Data protection at Elo
Elo’s task is to manage the statutory pension security of employees and entrepreneurs in accordance with the Employees Pensions Act (TyEL) and the Self-Employed Persons’ Pensions Act (YEL), and, for this purpose, manage the accrued funds profitably, safely and responsibly. In order to carry out this task, we need to process personal data.
Elo ensures the protection of its customers’ privacy and processes their personal data in accordance with the currently valid legislation, including pension legislation, the EU General Data Protection Regulation (hereinafter GDPR), the national data protection legislation and legislation governing the insurance industry and credit institutions as well as provisions concerning investment funds.
Why does Elo process personal data?
Elo collects and processes data for the purposes of performing its designated tasks. Our field and activities are defined within the relevant legislation. Our tasks include the provision of statutory pension security for employees and entrepreneurs and the management of the funds accrued for this purpose.
All self-employed persons are obligated to take YEL insurance in accordance with the Self-employed Persons’ Pensions Act, which serves as the foundation for the pension and social security of self-employed persons. The insurance is required by law. In order to manage the insurance matters of self-employed persons, Elo must process information related to its self-employed customers and their companies. Some of this information is personal data concerning the self-employed individuals.
Elo manages the funds accrued for pension security in a manner that ensures the benefits inherent to the insurances. As part of our investment activities, Elo provides its customer companies with financing solutions and opportunities to lease premises in real properties owned and managed by Elo. Elo outsources its leasing and property management activities to external service providers who maintain a register containing information about the lessees and relevant service providers.
Information about loan recipients and pledgers are stored in a loan register to assist in credit management.
Elo offers its customers online services comprised of Elo’s public website (Elo.fi) and Elo’s Online Service that customers can access by logging in.
We utilise data derived from the use of Elo's email and website so that we can offer Elo’s customers interesting information about Elo’s services and topical issues as well as to further market our services to insurance and pension customers. The contact information is also used for the issuing of customer feedback surveys.
The processing of personal data is also necessary for the development of Elo’s own operations, so that we can offer our customers competitive services and ensure the high quality of our customer services. As part of the development of our operations, we use data collected for the management of statutory insurance and compensation matters for the additional purpose of conducting analyses on transaction methods, and of evaluating and reporting on the efficiency of our activities and communications.
We provide automated decisions concerning old-age and partial early old-age pensions and YEL insurance. Upon receiving an automated decision, registered individuals have the right to demand a manual reprocessing of their application. As a means of ensuring quality, Elo may utilise profiling to support the making of pension disability decisions. The profiling is based on the data concerning the matter being processed and statistics on relevant decisions. Profiling is not used as the basis for automated decisions.
Data is collected from our chat and phone services for the purposes of documenting customer service situations and of ensuring the legal protection of the customers. All calls are recorded and stored.
What personal data is processed by Elo?
Elo only collects personal data to the extent that is necessary for the implementation of its designated tasks.
For this purpose, we collect our customers’ name, personal ID and contact information. Through our activities, we also collect, for example, payroll and pension information and information concerning the ownership of our company customers. Health information is processed in connection with the handling of disability and rehabilitation matters. As part of our investment activities, Elo offers its customer companies financing solutions and real estate space. For the purposes of leasing and management of our real estate properties, we process information, such as the name and contact information, of our lessees and relevant service providers. For the purposes of credit management, we also require information about loan recipients and pledgers (credit information).
What are Elo's sources of information?
Elo gets information directly from the registered individuals. Elo may also request personal data from sources from which Elo is entitled by law to request information (e.g., institutions managing statutory social insurance or health care providers).
The employers of the insured provide us with regular payroll and other employment-related information for insurance purposes and compensation decisions. In order to maintain and verify customer contact information, we acquire data from, among others, Posti Group Oy and the Population Information System. As concerns loan customers and policyholders, and the recovery of benefits, Elo also acquires information from credit records
To whom does Elo disclose information?
Information is disclosed if the recipient has a right by virtue of the law to receive information from Elo. These rights concern, for example, institutions managing statutory social insurance, the tax authorities and distraint authorities, who need such information to carry out their own tasks. The employer has the right to receive information about granted pensions, e.g., for the adjustment of the insurance contribution. Elo may also disclose personal data to other countries by virtue of the international law treaties to which Elo is bound and EU legislation, in cases where such actions are necessary for the realisation of pension security. For the management of its support tasks and investment activities in accordance with the valid employment pension legislation, Elo also uses external service providers, which will then process the personal data on behalf of Elo. Payment transactions take place through banks operating in Finland, whereby personal data is transferred to the banks.
Elo primarily uses companies located within the EU/EEA area to implement tasks related to the maintenance and development of its information systems. If Elo uses companies located outside of the EU/EEA area, Elo only discloses personal data that is necessary for the implementation of the aforementioned tasks and the personal data will be adequately protected.
Elo will not, without the consent of the registered individual, disclose information to other external parties. It is possible to withdraw the given consent at any time.
How is my personal data protected?
Acting responsibly is the most important principle of Elo's data security. The objective of data security is to safeguard the reliability, usability and availability of the data processed by Elo and to prevent confidential information from falling into the wrong hands.
Data security is an integral part of the quality of Elo’s operations and services, overall security and the daily processing of data by Elo employees. Our data security policy comprehensively specifies the roles and responsibilities of each Elo employee with regard to the implementation of data security.
We have invested in our processes in order to assess and avoid data protection risks. Elo’s entire personnel is trained in data protection, and we have appointed a Data Protection Officer. We continuously develop our operations with regard to data protection. We also require our service providers to maintain a high level of data protection, and this is part of our standard contractual requirements.
Data security work is coordinated by the Data Security Manager working in IT administration. We ensure the high level of data security through continuous training and data security audits of different systems. baData security is included in the induction of every new Elo employee, and the online course on data security is mandatory for all Elo employees. In addition, we provide the different functions with training geared to their specific tasks.
We closely co-operate with our various IT service providers and data security partners. Elo also cooperates with various authorities as a company critical to emergency supply.
Where do I find information about the processing of my personal data?
Information about the processing of data at Elo is available from these pages. Any enquiries about our data protection can be sent by email to Elo’s Data Protection Officer at firstname.lastname@example.org.
In accordance with data protection legislation, you have the right of access to any personal data concerning you that Elo has recorded and stored. You have a right, among other things, to know what personal information Elo has about you. If you wish to exercise your right of access, you can contact our Data Protection Officer. Please note that you will be required to identify yourself prior to gaining access to your personal data. If you feel that any information Elo has concerning you is incorrect, you can demand that the information be rectified.
When Elo is processing information for the purpose of managing statutory pension security, the related rights are limited by legislation. In other words, the legislation limits the right to have personal data removed or transferred to another system or to object to the processing of information.