Data ethics policy
This data ethics policy sets out the overall objectives for the work Velliv does in relation to data ethics, as well as the methods and processes in place for achieving these objectives. Our data ethics policy also defines applicable roles and responsibilities.
It is essential for Velliv that our customers and the world at large can rest assured that we will manage and store their personal data securely. In other words, ethically responsible use of data is a key priority of ours. This means that we focus on the interface between technology and data use, on the one side, and the values and norms of the society in which we operate, on the other, as well as on safeguarding our customers' rights and interests.
The purpose of this policy is to illustrate how we work with ethics in relation to data use and also to set the framework for the ethical data practices that we strive for in further digitisation. The policy supplements Velliv's Data Protection Policy, which sets out the overall requirements for how we manage personal data, and Velliv's Information Security Policy, which describes how we take care of customers' data, including relevant security standards for data storage, access control and data transmission.
The data ethics policy thus defines Velliv's overall objectives for the work we do on data ethics, as well as the methods and processes we use to achieve these objectives. The policy underpins the company's business model, values and vision.
The policy applies to data about customers, employees, partners, suppliers and distributors collected by Velliv from external sources, as well as data that we create ourselves through the use and development of technology. Data includes structured as well as unstructured data such as emails or other data without an identifiable structure.
Data processing forms an integral part of the processes associated with Velliv's core mission, which is to create financial security for customers throughout their lives by providing pension savings, life insurance products and pension advisory services. Velliv processes data for the purpose of establishing and managing agreements with customers as well as fulfilling our obligations towards customers, co-insured individuals and beneficiaries. In addition, we use data for marketing purposes to the extent that our customers have consented to the use of data for marketing purposes. Finally, we process data for recruitment, employment and human resource development purposes and for the development of new processes and technology to improve customer experience and optimise administrative processes. We are the controller of the personal data we process.
This data ethics policy applies to all managers and employees at Velliv. Our managers are particularly responsible for leading by example and for ensuring that all employees within their area of responsibility have read and understand the policy and that they abide by it.
At Velliv, we are committed to operating in a socially responsible way and to acting responsibly in performing our activities, and this also applies to our ethical data practices.
The amount of data available, accessible and possible to create has increased in line with technological development and the digitisation of society. If we do not succeed in equally strengthening the expertise that furthers awareness of data use, it could lead to increased risks. At Velliv we wish to avoid the risks associated with irresponsible and unethical use of data, as described below.
The main risks faced by Velliv in connection with data ethics are reputational risks, where, through unethical data use, the company may overstep customers' personal limits for data use. This may lead to adverse publicity and a loss of customers, with ensuing financial consequences for the company.
However, there are also risks associated with limited use of data, as there may be a risk of our advice not being relevant to the individual customer. We may also lose competitiveness and earnings if we adopt a lower level of data use compared to our competitors and to what is generally accepted in society in this area. The boundaries of what is normative are shifting with digital development, and what is one day perceived as normal or reasonable may suddenly change significantly within a short period of time. In general, we endeavour to attain the level of what is considered acceptable in society.
At Velliv, we continuously strive to understand and mitigate the risks arising from our use of data in development processes and in our continuous reflections on how we use data. In these processes, before the data is actively used, risks are assessed against the expected value that the data use will bring. In this way, we ensure that our data ethics policy is complied with as well as possible.
Strategic objectives for data ethics
The strategic objectives of our work on data ethics are directly rooted in our business model and our values of decency, optimism and care. With our products, services and advice, we aim to give peace of mind, and one of the ways we do this is by using and processing data in an ethically responsible manner. Our ethical data practices must therefore not only contribute positively to customer safety but also create business value.
Our strategic objective for ethical data practices is to adopt responsible use of data at all times and to create transparency in our data management and data development processes. We do so through data processing, development and digitisation processes, with emphasis on:
- transparent data use
- inclusion of data that can promote our customer's interests and options for solutions
- sound ethical use of data in further digitisation
These three areas are explained in more detail below.
What we mean by transparent data use
In our data collection, it is important to us that our collection of data is clear and transparent. We only use data that:
- has been collected directly from our customers or from a person or employer acting on behalf of our customers;
- comes from valid sources which the customer is informed will be included in the data collection;
- is publicly available, in the situations where the use is transparent and in the customers' direct interest.
Our use of data is subject to the purpose limitation rule and transparent, and is intended to help us maintain customer trust and satisfaction at all times by our processing of data with respect and in the most accurate way possible.
What we mean by the inclusion of data that can promote our customer's interests and options for solutions
Velliv's processes are based on relevant and valid data that best supports our advice and customer service and helps to promote good advisory services. Data is included and used to the extent that it can contribute to personalised advice and more accurate and relevant quotations, but also in other situations that can promote the interests of the entire customer portfolio, e.g. in the investigation of fraud cases.
What we mean by sound ethical use of data in further digitisation
At Velliv, we use relevant technology in our business development and digitisation processes. Our overall objective when using digitisation and technology is to improve the customer experience and our competitive position. We use Machine Learning (ML) and other technologies to develop and optimise administrative processes, reduce turnaround times and costs, and improve the customer experience.
When using technology and developing digitisation, data ethics will guide us towards sustainable and responsible use of data.
Methodology and process description
This section describes how we intend to achieve our strategic objective.
In our efforts to achieve our objectives, we continuously seek guidance in Danish and European standards, including, for example, Insurance & Pension Denmark's data ethics principles 'Cool or Creepy', the EU Ethical Guidelines for Reliable Artificial Intelligence and the Data Ethics Council's recommendations 'Data Ethics - How to do it'.
We also work with associations etc. that can contribute positively to the development of data ethics in society and in the insurance and pension industry, especially in the use of further digitisation opportunities, through the safeguarding of interests via the trade association Insurance & Pension Denmark.
How we ensure transparent data use
Our advice to customers is based on the customers' own data or statistical data that is deemed to be directly relevant to safeguarding our customers' interests in the best possible way. In addition, customers are informed if we collect or use data when they are offered products and services that involve the collection of data on an ongoing basis.
We are transparent about the types of data used in the pricing of each product offered to the customer.
At Velliv.dk, our customers can find information about how we process their personal data and our work on data ethics.
How we include data that can promote our customer's interests and options for solutions
We make sure that the data we use is valid, e.g. by obliging corporate customers to update relevant data about employees on an ongoing basis and at least once a year, and by regularly asking individual customers to confirm or update contact information, just as data is regularly updated via public and statutory registers.
When we decide to use customer data, we do so with the utmost respect for the privacy of individual customers and without compromising customer self-determination, as well as balancing the interests of the customer portfolio as a whole.
For example, Velliv's claims officers use data to assess whether customers are eligible for benefits under their insurance. If the company suspects that there is a discrepancy in information relevant to the claim obtained from the customer, third parties or otherwise, we may initiate a special investigation to identify possible insurance fraud. In that connection, we use Insurance & Pension Denmark's 'Code for special investigation of insurance cases'. The Code aims to ensure a high level of legal and ethical standards so that customers can have confidence that companies only use investigation methods that are proportionate to the scope of the case, and that minimise inconvenience to the customer. Among other things, the Code sets out guidelines on how the company can obtain information from public sources, the internet and social media, as well as the use of personal surveillance or contact with third parties.
In Velliv's communication processes, customer data is used to personalise communication and make the content as relevant as possible to the individual customer. We also advise customers proactively through the concept of scaled recommendations, where customer data is used to provide customers with the most up-to-date advice in relation to their situation.
When considering data ethics choices regarding new administration processes, advisory services or products, we may choose to involve customer panels.
How we ensure sound ethical use of data in further digitisation
We follow established processes when developing new products and services, including ethical considerations in favour of and against the use of data. The development at Velliv of Machine Learning (ML) models follows the EU Ethical Guidelines for Trustworthy Artificial Intelligence as well as Insurance & Pension Denmark's data ethics principles ('Cool or Creepy').
In our development of ML models, if free text (e.g. emails, medical records, etc.) to be used to train a new or existing model contains sensitive personal data (e.g. health, medical conditions, etc.), we anonymise the text before it is used.
In administration processes and the optimisation of general operational processes, we continuously develop ML models to support and strengthen our employees in their daily work and decision-making processes. ML model decisions are always reviewed by a Velliv staff member before entering into dialogue with a customer.
When developing new ML models, Velliv always considers whether the data used for training could cause the model to be biased. This is evidenced, among other things, by the fact that the production of new models cannot be initiated until compliance with the EU Ethical Guideline for Trustworthy Artificial Intelligence is documented. As Velliv's ML models have no bearing on the physical safety of customers or on individual fundamental rights, they are characterised as low-risk models as defined by the EU.
Monitoring and controls
Those responsible for the business areas falling within the scope of this data ethics policy have to ensure that the policy monitoring and controls processes are described in relevant business procedures.
Velliv is required to report on the company's data ethics policy in the management's review section of the annual report in accordance with the Executive Order on financial reports for insurance companies and multi-employer pension funds. In our CSR report, we also provide information about our work in relation to data ethics.
We regularly report on our work in relation to data ethics to the company's Data Protection and Information Security Committee. In addition, the Executive Board is regularly informed about our work through periodic reports.
In the event of incidents of a reputational or competitive nature, the Board of Directors must be notified in accordance with normal business practice. In addition, the Board of Directors must be informed about work done in connection with the annual reporting.
Roles and responsibilities
The Executive Board is responsible for ensuring that this policy is implemented in Velliv's day-to-day operations through relevant business procedures.
Our work on data ethics is driven by a designated coordinator and anchored in our Data Protection and Information Security Committee.
Right of delegation
The Executive Board or the person to whom the responsibility is delegated may delegate the responsibility to other relevant parts of the company.
References to other policies and guidelines