Privacy statement for pension insurance policyholders, partners and service providers
We ensure the protection of our customers’ privacy and process their personal data in accordance with currently applicable legislation. This privacy statement describes in more detail the purposes for which Elo processes personal data related to pension insurance policyholders, partners and service providers.
In order to fulfil our statutory responsibilities, we also process the personal data of insured persons, and applicants and recipients of pensions and rehabilitation benefits. More information about personal data processing in connection with pension insurance and pensions processes can be found here.
Data controller and Data Protection Officer
The data controller for your personal data is Elo Mutual Pension Insurance Company (”Elo”), at Revontulentie 7, 02100 Espoo, p. 020 703 50 (switchboard)
Read more about data protection at Elo or get in contact with our Data Protection Officer:
Tuukka Jousi, firstname.lastname@example.org, p. 020 703 50 (switchboard).
For what purposes do we process your personal data?
Pension insurance policyholders
Elo processes the contact details of pension insurance policyholders for customer relationship management, communication and for customer service. Personal data can also be processed for insurance debt collection and to prevent misuse. Elo processes information of the responsible persons of insurance policyholders for customer management and for identification and verification of the rights of representation. Personal data is also processed in connection with the use of Elo’s online services and websites, as well as in the development of information systems. More information about the cookies used on our website can be found here.
Information on the contact persons of insurance customers and potential customers is also processed for marketing of pension insurance and in insurance offers. Personal data is also processed in connection with events and invitations, prize draws, questionnaire surveys and newsletters, with the purpose of providing Elo’s customers and other interested persons about Elo’s products, services and events.
The identifiers and other personal data of insurance customer and its beneficial owners can be processed on prevention, detection and investigation of money laundering and terrorism financing, and to determine whether a person is subject to international sanctions of which the data controller complies with.
Service providers and partners
We process information of service providers’ contact persons in order to enable provision of services. In addition, information of service providers’ key persons is processed in identification of the business partner.
The information of persons responsible for the customer relationship at partner organisations are processed for sales and marketing purposes.
What personal data do we process about you?Your personal data is any information that can be linked to you or used to identify you. The data processed in pension insurance and customer relationship management is mainly contact details, basic information of companies and organisations as well as information needed to determine insurance contributions.
Read more about the purposes of processing, personal data categories and legal bases of processing
What are the sources of your personal data?Elo receives personal data of insurance customers primarily directly from the data subject or his or her employer. Information is also obtained from Suomen Asiakastieto Oy, Finnish Tax Administration, State Treasury and Finnish Centre of Pension’s Incomes Register, enforcement authorities and through identification services, as necessary. Information is also collected from the use of the website and online services. We receive information about potential insurance customers from data subjects, Suomen Asiakastieto Oy, our partners and other service providers that provide contact information.
We receive the contact details of service providers and our partners from the company providing the service, our partner company or directly from the data subject.
To whom is your personal data transferred or disclosed?Information is only disclosed to third parties when the recipient has the right, by law, to receive information from Elo, or in exceptional circumstances upon consent of the data subject. Elo may on these grounds disclose information to, for example, police, courts or enforcement authorities.
Self-employed persons’ information is disclosed by the virtue of law, for example, to the joint records of the employment pension sector, social insurance institutions, such as Kela, Finnish Tax Administration, State Treasury and, if necessary, to the EU pension institutions and enforcement authorities in debt enforcement, and credit information controllers.
Elo uses trusted service providers to implement tasks related to the maintenance and support of information systems in pension insurance, customer relation management and online services, which process personal data on behalf of Elo. The joint system of employment pension sector, AREK Oy, processes information in the implementation of pension insurance. Payment transactions take place through banks operating in Finland, whereby personal data is transferred to the banks.
Will your data be transferred outside Europe?Elo primarily uses companies located within European Union and European Economic Area as service providers and to implement tasks related to the maintenance and development of information systems. If personal data is transferred outside Europe to a third country, the measures required by the General Data Protection Regulation will be complied with, such as EU standard contractual clauses and appropriate safeguards, such as pseudonymisation.
How long do we retain your data?We retain your personal data only as long as necessary to fulfil the purposes set out in this privacy statement or in accordance statutory retention periods, after which the data will be deleted.
The necessary documents to manage insurance and to determine insurance contributions are retained for ten years after the end of the contract to fulfil our legal obligations in accordance with the Employee Pensions Act. Documents generated in pension counselling are kept for ten years, and customer satisfaction surveys and recordings are kept for one year.
The information of service providers’ contact persons is kept in accordance with the accounting law for six years from the end of the contract.
What are your rights as a data subject?
You have the rights provided by data protection law to the personal data processed at Elo.
• Right to access data: You have the right to know what information Elo is processing about you. You also have the right to receive a copy of the data that is being processed as well as the necessary information related to the data processing.
• Right to rectify information: You have the right to have inaccurate, outdated, or incomplete information about yourself rectified or supplemented.
• Right to deletion of data: You have the right to request the deletion of information concerning you under certain conditions. Personal data may be deleted, for example, if it is no longer needed for the original processing purposes or if you object to the processing of your personal data for direct marketing. Please note that despite of your request, Elo may have to continue processing your information, for example to comply with legal obligations, when it will not be possible to delete the data.
• Right to restrict processing: In certain situations, you have the right to demand that the processing of your personal data is restricted so that Elo only has the right to retain such personal data. You can for example request that the processing of your information is restricted for the period of the investigation, if you consider that the information about you is inaccurate or the accuracy needs to be further investigated.
• Right to request data to be transferred to another system: If the processing of your personal data is based on consent or contract, you have the right to have your data transferred to another data controller. The right of transfer applies to data that you have provided to Elo yourself and that is stored in an electronic information system. If technically possible, data controller must transfer your information directly to another controller.
• Right to object processing: In certain situations, you have the right to object processing of your personal data if the processing is not based on legal obligation or contract.
• Automated decisions, including profiling: You have the right not to be subject of a decision that is based solely on automated processing, such as profiling, which has legal or other significant effects on you.
If you would like to exercise your rights, please submit an identifiable written request to Elo’s Data Protection Officer via email (email@example.com) or by mailing Elo Mutual Pension Insurance Company, Data Protection Officer, 00041 Elo. Please note that you will need to prove your identity before the request is fulfilled, so please include your up-to-date contact details in the request.
Elo will respond to requests without undue delay, in any case within one month of receipt of the request. The provided information and actions based on the data subjects’ requests are primarily free of charge, unless the requests are manifestly unfounded, unreasonable, or repetitive, in which case Elo may also refuse to fulfil the request on these grounds.
If you suspect that your personal data has been processed in breach of data protection law, you have the right to lodge a complaint with the data protection authority, Office of the Data Protection Ombudsman, P.O. Box 800, 00531 Helsinki or www.tietosuoja.fi.