You trust us with a lot of information, when using our services or interacting with us.
We take this responsibility seriously and handle all your personal information in accordance with best confidentiality practices and the applicable laws on data privacy, notably the European Union General Data Protection Regulation n°2016/679 (hereafter “GDPR”).
This privacy notice applies to any processing by us of your personal information, including information provided by visitors on all our websites, apps, through the use of If Digital Services (e.g. our websites, Mypages, If Mobile app, My Business, If Login, If Mobile App, Volvia etc.), as well as, processing of your information as our current or potential customer, employees, cooperation partners etc.
Who is responsible for your personal information?
If Skadeförsäkring AB, registration number 516401-8102, address: 106 80 Stockholm, Sweden also active through its branches in Norway, Finland, Denmark, Estonia and Latvia (“If”, “we”, “us”) is the data controller of all personal information relating to the property & casualty insurance operation.
If Liv AB registration number 516406-0252, address: 106 80 Stockholm, Sweden is the data controller of all personal information relating to the life insurance operation.
If you have any questions regarding the processing of your personal information, please contact our data protection team by writing to us as set out in section Your contact.
Your personal information rights
Your personal information rights and how to exercise them
What personal information do we collect?
Personal information that we collect is dependent on each individual relationship and/or the insurance product concerned. Different types of personal information will be held by and provided to us if you are a consumer insurance policyholder or claimant, compared to where you benefit from insurance coverage under an insurance policy taken out by another policyholder (for example, you are insured under a corporate policy taken out by your employer).
Likewise, we will hold and be provided with different personal information of you depending on if you are a commercial insurance broker or appointed representative, a website visitor, a witness, or another individual with whom we have a relationship with e.g. you are our cooperation partner or an employee or a potential employee. We may also receive personal information from official registers such as Statens personadressregister (”SPAR”), Vägtrafikregistret (”VTR”), Lantmäteriet and Fastighetsregistret as well as from our partners or other information marketing- and services companies (Dun & Bradstreet).
The personal information will often include information relating to:
- contact details;
- identification;
- administration of your insurance policy or a claim (which may include medical- or health information);
- financial information or other information relevant for your risk assessment;
- marketing preferences; or
- Use of If Digital Services.
Here you can find information categories and examples of information pieces to help you understand, what kind of information we collect (we very seldom collect all below information, it is only examples):
What personal data do we collect (pdf, 128 kb)
What personal information are used for what purpose?
We use personal information in almost everything we do as it enables us to carry out our business activities and to provide the best possible service to you. The purposes for which we use your personal Information will differ based on our relationship with you, including the type of communication between us and the services we provide to you.
The main purposes for which we use personal information are to:
A. Communicate with you and other individuals (marketing purpose please refer to H below).
B. Make assessments and decisions (automated and non-automated, including by profiling individuals) about: (i) the provision and terms of insurance (incl. underwriting) and (ii) settlement of claims. For this purpose, we record in- and outgoing calls to document what has been communicated.
Sometimes there is a lack of clarity about what has been communicated during a call, for example what has been said in a conversation about a claim or the purchase of insurance. In this case, we may need to listen to the conversation to clarify what was communicated.
Information about our call recording practices
C. Provide insurance-, claims- and assistance services, and other products and services which we offer by ourself or through partners, including repairshop- and towing services, medical assistance, claim assessment, administration, settlement and dispute resolution.
D. Process your premium and other payments.
E. Improve the quality of our products and services, for example providing staff training. An example of this is that we may sometimes record in- and outgoing calls for quality and education purposes in order to develop and ensure the quality of our business and to ensure that the business meets the requirements set out in law and other regulations, e.g. when a manager listens to an employee's call to give advice on how to improve our customer service.
Information about our call recording practice
Sometimes we also provide staff training through co-listening on phone call for the same purpose.
F. Prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks.
G. Carry out research and data analysis, including statistics and analysis of our customer base and other individuals whose personal information we collect, complete market research, including customer satisfaction surveys, and assess the risks faced by our business, in accordance with applicable law (including obtaining consent where required).
H. Provide marketing & Personalised experience; (i) provide marketing information in accordance with preferences you have told us or our partners about (marketing information may also include products and services offered by our partners subject to your expressed preferences). We may carry out marketing activities in accordance with your preferences by using email, SMS and other text messaging, post or telephone. (ii)
Personalised experience when you use If Digital Services or visit third party websites or social media by presenting information and advertisements tailored to you, identify you to an If employee to whom you send messages through the If Digital Services, and facilitate sharing on social media. You cand find more information under "Advanced analytics and advertising".
I. Manage our business operations and IT security and infrastructure, in line with our internal policies and procedures, including those relating to finance and accounting; billing and collections; IT systems operation; Tracking errors on customer service channel (incl. online behavioural data, to make sure our systems and services work as expected and intended); data and website hosting; data analytics; business continuity; records management; document and print management and Integrity and safety of services (e.g. internal audits, setting up incidents registers, warning systems).
J. Manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to personal information.
K. Comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to the conduct of insurance business, anti-money laundering, sanctions and anti-terrorism; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence).
L. Establish, enforce and defend legal rights to protect our business operations, and those of our group companies or partners, and secure our rights, privacy, safety or property, and that of our group companies or partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies and limit our damages.
M. Reinsurance, we reinsure most of our risks and can in limited cases share personal information with the reinsurer to reinsure those risks or to file a claim to the reinsurer.
The table below is a summary of the types of personal information used where necessary in connection with each main purpose described above. Personal information will only be processed for these purposes where permitted under applicable law.
What personal data is used for what purpose? (pdf, 162 kb)
Legal basis for using your personal information
The legal grounds on which we rely on for using your personal information, depend on the nature of- and on the purpose of the specific use. Please note that you are not obligated to disclose personal information to us.
However, in those cases in which the processing is based on the performance of a contract, we require your information to be able to fulfil our obligations. If you do not provide your personal information, there is a risk that we will not be able to provide you with our services.
Generally, we may be required to obtain personal information from you
- for the preparation, conclusion or for performance of an insurance contract with you (or someone else). For instance, information about the insured property and your belongings, risk related information provided prior contract is concluded, as well as any information provided during the claims handling process is processed lawfully based on this legal ground;
- for the purposes of legitimate interest of us or other third parties i.e. balancing interests. When balancing interests, we have determined that we have a legitimate interest in being able to perform the personal data processing, that the processing is necessary to achieve that purpose, and that our interest outweighs your right not to have your data processed for this purpose. Processing based on this ground takes place when we process your data to prevent fraud or to send to you as our customer marketing communication, customer satisfaction surveys or to maintain security of our IT systems; or when it is necessary to cooperate with our partners to provide you services related to your insurance;
- to protect your or another person's vital interest. An example would be for travel insurance in case of accident, when we exchange information with hospitals to proceed with necessary medical manipulations;
- for compliance with a legal obligation to which the controller is subject. For instance, we are required to submit data about your Compulsory Motor Third Party Liability insurance to the Motor Insurance Bureau;
- where you as an individual have given us consent to process your personal information, such as that pertaining to health claims, or you have consented to Advanced Analytics and Targeting.
The table below describes the main legal grounds that apply to our purposes for using your personal information.
Legal basis of using you personal data (pdf, 80 kb)
How long do we keep your personal information?
We keep your personal information as long as necessary to (i) fulfil the purposes for which it was collected, (ii) execute your insurance agreement or to take steps prior to entering into your agreement, or to (iii) fulfill our legal and regulatory obligations and requirements. The retention period of your personal information is, inter alia, dependent on the law for the particular type of potential claim, accounting law requirements and other factors.
Unnecessary or irrelevant personal information is deleted or made anonymous. The anonymised information may be used for statistical or other business legitimate purposes. As this information can no longer be associated with you and, as such, will not constitute personal information anymore. We reserve the right to retain and use such anonymous information.
The collected personal information will be retained according to the following table:
How long do we keep your personal data? (pdf, 139 kb)
How we use your information for automated decision-making
Automated decision-making means that we make decisions without our employees being involved based on information provided from you or collected from other sources (please refer below). We will always inform you in advance when we use automated decision-making, if those automated decisions can affect you significantly and of course also ask for your consent, if legally required (e.g. automated claims decisions involving health data).
You can always contact us and ask for a review of the decision, taking into account any additional information and circumstances that you provide to us.
We use automated decision making in our sales- and claims processes and hope that we in this way, can offer you a better and smoother service.
Insurance sales process
We use automated decision-making in our insurance sales processes. This means that your insurance premium is computed and decided by an algorithm and our system automatically informs you about the insurance premium we offer to you.
The automated decision is based on information about you (such as your age, where you live, your previous insurances and claims at If, your household or your financial data) and the object you want to insure (such as vehicle or building information from official registers, telematics data, vehicle manufacturer or repair shop information). That information affects your claims risk.
Your information is analysed statistically together with all our customers’ claims risk. The resulting algorithm determines if we expect your future claims risk to be higher or lower depending on the information above. Your insurance premium is set as a result of this automated decision-making and is based on all information together.
Automated decision-making can be used to determine which coverage we offer to you. An automated decision can limit the coverage offered to you in our digital channels depending on your vehicle or building information and your previous insurances and claims at If.
If you do not want us to make an automated decision or are not satisfied with the decision, you can contact us to buy an insurance with the help of a sales agent instead, or to ask us to review the decision.
Insurance claims handling
We use automated decision-making in our claims handling process as part of our If Digital Services. Automated decisions are based on the information given to us (including photographs) by you and/or obtained from other sources (for example repair shop information). Depending on the insurance type, various sources may be used, for instance calculated market value for a stolen item or vehicle manufacturers’ and repair shop calculations, which can be used to automatically calculate the right amount of compensation.
To calculate and to assess a claims decision if uses algorithms which will result in a decision to fully or partly compensate or even to reject your claim. You cannot object to such automated decision making, however, you can contact us and ask us to review the claims decision.
Analytics and marketing communication
How we may share your personal information with others
As a main principle, we do not sell, rent, distribute, or otherwise make your personal information available to any third party for marketing purposes. In connection with the purposes described above (see section above 'How do we use Personal Information), we sometimes need to share your personal information with third parties.
Such third parties may both be independent third party controllers (i.e. third parties that have their own purpose for handling your personal information, for example other insurers/reinsurers) or, data processors operating on behalf of us and for the abovementioned purposes only (for example service providers that allow us to administer your policy and provide our service to you or suppliers maintaining and supporting our IT systems).
We always take appropriate technical, physical, legal (data processing agreements) and organisational measures, which are consistent with applicable privacy and data security laws to protect your personal information. Any service providers are selected carefully and are required to use appropriate measures to protect the confidentiality and security of your personal information.
For example we may, before storing personally identifiable information (such as social security numbers or vehicle registration numbers),anonymise or pseudonymise the information so that individuals cannot be identified solely based on the stored information.
Depending on the insurance product concerned and nature of the information, your personal information may be disclosed to how we may share your personal information with others (pdf, 81 kb)
Where we process your personal information
Your personal information is primarily processed and stored within the territory of European Union and the European Economic Area. Due to the global nature of our business and to technological solutions, for the purposes set out above, in certain cases we may transfer personal information to parties located in other countries.
The level of protection of your personal information in such countries might be lower than the regulation within the territory of the European Union and the European Economic Area provides for. Therefore, such transfers will only be performed subject to appropriate safeguards required by applicable data protection laws, meaning only to countries deemed to have an “adequate level of protection” (as set out on the European Commission’s website) or with the use of the European Commission standard contractual clauses.
We will also take appropriate technical and organisational measures against unauthorised or unlawful processing of your personal information and against accidental loss or destruction of, or damage to, your personal information in accordance with our internal security procedures.
We regularly check our security policies and procedures to ensure our systems and our service provider’s systems secure and protected. Only the personnel of us, the service provider’s personnel who need to process your personal information for the purposes mentioned have access to your personal information.
You can always contact us for more detailed information of the transfers located outside the EU/EEA and what safety measures we have taken to ensure a high level of protection corresponding to the level of protection afforded by the GDPR.
Updates to your Privacy Notice
We think privacy is very important and we are constantly striving to become even better in being transparent and accountable in how we process your personal information. This notice may therefore be updated from time to time and all changes will be published on this website.
If an update of a processing activity of your data requires a notice or consent in accordance with applicable law, you will be notified or given the opportunity to give your consent. It is also important that you read this privacy notice every time you use any of our insurances or related services, as the processing of your personal information may differ from your previous use of the insurance/related service in question.
Your contact
If you have any questions concerning our handling of your personal information you may contact our Data Privacy Officer on DPO@if.se or our local representatives.
If you would like to receive a copy of the personal information we hold about you, a so called “data extract”, please send an e-mail to registerutdrag@if.se or send a letter to If Skadeförsäkring AB, Registerutdrag, 106 80 Stockholm.
More about privacy in local languages
This page was updated 29th of August 2025.