Data Protection Policy and cookies

Europæiske Rejseforsikring A/S (CVR-nr. 62940514) are responsible for processing your personal information according to the Danish Protection Act.

Introduction

Europæiske Rejseforsikring A/S (herinafter referred to as "Europæiske ERV", "we", "us" or "our") is committed to protecting the confidentiality, integrity and availability of information about our clients, suppliers, collaborators and employees, including personal data.

When processing personal data in connection with delivery of insurance service, we consider ourselves data controller, as we are processing data in order to conclude an insurance agreement with a customer. We also enter into a data processing agreement when entering into contracts with third parties that process data on our behalf, setting out instructions and terms and conditions for our and the other party’s processing of personal data.

This Data Protection Policy provides information about Europæiske ERV’s processing of personal data in our capacity as data controller. Read more about this below.

The Policy contains the information we need to give you according to the General Data Protection Regulation (GDPR) in particular Article 5 and Section 2.

Our processing activities

We collect and process personal data in the following situations:

When you take out and purchase an insurance
Administration of the policy, including claims handling and issuing documents
When corresponding with you, in order to maintain our obligations towards you and at the same time comply with the legal requirements we have to fulfill.

We collect and process personal data in connection with our collaboration with our customers. We collect only the personal data required for the agreed purpose, and we only ask our customers to share personal data where it is strictly necessary for such purposes.

What data is collected?

Non-sensitive personal data, including information about name, address, telephone number and e-mail address of our customers as well as name, job title, phone number and e-mail address of any corporate customer. In addition, we collect social security number in order to ensure clear identification of our customers. In some cases, i.e. when handling claims, we may collect and process sensitive personal data about your health in order to ensure that your and our rights are protected.

We do not collect personal data concerning you from any third party, unless we have your consent.

The purpose of and legal basis for collecting the information

We process non-sensitive personal data for the purpose of performing the contract with the customer, including:

Issuing of insurances
Claims handling
Invoicing premium

Furthermore, processing is necessary as it enables Europæiske ERV to pursue a legitimate interest in being able to develop our business and services (e.g. identify customer needs and improvement of the provided service).

Recording

When you call us, we may ask permission to record your conversation. Recording of conversations for training and documentation purposes will not happen without your acceptance. We use the recordings when training our employees to continually improve our service to you, our insurance products and case management as well as for documentation for the agreements we make with you. The recording is stored in a separate part of our system and can only be accessed by a select group of employees. The recordings are deleted after three (3) months unless continued processing, law or authority prevents it in which case deletion follows our standard routines.

Europæiske ERV's service (insurance and service hereto)

We collect and process personal data about our leisure customers and corporate customers' employees.

What data is collected?

We process non-sensitive personal data, including name, address, email address and telephone number of the customer and the customer’s employees and sensitive data concerning your health and social security data.

The purpose of and legal basis for collecting the information

We process information for the purpose of providing the insurance you have bought from Europæiske ERV. Processing is necessary to comply with a legal obligation (the insurance contract you have entered into).

In the course of administering the insurance we also have a legitimate interest in assessing and verifying claims with the purpose of controlling and containing costs and avoiding insurance fraud etc., to better balance insurance premiums. See General Data Protection Regulation (GDPR) Art. 6. 1., f. on legitimate interests, as well as 9. 2. f. on legal claim.

Automated decision making

In some cases when entering claims or health data on our web, you may be subjected to automated approval based on the input you provide. All cases not automatically approved are deferred to manual handling by claims and medical experts and therefore there are no risks connected to the automated processing.

Trustpilot

Europæiske ERV may contact you via email to invite you to review any services and/or products you received from us [in order to collect your feedback and improve our services [and products]] (the “Purpose”).

We use an external company, Trustpilot A/S (“Trustpilot”), to collect your feedback which means that we will share your name, email address and reference number with Trustpilot for the Purpose. If you want to read more about how Trustpilot process your data, you can find their Privacy Policy here.

Supplier- and collaborator administraion

We collect and process personal data in relation to our suppliers and collaborators, including personal data of their staff.

What data is collected?

We process solely non-sensitive information, including contact information.

The purpose of and legal basis for collecting the information

We process personal data in order to manage the contract, to receive goods and services from our suppliers and collaborators and, where relevant, to provide professional services to our customers.

The legal basis for our processing of personal data is to fulfil the contract to which the data subject is a party. If the data subject is not a party to the contract, we process data based on a legitimate interest in relation to being able to perform the contract with our supplier or collaborator.

Visitors to our offices

We collect and process personal data about visitors, including customers and other guests.

What data is collected?

In the registration process, we collect name, company and name of the host at Europæiske ERV. Moreover, we process personal data obtained from video footage.

The purpose of and legal basis for collecting the information

We process information for security purposes. Our legal basis for processing personal data is the legitimate interest of Europæiske ERV to ensure a high level of security.
We require visitors to our offices to sign in at the reception. We keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).
In accordance with section 3, subsection 1 of the Danish Act on Television Surveillance, there are signs in our office showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).

Visitors to www.erv.dk

We collect the personal data provided by you on Europæiske ERV’s website or to which you give your explicit consent.

When is collection made?

When you visit www.erv.dk, we inform you of the collection of your personal data. The use of services on Europæiske ERV’s website, such as taking out and purchasing of insurances, filling out health declarations and reporting claims online requires that you provide certain personal data. This also applies if you register for our newsletters.

What data is collected?

The personal data collected by Europæiske ERV may comprise your name, e-mail address, address, social security number and other identification data. We also collect information about your activity on www.erv.dk.

The purpose of and legal basis for collecting the information

Europæiske ERV collects your personal data in order to be able to issue insurances or provide a given service to you, to send you newsletters and other information relating to our business and services. Moreover, Europæiske ERV collects your personal data for the purpose of internal market analyses, targeted marketing and statistics.
Our basis for processing personal data is your consent or that Europæiske ERV aims to pursue a legitimate interest in developing its business and adapting its marketing.

Europæiske ERV’s use of cookies

Our website uses “cookies”.
A cookie is a small text file that is stored in the web browser on your computer, smartphone, iPad or any other device you use for net surfing when you visit our website. Cookies enable the recognition of your computer etc. and the collection of information about your net activity, including what sites and features are visited by your browser, and ensure the technical function of the website. In some cases, the use of cookies is the only way to make a website work as intended. A cookie is a passive file and it cannot collect information on your computer, spread computer virus or other malware. Cookies are anonymous and contain no personal data. Cookies are used by almost all websites.

Security of processing

Europæiske ERV takes information security very seriously. We have security measures in place to ensure data protection of customer information, personal data and other confidential information.

Source

Europæiske ERV collects personal data directly from you and/or any third party or public authorities.

Disclosure of personal data

We disclose personal data only when we have a legal basis for doing so.

Others in the ERV-group

Europæiske ERV is a wholly owned subsidiary of the German insurance company Europäische Reiseversicherung AG, part of the German group ERGO. Europæiske ERV, in its capacity as Data Controller, does not release any personal data to Europäische Reiseversicherung AG/ERGO without the necessary security guarantees.

Other third parties providing goods or services

Europæiske ERV may engage third parties, e.g. subcontractors, in connection with our delivery of services. To this end, personal data necessary for the delivery of the agreed services may be disclosed to such third parties.
When we share data with others, we put contractual arrangements and security mechanisms in place to protect the personal data and to comply with our data protection obligations.

Professional advisers

We may disclose personal data to professional advisers like lawyers, medical advisors, or specialist investigators in case of for example claims or fraud inquiries etc. to be able to receive advice and counselling.

Public authorities or third parties as required under and in accordance with applicable law or regulation

Occasionally, we may be ordered to disclose personal data to public authorities or third parties which we comply to if required by applicable law and regulation. The purpose may be to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights.
We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.

Other Insurance Companies

Other Insurers, for example in case of recourse, where we collect dues on an insurance in another company or where others do so towards us. But also, where an exchange is needed in order to establish, exercise or defend a legal claim such as in potential fraud cases. Here we first and foremost have a legitimate interest in controlling that a claim for compensation is correct and legitimate, but also in regulating premiums justly towards clients and to establish, exercise or defend a potential legal claim

General Data Protection Regulation (GDPR) Art. 6, itm. 1, letter f on legitimate interest, and Art. 9 itm. 2 letter f on legal claim.

Security guarantees and third countries

In cases where data is transferred to third party countries (outside the EU / EEA), this is done with due regard to extra security measures where needed, including EU Standard contract clauses. You can read more about this here>

Data retention

Europæiske ERV deletes personal data when we no longer have a work-related need to process them. The retention period is fixed in relation to the obligations of Europæiske ERV under applicable law, supervisory authorities on auditing, other public authorities and to secure documentation.

Individuals’ rights

As an individual, you have certain rights over your personal data, which Europæiske ERV as data controller are obligated to fulfil.
You can contact us to get access to personal data held by us as a data controller. Similarly, you are entitled to have any inaccurate or inadequate personal data rectified. Please contact Europæiske ERV if you want to have your personal data deleted or you want to restrict or object to Europæiske ERV’s processing of such data. If you wish to exercise your right to data portability, please let us know.
Where we process personal data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us. If you no longer wish to receive e-mails with information or marketing material about Europæiske ERV, please click on the unsubscribe link in the relevant e-mail received from us.

Contact information to Europæiske ERV

The data controller is Europæiske Rejseforsikring A/S, CVR no. 62 94 05 14, Frederiksberg Allé 3, DK-1790 Copenhagen V.
If you want to exercise your rights as described above, or if you have any questions about this privacy statement or how and why we process personal data, please contact us at:

Europæiske Rejseforsikring A/S
Frederiksberg Allé 3
DK-1790 Copenhagen V
Telephone: +45 3325 2525
E-mail: info@erv.dk

You are always entitled to know whether we process personal data about you and, if so, when including possible additional information about you. Additional information includes details about the purpose of the processing, the types of personal data and the recipients of your personal data.

Provided that the rights of others are not affected, you may receive a copy of the personal data we hold about you. You also have the opportunity to get any incorrect and incomplete personal information about you corrected.

Complaints and questions

In case of questions in regards to the processing of personal data you can send an email to dpo@erv.dk

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an e-mail with the details of your complaint to our customer embassy at customerembassy@erv.dk. We will consider the complaint and return.

You also have the right to lodge a complaint with the Danish Data Protection Agency in relation to your rights and to Europæiske ERV’s processing of your personal data. For further information about how to complain to the Danish Data Protection Agency, please refer to the Danish Data Protection Agency website www.datatilsynet.dk.

Version 1.0
Date May 25th

Cookies

We use cookies on our site. A cookie is a small text file stored on your computer that is required for some features of the site to work properly. Cookies thus make it easier for you as a customer, for example, filling out a form or making an application for compensation. Cookies are also used to provide statistics about how our visitors use the site so that we can increase relevance, improve experience and content on both the site itself and in advertising.

There are two types of cookies. One of the types of cookies is stored for a long time on the visitor's computer as the cookie has an expiration date. Once the date has passed, the cookie is deleted.

The other type of cookies, so-called session cookies lacks expiration date. They are only used during your visit to the site, the cookie is then stored temporarily in your computer's memory and usually disappears when you close your browser. These are cookies such as allows you to fill in a notification of compensation, sign an insurance or jump back and forth in a feed without having to fill in the information you have already filled in before.

Europæiske ERV uses both types of cookies.

In your browser settings, you can set which cookies are allowed, blocked or deleted. Europæiske ERV follows a recommendation for the use of cookies used by many Danish companies and organizations.

Categories of cookies on erv.dk

Type of cookie	Name	Purpose
Necessary and functional cookies (Necessary cookies needed in order for the website to function properly)	ASP.NET_SessionId	Is created when the website loads to identify the user on the server. Can save information between pages and enables that you as a user don´t need to fill out the same information again when you go back and forth in for instance a process flow.
-	Google Translate (googtrans, NV, NID)	Is created if you select to translate the website by using the translation block. Keeps track of original language vs translated language.
-	.EPiServerLogin	EPiServer is the web publishing tool that we use to develop our website. Is used among other things to keep track of logged in users.
-	__RequestVerificationToken	Is used for security reasons in forms/login to prevent Cross-Site Request Forgery (CSRF).
Preference cookies (Necessary cookies needed in order for the website to function properly)	erv-cookie-information	Is created when the user close down/accept the banner for cookie information so you as user don´t need to see it every time you visit the website.
-	erv-preferred-section	Is created when the user selects between Lesiure/Corporate by clicking the links in the header. When cookie exist you will be directed to the correct section on your next visit.
Statistic and performance cookies	Google Analytics (_ga, _gid)	These cookies register a unique id and gather information on how the website is used. Google Analytics doesn’t store any information that directly can identify a person.
-	E-space (sitesterActiveUserId[xxxx], sitesterDelayId[xxxx], sitesterNth[xxxx], sitesterReferrer[xxxx])	Web survey. Collects information on what the respondents think about our website. Is created among other things to prevent the survey from being shown too often for the same user.
-	Hotjar (_hjClosedSurveyInvites), (_hjid), (_hjRecordingLastActivity), (_hjTLDTest), (_hjUserAttributesHash), (_hjCachedUserAttributes), (_hjLocalStorageTest), (_hjIncludedInPageviewSample), (_hjIncludedInSessionSample), (_hjAbsoluteSessionInProgress)	Created to better understand the visitor's needs and experience of the website. These cookies are used to optimize the user experience, e.g. regarding which language the site is shown in. Hotjar do not have permission to resale any data that emerges from the visitor's use.
-	Trustpilot (24st)	Trustpilot is a service to gather and show customer reviews.
Marketing/Advertising cookies	Quantcast (_qca, d, mc)	Measure the effect of marketing activities and adapt activities based on visits to our website.
-	Google ads/Doubleclick/ remarketing	Is used to gather data and show ads that are relevant/interesting for the user (on platforms outside our own website).
-	Bing (MUID, MUIDB, mfl)	Bing is a search engine provided by Microsoft. Bing uses a type of cookie that gathers data to show ads that are relevant/interesting for the user (on platforms outside our own website).
-	erv-sent-to-apsis	Is created in step 3 in online purchase funnel if the user has selected/accepted to subscribe on our newsletter. Is needed so we can send out our newsletter to the persons that want to receive it.