Danica Pension’s privacy notice

for personal customers and private

individuals (Denmark)
Effective from 22 January 2024.

Introduction • proof of identity, for example photocopies of your passport, • Ensuring correct payment of pension contributions from
driver’s licence and health card employer
This privacy notice sets out how Danica Pension processes
your personal data. • digital information related to your use of our websites, • Handling complaints
platforms and digital applications, including traffic data,
Danica Pension is the data controller for the processing of location data, behavioural data and other communication • Identification and verification in accordance with the
the personal data described in this privacy notice. Contact data, e.g. by using cookies and similar technology Danish Anti-Money Laundering Act as well as prevention
details:
and detection of money laundering
Danica Pension, Livsforsikringsaktieselskab, company reg. • details about the products and services we provide to you,
(CVR) no. 24256146 , Parallelvej 17, DK-2800 Kgs. Lyngby. including how you use them and your preferences towards • Setting prices and fees
them
This privacy notice applies to personal customers and • Risk management
potential personal customers with Danica Pension as well as • health information, including medical certificates and
sole traders, agents, corporate decision-makers and other medical records • Developing and managing our products, services and
private individuals with whom we interact and collaborate. business, including using data analytics and statistics to
• information about your visits to our offices, including video
surveillance improve products and services and testing our systems in
addition to developing, training and testing models
1. What personal data do we process?
• phone conversations with you
Depending on the services or products you order, receive or • Protecting you and Danica Pension against fraud and
are interested in, we process different kinds of personal data, ensuring that our customers will not be charged higher
including 2. What we use your personal data for premiums due to insurance fraud. On suspicion of fraud, we
may under special circumstances initiate an observation
• contact information, civil registration (CPR) numbers and We process your personal data for the purpose of providing procedure using the necessary human and technical
similar basic information our products, i.e. pension schemes and insurance covers. resources. In connection with this, we will observe the
insurance industry’s code on investigation of suspected
• information about your profession, job and education We also process your personal data for the following insurance fraud cases and any relevant legislation.
purposes:
• information about your employer if your scheme is a • Complying with legal requirements, e.g. reporting to SKAT
company pension scheme • Making offers and the Danish Financial Supervisory Authority

• financial information, for example your annual salary and • Customer service, advice and administration of your • Checking, testing and monitoring our compliance with
amount of pension contribution pension covers, insurance policies and healthcare products internal policies and rules, regulatory and legislative
requirements, e.g. in relation to data protection
• information about your family and household who are • Preparation of financial statements
typically designated as beneficiary(ies) or insured

Danica Pension’s privacy notice Danica Pension,

Page 1 of 8 Livsforsikringsaktieselskab
Company reg. (CVR) no.:
24256146 – Kgs. Lyngby,
• Physical security, including the use of video surveillance of • To comply with a legal obligation, cf. the GDPR, art. 6.1(c), Purposes of processing sensitive personal data
building facades, entrances to our other premises, reception, for example, under We will process sensitive personal data only when we need
etc. to, including
– the Danish Tax Control Act (skattekontrolloven)
• Marketing of our products and services, including • for the purpose of a product or service we provide
marketing on behalf of other entities of the Danske Bank – the Danish Bookkeeping Act (bogføringsloven) to you, including to make a health assessment, treat
Group, provided we have obtained your consent or are your injury or illness and to pay out loss of earning
allowed such marketing by law – the Danish Insurance Business Act (lov om capacity benefits
forsikringsvirksomhed)
• for the purpose of complying with any agreements
• Allowing Danica Pension or third parties to pursue related to your trade union membership
statistical, scientific and research purposes as part of – the Danish Data Protection Act (databeskyttelsesloven) (s.
research projects or similar. For such purposes, personal 11(2) regarding the processing of your CPR number) and • calculations and analyses made by the actuarial
data will to the extent possible be pseudonymised. the GDPR. department, risk management and, in some cases,
correction of errors and testing of systems
Cookies – the Danish Insurance Contracts Act • for the purpose of complying with legal
(forsikringsaftaleloven) requirements that apply to us as a financial
We use cookies and similar technology on our websites and institution
in our digital apps. When you first visit one of our websites or – the Danish Anti-Money Laundering Act (hvidvaskloven)
download our apps, we set cookies that are needed to enable Legal basis for processing sensitive personal data
you to use our services (necessary cookies). If you consent to – the Danish CPR Act (CPR-loven) We may process sensitive personal data about you on the
additional cookies, such as functional, statistical and/or legal basis of
marketing cookies, we will set cookies according to your – the EU Market Abuse Regulation (MAR)
choice to measure, analyse and improve the use and • as regards trade union membership, the Danish
• It is necessary to pursue a legitimate interest of Danica Data Protection Act, s. 12, and the GDPR, art. 6.1(b)
performance of our products and services and to send you
Pension, cf. the GDPR. art. 6.1(f). For example, this may be to and art. 9.2(b)
relevant marketing messages.
prevent abuse and loss, for documentation and security • establishment, exercise or defence of legal claims,
Some of the marketing cookies that Danica Pension uses are purposes, to strengthen IT security or for direct marketing cf. the GDPR, art 6.1.(b) and 6.1(f) as well as 9.2(f)
owned by third parties, e.g. Facebook or Google. We continue purposes. We will do so only if our legitimate interest in • substantial public interest, cf. the GDPR, art. 6.1(c)
to be responsible for third party use of data that is processed each case is not outweighed by your interests or rights and or 6.1(f) and art. 9.2(g)
for our purposes (shared data controllership). We refer to freedoms.
our cookie policy for further information.
5. How do we collect data about you?
4. Sensitive personal data Personal data received from you
3. What is our legal basis for processing your “general” We receive data directly from you when you, for example
personal data and CPR number? Some of the data we hold about you are sensitive.
• fill out applications and other forms for ordering products
We must have a legal basis (lawful reason) to process your Types of sensitive personal data and services
“general” personal data, i.e. any data which is not “sensitive”. We process the following types of sensitive personal data:
The legal basis will be one of the following: • submit specific documents to us
• Trade union membership information
• You have given us consent to process your personal data • Information about your health, including any health • talk to us on the phone (see more on recording of phone
for a specific purpose, cf. the General Data Protection information you have provided to us or we have conversations below)
Regulation (GDPR), art. 6.1(a) obtained from healthcare professionals based on
your consent • use our website, mobile applications, products and services
• You have entered into or you are considering entering into
an agreement with us on a service or product, cf. the GDPR, • participate in customer surveys or promotions organised
art. 6.1(b) by us

Danica Pension,
Livsforsikringsaktieselskab
Danica Pension’s privacy notice
CVR no. 24256146 – Kgs. Lyngby,
Page 2 of 8
Denmark
• communicate with us via letter or digital means, including notifications to the Danish Special Crime Unit (NSK) in ▪ Investment profile
emails, social media, etc. accordance with the Danish Anti-Money Laundering Act ▪ Name
▪ Pension information from other providers
▪ Telephone number
6. Third parties with whom we share your personal data
Personal data which we collect or receive from third ▪ Position / job title
parties We will keep your data confidential. However, in some ▪ Pension savings
instances we may share your personal data with third ▪ Signature (physical or NemID)
We register and use personal data about you received from parties if required. Such third parties are also required to ▪ Work description
third parties, such as keep your personal data secure and confidential. The ▪ Policy number
categories of third parties to whom we disclose personal ▪ Salary information
• the Danish Central Office of Civil Registration (CPR no.) and
data and the categories of personal data are set out below:
other publicly accessible sources and registers. We
Confidential personal data
process the data, for example for identification and Reinsurance companies
verification purposes and to check data accuracy, cf. the Purpose of processing:
Danish Data Protection Act, s. 11 ▪ CPR number
The data is used for calculation of risk etc. to allow Danica
• healthcare professionals, for example doctors, hospitals Pension to take out reinsurance.
and clinics (if you have consented to the healthcare Categories of personal data:
professional’s disclosure of data to Danica Pension, cf. the Personal data Auditors (Accountants)
Danish Health Care Act (sundhedsloven), s. 43) Purpose of processing:
The purpose of the processing is to advise customers and
• your employer or broker, who discloses certain ▪ Age to have the required audit performed
information in connection with an offer or administration of ▪ Gender
your schemes, for example ▪ Savings data Categories of personal data:
▪ Capital at risk Personal data
• other pension and insurance companies and banks

• municipalities and other public authorities and bodies ▪ Amount (the amount the customer contributes to
Broker the pension scheme)
• the Danish Centre of Health & Insurance Purpose of processing: ▪ Annual tax report (21A cases (cases of excessive
The broker requires information for putting pension contributions to annuity pensions where funds are
• publicly available sources, e.g. the internet, including data schemes out to tender and serving customers of broker- to be transferred to life annuity))
from open social media and financial information (e.g. from serviced pension schemes. ▪ CVR number
CVR.dk and BiQ) in connection with anti-money laundering ▪ Tax information
activities and suspicion of fraud Categories of personal data:
▪ Company pension agreement
Personal data
• entities of the Danske Bank Group, for example to provide ▪ Information about employer
you with better customised products and services (if we ▪ Any information necessary for the auditors to fulfil
▪ Amount (the amount the employee contributes to their obligation as auditors
have your Group consent) the pension scheme)
• other entities of the Danske Bank Group if applicable ▪ Company reg. (CVR) no. (relevant for sole traders)
legislation allows or requires us to share the data, for ▪ Email
example if it is necessary for group-based management ▪ Information about employer
purposes or compliance with control and/or reporting ▪ Employee group (salaried employees, Lawyers
requirements established by law, or the sharing of management, etc.) Purpose of processing:
▪ Insurance cover

Danica Pension,
Livsforsikringsaktieselskab
Danica Pension’s privacy notice
CVR no. 24256146 – Kgs. Lyngby,
Page 3 of 8
Denmark
If Danica needs to defend itself against a legal claim or Purpose of processing: ▪ Name
obtain external legal advice. Transfer of pension schemes and customer relationships to ▪ Address
other providers ▪ Email
Categories of personal data: ▪ Telephone number
Personal data Categories of personal data: ▪ Company pension agreement
Personal data ▪ Marital status
All personal data required to provide advice in a pending
case. This may potentially be any personal data, including ▪ Age
▪ Name ▪ Agreement no.
contact information, information on pension and insurance
▪ Address ▪ Date of birth
products, pension savings, information about tax and
▪ Email ▪ Employee group
personal finances and CPR number
▪ Transfer of pensions between two pension ▪ Form of employment
Sensitive data providers ▪ Gender
▪ Health information ▪ Transfer of pensions between a pension provider ▪ Signature (physical or NemID)
and a bank ▪ Work description
▪ Transfers of pensions from employees ▪ Salary information
▪ Registration of endorsement of a mortgagee’s ▪ First day of sickness absence
Danske Bank (if Group consent is given) interest in policy
Purpose of processing: ▪ Obtaining FP certificates Confidential personal data
To offer you the best possible advice. ▪ Annual tax report ▪ CPR number
▪ Information about employer ▪ Number of hours the person is able to work
Categories of personal data: ▪ Position / job title relative to normal working hours
Personal data ▪ Salary information

▪ Address Sensitive data

▪ Customer number Confidential personal data
▪ Generally, no sensitive personal data is disclosed.
▪ Email ▪ CPR number
▪ Name
▪ Marital status
▪ Telephone number Sensitive data Danish Financial Supervisory Authority (the FSA) –
▪ Company pension agreement ▪ Health information reporting under the Market Abuse Regulation (MAR) and
▪ Interest information Fit & Proper
▪ Information on arrears, if any Purpose of processing:
▪ Salary information The purpose of the processing is to submit statutory
▪ Tax information Employer reporting to the FSA and to perform Fit & Proper
▪ General information on income and assets Purpose of processing: assessments.
To ensure correct payment of pension contributions from
employer and the employer’s handling of sickness, injuries, Categories of personal data:
Confidential personal data reduced working hours, etc. Personal data
▪ CPR number
Categories of personal data: ▪ Any information required to answer FSA requests
Personal data for clarification, except health information.
▪ It should be noted that the FSA seldom processes
▪ Customer number cases relating to private individuals.
Pension and insurance providers

Danica Pension,
Livsforsikringsaktieselskab
Danica Pension’s privacy notice
CVR no. 24256146 – Kgs. Lyngby,
Page 4 of 8
Denmark
 Confidential personal data Confidential personal data
Probate court ▪ CPR number ▪ CPR number
Purpose of processing:
Personal data is processed when the probate court Sensitive data Sensitive data
determines how an estate is to be administered. The case files of some complaints – e.g. involving personal ▪ Health information
injury – will also include health information. Moreover, the ▪ Vocational rehabilitation
Categories of personal data: case files of some complaints may include information ▪ Disability benefit
Personal data about criminal offences, cf. the Danish Data Protection Act,
s. 8.
➢ About the deceased (the policyholder)
▪ Name Hospitals and private clinics
▪ Policy number Purpose of processing:
▪ Date of death The purpose of processing is to ensure proper and correct
▪ Information on cover Danish Special Crime Unit (NSK) treatment of customers in connection with treatment.
▪ Property tax levied on the estate Purpose of processing:
Categories of personal data:
The purpose of the processing is to identify any cases of
Confidential personal data Personal data
actual or suspected money laundering.
▪ CPR number
Categories of personal data: ▪ File number
➢ In the event of beneficiary designation, we will Personal data ▪ Customer number
provide information (on the beneficiary) ▪ Date of sick leave
▪ Name ▪ Any information required to clarify cases of money ▪ Email
▪ Address laundering, but never health information. ▪ Information about employer
▪ Kinship ▪ Name
▪ Date of birth ▪ Policy number
Danish Centre of Health & Insurance (Health & Insurance) ▪ Telephone number
Purpose of processing: ▪ Position
The purpose of the processing of personal data is to ensure ▪ Date of injury
Danish Insurance Complaints Board that as many individuals as possible with health issues may
Purpose of processing: be offered life or pension insurance at terms based on Confidential personal data
The purpose of the processing to handle complaints. adequate medical and statistical information. ▪ CPR number
Categories of personal data: Categories of personal data: Sensitive data
Personal data Personal data
▪ Health information
▪ Name ▪ Name
▪ Address ▪ Address
▪ Telephone number ▪ Email
▪ Policy number ▪ Age Municipalities
▪ Claim number ▪ Job description
Purpose of processing:
▪ Other information considered to be of relevance to ▪ Position
the complaint
▪ Anticipatory pension

Danica Pension,
Livsforsikringsaktieselskab
Danica Pension’s privacy notice
CVR no. 24256146 – Kgs. Lyngby,
Page 5 of 8
Denmark
The purpose of the processing is to ensure correct ▪ Policy number (6) administration and arrangement of group life
treatment of the data subject as regards referrals for ▪ Pension savings agreements on behalf of Danica (including Forenede
treatment and benefits. ▪ Exempt value Gruppeliv)
▪ Effective date of agreement
Categories of personal data: ▪ Contributions in the current year (7) statistical analysis
Personal data
(8) remote storage capacity and storage of records
Confidential personal data
▪ Name ▪ CPR number (9) communication and referral platform in connection with
▪ Address health and other claims
▪ Email
▪ Telephone number (10) marketing
▪ Date of sick leave Research
▪ Date of reactivation Purpose of processing: (11) IT services, including maintenance and software
▪ Information about employer The purpose of the processing is to allow Danica Pension or support
▪ Public benefits and services third parties to pursue statistical, scientific and research (12) facility management
▪ Effective date of termination of employment purposes as part of research projects or similar.
and other providers with whom we collaborate to process
Categories of personal data: your personal data.
Confidential personal data Personal data
▪ CPR number • In this context, personal data will to the extent
possible be pseudonymised 7. Transfers outside the EU and the EEA and international
Sensitive data • All (pseudonymised) data of relevance to the organisations
▪ Health information research project
In connection with IT development and IT support, we
transfer personal data to the following companies located in
countries outside the EU/the EEA. They are:
Danish Central Office of Civil Registration (CPR) Making personal data available to data processors
Infosys Limited
Purpose of processing: No. 44/97 A, 3rd cross
Keep information about residence etc. up-to-date through We enter into data processing agreements with all
Electronic City
subscription to the civil register. companies that process personal data on our behalf. Our
Hosur Road
data processors act exclusively under our instructions and Bangalore
Confidential personal data are not permitted to process personal data in any other way 560100, Karnataka
▪ CPR number than as agreed with us. We use such data processors to India
perform assignments in relation to: Registration number: 13115
(1) software / portal solution and
SKAT (the Danish tax authorities) (2) technical solutions
Purpose of processing: Danske IT and Support Services India, Private Limited
The purpose of the processing is to ensure payment of (3) market research Campus 5 B
correct taxes. RMZ Ecoworld
(4) electronic exchange of data with business partners
Bangalore
Categories of personal data: Karnataka 560103
(5) digital concept for use in performing manual processes
Personal data India

Danica Pension,
Livsforsikringsaktieselskab
Danica Pension’s privacy notice
CVR no. 24256146 – Kgs. Lyngby,
Page 6 of 8
Denmark
When Danica Pension transfers your personal data to third In relation to the prevention and detection of money We store personal data collected with a view to complying
parties outside the EU and the EEA, we ensure that your laundering, we perform identity and address checks against with the Danish Anti-Money Laundering Act for a period of
personal data and data protection rights are subject to public registers and check PEPs (politically exposed persons) five years after the customer relationship has ended.
appropriate safeguarding by using standard contracts and sanctions lists.
approved by the European Commission or the Danish Data Surveillance videos are deleted 30 days after they were
Protection Agency. You can obtain a copy of a standard If the automated decision leads to an unfavourable result for made in accordance with applicable law. In certain
contract by contacting us. you, the decision will be subject to manual processing (i.e. circumstances, and in connection with a specific case, the
your case will be handled by one of our employees). This also data may be stored for a longer period.
Danica Pension also uses cloud services provided by applies to the majority of our cases concerning the
Amazon Web Services (AWS) for certain anti-money conclusion of agreements for insurance products. For a Phone conversations are deleted after the period set out
laundering activities and Microsoft (Azure) for data storage small part of these cases, however, the process of setting up here.
purposes. Moreover, some of our data processors use cloud – or refusing to provide – insurance products, such as loss of
services provided by Microsoft and AWS to process earning capacity, the process is fully automated.
personal data on our behalf. The data is stored in regions 11. Your rights
within the EU/the EEA only. However, if AWS or Microsoft is You have certain rights relating to automated decision-
ordered to disclose information to the US in order to comply making. Please see “Your rights” and “Automated decision- Your rights in relation to personal data are described below.
with a legal obligation according to law or an order by a US making” below. To exercise your rights, you can contact us via the contact
public authority, AWS and Microsoft may transfer the data details set out below.
to the US.
9. Recording of phone conversations
Right to access your personal data
8. Profiling and automated decision-making Incoming and outgoing calls may be recorded and stored to You have the right to request access to the personal data we
document what was said, what happened, and what was process and information about where it comes from and
Profiling agreed during the conversation. We refer to what we use it for. You can obtain information about how long
Profiling is a form of automated processing of your personal danicapension.dk/recording-of-phone-conversations for we store your data and about who receives data about you, to
data in order to evaluate certain personal aspects relating to more details on our processing of personal data and your the extent that we disclose data. Your right of access may,
you to analyse or predict aspects concerning, for example, rights in that respect. however, be restricted to protect other persons’ privacy or
your personal preferences, interests, reliability, behaviour for purposes of our business and practices. Your right of
and location. access may be restricted due to the prevention,
investigation, detection or prosecution of criminal offences.
10. For how long do we store your personal data?
We use profiling and data modelling to be able to offer you Our know-how, business secrets as well as internal
specific services and products that meet your preferences, assessments and material may also be exempt from the right
We store your personal data only for as long as it is needed
prevent money laundering, determine prices of certain of access.
for the purpose for which your data was processed.
services and products, evaluate the likelihood of default risk
and for marketing purposes. Rights related to automated decision-making
This means that as a general rule we store your personal You have the right to obtain information on how an
data for as long as we are providing a service or a product to automated decision was made and the effects of the decision,
Automated decision-making you. When your customer relationship with us has ended, we
Automated decisions are decisions made without the you can express your point of view, you can object to the
store your personal data for another ten years. The storage decision, and you can request a manual review of any
involvement of our employees (i.e. without human period complies with the principles of limitation under the
involvement). automated decision.
Danish Statute of Limitations Act (forældelsesloven). Right to object
For example, we use automated decision-making to establish In certain circumstances, you have the right to object to the
In certain circumstances, we store your data for a longer
your pension scheme and to grant treatments. Automated processing of your personal data. This is the case, for
period of time:
decision-making helps us make sure that our decisions are example, when the processing is based on our legitimate
quick, fair, efficient and correct, based on the personal data We store personal data provided in connection with an offer interests.
we have. that was not accepted for a period of six months after the
rejection/expiry of the offer. Objection to direct marketing

Danica Pension,
Livsforsikringsaktieselskab
Danica Pension’s privacy notice
CVR no. 24256146 – Kgs. Lyngby,
Page 7 of 8
Denmark
You have the right to object to our use of your personal data Where your consent is the legal basis for a specific Person in charge of complaints
for direct marketing purposes, including profiling that is processing activity, you may withdraw your consent at any
related to such purpose. time with prospective effect. Please note that if you withdraw If you are dissatisfied with how we register and use your
your consent, we may not be able to offer you specific personal data, and the dialogue with the Data Protection
Right to rectification of your data services or products. Note also that we will continue to use Officer has not led to a satisfactory outcome, you can contact
If data is inaccurate, you have the right to have the data your personal data, for example to fulfil an agreement we our complaints handling unit via
rectified. If data is incomplete, you have the right to have the have made with you or if we are required by law to do so. www.danicapension.dk/klage (secure connection) or by
data completed, including by means of providing us with a writing to Danica Pension, Parallelvej 17, DK-2800 Kgs.
supplementary statement. Data portability Lyngby.
If we use data based on your consent or as a result of an
Right to erasure (‘right to be forgotten’) agreement, and the data processing is automated, you have If you are dissatisfied with how we process your personal
You have the right to have your data erased, provided the the right to request a copy of the data you have provided in a data, and your enquiry submitted to our Data Protection
data is no longer necessary in relation to the purposes for digital machine-readable format. Officer or other departments has not led to a satisfactory
which it was collected. outcome, you can contact our complaints handling unit
Danske Bank, Legal Department, Holmens Kanal 2–12, DK-
However, in the following cases, we may be or are required to 12. Changes to this privacy notice 1092 Copenhagen K, email: [email protected].
store your data:
We may change or update this privacy notice on a regular You can also lodge a complaint with the Danish Data
• for compliance with a legal obligation, for example if basis. In case of a change, the “effective from” date at the top Protection Agency: Datatilsynet, Carl Jacobsens Vej 35, DK-
we are obliged by law to store your data for a certain of this document will be changed. If changes to how your 2500 Valby, email: [email protected].
period of time, for example under the Danish Anti- personal data is processed will have a significant effect on
Money Laundering Act or the Danish Bookkeeping you personally, we will take reasonable steps to notify you of If, for example, your residence or the place of the alleged
the changes to allow you to exercise your rights (for example infringement is in or is related to another member state than
Act. In such situations, we cannot erase your data
until that time has passed to object to the processing). Denmark, you can typically also lodge a complaint with the
supervisory authority for data protection in that member
• for the performance of a task carried out in the state.
public interest 13. Contact details and how to complain
• for establishment, exercise or defence of legal
claims You are always welcome to contact us if you have questions
about your rights and how we process your personal data.
Restriction of use
If you believe that the data we have registered about you is You can contact us on our main telephone number +45 70
incorrect, or if you have objected to our use of the data, you 11 25 25 or by email at https://danicapension.dk/en/write-
may demand that we restrict the use of the data to storage. to-us (secure connection).
Use will be restricted to storage only until the correctness of
the data can be verified, or it can be checked whether our Data protection officer
legitimate interests outweigh your interests.
If you have any questions for our data protection officer, you
If you are not entitled to have the data we have about you can contact the department responsible for data protection
erased, you may instead request us to restrict the use of the by email at [email protected].
data to storage. If we need to use the data solely to assert a
legal claim, you may also demand that other use of the data
be restricted to storage. We may, however, be entitled to use
the data for other purposes, for example to assert a legal
claim or if you have granted your consent to this.
Withdrawal of consent

Danica Pension,
Livsforsikringsaktieselskab
Danica Pension’s privacy notice
CVR no. 24256146 – Kgs. Lyngby,
Page 8 of 8
Denmark