agreements.
Legitimate interest: this legal basis is used when Afa Försäkring can demonstrate that the processing of personal data is necessary for the purpose, and Afa Försäkring’s interest in the processing weighs more heavily or at least as much as the rights and freedoms of the data subject. As a data subject, you should also be able to expect the processing to take place. This is determined by means of a so-called balancing of interests.
Consent: in some cases, we will ask for your consent, for example when you apply for a job at Afa Försäkring or participate in a customer survey, or when you submit an application within the Group Health Insurance, which in some cases may mean that Afa Försäkring uses automated decision-making. You can withdraw your consent at any time, and we will then cease processing your data or, as the case may be, change to personal decision-making. The legality of the processing that took place on the basis of a previous consent is not affected by the withdrawal of consent.
Performance of contract: this legal ground applies when Afa Försäkring has a contract with you that requires us to process your personal data.
Establish, exercise or defend legal claims: Sometimes, Afa Försäkring needs to process personal data to e.g. establish an insured party’s right to compensation or to be able to defend ourselves against legal claims.
Afa Försäkring uses automated decision-making for decisions on granted compensation for the Group Health Insurance (AGS, AGS-KL). The processing requires your consent, which you can withdraw at any time by contacting us via the information under 7. Contact details.
If you want to know more you can read more about this in the personal data information for “Insured individuals, relatives of the insured and beneficiaries” referred to under 3.2 above.
Afa Försäkring collects personal data about you from several different sources. We do this to manage your affairs with us.
We primarily collect personal data directly from you. This may, for example, concern insurance matters, contracts, visits, or other types of commitments where we need to collect information to be able to handle your case correctly.
We also collect information from other sources. The most common are:
Organisations or employers who have insurance policies that apply to you.
Other insurance providers that may be involved in the same case.
Healthcare providers connected to an insurance case regarding you.
Publicly available sources such as the population register.
Authorities, e.g. the Swedish Social Insurance Agency and the Swedish Tax Authority.
Unemployment funds and trade unions we cooperate with.
Your personal data will be stored for as long as necessary for the purposes for which the data is collected or as required by applicable law. This means that the personal data may be stored for different periods of time.
Please note that the retention periods may also be affected by whether the personal data is considered necessary for the establishment, exercise or defence of legal claims before a court or other authority, in which case the data will be retained until the conclusion of such proceedings.
When you are covered by your employer’s insurance, we keep the necessary data for as long as we have obligations under the terms of the insurance policy and for as long as you have the opportunity to make claims under them. This means that we retain the personal data relating to the insurance even after the contract has expired. This is because in some cases, as long as the so-called statute of limitation period is running, you can get back to us with additional claims. When the statute of the limitation period for the contract expires, our dealings with you will be finalised. This means that we have personal data stored during the statute of limitation period, which varies depending on the insurance policies we have agreed on.
In summary, we must always retain information, including personal data, for as long as necessary to comply with the contracts, laws and regulations that apply to the insurance operations. We must retain personal data for reasons including legislation on e.g. accounting, statutes of limitations and legislation on measures against money laundering and the financing of terrorism.
Once the retention period has expired, your personal data will be deleted in accordance with our routines for deletion. Retention times are set out under the respective processing purposes for different categories of data subjects.
For other purposes not referred to above, the retention periods are much shorter. For example, if you visit Afa Försäkring’s premises, the data in the visitor registration system is deleted after 24 hours, and if you send an spontaneous job application to Afa Försäkring, your data will be deleted after 6 months from the time we receive it.
Partners/service providers
To fulfil the purposes of our processing of your personal data as stated above, we engage partners, who process personal data on our behalf. Your personal data is hence in some cases processed by other parties outside Afa Försäkring to provide our services. When Afa Försäkring engages service providers, they may only process your personal data according to our explicit instructions and not for their own purposes. Furthermore, they are obliged by law and contract to apply appropriate technological and organisational security measures to protect your data.
Authorities
In some cases, we disclose data to various authorities, particularly when handling and adjusting insurance claims. Examples of authorities are the Swedish Tax Agency, the Swedish Social Insurance Agency or law enforcement authorities, to fulfil our legal obligations or satisfy our legitimate interest in establishing, exercising and defending legal claims against Afa Försäkring.
Research projects
In certain cases, anonymised personal data (thus no longer classified as personal data) may be disclosed to researchers in various research projects supported by Afa Försäkring. At the request of researchers, we may process your personal data to make selections and send letters to you to give you the opportunity to participate in studies conducted by researchers. In these cases, you always choose whether you want to participate in the research project, and we do not disclose any information about you directly to the researcher.
In all cases where personal data is processed for research purposes, we require the research project in question to have an ethical approval.
Furthermore, your personal data may be disclosed to potential acquirers in connection with a merger or a transfer to fulfil our legitimate interest in carrying out the transaction in question.
More specific information on who we disclose your personal data to can be found in the information for different categories of data subjects under 3.2 above.
Transfer outside the EU/EEA
Afa Försäkring strives to process your personal data within the EU/EEA. To a limited extent, we engage suppliers outside the EU/EEA. If your personal data is transferred to a recipient outside the EU/EEA, so-called third country transfer, Afa Försäkring takes appropriate measures to ensure the protection of your personal data. Such measures normally include ensuring that the EU Commission’s standard contractual clauses have been concluded between the transferor and the recipient of the personal data, that the country maintains an adequate level of protection in accordance with the EU Commission’s decision, or other protective measures as necessary in the individual case. If you want to know more about the circumstances under which your personal data may be processed outside the EU/EEA or about the safeguards we take in these cases, you are welcome to contact us according to the contact details provided in section 7.
If you want to exercise your rights or have questions about the processing of your personal data, you are welcome to contact us at Afa Försäkring. If you wish to exercise any of your rights, you can do so via our "Use your rights" service, which you can log into via the link below.
Contact details for personal data controllers
Email: personuppgiftshantering@afaforsakring.se
Postal address: Afa Försäkring, Data Protection Support, 106 27 Stockholm, Sweden
You can also contact our data protection officer (DPO) at Afa Försäkring. The data protection officer’s task is to check that Afa Försäkring processes personal data in accordance with applicable laws and regulations. If you have any concerns about this, you can contact our data protection officer directly.
Contact details for the data protection officer (DPO):
Email: Data Protection Officer
If you are dissatisfied with Afa Försäkring’s processing of your personal data, you can also lodge a complaint directly to the Swedish Authority for Privacy Protection.