Jump to content

Data protection at Elo

Elo’s task is to manage the statutory pension security of employees and entrepreneurs in accordance with the Employees Pensions Act (TyEL) and the Self-Employed Persons’ Pensions Act (YEL), and, for this purpose, manage the accrued funds profitably, safely and responsibly. In order to carry out this task, we need to process personal data.

Elo ensures the protection of its customers’ privacy and processes their personal data in accordance with the currently valid legislation, including pension legislation, the EU General Data Protection Regulation (hereinafter GDPR), the national data protection legislation and legislation governing the insurance industry and credit institutions as well as provisions concerning investment funds.

Why does Elo process personal data?

Elo collects and processes data for the purposes of performing its designated tasks. Our field and activities are defined within the relevant legislation. Our tasks include the provision of statutory pension security for employees and entrepreneurs and the management of the funds accrued for this purpose.

What personal data is processed by Elo?

Elo only collects personal data to the extent that is necessary for the implementation of its designated tasks.

For this purpose, we collect our customers’ name, personal ID and contact information. Through our activities, we also collect, for example, payroll and pension information and information concerning the ownership of our company customers. Health information is processed in connection with the handling of disability and rehabilitation matters. As part of our investment activities, Elo offers its customer companies financing solutions and real estate space. For the purposes of leasing and management of our real estate properties, we process information, such as the name and contact information, of our lessees and relevant service providers. For the purposes of credit management, we also require information about loan recipients and pledgers (credit information).

More detailed information about the personal data processed by Elo is available from our privacy policy statements 

What are Elo's sources of information?

Elo gets information directly from the registered individuals. Elo may also request personal data from sources from which Elo is entitled by law to request information (e.g., institutions managing statutory social insurance or health care providers).

The employers of the insured provide us with regular payroll and other employment-related information for insurance purposes and compensation decisions. In order to maintain and verify customer contact information, we acquire data from, among others, Posti Group Oy and the Population Information System. As concerns loan customers and policyholders, and the recovery of benefits, Elo also acquires information from credit records

To whom does Elo disclose information?

Elo may only disclose personal data upon the consent of the registered individual and in cases in which the recipient has the right, by law, to receive such information from Elo. 

How is my personal data protected?

Acting responsibly is the most important principle of Elo's data security. The objective of data security is to safeguard the reliability, usability and availability of the data processed by Elo and to prevent confidential information from falling into the wrong hands.

Where do I find information about the processing of my personal data?

Information about the processing of data at Elo is available from these pages. Any enquiries about our data protection can be sent by email to Elo’s Data Protection Officer at tietosuoja@elo.fi.

In accordance with data protection legislation, you have the right of access to any personal data concerning you that Elo has recorded and stored. You have a right, among other things, to know what personal information Elo has about you. If you wish to exercise your right of access, you can contact our Data Protection Officer. Please note that you will be required to identify yourself prior to gaining access to your personal data. If you feel that any information Elo has concerning you is incorrect, you can demand that the information be rectified.

When Elo is processing information for the purpose of managing statutory pension security, the related rights are limited by legislation. In other words, the legislation limits the right to have personal data removed or transferred to another system or to object to the processing of information. 

Elo’s document publicity description

In order to implement the publicity principle, Elo Mutual Pension Insurance Company maintains a description of its information pools. This description is called a document publicity description. The aim of the description is to help Elo’s insurance and pension customers when they wish to submit a request for information concerning Elo’s documents.

The document publicity description describes the information pools that Elo processes when performing public administrative tasks or exercising public authority. An information pool means an entity containing datasets that is processed through information systems or manually. The document publicity description is based on the statutes of the Act on Information Management in Public Administration.

Elo registers the information concerning matters being processed, case processing and documentation. This information is in Elo’s operative information systems and on paper, from which it is archived in accordance with regulations. The information related to Elo’s case processing is located in three information pools. These are the information pools for the Self-employed person’s employment pension insurance, Pension processes and Employer’s employment pension insurance.

Elo’s information pools

<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-P23HWQ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>