Insurance Consulting privacy policy
Contact details of the data controller
Söderberg & Partners Insurance Consulting AB (org.nr. 556707-7648)
Söderberg & Partners
Box 7785
103 96 Stockholm
Categories of personal data
Employment information – Data related to your employment, such as position, employer and type of employment.
Corporate involvement – Information about your involvement in companies, e.g. board assignments, shareholding in companies and what degree of involvement you have in the company (i.e. passive or active involvement).
Cookies – A small text file with information about your settings and preferences that is saved in your browser when you visit the website.
Family relationships – Information about your family relationships, e.g. about your marriage status, partner, number of children and other close relatives.
Financial information – Information about your financial situation, such as information about your income or assets.
Insurance information – Information about your insurance, e.g. occupational pension or other personal insurance.
Health data – Data related to the signing of certain insurance policies, such as sick leave or parental leave.
Identity data – Data used to identify you, such as your name and date of birth.
Contact information – Information used to contact you, such as your email address and phone number.
PEP and money laundering information – Checks are made against lists of people who constitute so-called politically exposed persons (PEP) as well as other money laundering audits according to current regulations, these may include information such as name, date of birth, occupation, and reason why the person is on the list.
Social security number – Information such as social security number and coordination number (if applicable) used to securely identify you. In some cases, we use national ID number and passport number, when necessary.
Tax-related data – Data related to your tax, e.g. tax liability after calculation.
Our processing of personal data
Our processing of personal data depends on the relationship you have with us. You can read more about how we process your personal data by clicking on the respective heading below.
Insurance distribution to companies in respect of pension, group and other life insurance
We enter into an agreement with the company or organization with which you have a relationship regarding insurance distribution of occupational pension insurance and group insurance. We thus process your personal data in order to be able to advise and help the company or organization with which you have a relationship when choosing insurance, to administer the insurance chosen, and to comply with various legal obligations arising from those services.
What personal data is processed?
Employment information, health data, financial information, insurance information, identity data and your social security number.
If you are the beneficial owner of the company that hires us, we also process PEP and money laundering information and tax-related information.
Is the data required or is it voluntary?
The information we have about you is necessary to be able to mediate insurance to your employer.
The information we have about you as a beneficial owner is necessary to comply with relevant money laundering legislation.
From which sources do we collect your personal data?
We collect information from your employer or the organization you have a relationship with as well as from insurers. If you act as a representative of the company, the information comes directly from you.
For what purposes do we process your personal data?
Quotations
We process your employment information, insurance information, identity data, insurance information and your social security number in order to be able to provide quotes on our procured insurance solutions.
If you are a contact person at the company or organization, we also process your contact information.
Advisory services
We process employment information, financial information, identity data and social security numbers in order to be able to provide advice on what insurance your employer should take out and what extent of insurance coverage the company or organization should offer its employees. We as an insurance intermediary are required to always meet our customers' interests and when advice is given in connection with the insurance distribution, these must be adapted to your employer's objectives and needs. This means that the intermediary collects the necessary personal data to make an analysis of the company and its employees, such as the extent of insurance needs.
Signing and administration of insurance
We process employment information, financial information, identity data and social security numbers to enter into, administer and fulfill agreements on the insurance that your employer takes out.
Customer due diligence
We process information about company involvement if you are a representative or beneficial owner in order to comply with legal obligations to perform the necessary customer due diligence.
Documentation requirements
We process identity data and social security numbers in order to document the advice we give if you are a sole proprietorship.
We process employment information, company involvement, PEP and money laundering-related information, social security number and tax-related information regarding representatives and beneficial owners in order to document the advice given to the company or organization you represent.
Product development
We process your personal data in order to improve our products, services and systems by making various kinds of analyzes and statistics compiling. The processing takes place in aggregated form, and we only process such data as is necessary for the aforementioned purposes.
Booking of meetings
We process your employment information, identity data (name only) and your contact information for the purpose of administering the booking of an advisory meeting with you. We then also process notes of any information you have given us during our conversation.
Secure identification
We process your identity data, contact information and your social security number at certain types of signatures or when logging in to our digital environments in order to enable secure identification when signing with Bank ID.
On what legal basis do we process your personal data?
The legal basis for the processing is primarily to comply with the legal obligations that arise in connection with the insurance distribution assignment. We also have a legitimate interest in developing our products and services.
Who are the recipients of your personal data?
The personal data we process about you is sent to the insurer that has issued the insurance policy, and to your employer. We may also need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage or invoicing. In addition, your contact information may be shared with selected partners for marketing purposes, provided that you do not object. See more under the section on our processing regarding marketing and under the section on the right to object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We store your personal data for as long as is necessary with regard to the insurance period. We also have a requirement to store advisory documentation and associated documents for such a long time within which claims for damages arising from the insurance can be made plus one year. This means that we typically store the information for eleven years after our agreement with the company/organization has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
Insurance distribution to individuals regarding pension-related insurance
We enter into an agreement with the company or organization with which you have a relationship, to assist their employees or members in managing and placing their occupational pension provisions and other management within the company's pension policy. In some cases, we also enter into agreements directly with you. We then process your personal data in order to be able to advise and assist you in choosing and choosing insurance, to administer the insurances you have chosen, and to comply with various legal obligations arising from those services.
What personal data do we process?
Employment information, family relationships, financial information, insurance information, health data, identity data, social security number, tax-related data and in some cases PEP and money laundering information.
Is the data required or is it voluntary?
The information we have about you is necessary to be able to mediate insurances, with the exception of e-mail address, which is voluntary to provide in order to facilitate contact.
From which sources do we collect your personal data?
We collect information primarily from you and/or your employer or the organization you have a relationship with. We also collect information from the Swedish State Personal Address Register (SPAR) and from the insurers where insurance is taken out.
For what purposes do we process your personal data?
Advisory services
We process your employment information, family relationships, financial information, insurance information, health data, social security number and tax-related information in order to be able to provide advice on which insurance you should take out, what extent of insurance coverage you should have and, where applicable, the choice of funds. We as an insurance intermediary are required to always meet your interests and when advice is given in connection with pension advice, these must be adapted to your wishes and needs. This means that the intermediary must collect the necessary personal data in order to be able to make a sufficient survey of you.
Signing and administration of insurance
We process your employment information, insurance information, health data, identity data, contact information and your social security number for the purpose of entering into, administering and fulfilling insurance agreements as well as to review your insurance situation and present alternative solutions adapted to your individual situation.
Customer due diligence
We process your address, financial information, name, PEP and money laundering information and your social security number in order to obtain the necessary customer knowledge about you, in order to comply with legal obligations contained in legal obligations contained in current money laundering legislation.
Documentation requirements
We process your personal data for the purpose of documenting the advice we provide because we have a legal obligation under current insurance distribution legislation to document our distribution.
Develop products
We process your personal data above in order to improve our products, services and systems by making various kinds of analyzes and compiling statistics. The processing takes place in aggregated form, and we only process such data as is necessary for the aforementioned purposes.
Meeting booking
We process your employment information, identity data, contact information and your social security number for the purpose of administering the booking of an advisory meeting with you. We then also process notes of any information you have given us during our conversation.
Secure identification
We process your identity data, contact information and your social security number at certain types of signatures or when logging in to our digital environments in order to enable secure identification when signing with Bank ID.
On what legal basis is the personal data processed?
The legal basis for the processing is to be able to comply with the legal obligations that arise in connection with the insurance distribution assignment and to implement the agreement that has been entered into. We also have a legitimate interest in developing our products and services, in the secure identification of our customers and in being able to market ourselves.
Who are the recipients of the personal data?
The personal data we process about you is sent to the insurer that has issued the insurance policy, and to your employer. We may also need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage or invoicing. In addition, your contact information may be shared with selected partners for marketing purposes, provided that you do not object. See more under the section on our processing regarding marketing and under the section on the right to object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long is your personal data stored?
We store your personal data for as long as is necessary with regard to the insurance period. Finansinspektionen (Swedish Financial Supervisory Authority) requires us to store advisory documentation for as long as possible within the scope of the claim for damages arising from the insurance plus one year. Claims for damages can be made for ten years after our agreement with you or the company/organisation you belong to has ended, which normally means that we store your advisory documentation for eleven years thereafter.
Automated decision-making
We do not perform automated decision-making based on your personal data.
Insurance distribution to individuals regarding group insurance
We process your personal data in order to be able to advise on, take out and administer both voluntary and compulsory group insurance. This includes insurance such as accident insurance and/or health insurance.
What personal data is processed?
Employment information, family relationships, financial information, health data, identity data, contact information and your social security number.
Is the data required or is it voluntary?
The information we have about you is necessary to be able to mediate insurance, with the exception of e-mail address and telephone number, which are voluntary to provide to facilitate contact.
From which sources do we collect your personal data?
We collect information primarily from you and/or your employer or the organization you have a relationship with. We also collect information from the Swedish State Personal Address Register (SPAR) and from the insurers where insurance is taken out.
For what purposes do we process your personal data?
Advisory services
We process your employment information, family relationship, financial information, insurance information, health data, identity data and your social security number in order to be able to provide advice on which insurance you should take out and what extent of insurance coverage you should have. We as an insurance intermediary are required to always meet your interests and when advice is given, these must be adapted to your wishes and needs. This means that the intermediary must collect the necessary personal data in order to be able to make a sufficient survey of you.
Signing and administration of insurance
We process your identity data and your social security number for the purpose of entering into, administering and fulfilling agreements on insurance as well as to go through your insurance situation and present alternative solutions adapted to your individual situation.
If a relative is the beneficiary of an insurance policy, information about family information may also be processed.
Documentation requirements
We process your personal data for the purpose of documenting the advice we provide because we have a legal obligation under the insurance distribution legislation to document our distribution.
Develop products
We process your personal data in order to improve our products, services and systems by making various kinds of analyzes and compiling statistics. The processing takes place in aggregated form and we only process such data as is necessary for the aforementioned purposes.
Meeting booking
We process your identity data, contact information and your social security number in order to administer the booking of a consultation meeting with you. We then also process notes of any information you have given us during our conversation.
Secure identification
We process your identity data, contact information and your social security number at certain types of signatures or when logging in to our digital environments in order to enable secure identification when signing with Bank ID.
On what legal basis do we process your personal data?
The legal basis for the processing is to be able to comply with the legal obligations that arise in connection with the insurance distribution assignment. We also have a legitimate interest in developing our products and services, in the secure identification of our customers and in being able to market ourselves.
Who are the recipients of your personal data?
The personal data we process about you is sent to the insurer that has issued the insurance policy, and to your employer. We may also need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage or invoicing. In addition, your contact information may be shared with selected partners for marketing purposes, provided that you do not object. See more under the section on our processing regarding marketing and under the section on the right to object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We store your personal data for as long as is necessary with regard to the insurance period. Finansinspektionen (Swedish Financial Supervisory Authority) requires us to store advisory documentation for such a long period within which claims for damages arising from the insurance can be made plus one year. Claims for damages can be made for ten years after our agreement with you or the company/organisation you belong to has ended, which means that we normally store your advisory documentation for eleven years thereafter.
Automated decision-making
We do not perform automated decision-making based on your personal data.
Insurance distribution to companies regarding non-life insurance
We process information about you as a contact person for a company or organization for which Söderberg & Partners has intermediary assignments regarding non-life insurance.
If your company is a sole proprietorship, we also process your social security number. We have legal obligations to document every customer relationship.
What personal data is processed?
If you are a contact person for a company or organization for which Söderberg & Partners has an intermediary assignment, we process your employment information, your identity data and your contact information.
If your company is a sole proprietorship, we process your social security number in addition to the above. Your social security number may also be processed when logging in to our systems in order to ensure a secure identification.
If you as an employee or otherwise are named in an insurance, or documentation for an insurance, that is taken out by a company or organization for which Söderberg & Partners has an intermediary assignment, we process information about you that is necessary for the insurance in question, identity data, insurance information and social security number. If Söderberg & Partners assists a company or organization in the event of damage, information about the damage is processed.
Is the data required or is it voluntary?
The information we have about you is necessary to be able to mediate insurance, with the exception of e-mail address and telephone number, which are voluntary to provide to facilitate contact.
From which sources do we collect your personal data?
We collect the information directly from you and/or from the company or organization with which you have a relationship. We also collect information from the Swedish State Personal Address Register (SPAR).
For what purposes do we process your personal data?
Quotations
If you are a contact person at the company or organization, we process your employment information and contact information in order to be able to provide quotes on our procured insurance solutions.
If you are a sole proprietorship, we also process your name and social security number.
Advisory services
We process your name and social security number if your company is a sole proprietorship in order to be able to advise you when choosing insurance.
Signing and administration of insurance
If your company is a sole proprietorship, your name and your social security number are processed in order to be able to administer and take out the insurances you choose.
Documentation requirements
We process your employment information, your identity data and contact information in order to document the advice and measures we take within the framework of the assignment and live up to the documentation requirements that apply to our business.
If your company is a sole proprietorship, your name and social security number are also processed.
Develop products
We process your personal data in order to improve our products, services and systems by making various kinds of analyzes and compiling statistics. The processing takes place in aggregated form, and we only process such data as is necessary for the aforementioned purposes.
Meeting booking
We process your employment information, identity data and your contact information for the purpose of administering the booking of a consultation meeting with you. We also process notes of any information you have given us during our conversation.
Secure identification
We process your identity data, contact information and your social security number at certain types of signatures or when logging in to our digital environments in order to enable secure identification when signing with Bank ID.
On what legal basis do we process your personal data?
The legal basis for our processing is the legal obligation to which the insurance distribution assignment arises. We also have a legitimate interest in developing our products/services and systems. The legal basis for processing personal data when logging in to our systems may be legitimate interest or the importance of a secure identification depending on the login method.
Who are the recipients of your personal data?
The personal data we process about you is sent to the insurer that has issued the insurance policy, and to your employer. We may also need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage or invoicing. In addition, your contact information may be shared with selected partners for marketing purposes, provided that you do not object. See more under the section on our processing regarding marketing and under the section on the right to object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We store your personal data for as long as is necessary with regard to the insurance period. We also have a requirement to store advisory documentation and associated documents for such a long time within which claims for damages arising from the insurance can be made plus one year. This means that we normally store the information for eleven years after our agreement with you or the company/organization has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
Insurance distribution to individuals regarding non-life insurance
We help you as a private pension to take out private non-life insurance such as home insurance, villa, holiday home or car.
What personal data is processed?
Identity data, social security number, contact information and insurance information.
Is the data required or is it voluntary?
The information we have about you is necessary to be able to mediate insurance, with the exception of e-mail address and telephone number, which are voluntary to provide to facilitate contact.
From which sources do we collect your personal data?
From you and then insurers you currently have an insurance policy taken out or where insurance is taken out. We also collect information from the Swedish State Register of Personal Addresses (SPAR).
For what purposes do we process your personal data?
Quotations
We process your contact information and information about previous insurance policies in order to be able to provide quotes on our procured insurance solutions.
Administration and insurance
We process your insurance information, identity data, contact information and your social security number in order to take out the insurances you choose and to administer the insurances that are taken out.
Documentation requirements
We process your Insurance information, your identity data and your social security number for the purpose of documenting the insurance distribution we perform. We have a legal obligation under current insurance distribution law to document our distribution.
Develop products
We process your personal data in order to improve our products, services and systems by making various kinds of analyzes and compiling statistics. The processing takes place in aggregated form, and we only process such data as is necessary for the aforementioned purposes.
Secure identification
We process your identity data, contact information and your social security number at certain types of signatures or when logging in our digital environments in order to enable secure identification when signing with Bank ID.
On what legal basis do we process your personal data?
The legal basis for the processing is to be able to comply with the legal obligations that arise in connection with the assignment. We also have a legitimate interest in a secure identification of our customers and being able to market ourselves.
Who are the recipients of your personal data?
The personal data we process about you is sent to the insurer that has issued the insurance policy. We may also need to disclose necessary personal data about you to our suppliers for the performance of our services, for example in connection with data storage or invoicing. In addition, your contact information may be shared with selected partners for marketing purposes, provided that you do not object. See more under the section on our processing regarding marketing and under the section on the right to object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We store your personal data for as long as is necessary with regard to the insurance period. Finansinspektionen (Swedish Financial Supervisory Authority) requires us to store advisory documentation for such a long period within which claims for damages arising from the insurance can be made plus one year. Claims for damages can be made for ten years after our contract with you has ended, which means that we store your advisory documentation for eleven years thereafter.
Automated decision-making
We do not perform automated decision-making based on your personal data.
We may market our services to you through, for example, telemarketing, newsletters and event invitations. Our website also uses cookies which are created when you log in to one of our websites. This processing is completely voluntary and can be objected to at any time.
What personal data is processed?
Within the framework of our marketing, we may process your employment information, your identity data and your contact information. If you participate in an event we organize, we may also process information about allergies, if you provide it to us.
Of the above information, we only use those that are necessary for the type of marketing we carry out.
Our websites and applications use cookies. A cookie is a small text file with information about your settings and preferences that is saved in your browser when you visit the website. When we use cookies, we process information about your IP address, your browsing habits and your visit history. For more information about the cookies we use see (https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/).
If you want to be placed on our block list where you make it clear that you no longer want any direct marketing communication from us, we may process the types of contact information that you choose to put on the block list.
Is the data required or is it voluntary?
It is up to you whether we may use your personal data to market our or our partners' services. You can find more information on how to object to us using your personal data for marketing purposes under the heading Right to object. In addition, you can always choose whether you want to allow our website to place cookies, which are not necessary for the website to work, in your browser or not.
Providing information about allergies or other food preferences is voluntary after consent has been obtained and your consent can be revoked at any time. However, a revoked consent means that we can no longer accommodate your possible wishes regarding allergies or food preferences.
From which sources do we collect your personal data?
We collect information directly from you, other companies that your employer and/or the company that you represent is a customer of and with which we cooperate, as well as from external address providers.
For what purposes do we process your personal data?
Telemarketing
We process your identity data and contact information in order to market our services and enable contact with you.
Event
We process your identity data and contact information for the purpose of producing guest lists and providing information to you about events that we are planning and/or that you have accepted. We also process information about any allergies, in cases where you provide them to us. We will then obtain your specific consent for this processing.
Newsletter
We process identity data (name only) and contact details (e-mail address only) for the purpose of sending you newsletters. We send out newsletters to you who have chosen to subscribe via our website and to you who are a customer provided that you do not object to this. For more information about the newsletter, see here.
Contact form
We process identity data (name only) and contact information for the purpose of contacting you in the case you want to be contacted. The purpose of the processing is for the appropriate person or department to be able to help and respond to what you want help or information about.
Block list
We process the contact information or contact information that you choose to put on the block list in order to live up to our legal obligation to have an internal marketing block list.
Cookies
The purpose of our processing of personal data derived from cookies is to improve your user experience on our website. This is done through follow-up of web statistics to improve the website's content, appearance and functionality. The purpose is also to ensure that our website works, to analyze visitor statistics and to be able to provide relevant marketing and relevant offers to you through web advertising. In order for us to be able to target marketing and offers that are relevant to you as a visitor, we sometimes make selections based on your browsing habits and visitor statistics on our website. It may then happen that some visitors receive offers that others do not receive, based on so-called profiling.
To read more about specific cookies and their use, please see our Cookie Policy (https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/).
On what legal basis do we process your personal data?
We have a legitimate interest of marketing our services. In our balance of interests, we have taken great care that you who receive the marketing should not be surprised or unduly disturbed by our marketing. We also have a legitimate interest of analyzing data in order to improve your user experience on the website.
We carry out targeted marketing and profiling based on your consent when you have approved marketing cookies. If you have consented to marketing cookies, you can withdraw your consent to these at any time. Read more about how to change cookie settings under "Manage cookie settings" and in our Cookie Policy which can be found here https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/.
If we process information about allergies or other food preferences before an event, we will, via each event's registration form, collect your consent first. If you have given your consent, you have the right to withdraw your consent at any time. However, a revoked consent means that we can no longer accommodate your possible wishes regarding allergies or food preferences.
For the block list, our legal basis is the fulfillment of our legal obligation to have a functioning block list.
Who are the recipients of your personal data?
Information about you is disclosed to companies that help us with our marketing or our events.
Your contact information may also be shared with selected partners for marketing purposes, provided that you do not object.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long is your personal data stored?
We save your information for as long as necessary depending on the type of marketing we carry out. Regarding telemarketing, events and the contact form, we store your personal data for a maximum of six months, or until you decline further contact. Once you have chosen to subscribe to our newsletter, we will retain your data for as long as you have subscribed to the newsletter.
Please see our cookie policy for information on the storage period regarding cookies https://www.soderbergpartners.se/en/about-us/personal-data-cookies/cookies/.
Automated decision-making
We do not perform automated decision-making based on your personal data.
In order to enter into a cooperation agreement or supplier agreement with the company or organization you represent, we need to process your personal data. We do this in order to be able to take measures before entering into a contract and simplify communication with the company or organization you represent.
What personal data do we process?
Employment information, your identity details, and your contact details.
Is the data required or is it voluntary?
It is voluntary to provide the information we process about you.
From which sources do we obtain your personal data?
The data is collected directly from you or from the company or organisation you represent.
For what purposes do we process your personal data?
Conclusion of contract
We process your employment information, your identity data and your contact information in order to be able to fulfill our contractual relationship with the company you represent, take measures prior to entering into a contract and simplify communication.
Meeting booking
We process your employment information and contact information for the purpose of administering the booking of a meeting with you as a representative at the company or organization you represent. We then also process notes of any information you have given us during our conversation.
Secure identification
We process your identity data, contact information and your social security number at certain types of signatures or when logging in to our digital environments in order to enable secure identification when signing with Bank ID.
On what legal basis do we process your personal data?
We have a legitimate interest in processing your personal data in order to manage and fulfill our contractual relationships with customer companies and to be able to ensure secure identification.
Who are the recipients of your personal data?
In order to be able to administer our customer agreements, we disclose information to the companies that store our contract and communication documents for us. In addition, your contact information may be shared with selected partners for marketing purposes.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We process your personal data for as long as it is necessary with regard to the conclusion of agreements and the signing of insurance. If the company or organization you represent chooses to enter into an agreement with us, we save that agreement and information about the performance for such a long time within which claims for damages arising from the agreement can be made plus one year. This means that we store the information for eleven years after our agreement with the company/organization you represent has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
If a relative of yours is a customer of ours, we may ask questions about family circumstances and financial situation, which may affect the advice to your relative.
What personal data is processed?
Family relationships, financial information, and identity data.
If you are listed as a beneficiary of one of your relative's insurance policies, your social security number may also be processed.
Is the data required or is it voluntary?
We have a legal requirement that means that we must request this information. However, it is voluntary for your relative to provide the information.
From which sources do we collect your personal data?
We collect the information from your relative who is a customer of ours.
For what purposes do we process your personal data?
We process your information about family relationships, financial information and identity data in order to provide good advice to our customer and live up to the legal requirements for mapping and documentation that apply to our business.
If you are listed as a beneficiary of one of your relative's insurance policies, your social security number may also be processed.
On what legal basis do we process your personal data?
The legal basis for the processing is that, in order to be able to provide appropriate advice, we have a legal obligation to make a survey of our customers' conditions and needs. This means that we must request certain information about relatives.
Who are the recipients of your personal data?
We may disclose necessary personal data to our suppliers for the performance of our services, for example in connection with data storage.
If you are a beneficiary on your relative's insurance, the necessary personal data may be disclosed to any insurer.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
We have a requirement to store advisory documentation and associated documents for such a long time within which claims for damages arising from the insurance can be made plus one year. This means that we store the information for eleven years after our agreement with your relative or the company / organization that your relative is employed by has ended.
Automated decision-making
We do not perform automated decision-making based on your personal data.
At our head office Stureplan 8, Stockholm, we have camera surveillance in our premises. We do this for security reasons.
For this processing, we, Söderberg & Partners Insurance Consulting AB, are joint controllers together with the companies PO Söderberg & Partners Insurance Consulting AB and Söderberg & Partners Wealth Management AB. If you have any questions regarding camera surveillance, you are welcome to contact our Data Protection Officer at the e-mail address dataskyddsombudet@soderbergpartners.se.
What types of personal data do we process?
Image capture.
Required or voluntary?
In order to be able to monitor our premises in order to prevent and investigate crime, and to be able to have traceability in the event of more serious incidents, we must process the image recordings that are made.
What is our legal basis?
Camera surveillance is carried out with a legitimate interest as a legal basis as we believe that the surveillance interest, i.e., the interest in preventing and investigating crimes and being able to have traceability in the event of more serious incidents, outweighs the privacy interest.
Who are the recipients of your personal data?
The supplier Securitas Sverige AB is used to provide the service. Personal data may also be disclosed to the police in cases where a criminal investigation is ongoing.
Third-country transfers
Your personal data is only processed within Sweden.
How long is your personal data stored?
We process your personal data for three (3) days, then they are automatically deleted.
Automated decision-making
We do not perform automated decision-making based on your personal data.
We may process your information if you submit a complaint to us. We may also process your personal data in the context of a legal process in which we are a party, when your personal information is needed for us to establish, exercise or defend our legal claims.
What personal data is processed?
We may process your information in the form of employment information, corporate involvement, family relationships, financial information, insurance information, identity information, contact information, PEP and anti-money laundering, social security number, and tax-related information.
Of the categories mentioned above, we only process the categories that are necessary to handle your complaint or to establish, exercise, or defend our legal claims in each individual proceeding.
Is the data required or is it voluntary?
We need to process the data in order to handle complaints and establish, exercise or defend our legal claims.
From which sources do we collect your personal data?
We collect the information directly from you or from other sources, depending on the relationship you have with us. These sources are listed in each category above.
For what purposes do we process your personal data?
Complaints
We process your personal data to handle a potential complaint from you.
Legal proceedings
We process your personal data to establish, exercise, and defend our legal claims in disputes or other legal proceedings.
On what legal basis do we process your personal information?
We have a legal obligation to process your personal information when handling complaints from you. When we process information in the context of a legal process, we have a legitimate interest in processing your personal data in order to establish, exercise or defend our legal claims.
Who are the recipients of your personal information?
In the context of a legal process, we may disclose your personal information to our suppliers who assist us in managing the process, such as a law firm, and to our suppliers for storage of documents related to each process.
Transfer to third countries
Our processing primarily takes place in Sweden or within the EU/EEA. In isolated cases, we use suppliers or subcontractors where personal data may be transferred outside the EU/EEA (so-called "third countries"), for example to the UK or the USA. This could be in special situations where crisis management and support are necessary and the necessary expert personnel are not available within the EU/EEA. In these cases, we ensure that measures are taken to meet the protection requirements of Article 46 of the GDPR, for example by ensuring that the EU-commission has recognized that the recipient country offers an adequate level of data protection or through the EU Commission's Standard Contractual Clauses (SCC), supplemented by encryption and data minimisation. You can read more about which countries have been assessed as offering an adequate level of data protection and what this means here (https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/overforing-till-tredje-land/adekvat-skyddsniva/). You can read more about the European Commission's SCC here (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en).
How long do we store your personal data?
In the case of a complaint from you, we store your personal information for five (5) years after the complaint has been received by us, in accordance with the requirements imposed on us by law. In the case of a legal process, we store your personal information for as long as necessary depending on the circumstances of each process, usually until a final decision has been reached and has become legally binding.
Automated decision-making
We do not perform automated decision-making based on your personal data.
Your rights
What rights do I have and how do I use them?
If we process personal data about you, you have a number of rights under the GDPR that you can use. If you are unsure whether we process information about you, you also have the right to receive information about whether we do or not. See the list below where we describe in more detail your rights and how you should go about using them.
You have the right to receive confirmation of whether we process personal data about you and in such cases to access your personal data (also called "register extract"). You also have the right to receive a copy of your personal data being processed. You have the right to receive a register extract free of charge showing what personal data is registered about you, the purposes of the processing and the categories of personal data to which the processing relates.
If you wish to receive a register extract, you can apply for this by submitting the application form that you find here.
You have the right to request that any incorrect information about you be corrected and also demand that we limit our processing of your personal data while we investigate your request. You also have the right to request a supplement to any incomplete information we hold about you.
If you wish to have information corrected, you can request this by submitting the application form that you will find here.
Under certain conditions, you have the right to have the information we process about you deleted. You have the right to have your personal data deleted if:
- the personal data is no longer necessary for the purposes of the processing,
- you withdraw your consent on which the processing is based,
- if you have objected to the processing that is supported by a balance of interests and we are not considered to have a legitimate interest in continued processing that outweighs your interest,
- if the processing is for direct marketing purposes and you object to the processing of the data,
- the personal data has been unlawfully processed, or
- if deletion is required to comply with a legal obligation.
We are not always able to comply with a request for deletion. For example, there may be legal requirements that require us to retain the personal data or if we need the information to be able to fulfill an agreement with you.
In case you wish to have information deleted, you can request this by submitting the application form that you find here.
You have the right to request that our processing of your personal data be restricted. Restriction can occur for several reasons.
- If you dispute that the personal data we process about you is correct, you can request restricted processing while we check whether the data is correct.
- If the document is unlawful and you object to the erasure of the personal data and instead request restriction of use.
- If you have objected to processing that is based on a balance of interests that we have used as a legal basis for a certain purpose, you can request restricted personal data processing while we work to assess whether our legitimate interests outweigh your legitimate interest.
- If we as a controller no longer need the personal data for the purposes of the processing but you need it to be able to establish, exercise or defend legal claims.
If restriction occurs, we may only, in addition to storing the data, process the data for the establishment, exercise or defense of legal claims, to protect someone else's rights or because you have given your consent. If you have had the processing of your personal data restricted, we will inform you before the restriction of processing ends.
In case you wish to have information restricted, you can request this by submitting the application form that you find here.
You have the right to object at any time to our processing of your personal data based on a balance of interests as a legal basis (legitimate interest) including profiling. Continued processing of your personal data requires us to show a legitimate interest that outweighs your interest in the processing in question. Otherwise, we may only process the data for the establishment, exercise or defense of legal claims.
You also have the right to object at any time to processing carried out for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. If you have objected to processing for direct marketing purposes, we may no longer process your data for such purposes.
If you wish to object to our use of your personal data, you can request this by submitting the application form that you can find here.
In some cases, you have the right to have your personal data transferred in electronic format to another data controller (so-called "data portability"). This assumes that the transfer is technically possible and can be done in an automated way. The right to data portability applies to data that you have provided to us and that we process on the basis of performance of a contract or consent as legal bases.
If you wish to have data portability of your data, you can apply for this by submitting the application form available here.
How is your data protected
We pursue a very ambitious information security programme. This means, among other things, that we have strong technical measures that protect all our information, such as firewalls and intrusion protection. In addition, we work with access control, which means that personal data is not accessible to more of our employees than is necessary for each employee to be able to perform their work. Finally, we impose at least as high security requirements on the suppliers who process personal data on our behalf.
Questions & Complaints
If you have questions or concerns regarding our personal data management that cannot be answered by this page, you are welcome to contact your advisor, our switchboard (08-451 50 00), or email info@soderbergpartners.se.
We have appointed a Data safety representative who works to monitor compliance with the rules on the protection of personal data. Our Data Protection Officer can be reached via dataskyddsombudet@soderbergpartners.se.
If you think that we process information about you in a way that violates the Data Protection Regulation, you can primarily contact us through one of our communication channels above. If, after handling by us, you do not feel satisfied, you have the right to file a complaint with the Swedish Authority for Privacy Protection, which is responsible for the supervision of personal data processing in Sweden. The Swedish Authority for Privacy Protection can be reached via www.imy.se.