Policy for processing of personal data

Last updated: November 28, 2025

1. SOLID INSURANCE’S PROCESSING OF PERSONAL DATA UNDER THE GDPR

For the processing of your personal data, Solid Försäkringsaktiebolag (516401-8482) (“Solid Insurance”) is the data controller. This means that it is our responsibility to ensure that the processing is carried out securely and in accordance with applicable laws and regulations.

2. COLLECTION OF PERSONAL DATA

When you become a customer, or show an interest in becoming a customer, of Solid Insurance, you will be asked to provide certain personal data about yourself such as name, address, personal identity number, email address, telephone number, employment information, age, gender, general insurance information such as insurance number, sum insured, etc., and insurance-type information relating to the specific insurance product, such as information about property or a person depending on which insurance has been taken out or which registration has been made.

We may also need to process special categories of personal data (sensitive data), such as health data, for example to assess entitlement to insurance compensation under an insurance agreement, or data relating to criminal offences, such as reports of suspected insurance fraud or claims against the party causing the damage.

The data is normally collected directly from you, but may also be obtained from one of our partners, an insurance intermediary, or your employer. The data may also be collected, supplemented and updated from public authority registers or other private and public registers. We may also obtain information from external information services, such as when updating name and address data via registry companies, for example SYNA.

3. PURPOSES OF THE PROCESSING OF PERSONAL DATA

Solid Insurance processes personal data for the purposes set out below in this section. These are processing activities that are necessary in light of the purposes stated below.

Preparation and administration of agreements (entering into or performance of a contract)

The primary purpose of Solid Insurance’s processing of personal data is to collect, verify and register personal data prior to entering into an agreement with you. The purpose is also to be able to provide advice on insurance and related services, such as for premium calculation, statistics and prevention of losses. The data is also processed to document, administer and perform agreements entered into. Your provision of necessary personal data is a prerequisite for Solid Insurance to be able to enter into an agreement with you and provide insurance.

Compliance with obligations under law, other regulations and/or authority decisions (legal obligation)

In connection with the section above (Preparation and administration of agreements), personal data is also processed so that Solid Insurance can comply with its obligations under law, other regulations and/or authority decisions. Examples of such processing include processing personal data to comply with requirements under the Swedish Insurance Contracts Act, the Swedish Bookkeeping Act, and legislation relating to risk management. Personal data may also be processed in connection with reporting to various authorities, such as the Swedish Tax Agency (Skatteverket), the Swedish Police Authority (Polismyndigheten), the Swedish Enforcement Authority (Kronofogdemyndigheten) and the Swedish Financial Supervisory Authority (Finansinspektionen).

Market and customer analyses, system development and marketing (legitimate interests)

Personal data is also processed within the framework of market and customer analyses and system development, as part of Solid Insurance’s business development, in order to improve Solid Insurance’s product offering and services to customers, and also to prevent, investigate and combat fraud and to cooperate with law enforcement authorities.

Personal data may also be processed as a basis for marketing. When processing is carried out for marketing purposes, profiling may also occur in order to target tailored offers to you (see more about Profiling in section 7).

If you have not requested a direct marketing block (see section 10, Objection to direct marketing below), your personal data may be used to target direct marketing and offers to you.

Consent to the processing of personal data

Where the lawful basis for processing personal data is consent, you or another data subject may give consent for the personal data to be processed for the purposes specified in the consent. If we rely on consent as the lawful basis for processing your personal data, you have the right to withdraw your consent at any time. Solid Insurance will then no longer have the right to process the data on the basis of consent. However, withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before the withdrawal.

In certain cases, sensitive personal data may be processed without consent. For example, Solid Insurance may process sensitive personal data when necessary for the establishment, exercise or defence of legal claims. Processing that takes place when we assess your entitlement to insurance compensation under your insurance agreement is therefore not based on consent, but instead on performance of a contract.

4. PERIODS FOR WHICH PERSONAL DATA IS RETAINED

Solid Insurance retains personal data only for as long as is necessary in light of the agreements, laws and rules applicable to insurance operations.

The personal data will be retained as long as there is a contractual relationship between you and Solid Insurance and for as long as you have the possibility to make claims under the agreement, i.e. the personal data will be stored during the term of the insurance agreement and the payout period, in accordance with statutory limitation periods.

In some cases, legislation requires Solid Insurance to retain the data for a longer period, for example in order to comply with applicable bookkeeping legislation (7+ the current year) and limitation periods (10 years). The data may also be retained under rules on insurance distribution (at least 11 years).

If you do not enter into an agreement with Solid Insurance, your personal data is retained for a maximum of three months.

5. PROCESSING OF PERSONAL DATA BY PARTIES OTHER THAN SOLID INSURANCE

For the purposes stated above, we may need to disclose personal data about you to others in their capacity as our data processor or in their capacity as a separate data controller. Within the limits of applicable confidentiality rules, processing of the personal data may take place: 1) by companies with which the Company cooperates, inter alia to perform its services, for example claims handling, risk assessment, reinsurance and various analyses; 2) by other insurance companies where these, by virtue of insurance or law, also have responsibility, or where it is necessary for our investigations; 3) by authorities such as the police authority; 4) by insurance intermediaries and others who have a power of attorney from you to receive information about you and your insurances; 5) by authorities, courts and insurance boards in the event of a dispute or other review, or where they otherwise have legal support to process the personal data. The lawful basis for the processing is stated above under Purposes of the processing of personal data.

6. AUTOMATED DECISION-MAKING

In certain cases, Solid Insurance uses automated decision-making. This may occur, for example, when you use Solid Insurance’s online services to obtain premium information and for certain claims handling. When you use our online services to take out insurance, we process your data to automatically calculate your price in relation to the risk, based on our premium tariffs in force at any given time. When you use our online services to report and settle an insurance claim, we may sometimes provide you directly with an automated decision on your compensation. This may occur for certain types of insurance where your case is uncomplicated. The compensation is then calculated automatically based on the terms and conditions of the insurance. The lawful basis for these processing activities is entering into or performance of a contract.

If you do not wish to use our online services, you can always contact Solid Insurance’s customer service via email or telephone to purchase your insurance through a case handler or have your claim handled.

If you have received a decision that is based solely on automated decision-making, you can contact Solid Insurance’s customer service via email or telephone and have your case handled manually by a case handler, for example to express your views or challenge the decision if it would produce legal effects or in a similarly significant way affect your situation.

7. PROFILING

Profiling means automated processing of personal data used to evaluate certain personal aspects of a natural person. Solid Insurance’s use of profiling takes place in particular to personalise the customer experience, to obtain statistics for analysis, or to predict expected behaviour. The lawful basis for these processing activities is Solid Insurance’s legitimate interest in processing personal data, among other things to ensure that you are offered the right insurance, to avoid you receiving unnecessary information, and to identify which products and services you may be most interested in. You have the right to object to profiling relating to direct marketing. You can do this by contacting Solid Insurance’s customer service by telephone on 0771-113 113 or by writing to kunder@solidab.se.

8. TRANSFERS TO THIRD COUNTRIES

In certain limited cases, Solid Insurance may “transfer or share personal data with insurance companies, healthcare providers, companies or authorities outside the EU/EEA (so-called third countries), such as if you, while travelling abroad, request compensation under the travel cover of your travel insurance. In such cases, Solid Insurance takes measures to ensure that your personal data is handled securely and with an adequate level of protection comparable to, and on the same level as, the protection offered within the EU/EEA.

9. YOUR RIGHTS

Below we describe your rights as a customer of Solid Insurance or as otherwise registered with us. The rights follow from the GDPR.

Right of access (data extract)

You have the right to obtain information about which personal data Solid Insurance processes about you (data extract). A prerequisite for granting access is that Solid Insurance can identify you in a secure manner so that unauthorised persons are not given access to your data.

Right to rectification

You have the right to have inaccurate personal data about you rectified and also to have the personal data completed if it is incomplete.

Right to data portability

You can also request an electronic copy of the information showing which personal data you have provided to Solid Insurance and which we process electronically. You may request that the data be transferred to another controller, where technically feasible. The right to data portability applies where our processing is based on your consent or where processing is necessary for the performance of a contract with you. A request for data portability is made in the same way as a request for access and, as in that case, it is necessary that Solid Insurance can identify you in a secure manner so that unauthorised persons are not given access to the personal data.

Right to restriction or right to be forgotten

Under certain conditions, you have the right to request that the processing of your personal data be restricted. Likewise, in certain cases you have the right to request that we erase your personal data. In most cases, however, our processing is based on an insurance contract with you, and we cannot then erase data that we need to fulfil or demonstrate our contract with you. In some cases, other legislation also means that Solid Insurance cannot always immediately erase your personal data. For example, Solid Insurance is required to retain part of your personal data for a certain period in order to comply with legal requirements and rules on, for example, bookkeeping, limitation periods and insurance distribution.

Right to object

You have the right to object to Solid Insurance’s processing of your personal data when the processing is based on our legitimate interests, such as direct marketing.

If you wish to exercise any of your rights above, or have questions about the handling of your personal data, you can contact Solid Insurance using the contact details below in section 12, Questions about the processing of personal data.

10. OBJECTION TO DIRECT MARKETING

You can contact Solid Insurance to request a block against direct marketing (so-called direct marketing opt-out). This means that your personal data will not be processed for marketing purposes and marketing will not be sent to you. Requests for such blocking are made to Solid Insurance’s customer service by telephone on 0771-113 113 or to kunder@solidab.se.

11. SPECIFICALLY ABOUT TELEPHONE CALLS

Solid Insurance may record telephone calls, store email, or otherwise document your interaction and communication with Solid Insurance. Telephone calls may also be monitored by someone other than the employee you are speaking to on the phone.

Recording and monitoring of telephone calls is carried out, among other things, in order to comply with legal obligations, since the Insurance Distribution Act sets requirements for employees’ knowledge and competence. Through recording and monitoring, Solid Insurance can quality-assure employees’ development. Recording also takes place to improve the customer experience and to document contractual agreements.

If Solid Insurance records telephone calls, you will be informed immediately in connection with the recording, about the recording and its purpose.

Telephone calls that are recorded in connection with contact with Customer Service are retained for three months.

12. QUESTIONS ABOUT THE PROCESSING OF PERSONAL DATA

If you have questions about the processing of personal data, please contact Solid Insurance as follows:

Data Protection Officer (DPO), Solid Insurance
Telephone: + 46 42 623 60 00
Email: dpo@solidab.se
Address: Solid Insurance
Box 22068
SE-250 22 Helsingborg

You may also contact the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) with a complaint.

Integritetsskyddsmyndigheten (IMY)
Box 8114
104 20 Stockholm

For more information about how Solid Insurance processes personal data, see Solid Insurance’s website www.solidab.se