Privacy & Cookie Policy

1. Data Controller

Fairside A/S is the data controller for the processing of personal data that we receive about you. You can contact us at:

Data protection contact: Niels Ulrich, nu@fairside.dk.

2. What personal data do we process?

As an insurance broker, we process personal data in connection with advisory services, placement, and administration of insurance. We process the following categories of personal data:

• Contact information: Name, address, email, phone number
• Company information: Company name, registration number, industry, number of employees
• Insurance information: Existing cover, policy numbers, claims history, insurance needs
• Financial information: Revenue, asset values, and other information used for risk assessment
• Danish civil registration number (CPR): Processed only when necessary for identification with insurance companies or as required by law (lawful basis: Danish Data Protection Act, Section 11(2)(1))
• Health data: In rare cases and only in connection with employee insurance (health, accident, travel), we may receive health data. This is done only with your explicit consent (GDPR Art. 9(2)(a)) or where necessary for the establishment of a legal claim (Art. 9(2)(f)). Health data is not processed in our AI tools
• Correspondence: Emails, telephone notes, and other communication between you and us

3. Purpose of processing

We process your personal data for the following purposes:

• To carry out a demands and needs assessment in accordance with the Insurance Distribution Directive (IDD)
• To obtain and compare insurance quotations from insurers
• To manage client relationships, including policy administration, renewals, and claims notification
• To respond to enquiries from you
• To comply with legal obligations, including the Danish Bookkeeping Act and the Danish Anti-Money Laundering Act
• To carry out customer due diligence (KYC) as required by anti-money laundering legislation

4. Lawful basis for processing

The processing of your personal data is based on one or more of the following lawful bases under the GDPR:

• Contract (Art. 6(1)(b)): Processing necessary for the performance of a contract with you for insurance broking services
• Legal obligation (Art. 6(1)(c)): Processing necessary to comply with legal requirements, including the Danish Bookkeeping Act, the Anti-Money Laundering Act, and the Insurance Distribution Act
• Legitimate interest (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as improving our advisory services, fraud prevention, and marketing to existing clients. Our legitimate interests do not override your rights
• Consent (Art. 6(1)(a)): Processing based on your consent, such as newsletters or the processing of health data

5. Recipients of personal data

We disclose your personal data to the following recipients to the extent necessary to manage your insurance arrangements:

• Insurers: The insurance companies from which we obtain quotations or with which we place cover on your behalf
• IT service providers: Providers of insurance administration systems, CRM, and communication platforms that process data on our behalf (data processors). All data processors are subject to data processing agreements in accordance with GDPR Art. 28
• Professional advisers: Auditors, lawyers, and other professional advisers where necessary
• Public authorities: The Danish Financial Supervisory Authority (Finanstilsynet), the Danish Data Protection Agency (Datatilsynet), the Danish Tax Authority (SKAT), and the Danish Money Laundering Secretariat, where we are legally obliged to do so

6. Transfers to third countries

All personal data is stored on European servers within the EU/EEA. We do not transfer personal data to countries outside the EU/EEA unless necessary and an adequate level of protection is ensured, for example through EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.

7. Retention

We retain your personal data for as long as necessary for the purposes for which it was collected. After that, data is deleted or anonymised. The following retention periods apply:

• Client data and advisory documentation: 5 years after the end of the client relationship (the general limitation period)
• Accounting records: 5 years from the end of the financial year to which the records relate (Danish Bookkeeping Act)
• Anti-money laundering data (KYC): 5 years after the end of the business relationship (Danish Anti-Money Laundering Act)
• Claims data: Up to 10 years where personal injury claims may be brought (the extended limitation period)
• Marketing consents: 2 years after withdrawal of consent
• AI system logs: A minimum of 6 months

8. Use of AI and automated processing

We use AI-based tools as part of our advisory and administrative processes. This may include:

• Analysis of insurance needs and risk assessment
• Document management and policy review
• Optimisation of insurance programmes and premium comparisons
• Internal quality assurance and claims pattern analysis

In this regard, the following applies:

• Your personal data is used solely for the specific purpose for which it was collected and is not shared with third parties for the purpose of training AI models.
• All AI-based processing takes place under human oversight and control. No automated decisions that produce legal effects concerning you, or that similarly significantly affect you, are made without human involvement (cf. GDPR Art. 22).
• We comply with the EU AI Act and ensure that our use of AI tools meets the requirements for transparency, human oversight, and risk assessment. All material decisions regarding your insurance are made by our advisers – never solely by an algorithm.
• Data processed through AI tools is subject to the same security measures and retention policies as all other personal data.
• You have the right at any time to request human review of any AI-assisted assessment, as well as the right to request information about whether your data has been processed using automated tools.

9. Security measures

We have implemented comprehensive technical and organisational measures to protect your personal data:

• Encryption: All documents and data are encrypted both in transit and at rest. We use industry-standard encryption across all systems.
• Data storage within the EU: All personal data is stored exclusively on European servers within the EU/EEA.
• Certified sub-processors: Our data is hosted with Microsoft, which is SOC 2 Type II certified. We require all material sub-processors to comply with recognised security standards.
• Access control: We use role-based access control (RBAC), ensuring that only authorised personnel have access to the information necessary for their work.
• Ongoing security audits: We carry out regular security assessments, including penetration testing and vulnerability scanning, to maintain a high level of protection.
• Logging and monitoring: All access to personal data is logged, and we continuously monitor for unauthorised activity.

10. Your rights

You have the following rights under the GDPR. You may exercise your rights by contacting us at info@fairside.dk:

• Right of access (Art. 15): You have the right to obtain information about the personal data we process about you
• Right to rectification (Art. 16): You have the right to have inaccurate personal data corrected
• Right to erasure (Art. 17): You have the right, in certain circumstances, to have your personal data erased
• Right to restriction of processing (Art. 18): You have the right, in certain circumstances, to restrict the processing of your personal data
• Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used and machine-readable format
• Right to object (Art. 21): You have the right to object to processing, including an unconditional right to object to direct marketing
• Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal

11. Consequences of not providing personal data

In connection with insurance broking, it is necessary to process certain personal data in order to advise you and obtain quotations from insurers. If you choose not to provide the necessary information, we may not be able to provide our services to you. Certain information is also required by law, for example under anti-money laundering customer due diligence requirements.

12. Cookies

"Cookies" are text files stored on your device to recognise users, preserve settings, perform analyses, and target advertisements.

You can delete or block cookies via minecookies.org/cookiehandtering

Consequences of blocking: Advertisements become less relevant, website functionality may be impaired, and access to content may be limited.

Personal data collected automatically

• Unique device ID and technical specifications
• IP address
• Geographic location
• Page navigation behaviour

13. Complaints

You have the right to lodge a complaint with our data protection contact, Niels Ulrich (nu@fairside.dk), or with the Danish Data Protection Agency if you are dissatisfied with our processing of your personal data:

14. Changes

We reserve the right to update this policy. In the event of material changes, we will inform you via our website. This policy was last updated in March 2026.