Data controller contact information
The data controller is Veritas Pensions Insurance Company Ltd. (0141187-2). Our address is PO Box 133, (Lemminkäisenkatu 34), 20101 Turku
For what purpose and on what lawful grounds is Veritas processing your personal data?
Veritas manages statutory pension security in accordance with the Self-employed Persons’ Pensions Act (YEL). For the purposes of this duty, we store and process personal data concerning the insured. Processing is lawful as processing is necessary for compliance with a legal obligation to which the controller is subject.
Your personal data is processed in the following situations:
- YEL insuring, insurance management
- Determination and collection of YEL insurance contributions
- Advice for self-employed persons
- Direct marketing and similar means of communication
- For know your client processes according to special legislation and regulation
The procedures required for us to fulfil our statutory duties are comprehensively defined by law. We do not process your personal data for any purpose other than the aforementioned purposes.
This document is based on the requirements of the EU General Data Protection Regulation.
To whom can Veritas disclose your personal data?
We disclose the necessary personal data only to those parties that have a statutory right to receive data for a purpose stipulated by law. Such parties include, for example, different authorities. Additionally, for the purpose of processing and storage of data, we use the services of subcontractors and we are, by virtue of the law, liable for their activities as strictly as we are for our own.
For the purpose of insuring or insurance management, the following parties are legally entitled to receive your personal data:
- Finnish Centre for Pensions
- Tax authorities
- Other pension and insurance institutions
Is your personal data transferred and processed outside the EU/EEA?
Yes. Transfers outside EU/EEA are carried out using transfer mechanisms described in the GDPR.
For how long and on what grounds does Veritas store your personal data?
Veritas Pension Insurance has a legal obligation to store your personal data for the implementation of earnings-related pension security. With regard to the storage of this data, we comply with the provisions of the statutory pension legislation (TyEL, Section 218, and YEL, Section 160). Your personal data is only stored for the period of time that is determined as being necessary for the management of an insurance matter. At the end of the set period, we shall remove your personal data from Veritas’ data systems.
The set time periods are as follows:
- For the information related to insuring, the management of insurance contributions, and the determination (and collection) of insurance contributions: throughout the validity of the insurance policy plus ten years thereafter
- For appeals: 50 years, unless the data is required to be stored as pension or insurance documents for a longer time.
- Chat service information: One month and seven days
Are you entitled to obtain information about personal data concerning yourself?
You are entitled to get a confirmation about whether personal data concerning you is being processed by Veritas.
If we are processing your personal data, you are entitled to get a copy of this processed information.
Please submit your information request through our website at veritas.fi. An information request requires strong authentication.
We will send the requested information to you no later than one month from the date on which we receive your request. This time limit can be extended to a maximum of two months in certain situations. If the time limit is extended, we will notify you thereof within one month after receiving your request.
How can you complete, correct or remove your personal data?
If the personal data that we send to you is deficient, incorrect or erroneous, you are entitled to request that your information be completed or corrected. This also concerns outdated information. We ask that you submit your completion or correction request to Veritas through our website.
The right to require the removal or deletion of personal data, as intended by the data protection legislation, does not apply to data processed within Veritas’ statutory pension insurance activities, nor to situations in which the data is necessary for the purpose of drafting, issuing or defending a legal claim. Personal data pertaining to pension insurance cannot, therefore, be removed, even on the basis of a demand, during the period of time when the data is necessary for the management of the statutory pension insurance.
However, your personal data will be removed, without any separate request, after the prescribed period of storage has ended.
Can you refuse or restrict the processing of your personal data?
As our activities involve the implementation of statutory pension security, we are obligated to process your personal data and, thus, you cannot refuse or restrict this processing, unless there are clear grounds for such restrictions.
Can you demand the transfer of your personal data to another system?
The right to require the transfer of personal data to another system, as intended by the data protection legislation, does not apply to statutory pension insurance activities and, thus, the transfer of personal data is not possible.
To whom can you lodge a complaint about the processing of your personal data?
In case we refuse to take measures as requested by you, we inform you without undue delay of the legally justifiable reason for our refusal and no later than one month from the date on which we received your request.
If you have received a negative response to your request from Veritas, you can submit the matter for review to the Office of the Data Protection Ombudsman. The contact information to the Office of the Data Protection Ombudsman is provided in our response. You can appeal the decision of the Office of the Data Protection Ombudsman to the Administrative Court in accordance with the Administrative Judicial Procedure Act (Hallintolainkäyttölaki 586/1996). The decision of the Office of the Data Protection Ombudsman contains appeal instructions that guide you through the process of appeal to the Administrative Court.
Is your personal data used for making automated decisions or profiling?
No, it is not.
What personal data does Veritas process?
In order to fulfil our statutory duties, we process information about you that falls within the following category of personal data:
- Basic information and information for identification and communication purposes, and contact information for the use of online services.
This information includes:
- Basic information and information for communication and identification purposes: name, personal ID number, Business ID, contact information (address, postal code, town, country of residence, phone number, e-mail address)
- Contact information for the use of online services
- Information required for the management of an insurance matter, such as role, language for contacts, insurance information of self-employed person, tax information, insurance documents, starting and ending date of insurance policy, initial date of liability, income information, insurance contribution percentage and date of death
- Information related to the determination and collection of insurance contributions, such as banking information for payments, online invoicing information, information about the payer of the insurance contributions, authorisation for management of insurance matters, insurance debiting information, insurance invoicing and debt collection information, insurance contribution accounting.
From where does Veritas obtain the personal data that is necessary for handling your matter?
In order to manage your pension insurance matters, we regularly receive personal data from the following sources:
- Insurance application
- Finnish Centre for Pensions
- Population Information System
- Registers of the authorities
- Arek earnings and accrual system and information service
- Other pension institutions and insurance companies
- Social Insurance Institution of Finland Kela
- Suomen Asiakastieto Oy
- Our chat service provider.
In addition, we occasionally get personal data from the following:
- Finnish Tax Administration
- Trade register.
The aforementioned parties are bound by obligations for confidentiality. They are permitted to disclose to Veritas only such personal data that is necessary for the handling of your matters and only in accordance with the provisions on confidentiality.
What type of security measures does Veritas use to protect your personal data?
We always process your personal data carefully and in a manner that protects your privacy. This is ensured through the use of the necessary technical and administrative measures.
Through access rights management, we ensure that your personal data is only accessed and processed by persons who have the authority to do so.
Our personnel are bound by the statutory obligation of confidentiality and every employee has signed a separate confidentiality agreement. Our personnel are trained and instructed on the processing of personal data and the prevention of related risks. Through internal supervision, we ensure that our personnel comply with the principles for processing personal data.
The same provisions relating to secrecy and confidentiality agreements also apply to our subcontracting partners.
With the help of access control and different security systems, your information is safely stored in protected data centres and Veritas’ own premises. We also utilise separate technical data security solutions to ensure that the reliability, integrity, usability/accessibility and fault tolerance of your personal information meets the criteria specified in the data protection legislation.
Where can you get more information about the processing of your personal data?
If you would like further information about the processing of your personal data at Veritas, please read the ‘Data protection’ section on our website at veritas.fi.
With regard to personal data requests, please contact us primarily through our website at veritas.fi.
You can also contact Veritas by phone, mail or via a protected e-mail service.
Can you refuse direct marketing?
Yes. You have the right to refuse direct marketing if your personal data is being processed for the purposes of direct marketing. You can limit the processing of your personal data for the purpose of direct marketing by opting-out and adding yourselves on the block list. The link to the block list is in the message you received. You can also request that you be added to the block list through our online form.