Data protection information

Lassie is the data controller for the personal data that you provide to us or that we collect from a third party. This policy applies to all information collected through our services and related services, sales and marketing. We collect and process your personal data to handle and administer insurance contracts, process claims and when you use our website and mobile application ("App"). Lassie's processing of personal data complies with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). If you have any questions or concerns about this Policy or our processing of your personal data, please contact us at

1. What is personal data?

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a user name, an identification number, location data, online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. From which sources do we collect personal data?

Personal data that you provide to us

We collect personal data that you provide to us when you enter into a contract with us, register for our services on the website or via the app, express an interest in receiving information about us or our services, and when you participate in activities or otherwise when you contact us.

Information collected from other sources

We may also collect data from various insurance companies, veterinary clinics, veterinarians and other partners, as well as from public databases, banks, credit reference agencies, marketing partners, social media platforms and other external sources.

3. What personal data is processed?

The personal data we collect depends on the context of your interactions with us and the services, the choices you make and the services and features you use.

The personal data that we collect primarily includes the following:

  • Identification data: Name, date of birth.

  • Contact details: Address, e-mail address, telephone number.

  • Payment information and payment history of insurance customers.

  • IT data: including IP addresses, mobile device IDs, device information and network information.

  • Profile information when logging in from social media: e.g. user name, email address and profile picture.

  • Audio recordings: by recording calls when you call us.

  • Medical record data: Information about you that the vet may have written in the pet's medical record.

  • Name, date of birth, picture, application documents and contact information for job seekers.

4. How do we use your personal data?

We need to process your personal data in order to provide and manage our services to you. We may also process your personal data for marketing purposes, to track and improve the service we provide and to comply with legal obligations.

We use the personal data collected from you for the following purposes:

  • To fulfill and manage agreements. Your data will be used to inform you about the terms and conditions of the contract, to conclude, register and manage the insurance contract, to process the payment of insurance premiums, to settle claims and to establish, exercise or defend legal claims.

  • Contact. We may use your data to answer questions, obtain feedback and contact you about our services. The legal basis is either the performance of a contract or the balancing of interests.

  • To facilitate account creation and the registration process. If you choose to link your account with us to a third-party account (e.g. your Apple, Google or Facebook account), we will use the information you have provided to us from these third parties to facilitate the account creation and sign-up process for the fulfilment of the agreement.

  • To manage the user account. We use your information to manage and keep your account in order in the App.

  • To develop and improve our products and services. We may use your information to develop and improve the security and operation of our IT services, for troubleshooting and for our internal and analytical and reporting purposes. We process correspondence and feedback about our products and services. The data is processed on the basis of our legitimate interest in developing and improving our products, services and systems and for statistical purposes, security and quality work. As a starting point, we consider that this interest outweighs the interest of the data subject in the data not being processed.

  • Marketing and newsletters. We process email addresses in order to send newsletters and carry out direct marketing for our products and services. The data is processed on the basis of our legitimate interest in maintaining a contact list, maintaining business contacts and communicating with business contacts. As a starting point, we consider that these legitimate interests outweigh the data subject's interest in the data not being processed. You can unsubscribe from our newsletter or marketing mailing list at any time by clicking on the unsubscribe link in the emails we send or by contacting us. You will then be removed from the newsletter and/or marketing mailing list - but we may continue to communicate with you, e.g. to send you service-related emails required to manage and use your account, to respond to service requests or for other non-marketing purposes.

  • For financial accounting purposes. Your data may need to be processed by law for e.g. accounting and bookkeeping purposes.

  • To investigate, counteract and prevent fraud, etc. The processing is based on our legitimate interest to counteract fraud, but may also be based on an obligation to process personal data due to laws or regulations, for example to comply with the provisions of money laundering legislation or the general advice and regulations of BaFin.

  • In recruitment procedures. We process personal data that job seekers provide in their application, CV and/or personal letters in connection with recruitment procedures or in the case of unsolicited applications. The basis for the processing is the conclusion or fulfillment of an employment contract with the applicant or that the company has a legitimate interest in doing so. In recruitment procedures, applicants are given the opportunity to consent to the storage of personal data by us for future recruitment purposes.

5. Will your data be shared with third parties?

We only share information with your consent or to comply with the law, to protect your rights or to fulfill contractual obligations with you. We also process personal data for business purposes such as investigating, combating and preventing fraud and for financial accounting. This means that we may need to share your data with third parties. Third parties include, for example, banks, insurance companies, insurance intermediaries, reinsurance companies, loss adjusters, credit reference agencies, service providers, consultants, regulators and other authorities, police and crime prevention organizations. We may also share your information with third party vendors, service providers or agents who provide services to us or on our behalf and need access to this information to do this work, e.g. for payment processing, data analysis, email delivery and other IT services. We have agreements with our data processors that aim to protect your personal data. This means that they cannot do anything with your personal data unless we have instructed them to do so. They will also not share your personal data with organizations other than us. They also undertake to protect the data they hold about you in accordance with our instructions. We do not sell your data to third parties for their marketing purposes.

6. Do we use cookies?

We may use cookies and similar tracking technologies to access or store information. For specific information about how we use such technologies and how you can refuse certain cookies, please see our Cookie Policy. Cookies are small text files that are stored on the visitor's computer and make it possible to track what the visitor does on the website. There are two types of cookies: a permanent cookie, which remains on the visitor's computer for a certain period of time, and session cookies, which are temporarily stored in the computer's memory while a visitor is on a website. Session cookies disappear when you close your browser. Cookies are primarily required to maintain the security and operation of our website and for our internal analysis, marketing and reporting purposes. No identification information such as e-mail or name about visitors is stored by cookies. You can choose not to accept cookies by disabling cookies in your browser's security settings. You can also set your browser so that you receive a question every time the website tries to place a cookie on your computer. Previously stored cookies can also be deleted via the browser. You can find more information about this on the help pages of your browser. If you choose to delete or reject cookies, this may affect certain functions of our website.

7. How long we store your data?

We will only retain your personal data for as long as necessary for the purposes set out in this policy, unless a longer retention period is required or permitted by law. If you cancel your service or account, your data will be deleted. However, in order to fulfill our contractual obligations to you or where required by law, we may need to retain certain information for a period of time after your account or agreement is terminated. For example, to comply with legal obligations in relation to taxation, accounting or to investigate, assert or defend legal claims. Accounting and taxation information must be retained for at least 6 or 10 years under the Commercial Code, depending on the document, and insurance information or information that may relate to claims settlements or legal claims may need to be retained for at least 10 years, taking into account the general statute of limitations. However, some information may be retained for a longer period due to other specific laws to which the company and services are subject, such as the Insurance Contracts Act or regulations on capital adequacy requirements etc. Applications are stored during the recruitment process and thereafter if the applicant has consented to this. If the data subject no longer consents to us processing the personal data for future recruitment purposes, the data will be deleted. However, this data will be retained for a maximum of two years from the end of the recruitment process.

8. How we protect your data?

We have implemented appropriate technical and organizational security measures to protect the security of all personal data we process. We also have specific internal policies and processes in place to address information security issues and to prevent and detect attacks and report personal data breaches.

9. Data transfer to a third country

The processing of personal data mainly takes place within the EU/EEA. Where data is transferred to be processed by a supplier or subcontractor outside the EU/EEA, we will ensure that appropriate safeguards are in place to ensure that your rights under the Data Protection Regulation are protected and that the recipient maintains a level of data protection comparable to that in the EU/EEA.

10. Do we collect information from minors?

We do not knowingly solicit information from or market our Services to children under the age of 18. By using the Services, you represent that you are at least 18 years of age or that you are the parent or legal guardian of such minor and consent to such minor's use of the Service. If we learn that personal information has been collected from users under the age of 18, we will disable the account and take reasonable steps to promptly remove that information from our records. If you become aware of any information we have collected from children under the age of 18, please contact us at

11. What rights do you have?

Under the General Data Protection Regulation, you have certain rights, including the right to (i) request access to and obtain a copy of your personal data, (ii) request rectification or erasure; (iii) restrict the processing of your personal data; and (iv) data portability, where applicable. If the processing is based on a balancing of interests, you also have the right to object to the processing of your personal data. If we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of the processing prior to the withdrawal, nor the processing of your personal data on the basis of lawful processing grounds other than consent.

12. Questions or complaints?

If you have any questions or comments about your rights under this Policy or the General Data Protection Regulation, you can contact us at If you are a resident of Germany, you have the option of contacting a data protection supervisory authority if you believe that we are processing your personal data incorrectly or in breach of the applicable legislation on the protection of personal data. Further information on how to proceed can be found on the website of the data protection supervisory authority responsible for us, the Berlin Commissioner for Data Protection and Freedom of Information: If you are located in another country within the EU/EEA or the UK and believe that we are processing your personal data unlawfully, you also have the right to complain to your local data protection supervisory authority. You can find the contact details here:

13. Contact us

To request to exercise your rights under this policy, such as requesting a registration statement, updating or deleting your personal data, please visit us at: https//

If you have any questions or comments about this policy, you can also contact our Data Protection Officer (DPO), Angelica Holmgren, by e-mail at or by post at Lassie AB, Angelica Holmgren, Surbrunnsgatan 14, 114 27 Stockholm, Sweden.

14. Changes

We reserve the right to revise this privacy policy from time to time. The date of the last change is indicated at the end of the Privacy Policy. If we make major changes to the Privacy Policy, you will be expressly notified.

Date of the last change: 2023-05-23