Privacy Policy
Alivia Insurance AB (“Alivia”, “we”, “us” or “our”) prioritizes confidentiality and data security. This privacy policy applies to our processing of personal data in connection with the provision of Alivia Kræftforsikring and medical services provided by Alivia Care. The policy provides the information you are entitled to under applicable data protection legislation.
Data Controller and contact details
Alivia is the Data Controller for the processing of your personal data when you have purchased Alivia Kræftforsikring.
Data Controller
Alivia Insurance AB
Company number: Swedish org. nr. 556740-8108
Olof Palmes gata 11, 111 37 Stockholm, Sweden
Phone: +46 8 517 138 00
E-mail: databeskyttelsesansvarlig@alivianordic.dk
Data Protection Officer (DPO)
You can contact our DPO at databeskyttelsesansvarlig@alivianordic.dk. Please avoid sending sensitive or confidential information via email.
How we process your personal data
Below we summarise the purposes for which we process personal data, the types of personal data, and the legal bases for processing.
Administration of insurance
When you are covered by Alivia Kræftforsikring, we register your basic details so we can verify your cover, identify you and handle claims.
| Purpose | Types of personal data | Legal basis |
|---|---|---|
| Administration of insurance |
|
GDPR Art. 6(1)(b) — performance of a contract. Where required by Danish law, CPR numbers are processed in accordance with the Danish Insurance Business Act (section 69). |
| Claims-handling |
|
GDPR Art. 6(1)(b) — performance of a contract. GDPR Art. 9(2)(f) — processing health data for legal claims and insurance purposes. |
| Transfer to treatment providers & pension companies |
|
GDPR Art. 6(1)(a) & Art. 9(2)(a) — consent is requested for such transfers. |
| Telephone therapeutic conversations |
|
GDPR Art. 6(1)(b) — performance of contract; Art. 9(2)(f) where legal claims are relevant. |
| Communication and service notifications |
|
GDPR Art. 6(1)(f) — legitimate interest in communicating about policies and claims. |
| Legal obligations & legal claims |
|
GDPR Art. 6(1)(c) and Art. 9(2)(f). |
| Recording of telephone calls (documentation) |
|
GDPR Art. 6(1)(b) and Art. 9(2)(f). |
| Recording of telephone calls (service & quality) — with consent |
|
GDPR Art. 6(1)(a) and Art. 9(2)(a) — consent. |
| Online webinars | GDPR Art. 6(1)(f) — legitimate interest in providing access to webinar platforms. |
Business intelligence, surveys and analytics
We may compile statistics and conduct satisfaction and effect surveys. Personal data used in BI and reporting is handled in accordance with GDPR and our legitimate interests in improving products and services.
Invoicing, bookkeeping and financial processes
We process billing and accounting data in order to comply with contractual and statutory obligations (GDPR Art. 6(1)(b) and 6(1)(c), and national bookkeeping laws).
Refunds from Sygeforsikringen “Danmark”
If an insurance claim is covered both by Alivia and by Sygeforsikringen “Danmark”, we may seek refunds. For this purpose we may process identifying information and health data as necessary.
Transfers within Alivia group and to brokers
We may transfer personal data to Alivia subsidiaries for administration and analysis and to insurance brokers where your policy was arranged through a broker. Transfers are limited to what is necessary and based on appropriate legal bases (contract performance, legitimate interests, or consent where required).
Digital advertising and profiling
We may send advertising and newsletters, subject to your consent where required. We may also carry out profiling to identify relevant insurance products for marketing purposes; such processing is carried out on a legitimate interest basis, while respecting your rights and preferences (e.g. Robinson-list checks using CPR number).
Testing and development
We may use personal data for testing our systems during development. Test environments are secured and such data is deleted after completion.
Anonymisation
Where appropriate, we anonymise personal data for marketing, development, statistics and publication. Anonymised data is not subject to data protection rules.
Recipients of personal data
We disclose personal data only when necessary and on legal grounds (consent, contract performance, legal obligation or legitimate interest). Categories of recipients include:
- Data processors (IT suppliers, AI/transcription services, development and call centre suppliers)
- Independent data controllers such as law firms, accountants, courts and public authorities where required
- External health clinics and approved treatment providers (based on consent for health data transfers)
Third country transfers (outside EU/EEA)
We use services from Microsoft and Amazon Web Services (AWS). Data is stored in AWS EU-North-1 (Stockholm) where possible, but certain suppliers may transfer data outside the EU/EEA subject to contractual safeguards. If necessary for medical expertise, we may transfer health data to medical experts outside the EU/EEA with your explicit consent (GDPR Art. 49(1)(a)).
How long do we retain your details?
We retain personal data only as long as there is a legitimate purpose. Specific retention periods include:
- Data related to processing of a claim: retained for 10 years from conclusion of the case.
- Telephone recordings: retained for 6 months.
- Other personal data not directly related to a claim: in principle 5 years + current financial year.
- Test environment data: deleted immediately after testing.
Your rights
You can exercise your data subject rights by contacting our data protection team at databeskyttelsesansvarlig@alivianordic.dk. Note that certain rights may be limited by applicable law.
Rights under GDPR
- Right of access — you may request a copy of personal data we process about you.
- Right to rectification — you may request correction of inaccurate data.
- Right to erasure — you may request deletion unless our legal obligations or legitimate interests require continued storage.
- Right to restrict processing — you may request to limit processing in certain circumstances.
- Right to object — you may object to processing based on legitimate interests (GDPR Art. 6(1)(f)).
- Right to data portability — you may request a copy of your data in a structured, machine-readable format and request transfer to another controller where technically feasible.
Security
We protect confidentiality, integrity and availability of personal data using appropriate technical and organisational measures. Data is stored and transmitted encrypted in accordance with guidance from the Danish Data Protection Agency. Our staff and healthcare personnel are subject to statutory confidentiality.
Cookies
When you visit our website we may collect technical and behavioural data (IP address, browser type, etc.). Cookies used for analytics and preferences are processed on the legal basis of consent (GDPR Art. 6(1)(a)).
Questions and complaints
If you have questions or wish to complain about our processing of your personal data, contact our DPO at databeskyttelsesansvarlig@alivianordic.dk.
You can also lodge a complaint with the Danish Data Protection Agency:
Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby
Tel: +45 33 19 32 00
E-mail: dt@datatilsynet.dk
Website: www.datatilsynet.dk
Changes to the privacy policy
This policy does not form a contract but provides the basis for our information obligations under data protection law. We may update the policy from time to time; the revision date below will be updated accordingly.
Revision date: 16 October 2025