If you are involved in a claim case

This is how we process your personal data if you are involved in a traffic claim, been witness to a traffic claim or are included in our claims cases for another reason.

Who is responsible for the personal data Swedish Motor Insurers (TFF) processes about me?

We are responsible for processing personal data in cases concerning claims. We are also responsible for correct processing.

Why does TFF process personal data about me?

We process your personal data in order to communicate with you, handle reported claims and to recover claims settlements paid out. The data is also used to enable us to identify you, for recoveries, accounting, statistics, legal procedures and troubleshooting and management of our IT systems.

What personal data does TFF have the right to process?

Handling of personal injury claims

We process personal data about those who may be involved in a claim: those affected, those at fault, witnesses, fellow passengers, relatives, representatives, health professionals, medical advisers, employees of insurance companies, government officials and employers.

We have a responsibility under the Motor Traffic Damage Act to compensate claims caused by uninsured, unknown and foreign motor driven vehicles.

We process the following personal data: name and personal identity number, contact details, driving licence information, vehicle registration numbers, pictures, any debt to TFF, claim number, claim ID, web number, descriptions of the claim incident, various case numbers of authorities, income information (such as salary, pension and benefits), bank details, tax assessment and tax return information, employment conditions, employer, insurance information, health information (such as medical records, medical certificates, sick leave conditions and investigations), information on social care (such as decisions on home-help services, housing supplement and housing adaptation) and, in some cases, information on suspicion of crime, violations of the law and criminal convictions.

In addition to this, we may also process personal data that you provide to us yourself, such as the name and contact details of agents/representatives or information relating to your social circumstances.

We may also process data about people who are affected, at fault or otherwise related to a claim, how the claim arose and the conditions that prevailed.

Legal basis

For compliance with a legal obligation and for establishment, exercise or defence of legal claims.

Storage period

Personal data in personal injury claims are detached from the case management system after a certain period of time, at least 20 years after the claim case is closed and at most 80 years after the claim case is closed (cases to be reviewed by the Road Traffic Injuries Commission). They are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. There are different cut-off times for different types of claim.

Information from insurance companies that is not part of a claim case or that we do not need for our processing, is erased within one month.

Handling of material damage claims

We process personal data about those who may be involved in a claim: those affected, those at fault, witnesses, fellow passengers, relatives, representatives, employees of insurance companies and in some cases health professionals, government officials and employers.

We have a responsibility under the Motor Traffic Damage Act to compensate claims caused by uninsured, unknown and foreign motor driven vehicles.

We process the following personal data: name and personal identity number, contact details, driving licence information, vehicle registration numbers, pictures, any debt to TFF, claim number, claim ID, web number, descriptions of the claim incident, various case numbers of authorities, bank details, employer, insurance information, health information (such as medical records, medical certificates, sick leave conditions and investigations), information on social care (such as decisions on home-help services, housing supplement and housing adaptation) and, where applicable, information on suspicion of crime, violations of the law and criminal convictions.

In addition to this, we may also process personal data that you provide to us yourself, such as the name and contact details of agents/representatives or information relating to your social circumstances.

Legal basis

For compliance with a legal obligation and for establishment, exercise or defence of legal claims.

Storage period

Personal data in material damage claims are detached from the case management system ten years after the case is closed and are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. The detachment takes place once a month.

Information from insurance companies that is not part of a case or that we do not need for our processing, is erased within one month.

Recovery (recourse)

Once we have settled a claim, under the Motor Traffic Damage Act we have the right in certain cases to recover all or part of the claim settlement from the owner or driver of the vehicle.

We process personal data about those who may be involved in a claim: those affected, those at fault, witnesses, fellow passengers, relatives, representatives, health professionals, medical advisers, employees of insurance companies, government officials and employers.

We process the following personal data: name and personal identity number, contact details, driving licence information, vehicle registration numbers, pictures, any debt to TFF, claim number, descriptions of the claim incident, various case numbers of authorities, income information (such as salary, pension and benefits), bank details, tax assessment and tax return information, employment conditions, employer, insurance information, health information (such as medical records, medical certificates, sick leave conditions and investigations), information on social care (such as decisions on home-help services, housing supplement and housing adaptation) and, where applicable, information on suspicion of crime, violations of the law and criminal convictions.

In addition to this, we may also process personal data that you provide to us yourself, such as the name and contact details of agents/representatives or information relating to your social circumstances.

We may also process data about people who are affected, at fault or otherwise related to a claim, how the claim arose and the conditions that prevailed.

Legal basis

For the performance of a task carried out in the public interest.

Storage period

Personal data in personal injury claims are detached from the case management system after a certain period of time, at least 20 years after the claim case is closed and at most 80 years after the claim case is closed (cases to be reviewed in the Road Traffic Injuries Commission). They are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. There are different cut-off times for different types of claim.

Information from insurance companies that is not part of a claim case or that we do not need for our processing, is erased within one month.

Personal data in material damage claims are detached from the case management system ten years after the case is closed and are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. The detachment takes place once a month.

Information from insurance companies that is not part of a case or that we do not need for our processing, is erased within one month.

Disputes and court cases

If a claim case is to be heard by a court, we process personal data about parties to the claim, agents/representatives/counsel, witnesses and employees of courts, public authorities and insurance companies. We process the following personal data: name and contact details and, in certain cases, the personal identity number and vehicle registration numbers of the parties and witnesses, the claim number, the various case numbers of insurance companies and courts, and all personal data contained in the claim case file.

Legal basis

Our legitimate interest in communicating and to enable us to establish, exercise or defend our legal claims.

Storage period

Personal data in personal injury claims are detached from the case management system after a certain period of time, at least 20 years after the claim case is closed and at most 80 years after the claim case is closed (cases to be reviewed in the Road Traffic Injuries Commission). They are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. There are different cut-off times for different types of claim.

Information from insurance companies that is not part of a claim case or that we do not need for our processing, is erased within one month.

Personal data in material damage claims are detached from the case management system ten years after the case is closed and are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. The detachment takes place once a month.

Information from insurance companies that is not part of a case or that we do not need for our processing, is erased within one month.

Witnesses

We may process personal data about a person who has witnessed a traffic claim incident. We process the following personal data: name, personal identity number, contact details, claim number, claim ID, description of the claim incident and other information the witness has provided to us.

Legal basis

For compliance with a legal obligation and for establishment, exercise or defence of legal claims.

Storage period

Personal data in personal injury claims are detached from the case management system after a certain period of time, at least 20 years after the claim case is closed and at most 80 years after the claim case is closed (cases to be reviewed in the Road Traffic Injuries Commission). They are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. There are different cut-off times for different types of claim.

Information from insurance companies that is not part of a claim case or that we do not need for our processing, is erased within one month.

Personal data in material damage claims are detached from the case management system ten years after the case is closed and are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. The detachment takes place once a month.

Information from insurance companies that is not part of a case or that we do not need for our processing, is erased within one month.

Handling of reindeer claims

We process personal data about reindeer owners. We also process personal data about others affected, those at fault, witnesses, fellow passengers, representatives, employees of insurance companies and government officials.

We record all reported collisions with reindeer in a register. The register is then sent to the Swedish Board of Agriculture, which compiles important industry statistics.

We process the following personal data: name and personal identity number, contact details, Sami village and bank details.

Legal basis

For the performance of a contract between TFF and the National Union of the Swedish Sami People and for the establishment, exercise or defence of legal claims.

Storage period

The personal data is erased within eleven years from the close of the case. Erasure takes place once a year.

Green Card system

We process personal data about anyone involved in a traffic claim where one of the motor driven vehicles is foreign.

When we settle the claim and send a reimbursement demand to a foreign Green Card Bureau, we only send the personal data that is necessary for the foreign bureau to process the reimbursement demand.

We may need to transfer personal data that is included in a claim to a country outside the EU/EEA when we send a reimbursement demand to a Green Card Bureau. We only send personal data that is necessary for us to be able to be repaid in accordance with our reimbursement demand. Transfers are regulated by agreements with all member states in the Green Card system.

For transfers of personal data outside the EU/EEA, we use the European Commission's standard contractual clauses in accordance with Article 46(2)(c) of the General Data Protection Regulation. As additional security measures, personal data is protected through encryption and restriction of access. Their standard contractual clauses for international transfers are available on the European Commission's website.

European Commission website

When we settle the claim, we process all personal data that is included in the claim case. See more under the headings “Handling of personal injury claims” and “Handling of material damage claims”.

When a foreign Green Card Bureau settles the claim, we process the personal data we receive from the foreign Green Card Bureau. This may include, for example, name, personal identity number, contact details, driving licence information, vehicle registration numbers, pictures, chassis number, claim number, various case numbers of foreign authorities, income information (such as salary, pension and benefits), bank details, tax assessment and tax return information, employment conditions, employer, insurance information, health information (such as medical records, medical certificates, sick leave conditions and investigations), information on social care and, where applicable, information on suspicion of crime, violations of the law and criminal convictions.

In addition to this, we may also process personal data provided by the injured party, such as the name and contact details of agents/representatives or information relating to social circumstances.

We may also process data about people who are affected, at fault or otherwise related to a claim, how the claim arose and the conditions that prevailed.

Legal basis

Our legal obligation to settle claims that were incurred in a Green Card partner country and to establish, exercise or defend legal claims.

Storage period

Personal data in personal injury claims are detached from the case management system after a certain period of time, at least 20 years after the claim case is closed and at most 80 years after the claim case is closed (cases to be reviewed by the Road Traffic Injuries Commission). They are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. There are different cut-off times for different types of claim.

Information from insurance companies that is not part of a claim case or that we do not need for our processing, is erased within one month.

Personal data in material damage claims are detached from the case management system ten years after the case is closed and are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. The detachment takes place once a month.

Information from insurance companies that is not part of a case or that we do not need for our processing, is erased within one month.

More information about the Green Card system 

Information Centre

In TFF’s role as information centre under the Motor Traffic Damage Act, we must, on request, provide information on the issuer of motor third party liability insurance for a vehicle that is normally based in Sweden, and who is the insurer's claims representative.

We process the following data: registration number, make, model, colour, VIN number, insurer and code and date of insurance certificate.  In some cases also the name, email address and other contact details of the person who requested the information.

Legal basis

We have a legal obligation as information centre to disclose data.

Storage period

We store the data until we have provided them in accordance with the request. The data is stored for a maximum of six months, after which it is erased.

Monitoring and statistics

We use a monitoring system to produce statistics. The system retrieves data from the case management system and is used to obtain statistical data on claims settlement.

We process the following personal data: Only pseudonymised personal data such as the claim number and the type of claim.

Legal basis

Our legitimate interest in monitoring business operations.

Storage period

Personal data in personal injury claims are detached from the case management system after a certain period of time, at least 20 years after the claim case is closed and at most 80 years after the claim case is closed (cases to be reviewed in the Road Traffic Injuries Commission). They are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. There are different cut-off times for different types of claim.

Information from insurance companies that is not part of a claim case or that we do not need for our processing, is erased within one month.

Personal data in material damage claims are detached from the case management system ten years after the case is closed and are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. The detachment takes place once a month. 

Taking out frontier insurance

If you bring a motor driven vehicle into Sweden that is registered in a country outside the Green Card system, you must take out a special motor third party liability insurance called frontier insurance. The vehicle must have frontier insurance until it has been registered in Sweden.

A claim is reported to and settled by the Green Card Bureau in the country where the claim was incurred. In Sweden, the Swedish Motor Insurers' Association (TFF) bears the insurance liability.

We process the following personal data: the name and contact details of the vehicle owner, registration number, chassis number, make of vehicle and insurance number.

Legal basis

Our legal obligation to bear the insurance liability and to settle claims where a vehicle with frontier insurance is involved, as well as to fulfil a contract between the vehicle owner and TFF.

Storage period

The personal data is erased at the latest eleven years after the close of the case.

Medical advisors

We may record personal data about a person who has suffered a personal injury in our medical advisor's database. We process the following personal data: name, personal identity number, sex, date of claim, occupation, time of doctor's visit, description of the claim incident, medical records and other personal data that appear in the claim file and are relevant for the assessment.

Legal basis

Our legal obligation to settle claims and to establish, exercise or defend legal claims.

Storage period

The personal data is stored in our medical advisor's database for the duration of the case. Once the case has been closed, the data will be erased within 36 months at the latest.

Customer surveys

We may send a form after the case has been closed to the injured party with questions about how our handling has been perceived. We process the following personal data: name, address, claim number and the information provided by the injured party in their reply.

Legal basis

Our legitimate interest in developing our business and our customer service.

Storage period

In customer surveys, personal data is processed until the survey is completed. For statistical purposes, personal data is collected from our case and document management system. When the responses from customer surveys are compiled, the personal data is anonymised.

Email, contact form and telephone

We process personal data about those who contact us via email and through contact forms on our website tff.se. We process the following personal data: name, contact details, case number and any personal data you provide yourself.

When you call us, we record information that you provide and that is relevant to our processing.

Legal basis

Our legitimate interest in the injured party being able to communicate with us, in order for us to be able to fulfil our legal obligation to settle claims and in order for us to be able to establish, exercise or defend our legal claims.

Storage period

If the message concerns a claim, it is stored in our case management system where it is retained in accordance with the time limits for disposal of material damage or personal injury claims.

If the call concerns a claim handled by us, a note of the call is stored in our case management system where it is retained in accordance with the time limits for disposal for material damage or personal injury claims.

Digital claim notification on tff.se

When you notify a claim on our website tff.se, your notification is registered directly in our case management system. Your notification will then be given a web number.

In addition to the web number, we process the data you provide in the digital claim notification.

Legal basis

Our legitimate interest in the injured party being able to notify claims easily, in order for us to be able to fulfil our legal obligation to settle claims and in order for us to be able to establish, exercise or defend our legal claims.

Storage period

No personal data from the claim notification is stored on the website.

General information about documents sent to us by post

Documents received by post are scanned and saved in the case management system. The physical document is archived.

Legal basis

Our legitimate interest in ensuring that documents are scanned correctly. We also have the right to process the personal data for the establishment, exercise and defence of our legal claims.

Storage period

For claims registered before 1 July 2023, post received is stored as follows:

Personal data in personal injury claims are detached from the case management system after a certain period of time, at least 20 years after the claim case is closed and at most 80 years after the claim case is closed (cases to be reviewed in the Road Traffic Injuries Commission). They are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. There are different cut-off times for different types of claim.

Information from insurance companies that is not part of a claim case or that we do not need for our processing, is erased within one month.

Personal data in material damage claims are detached from the case management system ten years after the case is closed and are then moved to a storage database where they are stored in unreadable encrypted form. Only a limited number of case officers have access to the storage database. The detachment takes place once a month.

Information that is not part of a case or that we do not need for our processing, is erased within one month.

For claims registered after 1 July 2023 documents sent to us by post are scanned and saved digitally in our document management system. To avoid the risk of loss of information due to incorrect scanning of documents, all documents received are locked up in a special archive for a maximum period of 24 months, after which they are disposed of in confidential waste bins.

Troubleshoot, develop and test IT systems

We may use data about a person who has a claim with us to troubleshoot, develop and test our IT systems. We may then need to process all personal data included in a claim.

Troubleshooting may also take place directly in our case management system.

Legal basis

Our legitimate interest in ensuring the protection of personal data and developing the technical functionality of our IT systems.

Storage period

If personal data is processed outside the case management system, they are erased as soon as the troubleshooting, development or testing is completed.

The Bookkeeping Act

We process personal data about individuals from whom and to whom payments are made.

We process personal data that are accounting records and that are subject to the provisions of the Bookkeeping Act. We process the following personal data: name, personal identity number, account details, payments or other accounting records.

Legal basis

For compliance with legal obligations.

Storage period

In accordance with the Bookkeeping Act we retain accounting records for seven years after the calendar year in which the financial year ended.

Visits to the website tff.se

When you visit tff.se certain information about what you do on the website is stored on your computer, tablet or mobile phone. To understand how the website is used and obtain a basis for our improvement work, we collect statistics about each visit via a statistical tool.

The data collected may include, for example, a visitor’s IP address, operating system, browser ID and browsing activity. See full details of the data collected by clicking on the icon that appears at the bottom left of the screen.

Legal basis

Our legitimate interest in developing our website.

Storage period

Personal data is stored for 25 months on a server in Sweden.

My Pages

We describe how we process personal data on My Pages on a separate page.

My Pages terms and conditions and personal data processing

If you use My Pages, cookies are set on your computer, tablet or mobile phone. The cookies that are set are necessary and required to enable you to use My Pages.

Automated decisions

We do not make automated decisions when handling claims.

Where does TFF obtain personal data from?

We may obtain personal data from public authorities, insurance companies, banks, injured parties, witnesses and care providers.

Who can see the personal data that TFF processes?

Our case officers can see personal data that is included in the claim case. In some cases our IT staff can also see personal data when troubleshooting or developing the case management system.

Who does TFF provide personal data to?

We may disclose information contained in the claim case to others in addition to you and your representative. We provide information to public authorities, insurance companies, the Road Traffic Injuries Commission, other Green Card Bureaux, translation agencies, medical advisors, statistics and analysis companies. We also provide data to postal and printing companies so that you can receive our letters. We provide pseudonymised personal data to statistics companies.

Public authorities

We provide information to the Swedish Enforcement Authority, courts and law enforcement agencies.

When we disclose personal data to the Swedish Enforcement Authority and law enforcement agencies we do so to comply with a legal obligation incumbent on us or for our legitimate interest in protecting ourselves from crime.

When we disclose personal data to courts we do so to be able to meet our legitimate interest in communicating and to enable us to establish, exercise or defend our legal claims.

Insurance companies

We provide information to insurance companies to enable us to fulfil our legal obligation to settle a claim.

Road Traffic Injuries Commission 

We provide information to the Road Traffic Injuries Commission to fulfil our legal obligation to disclose information for the Commission’s review.

Other Green Card Bureaux 

We provide information to other Green Card Bureaux to meet our legitimate interest in obtaining payment for a claim caused by a foreign motor driven vehicle.

Translation agency  

We provide information to our translation agency to fulfil our legal obligation to settle a claim.

Medical advisor

We provide information to our medical advisor to fulfil our legal obligation to settle a claim.

Postage, printing and mail handling

We provide information to companies for postage, printing and mail handling to enable us to communicate with the person to which a case relates, their representative, public authorities, debt collection and credit information companies and others. When we provide personal data to postage, printing and mail companies we do so to meet our legitimate interest in communicating.

Statistics and analysis companies

We provide information to statistics and analysis companies to meet our legitimate interest in planning and developing our business.

Third country transfer

Our processor and our subsidiary Svensk Försäkring Administration AB (SFAB) provide cloud services owned by the American company Microsoft Ireland Operations Limited (Microsoft), for example Sharepoint and Teams. For our use of these services SFAB has a sub-processor agreement with Microsoft.

When TFF uses these cloud services, information is stored on servers located within the EU/EEA but owned by Microsoft. When using such cloud services, we only process the following pseudonymised personal data: claim ID. Claim ID is only used for the purpose of being able to communicate internally and to work efficiently. Pseudonymised personal data is personal data that on its own cannot be linked to a specific person without additional data.

When we process claim ID in Microsoft's cloud services, there is a risk that the pseudonymised personal data will be transferred to third countries. The claim ID data on its own cannot be linked to a person.

Personal data may be transferred to a third country if the European Commission has decided that the country ensures an adequate level of protection. On 10 July 2023, the European Commission issued an adequacy decision for the United States. This means that transfers of personal data from the EU to organisations subject to the EU-US Data Privacy Framework (DPF) can now take place without the need for appropriate safeguards. Microsoft has joined the DPF.

Information on how we process transfers to third countries under the Green Card system can be found under the heading “Green Card system”.

Storage period: Claim IDs included in communications are erased when no longer needed for the communication or at the latest within six months. Claim IDs included in working documents are erased when no longer necessary for our handling of the case.

To the top