HRP Nordics Logo
Contact us

24/7 emergency number
+45 3525 0361

Privacy Policy

At Hanseatic Risk Partners (Nordics) A/S (“HRP Nordics”, “we”, “us” or “our”) we give high priority to confidentiality and data security. This privacy policy applies to our processing of personal data and establishes guidelines for the way HRP Nordics processes your personal data and provides you with the information that you are entitled to receive under applicable data protection laws. You should read the privacy policy before you hand over your personal data to HRP Nordics.

1. Data controller and contact information

The data controller of your personal data is: Hanseatic Risk Partners (Nordics) A/S Central Business Register (CVR) no. 39005158 Bredgade 75, 1. 1260 København K contactnordics@hrp.insure + 45 35 25 03 60 Our Data Protection Officer is: Thilo Noack SBS DATA Protect GmbH noack@sbs-data.de

2. If you visit our website

2.1. Cookies

Types of personal data
HRP Nordics uses cookies on our website, and in this connection processes your personal data. HRP Nordics may collect the following personal data about you, when you visit our website:
  • IP address
  • MAC address
  • Browsing History
  • Information about your use of our website, including click-behaviour
We use cookies to collect the above-mentioned personal data. You can read more about the use of cookies in our cookie policy, which you can find link here.
The purposes of the processing
Your personal data may be processed for the following purposes:
  • Ensuring functionality of the website
  • Enabling the use of certain website functions
  • Improving user experience, including by saving user preferences and settings
  • Statistics and analysis
Legal basis for processing
HRP Nordics processes your personal data on the following basis:
  • Legitimate interests: We base the processing of your personal data on our legitimate interests in, for example, ensuring the functionality of the website and providing a customer-friendly and effective design of the website (Article 6(1)(f) of the General Data Protection Regulation).
  • Consent: We base the processing of your personal data on your consent in the case of consent given (Article 6(1)(a) of the General Data Protection Regulation).
When you visit our website, we ask for your informed consent to place cookies that are not functional cookies according to the cookie rules. You have the right to withdraw your consent at any time. You can read more about how you change your cookie settings in our cookie policy, which is available here.
Retention period
In some cases, cookies are automatically deleted again after the browser is closed (so-called “session cookies”). In other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser. When processing personal data on the basis of your consent (Article 6(1)(a) of the General Data Protection Regulation), the data concerned will be stored until you revoke your consent. You can read more about the retention periods in our cookie policy, which is available here.

2.2. If you communicate with us via our website

Types of personal data
When you communicate with HRP Nordics via our website, including via our contact form, HRP Nordics processes personal data about you. HRP Nordics collects, processes, and stores the personal data that you provide in connection your inquiry to us, which typically includes the following types of personal data:
  • Name, e-mail address, phone number
  • What your inquiry is about
  • Date and time of your inquiry
  • Other information you provide in connection with your inquiry.
The purposes of the processing
Your personal data will be processed for the following purposes:
  • Handling of your inquiry
  • General communication
  • Statistics and analysis
Legal basis for processing
HRP Nordics processes your personal data on the below-mentioned bases. The basis depends on the nature of your inquiry.
  • Legitimate interests: We may process your personal data on the basis of our legitimate interests in handling your inquiry, communicating with you, and developing our products and services (Article 6(1)(f) of the General Data Protection Regulation).
  • Contractual obligations: If your inquiry concerns a (potential) formation of contract, for example, an insurance contract, we process your data to implement measures before the formation of contract (Article 6(1)(b) of the General Data Protection Regulation).
Retention period
We retain your personal data only for as long as necessary to fulfil the purposes as described above. However, the information can be stored for a longer period in anonymised form.

3. If you use our whistleblower service

Types of personal data
We may process the following personal data about the reported person, if the data is provided in relation to the report. In addition, a report may contain personal data about third parties:
  • Name, contact information, job title and reported information
  • Description of the alleged infringement
  • Potential criminal offenses
When a reporting is made, we will process personal data about the data subjects who are part of the report (i.e., the sender of the report, the reported person, and other third parties involved) in order to handle and investigate the alleged infringement. If you report an alleged infringement, such reporting will remain confidential and, at your wish, anonymous. However, you should in any case provide an e-mail address, as we may need to obtain further information about the violation in order to handle the case properly.
Purpose of processing
Your personal data may be processed for the following purposes:
  • Establishment and administration of the whistleblower service, where suspicion of unregulated conduct and violations of applicable law or internal guidelines can be reported
  • Administration of reported incidents, including clarification of potentially criminal matters
Legal basis
HRP Nordics processes your personal data on one or more of the following legal bases:
  • Legitimate interests: We may process your personal data on the basis of our legitimate interest in investigating reported incidents (Article 6(1)(f) of the GDPR).
  • Legal obligation: We process your personal data in order to fulfil our legal obligation (Article 6(1)(c) of the GDPR).
Retention period
We retain your personal data only for as long as necessary to fulfil the purposes as described above. However, the information can be stored for a longer period in anonymised form.

4. If you apply for a job

This section sets out the policy for HRP Nordics processing of personal data in relation to recruitment.
Types of personal data
HRP Nordics may collect, process, and store the following personal data:
  • Personal data which you have disclosed in your job application and CV as well as any attachments
  • Personal data you disclose during any job interviews
  • Information about you, including information regarding your previous jobs, activities, competencies, performance, as well as your general appearance, which is publicly available on the internet, including on social media
  • Results of personality tests etc.
  • Criminal records
  • References from your previous and/or current employers
  • Credit information and rating if the position you have applied for involves financial responsibilities (e.g., bookkeeping or accounting)
  • Health information if the position you have applied for demands special requirements for your health
  • Additional information you will provide in relation to the recruitment process
Purposes of the processing
Your personal data will be processed for the purpose of assessing whether we can offer you a position at HRP Nordics.
Legal basis
HRP Nordics will mainly process your personal data based on the following legal bases:
  • Request to enter into an employment contract with us: We may process your personal data on the basis of your request to enter into an employment contract with HRP Nordics (Article 6 (1) (b) of the GDPR).
  • Legitimate interests: We may process your personal data on the basis of our legitimate interests in carrying out further assessments of whether we want to hire you, including on the basis of personality tests, publicly available information on the internet and – if the position entails a financial responsibility – credit information and rating (Article 6 (1) (f) of the GDPR).
Retention period
If you are offered a position with HRP Nordics, your application and additional relevant personal data obtained during the recruitment procedure will be stored in your employee file. If you are not offered a position, we will store your application and any additional personal data obtained during the recruitment procedure for a period of 6 months following our rejection, unless you have provided your consent to the storage hereof for a longer period. If we have collected your criminal records, we will delete them immediately after we have received and reviewed them.

5. If you are a supplier, commercial (B2B) customer, collaborator etc.

This section contains the policy for HRP Nordics’ processing of personal data of sole proprietorship owners or contacts of suppliers, commercial customers and other collaborators working with HRP Nordics.
Collection of personal data
HRP Nordics may collect, process, and store your personal data in the following cases:
  • When your company or the company you work at enters into an agreement with HRP Nordics
  • When you have shown interest in HRP Nordics’ products and services, e.g., by providing HRP Nordics with your business card
  • When collaborating and communicating with HRP Nordics
Types of personal data
HRP Nordics may collect, process, and store the following types of personal data about you:
  • Name, e-mail address, phone number, and corresponding contact information
  • Individual information, e.g., preferred languages
  • Organisational information such as the name and address of the company, job title, employment area, primarily place and country of work
  • Contractual information such as orders, invoices, contracts, and other agreements between your company (or your employer) and HRP Nordics that may contain e.g., your contact information
  • Financial information such as payment terms, bank details and credit ratings (in the case of a sole proprietorship)
We may receive such information directly from you (primarily through e-mails and other correspondence with you) or from a third party such as your employer.
The purposes of the processing
Your personal data may be processed for the following purposes:
  • General planning, fulfilment, and the management of collaborations
  • Providing and administering our products and services, including insurance solutions
  • Administration, such as processing payments, accounting, credit assessment, as well as providing support
  • Newsletters and other marketing communication
  • Handling inquiries, requests, and other business communications
  • Product and service development
  • Statistics and analysis
  • Compliance with applicable laws and regulations, e.g., fulfilment of our obligations to prevent illegal activities
  • Managing conflicts
Legal basis for processing
HRP Nordics primarily processes your personal data on one or more of the following grounds:
  • Contractual obligations: In certain cases, the processing of your personal data is necessary to fulfil a contract (Article 6(1)(b) of the General Data Protection Regulation).
  • Legitimate interests: We may process your personal data on the basis of our legitimate interests in, for example, managing day-to-day operations in accordance with legitimate and fair business practices, including planning, execution and management of the cooperation, or our legitimate interest in, for example, performing credit ratings, statistics, analyses, marketing activities (where consent is not required), provide support and as well as improvement and development of our products and services. The processing may also be necessary for our legitimate interest in preventing fraud or establishing, defending, or asserting legal claims (Article 6(1)(f) of the General Data Protection Regulation).
  • Legal obligation: The processing of your personal data will in some cases be necessary for compliance with legal obligations, such as our obligation to prevent illegal activities (Article 6(1)(c) of the General Data Protection Regulation).
Retention period
We retain your personal data only for as long as necessary to fulfil the purposes as described above. However, the information can be stored for a longer period in anonymised form.

6. If you visit our social media profiles

This section contains the policy for HRP Nordics’ processing of personal data collected through HRP Nordics’ profiles or social media pages. HRP Nordics has profiles or pages on the following social media platforms:
  • LinkedIn Ireland Unlimited Company (LinkedIn’s privacy policy is available here).
  • Facebook (Meta Platforms Ireland Ltd. (Facebook’s privacy policy is available here)
  • Instagram (Meta Platforms Ireland Ltd. (Instagram’s privacy policy is available here)
For LinkedIn, Facebook and Instagram, HRP Nordics together with the social media providers are joint data controllers for the processing of personal data collected in connection with your interactions with the profiles, including the profiles’ postings. HRP Nordics and the providers of LinkedIn, Facebook and Instagram have entered into an agreement on the allocation of the data protection tasks. According to these agreements, HRP Nordics and social media providers are each responsible for the tasks associated with the processing we each undertake. However, it has been agreed between HRP Nordics and the provider of Facebook and Instagram that the provider is responsible for enabling you to exercise your rights as described in the ‘Your rights’ section below in relation to the use of Facebook and Instagram, and that it is HRP Nordics that is responsible for providing you with the information described below. In addition, it is agreed between HRP Nordics and LinkedIn that LinkedIn is responsible for responding to requests from you regarding the rights described in the ‘Your Rights’ section below.
Collection of personal data
When you visit or interact with our social media profiles, HRP Nordics and the social media providers may collect, process, and store the following types of personal data about you:
  • Information available on your profile, including your name, gender, civil status, workplace, interests, image, and your city
  • Whether you “like” or have applied other reactions to our profile
  • Comments you leave on our posts
  • That you have visited our profile
  • Your IP address
The purposes of the processing
HRP Nordics processes your personal data for the following purposes:
  • Improving our products and services, including our social media profiles and pages
  • Statistics and analysis
  • To be able to communicate with you if you comment on a post, make a review, or send us a message
  • Marketing in general
Social media providers process your personal data for the following purposes:
  • Improving their ad system
  • To provide HRP Nordics with statistics which the social media providers produce based on your visit to our profiles and pages
  • Advertising and customising the activities on the page.
Legal basis for processing
The processing of your personal data is based on the following basis:
  • Legitimate interests: HRP Nordics bases the processing of your personal data on our legitimate interests in being able to communicate with and market us to you on our social media profiles, as well as our legitimate interest in improving our products and services (Article 6(1)(f) of the General Data Protection Regulation).
Retention period
We keep your enquiries, which are not publicly posted, for as long as necessary to fulfil the purposes as described above. However, the information can be stored for a longer period in anonymised form. We encourage you to delete comments, likes, and other interactions you have left on our profile yourself if you no longer want them shown on our pages. HRP Nordics does not delete such publicly available interactions. Please see the privacy policy of each social media provider for information on how long they store your personal data.
Who do social media providers share your personal data with?
Social media providers may, among other things, share your personal data with the following categories of recipients:
  • Other devices in the group of which the social media provider is a part of
  • External partners providing analysis- and survey services
  • Advertisers
  • Other individuals visiting our social media profile or page (to the extent that your information is publicly available)
  • Researchers and other academics
You can find more information about who the social media providers share your personal data with, in each provider’s privacy policy. The social media providers may transfer their personal data to recipients outside the EU/EEA in accordance with applicable data protection legislation. You can read more in each provider’s privacy policy. You can read more about who HRP Nordics shares your personal data with, in the Section 8 below.

7. Who will have access to your personal data?

7.1. Disclosure to other data controllers

For the purposes stated above, we may disclose your personal data to:
  • Our business partners, including affiliates operated under our group of companies
  • Other parties the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in any insolvency or similar proceedings). In the case of a partial transfer of assets containing personal data, the processing basis for the related transfer of personal data is, as a rule, Article 6(1)(f) of the General Data Protection Regulation, since HRP Nordics has an interest in transferring parts of its assets and making commercial/structural changes.
  • Other parties with your separate consent or at your request
  • To meet any legal obligations, including to, if applicable, the relevant ombudsman or applicable supervisor authority if you make a complaint about the product or service we have provided to you. Other examples include public authorities, insurers, co-insurers, re-insurers, insurance intermediates/brokers, banks, technical consultants, experts, lawyers, loss adjusters and medical doctors.

7.2. Transfers to data processors

  • Our service providers. To achieve the above purposes, we may give third parties access to your personal data, which, based on a contractual relationship with HRP Nordics, provides relevant services to us. This could be IT suppliers, providers of third-party technologies, or other suppliers that process personal data for us. Such suppliers will only process personal data in accordance with our instructions and according to signed data processing agreements.

8. Where will your personal data be processed?

If your personal data are transferred to data processors or data controllers established in countries outside the EU/EEA that do not have an adequate level of protection, such a transfer will only take place once a transfer basis is secured, such as the EU Commission’s standard contractual clauses or EU-US Data Privacy Framework. If you have any questions about the basis for transfers to countries outside the EU/EEA, please contact our Data Protection Officer at noack@sbs-data.de.

9. Your rights

As a data subject you have the following rights under the GDPR:
  • You have the right to access the personal data we process about you
  • You have the right to object to our collection and further processing of your personal data
  • You have the right to rectification and deletion of your personal data, however there are certain statutory exceptions
  • You have the right to ask us to restrict the processing of your personal data
  • In certain circumstances, you may also request to receive a copy of your personal data and to transmit the personal data you have provided to us to another data controller (data portability)
  • You can withdraw any consents you may have given at any time. We will then delete your personal data unless we may continue the processing on another basis.
If you want to exercise your rights, please contact us by using the contact information listed in Section 11 below. Please state your name, email address, and the purpose of your request.

10. Contact information and complaints

If you have any questions about this privacy policy, wish to exercise your data protection rights, or if you wish to complain about the way we process your personal data, please contact our Data Protection Officer: Thilo Noack SBS DATA Protect GmbH noack@sbs-data.de You may file a compliant to the relevant supervisory authority, if you believe that our processing of your personal data is in violation of applicable law. You may find the contact information for all supervisory authorities within the EU/EEA at: Our Members | European Data Protection Board *** We reserve the right to update this privacy policy if necessary. On our website you will always find the most recent version.