How we handle your personal data

Storebrand is dedicated to protect your personal data and personal privacy. Your information shall be safe with us. This includes all information that can be used to identify you personally, such as your national identity number, contact information and information regarding the products you have purchased from Storebrand.

Who is the data controller?

The data controller is the person who decides on the purpose for collecting and processing the personal data. In Storebrand, the data controller is the Chief Executive Officer of the company with which you have entered into an agreement.

We handle personal data in conjunction with providing pensions, savings, insurance and banking services. When referring to Storebrand throughout this document, we include following companies:

  • Storebrand ASA
  • Storebrand Livsforsikring AS
  • Storebrand Bank ASA
  • Storebrand Asset Management AS
  • Storebrand Forsikring AS
  • Storebrand Helseforsikring AS
  • Storebrand Finansiell Rådgivning AS
  • Storebrand Boligkreditt AS
  • Storebrand Pensjonstjenester AS
  • Skagen AS

Collecting and using personal data

We collect and use personal data for different purposes, and with different objectives. Here is an overview.

Customer administration and delivery of products and services

The purpose for processing personal data is to collect, verify and process personal data before we make an offer and enter into an agreement with you. Once we have entered into an agreement, we use your personal data to document, administer and complete tasks in order to deliver the agreed services.

The purpose for processing your personal data is to be able to meet the requirements of an agreement between Storebrand and you, and to protect our legitimate interests in administering our relationship with you, the customer. Where it is necessary to process special categories of personal data, we will first ask for your consent.

The Storebrand Group Customer Database

The Storebrand Group consists of multiple companies. We have a common customer database for pensions, savings, insurance and banking services. The objective of a Group-level customer database is to manage all your agreements in one place and coordinate the different products and services from the different companies in Storebrand to create synergies for the customer.

The companies in The Storebrand Group are collectively responsible for the Group's customer database, and each company is responsible for protecting your privacy rights as a customer.

Develop new and existing services

We use personal data to forecast demand for new products and services, as well as to identify the need for improvements to existing products and services.

The purpose for processing personal information is Storebrand's legitimate strive to develop and improve our products and services.

Marketing

We process personal data in order to promote our products and services, build customer profiles and perform product and customer analyses. We do this to be able to offer you relevant and customized services and offers.

We use personal data to give you relevant information, advice and to market our products and services. We use profiling and segmentation to ensure that marketing information is relevant to you.

If you are already a customer, we use your data on the basis of a legitimate interest in order to provide you with information and offers.

If you are not yet a customer, we will ask you for your consent to receive electronic marketing or consent for telephone marketing. We will respect any reservations against marketing in the Reservation Register (Brønnøysundregistrene) in Norway.

Statistics, analysis, modelling and risk classification

We process personal data to conduct analyses and compile statistics in order to assess risk and profitability and set correct tariffs and prices. In addition, we use these analyses when deciding whether or not to develop new and existing products and services.

The purpose for processing personal data is both to comply with our legal requirements under company law, and Storebrand's legitimate interest in using personal data to gain necessary insights to run our business.

Compliance with legal requirements

We must use personal data to comply with legal requirements under local laws, regulations and public policy.

The reason for processing personal data is to ensure compliance with laws and regulations relating to our business operations.

Preventing criminal activity against our business

Storebrand is required to process personal data in order to prevent, detect, solve and manage cases of fraud and other criminal offences against Storebrand. Storebrand is thus required to collect and disclose information to other financial institutions, the public authorities, for example ØKOKRIM (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime) should we become suspicious of money laundering or terror financing. According to the anti-money laundering act and the personal data act, we are not obliged to disclose this information to you. The information is stored in accordance with the anti-money laundering act.

The basis of the management of this can both be fulfillment of a legal obligation and Storebrand’s entitled interest to prevent, identify, detect, resolve and deal with fraud and other criminal offences against any of our companies.

IT security and physical safety

For us, it is necessary to manage personal data to secure yours and Storebrand’s assets. This is done through access control to systems, logs on servers and systems, operations of technical infrastructure, firewall and access control and video surveillance.

The purpose of this can both be contractual obligations, fulfillment of legal obligations and Storebrand’s legitimate interest to protect yours and our assets.

Complaints, recourse and litigation

We process personal data to determine, assert and defend legal claims, for instance in regards of processing complaints, recourse claims and legal proceedings.

The purpose is Storebrand’s entitled interest to determine, assert and defend legal claims. In order to protect this purpose, we can process specific categories of personal data without consent.

Consent to process health data, sharing of personal data within Storebrand and electronic marketing

In certain cases, we must ask for your consent, for instance in order to:

  • process special categories personal data, such as personal health data
  • share information on your customer relationship between Storebrand’s companies
  • send electronic marketing regarding products and services that you do not already have

Categories of information

We process different types of your personal data depending on what relation you have to Storebrand and what types of products and services you have bought.

We have grouped the personal information we process into the following categories:

  • Identity information, such as national identity number, or other identity numbers issued by public authorities and copy of identity documentation.
  • Contact information and other general information, such as name, phone numbers, e-mail addresses, zip code, family status, date of birth, education background.
  • Financial information and information on insurance objects, such as type of agreements, information on income, payment card number, transaction data, credit history, assets, property, insurance history.
  • Information determined by law, such as tax residence, foreign tax registration number, information regarding financial advice, information regarding measures against money laundering.
  • Special categories of information, such as health information and union membership.

Primarily, Storebrand obtain information directly from you. Sometimes, we obtain information from other sources, such as your employer, public institutions and registers, and private institutions.

We inform you when we obtain information about you, unless due to legal requirements, notification is impossible or unreasonable difficult, or if we know that you are already aware that we obtain this information.

Confidentiality

All employees in Storebrand have a duty of confidentiality regarding information we receive in connection to your customer relationship.

Disclosure of personal information and the use of data processors


The Storebrand Group has an internal consolidated customer database that is available to all the companies in the Group and includes the following information:

  • Contact information
  • National identity number
  • The services and products you have purchased
  • Information of which entity or entities in the Group you have a customer relationship with

The information is used to manage the customer relationship and to coordinate advice, offers of services and marketing between the companies.

If you would like more relevant offers from Storebrand, you can consent to the companies of Storebrand sharing information about your customer relationship. This can be information on income, employment conditions, amount of loans and savings, or information on transactions and insured assets. We do not share sensitive data such as health information. You can give and withdraw consent in your customer profile on www.storebrand.no, or through contacting our service centre.

When required by law, Storebrand must give your personal information to public authorities such as NAV (the Norwegian Labour and Welfare Administration), the tax authorities, ØKOKRIM (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime) and others. If legislation permits it and if the duty of confidentiality does not hinder it, personal data can be given to other financial institutions and partners. Disclosing certain personal data can also take place during payment transactions, when it is necessary in order to ensure the transaction is carried out securely.

If your employer has your pension scheme in Storebrand, we inform the employer about the insurance premium that is paid for you and information about your pension benefits.

If you use the pension calculator from Norsk Pensjon or affiliates, Storebrand hands over personal data after getting your consent. If you take out insurance on a car, house, boat, etc., we will send a confirmation to the finance company or mortgagee.

As with other industry actors, we share personal data with different registers that are managed by Finance Norway, the industry organization for the finance sector in Norway. We hand out personal information to the following registers, where justified:

  • FOSS (Forsikringsselskapenes sentrale skaderegister): The insurance companies central damage register. Its purpose is to prevent and limit insurance fraud.
  • ROFF (Register over forsikringssøkere og forsikrede): Register of insurance applicants and those who are insured. Its purpose is to improve and ensure a uniform risk assessment and to reduce the risk of insurance fraud.
  • TFF Auto: Register of insured vehicles. Its purpose is to keep track of insurance status on vehicles in order to issue a fee in the absence of insurance, know which company insures which vehicles, and to form the basis for calculating the traffic insurance fee.
  • DBS (Dataassistert skadebesiktigelsessystem): System for calculating damages to vehicles. Its purpose is to ensure satisfactory completion and correct valuation and settlement of damage.
  • NHV (Nemnda for helsevurdering): NHV is established by the insurance companies in order to assess how health conditions can affect mortality rates, and the risk of future disability and illness.
    Norwegian Natural Perils Pool: Distributes claims and costs between insurance company members, in proportion to their share of the market.
  • Koordinering.no: Coordination of valuation surveyors for major events

Storebrand has entered into data processing agreements with subcontractors, for example in order to perform IT services. Our proprietary data processing agreements regulate all the personal information that is shared with our subcontractors. Our subcontractors cannot use the information for purposes other than those they are obtained for. Certain subcontractors are placed outside of the EU, such as in India and the USA. In such cases we enter EUs standard agreement (EU Model Clauses) or Privacy Shield with the subcontractor in order to ensure that the privacy and rights of the individuals concerned are well protected.

Your rights

Right to access information

You have the right to receive information about what personal data we process and how we process it. Under “Overview”, once you are logged into storebrand.no, you can view information on all the products you have purchased. Under “My customer profile” you can see which information we have stored about you, and which consents you have given us relating to this information. This gives you a good overview of the types of personal data Storebrand manages for you.

If you have questions about how we treat your personal information, you can always contact our Data Protection Officer by secure e-mail. (You can change to preferred language in the top left corner of the secure e-mail solution)

When doing so, we will require the following information from you:

  • Which companies in the Storebrand Group the inquiry relates to
  • If you would like information from a certain customer relationship such as bank, insurance or savings
  • If you would like information from a certain time period

You will get a reply from us as quickly as possible, and no later than within 30 days.

Rectification

It is important that the information we have about you is accurate and necessary. You can request that we correct and delete information about you if it is inaccurate or unnecessary.

Erasure

Storebrand stores your information as long as you are our customer. The information is deleted when we no longer have obligations under the agreement you have made with us or when we are no longer legally bound to store this information. If you have questions regarding deletion of your personal information, you can send a secure e-mail to Storebrand’s Data Protection Officer.
We anonymize data used for statistics and analysis whenever possible. If the statistics or analysis cannot be performed on anonymized data, we mask the information we use to protect your privacy.

Reservation

Under certain circumstances, Storebrand reserves the right to process personal information based on an evaluation of maintaining a balance between our interests and your interests as our customer. This includes, amongst other things, data processing connected to marketing, testing IT systems and the development of new products and services.

If there are special circumstances that mean that Storebrand should not process your personal data for such purposes, you can notify us about this. In such cases, we will evaluate the weight of each party’s interests. Storebrand will continue the proceedings if it is necessary in order to determine, assert and defend legal claims. You can at any moment claim that Storebrand must terminate the use of your personal information for marketing that targets you directly. This can be done from your customer profile on storebrand.no.

Restricted processing

In certain cases, you can claim that Storebrand must limit the processing of your personal information. We will still have the information stored, but all processing of this data shall be stopped temporarily.

For example:

  • If your personal information in incorrect
  • If Storebrand wish to delete information, but we need the information due to a legal claim
  • If you register a claim against processing the data, and it is based on an evaluation of each party’s interests, Storebrand can continue processing data
  • If it is necessary in order to determine, assert and defend legal claims
  • To protect the rights of others
  • For the sake of important public interests


Data portability – take your personal information with you

You can request us to transfer information that you have provided yourself when entering into an agreement with us or given your consent to. If the information security level is acceptable and technically feasible, we can transfer your information to a company that you specify.

You can read more on requirements for processing your personal information and your rights on The Norwegian Data Protection Authority’s website.

Automated individual decisions


Certain decisions Storebrand makes are fully automated, which means that there is a computer program that makes the decision. We do this in order to ensure efficient and accurate operations, and to give you the best possible services. If the result of an automated decision affects you significantly, you can claim a manual assessment of the decision.
If we use special categories of personal data to undertake an automated individual decision, we will ask for you consent.

Privacy Policy – storebrand.no

Use of Cookies

A cookie is a data file stored in your browser that our website can read and write to. Other websites cannot see the contents of Storebrand’s cookies without both you and Storebrand allowing it.

Primarily, we use cookies in order to optimize your user experience on our website. Some cookies are necessary for the site to work. For example, the login is based on certain cookies. Functional cookies help us customize our website to your wishes. These cookies can for instance remember what you have put in the shopping basket on prior visits, whether you are logged in and which settings you have selected. This means, among other things, that you do not have to enter the same information several times. We also use cookies to collect statistics on how the site is used, and we can use cookies to customize ads you see on other websites.

We have divided the cookies into the following categories:

  • Necessary – crucial to ensure the continued functioning of websites
  • Functional – store information in order to customize the website to your needs
  • Statistics – collect data on, for example, the number of visitors on the site and which pages gets read the most
  • Marketing – collect information that enables customized and relevant marketing based on interests, previous purchases and actions

You can choose whether you allow cookies that are functional, statistical or used for marketing. You can at any moment change your settings on our website.

For how long are cookies stored?

Cookies remain in your browser until you delete them, or they expire. The expiration date varies, but are typically updated every time you visit our website.

How to reject or delete cookies

On nettvett.no you can find instructions on how to delete or reject cookies in your browser. In addition, you can manage cookie-use per category on storebrand.no

Please note that this will cause you to lose functionality on Storebrand.no and other websites. This could typically mean that you will have to go through more clicks to get to the page you want to go to, or that you must enter the same information multiple times to do what you want to do.

We have some partners who also place cookies in your browser when you visit Storebrand’s website. Use the following links if you wish to opt out of this:


Questions on cookies

We continually work to develop our webpages in order to give you the best user experience. As a result, which cookies that are placed in your browser can vary.

You may be contacted after price calculation

We may contact you by e-mail or over phone to help you with your purchase when you use the purchase solutions on storebrand.no. In your personal customer profile, you can specify how you want us to provide purchasing help. You can choose not to be contacted by reserving yourself in the individual purchase solution. We can help you with purchases for 30 days before we delete your information.

Card payment

For our payment service provider to conduct payment for products on storebrand.no, you are asked to provide credit/debit card information. This information is stored solely with the supplier and is subject to the supplier's privacy policy. We keep payment information only to the extent and as long as it is necessary to ensure effective processing of any problems with debit, cancellation of reservations and credit.

How do we use person profiles?

In order to give you the best customer experience at Storebrand we want to adapt our communication and marketing to you. In order to do this, we make person profiles. We never use special categories of personal data, such as health information, when we make person profiles.

We use the following information when we develop person profiles:

  • Information you have provided in connection with purchase of our products
  • Information you share with us when you use our services
  • Your behavior data from digital communication and storebrand.no
  • Information from publicly available registers

We use your information to ensure that we offer you relevant and customized services and offers. You can get insight into what information the person profile is made from on your profile on storebrand.no. You can also reserve yourself against us storing information about your behavior on our website in your customer profile.

Newsletters and marketing

Storebrand sends out newsletters to our customers by e-mail. We want the content in our newsletters to be relevant. Therefore, we adjust the content based on information we have on you, such as which services and products you use, age, life situation and residency. Storebrand collects information on how you read the e-mails we send you. We look at how often you open them and what matters you are concerned about.

You need to register your e-mail address with us to receive these newsletters. You can unsubscribe to our newsletters through the link in the bottom of the emails you receive from us. You can also manage newsletter subscriptions in your customer profile.

If you want relevant offers and recommendations beyond your customer relationship to Storebrand, you must consent to receive electronic marketing by e-mail and SMS from us. You can always withdraw your consent in your customer profile at storebrand.no or contact our service center.

Social Media

Storebrand is present on several social media channels in order to answer questions from customers and for marketing purposes. We ask you to not give out personal information through these channels. In order to secure your privacy, we delete posts containing such information.
We remind you that everything you do on the various social media platforms is recorded by the various websites and can be used to customize your user experience. You can read more about this in the privacy statements for each platform:

Facebook
Instagram
LinkedIn
Twitter

Storebrand Fordel

Storebrand Fordel is a customer program for employees with occupational pensions in Storebrand. Through this program we want to give employees insight and overview of their own pension. We send out newsletters about pension and savings, in addition to invitations to seminars for members of Storebrand Fordel. You can unsubscribe to our newsletters through the link in the bottom of the emails you receive from us. You can also manage newsletter subscriptions in your customer profile.

The Business portal (Bedriftsportalen)

The Business Portal (Bedriftsportalen) is a solution for Storebrand's corporate customers. Here, the company can, among other things, manage participants of collective agreements, receive invoices, view history of employee and contractual relations and send and receive inquiries from Storebrand in accordance with Storebrand's security requirements.

The company appoints the persons who has service needs to access information about both the agreement and employees associated with the agreement. In the Business Portal, information such as employee salary, position, employment status, and degree of disability will be available. Storebrand emphasizes that the company must themselves consider whether employees who are granted access are eligible to access this information. When the company creates users for the Business Portal, the company confirms that the appointed person is eligible for access to the information mentioned above.

The Business Portal contains cookies that are stored on your computer. Cookies are used in the Business Portal for login purposes, to make sure our visitor statistics to be reliable, and to provide users with the best possible functionality. We also use Google Analytics for optimization and traffic analysis to improve the portal. We delete information stored in the Business Portal according to established principles.

Storing of communication

When Storebrand provides investment services, we are required by law to provide documentation of these services. That is why we make audio recordings of all phone calls and store other customer communications, such as e-mail and chat. Contact your advisor if there is any information you do not want stored. We must store documentation related to investment services for five years. The purpose of this is to ensure that the investment service we provide is documented.

We record other phone calls unless you reserve yourself from this. We want to record conversations to make sure that information shared is accurate and to give you confidence in the advice we provide. We also want to use the conversation to train our employees. We store these recordings for three years. 

Chatbot

Storebrand's chatbot helps you with answers to questions and simple services. For the robot to be better, we take samples of what customers ask for and improve the robot's response based on this.

If you have used our chatbot on logged-in pages, we store the information in our customer system for three years, and five years for investment services, to ensure that information that is shared is accurate and gives you confidence in the advice we provide. Open page chats are deleted continuously.

Customer Surveys

We conduct short surveys with our customers after they have been in contact with Storebrand. The feedback we receive from these surveys provides us with valuable input on how we can improve our products and services. It also allows us to measure the effect of our improvement efforts, as well as to understand how customer satisfaction affects customer behavior over time.

If you do not want to share this type of information with us, you can simply refrain from responding to the survey. We use Norstat for data-processing in conjunction with customer and marketing questionnaires.

Storebrand Community is our online customer panel, where we invite customers to participate in customer surveys, group discussions and testing of new digital services. Participation is voluntary, and you can opt out of the panel at any time.

Questions and complaints

Storebrand's Data Protection Officer (DPO) is independent and assists you as a customer. The DPO supervises that the organization is complying with data protection legislations and reports directly to Storebrands top management. Storebrand has regular internal audits on privacy.

If you have questions about how we treat your personal data, or if you have any complaints regarding our processing of your personal data, you can always contact our Data Protection Officer by secure e-mail.

Changes in the privacy policy

We periodically need to update this privacy policy in order to provide you with accurate information about how we process personal data. We will inform you if there are significant changes.

Last updated 01.05.2020.