How we handle your personal data
Storebrand is dedicated to protect your personal data and personal privacy. Your information shall be safe with us. This includes all information that can be used to identify you personally, such as your national identity number, contact information and information regarding the products you have purchased from Storebrand.
Who is the data controller?
The data controller is the person who decides on the purpose for collecting and processing the personal data. In Storebrand, the data controller is the Chief Executive Officer of the company with which you have entered into an agreement.
We handle personal data in conjunction with providing pensions, savings, insurance and banking services. This policy covers all the companies in the Storebrand group, and the work done by our data processors. When referring to Storebrand throughout this document, we include following companies:
- Storebrand ASA
- Storebrand Livsforsikring AS
- Storebrand Bank ASA
- Storebrand Asset Management AS
- Storebrand Forsikring AS
- Storebrand Helseforsikring AS
- Storebrand Boligkreditt AS
- Storebrand Pensjonstjenester AS
Collecting and using personal data
We collect and use personal data for different purposes, and with different objectives. Here is an overview.
Customer administration and delivery of products and services
The purpose for processing personal data is to collect, verify and process personal data before we make an offer and enter into an agreement with you. Once we have entered into an agreement, we use your personal data to document, administer and complete tasks in order to deliver the agreed services.
The purpose for processing your personal data is to be able to meet the requirements of an agreement between Storebrand and you, and to protect our legitimate interests in administering our relationship with you, the customer. Where it is necessary to process special categories of personal data, we will first ask for your consent.
The Storebrand Group Customer Database
The Storebrand Group consists of multiple companies. We have a common customer database for pensions, savings, insurance and banking services. The objective of a Group-level customer database is to manage all your agreements in one place and coordinate the different products and services from the different companies in Storebrand.
The purpose for processing personal information is Storebrand's legitimate interest. The companies in The Storebrand Group are collectively responsible for the Group's customer database, and each company is responsible for protecting your privacy rights as a customer.
Develop new and existing services
We use personal data to forecast demand for new products and services, as well as to identify the need for improvements to existing products and services.
The purpose for processing personal information is Storebrand's legitimate strive to develop and improve our products and services.
Marketing
We process personal data in order to promote our products and services, build customer profiles and perform product and customer analyses. We do this to be able to offer you relevant and customized services and offers.
We use personal data to give you relevant information, advice and to market our products and services. We use profiling and segmentation to ensure that marketing information is relevant to you.
If you are already a customer, we use your data on the basis of a legitimate interest in order to provide you with information and offers.
If you are not yet a customer, we will ask you for your consent to receive digital marketing or consent for telephone marketing. We will respect any reservations against marketing in the Reservation Register (Brønnøysundregistrene) in Norway.
Statistics, analysis, modelling and risk classification
We process personal data to conduct analyses and compile statistics in order to assess risk, capital ratio and profitability, and set correct tariffs and prices. In addition, we use these analyses when deciding whether to develop new and existing products and services. To fulfill this purpose, we in some cases reuse personal information obtained for other purposes. Thus, this is only when it is consistent with the new purpose.
The purpose for processing personal data is both to comply with our legal requirements under law, and Storebrand's legitimate interest in using personal data to gain necessary insights to run our business.
Compliance with legal requirements
We must use personal data to comply with legal requirements under local laws, regulations and public policy.
The reason for processing personal data is to ensure compliance with laws and regulations relating to our business operations.
Preventing criminal activity against our business
Storebrand is required to process personal data in order to prevent, detect, solve and manage cases of fraud and other criminal offences against Storebrand. Storebrand is required to collect and disclose information to other financial institutions, the public authorities, for example ØKOKRIM (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime) should we become suspicious of money laundering or terror financing. According to the anti-money laundering act and the personal data act, we are not obliged to disclose this information to you. The information is stored in accordance with the anti-money laundering act.
The basis of the management of this can both be fulfillment of a legal obligation and Storebrand’s entitled interest to prevent, identify, detect, resolve and deal with fraud and other criminal offences against any of our companies.
IT security and physical safety
For us, it is necessary to manage personal data to secure yours and Storebrand’s assets. This is done through access control to systems, logs on servers and systems, operations of technical infrastructure, firewall and access control and video surveillance.
The purpose of this can both be contractual obligations, fulfillment of legal obligations and Storebrand’s legitimate interest to protect yours and our assets.
Complaints, recourse and litigation
We process personal data to determine, assert and defend legal claims, for instance in regards of processing complaints, recourse claims and legal proceedings.
The purpose is Storebrand’s right to determine, assert and defend legal claims. In order to protect this purpose, we can process specific categories of personal data without consent.
Consent to process health data, sharing of personal data within Storebrand and electronic marketing
In certain cases, we must ask for your consent, for instance in order to:
- process special categories of personal data, such as health data and information on trade union membership
- share information on your customer relationship between Storebrand’s companies
- send electronic marketing regarding products and services that you do not already have
Shareholder in Storebrand
We process personal information about you to have an overview of Storebrands shareholders.
Processing of this personal data is necessary for compliance with a legal obligation.
We will also process your personal information if you have purchased stocks through a nominee account or other indirect ownership for shares in Storebrand.
Personal information, which is collected for an agreed purpose, may in some cases be reused for new purposes. This is only conducted when it is consistent with the new purpose. In such cases, the purpose for processing the personal data is legitimate interest or fulfilling a legal obligation.
Categories of information
We process different types of your personal data depending on what relation you have to Storebrand and what types of products and services you have bought.
We have grouped the personal information we process into the following categories:
- Identity information, such as national identity number, or other identity numbers issued by public authorities and copy of identity documentation.
- Contact information and other general information, such as name, phone numbers, e-mail addresses, zip code, family status, date of birth, education background.
- Financial information and information on insurance objects, such as type of agreements, information on income, payment card number, transaction data, credit history, assets, property, insurance history.
- Information determined by law, such as tax residence, foreign tax registration number, information regarding financial advice, information regarding measures against money laundering.
- Special categories of information, such as health information and union membership.
Primarily, Storebrand obtain information directly from you. Sometimes, we obtain information from other sources, such as your employer, public institutions and registers, and private institutions.
We inform you when we obtain information about you, unless due to legal requirements, notification is impossible or unreasonable difficult, or if we know that you are already aware that we obtain this information.
Confidentiality
All employees in Storebrand have a duty of confidentiality regarding information we receive in connection to your customer relationship. The duty of confidentiality also applies between companies within the Group.
Disclosure of personal information and the use of data processors
The Storebrand Group has an internal consolidated customer database that is available to all the companies in the Group and includes the following information:
- Contact information
- National identity number
- The services and products you have purchased
- which entity or entities in the Group you have a customer relationship with
The information is used to manage the customer relationship and to coordinate information and offers of services between the companies.
If you would like more relevant offers from Storebrand, you can consent to the companies of Storebrand sharing information about your customer relationship. This can be information on income, employment conditions, amount of loans and savings, or information on transactions and insured assets. We do not share certain categories of data such as health information. You can give and withdraw consent in your customer profile on www.storebrand.no, or through contacting our service center.
When required by law, Storebrand must give your personal information to public authorities such as NAV (the Norwegian Labour and Welfare Administration), the tax authorities, Økokrim (the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime) and others. If legislation permits it and if the duty of confidentiality does not hinder it, personal data can be given to other financial institutions and partners. Disclosing certain personal data can also take place during payment transactions, when it is necessary in order to ensure the transaction is carried out securely. When it is necessary, Storebrand will disclose personal information to partners who contributes in the claim settlement process.
If your employer has your pension scheme in Storebrand, we inform the employer about the insurance premium that is paid for you and information about your pension benefits.
If you use the pension calculator from Norsk Pensjon or affiliates, Storebrand hands over personal data after getting your consent. If you take out insurance on a car, house, boat, etc., we will send a confirmation to the finance company or mortgagee.
As with other industry actors, we share personal data with different registers that are managed by Finance Norway, the industry organization for the finance sector in Norway. We hand out personal information to the following registers, where justified:
- FOSS (Forsikringsselskapenes sentrale skaderegister): The insurance companies central damage register. Its purpose is to prevent and limit insurance fraud.
- ROFF (Register over forsikringssøkere og forsikrede): Register of insurance applicants and those who are insured. Its purpose is to improve and ensure a uniform risk assessment and to reduce the risk of insurance fraud.
- TFF Auto: Register of insured vehicles. Its purpose is to keep track of insurance status on vehicles in order to issue a fee in the absence of insurance, know which company insures which vehicles, and to form the basis for calculating the traffic insurance fee.
- DBS (Dataassistert skadebesiktigelsessystem): System for calculating damages to vehicles. Its purpose is to ensure satisfactory completion and correct valuation and settlement of damage.
- NHV (Nemnda for helsevurdering): NHV is established by the insurance companies in order to assess how health conditions can affect mortality rates, and the risk of future disability and illness.
Norwegian Natural Perils Pool: Distributes claims and costs between insurance company members, in proportion to their share of the market. - Koordinering.no: Coordination of valuation surveyors for major events
Storebrand has entered into data processing agreements with subcontractors, for example in order to perform IT services. Our proprietary data processing agreements regulate all the personal information that is shared with our subcontractors. Our subcontractors cannot use the information for purposes other than those they are obtained for. Certain subcontractors are placed outside of the EEC. Transfer of personal information to actors located outside the EEC can only be done if there is a valid reason for the transfer and a guarantee that handling your information is sufficiently secure. In such cases we use EU standard agreements, including Standard Contractual Clauses (SCC) or Binding Corporates Rules (BCR) with the subcontractor, in order to ensure that the privacy and rights of the individuals concerned are protected.
Your rights
Right to access information
You have the right to receive information about what personal data we process and how we process it. Under “Overview”, once you are logged into storebrand.no, you can view information on all the products you have purchased. Under “My customer profile” you can see which information we have stored about you, and which consents you have given us relating to this information. This gives you a good overview of the types of personal data Storebrand manages for you.
If you have questions about how we treat your personal information, you can always contact our Data Protection Officer at personvernombud@storebrand.no
When doing so, we require the following information from you:
- Which companies in the Storebrand Group the inquiry relates to
- If you would like information from a certain customer relationship such as bank, insurance or savings
- If you would like information from a certain time period
You will get a reply from us as quickly as possible, and no later than within 30 days.
Rectification
It is important that the information we have about you is accurate and necessary. You can request that we correct and delete information about you if it is inaccurate or unnecessary.
Erasure
Storebrand stores your information as long as you are our customer. The information is deleted when we no longer have obligations under the agreement you have made with us or when we are no longer legally bound to store this information. If you have questions regarding deletion of your personal information, you can send a secure e-mail to Storebrand’s Data Protection Officer: personvernombud@storebrand.no
We anonymize data used for statistics and analysis whenever possible. If the statistics or analysis cannot be performed on anonymized data, we mask the information we use to protect your privacy.
Reservation
Under certain circumstances, Storebrand reserves the right to process personal information based on an evaluation of maintaining a balance between our interests and your interests as our customer. This includes, amongst other things, data processing connected to marketing, testing IT systems and the development of new products and services.
If there are special circumstances that mean that Storebrand should not process your personal data for such purposes, you can notify us about this. In such cases, we will evaluate the weight of each party’s interests. Storebrand will continue the proceedings if it is necessary in order to determine, assert and defend legal claims. You can at any moment claim that Storebrand must terminate the use of your personal information for marketing that targets you directly. This can be done from your customer profile on storebrand.no.
Restricted processing
In certain cases, you can claim that Storebrand must limit the processing of your personal information. We will still have the information stored, but all processing of this data shall be stopped temporarily.
For example:
- If your personal information in incorrect
- If Storebrand wish to delete information, but we need the information due to a legal claim
- If you register a claim against processing the data, and it is based on an evaluation of each party’s interests, Storebrand can continue processing data
- If it is necessary in order to determine, assert and defend legal claims
- To protect the rights of others
- For the sake of important public interests
Data portability – take your personal information with you
You can request us to transfer information that you have provided yourself when entering into an agreement with us or given your consent to. If the information security level is acceptable and technically feasible, we can transfer your information to a company that you specify.
You can read more on requirements for processing your personal information and your rights on The Norwegian Data Protection Authority’s website.
Automated individual decisions
Certain decisions Storebrand makes are fully automated, which means that there is a computer program that makes the decision. We do this in order to ensure efficient and accurate operations, and to give you the best possible services. If the result of automated decisions affects you significantly, you can always claim a manual assessment of the decision. We will inform you when this is the case. At our website, under "contact us", you can learn the different ways to contact us.
If we use special categories of personal data to undertake an automated individual decision, we will ask for you consent.
Privacy Policy – storebrand.no
Use of Cookies
A cookie is a data file in your browser, which the website can use to temporarily store information across page views. Some cookies are stored for a short time, within one visit to the website. Other cookies have a longer lifespan, so that we can recognize that it is the same browser that visits us over a period of several hours, days or months. You can delete cookies that have a long lifespan, and in that way be perceived as a first-time visitor the next time you visit the website.
Cookies we set in your browser can only be read by websites on storebrand.no. Some cookies are set by software that Storebrand buys from others, and they can then be read both by Storebrand and by the relevant supplier of the software. Storebrand works to minimize the use of cookies set by Storebrand itself.
We use cookies in order to give you the best possible experience when using our webpages and have divided the cookies into the following categories:
- Necessary – These are needed for the websites to function properly, for example by allowing the log in function to work. You cannot opt out of these, but they are deleted automatically or you can delete them after you have used our pages
- Functional – You can opt out of these, but will cause some functions to stop working. The websites will still work, but will "forget" what you put in the shopping cart on your last visit, and/or information you have filled inn previously
- Statistics – We use cookies to obtain information about how the pages are utilized, this information is more useful if we can recognize visitors from previous visits. We use Google Analytics, but we do it in such a way that Google does not get to know that it is exactly you or your equipment that visits the pages
- Marketing – We can use cookies to capture that you visit us because you have seen an advertisement. We can also use information that you have visited our websites to follow you up in various ways afterwards. If you are not logged in, we do not identify you as a specific individual, but by the browser you use.
Consent to the use of cookies for marketing includes the following functions functions:
- Behavioral data: Registration of your page views and behaviour. The information may be shared with the websites where we advertise.
- Recognition: Uses information about your visit to storebrand.no to manage advertisements on other websites.
- Connecting devices: Combines information about your use of the websites across different PCs, mobile phones and tablets that you use.
- Information sharing: We may share anonymised information about you and your visits to storebrand.no with our partners.
- Data linking after recognition: When you identify yourself, we also link actions you performed before identification to you. It allows us to better understand which marketing messages you have received, for example before you buy a product or log in to use one of our services.
How to reject or delete cookies
At [nettvett.no] you will find general instructions on how you can delete or reject cookies in the browser you use. You can change your consents at any time, per category, from the page where you find our privacy policy
We have some partners who also place cookies in your browser when you visit Storebrand’s website. Use the following links if you wish to opt out of this:
You may be contacted after price calculation
We may contact you by e-mail or over phone to help you with your purchase when you use the purchase solutions on storebrand.no. In your personal customer profile, you can specify how you want us to provide purchasing help. You can choose not to be contacted by reserving yourself in the individual purchase solution. We can help you with purchases for 30 days before we delete your information.
Card payment
For our payment service provider to conduct payment for products on storebrand.no, you are asked to provide credit/debit card information. This information is stored solely with the supplier and is subject to the supplier's privacy policy. We keep payment information only to the extent and as long as it is necessary to ensure effective processing of any problems with debit, cancellation of reservations and credit.
How do we use person profiles?
In order to give you the best customer experience at Storebrand we want to adapt our communication and marketing to you. In order to do this, we make person profiles. We never use special categories of personal data, such as health information, when we make person profiles.
When we create a person profile for the purpose of communication and marketing, we use the following information:
- Information you have provided in connection with purchase of our products
- Information you share with us when you use our services
- Your behavior data from digital communication and storebrand.no
- Information from publicly available registers
- Information purchased from a third party.
We use your information to ensure that we offer you relevant and customized services and offers. You can get insight into what information the person profile is made from on your profile on storebrand.no. You can also reserve yourself against us storing information about your behavior on our website in your customer profile.
Storebrand also use personal profiles, in order to notice cases who need more attention. We do not use "special categories" of personal data, such as information about your health, when creating these person profiles.
When we create person profiles in relation to insurance we use the following information:
- Information you have shared when buying our products
- Information you share with us when you use our services
- Information you share with us when creating and managing an insurance case
- Information collected from third parties
- Information from publicly available registers
No automated decisions is made when considering insurance cases like this.
Newsletters linked to your customer relation and customer service through social media
We want to provide you as a customer with relevant information in regard to your customer relationship with us. We send you this as a newsletter by e-mail. The content of the newsletter is based on the information we have about you and your customer relationship, such as what products you have, your age, life situation and place of residence. We collect information about how you read the emails, so that we can provide you with even better customized content. Among other things, we look at how often you open the e-mails, and which issues you are interested in / click on.
In order for us to send you an e-mail, you must register an e-mail address with us. You can easily unsubscribe from the newsletters at the bottom of the email you have received. In your customer profile on storebrand.no, you will see that you have unsubscribed, and there you can also sign up again.
Customer service in social media
We answer general questions from our customers through several social media platforms. When contacting us through social media, you must never provide personal information. We take privacy seriously and we will delete posts that contain personal information such as social security numbers or bank account numbers. If you want personal advice, we recommend using secure channels, such as a telephone or our logged in chat function.
We remind you that everything you do on the various social media platforms is registered by the platform and can be used to customize your user experience. You can read more about this here:
Marketing in digital channels
We want to provide our customers with personalized marketing in digital channels. In order to receive this, you must give consent for receiving electronic marketing from us via email, SMS, social media and other websites (such as Google and Schibsted). You can always give and withdraw your consents in your customer profile on storebrand.no, or by contacting our customer center.
For digital marketing we always use the e-mail address or the phone number that you have provided. In order to get personalized marketing in social media and other websites, we need to know who you are when using the relevant channels and websites. We do this by linking, for example, the mobile number and e-mail address you have given us, with corresponding information that you have given to relevant social media and websites. Once the link is made, you will be able to get information and marketing that we hope and believe is relevant to you.
Storebrand Fordel
Storebrand Fordel is a customer program for employees with occupational pensions in Storebrand. Through this program we want to give employees insight and overview of their own pension. We send out newsletters about pension and savings, in addition to invitations to seminars for members of Storebrand Fordel. You can unsubscribe to our newsletters through the link in the bottom of the emails you receive from us. You can also manage newsletter subscriptions in your customer profile.
The Business portal (Bedriftsportalen)
The Business Portal (Bedriftsportalen) is a solution for Storebrand's corporate customers. Here, the company can, among other things, manage participants of collective agreements, receive invoices, view history of employee and contractual relations and send and receive inquiries from Storebrand in accordance with Storebrand's security requirements.
The company appoints the persons who has service needs to access information about both the agreement and employees associated with the agreement. In the Business Portal, information such as employee salary, position, employment status, and degree of disability will be available. Storebrand emphasizes that the company must themselves consider whether employees who are granted access are eligible to access this information. When the company creates users for the Business Portal, the company confirms that the appointed person is eligible for access to the information mentioned above.
The Business Portal contains cookies that are stored on your computer. Cookies are used in the Business Portal for login purposes, to make sure our visitor statistics to be reliable, and to provide users with the best possible functionality. We also use Google Analytics for optimization and traffic analysis to improve the portal. We delete information stored in the Business Portal according to established principles.
Storing of communication
When Storebrand provides investment services, we are required by law to provide documentation of these services. That is why we make audio recordings of all phone calls and store other customer communications, such as e-mail and chat. Contact your advisor if there is any information you do not want stored. We must store documentation related to investment services for five years. The purpose of this is to ensure that the investment service we provide is documented.
We record other phone calls unless you reserve yourself from this. We want to record conversations to make sure that information shared is accurate and to give you confidence in the advice we provide. We also want to use the conversation to train our employees. We store these recordings for three years.
We can also record conversations in very special cases where threats are made against employees. Such recording is made without the consent of the person making the threats.
Chatbot
Storebrand's chatbot helps you with answers to questions and simple services. For the robot to be better, we take samples of what customers ask for and improve the robot's response based on this.
If you have used our chatbot on logged-in pages, we store the information in our customer system for three years, and five years for investment services, to ensure that information that is shared is accurate and gives you confidence in the advice we provide. Open page chats are deleted continuously.
Customer Surveys
We conduct short surveys with our customers after they have been in contact with Storebrand. The feedback we receive from these surveys provides us with valuable input on how we can improve our products and services. It also allows us to measure the effect of our improvement efforts, as well as to understand how customer satisfaction affects customer behavior over time.
If you do not want to share this type of information with us, you can simply refrain from responding to the survey. We use Norstat for data-processing in conjunction with customer and marketing questionnaires.
Storebrand Community is our online customer panel, where we invite customers to participate in customer surveys, group discussions and testing of new digital services. Participation is voluntary, and you can opt out of the panel at any time. In some cases, Storebrand will call and ask for more information when customers have provided feedback.
Incidents
Although we always do our best when handling your personal information, errors may occur. All errors are handled promptly by taking measures to correct the error and prevent reoccurrences. We will always consider if the incident requires us to inform The Norwegian Data Protection Authority about the error. If errors are likely to result in a high risk to the rights and freedoms for the data subject, we will contact all affected parties.
Data Protection Officer
Storebrand's Data Protection Officer shall help you as a customer. Contact our Data Protection Officer at personvernombud@storebrand.no If if you have questions about regarding how we treat your personal data, or regarding your privacy rights you’re your right to access data, erasure and data portability.
If if you have any complaints regarding our processing of your personal data, you can always contact our Data Protection Officer at personvernombud@storebrand.no
Changes in the privacy policy
We periodically need to update this privacy policy in order to provide you with accurate information about how we process personal data. We will inform you if there are significant changes.
Last updated May 2023