“Personal Data” is information or pieces of information that could allow you to be identified. For example:

• Medical information
• Claims data (e.g. incident data or treatment)
• Name and contact details (e.g. postal and email address, telephone number)
• Country of residence
• Birth date
• Bank account details
• Technical information, e.g. screen/user name, IP address, browser and device data, information collected through cookies, pixel tags and other technologies, server log file data, app usage data and location data

How do we collect Personal Data?

We collect Personal Data in a variety of ways:

• Directly from you: Information is collected directly from you, either by you providing the information directly to us or you acting in a manner that provides us with the information, for example:
  • Offline: We collect Personal Data from you offline, for example when you contact customer service or our claims agents or provide information to us in writing.
  • Online: We collect Personal Data through your use of our web applications. When you use one of our web applications, and to the extent allowed by your privacy settings in the application, we track and collect application usage data, such as the date and time the application on your device accessed our servers and what information and files have been accessed through the application together with your device number.
• From our corporate affiliates, service partners, assistance providers or claim agents: Our corporate affiliates may provide us with Personal Data before, during and after you take part of a program. We work with claims agents and assistance providers, including but not limited to Aetna Student Health and Falck Global Assistance, who may provide Personal Data to us in connection with the checking of eligibility or handling of an insurance claim. We also work with service partners for e.g. customer service.

How do we use Personal Data?

Your Personal Data will be processed by Erika for the purposes of providing you with travel insurance coverage, including checking your insurance eligibility, administering medical assistance and processing insurance claims; for customer service; administrative services or as otherwise necessary to fulfil our obligations towards you.

How do we share Personal Data?

We share your Personal Data with our corporate affiliates, claims agents and assistance providers, business partners, policy holders and insurance and reinsurance companies both within and outside the EEA/Switzerland. Such service providers are contracted by Erika or our corporate affiliates and subject to the same data protection provisions as Erika itself.

• We have put appropriate safeguards in place for transfers of your Personal Data outside the EEA/Switzerland, including the standard data protection clauses adopted by the European Commission, according to article 46 of the Data Protection Regulation (EU 2016/679), available at https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914. For more information on standard data protection clauses in place, please see the contact section below.
• We also share Personal Data as we believe to be necessary: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions or a contract; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

On what do we base our right to collect and use Personal Data?

We base our right to collect and use your Personal Data on the need to do so in order to provide you with the information and service necessary to fulfil our insurance obligations towards you and to fulfil our legal obligations. We also process sensitive data. The lawfulness of processing sensitive data is based on our obligations towards you or to fulfil our legal obligations in accordance with Article 9, 2 b) of the Data Protection Regulation (EU 2016/679). Read more under “6. Sensitive data”.

For the purpose of a secure identification Erika has to process your personal identity number. A secure identification is such significant reason on which we base our processing according to Chapter 3, section 10-11 of the Swedish Act containing supplementary provisions to the EU General Data Protection Regulation (SFS2018:218).

We use appropriate organizational, technical and administrative measures to keep the Personal Data under our control accurate and up-to-date, as well as to protect the Personal Data against unauthorized or unlawful processing and the accidental loss, destruction or damage of the Personal Data.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section.

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site to which the Website contain a link. The inclusion of a link on the Website does not imply endorsement of the linked site by us or by our affiliates.

We will only keep your Personal Data for as long as it is necessary for the purposes for which it has been collected or in accordance with time limits stipulated by law and market practice, unless further retention is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims or unless a specific time period has been communicated.

We will keep limited parts of your Personal Data which are necessary until you withdraw your consent, but in no event for longer than 10 years after your last completed service.

If you are under the age of 16, you should review this text together with your parent or guardian to make sure you both understand them. We are not responsible for checking your age but sometimes we still do verification checks. If we learn that you are under the age of 16 and that we have collected information about you without consent from your parent or guardian, we will delete the information as soon as possible.

We may collect and use sensitive Personal Data regarding your health or medical conditions necessary to fulfil our insurance obligations towards you or to fulfil our legal obligations as a normal part of our operations. We do not generally seek to collect any sensitive Personal Data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, criminal background or trade union membership. In certain situations, this might however be necessary (for example in order to provide you with the services in relation to your insurance). We will make sure that we receive your explicit consent to such processing and treat this information securely.

Our Privacy Policy may change from time to time. We will not significantly reduce your rights under this Privacy Policy without informing you. We will post any Privacy Policy changes on this page and, prior to implementing such changes, we will provide a more prominent notice. Where required by law, we will seek your prior consent to any change.

You have a right to, once per calendar year, contact us and without cost find out which information about you that is being used. You have a right to receive your Personal Data in a machine readable format and you have a right to transfer your personal to another data controller if this is technically possible.

You have the right to, at any time, withdraw your consent or object to us using your Personal Data and you may at any time request that the use of your Personal Data is restricted or that we shall delete your Personal Data. Note however that a restriction or deletion could mean that we are not able to provide you with information, services or fulfil our obligations towards you as you have requested. Upon your request, we are also obliged to correct Personal Data about you that is incorrect, incomplete or misleading.

If you would like to have a copy of the information Erika holds about you; a copy of the standard data protection clauses or would like to exercise any of your rights, please contact us at the address Erika Försäkringsaktiebolag (publ), Swedish registration number No 516401-8581, P.O. Box 55569, SE-102 04 Stockholm, Sweden or call +46-8-58793220 or e-mail our data protection officer at dataskyddsombud@erikainsurance.com.

If you have complaints about our handling of your Personal Data, you have a right to contact the Swedish Authority for Privacy Protection (IMY), Box 8114, SE-114 20 Stockholm, Sweden or the supervisory authority in the country where you live.