Data controller contact information
The data controller is Veritas Pensions Insurance Company Ltd. (0141187-2). Our address is PO Box 133, (Olavintie 2), 20101 Turku
For what purpose and on what lawful grounds is Veritas processing your personal data?
Veritas manages statutory pension security in accordance with the Employees’ Pensions Act (TyEL). For the purpose of this task, we store and process the contact information of the persons responsible for your company’s TyEL insurance matters as well as other basic information that is necessary for communications. Processing is lawful as processing is necessary for compliance with a legal obligation to which the controller is subject.
Your personal data is processed in the following situations:
- TyEL insurance matters
- Co-operation regarding well-being at work
- Direct marketing or similar means of communication.
The procedures required in order for us to fulfil our statutory duties are comprehensively defined by law. We do not process your personal data for any reason other than the aforementioned purposes.
This document is based on the requirements of the EU General Data Protection Regulation.
To whom can Veritas disclose your personal data?
We disclose the necessary personal data only to those parties that have a statutory right to receive data for a purpose specified by law. Such parties include, for example, different authorities. Additionally, for the purpose of processing and storing data, we use the services of subcontractors and we are, by virtue of the law, liable for their activities as strictly as we are for our own.
For the purpose of insuring or insurance management, the following parties are legally entitled to receive personal data:
- Finnish Centre for Pensions
- Tax authorities
- Other pension and insurance institutions
Is your personal data transferred and processed outside the EU/EEA?
Yes. Transfers outside EU/EEA are carried out using transfer mechanisms described in the GDPR.
For how long and on what grounds does Veritas store your personal data?
Veritas Pension Insurance has a legal obligation to store your personal data for the purpose of the implementation of earnings-related pension security. With regard to the storage of this data, we comply with the provisions of the statutory pension legislation (TyEL, Section 218, and YEL, Section 160).
Your personal data is only stored for the period of time that is determined as being necessary for the management of an insurance matter. At the end of the set period, we shall remove your personal data from Veritas’ data systems.
The set time periods are as follows:
- For the information related to insuring, the management of insurance contributions, and the determination and collection of insurance contributions: throughout the validity of the insurance policy plus ten years thereafter
- For the calculation of the provision of unearned TyEL premiums: throughout the lifetime of the TyEL insured person plus six calendar years thereafter
- Chat service information: One month and seven days
Are you entitled to obtain information about personal data concerning yourself?
You are entitled to get a confirmation about whether personal data concerning you is being processed by Veritas.
If we are processing your personal data, you are entitled to get a copy of this processed information.
Please submit your information request through our website at veritas.fi. An information request requires strong authentication.
We will send the requested information to you no later than one month from the date on which we receive your request. This time limit can be extended to a maximum of two months in certain situations. If the time limit is extended, we will notify you thereof within one month after receiving your request.
How can you complete, correct or remove your personal data?
If the personal data that we send to you is deficient, incorrect or erroneous, you are entitled to request that your information be completed or corrected. This also concerns outdated information. We ask that you submit your completion or correction request to Veritas through our website.
The right to require the removal or deletion of personal data, as intended by the data protection legislation, does not apply to data processed within Veritas’ statutory pension insurance activities, nor to situations in which the data is necessary for the purpose of drafting, issuing or defending a legal claim. Personal data pertaining to pension insurance cannot, therefore, be removed, even on the basis of a demand, during the period of time when the data is necessary for the management of the statutory pension insurance.
However, your personal data will be removed, without any separate request, after the prescribed period of storage has ended.
Can you refuse or restrict the processing of your personal data?
As our activities involve the implementation of statutory pension security, we are obligated to process your personal data and, thus, you cannot refuse or restrict this processing, unless there are clear grounds for such restrictions.
Can you demand the transfer of your personal data to another system?
The right to require the transfer of personal data to another system, as intended by the data protection legislation, does not apply to statutory pension insurance activities and, thus, the transfer of personal data is not possible.
To whom can you lodge a complaint about the processing of your personal data?
In case we refuse to take measures as requested by you, we inform you of the legally justifiable reason for our refusal without undue delay and no later than one month from the date on which we received your request.
If you have received a negative response to your request from Veritas, you can submit the matter for review to the Office of the Data Protection Ombudsman. The contact information to the Office of the Data Protection Ombudsman is provided in our response. You can appeal the decision of the Office of the Data Protection Ombudsman to the Administrative Court in accordance with the Administrative Judicial Procedure Act (Hallintolainkäyttölaki 586/1996). The decision of the Office of the Data Protection Ombudsman contains appeal instructions that guide you through the process of appeal to the Administrative Court.
Is your personal data used for making automated decisions or profiling?
No, it is not.
What personal data does Veritas process?
In order to fulfil our statutory duties, we process information about you that falls within the following category of personal data:
- Basic information and information for identification and communication purposes, and contact information for the use of online services.
This information includes:
Basic information and information for identification purposes: name, job title, role, address, phone number, telefax number, e-mail address, language for contacts
- Online service user’s first and last names, personal ID number, e-mail address, phone number, service access rights.
- From where does Veritas obtain the personal data that is necessary for handling your matter?
- In order to manage the insurance matters of your company, we regularly receive personal data from:
- Notifications of TyEL policyholders
- Online service agreements
- Commercial providers of contact information services
- Our chat service provider.
In addition, we occasionally get personal data from the following sources:
- Other pension institutions and insurance companies
- Trade register.
The aforementioned parties are bound by obligations for confidentiality. They are permitted to disclose to Veritas only such personal data that is necessary for the handling of your matters and only in accordance with the provisions on confidentiality.
What type of security measures does Veritas use to protect your personal data?
We always process your personal data carefully and in a manner that protects your privacy. This is ensured through the use of the necessary technical and administrative measures.
Through access rights management, we ensure that your personal data is only accessed and processed by persons who have the authority to do so.
Our personnel are bound by the statutory obligation of confidentiality and every employee has signed a separate confidentiality agreement. Our personnel are trained and instructed on the processing of personal data and the prevention of related risks. Through internal supervision, we ensure that our personnel comply with the principles for processing personal data.
The same provisions relating to secrecy and confidentiality agreements also apply to our subcontracting partners.
With the help of access control and different security systems, your information is safely stored in protected data centres and Veritas’ own premises. We also utilise separate technical data security solutions to ensure that the reliability, integrity, usability/accessibility and fault tolerance of your personal information meets the criteria specified in the data protection legislation.
Where can you get more information about the processing of your personal data?
If you would like further information about the processing of your personal data at Veritas, please read the ‘Data protection’ section on our website at veritas.fi.
With regard to personal data requests, please contact us primarily through our website at veritas.fi.
You can also contact Veritas by phone, mail or via a protected e-mail service.
Can you refuse direct marketing?
Yes. You have the right to refuse direct marketing if your personal data is being processed for the purposes of direct marketing.