If you are involved in a payment demand case
Who is responsible for the personal data Swedish Motor Insurers (TFF) processes?
We are responsible for processing personal data in cases concerning payment demands. We are also responsible for correct processing.
Why does TFF process personal data?
We process your personal data to be able to collect a debt and provide information about the debt. The data is also used to enable us to identify you.
The data is processed for our debt collection service and is used for invoicing, accounting, statistics, legal procedures, as well as troubleshooting and management of our IT systems.
Automated decisions
We use automated processes with elements of profiling as the basis for decisions on the collection measures we take. The result of the automated processes may mean, for example, that we apply to the Swedish Enforcement Authority for an injunction to pay or enforcement. Our automated processes do not change your legal status and are therefore not covered by the prohibition of automated decisions in Article 22 of the General Data Protection Regulation.
Where does TFF obtain personal data from?
We obtain personal data from public authorities, debt collection and credit information companies, insurance companies, banks, the person the case concerns, their representative or trustee in bankruptcy.
Who can see the personal data that TFF processes?
The case officers can see your personal data. In some cases our IT staff can also see personal data to troubleshoot, protect, develop and test the system.
Who does TFF provide personal data to?
We may disclose information to public authorities, debt collection and credit information companies, statistics companies, trustees in bankruptcy, insurance companies, postal and printing companies, service of documents companies and representatives of the person to whom a case relates.
Public authorities
We provide information to the Swedish Enforcement Authority, the Swedish Transport Agency and courts within the framework of our debt collection activities. When we disclose personal data to the Swedish Enforcement Authority, the Swedish Transport Agency and courts, we do so because it is necessary to perform a task carried out in the public interest.
We also provide information to law enforcement agencies. When we disclose personal data to law enforcement agencies agencies we do so to comply with a legal obligation incumbent on us or for our legitimate interest in protecting ourselves from crime.
Debt collection and credit information companies
We provide information to debt collection companies for collection of our claims and for service of documents. When we disclose personal data to debt collection companies we do so to perform a task carried out in the public interest.
We provide information to credit information companies to obtain the correct address and personal status of the person to whom the case relates. We also provide personal data to credit information companies for the purpose of obtaining decisions on the collection measures we are to take or to be able to dismiss incorrect information.
When we disclose personal data to debt collection and credit information companies we do so to perform a task carried out in the public interest.
Statistics companies
We provide information to statistics companies to be able to produce statistics. When we disclose personal data to statistics companies we do so to meet our legitimate interest in developing our business and our customer service.
Trustees in bankruptcy
We provide information to trustees in bankruptcy so that we can monitor and receive payment of our claims in a bankruptcy. When we disclose personal data to trustees in bankruptcy we do so to meet our legitimate interest in receiving payment of our claim.
Insurance companies
We provide information to insurance companies to be able to obtain a good basis for our decisions. When we disclose personal data to insurance companies we do so to meet our legitimate interest in obtaining good decision-making data for our measures.
Postal and printing companies
We provide information to postal and printing companies to enable us to communicate for example with the person to whom a case relates, their representative, public authorities, debt collection and credit information companies and others. When we provide personal data to postal and printing companies we do so to meet our legitimate interest in communicating.
Third country transfer
Our processor and our subsidiary Svensk Försäkring Administration AB (SFAB) provide cloud services owned by the American company Microsoft Ireland Operations Limited (Microsoft), for example Sharepoint and Teams. For our use of these, SFAB has a sub-processor agreement with Microsoft.
When TFF uses these cloud services, information is stored on servers located within the EU/EEA but owned by Microsoft. When using such cloud services, we only process the following pseudonymised personal data: reference number and customer ID number. Pseudonymised personal data is personal data that on its own cannot be linked to a specific person without additional data.
When we process reference numbers and customer ID numbers there is a risk that the pseudonymised personal data will be transferred to third countries.
Personal data may be transferred to a third country if the European Commission has decided that the country ensures an adequate level of protection. On 10 July 2023, the European Commission issued an adequacy decision for the United States. This means that transfers of personal data from the EU to organisations subject to the EU-US Data Privacy Framework (DPF) can now take place without the need for appropriate safeguards. Microsoft has joined the DPF.
Storage period: Reference numbers and customer ID numbers included in communications are erased when no longer needed for the communication or at the latest within six months. Reference numbers and customer ID numbers included in working documents are erased when no longer necessary for our handling of the case.
Recording of telephone calls
We record calls to our customer services. The recordings are used for the purpose of improving the quality of customer service to train our employees. Anyone calling us can opt out of the call being recorded by pressing a key. Calls are recorded to meet our legitimate interest in developing our service.
TFF’s customer services officers can activate the recording of a threatening call while the call is in progress. Our interest in recording a threatening call is then considered to outweigh the threatening person’s interest in not being recorded.
TFF is responsible for the personal data we process when recording calls. We engage Puzzel AB for telephony services. Puzzel AB complies with current data protection legislation and is responsible for protecting personal data that is recorded.
Those who have access to the recordings are a limited number of our customer services staff with special authorisation. In the event of a technical problem, an authorised person from Puzzel AB may also have access to the recordings.
The recorded calls are stored on a Puzzel AB server in Sweden. They are erased automatically after 14 days. During the 14 day storage period the call recordings are searchable by date, time, length of call or by the telephone number from which the call was made. It is not possible to search for words or other content in the recorded conversation.
By law, recorded calls may be handed over to law enforcement agencies and may then be stored for longer than 14 days.