At Nordic Benefits AS, we are committed to safeguarding your privacy. We act as a representative and data processor for insurer Collinson Insurance Europe Limited, which is the controller of your personal data. This means that we process personal data on the instructions of Collinson and in accordance with applicable data protection legislation. The treatment is limited to the purposes necessary to manage insurance products such as Norsk Tannhelseforsikring and SmartDelay+. We take our responsibilities seriously and ensure that your personal data is treated safely and confidentially.

What personal data we process

We process different types of personal data to fulfill our obligations, depending on the purpose of the processing and the legal basis. Examples of information we may process include:

• Identification information: Name, address, social security number, phone number and email address.
• Payment information: Bank account number and payment history.
• Health Information: Processed only when necessary and with express consent, e.g. in case of claims processing.
• Correspondence and communication data: Emails, letters and other communications related to the Services.

Purpose of our processing of personal data

We process personal data for specific, legitimate purposes. These include, but are not limited to:

• Management of insurance contracts.
• Injury treatment.
• Communication with you as a customer.
• Fulfillment of legal obligations.

Basis for processing your personal data

We process personal data on the following grounds:

• Consent: When necessary, we obtain your express consent, in particular for the processing of special categories of data, such as health data in case of claims processing.
• Appointment: The treatment is necessary to fulfill the insurance contract.
• Legal Obligation: The processing is necessary to comply with legal requirements.
• Legitimate interest: The processing is necessary for the legitimate interests of the company, as long as these do not exceed your rights and freedoms.

Automated decisions

In case of claims processing, we can use automated decisions to streamline proceedings. Since health information is included in this process, we obtain your express consent before making such decisions. If you disagree with an automated decision, you have the right to have the case reviewed manually by a case manager, to express your views and to contest the decision.

Sharing of personal data

In order to fulfil our obligations, we may share information with Collinson, external suppliers and business partners. All sharing is regulated by data processing agreements, and we ensure that the processing takes place in accordance with the GDPR. All companies we share information with are based in the EU, EEA or UK, which follow similarly strict privacy policies to protect your information.

Where required by law, we may share information with relevant authorities to comply with legal requirements.

Storage time

We store personal data for as long as it is necessary to fulfill the purposes for which it was collected. The personal data will be deleted when we no longer have any obligations under the agreement you have entered into or other applicable regulations.

Your rights

You have rights regarding your personal data and how we use it. These rights include:

• See what data we process.
• Correction of incorrect or incomplete information. You can also correct certain information yourself on “My Page”.
• Deleting data that is no longer needed.
• Limited treatment in specific cases.
• Data portability, which gives you the right to receive personal data that you have provided yourself, in a structured and machine-readable format.
• To object to treatment in certain cases.

Information security

We have implemented the necessary technical and organizational measures to protect your personal data from unauthorized access, loss or misuse. These measures are regularly updated to ensure that we comply with GDPR's data security requirements. All personal data is stored on secure servers, mainly located in the EU/EEA and the United Kingdom.

Confidentiality

All employees of the company are subject to confidentiality when handling personal data. This means that the data can only be used for the purposes necessary to fulfill the company's obligations and not be shared with unauthorized persons. The duty of confidentiality also applies after the termination of the employment relationship. Breach of confidentiality may result in disciplinary action and legal consequences.

Notification of breach of personal data security

In the event of a security breach that may affect your personal data, we will notify the insurer and the relevant authorities, as well as you if necessary, in accordance with applicable law.

Contact information

For questions about privacy, or to exercise your rights, contact:

• Email: kundeservice@norskthf.no or kundeservice@smartdelay.no
• Postal address: Norsk Tannhelseforsikring, co/ Nordic Benefits AS, Philip Pedersens vei 20, 1366 Lysaker

You can complain to the Norwegian Data Inspectorate via www.datatilsynet.com.