Frequently asked questions on data protection

How does the EU’s new General Data Protection Regulation affect the processing of customer data at Elo?

Among other things, the regulation’s main effect on Elo’s practices is that it requires Elo to provide more detailed information on its data protection practices. In addition, customers will have more extensive opportunities to influence the processing of their own personal data, such as the right to obtain information on the processing and the right to check, rectify and erase their personal data.

Can customers prohibit the processing of their personal data?

Customers cannot prohibit the processing of personal data that is related to the management of pension insurance that is based on legislation. However, customers can prohibit, for example, direct marketing.


Can customers check what personal data Elo has stored on the customer? How can I submit a data request?

Data subjects have the right to obtain confirmation as to whether or not personal data concerning him or her is being processed. If personal data is being processed, the data subject has the right to obtain a copy of the processed data and any necessary information related to the processing.
The requests to check data must be submitted in writing and with a signature to the following address: Tarkastuspyynnöt, Elo Mutual Pension Insurance Company, 00041 ELO. The request to check data must include the customer’s name and personal identification number. Elo will provide a written response to the customer’s address that has been verified from the Population Information System.

Are TyEL and YEL customers required to conclude a separate agreement with Elo concerning the processing of personal data, as required by the General Data Protection Regulation?

No separate agreement is required, because the personal data for a TyEL or YEL insurance is related to an employer’s legal obligation. Elo is the controller of the personal data that it receives for TyEL and YEL insurances. Employers should add to their own privacy statements and data flow descriptions entries concerning data that is disclosed to employment pension companies.


Is a separate agreement on the use of personal data required if the customer company has an agreement with Elo concerning occupational well-being services, in connection with which Elo receives personal data from the customer?

No separate agreement on the processing of personal data is required. In essence, the agreement concerns a responsibility related to statutory pension insurance and the related processing of personal data.


When is an appendix on the processing of personal data required for an agreement with Elo?

In principle, an appendix is required for all agreements under which someone other than the controller processes personal data on behalf of the controller. Typical examples include agreements concluded with Elo’s IT suppliers and companies conducting various customer satisfaction surveys and other studies.

Where can I find further information on how Elo implements data protection?

Further details on data protection can be found on Elo’s website at the following address: www.elo.fi/personal-information