Processing of personal data and digital communications
Your personal data will be treated as confidential to ensure they are not disclosed to any unauthorised third parties, for instance when you enter your data on our website.
You should never send personal or confidential information such as your CPR number or health information in files attached to an unencrypted e-mail.
Your digital mailbox
Communications concerning your pension scheme are mostly digital and provided through your mailbox on this website. The advantage of using this mailbox for communication purposes is that your personal data are protected insofar as all correspondence takes place within a closed and secure forum. We therefore recommend that all communications and contact be made through your digital mailbox (requires login using MitID).
You can access the documents in your digital mailbox for one year after your pension scheme with us has been terminated or moved, whereupon access to the documents will be cut off. It is therefore important that you download or copy any documents you wish to keep within one year after your pension scheme has been terminated or moved.
You can also contact us by using the contact form on the website. Personal data sent through the contact form are transferred in encrypted form (through https).
Information received from the website is treated as confidential in line with the other personal data we have registered.
Providing your e-mail address
By entering your e-mail address on our website, you give us consent to:
- Register your e-mail address and use it going forward to notify you when you have new mail in your digital mailbox.
- If you also consent to this, we may use your e-mail address to notify you of news concerning your pension scheme, including to send you newsletters on, for instance, improved pension options or information about new legislation that may affect your pension benefits.
We will use your e-mail address subject to applicable legislation. We will not disclose or sell your e-mail address to any third party. You may notify us at any time if you do not wish your e-mail address to be registered, or if it needs to be changed, for instance if you have a new e-mail address. You can do so by logging on to the website.
The digital platform
We use up-to-date digital IT solutions and systems for purposes of managing your pension scheme, including in connection with case processing and the provision of consulting services. If we need you to provide information or fill in forms using our digital solutions, we will provide you with written instructions. We will also inform you of cooling-off periods and other terms and conditions of the agreement. It is important that you read and follow the instructions throughout the process and notify us of any technical problems or questions you may have.
The administration of your pension scheme is subject to the legislation applying to financial businesses, including the personal data protection rules of the General Data Protection Regulation (GDPR), the Danish Data Protection Act and the Danish Financial Business Act.
All our employees are subject to a duty of confidentiality concerning your and other persons’ personal data and may not disclose or communicate such data without authorisation.
Collecting, processing and disclosing personal data
ISP is the data controller in respect of your personal data, while Sampension Administrationsselskab A/S, which manages your pension scheme on behalf of ISP, is the data processor in this respect.
We collect and process personal data to:
- set up and manage pension schemes and insurance covers and pay related benefits in accordance with individual or collective agreements; and
- perform the services included in a pension scheme, such as consulting and investment services, customer service, administration, statutory reporting, prevention and remedy of problems with our pension or insurance solutions, including testing, development of new products and services, statistical purposes and marketing.
The personal data concern your financial situation, including your pension contributions, health information and other information required for us to be able to provide you with a pension scheme.
The data will be collected from your employers, you, public authorities – including the Civil Register – insurance brokers and, where relevant, representatives of an insurance group.
The legal basis for processing your personal data is laid down in on or more of the following provisions:
- GDPR Articles 6.1.a and 9.2.a (consent for specific purposes)
- GDPR Article 6.1.b (processing necessary for the performance of a contract)
- GDPR Article 6.1.c (processing necessary for compliance with a legal obligation)
- GDPR Article 6.1.f (necessary for the pursuit of a legitimate interest)
- GDPR Article 9.2.f (necessary for the establishment, exercise or defence of a legal claim)
The legitimate interests referred to above include the processing of your data for purposes of providing pension services to you.
We need to process information about your CPR number in order to meet our obligations under the Danish Anti-Money Laundering Act and Danish tax legislation.
The processing of other personal data is required in order for us to provide the pension services included in your pension scheme. These data include information about your beneficiaries.
We disclose customer data to Sampension Administrationsselskab A/S because this is necessary in order for us to provide administrative services and advice about your pension scheme.
We will not collect and disclose information about your health or other social and purely private matters to any third party without your explicit consent.
We will only disclose data to third parties if the disclosure is legitimate, you have given your consent to the disclosure, or we are legally obliged to do so for reasons of, for instance, reporting to public authorities, including the tax authorities.
We will not make any decisions affecting you as a data subject based solely on automatic processing, including profiling. We will use profiling in connection with marketing activities if you have given your consent. For more information on how we use profiling, see box below.
You may withdraw your consent to the processing of your personal data at any time. If the processing is based exclusively on your consent, we may no longer process the data in question after your withdrawal.
To the extent that we use external data processors, this will be regulated by a data processor agreement in order to ensure that your data are processed in compliance with applicable legislation. A data processor is an enterprise processing data/information on behalf of Sampension. The purpose of a data processor agreement is to provide the supplier with descriptions/instructions.
Such external data processors comprise:
- IT vendors (including certain types of software and support agreements as well as hosting and cloud-based solutions)
- Insurance subcontractors (e.g. Dansk Sundhedssikring and Forenede Gruppeliv)
- Providers of shredding, printing and security solutions
For more information on our use of external data processors, see box below.
We will retain your personal data for as long as is necessary to provide pension services to you and for a period thereafter fixed on the basis of the statute of limitations and counted from the end of the customer relationship. After such time, our only data on you will be information on when you left us as a customer.
Access to data
You can request access to the data we have registered about you at any time. You can do so by contacting us. Having exercised this right, you may subsequently exercise your other rights, including the rights to rectification, erasure and restriction of processing of your personal data.
If we are not able to respond to your request within a month, we will inform you of the reason and let you know when you may expect a response. If you have a complaint about the way in which we process your personal data, you may contact the Danish Data Protection Agency at datatilsynet.dk. However, we hope that in the first instance you will contact our data protection officer at firstname.lastname@example.org so that we can try to repair matters right away. You can also contact our data protection officer directly at email@example.com if you have any questions regarding our processing of personal data.
Our guidelines for the processing of personal data are reviewed on an ongoing basis. You may access our applicable guidelines at any time on this site.