Data Protection Policy and cookies

Use of Personal Data >  
Cookie policy > 

Introduction

ERGO Forsikring A/S (hereinafter referred to as ERGO, “we”, “us” or “our”) is committed to protecting the confidentiality, integrity and availability of information concerning our customers, suppliers, business partners and employees, including personal data.

When processing personal data as part of delivering insurance services, we act as the data controller, since we process such data to fulfil our insurance agreements with our customers. When entering into agreements involving the processing of personal data with third parties, we ensure that a data processing agreement is in place. This agreement sets out instructions and terms for the processing of personal data by both ERGO and the third party.

This data protection policy provides information about how we process personal data when we act as the data controller, which you can read more about below.

This policy includes the information we are required to provide under the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

General

1. Use of Personal Data

We collect and process personal data in the following situations:

• When you take out and purchase an insurance policy
• For the administration of the insurance policy, including claims handling and issuing of documents
• In connection with our correspondence with you to maintain a proper relationship while also complying with our legal or regulatory obligations
• When we enter and manage cooperation agreements with you or your employer
• When you visit our offices, websites, or supply goods or services to us

We only collect the personal data that is necessary for the specified purposes, and we ask our customers, partners, and suppliers to only share personal data when it is strictly necessary for those purposes.

What data is collected and processed?

We only collect personal data that is necessary, and we process such data in accordance with applicable laws and regulations. The type of data required depends on the specific purpose for which the personal data is collected. Personal data we collect may include, but is not limited to:

• General identification and contact information, such as name, address, telephone number, email address, gender, marital status, date of birth, children, relationship to the policyholder, insured party, or claimant
• Other identification numbers, such as CPR number (civil registration number), vehicle registration number, driver’s license number, and passport number
• Financial information, such as payment card number, bank account number and details, and other financial data

In certain cases, we also process special categories of personal data (sensitive personal data). This primarily concerns health data, which is subject to specific legal requirements. Health data may be processed, for example, when applying for medical pre-approval or in the context of claims handling. Such data may include information typically found in medical records, including details of current or past physical or mental health conditions.

Storage

We retain personal data for as long as necessary to fulfil the purpose for which it was collected. This means that we store data for the period during which we may face a legal claim, are required to do so under applicable law (e.g. the Danish Bookkeeping Act or financial supervisory legislation), or have another legitimate purpose for retaining the information.

As a rule, we retain claims-related data in accordance with the absolute limitation periods set out in the Danish Limitation Act, which are 10 and 30 years from the date the claim is reported, including any additional periods that may apply if a claim is reopened.

For what purposes is the data collected and on what legal basis?

We process personal data to enter and fulfil agreements with customers, including issuing insurance policies, administering policies, handling claims, collecting premiums, and providing advice.

We also process personal data for the handling of complaints and legal proceedings, as well as for internal research and analysis, so that we can continuously improve our advisory services, customer service, and technical solutions.

Furthermore, data processing is necessary for the development of our business and services (e.g. identifying customer needs and areas for service improvement).

If you are a supplier or partner, we process the personal data necessary to manage our agreements and legitimate interests.

The processing of personal data must be based on a valid legal ground. The General Data Protection Regulation (GDPR) and the Danish Data Protection Act set out several legal bases for processing. The most relevant legal bases for us are:

• that processing is necessary for entering into or fulfilling a contract with the individual concerned
• that processing is necessary to comply with legal obligations
• that we have a legitimate interest in processing personal data, which overrides the interest in protecting it
• that processing is necessary for the establishment, exercise or defense of legal claims
• that the individual concerned has given consent

We only process personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

Specific Information

1. Call Recording

When you call us, we may ask for your permission to record the conversation. Calls will only be recorded for training and documentation purposes with your active consent. We use the recordings to train our employees to continuously improve our customer service, insurance offerings, and claims handling, and as documentation of the agreements made with you.
A limited number of our employees have access to these recordings, which are stored separately in our system. Recordings are automatically deleted after three months unless a law, regulatory requirement, or ongoing processing prevents this, in which case we follow our general retention rules.

We record and subsequently process the conversation based on your consent, which is obtained during the call, in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). If the call includes the processing of special categories of personal data, such as health information, this will only be processed if you have given your explicit consent, in accordance with Article 9(2)(a), cf. Article 6(1)(a) of the GDPR.

You may withdraw your consent at any time by contacting us via email or phone. Contact details can be found in the section “Your Rights” in section 11 below.

2. ERGO’s Services (Insurance Business and Related Services)

We collect and process personal data about private customers as well as employees of corporate clients.

What data is collected?

We process general personal data, including names, addresses, email addresses, and phone numbers of customers and their employees, as well as sensitive health information and national identification numbers (CPR numbers).

For what purposes is the data collected and on what legal basis?

We process this information to provide the insurance service you have purchased from us.
The process is necessary to fulfil the contract we have with you.

The legal basis for processing general personal data may vary. When we process your general personal data, it is typically because the processing is necessary to:

a) To fulfil the insurance contract with you or to take steps prior to entering such a contract, in accordance with Article 6(1)(b) of the General Data Protection Regulation (GDPR).

b) We may also be required to fulfil our legal obligations in relation to the policyholder under a group insurance scheme or similar arrangement through which you are covered, in accordance with Article 6(1)(c) of the GDPR.

c) As an insurance company, we may pursue a legitimate interest, in accordance with Article 6(1)(f) of the GDPR.

d) In connection with insurance and claims administration, we have a legitimate interest in verifying that any claims are valid and in ensuring balanced premium calculations, including efforts to prevent insurance fraud. This is done pursuant to Article 6(1)(f) and Article 9(2)(f) of the GDPR.

CPR Number (Denmark)

Processing of CPR numbers is subject to special protection under the Danish Data Protection Act. This means that we only process your CPR number if you have given your explicit consent, pursuant to Section 11(2)(2) of the Danish Data Protection Act.

In the event of an insurance claim, we process your CPR number as described in the section on Health Information.

Health Information

Health information falls under the special categories of sensitive personal data, and specific rules apply to the processing of such data. Explicit consent is required for the processing of health information. This means that such processing can only take place if you have given specific consent, pursuant to Article 9(2)(a) of the GDPR, or without consent if the processing is necessary for the establishment, exercise, or defense of legal claims, pursuant to Article 9(2)(f) of the GDPR.

We specifically process your health information when we need to handle an insurance claim and manage a case, where your consent is required for such processing.

Automated Decision-Making

The claims and/or health data you provide via our website may form the basis for automated approval. Any submission that does not lead to automatic approval will be referred to manual review by our competent staff, and therefore the automated processing does not pose any risk to you.

The legal basis for this processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Trustpilot

We may contact you via email to invite you to share your experience with the service you received from us and the product you purchased, for the purpose of collecting your feedback and improving our services and products.

We use an external company, Trustpilot A/S (“Trustpilot”), to collect your feedback, which means we will share your name, email address, and reference number with Trustpilot for this purpose. If you would like to know more about how Trustpilot processes your data, you can read their privacy policy her.

The legal basis for this processing is Article 6(1)(f) of the GDPR.

3. Supplier and Business Partner Administration

We collect and process personal data about our suppliers and business partners, including personal data of individuals employed by them.

What data is collected?

We only process ordinary personal data, including contact details.

For what purposes is the data collected and on what legal basis?

We process the data for contract management purposes, and to receive and provide goods and services to/from our suppliers and business partners. Where relevant, this also includes providing professional services to our customers.

Our legal basis is the performance of a contract to which the data subject is a party. If the data subject is not a party to the contract, our basis is our legitimate interest in fulfilling the contract with the supplier or business partner.

The legal basis for this processing is Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR).

4. Visitors to Our Offices

We collect and process personal data about visitors, including customers and other guests.

What data is collected?

We collect and process information such as name, title, and company of the visitor, as well as the name of the host at ERGO. We also process data derived from video recordings.

For what purposes is the data collected and on what legal basis?

We process personal data for security purposes. Our legal basis is our legitimate interest in maintaining a high level of security.
Guest registration is stored for a short period and kept securely. Visitor logs are only reviewed in the event of a justified reason, such as an incident, and only by selected personnel.

The legal basis for this processing is Article 6(1)(f) of the GDPR.

In areas under video surveillance, we provide notice in accordance with Section 3(1) of the Danish TV Surveillance Act. All recordings are stored securely and only accessed in case of a relevant incident and only by authorized individuals. Recordings are automatically deleted within 30 days unless we are legally obligated to retain them for a longer period.

5. Visitors to www.ergo.dk and www.erv.dk 

When you visit our website www.ergo.dk or www.erv.dk, we will store information about your use of the site.

We collect your personal data to facilitate the purchase of your insurance or to provide a given service to you, as well as to send newsletters and other information about our company and services. Additionally, we collect your personal data for internal market research, targeted marketing, and statistics.

We treat the data about your website usage confidentially and in the same manner as all other personal data.

The legal basis for processing is Article 6(1)(f) and Article 6(1)(a) of the General Data Protection Regulation (GDPR).

ERGO’s Use of Cookies

Our website uses "cookies."

A cookie is a small text file stored in your web browser on your device when you visit the website. Cookies enable us to recognize your computer and collect information about your online behavior, including which pages and features you visit with your browser, as well as ensuring that the site functions technically. In some cases, cookies are the only way to make a website function as intended. A cookie is a passive file that only tracks activity during your visit and does not contain viruses. It is anonymous and contains no personal data. Cookies are used by virtually all websites.

Read more about ERGO's use of cookies by clicking here >

6. Data Security

We take information security seriously and work professionally to protect data. We have implemented security measures to ensure the protection of both personal data and other confidential information, to comply with the General Data Protection Regulation (GDPR).

7. Sources of Personal Data

The source of the personal data we process about you depends on your relationship with us. If you are a customer, agent, processor, or other supplier, we usually collect information directly from you. In some cases, information is obtained from third parties or public authorities.

Public institutions and registers may include, for example, the Danish Civil Registration System (CPR), the Central Business Register (CVR.dk), the police, tax authorities, courts, and hospitals.

Private institutions can include other insurance companies, industry registers such as those maintained by Insurance & Pension (Forsikring & Pension), various healthcare providers, and specialists.

Other sources may be witnesses, opposing parties in insurance claims, and lawyers.

We also cooperate with insurance brokers and other partners who distribute our products. If you purchase insurance through a broker where we are the insurer, we will obtain your personal data from them.

You Will Be Informed

If we obtain personal data about you from other sources, you will be informed about this. However, you will not be informed if the collection is required by law, if informing you is impossible or would require disproportionate effort, or if you are already aware of the information that the notification would contain.

8. Disclosure of Personal Data

In accordance with the General Data Protection Regulation (GDPR), processing and disclosure of personal data may only take place based on a lawful legal basis, cf. Articles 6 and 9, Articles 45, 46 and 49, as well as Section 13, subsection 2 of the Danish Data Protection Act. We are bound by confidentiality. Therefore, we treat your information confidentially and only disclose it when we have a lawful basis to do so.

According to the Danish Financial Business Act § 117, subsection 1, a financial enterprise must not unjustifiably exploit or disclose confidential customer information. Disclosure or use of such information is only considered justified if it is done with the customer’s consent.

Only the data necessary for the intended purpose will be disclosed.

Recipients

Other entities within the ERGO Group

ERGO is a wholly owned subsidiary of the German insurance company ERGO International AG, which is part of the ERGO Group. As the data controller, ERGO does not disclose personal data to ERGO International/ERGO Group without the necessary security guarantees.

Other Third Parties Providing Services

We use other third parties, such as subcontractors, in connection with delivering our services. Such third parties may be given access to personal data necessary for them to provide the agreed service.

We enter into the necessary agreements to ensure that appropriate security measures are in place to protect the data and to comply with our data protection obligations.

Professional Advisors

We may occasionally disclose personal data to other professional advisors, such as lawyers or specialized investigators, in connection with, for example, claims or fraud-related matters, for the purpose of obtaining advice and guidance.

Public Authorities or Third Parties as Required by Law or Regulation

We may sometimes be required to disclose personal data to public authorities or third parties when mandated by applicable law or regulation. Such disclosure may be necessary to ensure compliance with legal and regulatory obligations, to investigate an alleged crime, or to establish, exercise, or defend legal rights.

We will only comply with requests for disclosure of personal data when we are legally obligated to do so.

Other Insurance Companies

Personal data may be disclosed to other insurance companies in cases such as subrogation, where we recover amounts owed to us under an insurance policy from another company, or where other insurance companies make claims against us. Personal data may also be exchanged when such an exchange is necessary to establish, exercise, or defend legal claims.

This may occur, for example, in complex fraud cases, where we primarily have a legitimate interest in verifying that your claim for compensation is valid.

The legal basis for this processing is found in Article 6(1)(f) and Article 9(2)(f) of the GDPR.

9. Safeguards and Transfers to Third Countries

In cases where data is transferred to third countries (outside the EU/EEA), this is done with the implementation of additional safeguards where necessary, including the use of the EU Standard Contractual Clauses. A copy is available here >

If we use data processors located outside the EU/EEA, we apply the European Commission’s Standard Contractual Clauses or another valid legal transfer mechanism. We are also required to ensure that appropriate organizational and technical measures are in place to protect the personal data entrusted to our processors in third countries.

See in particular Articles 45-49 of the GDPR.

10. Deletion of Personal Data

We delete personal data when we no longer have a work-related need to process it. The retention period is determined based on our obligations under applicable laws, auditing requirements, and requests from public authorities, as well as to ensure proper documentation.

11. Your Rights

As a data subject, you have certain rights that we, as the data controller, are obligated to uphold.

You may contact us to request access to the personal data we process about you. You also have the right to have any inaccurate or incomplete personal data corrected. If you wish to have your personal data deleted, restrict our processing of your data, or object to our processing, you are welcome to contact us.

Please note that, as mentioned in the section on data retention above, there may be legal reasons why we cannot delete certain data until it is no longer subject to statutory retention requirements.

You may also contact us to exercise your right to data portability.

When we process your personal data based on your consent, you may withdraw your consent at any time. To withdraw your consent, please contact us. If you no longer wish to receive marketing emails or other communications from ERGO, you can easily unsubscribe by clicking “unsubscribe” in the relevant email you have received from us.

Contact ERGO Forsikring

The data controller is ERGO Forsikring A/S, CVR no. 62 94 05 14, Frederiksberg Allé 3, 1790 Copenhagen V, Denmark.

If you wish to exercise your rights as described above or have any questions about our processing of your personal data or this Privacy Policy, please feel free to contact us at:

Contact Information
ERGO Forsikring A/S
Frederiksberg Allé 3
1790 Copenhagen V
Phone: +45 33 25 25 25
Email: info@erv.dk

You are always entitled to know whether we process personal data about you. This may include information about the purpose of the processing, the types of personal data involved, and any recipients of your data.

Provided that the rights of others are not adversely affected, we can provide you with a copy of the personal data we hold about you. You also have the right to have any inaccurate or incomplete data about you corrected.

Complaints or Questions

If you have questions about your personal data, please contact us by email at dpo@erv.dk.

If you are dissatisfied with how we process your personal data, please send an email with the details of your complaint to our Customer Ambassador at kundeambassaden@erv.dk. We will review your complaint and respond accordingly.

You also have the right to file a complaint with the Danish Data Protection Agency (Datatilsynet) regarding your rights and ERGO’s processing of your personal data. For more information about how to file a complaint, please visit the Data Protection Agency’s website at www.datatilsynet.dk.

Version 1.1
Date: 23 June 2025

Cookie Policy

We use cookies to enhance your visit to our website. Cookies are essential for the website’s functionality and are also used to gather statistics to help us improve your user experience. Additionally, we use cookies to personalize the website content, making it more relevant to you.

What is a cookie?

A cookie is a small text file stored locally on your device. Cookies are used to recognize your computer and to enhance user-friendliness by remembering your preferences and settings.

Cookies can, for example, be used to remember items added to a shopping cart or that you are logged in. They also help us understand how you navigate the website, so we can optimize the content and make it easier for you to use the site. A cookie cannot contain viruses and does not provide access to information that can be used to track your identity.

Cookies have different lifespans. Some are deleted when you close your browser, while others may be stored for several years.

How to Reject or Delete Your Cookies

You can always reject cookies on your computer, tablet, or phone by changing the settings in your browser. Where you find the settings depends on the browser you use. Please note that if you do so, many functions and services will not be available to you, as they require the website to remember the choices you make.

How to Avoid Cookies

If you do not wish to receive cookies, you can delete or block them. Below are guides on how to manage cookies in the most used browsers:

• Internet Explorer
• Google Chrome
• Mozilla Firefox
• Safari

If you use more than one internet browser, you will need to delete cookies in each of them.