Nearly all of the information processed by a pension insurance company constitutes personal data and other confidential information. The basic premise for our operations is that we process this information so that the information is kept secure and confidential. We comply with the legislation concerning personal data, business secrecy and insurance secrecy, and we do not, without consent, divulge information to anyone other than the parties and companies themselves and those entitled to receive such information by law. At Veritas, the information is only processed by those who have a need to do so in their work.

The technical and legislative developments related to data security and information security are rapid and comprehensive. For these reasons, the development work pertaining to data security and information protection at Veritas is continuous.

Our way of operating

In its capacity as a pension insurance company, Veritas is acting as a data controller referred to in the GDPR and Veritas is subject to the obligations stipulated both at the EU level and the national legislation. The GDPR requires us to inform the data subject of the type of personal data we collect and of the manner in which we process such information. We publish privacy policies concerning the processing of personal data on our website. The policies and further information concerning personal data processing is available at veritas.fi/data protection

The principles of data protection and information security adopted by Veritas must be complied with at all stages of personal data processing. Our data security and information security policies are updated and adopted annually by Veritas’ Executive Group.

The Executive Group receives regular reports on the status and development of data security, information security and personal data processing. Any significant changes, new threats or realised risks are reported immediately.

Reporting of data security breaches

Veritas has an internal channel for reporting personal data breaches. Personal data breaches and the ensuing risk level for the data subject concerned are evaluated under the supervision of Veritas’ Data Protection Officer. In the majority of the cases in 2021, the breach was not deemed to have caused any risk pertaining to the rights and freedoms of the data subject, but, rather, the situation involved only a low level of risk. In cases involving a risk and high risk, Veritas has complied with the procedure stipulated under the GDPR.

In 2021, Veritas was requested to provide the personal data as stipulated in the GDPR on four occasions. These requests were responded to within four weeks of the request.