Processing of personal data

Processing of personal data

Last updated on: 05.01.2024

At PFA Pension (PFA), we take good care of your personal data, and we want to inform you, as our customer, about how we handle your data. Here, you can read about what your personal data is used for, how long we store it, and who we share it with. You can also read about your rights, and who you can contact at PFA if you have any questions about the use of your personal data.
  

PFA is the data controller – how to contact us?

PFA is responsible for the processing of your personal data in connection with your pension and insurance plan. Contact information:

PFA Pension, forsikringsaktieselskab
Sundkrogsgade 4
2100 Copenhagen, Denmark
Tel.: (+45) 70 12 50 00
CVR no. 13 59 43 76

 

If you are a member of a board of directors, a member of an executive board or a key employee with the PFA Group, you can learn more about with how PFA processes your personal data by clicking here (in Danish only).

If you as an individual customer buys insurance in “LB Forsikring for PFA”, then click here to see which categories of personal data we exchange and how we use them in various contexts.

Contact information for PFA's data protection officer (DPO)

If you have any questions regarding PFA’s protection and processing of your personal data, please feel free to contact our data protection officer.

You can contact our DPO in the following ways:

By email:     databeskyttelse@pfa.dk

By phone:  (+45) 70 20 75 15

By letter:    PFA Pension
                    Sundkrogsgade 4,
                    2100 Copenhagen,
                    Denmark
                    Att: Data protection officer
 

1. Purpose of processing personal data

PFA processes your personal data for the various purposes described below. Under each listed purpose, you can see which categories of personal data PFA processes, where PFA obtains personal data from, why we are authorised to process your personal data, and who PFA can disclose the personal data to. You can view the full text by clicking the purpose(s) you want to read about.

Offers for business customers with a Danish CVR no. and organisations to take out pension and insurance plans

In some cases, we process personal data about you when we offer a pension and insurance plan to the company or organisation which you are either employed with or a member of. This is done in order to calculate a price for the plan.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Date of birth, gender, information about your employment (for instance employer and salary information).

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:
Collection, use and disclosure of general personal data about you are necessary for PFA to pursue legitimate interests, which means to offer your company or organisation an offer for a pension and insurance plan with PFA (the General Data Protection Regulation Article 6(1)(f)).

Where do we obtain your personal data from?

PFA receives personal data from your employer, insurance broker or organisation (of which you are a member).

Disclosure of your personal data
PFA may disclose your personal data to the following parties or types of recipients:
  • Your employer/organisation or an insurance broker assisting your employer/organisation or you regarding conditions of your pension plan.
  • PFA’s business partners who assist our company with technical support, supplier services etc.

Effecting, individual adjustment and change of pension and insurance plans

You will be registered as a customer with PFA through a compulsory plan established by your employer or in certain cases through a voluntary plan.

Generally, registration takes place when PFA receives the first payment to your plan from your employer and/or when the employer registers you by using an administration system. On registration of your plan and in connection with future individual adjustments or changes, we will process the necessary data about you for the purpose of establishing and changing your plan with PFA.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Name, civil registration number, contact details, IDs (such as passports), information about your engagement with PFA (such as your payments, risk profile, insurance cover and any other products), information about your employment conditions (such as employer and salary information), information about sickness absence periods, marital status (including information about any grants for or decrees of separation and/or divorce), information about close family members (such as spouse/domestic partner/children) and in some cases information about close business partners.

Special types of personal data (sensitive personal data):
Establishment of pension plans:
Generally, when you are registered as a customer with PFA, we will not process any sensitive personal data about you. However, in connection with a company’s change of supplier or when it concerns voluntary plans, health information and trade union information (if the agreement is conditional on membership) may be processed. In some cases, PFA may also process information about your political engagement to comply with the Danish Anti-Money Laundering Act.

Adjustments and changes to the plans:
In the event of general or individual adjustments such as, for example, increasing the level of cover, PFA may process health information and this may be from another PFA plan.

Where do we obtain your personal data from?

When PFA does not receive the personal data from you, we may obtain it from:

  • The Danish Civil Registration System
  • Employer, insurance broker or organisation (of which you are a member)
  • Previous pension and insurance company
  • Hospitals, general practitioners, other doctors and treatment facilities such as specialists, chiropractors, physiotherapists, psychologists etc. 
  • The Danish Centre of Health & Insurance
  • International information providers and publicly available sources
Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • Collection and use of general personal data about you are necessary for PFA to comply with the agreement/the pension and insurance plan that we have with you (the General Data Protection Regulation Article 6(1)(b)).
  • Your common and sensitive personal data are collected, used and disclosed on the basis of your consent (General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a) and the Danish Insurance Operations Act , Section 82, cf. the General Data Protection Regulation, Article 6(1-3)). 
  • The processing of personal data may be needed to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act , Section 82 , cf. General Data Protection Regulation, Article 6(1-3)).
  • Civil registration numbers are collected and used for the purposes of clearly establishing an identity in relation to existing customer issues when handling administrative tasks and providing advisory services, cf. the Danish Insurance Operations Act, Section 69, General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b). 
  • Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act , Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
  • Civil registration numbers are disclosed on the basis of your consent (General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a) and the Danish Insurance Operations Act, Section 82, cf. the General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(2)).
  • The collection, use and disclosure of civil registration numbers and common and sensitive personal data is necessary as PFA has a legal obligation under the Danish Anti-Money Laundering Act to identify and perform a risk assessment on customers (including an evaluation of whether you are a politically exposed person or closely associated with a politically exposed person) and so that the Danish Money Laundering Secretariat can be notified about suspicious circumstances for the purpose of preventing or fighting money laundering and the financing of terrorism (the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(c)).
Disclosure of your personal data

PFA may disclose your personal data to the following parties or types of recipients:

  • The Danish Centre of Health & Insurance, for example in connection with rejection of establishment. 
  • PFA’s business partners who assist our company with technical support, supplier services etc.
  • Your employer or an insurance mediator assisting your employer/organisation or you regarding conditions of your pension plan.

Advisory services and general administration of plans

We process your personal data when we give Advisory services and administer your plan with PFA. The data can, for instance, be:

  • when we advise you, communicate with you or when you make use of our personalised digital solutions.
  • when we administer payments to and payouts from your pension plan.
  • when we forward information to you about changes in your pension summary, your terms and conditions and other administrative information.
  • When we provide advisory services to the company that you are employed with or the organisation you are a member of so that they can assess whether they want to make adjustments to the plan on an ongoing basis

    We use, analyse and automatically compile the information we collect to give you targeted and relevant information (in legal terms referred to as “profiling”). This way, PFA ensures that you get the information that we assess to be of the greatest value to you.
  • For instance, we advise our customers in connection with life events like marriage, divorce and purchase of property. Therefore, we may, for instance, need to find all customers who have relocated in recent years so that we can advise them on how to adjust their plan when their personal finances undergo major changes.
  • We create better customer experiences with differentiated messages, relevant product recommendations and customer advantages.
  • We advise our customers in connection with legislative changes. If a legislative amendment affects a specific pension product, we will identify the customers who have this exact pension product to contact them and explain which impact the legislative amendment will have on them.
Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Name, contact information, marital status, civil registration number, gender, customer or policy number, proof of identity (e.g., passport), information about your customer relationship with PFA (such as your payments, risk profile, insurance cover and any other products), the size of pension savings, payment information, information about state pension, information about your employment (for example, employer and salary information), municipal information, information about assets, information about any potential disappearance, information that you have chosen to share with us via My PFA (for example, about plans with other pension companies if you have chosen to upload PensionsInfo or tax information if you have uploaded e-skat or notified of this by other means) and potentially personal data about those close to you (such as spouse/domestic partner/children) and in some cases information about close business partners.

Special types of personal data (sensitive personal data):
Health information and trade union membership. In some cases, PFA may also process information about your political engagement so as to comply with the Danish Anti-Money Laundering Act.

From which sources do we get the information about you?

In connection with our advisory services, we use information available in our database or at My PFA. In addition, we will in many cases receive supplementary personal data from you. This could be personal data that we receive from you through My PFA. When you provide us with your information through My PFA, it is ensured that the data transmission to PFA is made through a secure channel.

When PFA does not receive the personal data from you, we may obtain it from:
  • Employer, insurance broker or organisation (of which you are a member), for example if you change collective agreement or you experience changes in your employment.
  • Previous pension and insurance company, for instance if you request to have pension savings transferred from another company to PFA.
  • Banks and other financial institutions, for instance if you request to have pension savings transferred from another company to PFA.
  • Public authorities. 
  • The Danish Civil Registration System in connection with change of address or marital status.
  • International information providers and publicly available sources.
Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • It is necessary to collect, use and disclose common personal data about you so that we can fulfil the agreement/pension and insurance plan we have with you (General Data Protection Regulation, Article 6(1)(b) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
  • The use of common personal data about you is necessary in order for us to pursue a legitimate interest in providing your company or the organisation that you are a member of with anonymised reports about the pension and insurance agreement they have entered into with PFA (General Data Protection Regulation, Article 6(1)(f)).
  • The use of common personal data about you is necessary in order for us to pursue a legitimate interest in providing you with a better customer experience with differentiated communications and to have you keep being a PFA customer (General Data Protection Regulation, Article 6(1)(f)).
  • The processing of personal data is necessary to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
  • Civil registration numbers are collected and used for the purposes of clearly establishing an identity in relation to existing customer issues when handling administrative tasks and providing advisory services (the Danish Insurance Operations Act, Section 69, General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
  • Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
  • The collection, use and disclosure of civil registration numbers and the common and sensitive personal data are necessary as PFA is legally obligated pursuant to the Danish Anti-Money Laundering Act to identify and carry out risk assessments on customers and to notify the Danish Money Laundering Secretariat about suspicions for the purposes of preventing and fighting money laundering and the financing of terrorism. PFA retrieves personal data about you in connection with customer due diligence procedures and due to studying, examining and monitoring the pension plan (Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 9(2)(g) and General Data Protection Regulation, Article 6(1)(c)).
  • Collection, use and disclosure of your civil registration number and general personal data are necessary as, according to the Danish Tax Control Act, PFA has a legal obligation to report data to the Danish Customs and Tax Administration. Additionally, PFA is liable to withhold tax on payout of pension savings to you. In that connection, PFA will disclose your personal data in compliance with the Danish Pension Taxation Act. PFA discloses civil registration numbers for the purpose of identification of our customers in connection with reporting financial information and paying out tax (the Data Protection Act Section 11(1) and the General Data Protection Regulation Article 6(1)(c)).
  • Disclosure of your civil registration number and common personal data to banks and other financial institutions is necessary in order for us to be able to fulfil the agreement/pension and insurance plan that we have with you (the Danish Insurance Operations Act, Section 82, General Data Protection Regulation, Article 6(1-3), General Data Protection Regulation, Article 6(1)(b) and the Danish Data Protection Act, Section 11(2)(3)).
Disclosure of your personal data

PFA may disclose your personal data to the following parties or types of recipients:

  • Your employer or an insurance broker assisting your employer/organisation or you regarding your pension payment conditions. 
  • PFA’s business partners who assist our company with technical support, supplier services etc.
  • Banks and other financial institutions in connection with transfer of deposits.
  • Public authorities, for instance The Danish Customs and Tax Administration, in connection with statutory reporting.

Claims handling and payout of insurance cover

We process your personal data in connection with our assessment of whether we can offer treatment or insurance payout in connection with a claim or in connection with prevention of a claim. We all process your personal data to assess the risk of fraud in your case and on the basis of this, carry out additional assessments if needed. We follow the Insurance & Pension Denmark industry code on insurance fraud.

We use, analyse and automatically compile the information we collect to offer you targeted and relevant claims handling (in legal terms referred to as “profiling”)

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, contact details, civil registration number, policy number, designation of beneficiaries, information about general practitioner, information about treatment facility, information about your employment (such as employer and salary information), payment information, income and asset information, sick leave (without a specification of why), and if your employer has decided to take part in this concept, information about public benefits, points of contact with PFA (including the use of My PFA and letter/email correspondence), risk score if you have submitted a claim, and for self-employed people, also information about company financial statements, leisure activities, family relationships (spouse/domestic partner/children), marital status and information about social problems (that are not related to health). 

Special types of personal data (sensitive personal data): 
Health information, and in some cases, information about religious beliefs, information about trade union memberships or information about sexual matters.  

From which sources do we get the information about you? 

You are the primary source of your own personal data, and, generally, we seek to obtain your personal data directly from you. It will typically be My PFA that ensures that the transfer of data takes place via a secure connection to PFA, or it may take place in a telephone call.

When PFA does not receive the personal data from you, we may obtain it from:
  • Employer. 
  • Previous pension and insurance company (if your pension or insurance plan is transferred from another company).
  • Hospitals, general practitioner, other doctors and treatment facilities, such as specialists, chiropractors, physiotherapists etc.
  • Public authorities. 
  • Public and private registers.
  • Social media
Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • It is necessary to collect, use and disclose common personal data about you so that we can fulfil the agreement/pension and insurance plan we have with you (General Data Protection Regulation, Article 6(1)(b) and the Danish Insurance Operations Act , Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
  • The collection and use of common personal data about you are necessary in order for us to pursue a legitimate interest - to prevent the misuse of the insurance cover (General Data Protection Regulation, Article 6(1)(f)).
  • The collection of personal data about you is necessary in order for us to pursue a legitimate interest - preventing sickness absence (General Data Protection Regulation, Article 6(1)(f)).
  • he collection, use and disclosure of health information is necessary to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
  • Civil registration numbers are collected and used for the purposes of clearly establishing an identity in relation to existing customer issues when handling administrative tasks and providing advisory services (the Danish Insurance Operations Act, Section 69, General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
  • Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
  • The disclosure of common and sensitive personal data in other contexts will be with your consent (General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a) and the Danish Insurance Operations Act, Section 82, cf. the General Data Protection Regulation, Article 6(1-3)) or on another legal basis, and we can also disclose personal data to The Danish Patient Compensation on the basis of the Danish act on avenues of complaint and compensation for the healthcare system (General Data Protection Regulation, Article 6(1)(c), General Data Protection Regulation, Article 9(2)(g) and the Danish Act on avenues of complaint and compensation for the healthcare system).
Disclosure of your personal data

PFA may disclose your personal data to the following parties or types of recipients:

  • Employer. We will inform, for instance, the employer if the payout from an insurance plan is made to the employer. However, no information will be disclosed about the type of injury and the extent unless you have given your consent.
  • Insurance broker. We inform the insurance broker (if relevant) that you have been awarded a payout due to reduced occupational capacity, however, no information will be disclosed about the type of injury, the extent and amount. 
  • PFA’s business partners who assist our company with technical support, supplier services, as facilitator of health services etc.
  • The Danish Centre of Health & Insurance. In special cases, we disclose information to obtain a statement which can make the basis of our decision.
  • Public authorities, such as Patienterstatningen (The Danish Patient Compensation Association). We disclose information based on the Danish Act on the Right to Complain and Receive Compensation within the Health Service.
  • “danmark” health insurance (Sygeforsikringen “danmark”). If the customer is a member of “danmark” health insurance, we disclose personal data to this company in connection with any reimbursements.
  • Representatives, such as lawyers or trade union.

When your plan expires

We process your personal data when your plan expires. The data can, for instance, be: 

  • when your company or organization switches pension company and terminates its pension and insurance plan with PFA. 
  • when you resign due to change of job.
  • when you choose to terminate a voluntary agreement on pension/insurance with PFA.
Types of personal data

We process various personal data about you. The personal data can be: 

General types of personal data:
Name, contact information, civil registration number, customer and policy number, information about your employment and date of resignation. 

Special types of personal data (sensitive personal data):
Health information. 

Where do we obtain your personal data from?

In addition to the information we receive from you, we also collect data from your employer, unless it is a private plan.

From which sources do we get the information about you?

In addition to the information we receive from you, we also collect data from your employer, unless it is a private plan.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • The collection, use and disclosure of common personal data about you is necessary so that we can fulfil the agreement about pension and insurance plans that you have with us (General Data Protection Regulation, Article 6(1)(b) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
  • Civil registration numbers are collected and used to ensure a clear identification when we manage administrative tasks and provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
  • Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
  • The use and disclosure of your sensitive personal data is needed to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b & f) and the Danish Insurance Operations Act, Section 82), cf. General Data Protection Regulation, Article 6(1-3)).
  • The disclosure of common personal data and civil registration number in other contexts will be with your consent (the Danish Data Protection Act, Section 11(2)(2) and General Data Protection Regulation, Article 6 (1) (a) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6 (1-3)).
Disclosure of your personal data

PFA may pass on your personal data to the following types of recipients:

  • Your new pension and insurance company if your employer/organisation switches pension and insurance company.
  • Banks and other financial institutions in connection with transfer of your pension plan at your request.
  • PFA’s business partners who assist our company with technical support, supplier services etc.

Processing of complaints

PFA is responsible for advising you on your pension and insurance plan and to ensure that you get a fair treatment, including that you will receive the payouts you are entitled to, neither more nor less. Now and then, this may lead to complaints.

For example, we use your personal data to process a possible complaint from you about a decision PFA has made. Perhaps you are dissatisfied with the response resulting from our processing of the complaint and choose to file a complaint about PFA to the Insurance Complaints Board or to take PFA to court. In these cases, we will also use your personal data.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, contact information, civil registration number, customer or policy number, information about your engagement with PFA (for instance your payments, risk profile, insurance cover and any other products), beneficiary designation, tax information, leisure activities, financial circumstances, information about your employment (such as employer and salary information), occupational situation, family relationships (spouse/domestic partner/children), marital status and information about social problems (not pertaining to health).

Special types of personal data (sensitive personal data): 
Health information, and in some cases, information about religious beliefs, information about trade union memberships or information about sexual matters.

Personal data regarding convictions and breaches of the law:

Information about criminal offence.

From which sources do we get the information about you?

When PFA does not receive the personal data from you, we may obtain it from: 

  • Employer, insurance broker or organisation (of which you are a member).
  • Representatives, such as lawyers or trade union.
  • Previous or other pension and insurance company, for instance if your pension or insurance plan is transferred from another company.
  • Public authorities (such as municipal documents in cases related to disability pension). 
  • Public authorities in connection with cases (for instance cases involving the Danish Data Protection Agency or the Danish Financial Supervisory Authority).
  • Hospitals, general practitioners, other doctors and treatment facilities such as specialists, chiropractors, physiotherapists, psychologists etc.
Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • The common personal data are collected, used and disclosed based on a weighing of interests in relation to PFA establishing, enforcing or defending legal claims if a customer complains about a decision made by PFA (General Data Protection Regulation, Article 6(1)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
  • The collection and use of common and sensitive personal data are necessary to comply with legal obligations (General Data Protection Regulation, Article 6(1)(c) and Article 9(2)(g), cf. Article 6(1)(c)). PFA has a legal obligation based on the Danish executive order on those responsible for complaints and how financial companies manage complaints. 
  • The sensitive personal data is collected, used and disclosed if this is needed for PFA to establish, enforce or defend legal claims (General Data Protection Regulation, Article 9(2)(f), cf. Article 6(1)(b) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)).
  • Civil registration numbers are collected and used to ensure a clear identification when we manage administrative tasks and provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
  • Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
  • Collection, use and disclosure of information about criminal offence are necessary in order for legal claims to be determined, enforced or defended (the Danish Data Protection Act Section 8(5), the Danish Data Protection Act Section 7(1) and the General Data Protection Regulation Article 9(2)(f)).
Disclosure of your personal data

PFA may pass on your personal data to the following types of recipients:

  • Representatives, such as lawyers or trade union.
  • PFA’s business partners who assist our company with technical support, supplier services etc. 
  • Public authorities in connection with regulatory cases, for instance cases involving the Danish Data Protection Agency or the Danish Financial Supervisory Authority.
  • Banks and financial institutions in connection with payouts to you or assessment of payout.
  • Courts and boards of appeal.

Marketing

We process your personal data when we market our products and solutions.

PFA has various marketing initiatives to ensure that you get exactly the information that is relevant to you regarding your pension plan. PFA provides you with news and information about the customer benefits that are targeted to you, your situation and needs in the different phases of your life.

We use, analyse and automatically compile the information we collect to give you targeted and relevant information (in legal terms referred to as “profiling”). This way, PFA ensures that you get the information that PFA assess to be of the greatest value to you.

You can give consent to PFA forwarding marketing material to you through the channels stated in the consent.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, contact information, date for birth, financial circumstances, information about your customer relationship with PFA (such as your payments, risk profile, insurance cover and any other products), salary information, tax information, marital status, family circumstances (spouse/domestic partner/children), demographics, your behaviour on PFA’s digital channels (such as which e-mails you open, which articles you read and what you find interesting at My PFA), your communication with PFA (for instance if you have questions concerning your pension plan, want to book a pension consultation or want more information about one of our products), publicly available or purchased data from, among others, the Building and Dwelling Register (BBR), the Central Business Register (CVR) and Statistics Denmark (such as the value of properties, ownership of companies and demographics), information you have submitted to us through questionnaires, evaluations etc. (for instance about our customer services or our products).

From which sources do we get the information about you?

In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data about you, it would be:

  • Information about which e-mails/articles etc. you open when you receive marketing material from PFA. 
  • Information from publicly available registers in Denmark (such as Statistics Denmark, the Building and Dwelling Register (BBR) and the Central Business Register (CVR)).
Why are we allowed to process personal data about you?

PFA collects your personal data based on the following legal basis:
Collection and use of general personal data are necessary for PFA to pursue legitimate interests, which means to market PFA’s products (the General Data Protection Regulation Article 6(1)(f)).

In some cases, PFA will also ask for your consent pursuant to the General Data Protection Regulation, Article 6(1)(a) and the Danish Insurance Operations ActDanish Financial Business Act, Section 85121, cf. General Data Protection Act, Article 6(1-3), including when disclosing personal data for marketing purposes.

Disclosure of your personal data

PFA may disclose your personal data to business partners who assist us with technical support, supplier services etc.

Analysis, statistics, innovative initiatives and profiling

Analysis and statistics

We process your personal data when we prepare statistics and analyses. This can be:

  • Internal surveys, analyses and profitability assessments
  • Solvency calculations and statutory solvency reporting
  • Actuary report
  • Statistical surveys of material significance to society when it comes to causes of illnesses, disease patterns and coherence with mortality.
Types of personal data

In connection with PFA’s preparation of statistics and analyses, we process various kinds of personal data about you. The personal data that are processed:

General types of personal data:
Name, contact information, civil registration number, gender, customer or policy number, beneficiary designation, information about your customer relationship with PFA (such as your payments, risk profile, insurance cover and any other products), information about your employment (such as employer and salary information), pension payments, tax information, financial circumstances, size of deposit, family relationships (spouse/domestic partner/children), information about death and disappearance notifications.

Special types of personal data (sensitive personal data): 
Health information. 

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data in order to be able to operate a sound insurance business based on the following legal basis:

  • The processing of common personal data is necessary to comply with a legal obligation that PFA is under pursuant to the Solvency II regulation, the POG (IDD) regulation regarding requirements for product oversight and the management of insurance companies and insurance distributors and the Danish Insurance Operations Act (General Data Protection Regulation, Article 6(1)(c) and in terms of civil registration numbers, the Danish Data Protection Act, Section 11(2)(1 & 3)). The legal obligation is found in the National Bank of Denmark Act (“statistical information within its area of competence”) and in the Danish Insurance Operations Act (“the information required for the Danish Financial Supervisory Authority’s activities”). 
  • PFA prepares statistics, analyses and statutory reporting on a number of areas, including solvency statements, provisions, risk reporting, portfolio reports, run-off analyses, simulation of projected and actual claims experience/risk hedging in relation to the individual insurance products, product profitability, tariffing and claims development and in relation to the insurance portfolio as a whole. PFA processes sensitive personal data if the processing is necessary to address significant societal interests pursuant to the Solvency II regulation, the Danish Insurance Operations Act and the Danish Executive Order on Management and Control of Banks, etc. (General Data Protection Regulation, Article 9(2)(g), cf. Article 6(1)(c)). Among other things, it is implied in the above that PFA is under a statutory regulation to make the calculations and analyses.
  • PFA compiles analyses of pooled data about injuries illnesses, disease patterns and coherence with mortality. The analyses are prepared with the objective of reducing the risk of illness and death as well as of obtaining general knowledge about the effect of preventive efforts for the benefit of society. These analyses are made based on the POG (IDD) regulations regarding requirements for supervision of products and management in relation to insurance companies and insurance distributors (the General Data Protection Regulation Article 9(2)(g), cf. Article 6(1)(c)).
Disclosure of your personal data

PFA may pass on your personal data to the following recipients:

  • Statistics Denmark
  • Danish Financial Supervisory Authority
Innovative initiatives and profiling

We process personal data from various sources about customers for research purposes in the form of development, training and ongoing monitoring of algorithms, statistics and innovative initiatives (‘research’) for the purposes of developing supporting tools that can deal with customer’s circumstances. The supporting tools that are developed do not contain personal data. The supporting tools are part of PFA’s operational activities, customer service and compliance with legal obligations and to support decision-making processes for our business units.

This involves the following research purposes:

Suspicions about insurance fraud

The supporting tool can be used to calculate a risk score for potential insurance fraud on the customer level.

Types of personal data
In connection with this research, we will process various kinds of personal data. This can include:

General types of personal data:
Contact details, customer or policy number, gender, age, coverage criteria, number of companies registered at the customer’s address, ownership share, financial information and working conditions.

Special types of personal data (sensitive personal data):
Health information.

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

  • Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark. 
  • Information from the Danish CVR registry.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
We process personal data for research purposes that are of societal significance to prevent and detect potential insurance fraud, including ensuring that the customer’s claims are legitimate and that customers are not paying higher premiums that necessary due to, for example, insurance fraud (General Data Protection Regulation, Article 6(1)(e) and the Danish Data Protection Act, Section 10(1)). 

Suspicions about money laundering and the financing of terrorism

The supporting tool can be used to prevent and detect the risk of money laundering and the financing of terrorism.

Types of personal data
In connection with this research, we will process various kinds of personal data. This can include:

General types of personal data:
Customer or policy number, gender, age, marital status, financial information and working conditions and information from the Danish civil registry.

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

  • Politically exposed persons and sanction lists.
  • Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
The processing of personal data for research purposes is necessary to perform a task that is a societal interest, including preventing and detecting the risk of money laundering and the financing of terrorism (General Data Protection Regulation, Article 6(1)(e))

Customer experiences, information and advisory services

The supporting tool contains general profiles for customers and customer groups. The supporting tool can be used to create a better customer experience with targeted messages for advisory services and marketing content. In addition, the supporting tool is part of our initiatives to retain customers (predicting the churn rate). 

Types of personal data
In connection with this research, we will process various kinds of personal data.

General types of personal data:
Customer or policy number, gender, financial information, branch of employment and information from the Danish civil registry about, for example, change of address and marital status, points of contact with PFA (such as dates of advisory services activities as well as visits and entered information at My PFA, information from PensionsInfo retrieved via My PFA, for example, about size of external deposits).

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

  • Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
We process personal data for research purposes so that we can pursue a legitimate interest, including creating better customer experiences, information and advisory services (General Data Protection Regulation, Article 6(1)(f)).

Preventive measures for claims

The supporting tool contains general profiles for customers and can help with predicting an insured person’s risk of long-term illness and measure the effect of PFA’s targeted health offers.

Types of personal data
In connection with this research, we will process various kinds of personal data about you. This may include:

General types of personal data:
Customer or policy number, marital status, use of insurance cover, financial information and working conditions, information from the Danish civil registry about, for example, change of name, address and marital status, points of contact with PFA (including the use of My PFA and correspondence by mail).

Special types of personal data (sensitive personal data):
Health information. 

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

  • Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
We process information for research purposes to detect long-term illness and to some extent prevent such illnesses and to measure the effect of PFA’s targeted health offers (General Data Protection Regulation, Article 6(1)(e) and the Danish Data Protection Act, Section 10(1)).

Optimisation of PFA’s internal business processes

The supporting tool can be used to optimise our internal business processes when responding to correspondence sent to PFA’s Contact Centre, to follow up on claims at various times, to compare similar cases and to scan for unwarranted confidential and sensitive data when customers request insight.

Types of personal data:
In connection with this research, we will process various kinds of personal data. This can include:

General types of personal data:
Name, contact details, customer or policy number, age, coverage criteria, use of insurance cover, financial information and working conditions and points of contact with PFA (such as dates of advisory services activities, visits to My PFA, information from PensionsInfo retrieved via My PFA, for example, about the size of external deposits) and responses to questionnaires about satisfaction levels and self-assessed health status. 

Special types of personal data (sensitive personal data):
Health information.

From which sources do we get the information about you?
In many cases, no other personal data is collected but the data which is already collected as part of the customer relationship between you and PFA. If PFA receives new personal data, it would be:

  • Address information from dawa.aws.dk and aggregated statistical information from Statistics Denmark.
  • Information from the Danish CVR registry.

Why are we allowed to process personal data about you?
PFA collects your personal data based on the following legal basis:
The processing of personal data for research purposes is necessary in order to carry out a task that is of societal interest, including helping to contact customers at relevant times and to respond to questions quickly and correctly (General Data Protection Regulation, Article 6(1)(f) and the Danish Data Protection Act, Section 10(1)).

Compliance with legal obligations

We process your personal data in connection with statutory reporting, and when we need to ensure our compliance with the current legislation, for instance with regard to money laundering, personal data and insurance activities.

We use, analyse and automatically correlate the information we retrieve in order to prevent and detect the risk of money laundering and the financing of terrorism (under the legal term ‘profiling’).

PFA collects, uses and discloses your data for the purpose of compliance with the General Data Protection Regulation, the Data Protection Act and other relevant legislation, such as the Danish Insurance Operations Act. The data can, for instance, be:

  • Compulsory documentation
  • Statutory reporting to the authorities
  • Compliance with the principles of processing personal data and the legal basis for the processing
  • Protection of personal data in connection with the initiation and maintenance of technical and organisational precautionary measures, for instance to prevent unauthorised access to PFA’s IT systems
  • Investigation of suspicion or knowledge of security breaches followed by reporting to customers or other affected parties and to the Danish Data Protection Agency
  • Processing of enquiries and complaints from customers and others
  • Processing of inspections and enquiries from the Danish Data Protection Agency and the Danish Financial Supervisory Authority
  • Processing of disputes, for instance matters brought before the appeals board or a court of law 
  • Statistics

Benefits and payouts to spouse, domestic partner and children

If you are the spouse/registered partner, domestic partner, previous spouse or registered partner, beneficiary or next of kin of a pension or insurance customer with PFA, we use your personal data when we, for instance, administer payouts to you in the event of death or in connection with division of the pension plan on divorce.

Types of personal data

We use various personal data about you. The personal data can be:

General types of personal data: 
Name, contact information, civil registration no., proof of identity (such as a passport if your identity cannot be proved through the Danish Civil Registration System), payment information, family relationships (spouse/registered partner/domestic partner/children), salary information, date of marriage and marital status (including any legal separation and/or divorce decree or order).

From which sources do we get the information about you?

When PFA does not receive the personal data from you, we may obtain it from: 

  • Public authorities (such as the Danish Customs and Tax Administration or the probate court)
  • The estate left by the deceased 
  • Nets Denmark A/S (information about your Nem-Konto Easy Account to be used for receiving payouts)
Why are we allowed to process information about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • Collection, use and disclosure or general personal data are necessary to comply with a legal obligation (the General Data Protection Regulation Article 6(1)(c)). According to the Danish Tax Control Act, PFA has a legal obligation to withhold tax on payout of pension savings to you. PFA discloses your personal data to the Danish Customs and Tax Administration in accordance with the Pension Taxation Act.
  • Collection, use and disclosure or general personal data are necessary to comply with a legal obligation (the General Data Protection Regulation Article 6(1)(c)). PFA is legally obligated under the Danish Anti-Money Laundering Act to establish your identity, subject you to a risk-assessment and notify the Danish Money Laundering Secretariat (State Prosecutor for Serious Economic and International Crime) about any suspicions in order to prevent and stop money laundering and financing of terrorism. According to the Danish Insurance Contracts Act, PFA is also under a legal obligation to inform the probate court about designation of beneficiaries.
  • Civil registration numbers are collected and used to ensure a clear identification when we manage administrative tasks and provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b)).
  • Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
  • CPR number is disclosed to identify you when reporting financial information (Danish Data Protection Act, Section 11(2)(1) and the Danish Insurance Operations Act, Section 82).
Disclosure of your personal data

PFA may pass on your personal data to the following types of recipients:

  • Public authorities, such as the probate court and the Danish Customs and Tax Administration in connection with withholding estate tax and other taxes.
  • Representatives of the estate.
  • PFA’s business partners who assist our company with technical support, supplier services etc. 

Contact forms and optimisation of user experience on PFA's website and apps

We process your personal data when you use our websites and apps. This may for instance be information about your behaviour, which we collect by using cookies in order to optimise the user experience on PFA’s websites and apps, or when you contact PFA using our contact forms (for instance if you have questions in connection with our products, campaigns or your plan with PFA). Furthermore, you can contact us through our contact form used for complaints (if you, for instance, want to complaint about a decision).

As regards the handling of complaints, please refer to Chapter 6 “Complaints”.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
When you contact us using one of our contact forms, PFA will register the data you enter. This may, for example, include your name, contact details, date of birth and your civil registration number that is used to identify you and process your enquiry. 

From which sources do we get the information about you?

When you use our websites and apps, PFA collects personal data about your behaviour from the following sources:

  • PFA uses cookies on PFA’s websites and apps for the purpose of making the website work properly, for statistical purposes and for marketing purposes and also to study how the pages are visited and how users navigate through the pages.
  • You can read more about PFA’s use of cookies and the processing of personal data in this link: Use of cookies (pfa.dk).
    Here you can also read about how you can revoke or change your consent and how you can block cookies in your browser.
Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • Collection and use of general personal data about you are necessary for PFA to comply with the agreement/the pension and insurance plan that we have with you (the General Data Protection Regulation Article 6(1)(b)).
  • The common personal data are collected, used and disclosed based on a weighing of interests in relation to PFA establishing, enforcing or defending legal claims if a customer complains about a decision made by PFA or to respond to other enquiries from customers (General Data Protection Regulation, Article 6(1)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3)). 
  • Civil registration numbers are collected and used to ensure a clear identification when we need to manage administrative tasks or provide advisory services in an existing customer relationship (the Danish Insurance Operations Act, Section 69, cf. the General Data Protection Regulation, Article 87, cf. Danish Data Protection Act, Section 11(2)(1) and General Data Protection Regulation, Article 6(1)(b) and General Data Protection Regulation 9(2)(f), cf. Article 6(1)(b)).
  • Disclosing information about civil registration numbers is needed to establish, enforce or defend legal claims (Danish Data Protection Act, Section 11(2)(4) and 7(1) and General Data Protection Regulation, Article 9(2)(f) and the Danish Insurance Operations Act, Section 82, cf. General Data Protection Regulation, Article 6(1-3) and the Danish Data Protection Act, Section 11(2)(1)).
  • We collect your personal data using cookies when you visit our websites and apps based on your cookie consent, cf. General Data Protection Regulation, Article 6(1)(a). 
    The personal data that we have collected via necessary cookies are processed and disclosed on the basis of legitimate interests (General Data Protection Regulation, Article 6(1)(f), to get the website or app to work via the activation of basic functions such as site navigation and access to secure areas of the website. The website cannot function optimally without these cookies.
Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

  • PFA’s business partners who assist our company with technical support, supplier services etc. The business partners solely act on PFA’s behalf, so they are not permitted to use the data for their own purposes.

Video surveillance in PFA’s reception area

PFA uses video surveillance in the reception area in order to create security and to prevent and solve criminal cases.

Types of personal data:

We process various personal data about you. The personal data can be:

General types of personal data: 
Video footage from PFA’s reception area.

Personal data regarding breaches of the law
Any criminal offence committed in PFA’s reception area.

From which sources do we get the information about you?

PFA collects your personal data when you are situated in PFA’s reception area.

Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • We process and disclose the personal data we have collected through our video surveillance in consideration of our legitimate interests in creating security and preventing and solving criminal cases (the General Data Protection Regulation Article 6 (1), (f)).
  • The personal data we collect through video surveillance footage, will be passed on to the Danish police for crime-solving purposes (Section 4 C of the Danish Act on CCTV Surveillance).
Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

  • PFA’s business partners who assist our company with technical support, supplier services etc.
  • The police, if necessary.
Storage

Video footage is stored for 30 days before being deleted.

Suppliers and business partners (not relevant for you as a customer with PFA)

In certain cases, we collect personal data about you if you are employed with one of our business partners (broker) or suppliers (hereinafter referred to as contracting party). We collect this personal data when you act on behalf of the contracting party as a contact person, for instance, when entering into contracts with PFA or when supplying services to PFA.

Types of personal data:

We process various personal data about you. The personal data can be:

General types of personal data: 
Name, your contact information at our contracting party where you are employed (for instance your work email), occupation and login.

From which sources do we get the information about you?

PFA collects your personal information from the following sources:

  • If we have not received the personal data from you, we may in some cases get them from our contracting party (where you are employed).
  • We collect personal data about you when you call PFA and have given your consent to the conversation being recorded for training and educational purposes.
Why are we allowed to process personal data about you?

PFA collects, uses and discloses your personal data based on the following legal basis:

  • We collect, use and disclose your personal information for the use of entering into and complying with our contract with the contracting party (the General Data Protection Regulation Article 6(1)(b)).
  • We collect personal data about you when you call PFA and have given your consent to the conversation being recorded for training and educational purposes (General Data Protection Regulation, Article 6(1)(a)).
Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

  • PFA’s business partners who assist our company with technical support, supplier services etc.

Recording of telephone conversations for training and educational purposes

When you call us, in some cases we may ask for your consent to record the conversation for training and educational purposes.

Types of personal data

We process various personal data about you. The personal data can be:

General types of personal data:
Name, contact information, civil registration number, customer or policy number, occupation, information about your engagement with PFA (for instance your payments, risk profile, insurance cover and any other products), beneficiary designation, tax information, leisure activities, financial circumstances, information about your employment (such as employer and salary information), occupational situation, family relationships (spouse/domestic partner/children), marital status, information about general practitioner, information about treatment facility, information about social problems (not pertaining to health) and information about public benefits.

Special types of personal data (sensitive personal data): 
Health information and in special cases information about trade union memberships, religious beliefs or information about sexual matters. 

From which sources do we get the information about you?

PFA collects personal data about you when you call PFA and have given your consent to the conversation being recorded for training and educational purposes. 

Why are we allowed to process personal data about you?

PFA collects and uses your personal data based on the following legal basis:

  • The common personal data are collected and used based on consent (General Data Protection Regulation, Article 6(1)(a)). 
  • The sensitive personal data are collected and used based on consent (General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a)). 
  • The collection and use of civil registration numbers are based on consent (General Data Protection Regulation, Article 87, cf. the Danish Data Protection Act, Section 11(2)(2) and General Data Protection Regulation, Article 6(1)(a) and General Data Protection Regulation, Article 9(2)(a), cf. Article 6(1)(a)).
Disclosure of your personal data

PFA may pass on your personal data to the following type of recipients:

  • PFA’s business partners who assist our company with technical support, supplier services etc.
2. Transfer of personal data to countries outside the EU/EEA

PFA engages with suppliers and business partners who carry out tasks for PFA. This means that your personal data will be processed by suppliers and business partners (data processors) whenever necessary for the data processor to perform the task in question for PFA.

PFA protects your personal data When disclosing personal data to data processors in non-EU/EEA countries, for example when using hosting or support services from one of PFA’s data processors, PFA ensures that there is a sufficient basis for the transfer and a sufficient level of protection.

You can get more detailed information about PFA’s transfers of your personal data to non-EU/EEA countries by contacting PFA’s data protection officer. You can either be issued a copy of the EU Standard Contractual Clauses, information about another legal basis for the transfer of personal data or get informed about where the basis for transfer has been made available from PFA’s data protection officer.

3. Storage of your personal data

PFA stores your personal data until the customer relationship has ended and the limitation periods of the Danish Limitations Act have expired. The storage of personal data is also made with all due respect to PFA’s obligations to store personal data pursuant to the Danish accounting legislation and the Danish Bookkeeping Act. Exceptions may occur, but PFA will store your personal data as stated below. After the storage period has expired, your personal data will be deleted.

General rules Storage period
Personal data which forms part of your customer relationship with PFA (“the general limitation deadline”) 10 years after the termination of the customer relationship*
Insurance offers and quotations which you do not accept within the deadline 6 months after the expiry of the deadline
If you withdraw your application for insurance after submission of health information to PFA Personal data is deleted immediately after withdrawal of the application for insurance
If your application for insurance or individual increase in risk is rejected 3 years after termination of the processing of the application
Personal data about you which is obtained and processed to comply with the Danish Anti-Money Laundering Act 5 years after the termination of the customer relationship
Recording of telephone conversations for training and educational purposes  3 months after the conversation was recorded 

* PFA will forward a letter to you when you no longer have any pension plans, insurance cover or other agreed services with PFA. If your customer relationship has terminated prematurely, for instance due to surrender or transfer, PFA will store the letter as documentation of the termination of customer relationship for 10 years after the latest point in time when you would have been eligible for benefits had the terminated plans still been in force with PFA. Waiting periods may exist that have not been allowed for in the above-mentioned time limit. In addition to the general limitation period of 10 years, PFA applies a one-year temporal safety margin before deleting the data. Personal data that is processed for statistical purposes are stored for 30 years after the conclusion of the customer relationship.

If PFA or the customer preforms an action which prolongs the limitation period, for instance, reports a claim, PFA will postpone the deletion of personal data.

PFA ensures that personal data that has been deleted from operational systems are removed if a backup is used.

4. Automated individual decision-making

We use automated individual decision-making when your request to change your insurance plan with PFA involves an increase in risk for PFA. The general logic behind the automation is that the system calculates whether you will be able to increase the risk to the requested level on your plan. The calculation is made automatically. If the outcome of the processing is a rejection, the processing will be passed on to a PFA employee so that the automation does not have negative consequences for you as a customer.

5. Compulsory information

PFA requires your personal data when we, for example, establish and administer your pension and insurance plan. If you do not provide PFA with personal data, the consequence will be that PFA cannot attend to the purposes stated above, for example that we cannot register you as a customer with PFA or we cannot change your pension plan.

6. Your rights

When PFA processes personal data about you, you have the following rights:

Right of access
You are entitled to access the personal data PFA process about you and certain other information.  

Right to object
You are in certain circumstances entitled to object to our otherwise lawful processing of your personal data and to limit the processing of your personal data. In particular, you have an unconditional right to object to the processing of your personal data for use in direct marketing, and to object to profiling to the extent that it concerns direct marketing.  

Right to rectification
You are entitled to have incorrect data about you corrected without undue delay, and you will also have the right to add any missing personal data considering the purposes of the processing.

Right to erasure
You can learn more about when PFA automatically deletes your personal data under clause 3 – Storage of your personal data. In special circumstances, you will be entitled to have your personal data deleted in PFA before the time of the generally scheduled erasure.  

Right to restriction of processing
You are in certain circumstances entitled to restriction of PFA’s processing of your personal data, including when there is doubt as to the correctness of your information.

Right to data portability
You are in certain circumstances entitled to receive personal data that you have passed on to PFA in a structured, generally used and machine-readable format. Correspondingly, you have the right to have your personal data transferred from PFA to another data controller, such as another pension and insurance company.

Right to withdraw consent
If PFA is processing your personal data on the basis of your consent, you are entitled to withdraw your consent at any time. Withdrawal of your consent implies that, in future, PFA will not be allowed to process your personal data for the purpose you consented to. If you choose to withdraw your consent, this will not affect the lawfulness of PFA’s processing of your personal data that has been performed prior to your withdrawal of the consent, for instance if you have given your consent to us sharing your data. PFA may be entitled to process (such as store) your personal data on a basis other than consent.

If you revoke your consent, this may in some cases result in PFA’s discontinuation of the customer relationship.
 
If you withdraw your consent, this may in some cases result in PFA’s discontinuation of the customer relationship.

You can make use of your rights by calling PFA or by forwarding a letter. You can also contact us via My PFA.

There may be conditions or limits to the rights stated above. Therefore, there is no certainty that you will be entitled to, for instance, data portability or deletion of personal data - this will depend on the specific circumstances in connection with the data processing.

7. Complaints to the Danish Protection Agency

You will be entitled to file a complaint at any time to the Danish Data Protection Agency about PFA’s processing of your personal data. However, you ought to always contact PFA first if you believe that PFA has processed your personal data in conflict with the data protection regulations. This way, you can get PFA’s explanation of the case. You can contact the Danish Data Protection Agency by e-mail at dt@datatilsynet.dk or read more at www.datatilsynet.dk.

The date of our last update of this policy is stated at the top of this page.