In some cases, we process personal data about you when we offer a pension and insurance plan to the company or organisation which you are either employed with or a member of. This is done in order to calculate a price for the plan.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Date of birth, gender, information about your employment (for instance employer and salary information).

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:
Collection, use and disclosure of general personal data about you are necessary for PFA to pursue legitimate interests, which means to offer your company or organisation an offer for a pension and insurance plan with PFA (the General Data Protection Regulation Article 6(1)(f)).

Where do we obtain your personal data from?

PFA receives personal data from your employer, insurance broker or organisation (of which you are a member).

Disclosure of your personal data

PFA may disclose your personal data to the following parties or types of recipients:

• Your employer/organisation or an insurance broker assisting your employer/organisation or you regarding conditions of your pension plan.
• PFA’s business partners who assist our company with technical support, supplier services etc.

You will be registered as a customer with PFA through a compulsory plan established by your employer or in certain cases through a voluntary plan.

Generally, registration takes place when PFA receives the first payment to your plan from your employer and/or when the employer registers you by using an administration system. On registration of your plan and in connection with future individual adjustments or changes, we will process the necessary data about you for the purpose of establishing and changing your plan with PFA.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Name, civil registration number, contact details, IDs (such as passports), information about your engagement with PFA (such as your payments, risk profile, insurance cover and any other products), information about your employment conditions (such as employer and salary information), information about sickness absence periods, marital status (including information about any grants for or decrees of separation and/or divorce), information about close family members (such as spouse/domestic partner/children) and in some cases information about close business partners.

Special types of personal data (sensitive personal data):
Establishment of pension plans:
Generally, when you are registered as a customer with PFA, we will not process any sensitive personal data about you. However, in connection with a company’s change of supplier or when it concerns voluntary plans, health information and trade union information (if the agreement is conditional on membership) may be processed. In some cases, PFA may also process information about your political engagement to comply with the Danish Anti-Money Laundering Act.

Adjustments and changes to the plans:
In the event of general or individual adjustments such as, for example, increasing the level of cover, PFA may process health information and this may be from another PFA plan.

Where do we obtain your personal data from?

When PFA does not receive the personal data from you, we may obtain it from:

• The Danish Civil Registration System
• Employer, insurance broker or organisation (of which you are a member)
• Previous pension and insurance company
• Hospitals, general practitioners, other doctors and treatment facilities such as specialists, chiropractors, physiotherapists, psychologists etc. 
• The Danish Centre of Health & Insurance
• International information providers and publicly available sources

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• Collection and use of general personal data about you are necessary for PFA to comply with the agreement/the pension and insurance plan that we have with you (the General Data Protection Regulation Article 6(1)(b)).
• Your common and sensitive personal data are collected, used and disclosed on the basis of your consent (General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a) and the Danish Insurance Operations Act , Section 82, cf. the General Data Protection Regulation, Article 6(1-3)). 
• The processing of personal data may be needed to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act , Section 82 , cf. General Data Protection Regulation, Article 6(1-3)).
• Civil registration numbers are collected and used for the purposes of clearly establishing an identity in relation to existing customer issues when handling administrative tasks and providing advisory services, cf. the Danish Insurance Operations Act, Section 69, General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b). 
• Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act , Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
• Civil registration numbers are disclosed on the basis of your consent (General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a) and the Danish Insurance Operations Act, Section 82, cf. the General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(2)).
• The collection, use and disclosure of civil registration numbers and common and sensitive personal data is necessary as PFA has a legal obligation under the Danish Anti-Money Laundering Act to identify and perform a risk assessment on customers (including an evaluation of whether you are a politically exposed person or closely associated with a politically exposed person) and so that the Danish Money Laundering Secretariat can be notified about suspicious circumstances for the purpose of preventing or fighting money laundering and the financing of terrorism (the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(c)).

Disclosure of your personal data

PFA may disclose your personal data to the following parties or types of recipients:

• The Danish Centre of Health & Insurance, for example in connection with rejection of establishment. 
• PFA’s business partners who assist our company with technical support, supplier services etc.
• Your employer or an insurance mediator assisting your employer/organisation or you regarding conditions of your pension plan.

We process your personal data when we give Advisory services and administer your plan with PFA. The data can, for instance, be:

• when we advise you, communicate with you or when you make use of our personalised digital solutions.
• when we administer payments to and payouts from your pension plan.
• when we forward information to you about changes in your pension summary, your terms and conditions and other administrative information.
• When we provide advisory services to the company that you are employed with or the organisation you are a member of so that they can assess whether they want to make adjustments to the plan on an ongoing basis
  
  We use, analyse and automatically compile the information we collect to give you targeted and relevant information (in legal terms referred to as “profiling”). This way, PFA ensures that you get the information that we assess to be of the greatest value to you.

• For instance, we advise our customers in connection with life events like marriage, divorce and purchase of property. Therefore, we may, for instance, need to find all customers who have relocated in recent years so that we can advise them on how to adjust their plan when their personal finances undergo major changes.
• We create better customer experiences with differentiated messages, relevant product recommendations and customer advantages.
• We advise our customers in connection with legislative changes. If a legislative amendment affects a specific pension product, we will identify the customers who have this exact pension product to contact them and explain which impact the legislative amendment will have on them.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Name, contact information, marital status, civil registration number, gender, customer or policy number, proof of identity (e.g., passport), information about your customer relationship with PFA (such as your payments, risk profile, insurance cover and any other products), the size of pension savings, payment information, information about state pension, information about your employment (for example, employer and salary information), municipal information, information about assets, information about any potential disappearance, information that you have chosen to share with us via My PFA (for example, about plans with other pension companies if you have chosen to upload PensionsInfo or tax information if you have uploaded e-skat or notified of this by other means) and potentially personal data about those close to you (such as spouse/domestic partner/children) and in some cases information about close business partners.

Special types of personal data (sensitive personal data):
Health information and trade union membership. In some cases, PFA may also process information about your political engagement so as to comply with the Danish Anti-Money Laundering Act.

From which sources do we get the information about you?

In connection with our advisory services, we use information available in our database or at My PFA. In addition, we will in many cases receive supplementary personal data from you. This could be personal data that we receive from you through My PFA. When you provide us with your information through My PFA, it is ensured that the data transmission to PFA is made through a secure channel.

When PFA does not receive the personal data from you, we may obtain it from:

• Employer, insurance broker or organisation (of which you are a member), for example if you change collective agreement or you experience changes in your employment.
• Previous pension and insurance company, for instance if you request to have pension savings transferred from another company to PFA.
• Banks and other financial institutions, for instance if you request to have pension savings transferred from another company to PFA.
• Public authorities. 
• The Danish Civil Registration System in connection with change of address or marital status.
• International information providers and publicly available sources.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• It is necessary to collect, use and disclose common personal data about you so that we can fulfil the agreement/pension and insurance plan we have with you (General Data Protection Regulation, Article 6(1)(b) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
• The use of common personal data about you is necessary in order for us to pursue a legitimate interest in providing your company or the organisation that you are a member of with anonymised reports about the pension and insurance agreement they have entered into with PFA (General Data Protection Regulation, Article 6(1)(f)).
• The use of common personal data about you is necessary in order for us to pursue a legitimate interest in providing you with a better customer experience with differentiated communications and to have you keep being a PFA customer (General Data Protection Regulation, Article 6(1)(f)).
• The processing of personal data is necessary to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
• Civil registration numbers are collected and used for the purposes of clearly establishing an identity in relation to existing customer issues when handling administrative tasks and providing advisory services (the Danish Insurance Operations Act, Section 69, General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
• Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
• The collection, use and disclosure of civil registration numbers and the common and sensitive personal data are necessary as PFA is legally obligated pursuant to the Danish Anti-Money Laundering Act to identify and carry out risk assessments on customers and to notify the Danish Money Laundering Secretariat about suspicions for the purposes of preventing and fighting money laundering and the financing of terrorism. PFA retrieves personal data about you in connection with customer due diligence procedures and due to studying, examining and monitoring the pension plan (Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 9(2)(g) and General Data Protection Regulation, Article 6(1)(c)).
• Collection, use and disclosure of your civil registration number and general personal data are necessary as, according to the Danish Tax Control Act, PFA has a legal obligation to report data to the Danish Customs and Tax Administration. Additionally, PFA is liable to withhold tax on payout of pension savings to you. In that connection, PFA will disclose your personal data in compliance with the Danish Pension Taxation Act. PFA discloses civil registration numbers for the purpose of identification of our customers in connection with reporting financial information and paying out tax (the Data Protection Act Section 11(1) and the General Data Protection Regulation Article 6(1)(c)).
• Disclosure of your civil registration number and common personal data to banks and other financial institutions is necessary in order for us to be able to fulfil the agreement/pension and insurance plan that we have with you (the Danish Insurance Operations Act, Section 82, General Data Protection Regulation, Article 6(1-3), General Data Protection Regulation, Article 6(1)(b) and the Danish Data Protection Act, Section 11(2)(3)).

Disclosure of your personal data

PFA may disclose your personal data to the following parties or types of recipients:

• Your employer or an insurance broker assisting your employer/organisation or you regarding your pension payment conditions. 
• PFA’s business partners who assist our company with technical support, supplier services etc.
• Banks and other financial institutions in connection with transfer of deposits.
• Public authorities, for instance The Danish Customs and Tax Administration, in connection with statutory reporting.

We process your personal data in connection with our assessment of whether we can offer treatment or insurance payout in connection with a claim or in connection with prevention of a claim. We all process your personal data to assess the risk of fraud in your case and on the basis of this, carry out additional assessments if needed. We follow the Insurance & Pension Denmark industry code on insurance fraud.

We use, analyse and automatically compile the information we collect to offer you targeted and relevant claims handling (in legal terms referred to as “profiling”)

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, contact details, civil registration number, policy number, designation of beneficiaries, information about general practitioner, information about treatment facility, information about your employment (such as employer and salary information), payment information, income and asset information, sick leave (without a specification of why), and if your employer has decided to take part in this concept, information about public benefits, points of contact with PFA (including the use of My PFA and letter/email correspondence), risk score if you have submitted a claim, and for self-employed people, also information about company financial statements, leisure activities, family relationships (spouse/domestic partner/children), marital status and information about social problems (that are not related to health). 

Special types of personal data (sensitive personal data): 
Health information, and in some cases, information about religious beliefs, information about trade union memberships or information about sexual matters.  

From which sources do we get the information about you? 

You are the primary source of your own personal data, and, generally, we seek to obtain your personal data directly from you. It will typically be My PFA that ensures that the transfer of data takes place via a secure connection to PFA, or it may take place in a telephone call.

When PFA does not receive the personal data from you, we may obtain it from:

• Employer. 
• Previous pension and insurance company (if your pension or insurance plan is transferred from another company).
• Hospitals, general practitioner, other doctors and treatment facilities, such as specialists, chiropractors, physiotherapists etc.
• Public authorities. 
• Public and private registers.
• Social media

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• It is necessary to collect, use and disclose common personal data about you so that we can fulfil the agreement/pension and insurance plan we have with you (General Data Protection Regulation, Article 6(1)(b) and the Danish Insurance Operations Act , Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
• The collection and use of common personal data about you are necessary in order for us to pursue a legitimate interest - to prevent the misuse of the insurance cover (General Data Protection Regulation, Article 6(1)(f)).
• The collection of personal data about you is necessary in order for us to pursue a legitimate interest - preventing sickness absence (General Data Protection Regulation, Article 6(1)(f)).
• he collection, use and disclosure of health information is necessary to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
• Civil registration numbers are collected and used for the purposes of clearly establishing an identity in relation to existing customer issues when handling administrative tasks and providing advisory services (the Danish Insurance Operations Act, Section 69, General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
• Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
• The disclosure of common and sensitive personal data in other contexts will be with your consent (General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a) and the Danish Insurance Operations Act, Section 82, cf. the General Data Protection Regulation, Article 6(1-3)) or on another legal basis, and we can also disclose personal data to The Danish Patient Compensation on the basis of the Danish act on avenues of complaint and compensation for the healthcare system (General Data Protection Regulation, Article 6(1)(c), General Data Protection Regulation, Article 9(2)(g) and the Danish Act on avenues of complaint and compensation for the healthcare system).

Disclosure of your personal data

PFA may disclose your personal data to the following parties or types of recipients:

• Employer. We will inform, for instance, the employer if the payout from an insurance plan is made to the employer. However, no information will be disclosed about the type of injury and the extent unless you have given your consent.
• Insurance broker. We inform the insurance broker (if relevant) that you have been awarded a payout due to reduced occupational capacity, however, no information will be disclosed about the type of injury, the extent and amount. 
• PFA’s business partners who assist our company with technical support, supplier services, as facilitator of health services etc.
• The Danish Centre of Health & Insurance. In special cases, we disclose information to obtain a statement which can make the basis of our decision.
• Public authorities, such as Patienterstatningen (The Danish Patient Compensation Association). We disclose information based on the Danish Act on the Right to Complain and Receive Compensation within the Health Service.
• “danmark” health insurance (Sygeforsikringen “danmark”). If the customer is a member of “danmark” health insurance, we disclose personal data to this company in connection with any reimbursements.
• Representatives, such as lawyers or trade union.

We process your personal data when your plan expires. The data can, for instance, be: 

• when your company or organization switches pension company and terminates its pension and insurance plan with PFA. 
• when you resign due to change of job.
• when you choose to terminate a voluntary agreement on pension/insurance with PFA.

Types of personal data

We process various personal data about you. The personal data can be: 

General types of personal data:
Name, contact information, civil registration number, customer and policy number, information about your employment and date of resignation. 

Special types of personal data (sensitive personal data):
Health information. 

Where do we obtain your personal data from?

In addition to the information we receive from you, we also collect data from your employer, unless it is a private plan.

From which sources do we get the information about you?

In addition to the information we receive from you, we also collect data from your employer, unless it is a private plan.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• The collection, use and disclosure of common personal data about you is necessary so that we can fulfil the agreement about pension and insurance plans that you have with us (General Data Protection Regulation, Article 6(1)(b) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
• Civil registration numbers are collected and used to ensure a clear identification when we manage administrative tasks and provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
• Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
• The use and disclosure of your sensitive personal data is needed to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act, Section 82), cf. General Data Protection Regulation, Article 6(1-3)).
• The disclosure of common personal data and civil registration number in other contexts will be with your consent (the Danish Data Protection Act, Section 11(2)(2) and General Data Protection Regulation, Article 6 (1) (a) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6 (1-3)).

Disclosure of your personal data

PFA may pass on your personal data to the following types of recipients:

• Your new pension and insurance company if your employer/organisation switches pension and insurance company.
• Banks and other financial institutions in connection with transfer of your pension plan at your request.
• PFA’s business partners who assist our company with technical support, supplier services etc.

PFA is responsible for advising you on your pension and insurance plan and to ensure that you get a fair treatment, including that you will receive the payouts you are entitled to, neither more nor less. Now and then, this may lead to complaints.

For example, we use your personal data to process a possible complaint from you about a decision PFA has made. Perhaps you are dissatisfied with the response resulting from our processing of the complaint and choose to file a complaint about PFA to the Insurance Complaints Board or to take PFA to court. In these cases, we will also use your personal data.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, contact information, civil registration number, customer or policy number, information about your engagement with PFA (for instance your payments, risk profile, insurance cover and any other products), beneficiary designation, tax information, leisure activities, financial circumstances, information about your employment (such as employer and salary information), occupational situation, family relationships (spouse/domestic partner/children), marital status and information about social problems (not pertaining to health).

Special types of personal data (sensitive personal data): 
Health information, and in some cases, information about religious beliefs, information about trade union memberships or information about sexual matters.

Personal data regarding convictions and breaches of the law:

Information about criminal offence.

From which sources do we get the information about you?

When PFA does not receive the personal data from you, we may obtain it from: 

• Employer, insurance broker or organisation (of which you are a member).
• Representatives, such as lawyers or trade union.
• Previous or other pension and insurance company, for instance if your pension or insurance plan is transferred from another company.
• Public authorities (such as municipal documents in cases related to disability pension). 
• Public authorities in connection with cases (for instance cases involving the Danish Data Protection Agency or the Danish Financial Supervisory Authority).
• Hospitals, general practitioners, other doctors and treatment facilities such as specialists, chiropractors, physiotherapists, psychologists etc.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• The common personal data are collected, used and disclosed based on a weighing of interests in relation to PFA establishing, enforcing or defending legal claims if a customer complains about a decision made by PFA (General Data Protection Regulation, Article 6(1)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
• The collection and use of common and sensitive personal data are necessary to comply with legal obligations (General Data Protection Regulation, Article 6(1)(c) and Article 9(2)(g), cf. Article 6(1)(c)). PFA has a legal obligation based on the Danish executive order on those responsible for complaints and how financial companies manage complaints. 
• The sensitive personal data is collected, used and disclosed if this is needed for PFA to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
• Civil registration numbers are collected and used to ensure a clear identification when we manage administrative tasks and provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
• Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
• Collection, use and disclosure of information about criminal offence are necessary in order for legal claims to be determined, enforced or defended (the Danish Data Protection Act Section 8(5), the Danish Data Protection Act Section 7(1) and the General Data Protection Regulation Article 9(2)(f)).

Disclosure of your personal data

PFA may pass on your personal data to the following types of recipients:

• Representatives, such as lawyers or trade union.
• PFA’s business partners who assist our company with technical support, supplier services etc. 
• Public authorities in connection with regulatory cases, for instance cases involving the Danish Data Protection Agency or the Danish Financial Supervisory Authority.
• Banks and financial institutions in connection with payouts to you or assessment of payout.
• Courts and boards of appeal.

We process your personal data when we market our products and solutions.

PFA has various marketing initiatives to ensure that you get exactly the information that is relevant to you regarding your pension plan. PFA provides you with news and information about the customer benefits that are targeted to you, your situation and needs in the different phases of your life.

We use, analyse and automatically compile the information we collect to give you targeted and relevant information (in legal terms referred to as “profiling”). This way, PFA ensures that you get the information that PFA assess to be of the greatest value to you.

You can give consent to PFA forwarding marketing material to you through the channels stated in the consent.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, contact information, date for birth, financial circumstances, information about your customer relationship with PFA (such as your payments, risk profile, insurance cover and any other products), salary information, tax information, marital status, family circumstances (spouse/domestic partner/children), demographics, your behaviour on PFA’s digital channels (such as which e-mails you open, which articles you read and what you find interesting at My PFA), your communication with PFA (for instance if you have questions concerning your pension plan, want to book a pension consultation or want more information about one of our products), publicly available or purchased data from, among others, the Building and Dwelling Register (BBR), the Central Business Register (CVR) and Statistics Denmark (such as the value of properties, ownership of companies and demographics), information you have submitted to us through questionnaires, evaluations etc. (for instance about our customer services or our products).

From which sources do we get the information about you?

In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data about you, it would be:

• Information about which e-mails/articles etc. you open when you receive marketing material from PFA. 
• Information from publicly available registers in Denmark (such as Statistics Denmark, the Building and Dwelling Register (BBR) and the Central Business Register (CVR)).

Why are we allowed to process personal data about you?

PFA collects your personal data based on the following legal basis:
Collection and use of general personal data are necessary for PFA to pursue legitimate interests, which means to market PFA’s products (the General Data Protection Regulation Article 6(1)(f)).

In some cases, PFA will also ask for your consent pursuant to the General Data Protection Regulation, Article 6(1)(a) and the Danish Insurance Operations ActDanish Financial Business Act, Section 85121, cf. General Data Protection Act, Article 6(1-3), including when disclosing personal data for marketing purposes.

Disclosure of your personal data

PFA may disclose your personal data to business partners who assist us with technical support, supplier services etc.

Analysis and statistics

We process your personal data when we prepare statistics and analyses. This can be:

• Internal surveys, analyses and profitability assessments
• Solvency calculations and statutory solvency reporting
• Actuary report
• Statistical surveys of material significance to society when it comes to causes of illnesses, disease patterns and coherence with mortality.

Types of personal data

In connection with PFA’s preparation of statistics and analyses, we process various kinds of personal data about you. The personal data that are processed:

General types of personal data:
Name, contact information, civil registration number, gender, customer or policy number, beneficiary designation, information about your customer relationship with PFA (such as your payments, risk profile, insurance cover and any other products), information about your employment (such as employer and salary information), pension payments, tax information, financial circumstances, size of deposit, family relationships (spouse/domestic partner/children), information about death and disappearance notifications.

Special types of personal data (sensitive personal data): 
Health information. 

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data in order to be able to operate a sound insurance business based on the following legal basis:

• The processing of common personal data is necessary to comply with a legal obligation that PFA is under pursuant to the Solvency II regulation, the POG (IDD) regulation regarding requirements for product oversight and the management of insurance companies and insurance distributors and the Danish Insurance Operations Act (General Data Protection Regulation, Article 6(1)(c) and in terms of civil registration numbers, the Danish Data Protection Act, Section 11(2)(1 & 3)). The legal obligation is found in the National Bank of Denmark Act (“statistical information within its area of competence”) and in the Danish Insurance Operations Act (“the information required for the Danish Financial Supervisory Authority’s activities”). 
• PFA prepares statistics, analyses and statutory reporting on a number of areas, including solvency statements, provisions, risk reporting, portfolio reports, run-off analyses, simulation of projected and actual claims experience/risk hedging in relation to the individual insurance products, product profitability, tariffing and claims development and in relation to the insurance portfolio as a whole. PFA processes sensitive personal data if the processing is necessary to address significant societal interests pursuant to the Solvency II regulation, the Danish Insurance Operations Act and the Danish Executive Order on Management and Control of Banks, etc. (General Data Protection Regulation, Article 9(2)(g), cf. Article 6(1)(c)). Among other things, it is implied in the above that PFA is under a statutory regulation to make the calculations and analyses.
• PFA compiles analyses of pooled data about injuries illnesses, disease patterns and coherence with mortality. The analyses are prepared with the objective of reducing the risk of illness and death as well as of obtaining general knowledge about the effect of preventive efforts for the benefit of society. These analyses are made based on the POG (IDD) regulations regarding requirements for supervision of products and management in relation to insurance companies and insurance distributors (the General Data Protection Regulation Article 9(2)(g), cf. Article 6(1)(c)).

Disclosure of your personal data

PFA may pass on your personal data to the following recipients:

• Statistics Denmark
• Danish Financial Supervisory Authority

Innovative initiatives and profiling

We process personal data from various sources about customers for research purposes in the form of development, training and ongoing monitoring of algorithms, statistics and innovative initiatives (‘research’) for the purposes of developing supporting tools that can deal with customer’s circumstances. The supporting tools that are developed do not contain personal data. The supporting tools are part of PFA’s operational activities, customer service and compliance with legal obligations and to support decision-making processes for our business units.

This involves the following research purposes:

Suspicions about insurance fraud

The supporting tool can be used to calculate a risk score for potential insurance fraud on the customer level.

Types of personal data
In connection with this research, we will process various kinds of personal data. This can include:

General types of personal data:
Contact details, customer or policy number, gender, age, coverage criteria, number of companies registered at the customer’s address, ownership share, financial information and working conditions.

Special types of personal data (sensitive personal data):
Health information.

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

• Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark. 
• Information from the Danish CVR registry.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
We process personal data for research purposes that are of societal significance to prevent and detect potential insurance fraud, including ensuring that the customer’s claims are legitimate and that customers are not paying higher premiums that necessary due to, for example, insurance fraud (General Data Protection Regulation, Article 6(1)(e) and the Danish Data Protection Act, Section 10(1)). 

Suspicions about money laundering and the financing of terrorism

The supporting tool can be used to prevent and detect the risk of money laundering and the financing of terrorism.

Types of personal data
In connection with this research, we will process various kinds of personal data. This can include:

General types of personal data:
Customer or policy number, gender, age, marital status, financial information and working conditions and information from the Danish civil registry.

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

• Politically exposed persons and sanction lists.
• Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
The processing of personal data for research purposes is necessary to perform a task that is a societal interest, including preventing and detecting the risk of money laundering and the financing of terrorism (General Data Protection Regulation, Article 6(1)(e))

Customer experiences, information and advisory services

The supporting tool contains general profiles for customers and customer groups. The supporting tool can be used to create a better customer experience with targeted messages for advisory services and marketing content. In addition, the supporting tool is part of our initiatives to retain customers (predicting the churn rate). 

Types of personal data
In connection with this research, we will process various kinds of personal data.

General types of personal data:
Customer or policy number, gender, financial information, branch of employment and information from the Danish civil registry about, for example, change of address and marital status, points of contact with PFA (such as dates of advisory services activities as well as visits and entered information at My PFA, information from PensionsInfo retrieved via My PFA, for example, about size of external deposits).

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

• Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
We process personal data for research purposes so that we can pursue a legitimate interest, including creating better customer experiences, information and advisory services (General Data Protection Regulation, Article 6(1)(f)).

Preventive measures for claims

The supporting tool contains general profiles for customers and can help with predicting an insured person’s risk of long-term illness and measure the effect of PFA’s targeted health offers.

Types of personal data
In connection with this research, we will process various kinds of personal data about you. This may include:

General types of personal data:
Customer or policy number, marital status, use of insurance cover, financial information and working conditions, information from the Danish civil registry about, for example, change of name, address and marital status, points of contact with PFA (including the use of My PFA and correspondence by mail).

Special types of personal data (sensitive personal data):
Health information. 

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

• Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
We process information for research purposes to detect long-term illness and to some extent prevent such illnesses and to measure the effect of PFA’s targeted health offers (General Data Protection Regulation, Article 6(1)(e) and the Danish Data Protection Act, Section 10(1)).

Optimisation of PFA’s internal business processes

The supporting tool can be used to optimise our internal business processes when responding to correspondence sent to PFA’s Contact Centre, to follow up on claims at various times, to compare similar cases and to scan for unwarranted confidential and sensitive data when customers request insight.

Types of personal data:
In connection with this research, we will process various kinds of personal data. This can include:

General types of personal data:
Name, contact details, customer or policy number, age, coverage criteria, use of insurance cover, financial information and working conditions and points of contact with PFA (such as dates of advisory services activities, visits to My PFA, information from PensionsInfo retrieved via My PFA, for example, about the size of external deposits) and responses to questionnaires about satisfaction levels and self-assessed health status. 

Special types of personal data (sensitive personal data):
Health information.

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

• Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.
• Information from the Danish CVR registry.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
The processing of personal data for research purposes is necessary in order to carry out a task that is of societal interest, including helping to contact customers at relevant times and to respond to questions quickly and correctly (General Data Protection Regulation, Article 6(1)(f) and the Danish Data Protection Act, Section 10(1)).

We process your personal data in connection with statutory reporting, and when we need to ensure our compliance with the current legislation, for instance with regard to money laundering, personal data and insurance activities.

We use, analyse and automatically correlate the information we retrieve in order to prevent and detect the risk of money laundering and the financing of terrorism (under the legal term ‘profiling’).

PFA collects, uses and discloses your data for the purpose of compliance with the General Data Protection Regulation, the Data Protection Act and other relevant legislation, such as the Danish Insurance Operations Act. The data can, for instance, be:

• Compulsory documentation
• Statutory reporting to the authorities
• Compliance with the principles of processing personal data and the legal basis for the processing
• Protection of personal data in connection with the initiation and maintenance of technical and organisational precautionary measures, for instance to prevent unauthorised access to PFA’s IT systems
• Investigation of suspicion or knowledge of security breaches followed by reporting to customers or other affected parties and to the Danish Data Protection Agency
• Processing of enquiries and complaints from customers and others
• Processing of inspections and enquiries from the Danish Data Protection Agency and the Danish Financial Supervisory Authority
• Processing of disputes, for instance matters brought before the appeals board or a court of law 
• Statistics

If you are the spouse/registered partner, domestic partner, previous spouse or registered partner, beneficiary or next of kin of a pension or insurance customer with PFA, we use your personal data when we, for instance, administer payouts to you in the event of death or in connection with division of the pension plan on divorce.

Types of personal data

We use various personal data about you. The personal data can be:

General types of personal data: 
Name, contact information, civil registration no., proof of identity (such as a passport if your identity cannot be proved through the Danish Civil Registration System), payment information, family relationships (spouse/registered partner/domestic partner/children), salary information, date of marriage and marital status (including any legal separation and/or divorce decree or order).

From which sources do we get the information about you?

When PFA does not receive the personal data from you, we may obtain it from: 

• Public authorities (such as the Danish Customs and Tax Administration or the probate court)
• The estate left by the deceased 
• Nets Denmark A/S (information about your Nem-Konto Easy Account to be used for receiving payouts)

Why are we allowed to process information about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• Collection, use and disclosure or general personal data are necessary to comply with a legal obligation (the General Data Protection Regulation Article 6(1)(c)). According to the Danish Tax Control Act, PFA has a legal obligation to withhold tax on payout of pension savings to you. PFA discloses your personal data to the Danish Customs and Tax Administration in accordance with the Pension Taxation Act.
• Collection, use and disclosure or general personal data are necessary to comply with a legal obligation (the General Data Protection Regulation Article 6(1)(c)). PFA is legally obligated under the Danish Anti-Money Laundering Act to establish your identity, subject you to a risk-assessment and notify the Danish Money Laundering Secretariat (State Prosecutor for Serious Economic and International Crime) about any suspicions in order to prevent and stop money laundering and financing of terrorism. According to the Danish Insurance Contracts Act, PFA is also under a legal obligation to inform the probate court about designation of beneficiaries.
• Civil registration numbers are collected and used to ensure a clear identification when we manage administrative tasks and provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
• Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
• CPR number is disclosed to identify you when reporting financial information (Danish Data Protection Act, Section 11(2)(1) and the Danish Insurance Operations Act, Section 82).

Disclosure of your personal data

PFA may pass on your personal data to the following types of recipients:

• Public authorities, such as the probate court and the Danish Customs and Tax Administration in connection with withholding estate tax and other taxes.
• Representatives of the estate.
• PFA’s business partners who assist our company with technical support, supplier services etc. 

We process your personal data when you use our websites and apps. This may for instance be information about your behaviour, which we collect by using cookies in order to optimise the user experience on PFA’s websites and apps, or when you contact PFA using our contact forms (for instance if you have questions in connection with our products, campaigns or your plan with PFA). Furthermore, you can contact us through our contact form used for complaints (if you, for instance, want to complaint about a decision).

As regards the handling of complaints, please refer to Chapter 6 “Complaints”.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
When you contact us using one of our contact forms, PFA will register the data you enter. This may, for example, include your name, contact details, date of birth and your civil registration number that is used to identify you and process your enquiry. 

From which sources do we get the information about you?

When you use our websites and apps, PFA collects personal data about your behaviour from the following sources:

• PFA uses cookies on PFA’s websites and apps for the purpose of making the website work properly, for statistical purposes and for marketing purposes and also to study how the pages are visited and how users navigate through the pages.
• You can read more about PFA’s use of cookies and the processing of personal data in this link: Use of cookies (pfa.dk).
  Here you can also read about how you can revoke or change your consent and how you can block cookies in your browser.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• Collection and use of general personal data about you are necessary for PFA to comply with the agreement/the pension and insurance plan that we have with you (the General Data Protection Regulation Article 6(1)(b)).
• The common personal data are collected, used and disclosed based on a weighing of interests in relation to PFA establishing, enforcing or defending legal claims if a customer complains about a decision made by PFA or to respond to other enquiries from customers (General Data Protection Regulation, Article 6(1)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
• Civil registration numbers are collected and used to ensure a clear identification when we need to manage administrative tasks or provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b) and General Data Protection Regulation 9(2)(f), cf. Article 6(1)(b)).
• Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
• We collect your personal data using cookies when you visit our websites and apps based on your cookie consent, cf. General Data Protection Regulation, Article 6(1)(a). 
  The personal data that we have collected via necessary cookies are processed and disclosed on the basis of legitimate interests (General Data Protection Regulation, Article 6(1)(f), to get the website or app to work via the activation of basic functions such as site navigation and access to secure areas of the website. The website cannot function optimally without these cookies.

Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

• PFA’s business partners who assist our company with technical support, supplier services etc. The business partners solely act on PFA’s behalf, so they are not permitted to use the data for their own purposes.

PFA uses video surveillance in the reception area in order to create security and to prevent and solve criminal cases.

Types of personal data:

We process various personal data about you. The personal data can be:

General types of personal data: 
Video footage from PFA’s reception area.

Personal data regarding breaches of the law
Any criminal offence committed in PFA’s reception area.

From which sources do we get the information about you?

PFA collects your personal data when you are situated in PFA’s reception area.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• We process and disclose the personal data we have collected through our video surveillance in consideration of our legitimate interests in creating security and preventing and solving criminal cases (the General Data Protection Regulation Article 6 (1), (f)).
• The personal data we collect through video surveillance footage, will be passed on to the Danish police for crime-solving purposes (Section 4 C of the Danish Act on CCTV Surveillance).

Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

• PFA’s business partners who assist our company with technical support, supplier services etc.
• The police, if necessary.

Storage

Video footage is stored for 30 days before being deleted.

In certain cases, we collect personal data about you if you are employed with one of our business partners (broker) or suppliers (hereinafter referred to as contracting party). We collect this personal data when you act on behalf of the contracting party as a contact person, for instance, when entering into contracts with PFA or when supplying services to PFA.

Types of personal data:

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, your contact information at our contracting party where you are employed (for instance your work email), occupation and login.

From which sources do we get the information about you?

PFA collects your personal information from the following sources:

• If we have not received the personal data from you, we may in some cases get them from our contracting party (where you are employed).
• We collect personal data about you when you call PFA and have given your consent to the conversation being recorded for training and educational purposes.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

• We collect, use and disclose your personal information for the use of entering into and complying with our contract with the contracting party (the General Data Protection Regulation Article 6(1)(b)).
• We collect personal data about you when you call PFA and have given your consent to the conversation being recorded for training and educational purposes (General Data Protection Regulation, Article 6(1)(a)).

Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

• PFA’s business partners who assist our company with technical support, supplier services etc.

When you call us, in some cases we may ask for your consent to record the conversation for training and educational purposes.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Name, contact information, civil registration number, customer or policy number, occupation, information about your engagement with PFA (for instance your payments, risk profile, insurance cover and any other products), beneficiary designation, tax information, leisure activities, financial circumstances, information about your employment (such as employer and salary information), occupational situation, family relationships (spouse/domestic partner/children), marital status, information about general practitioner, information about treatment facility, information about social problems (not pertaining to health) and information about public benefits.

Special types of personal data (sensitive personal data): 
Health information and in special cases information about trade union memberships, religious beliefs or information about sexual matters. 

From which sources do we get the information about you?

PFA collects personal data about you when you call PFA and have given your consent to the conversation being recorded for training and educational purposes. 

Why are we allowed to process personal data about you?

PFA collects and uses your personal data based on the following legal basis:

• The common personal data are collected and used based on consent (General Data Protection Regulation, Article 6(1)(a)). 
• The sensitive personal data are collected and used based on consent (General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a)). 
• The collection and use of civil registration numbers are based on consent (General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(2) and General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a)).

Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

• PFA’s business partners who assist our company with technical support, supplier services etc.