Privacy policy

Velliv processes personal data about heirs, beneficiaries, beneficial owners, etc. to administer any claims which may arise in relation to the customer's insurance and/or pension.

In addition, Velliv processes personal data about agents, representatives, or guardians of the customer in order to be able to handle enquiries from them.

• Contact details
• Identifying information
• Financial information
• Civil registration number

The legal basis for Velliv's processing of general personal data is Article 6(1)(f) of the GDPR on processing necessary for Velliv to pursue a legitimate interest. The legitimate interest is to clarify the legal position and to administer and fulfil the customer's scheme. It is possible to object to our interests at any time by writing to us.

The legal basis for Velliv's processing of civil registration numbers is section 11(2)(iv) of the Data Protection Act (databeskyttelsesloven), which allows private undertakings to process civil registration numbers when the conditions of section 7 of the Data Protection Act are satisfied, including when the processing is subject to Article 9(2)(f) of the GDPR on legal claims.

 Sources

• The Customer
• Other claimants

Storage

We store personal data about connected persons for the entire duration of the customer's pension scheme and until ten years after the termination date or the most recent disbursement has taken place, see section 29 of the Danish Insurance Contracts Act (forsikringsaftaleloven) on limitation of debt and legal claims arising from an insurance contract and sections 3 and 8 of the Danish Limitation Act (forældelsesloven) on claims for pension payments etc.

• Identifying information
• Financial information
• Insurance and pension information

The legal basis for Velliv's processing of general personal data is Article 6(1)(c) of the GDPR on processing necessary for compliance with a legal obligation to which Velliv is subject under the Danish Insurance Business Act (lov om forsikringsvirksomhed), the Danish Insurance Contracts Act (forsikringsaftaleloven), the Danmarks Nationalbank Act (nationalbankloven), the Danish Bookkeeping Act (bogføringsloven), the Executive Order on Business Plans, Recovery Plans, Financing Plans and Individual Capital Adequacy Requirements for Insurance Companies (bekendtgørelse om driftsplaner, planer for genoprettelse, finansieringsplaner og individuelt solvensbehov for forsikringsselskaber), the Executive Order on Index-Linked Old-Age Insurance in Insurance Companies (bekendtgørelse om pristalsreguleret alderdomsforsikring i forsikringsselskaber), the Act on Udbetaling Danmark (lov om Udbetaling Danmark), the Executive Order on Insurance Distributors concerning suitability tests in connection with the distribution of insurance-based investment products (bekendtgørelse om forsikringsdistributører vedrørende egnethedstest i forbindelse med distribution af forsikringsbaserede investeringsprodukter), etc.

The legal basis for Velliv's processing of civil registration numbers is section 11(2)(i) of the Danish Data Protection Act (databeskyttelsesloven), which allows private undertakings to process civil registration numbers where this follows from the law (mentioned above).

• Public authorities, including municipalities, the Danish Tax Agency, courts and other authorities and agencies

We store the customer's personal data for as long as we are legally obliged to do so under relevant legislation.

Most regulations apply to our current operating liabilities, and thereby automatically follow our storage period for the insurance and pension scheme, see section 2.01.

In other areas, there may be specific deadlines for parts of the processed personal data, e.g. current year + 5 years for accounting records, see section 12 of the Danish Bookkeeping Act (bogføringsloven).

As a financial undertaking, we are subject to the Act on Measures to Prevent Money Laundering and Financing of Terrorism (the Danish Anti-Money Laundering Act - hvidvaskloven). Consequently, we are obliged to process personal data that is necessary to comply with and document the correct execution of the Customer Due Diligence procedures pursuant to Chapter 3 of the Danish Anti-Money Laundering Act.

These requirements apply when establishing the insurance and pension scheme, continuously throughout the customer relationship and for a period after termination of the scheme. In this connection, we also assess whether the customer or the customer's beneficial owner is a Politically Exposed Person (PEP) under section 18 of the Danish Anti-Money Laundering Act.

In addition, we are obliged to investigate various matters regarding beneficiaries if a disbursement is made from the customer's pension scheme under section 12 of the Danish Anti-Money Laundering Act.

• Identifying information
• KYC (Know Your Customer) data
• Potential criminal offences

The legal basis for Velliv's processing of general personal data is Article 6(1)(c) of the GDPR on processing necessary for compliance with a legal obligation to which Velliv is subject under the Danish Anti-Money Laundering Act (hvidvaskloven). As the processing is required by law, we can only offer customers the scheme if they provide the necessary personal data.

The legal basis for Velliv's processing of civil registration numbers is section 11(2)(i) of the Danish Data Protection Act (databeskyttelsesloven), which allows private undertakings to process civil registration numbers where this follows from the law, including section 11(i) of the Danish Anti-Money Laundering Act.

The legal basis for Velliv's processing, where applicable, of data about criminal offences is section 8(3) of the Danish Data Protection Act, which allows private undertakings to process information about criminal offences based on a balancing of interests.

• The Civil Registration System (CPR-registeret)
• The Central Business Register (CVR-registeret)
• Business partners

If a dispute arises about a scheme, if we suspect an undue disbursement (for example, insurance fraud or attempted insurance fraud), or we need to investigate certain matters as part of our general inspections, Velliv may process the customer's personal data to document, establish and secure the legal position.

The processing activities include complaints handling, inspections, appeal board proceedings and legal proceedings, etc.

In relation to insurance fraud inspections, we conduct investigations (e.g. OSINT and personal observations) in accordance with the Executive Order on Investigations by Insurance Companies (bekendtgørelse om undersøgelser foretaget af forsikringsselskaber) and the trade association Insurance & Pension Denmark's 'Insurance Fraud Code' (Forsikring & Pensions kodeks for særlig undersøgelse af forsikringssager).

You can read more on our website here (in Danish only).

• Contact details
• Identifying information
• Financial information
• Insurance and pension information
• Behavioural data
• Health details
• Potential criminal offences

The legal basis for Velliv's processing of general personal data is Article 6(1)(f) of the GDPR on processing necessary for Velliv to pursue a legitimate interest.

The legitimate interest is to protect our legal position and to assess whether the customer is entitled to receive disbursements from Velliv and whether the customer's scheme can be maintained. It is possible to object to our interests at any time by writing to us.

The legal basis for Velliv's processing of special categories of personal data is Article 9(2)(f) of the GDPR on processing necessary for the establishment, exercise or defence of legal claims under the customer's scheme.

The legal basis for Velliv's processing of civil registration numbers is section 11(2)(iv) of the Danish Data Protection Act (databeskyttelsesloven), which allows private undertakings to process civil registration numbers when the conditions of section 7 of the Danish Data Protection Act are satisfied, including when the processing is subject to Article 9(2)(f) of the GDPR on legal claims.

The legal basis for Velliv's processing of data about criminal offences is the second sentence of section 8(3) of the Danish Data Protection Act on processing which may take place if necessary for the purpose of safeguarding a legitimate interest and this interest clearly overrides the interests of the data subject. We follow the rules of the Executive Order on Investigations by Insurance Companies (bekendtgørelse om undersøgelser foretaget af forsikringsselskaber) to ensure the right balance between our and the customer's interests.

• The customer's employer
• The customer's general practitioner, specialist doctor, hospital/private clinic, psychologist, psychiatrist, psychotherapist, chiropractor, physiotherapist or other practitioners, including alternative practitioners
• Public authorities, including municipalities, the Danish Tax Agency, the Appeals Board for Insurance (ankenævnet for Forsikring), courts and other dispute resolution bodies
• Public sources, including social media – both current and historical information
• Private detectives

We store the personal data for the entire duration of the scheme and until ten years after the termination date or the most recent disbursement has taken place, see section 29 of the Danish Insurance Contracts Act (forsikringsaftaleloven) and section 8 of the Danish Limitation Act (forældelsesloven), which deal with legal claims arising from an insurance contract.

If a judgment is delivered after the termination of the scheme, the time limit for erasure is ten years from the date of the judgment, if this date is later than ten years after the last transaction, see section 5(3) of the Danish Limitation Act on the limitation of claims established by judgment.

Velliv has entered into cooperation with Tryg Forsikring A/S ("Tryg") concerning Tryg's provision of pension products under the brand name "Tryg Pension". The cooperation means that Velliv and Tryg are joint data controllers.

Tryg and Velliv are both responsible for ensuring that the storage and exchange of customer data are in accordance with the legislation in force from time to time. This implies, among other things, that each party must ensure that there is a valid legal basis for the processing of personal data, including disclosure, carried out in the course of the activities covered by the joint data controller agreement.

For additional information about Tryg's processing of personal data as an independent data controller, please see Tryg's Privacy Policy (in Danish only).

Additional information about the joint data controller is available here (in Danish only).

The Danish Centre of Health & Insurance (”HEFO”) is an independent association registered in Denmark under business registration (CVR) number 76836310.

HEFO is an advisory knowledge centre for health issues and advises insurance companies and pension funds with the aim of making insurance available to as many people as possible. Velliv is a member of HEFO and uses their advice in connection with the conclusion of insurance and pension schemes.

HEFO is an independent data controller for a number of processing activities, including:

• Advice to members (including Velliv)
• Maintaining of health register
• Preparation of statistics of significant public importance
  

When customers fill in a health declaration at Velliv, Velliv will, with the customer's consent, pass on the information to HEFO, see section 82 of the Danish Insurance Business Act (lov om forsikringsvirksomhed).

In addition, Velliv will (on behalf of HEFO) obtain the customer's consent to HEFO's processing of the customer's personal data when providing advice to Velliv.

Read more about HEFO's processing of personal data here.

• Identifying information
• Contact details
• Health details

• Health & Insurance

Velliv is owned by Velliv Foreningen F.M.B.A (the "Association"), which is registered as an association under business registration (CVR) number 36741422.

The object of the Association is to own Velliv and safeguard the interests of the members in the form of member democracy and payment of members' bonuses. In addition, the Association provides support for non-profit activities in the field of mental health. Velliv customers automatically become a member of Velliv Foreningen, which is the independent data controller for the processing of personal data in connection with the membership.

Therefore, Velliv also discloses certain personal data to the Association. This includes, for example, information about the customer relationship with Velliv, including name, contact details, civil registration numbers and information about eligible members' bonus, including the basis and amount of bonus.

Membership of the Association is free. Customers may resign their membership in the Association at any time and waive any members' bonus by contacting the Association directly. Read more about it here: The Association's website for members (in Danish only).

• Identifying information
• Contact details
• Financial information (bonus basis)
• Civil registration number

The legal basis for Velliv's disclosure of the customer's general personal data to the Association is based on Article 6(1)(f) of the GDPR on the legitimate interests pursued by the Association. The legitimate interests pursued by the Association include customary activities such as membership administration, communication, conducting elections and effecting bonus payments, as well as the customer's interests in benefiting from their rights as a member.

The legal basis for Velliv's disclosure of the customer's civil registration number is based on section 11(2)(iii) of the Danish Data Protection Act (databeskyttelsesloven), as the disclosure is considered to be a natural part of normal customer administration within the financial sector when the disclosure, as in this case, is of vital importance to the Association. This is because the Association needs to be able to uniquely identify the customer in connection with election procedures, member communication via e-Boks, payment of bonuses via the customer's NemKonto account and the reporting of bonus payments to the tax authorities.

Read more about how the Association processes personal data, including about the legal basis for the operation of the Association and customers' rights in relation to the processing of data, on the Association's website via this link: The Association's privacy policy (in Danish only).

• As stated by Velliv Foreningen in their privacy policy.

Velliv Ejendomme A/S ("Velliv Ejendomme") is owned by Velliv. Velliv Ejendomme is registered as a public limited company under company registration (CVR) number 4041 4126.

Velliv Ejendomme manages Velliv's property portfolio, including the renting of these properties, to which Velliv's customers are given priority for certain leases.

Therefore, Velliv passes on customer lists to Velliv Ejendomme to ensure that customer benefits are respected.

• Identifying information (name and date of birth)

• Identifying information
• Contact details
• Health details

The legal basis for the healthcare professionals' disclosure of the customer's health information follows from section 43(1) of the Danish Health Act (sundhedsloven) on the patient's (i.e. the customer's) consent to the healthcare professional's disclosure of health information to private undertakings (Velliv).

In some cases, and for practical reasons, consent under the Health Act is obtained by Velliv on behalf of the healthcare professional, which is also a common practice in the insurance industry. The consent is valid for one year at a time.

However, this consent should not be confused with Velliv's legal basis for processing the customer's personal data when such data is received from the healthcare professional. The legal basis for this processing is section 2.01 on insurance and pension schemes.

We store the documentation of consent according to the same principles as stated under section 2.01 on insurance and pension schemes.

We process the personal data of customers, website visitors and newsletter recipients when compiling statistics and preparing analyses, including for internal surveys and analyses, product development, actuarial calculations and cost-benefit analyses.

All information related to our use of cookies is described in our cookie policy.

• Identifying information (selected)
• Contact details (selected)
• Financial information
• Insurance and pension information
• Behavioural data

• Public sources

We would like to conduct occasional satisfaction surveys and receive other relevant feedback. For this purpose, we use personal data to request relevant customers to participate in a survey or the like.

Surveys are usually conducted by means of questionnaires, customer satisfaction surveys, user tests or market research.

Any survey will be used solely to improve and develop our products and services. Personal data will not be published.

• Identifying information
• Contact details
• Your answers

The legal basis for Velliv's processing of general personal data in order to ask for a customer's participation in a given survey is Article 6(1)(f) of the GDPR regarding legitimate interest. Velliv's legitimate interest is that we pursue general customer-oriented activities to improve our products and services without disregarding the data subject's essential interests. It is possible to object to our balancing of interests at any time by writing to us.

The legal basis for Velliv's processing of the personal data of the participant (i.e. the customer) for the purpose of conducting a survey is Article 6(1)(a) of the GDPR on consent. Participants will receive a separate consent form which fulfils all the elements necessary for valid consent, see Article 4(11) and Article 7 of the GDPR.

Participants have the right to withdraw their consent at any time by contacting us. Withdrawal of consent will apply to future processing.

If a customer does not wish to participate, this will have no adverse consequences for or impact on the customer's scheme with us.

• Questionnaire answers
• Business partners

We process personal data for marketing purposes in accordance with the provisions of the Danish Marketing Practices Act (markedsføringsloven). This includes sending newsletters by email and text message about Velliv's products, news about customer advantages, events, competitions and about the activities and focus areas of Velliv Foreningen.

You can read more about Velliv's marketing here: Personal data and marketing.

• Identifying information
• Contact details

The legal basis for Velliv's processing of general personal data is Article 6(1)(f) of the GDPR on processing necessary for Velliv to pursue a legitimate interest. The legitimate interest is that we pursue our interest in marketing Velliv without disregarding the interests of the data subject. It is essential to us that:

• receiving marketing material is based on an active and voluntary choice
• the processing is relatively straightforward
• there is no profiling or pooling of data from different external sources and/or platforms, e.g. social media

It is possible to object to our interests at any time by writing to us.

• Business partners

We process personal data for marketing purposes for as long as it is relevant, but never longer than three years after termination of the agreement with the customer.

If the data subject has consented to marketing, we will process the data until the time of withdrawal of consent or for an appropriate period after we have established inactivity.

In order to continuously improve our services through in-house training and analysis, we may record and transcribe telephone conversations and online meetings. When a call is made to our switchboard, consent can be given for us to record the call for quality assurance purposes. For online meetings, the customer will be presented with a separate consent solution before recording and transcription begins.

In addition, we may store the personal data for the purpose of documenting the content of the conversation if this may be of importance to the insurance and pension scheme.

• Content of the conversation

The legal basis for Velliv's processing of personal data for quality assurance purposes is Article 6(1)(a) and Article 9(2)(a) of the GDPR on consent. Customers and other persons contacting Velliv will be presented with a consent request – either over the telephone before the conversation begins or before the recording of the meeting is initiated.

Consent can be withdrawn at any time by contacting us directly. Withdrawal of consent will apply to future processing.

If consent is not given, this will have no adverse consequences for or impact on any offers from us or for existing schemes with us.

The legal basis for Velliv's processing of personal data for documentation purposes is the same as the legal bases set out in section 2.01 on insurance and pension schemes.

• Content of the conversation

We store recordings for three months for quality assurance purposes.

We store your personal data for documentation purposes according to the same principles as stated under section 2.01 on insurance and pension schemes.

• Content of the enquiry

The legal basis for Velliv's processing of personal data is Article 6(1)(f) of the GDPR on processing necessary for Velliv to pursue a legitimate interest without disregarding the data subject's rights, as we only process what is necessary to respond to the enquiry.

It is possible to object to our interests at any time by writing to us.

If a customer contacts Velliv with an existing scheme or a potential customer wishes to become a customer, this enquiry will be subject to section 2.01 on insurance and pension schemes.

• The enquiry

We store correspondence for up to six months after the most recent contact.

For customer enquiries relating to the scheme, the same storage period as in section 2.01 on insurance and pension schemes applies.

We use social media to promote our brand and products, and to communicate with various stakeholders. We do so on the terms provided by the social media concerned and according to our own guidelines, which are available here.

Velliv and the social media are considered joint data controllers, and our followers should be aware that the social media process personal data about users independently. The joint data protection agreement with the social media which we use is published here:

• Facebook – joint data controllers 
• Instagram – joint data controllers
• LinkedIn – joint data controllers
• Google – joint data controllers

The social media privacy policies are available through the following links:

• Facebook – Privacy Policy 
• Instagram – Privacy Policy
• LinkedIn – Privacy Policy
• Google – Privacy Policy

• Identifying information (selected)
• Social media statistics and analysis reports

• Social media

• Identifying information (selected)
  
• Potential criminal offences
• Behavioural data – the information that may appear in the video recordings

The legal basis for Velliv's processing of personal data in connection with video surveillance of visitors to Velliv's premises is Article 6(1)(f) of the GDPR on processing necessary for Velliv to pursue a legitimate interest. The legitimate interest is prevention and solving of crime, including ensuring that only persons with specific business are on Velliv's premises.

It is possible to object to our interests at any time by writing to us.

The legal basis for Velliv's processing of data about criminal offences is the second sentence of section 8(3) of the Danish Data Protection Act (databeskyttelsesloven) on processing which may take place if necessary for the purpose of safeguarding a legitimate interest and this interest clearly overrides the interests of the data subject.

• The video recording

As a general rule, we store the video recordings for 30 days, after which they are erased.

In special cases, we store the video recordings for longer than 30 days if, by reason of an incident, a longer storage period is required (e.g. if continued storage of the recordings is necessary for the reporting and investigation of a criminal offence).

We process personal data about participants who have registered for our events and to send information to registrants before, during and after the event. The processing includes webinars and physical events such as speaking engagements and conferences.

For certain events, participants' personal data is processed in order to provide name badges and publish lists of participants to speakers and other participants.
For catered physical events, we disclose personal data about dietary concerns to the catering provider. It is optional for participants to indicate dietary concerns.

• Identifying information
• Contact details
• Dietary concerns – if catering is included with the event. It is voluntary if participants wish to indicate dietary considerations, and Velliv does not store this data after the event.

The legal basis for Velliv's processing of personal data in connection with the organisation of events is Article 6(1)(f) of the GDPR on processing necessary for Velliv to pursue a legitimate interest. The legitimate interest is to ensure that Velliv can invite to events, manage events, and offer participants transparency as to who is attending and thus allow participants to create professional networks. For catered physical events, Velliv has a legitimate interest in ensuring that participants' dietary concerns are met and thus avoiding potential health consequences for participants.

It is possible to object to our interests at any time by writing to us.

• Contact details

• The legal entity, including the business customer, business partner or supplier.

We process personal data for the development and testing of systems based on artificial intelligence (“AI”), including machine learning, where systems are developed by recognising patterns and correlations in data sets to derive conclusions which can be used in future analyses and day-to-day operations.

In addition, testing is used before any software is deployed to ensure system performance, functionality and stability, so personal data in the operating environment can be managed in a responsible manner.

When Velliv processes personal data for the development of AI systems, such processing will be in accordance with Velliv's internal guidelines which follow international standards and national guidelines for responsible development of AI.

• Identifying information (selected)
  
• Contact details (selected)
• Financial information
• Insurance and pension information
• Behavioural data

The legal basis for Velliv's processing of general personal data is Article 6(1)(f) of the GDPR on processing necessary for Velliv to pursue a legitimate interest.

Velliv's legitimate interest is to increase efficiency, improve customer service, personalise services and promote innovation. The necessity of the processing is assessed before the development phase is initiated in order to investigate and clarify whether alternative and less invasive means can fulfil the purpose just as effectively. In addition, we are committed to upholding the highest standards of responsible AI development, and we implement appropriate safeguards to protect the interests and rights of our customers.

• Public sources

Personal data is anonymised or pseudonymised where possible and limited as far as possible.
We store the personal data throughout the development phase, which usually spans three to six months.

Once the development phase is completed, the personal data will transfer to the operational phase and thus follow the processing activity for which the AI system is used.