Privacy policy
1. INTRODUCTION
In this privacy policy, you can read about how Howden Denmark A/S (hereinafter "Howden Denmark") and its subsidiaries in the Howden Denmark group process your personal data in a variety of situations. The individual companies are required to provide you with this information in accordance with the General Data Protection Regulation (GDPR).
2. DATA CONTROLLER AND OUR RELATIONSHIP WITH YOU
The individual companies in the group process personal data in various situations, which are described in more detail below. For each processing purpose, it is specified which companies within the Howden Denmark group are the data controllers responsible for processing your personal data.
In cases where Howden Denmark is the data processor, Howden Denmark acts under the instruction of the data controller and in accordance with a data processing agreement. This privacy policy does not apply in these cases.
If you have any questions regarding the processing of your personal data, you can contact us via email at GDPR.
3. PROCESSING OF YOUR PERSONAL DATA
The individual companies in the group process personal data in different situations and for various purposes. In the table below, you can learn more about which personal data is processed for which purpose, the legal basis for the processing, how long the information is retained, and which company is the data controller in each situation. Additionally, you can read about the recipients of your personal data.
3.1 Cookiepolicy
Purpose
Ensure the functionality of the website and optimize its design, user-friendliness, and efficiency, including analyzing which information is most popular and therefore should be easy to find.
Data
Information about the use of the website, including navigation on the site, timestamps, what is clicked, pages/content visited, browser type, search terms, IP address, device type information (computer, smartphone, etc.), and the features used.
Legal Basis
Under cookie regulations, we can only set statistical and analytical cookies if consent is given. We also obtain consent to process the mentioned personal data, pursuant to GDPR Article 6(1)(a).
Personal data processed in connection with cookies necessary for the functionality of the website is processed based on GDPR Article 6(1)(f), as we pursue our legitimate interest in ensuring the website's functionality.
Storage Duration
The information collected about your use of the website is deleted according to our cookie policy. The individual expiration dates are listed, and you can also read more about how to delete cookies yourself.
Data Controller
Howden Denmark A/S.
CVR: 42248789
Nørgaardsvej 30
2800 Kongens Lyngby
---
Purpose
Track website visitors for marketing purposes, including displaying relevant ads (profiling).
Data
Information about the use of the website, including navigation on the site, timestamps, what is clicked, pages/content visited, browser type, search terms, IP address, device type information (computer, smartphone, etc.), and the features used.
Legal Basis
Under cookie regulations, we can only set marketing cookies if consent is given. We also obtain consent to process the mentioned personal data, pursuant to GDPR Article 6(1)(a).
Storage Duration
The information collected about your use of the website is deleted according to our cookie policy. The individual expiration dates are listed, and you can also read more about how to delete cookies yourself.
Data Controller
Howden Denmark A/S.
CVR: 42248789
Nørgaardsvej 30
2800 Kongens Lyngby
Third Parties
The individual company in the group may disclose personal data to third parties that place cookies on the website to help analyze website usage and user preferences, as well as to offer relevant content and advertisements to website users. Please refer to our cookie policy for further information.
Exchange with Group Companies
No personal data is exchanged with other companies in the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.2 Contacts at Companies, Including Business Customers
Purpose
Communication with business customers, suppliers, potential business customers, partners, and other relevant parties.
Data
Name and contact details, including email address, phone number. Possible affiliation with the specific company. Subject matter of the communication.
Legal Basis
GDPR Article 6(1)(f), as we pursue our legitimate interest in communicating with relevant contacts and responding to inquiries, etc.
Storage Duration
The information is generally deleted 12 months after the last contact or 12 months after the end of the financial year in which the relationship with the company ended.
Data Controller
The Howden Denmark company that the communication is with.
---
Purpose
Accounting obligations.
Data
Name and contact details, including email address, phone number. Possible affiliation with the specific company.
Legal Basis
GDPR Article 6(1)(c), as we are obligated to retain accounting material in which the relevant information is included.
Storage Duration
The information is generally deleted 5 years after the end of the financial year to which the material pertains.
Data Controller
The Howden Denmark company that issues the invoice.
Third Parties
The individual company in the group may disclose your personal data to insurance companies in connection with the establishment, modification, administration, and termination of insurance relationships, as well as in connection with assistance in claims and other insurance-related events. In such cases, you will receive specific information about which insurance companies are involved in relation to the agreements you or the company you represent have entered into with the individual company in the group or discussions the company has had with you or the company you represent.
The individual company in the group may disclose your personal data to public authorities when required by applicable law or as a result of court orders or inquiries from the police or other authorities.
Exchange with Group Companies
Your personal data may be exchanged with other companies in the Howden Denmark group to offer better-tailored products and services. Additionally, your personal data may be shared with other companies in the Howden Denmark group if you have contacted one company and your inquiry is better addressed by another company within the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.3 Private insurance
Purpose
Advising individuals on insurance, including providing quotes.
Data
Name, email address, phone number, vehicle details, CPR number, and information regarding insurance, including existing and possibly future coverage (the latter when providing a quote).
Legal Basis
The legal basis for the processing is GDPR Article 6(1)(b), as the processing is necessary for the performance of a contract to which you are a party or for the implementation of measures taken at your request prior to entering into a contract. The legal basis for processing the CPR number is the Data Protection Act § 11(2)(1), in accordance with the Insurance Distribution Act.
Storage Duration
If you are a customer, the information will be deleted 12 months after the end of the financial year in which the customer relationship ended. If the information is processed in the context of providing a quote, it will be deleted 12 months after the last contact.
Data Controller
Howden HD Forsikringsagentur ApS
CVR: 28115172
Nørgaardsvej 30
2800 Kongens Lyngby
---
Purpose
Handling of insurance claims (property damage).
Data
Name, email address, phone number, information regarding insurance, vehicle details, and specific details of the claim. CPR numbers are also processed for customers.
Legal Basis
The legal basis for the processing is GDPR Article 6(1)(b), as the processing is necessary for the performance of a contract to which you are a party. The legal basis for processing the CPR number is the Data Protection Act § 11(2)(1), in accordance with the Insurance Distribution Act. If you are a party to a case, we process your personal data based on GDPR Article 6(1)(f), as we pursue our legitimate interest in communicating with the relevant parties in the case.
Storage Duration
The information will be deleted 5 years after the end of the financial year in which the claim is concluded.
Data Controller
Howden HD Forsikringsagentur ApS
CVR: 28115172
Nørgaardsvej 30
2800 Kongens Lyngby
---
Purpose
Accounting obligations.
Data
Name and contact details, billing information, and insurance details.
Legal Basis
GDPR Article 6(1)(c), as we are obligated to retain accounting material in which the relevant information is included.
Storage Duration
The information will be deleted 5 years after the end of the financial year to which the material pertains.
Data Controller
Howden HD Forsikringsagentur ApS
CVR: 28115172
Nørgaardsvej 30
2800 Kongens Lyngby
Third Parties
Each company in the group may disclose your personal data to insurance companies in connection with the establishment, modification, administration, and termination of insurance contracts, as well as in connection with assistance in the event of claims and other insurance-related events. You will receive specific information about which insurance companies, etc., are involved in relation to the agreements you have entered into with the individual company or discussions we have had with you. The individual company in the group may also disclose your personal data to public authorities if required by applicable law or as a result of court orders or inquiries from the police or other authorities.
Exchange with Group Companies
Your personal data may be exchanged with other companies in the Howden Denmark group in order to offer you better tailored products and services. In such cases, your consent to this exchange will be obtained in advance. Additionally, your personal data may be shared with other companies in the Howden Denmark group if you have contacted one company, and your inquiry is better answered by another company within the group.
Data Processors
Each company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.4 Mortgage Credit – Individuals
Purpose
Advising on mortgage credit, including providing quotes.
Data
Name, address, email address, phone number. Personal financial information, including bank details, and information about the household. CPR number is also processed.
Legal Basis
The legal basis for the processing is GDPR Article 6(1)(b), as the processing is necessary for the performance of a contract to which you are a party or for the implementation of measures taken at your request prior to entering into a contract. The legal basis for processing the CPR number is consent pursuant to the Data Protection Act § 11(2)(2).
Storage Duration
If you are a customer, the information will be deleted 5 years after the end of the financial year in which the customer relationship ended. If the information is processed in the context of providing a quote, it will be deleted 12 months after the last contact. The information will be deleted 5 years after the end of the financial year to which the material pertains.
Data Controller
Howden Realkreditrådgivning ApS
CVR: 27077048
Nørgaardsvej 30
2800 Kongens Lyngby
---
Purpose
Accounting obligations
Data
Name and contact details, billing information, and service details.
Legal Basis
GDPR Article 6(1)(c), as we are obligated to retain accounting material in which the relevant information is included.
Storage Duration
The information will be deleted 5 years after the end of the financial year to which the material pertains.
Data Controller
Howden Realkreditrådgivning ApS
CVR: 27077048
Nørgaardsvej 30
2800 Kongens Lyngby
Third Parties
We may disclose your personal data to your bank or mortgage institute if necessary in connection with advice or offers related to mortgage credit. We disclose your personal data to public authorities when required by applicable law or as a result of court orders or inquiries from the police or other authorities.
Exchange with Group Companies
The individual company in the group does not share personal data with other companies within the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.5 Direct marketing
Purpose
Processing of information in order to send newsletters (direct marketing).
Data
Name, email address, and affiliation with the company.
Legal Basis
GDPR Article 6(1)(a), as we obtain consent for the processing of the information at the same time as the consent for receiving newsletters in accordance with the Marketing Act.
Storage Duration
The information is processed as long as the consent is valid. Information about the name and email address is stored for up to 2 years after the last use (sending of the newsletter) in order to document compliance with the Marketing Act.
Data Controller
Howden Denmark A/S.
CVR: 42248789
Nørgaardsvej 30
2800 Kongens Lyngby
---
Purpose
Storage of consent for documentation purposes.
Data
Name, email address, and affiliation with the company.
Legal Basis
GDPR Article 6(1)(f), as we pursue our legitimate interest in being able to document that consent has been obtained in accordance with the Marketing Act and the practices of the Danish Consumer Ombudsman.
Storage Duration
Consent is stored as long as it is used and for up to 2 years after it was last used, in order to document our compliance with the Marketing Act.
Data Controller
Howden Denmark A/S.
CVR: 42248789
Nørgaardsvej 30
2800 Kongens Lyngby
Third Parties
The individual company in the group does not disclose personal data to third parties.
Exchange with Group Companies
The individual company in the group does not share personal data with other companies within the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.6 Recording of Phone Calls
Purpose
Recording of phone calls for the documentation of agreements made regarding mortgage advice.
Data
Name, information about the customer relationship or potential customer relationship, and the content of the phone call.
Legal Basis
The legal basis for the processing is GDPR Article 6(1)(f), as the processing is necessary for us to pursue our legitimate interest in acting quickly and documenting your consent, and because the content of the phone calls cannot be documented in any other way without significant practical difficulties.
Storage Duration
Recorded phone calls are deleted no later than 3 months after the call.
Data Controller
Howden Realkreditrådgivning ApS
CVR: 27077048
Nørgaardsvej 30
2800 Kongens Lyngby
Third Parties
The individual company in the group does not disclose personal data to third parties.
Exchange with Group Companies
The individual company in the group does not share personal data with other companies within the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.7 Implementation of Legal Customer Due Diligence (KYC) Procedures
Purpose
Compliance with obligations under anti-money laundering legislation (in relation to life insurance and other investment-related products).
Data
Identification information, including name and CPR number, as well as information contained in identification documents (passport, driver’s license) received from the individual. Information about political affiliation (for politically exposed persons) and information about the spouse, registered partner, cohabitant, or parents and children, and their spouses, registered partners, or cohabitants (close relatives of politically exposed persons).
Legal Basis
GDPR Article 6(1)(c), as we are obligated to process the information under Chapter 3 of the anti-money laundering legislation. We process the CPR number under the Data Protection Act § 11(2)(1), as we are obligated to process the CPR number under Chapter 3 of the anti-money laundering legislation. If information regarding political affiliation is processed, it is based on GDPR Article 9(2)(g), in conjunction with Article 6(1)(c), as we are obligated to process the information under Chapter 3 of the anti-money laundering legislation.
Storage Duration
Personal data collected in connection with the implementation of mandatory KYC procedures will be deleted 5 years after the termination of the business relationship.
Data Controllers
Howden Denmark A/S
CVR: 42248789
Nørgaardsvej 30
2800 Kongens Lyngby
Howden Pensionsmægler ApS
CVR: 35892974
Nørgaardsvej 30
2800 Kongens Lyngby
Howden Pensionsagentur A/S
CVR: 31633869
Vandmanden 10A
9200 Aalborg SV
Third Parties
The individual company in the group discloses your personal data to public authorities when required by applicable law, including for example the Financial Supervisory Authority, or as a result of court orders or inquiries from the police or other authorities.
Exchange with Group Companies
The individual company in the group does not share personal data with other companies within the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.8 Liability damages
Purpose
Processing of liability claims, including personal injury claims.
Data
Name, address, email address, phone number, CPR number, health information, and details about the nature of the injury.
Legal Basis
The legal basis for the processing is GDPR Article 6(1)(f), as the processing is necessary for us to handle the compensation claims filed against our clients. If it is necessary to process CPR numbers in personal injury cases, the basis for this processing is your consent pursuant to the Data Protection Act § 11(2)(2). If it is necessary to process health information in personal injury cases, we process health information based on consent pursuant to GDPR Article 9(2)(a), in conjunction with GDPR Article 6(1)(a).
Storage Duration
The information will be deleted 5 years after the end of the financial year in which the insurance case is concluded.
Data Controller
Howden Forsikringsmægler A/S
CVR: 34890285
Dokken 10
6700 Esbjerg
Third Parties
The individual company in the group may disclose your personal data to insurance and pension companies in connection with the establishment, modification, administration, and termination of insurance and pension relationships, as well as in connection with assistance in claims and other insurance and pension-related events. In such cases, you will receive specific information about which insurance and pension companies are involved in relation to the agreements you have entered into with the individual company or discussions the company has had with you. The individual company in the group may disclose your personal data to public authorities when required by applicable law, or as a result of court orders or inquiries from the police or other authorities. Additionally, the individual company may disclose information to the Danish Labour Market Insurance (AES) and the Danish National Social Appeals Board (Ankestyrelsen).
Exchange with Group Companies
The individual company in the group does not share personal data with other companies within the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
3.9 Pension advice
Purpose
Advising clients' employees on pension solutions, pension savings, and insurance (health insurance, dental insurance, disability insurance, etc.).
Data
Name, email address, phone number, job title, company name, CPR number, salary information, information about pension solution choices and life insurance. In some cases, health information, including any details about loss of earning capacity, is processed for the purpose of advising on the establishment of insurance and pension agreements.
Legal Basis
The legal basis for the processing is GDPR Article 6(1)(f), as we pursue our legitimate interest in providing advice on pension solutions. The legal basis for processing the CPR number is the Data Protection Act § 11(2)(2). Health information is processed based on consent pursuant to GDPR Article 9(2)(a), in conjunction with GDPR Article 6(1)(a).
Storage Duration
Information about the client’s employees is generally deleted 3 years after the end of the financial year in which the relationship with the client ended.
Data Controller
Howden Pensionsagentur A/S
CVR: 31633869
Vandmanden 10A
9200 Aalborg SV
Third Parties
The individual company in the group may disclose your personal data to insurance and pension companies in connection with the establishment, modification, administration, and termination of insurance and pension relationships, as well as in connection with assistance in claims and other insurance and pension-related events. In such cases, you will receive specific information about which insurance and pension companies are involved in relation to the agreements you have entered into with the individual company or discussions the company has had with you. The individual company in the group may disclose your personal data to public authorities when required by applicable law or as a result of court orders or inquiries from the police or other authorities.
Exchange with Group Companies
The individual company in the group does not share personal data with other companies within the group.
Data Processors
The individual company in the group may entrust personal data to data processors who, among other things, host, develop, and provide support for IT systems. Such data processors may be other companies within the Howden Denmark group or external suppliers.
4. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES
When the individual companies within the Howden Denmark group use certain data processors and other partners, personal data will be transferred to recipients located in so-called third countries. Unless the third country has been approved by the European Commission as having an adequate level of protection (including companies located in the USA that are covered by the EU-U.S. Data Privacy Framework), the basis for transfer will be the European Commission’s Standard Contractual Clauses.
The individual companies in the Howden Denmark group transfer personal data to recipients located in the USA, which are covered by the EU-U.S. Data Privacy Framework.
If you wish to obtain further information about the transfer of personal data to third countries, including information about the specific transfer basis, you can contact us via email at GDPR.
5. YOUR RIGHTS, ETC.
Under GDPR, you have a number of rights in relation to our processing of information about you. If you wish to exercise your rights, you can contact us via email at GDPR.
Your rights include:
Right to access (right of access): You have the right to access the information we process about you, as well as a number of additional details. Right to rectification: You have the right to have inaccurate information about yourself corrected. Right to erasure: In certain cases, you have the right to have information about you deleted before the general deletion time occurs. Right to restriction of processing: In certain cases, you have the right to restrict the processing of your personal data. If you have the right to restrict processing, the data controller may only process the data—other than for storage—with your consent, or to establish, exercise, or defend legal claims, or for the protection of a person or important societal interests. Right to object: In certain cases, you have the right to object to our otherwise lawful processing of your personal data. This includes the right to object at any time to the processing of your personal data for marketing purposes, including the processing of personal data to target our newsletters at you. Right to data portability: In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have this personal data transferred from one data controller to another without hindrance.
You can read more about your rights in the Danish Data Protection Authority’s guide on the rights of data subjects, which you can find on their website.
6. RIGHT TO WITHDRAW CONSENT
If you no longer wish to receive our newsletters, you can withdraw your consent by clicking the "Unsubscribe" link at the bottom of the newsletter you receive.
Consent to cookies can be changed via the link in our cookiepolicy.
You can also withdraw your consent in other cases where your data is processed based on your consent. If you wish to do so, you can contact us via email at GDPR.
If you choose to withdraw your consent, this does not affect the lawfulness of the processing of your personal data based on your previous consent up until the time of withdrawal. Therefore, if you withdraw your consent, it will only take effect from that moment forward.
7. CHANGES TO THE PRIVACY POLICY
We continually review and update this privacy policy. The privacy policy was last updated on November 21, 2024.
8. COMPLAINT TO THE DATA PROTECTION AUTHORITY
You have the right to file a complaint with the Danish Data Protection Authority if you are dissatisfied with how the individual companies handle your personal data. You can find the contact information for the Data Protection Authority on their website.
9. CONTACT INFORMATION
If you have any questions about the processing of your personal data by Howden Denmark, you can contact us via email at GDPR.
10. INFORMATION ABOUT COMPANIES IN THE HOWDEN DENMARK GROUP
Company | CVR-number and address |
Howden Danmark A/S | Nørgaardsvej 30
2800 Kgs. Lyngby
CVR-number: 42248789 |
Howden Forsikringsmægler Ejendomme A/S | Nørgaardsvej 30
2800 Kgs. Lyngby
CVR-number: 15700246 |
Howden Forsikringsmægler A/S | Dokken 10, 3
6700 Esbjerg
CVR-number: 34890285 |
Howden Brand- og Risikorådgivning ApS | Seminarievej 6A, 1
6760 Ribe
CVR-number: 41154896 |
Howden Realkreditrådgivning ApS | Nørgaardsvej 30
2800 Kgs. Lyngby
CVR-number: 27077048 |
Howden Financial Advisory ApS | Nørgaardsvej 30
2800 Kgs. Lyngby
CVR-number: 39374773 |
Howden Pensionsagentur A/S | Vandmanden 10A
9200 Aalborg SV
CVR-number: 31633869 |
Howden Pensionsmægler ApS | Nørgaardsvej 30 2800 Kongens Lyngby CVR-number: 35892974 |
Howden Forsikringsagentur A/S | Navervej 16A 7451 Sunds CVR-number: 32841341 |
Howden HD Forsikringsagentur ApS | Nørgaardsvej 30
2800 Kongens Lyngby
CVR-number: 28115172 |
11. RULES
The rules that apply to Howden Denmark A/S and its subsidiaries are found in: