PERSONAL DATA POLICY
Data Protection Regulation
As of May 25, 2018, the EU General Data Protection Regulation (GDPR) has come into fruition.
Who is subject to GDPR?
All individuals and companies that are in possession of private information/data related to their business.
Who is data processor and data controller?
CO*WINS International Insurance Broker A/S is both data controller and data processor.
What personal data do we store?
We store data about individuals or companies that is necessary to service our clients, including, but not limited to, insured employees in the companies, insured members in organizations and private names associated with company names.
How do we handle personal data?
We handle all personal data according to GDPR and the Danish data protection laws. To ensure this protection, we have reviewed our IT systems, security systems, software, firewalls, virus programs, and all related processes and controls.
What data do we collect?
All necessary information for administering and drawing up insurance, including: Name, address, owner/user information (properties, cars, etc.), CPR, email, payment information, damage information, insurance policies, and related information.
Information about health, personal injuries, union membership and the like will only be passed on to a third party with your consent.
Information about consent, extent of consent and withdrawal of consent is only made upon written request. Upon withdrawal of your consent, we will immediately terminate our storage of your personal data unless another legal basis is in force.
How long do we keep the data?
All information is kept until it is no longer relevant, which, in general, is 5 years after the partnership with CO*WINS has ended. In all cases, data is stored until we can no longer meet a claim or have a legal obligation to maintain them.
Where do we store the information?
Personal data is stored in a recognized insurance brokerage system, in a recognized storage system, or in a recognized email system with an archive function. Access to these systems always requires a Two Factor Authentication (2FA). Generally, we do not store physical documents. If this happens, these documents are always kept in a locked storage.
How do we send / transfer personal data?
Personal data is always sent / transferred via secure email (email@example.com).
How do we delete data?
We ensure that physical data is shredded, and electronically stored data is deleted from all registries.
Get information about your data
We will always provide you with information about the data we keep on you. We deliver the data in a machine-readable format, after written inquiry and only after a positive customer identification.
Objections / complaints
If you have objections to the collection and processing of your data, or if you are not satisfied with our processing of your personal data, you can make a formal complaint to CO*WINS at: firstname.lastname@example.org or to Datatilsynet, Borgergade 28, 1300 København K.