Processing of Personal Data

Processing of personal data

Last revised: 12.06.2018

At PFA Pension we store your personal data. As our customer, we want you to be informed about how your personal data is treated. Here, you can read about what we use your personal data for, how long we store it, and who we share it with. You can also read about what your rights are in this regard, and who to contact at PFA should you have questions about the usage of your personal data.

 

PFA is the data controller - how to contact us?

The legal entity responsible for the processing of your personal data the with regard to your pension and insurance plans is:

PFA Pension, insurance, limited company
Sundkrogsgade 4
2100 Copenhagen Ø
Telephone: + 45 70 12 50 00
CVR No. 13 59 43 76

Contact details of PFA's data protection officer

If you have any questions regarding the protection and treatment of your personal data you are welcome to contact our data protection officer.

Our DPO can be contacted in the following ways:

By email:         databeskyttelse@pfa.dk

By telephone:  Telefon: +45 70 20 75 15
By letter:         PFA Pension, insurance, limited company
                       Sundkrogsgade 4,
                       2100 Copenhagen Ø,
                       att: Data Protection Officer

1. Purpose of processing personal data

PFA processes your personal data for the various purposes described below. Under each purpose you can see what categories of personal data PFA processes, where PFA obtains personal data from, why we are legally entitled to process your personal data, and who PFA can share your personal data with. You can show the full text by clicking on the purpose you want to read about.

1. Offer to start a pension and insurance plan

In some cases we process personal data about you when offering a pension and insurance plan to the company you are employed at, or an organisation you are a member of. This is done in order to calculate a price for the plan.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
Date of birth, gender, information about your employment (e.g. employer and salary information) and size of pension savings.

Why we have the right to process personal data about you 
PFA collects, uses and shares your personal data on the following legal basis:
Collection, use and disclsoure of general personal data about you is necessary for PFA to pursue legitimate interests, namely, to give your company or the organisation you are a member of, a quote on a pension and insurance plan with PFA (General Data Protection Regulation's (GDPR) Article 6 (1) lit f).

Where we obtain your personal data from
PFA receives your personal data from your employer, insurance brokers or organisations you are a member of.

Disclosure of your personal data
PFA can disclose your personal data to business partners that assist our company with, for example, technical support and supplier services.

2. Creation, customisation and changes to pension and insurance plans

You will be created as a customer at PFA through a mandatory scheme via your employer or in special cases via a voluntary scheme.

Generally, the customer account is created by PFA receiving the first payment for the plan from your employer. At the time of creation, and in connection with later individual adaptations and/or changes to your plan, we process the data necessary for creating and changing your plan with PFA.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
Name, Civil reg. No., identity details (e.g. passport, if you cannot be identified via the Danish Civil Registration System), information about your financial commitments at PFA (e.g. deposits, risk profile, insurances and any other products), employment information (e.g. employer and salary information), family relationships (spouse/cohabiting partner/children), information related to sick leave, marital status (including separation and or divorce decree or order).
 
Special categories of personal data (sensitive personal data)
Creation:
When you are created as a customer at PFA it is not typical to process any sensitive information about you. However, in connection with the company's change of supplier or in cases of voluntary schemes, your medical information and information about your trade union may be processed (if the agreement is contingent on membership).

Customisations and changes:
In the event of individual adaptations such as request to increase coverage sum, PFA processes medical and health information.
For general changes to the plan you are covered by, it might be necessary for us to process sensitive personal information about you, when this represents an increased risk for PFA.

Where we obtain your personal data from
When PFA does not obtain personal data from you, we can obtain it from:
• Danish Civil Registration System
• Employer, insurance broker or organisation you are a member of
• Previous pension and insurance company
• Hospital, medical practitioner, other doctors and treatment facilities, as well as specialist physicians, chiropractors, physiotherapists, psychologists etc.
• The Danish Centre of Health & Insurance

Why we have the right to process personal data about you  
PFA collects, uses and shares your personal data on the following legal basis:

Collection and usage of general personal data about you is necessary for the performance of the contract/pension and insurance plan we have with you (GDPR's Article 6 (1) lit b).

Your general personal data, sensitive personal data and Civil reg. No. is obtained, used and disclosed based on consent/expressed consent from you (GDPR's Article 6 (1) lit a and the GDPR's Article 9 (2) lit a, as well as Section 11 (2) no. 2 of the Danish Act on Processing of Personal Data.

Collection, usage and disclosure of the Civil reg. No. and other general personal data is necessary as PFA is legally obligated under the Danish Anti-Money Laundering Act to identify and risk-assess customers, as well as inform the Anti-Money Laundering Secretariat (Danish Prosecutor for Serious Economic and International Crime) of suspicions, with the purpose of preventing and combating money laundering and terror financing. (Danish Act on Processing of Personal Data's Section 11 (2) no.1, and GDPR's Article 6 (1) lit c).

Disclosure of your personal data

PFA can disclose your personal data to the following parties or recipient categories:
• Danish Centre of Health & Insurance, for example, in case of rejection.
• PFA's business partners who assist our company with, for example, technical support and supplier services.

3. Advice and other administration of plans

We process your personal data when we advise on or administer your plan with PFA. This could, for example, be
• when we advise you, communicate with you, or when you make use of personalised digital solutions from us.
• when we administer payments and payouts on your pension plan.
• when we send you information concerning changes in your pension summary, your terms and conditions and other administrative information.

We use, analyse and automatically compile the information we collect to give you targeted and relevant information (what is legally referred to as "profiling"). PFA ensures in this way that you get information that we assess to be of the greatest value to you.

We advise customers, for example, in connection with life events such as marriage, divorce and buying a home. Therefore, we may need to, for example, find all the customers that have relocated in recent years so that we can advise them on how to adjust their plan when there major changes to their personal finances arise.

We advise our customers in connection with changes to the law. If there is a change to the law that affects a specific pension product, we want to find the group of customers that have this product so that we can explain what impact the change will have for them.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
Name, contact details, Civil reg. No., gender, customer and policy no., identity details (e.g. passport, if you cannot be identified via the Danish Civil Registration System), information about your financial commitments at PFA (e.g. deposits, risk profile, insurances and any other products), size of pension savings, payment information, information about your state pension, employment information (e.g. employer and salary information), municipal information on your assets, information on whether you have disappeared, information you have chosen to disclose through Mit PFA (e.g. pension plans with other pension companies, if you have uploaded Pensioninfo, tax information, if you have uploaded e-skat or disclosed this information in some other way), and any information on family relationships such as children and spouse.

Special categories of personal data (sensitive personal data):
Health information and information about trade union membership.

Where we obtain information about you
In advisory cases we use information that is in our system or on Mit PFA. Apart from this, we will often get supplementary personal data from you. This could be personal data that we receive from your via Mit PFA. When you give us your information via MitPFA.dk, login is via NemID where data transfer goes through a secure connection to PFA.  

When PFA does not obtain personal data from you, we can obtain it from:
• Employer, insurance broker or organisation you are a member of, e.g. when you change your agreement or there is a change in your employment contract.
• Previous pension and insurance companies, for example, if there is request to transfer your pension from another company to PFA.
• Banks and other financial institutions, e.g. if there is a request to transfer your pension from another company to PFA.
• Public authorities.
• The Danish Civil Registration System in cases of change of address or change of marital status.

Why we have the right to process personal data about you 
PFA collects, uses and shares your personal data on the following legal basis:

Collection, usage and disclosure of general personal data about you is necessary for the performance of the contract/pension and insurance plan we have with you (GDPR's Article 6 (1) lit b).

Processing of sensitive information is necessary for the establishment, exercise and defence of legal claims (GDPR's Article 9 (2) lit f).

Collection, usage and disclosure of the Civil reg. No., sensitive personal data, as well as the general personal data is necessary because PFA is legally obligated under the Danish Anti-Money Laundering Act to identify and risk-assess customers, as well as inform the Anti-Money Laundering Secretariat (Danish Prosecutor for Serious Economic and International Crime) of suspicions, with a view to preventing and combating money laundering and terror financing. PFA obtains personal data about you in connection with procedures to know the customer and as a result of surveys, listing and monitoring of the pension plan  (Act on the Processing of Personal Data's Section 11 (2), no. 1 and GDPR's Article 9 (2) lit g, and GDPR's Article 6 (1) lit c).

Collection, usage and disclosure of your Civil reg. No. and general personal data is necessary because PFA is legally obligated under the Danish Tax Control Act to report to SKAT, the Danish Customs and Tax Administration Additionally, PFA is required to withhold tax when paying out your pension savings to you. In connection with this, PFA discloses your personal data in compliance with the Danish Pension Taxation Act. You Civil reg. No. is disclosed for the purpose of identification of the customer when reporting financial information and paying out tax (Act on the Processing of Personal Data's Section 11 (2) no. 1, and the GDPR's Article 6 (1) lit c).

Disclosure of your general personal data, including your Civil reg. No. to banks and other financial institutions is necessary for the performance of the contract/pension and insurance plan we have with you (GDPR's Article 6 (1) lit a, as well as Section 11 (2) no. 3 of the Danish Act on Processing of Personal Data).

Disclosure of your personal data
PFA can disclose your personal data to the following parties or recipient categories:
• Your employer in connection with conditions surrounding your pension contributions.
• PFA's business partners who assist our company with, for example, technical support and supplier services.
• Banks and other financial institutions when transferring deposits.
• Public authorities, such as SKAT, in connection with legal reporting. 

4. Claim processing and insurance payout

We process your personal data when assessing whether we can offer treatment or insurance payout in connection with injury or the prevention of injury.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
Name, contact details, Civil reg. No., details of medical practitioner, details of treatment facility, employment details (e.g. employer and salary information), payment information and public services.

Special categories of personal data (sensitive personal data):
Health information.

Where we obtain information about you
You are our primary source of your own personal data, and we would normally obtain your personal data directly from you. This will typically be through Mit PFA, where you provide your information using NemID login, which ensures that data transfer goes over a secure connection to PFA.  

When PFA does not obtain personal data from you, we can obtain it from:
• Employer
• Previous pension and insurance companies (if your pension or insurance is transferred to us from another company).
• Hospital, medical practitioner, other doctors and treatment facilities, as well as specialist physicians, chiropractors, physiotherapists etc.
• Public authorities.

Why we have the right to process personal data about you 

PFA collects, uses and shares your personal data on the following legal basis:

Collection, usage and disclosure of general personal data about you is necessary for the performance of the contract/pension and insurance plan we have with you (GDPR's Article 6 (1) lit b).

Collection and usage of your health information is necessary for the establishment, exercise and defence of legal claims (GDPR's Article 9 (2) lit f).

Collection, usage and disclosure of your Civil reg. No. is necessary for the establishment, exercise and defence of legal claims (the Danish Act on Processing of Personal Data's Section 11 (2) no. 4 and Section 7 (1), as well as GDPR's Article 9 (2) lit f).

Disclosure of your general personal data and sensitive personal data in other cases is subject to your consent/express consent (GDPR's Article 6 (1) lit a and GDPR's Article 9 (2) lit a) or on legal grounds, including that we may disclose data to the Patient Compensation Association under the Danish Act on the Right to Complain and Receive Compensation within the Health Service (GDPR's Article 6 (1) lit c, GDPR's Article 9 (2) lit g, and the Danish Act on the Right to Complain and Receive Compensation within the Health Service).

Disclosure of your personal data
PFA can disclose your personal data to the following parties or recipient categories:
• Employer. E.g. when a payout has to be made to the employer.
• Insurance broker. We advise the insurance broker (if applicable) that you have been granted a payout for reduced working capacity, but no information is given about the nature, extent and amount.
• PFA's business partners who assist our company with, for example, technical support and supplier services and provision of health services.
• The Danish Centre of Health & Insurance. In special cases we disclose information to obtain a statement in order to make a decision.
• Public authorities, for instance the Patient Compensation Association. We disclose information based on the Danish Act on the Right to Complain and Receive Compensation within the Health Service.
• Sygeforsikring Danmark, health insurance. If the customer is a member of the health insurance provider, Sygeforsikring Danmark, we disclose personal data to them in connection with possible reimbursements.

 

5. When your plan expires

We process your personal data when your plan expires. This could, for example, be
• when your company or organisation changes pension company and terminates the pension and insurance scheme with PFA.
• when you resign and take another job.
• when you opt to terminate a voluntary pension agreement, which you have signed with PFA in your personal capacity via your membership in an organisation with whom PFA has a collaboration agreement.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
Name, contact information, Civil reg. No., customer and policy no., employment information and termination date.

Special categories of personal data (sensitive personal data):
Health information.

Where we obtain information about you

Apart from the information we get from you, we also obtain information from your employer.

Why we have the right to process personal data about you 
PFA collects, uses and shares your personal data on the following legal basis:

Collection, usage and disclosure of general personal data about you is necessary for the performance of the contract/pension and insurance plan we have with you (GDPR's Article 6 (1) lit b).

Usage and disclosure of your sensitive information is necessary for the establishment, exercise and defence of legal claims (GDPR's Article 9 (2) lit f).

Disclosure of general personal data about you is necessary in order for us to comply with the agreement/the pension and insurance plan that we have entered with you (the General Data Protection Regulation, article 6 (1), para b).

Disclosure of your civil reg. No. will be handled on the basis of the General Data Protection Regulation, Section 11, subsection 2, para 3.

Disclosure of your personal data
PFA can disclose your personal data to the following recipient categories:
• Your new pension and insurance company, if your employer changes pension and insurance company.
• Banks and other financial institutions when transferring your pension plan on your request.
• PFA's business partners who assist our company with, for example, technical support and supplier services.

6. Complaints

As a customer-driven pension company, PFA is responsible for advising you on your pension and insurance plans, and to ensure your fair treatment, including that you get the payouts you are entitled to, no more and no less. Complaints can arise from time to time.

We use your personal data to process any complaints from you about decisions made by PFA. It could also be that you are not satisfied with the decision in the complaint case, and choose to submit a complaint about PFA to the Insurance Complaints Board, or to bring a case against PFA to court. In these cases we will use your personal data.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:

Name, Civil reg. No., customer or policy no., information about your financial commitments at PFA (e.g. deposits, risk profile, insurances and any other products), beneficiaries, tax information, leisure activities, assets, employment information (e.g. employer and salary information), business situation, family relationships (spouse/cohabiting partner/children), marital status and information related to social problems (where not related to health).

Special categories of personal data (sensitive personal data):

Health information and if relevant information about trade union membership.

Personal data about criminal convictions and law violations:
Information about criminal offences.

Where we obtain information about you

When PFA does not obtain personal data from you, we can obtain it from:
• Employer, insurance broker or organisation you are a member of.
• Representatives, such as lawyers or trade union.
• Previous pension and insurance companies, for instance if your pension or insurance is transferred from another company.
• Public authorities (e.g. municipal documents for invalidity pension cases).
• Public authorities in connection with cases related to the Data Protection Agency or the Financial Supervisory Authority.
• Hospital, medical practitioner, other doctors and treatment facilities, as well as specialist physicians, chiropractors, physiotherapists, psychologists etc.

Why we have the right to process personal data about you 
PFA collects, uses and shares your personal data on the following legal basis:

Your general personal data is collected, used and disclosed based on the legitimate interest that legal claims may be established, exercised and defended by PFA should a customer complain about a decision made by PFA (GDPR's Article 6 (1) lit f).

Collection and use of general and sensitive personal data is necessary for complying with legal obligation (GDPR's Article 6 (1) lit c and GDPR's Article 9 (2) lit g). PFA has a legal obligation upon notice of the complaints officer and the financial company's handling of complaints.

Sensitive personal data is obtained, used and disclosed if it is necessary for PFA to establish, exercise and defend legal claims (GDPR's Article 9 (2) lit f).

Collection, usage and disclosure of your Civil reg. No. is necessary for the establishment, exercise and defence of legal claims (the Danish Act on Processing of Personal Data's Section 11 (2) no. 4 and Section 7 (1), as well as GDPR's Article 9 (2) lit f).

Collection, usage and disclosure of information on criminal offences is necessary for the establishment, exercise and defence of legal claims (the Danish Act on Processing of Personal Data's Section 8 (5) no. 4 and Section 7 (1), as well as GDPR's Article 9 (2) lit f).

Disclosure of your personal data
PFA can disclose your personal data to the following recipient categories:
• Representatives, such as lawyers or trade union.
• PFA's business partners who assist our company with, for example, technical support and supplier services.
• Public authorities in connection with cases related with the authorities, for instance, the Data Protection Agency or the Financial Supervisory Authority.
• Banks and financial institutions in connection with payouts to you, or clarification of payouts.
• Courts and tribunals.

7. Marketing

We process your personal data when we market our products and solutions (as described in our consent for marketing).

PFA has various marketing initiatives to ensure that you get exactly the knowledge that is relevant to you regarding your pension from PFA. PFA provides you with qualified recommendations, and knowledge about your benefits that is targeted specifically to you, your situation and your needs in the different phases of life.

We use, analyse and automatically compile the information we collect to give you targeted and relevant information (what is legally referred to as "profiling"). PFA ensures in this way that you get the information PFA considers to be of the greatest value to you.

You can also give your consent for PFA to market to you via the channels stated in the consent.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
Name, contact details, birth date, assets, information about your commitments with PFA (such as deposits, risk profile, insurances and any other products), salary information, tax information, marital status, family relationships (spouse/cohabiting partner/children), demographics, your behaviour on PFA’s digital channels (such as which emails you open, what articles you read, what you are interested in in Mit PFA), your communication with PFA (e.g. if you have questions concerning your pension plan, want to book a consultation appointment, or want more information about one of our products), publicly available or purchased data from BBR, CVR and Statistics Denmark (e.g. value of houses, shareholding in companies and demographic information), information your have given us via surveys, assessments and similar (e.g. what you think of our customer services or our products), information about your current commitments in PFA Bank (e.g. your deposits, risk profile, accounts and any other products, if you have given specific consent).

Where we obtain information about you
Often, no information is obtained other than that already provided by you through the customer relationship. If PFA receives new personal data on you, it would be:
• Information on what emails/articles etc. you open of the marketing material sent to you from PFA. 
• Publicly available information in registers like Statistics Denmark, BBR and CVR).

Why we have the right to process personal data about you
PFA processes your personal data on the following legal basis
The collection and usage of general personal data is necessary for us to be able to pursue legitimate interests, namely, the marketing of PFA's products (GDPR's Article 6 (1) lit f).

In certain cases, PFA will also obtain your consent according to the General Data Protection Regulation, article 6 (1) para a, including disclosure of personal information for sales promotion purposes.

Disclosure of your personal data
PFA can disclose your personal data to  business partners that assist our company with, for example, technical support and supplier services.

8. Analysis and statistics

We process your personal data when we prepare statistics and analyses. These may include:
• Internal surveys, analyses and profitability assessments
• Solvency calculations and solvency reporting required by law
• Actuary report
• Statistical surveys of material significance to society concerning cause of illnesses, pattern of illness and relation to mortality.

Categories of personal data
In connection with PFA's compiling of statistics and analyses, we process various personal data about you (however, often the information will be used anonymously). The personal data will be:

General categories of personal data:
Name, contact information, Civil reg. No., gender, customer or policy no., beneficiaries, information about your financial commitments with PFA Pension (e.g. you deposits, risk profile, insurances and any other products), employment information (e.g. employer and salary information), pension payments, tax information, assets, deposit size, family relationships (spouse/cohabiting partner/children), information about death or disappearance.

Special categories of personal data (sensitive personal data):
Health information.

Why we have the right to process personal data about you 
PFA obtains, uses and discloses your personal data based on the following legal basis:

Processing of general personal data is necessary in order to comply with the legal obligations that lie on PFA according to the Solvency II regulation, the POG (IDD) regulations regarding requirements for supervision of products and management in relation to companies and suppliers of insurance as well as the Danish Financial Business Act (the General Data Protection Regulation, article 6 (1), para c). These legal obligations are contained in the National Bank of Denmark Act ("statistical information within its area of competence") and the Danish Financial Business Act ("the information required for the Danish Financial Supervisory Authority's activities").

PFA prepares reports required by on a number of areas, including solvency estimates and analyses requirement by law. PFA processes sensitive personal information if the processing is necessary owing to considerable public interests according to the Solvency II regulation and the Danish Financial Business Act (the General Data Protection Regulation, article 9 (2), para g).It follows, inter alia, from the above that PFA is required to carry out the calculations and analyses.

PFA compiles analyses of linked information on injury, disease, disease patterns and correlation to mortality. The analyses are conducted with the aim of reducing the risk of disease and death as well as obtaining general knowledge about the effect of preventive efforts for the benefit of society. These analyses are made on the basis of the POG (IDD) regulations regarding requirements for supervision of products and management in relation to insurance companies and suppliers of insurance (the General Data Protection Regulation, article 9 (2), para g).

Disclosure of your personal data
PFA may pass on your personal information to the following recipients:
• Statistics Denmark
• Danish Financial Supervisory Authority, the FSA

9. Compliance with data protection regulations

We process your personal information through statutory reports, and when we have to ensure that we comply with applicable laws, such as anti-money laundering, personal data and financial activities.

PFA collects, uses and discloses your information in connection with complying with the General Data Protection Regulations (GDPR) and the Danish Act on Processing of Personal Data, and other relevant legislation such as the Danish Financial Business Act. These could be:
• Documentation requirements
• Mandatory reporting to the authorities
• Compliance with the principles for processing of personal data and the legal basis for processing
• Protection of personal data by implementation and maintenance of technical and organisational security safeguards, for instance to prevent unauthorised access to PFA's IT systems
• Investigation of suspicion or knowledge of security breaches, followed by reporting to the customer or other affected parties and the Danish Data Protection Agency
• Handling of enquiries and complaints from customers and other parties,
• Handling of inspections and enquiries from the Danish Data Protection Agency and the Danish Financial Supervisory Authority.
• Handling of disputes, for instance, appeals cases and lawsuits
• Statistics

10. Contributions and payout to spouse, cohabiting partner and children

If you are the spouse/cohabiting partner, previous spouse, beneficiary or next of kin of a pension or insurance customer of PFA, we use your personal data to administer payouts to you in case of death or division of the pension plan in case of, for instance, divorce.

Categories of personal data
We use various personal data about you. These could be:

General categories of personal data:
Name, contact details, Civil reg. No., identity details (e.g. passport, if you cannot be identified via the Danish Civil Registration System), payment information, family relationships (spouse/cohabiting partner/children), salary information, marriage date and marital status (including any separation and/or divorce decree or order).

Where we obtain information about you
 When PFA does not obtain personal data from you, we can obtain it from:
• Public authorities (e.g. SKAT, Danish Bankruptcy Court)
• estate of deceased
• Nets Denmark A/S (information on NEM account used for payouts)

Why we have the right to process information about you 
PFA collects, uses and shares your personal data on the following legal basis:

Collection, usage and disclosure of general personal data is necessary for complying with a legal obligation (GDPR's Article 6 (1) lit c). PFA is required under the Danish Tax Control Act to withhold tax when paying out your pension savings to you. PFA discloses your personal data to SKAT in accordance with the Danish Pension Taxation Act

Collection, usage and disclosure of general personal data is necessary for complying with a legal obligation (GDPR's Article 6 (1) lit c). PFA is legally obligated under the Danish Anti-Money Laundering Act to identify and risk-assess customers, as well as inform the Anti-Money Laundering Secretariat (Danish Prosecutor for Serious Economic and International Crime) of suspicions, with the aim to prevent and combat money laundering and financing of terrorism.

Civil reg. No. is disclosed in order to identify you when reporting financial information and payout of tax (Danish Act on the Processing of Personal Data's Section 11 (2) no. 1).

Disclosure of your personal data
PFA can disclose your personal data to the following recipient categories:
• Public authorities, such as SKAT, in connection with deceased estate fees and taxes.
• PFA's business partners who assist our company with, for example, technical support and supplier services. 

11. Contact forms and optimisation of user experience on PFA's website

We process your personal data when you use our website. This could be when we work on optimising the user experience of PFA's website, or when you contact us using the contact form (for instance when you have a question about our products or about your plan with PFA, or when we have marketing campaigns). You can also contact us using the contact forms with complaints (if you want to, for instance, complain about a decision)

As regards the handling of complaints, please refer to the section on "Complaints" 

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
When you contact us using the contact forms, PFA registers the information your provide yourself. This will be your name, contact details, birth date, company name and CVR No. If you contact us via the contact forms with a complaint, we will also request your Civil reg. No. in order to identify you.

Where we obtain information about you
PFA obtains your personal data from the website of these sources:
• Google Analytics - PFA uses Google Analytics on PFA’s website to check how the site is visited and how users navigate around the website. To read more about Google Analytics, click here.
• Cookies – PFA uses three types of cookies, namely cookies that get the website to work, cookies for statistics and cookies for marketing. 
To read more about what cookies are, what PFA uses them for and how you can block and delete cookies, click here.

Why we have the right to process personal data about you 
PFA collects, uses and shares your personal data on the following legal basis:

With the help of cookies we collect your personal data when you visit our website, pfa.dk. In connection with this, we get your consent (consent to use cookies).

The personal data we have collected via cookies are processed and disclosed by us for the legitimate interest of getting our website to work for the purposes of statistics and marketing (GDPR's Article 6 (1) lit f).

Disclosure of your personal data
PFA can disclose your personal data to business partners that assist our company with, for example, technical support and supplier services.

 

12. Benefits from suppliers etc. (not relevant for you as a customer with PFA)

In certain cases, we collect personal information about you if you are employed with one of our suppliers or business partners (hereinafter referred to as contracting party). We collect this personal information when you, as a contact person for the contracting party, do business on behalf of the contracting party, for instance, when entering into contracts with PFA or when supplying services to PFA.

Categories of personal data
We process various personal data about you. These could be:

General categories of personal data:
Name, your contact information at our contracting party where you are employed (for instance your work e-mail) and occupation.

Where we obtain information about you
PFA obtains your personal data from the following sources:
• If we have not received any personal data from you, we may in certain cases get them from our contracting party (where you are employed).

Why we have the right to process personal data about you
PFA collects, uses and discloses your personal information based on the following legal basis:

We collect, use and disclose your personal data for the use of entering into and compliance of our contract with the contracting party (the General Data Protection Regulation, article 6 (1), para b).

Disclosure of your personal data
PFA can disclose your personal data to the following type of recipients:
• PFA’s business partners who assist our company with technical support, supplier services, etc.

 

2. Transfer of personal data to countries outside the EU/EEA

PFA does not transfer your personal data to countries outside the EU/EEA.

PFA uses partners (processors and subprocessors) in England. This means that your personal data may be transferred to England. When England exits the EU, it will become a third country outside the EU/EEA. Data transfer will hereafter take place in accordance with the EU Commission's standard contract for the transfer of personal data unless England is considered to have an adequate level of protection.

If PFA signs the EU Commission's standard contract with English partners, you will at all times be able to get a copy of the standard contract by contacting PFA’s DPO.

3. Storage of your personal data

PFA stores your personal data until the customer relationship ends, and limitation deadlines under the Danish Limitations Act have passed. The storage of personal data is also due to PFA's obligations to store personal data in accordance with the Danish Bookkeeping Act. Exceptions may arise, however, PFA stores your personal data as stated below. Your personal data will be thereafter be deleted.

Hovedregler Opbevaringsperiode
Personoplysninger der er en del af dit kundeforhold  med PFA (”den almindelige forældelsesfrist”) 10 år efter kundeforholdets ophør*
Forsikringstilbud, som du ikke accepterer inden acceptfristen Seks mdr. efter acceptfristens udløb
Hvis du trækker din ansøgning om forsikring tilbage efter indsendelse af helbredsoplysninger til PFA Umiddelbart lige efter tilbagetrækningen af ansøgningen
Hvis du måtte få afslag på antagelse af forsikring eller individuel risikostigning Tre år efter ophøret af den automatiske behandling af ansøgningen
Personoplysninger, som indhentes og behandles om dig til overholdelse af hvidvaskloven Fem år efter kundeforholdets ophør
Personoplysninger, som behandles til statistiske formål 30 år efter kundeforholdets ophør
Main rules Storage period
Personal data that make up part of the customer relationship with PFA ("the general limitation deadline") 10 years after the customer relationship ceases*
Insurance quotes that you do not accept within the acceptance deadline Six months after the expiry of the acceptance deadline
If you withdraw your application for insurance after submission of personal health information to PFA Immediately upon withdrawing your application
If your application is decline on the assumption of insurance or individual risk-taking Three years after the automatic processing of the application is completed
Personal data about you that is obtained and processed to comply with the Danish Anti-Money Laundering Act Five years after the customer relationship ceases
Personal data processed for the purpose of statistics 30 years after the customer relationship ceases

*There may be a waiting period that is not accounted for in the above deadline. Therefore, in addition to the general limitation deadline of 10 years, PFA also uses a periodic safety margin before the data is deleted.

If PFA or the customer undertakes an action that extends the limitation deadline, such as submitting a claim, PFA will cease the deletion of personal data.

4. Automated individual decision-making

We use automated individual decision-making when your request to change your insurance plan with PFA involves a risk for PFA. The general logic behind automation is that the system calculates whether you can take the desired risk on your plan. Calculations are performed automatically. PFA's automatic processing of an application for insurance or individual risk-taking ceases if the possible outcome is a decline. If the automated decision results declining your request, processing of your request is passed on to a PFA employee, so that the automated process does not involve negative consequences for you as a customer.

5. Required information

PFA requires your personal data when we, for example, create and administer your pension and insurance plan. Not furnishing PFA with your personal data will mean that PFA cannot take care of the tasks above, such as creating your customer account with PFA or changing your pension plan.

6. Your rights

When PFA processes personal data about you, you have the following rights:

Right of access
You have the right to access the personal data about you that PFA processes.

Right to object
You have the right to object to the processing of your personal data, and to limit the processing of your personal data. In particular, you have the right to object to the processing of your personal data for use in direct marketing, and to object to profiling to the extent that it concerns direct marketing.

Right to correct
You have the right to correct incorrect personal data without undue delay, hereunder with consideration to the purpose of processing, you have the right to add any missing personal data.

Right to delete
You can read about when PFA deletes your personal data under point 3 - Storage of your personal data. In special cases, you have the right to get your personal data deleted from PFA before the given deadlines.

Right to restricted processing
You have the right to restrict PFA's processing of your personal data in certain cases, including when there is doubt as to the correctness of your information.

Right to data portability
You have the right to have the personal data you yourself have provided to PFA transferred to you in a structured, commonly used and machine readable format. Similarly, you have the right to have your personal data transferred from PFA to another data controller, such as another pension and insurance company.

Revoking of consent
If PFA is processing your personal data subject to your consent, you have the right to revoke your consent at any time. Revoking of consent will mean that PFA can no longer process your personal data for the purposes for which you gave your consent. Revoking of consent does not affect the processing of your personal data that has been performed prior to revoking consent, e.g. if you have consented to us sharing your information. PFA may be entitled to process (e.g. store) your personal data on a basis other than consent.
If you revoke your consent, this may in some cases result in making it impossible to continue as a customer.

You can make use of your right by calling PFA or by forwarding a letter. You can also contact us through My PFA.

There may be conditions or limits to the rights mentioned above. Therefore, there is no guarantee that you are entitled to data portability or deletion of your personal data in the specific case - this depends on the specific circumstances of the data processing performed.

7. Complaints to the Danish Protection Agency

You have at all times the right to submit a complaint to the Danish Data Protection Agency on PFA's treatment of your personal data. However, you should always contact PFA first if you believe that PFA has treated your personal data in a way that violates the data protection regulations. In this way, you will be able to get PFA's explanation of the case. You can contact the Data Protection Agency by emailing dt@datatilsynet.dk or you can read more on www.datatilsynet.dk.

The date of the last update to the policy will be stated at the top of the page.

If you are a customer with PFA Bank, you can make yourself familiar with how PFA Bank processes your personal information by clicking here. (In Danish only). You find PFA Bank’s privacy policy (in Danish only) under Generelle vilkår.