For what purpose and on what grounds is Veritas processing my personal data?
Veritas manages statutory pension security in accordance with the Employees’ Pensions Act (TyEL). For the purpose of this task, we store and process the contact information of the persons responsible for your company’s TyEL insurance matters as well as other basic information that is necessary for communications.
Your personal data is processed in the following situations:
- TyEL insurance matters
- Co-operation regarding well-being at work
- Direct marketing or similar means of communication.
The procedures required in order for us to fulfil our statutory duties are comprehensively defined by law. We do not process your personal data for any reason other than the aforementioned purposes.
What personal data concerning me is processed by Veritas?
In order to fulfil our statutory duties, we process information about you that falls within the following category of personal data:
- Basic information and information for identification and communication purposes, and contact information for the use of online services.
This information includes:
- Basic information and information for identification purposes: name, job title, role, address, phone number, telefax number, e-mail address, language for contacts
- Online service user’s first and last names, personal ID number, e-mail address, phone number, service access rights.
Who supplies Veritas with the personal data that is necessary to handle my matters?
In order to manage the insurance matters of your company, we regularly receive personal data from:
- Notifications of TyEL policyholders
- Online service agreements
- Commercial providers of contact information services
- Our chat service provider.
In addition, we occasionally get personal data from the following sources:
- Other pension institutions and insurance companies
- Trade register.
The aforementioned parties are bound by obligations for confidentiality. They are permitted to disclose to Veritas only such personal data that is necessary for the handling of your matters and only in accordance with the provisions on confidentiality.
How long does Veritas store my personal data?
Veritas Pension Insurance has a legal obligation to store your personal data for the purpose of the implementation of earnings-related pension security. With regard to the storage of this data, we comply with the provisions of the statutory pension legislation (TyEL, Section 218, and YEL, Section 160).
Your personal data is only stored for the period of time that is determined as being necessary for the management of an insurance matter. At the end of the set period, we shall remove your personal data from Veritas’ data systems.
The set time periods are as follows:
- For the information related to insuring, the management of insurance contributions, and the determination and collection of insurance contributions: throughout the validity of the insurance policy plus ten years thereafter
- For the calculation of the provision of unearned TyEL premiums: throughout the lifetime of the TyEL insured person plus six calendar years thereafter
- Chat service information: One month and seven days
To whom can Veritas disclose my personal data?
We disclose the necessary personal data only to those parties that have a statutory right to receive data for a purpose specified by law. Such parties include, for example, different authorities. Additionally, for the purpose of processing and storing data, we use the services of subcontractors and we are, by virtue of the law, liable for their activities as strictly as we are for our own.
For the purpose of insuring or insurance management, the following parties are legally entitled to receive personal data:
- Finnish Centre for Pensions
- Tax authorities
- Other pension and insurance institutions
What type of security measures and procedures does Veritas use to protect my personal data?
We always process your personal data carefully and in a manner that protects your privacy. This is ensured through the use of the necessary technical and administrative measures.
Through access rights management, we ensure that your personal data is only accessed and processed by persons who have the authority to do so.
Our personnel are bound by the statutory obligation of confidentiality and every employee has signed a separate confidentiality agreement. Our personnel are trained and instructed on the processing of personal data and the prevention of related risks. Through internal supervision, we ensure that our personnel comply with the principles for processing personal data.
The same provisions relating to secrecy and confidentiality agreements also apply to our subcontracting partners.
With the help of access control and different security systems, your information is safely stored in protected data centres and Veritas’ own premises. We also utilise separate technical data security solutions to ensure that the reliability, integrity, usability/accessibility and fault tolerance of your personal information meets the criteria specified in the data protection legislation.
Is my personal data transferred and processed outside of the EU/EEA area?
Yes. In the course of such transfers, personal data is secured through contractual arrangements that comply with EU model clauses.
Is my personal data used for making automated decisions or profiling?
No, it is not.
How can I get more information about the processing of my personal data?
If you would like further information about the processing of your personal data at Veritas, please read the ‘Data protection’ section on our website at veritas.fi.
Do I have a right to receive information about personal data concerning me?
You are entitled to get a confirmation about whether personal data concerning you is being processed by Veritas.
If we are processing your personal data, you are entitled to get a copy of this processed information.
Please submit your information request through our website at veritas.fi. An information request requires strong authentication.
We will send the requested information to you no later than one month from the date on which we receive your request. This time limit can be extended to a maximum of two months in certain situations. If the time limit is extended, we will notify you thereof within one month after receiving your request.
Can I refuse direct marketing?
Yes. You have the right to refuse direct marketing if your personal data is being processed for the purposes of direct marketing.
How can I complete or correct my personal data?
If the personal data that we send to you is deficient, incorrect or erroneous, you are entitled to request that your information be completed or corrected. This also concerns outdated information. We ask that you submit your completion or correction request to Veritas through our website.
Do I have a right to have my personal data removed?
The right to require the removal or deletion of personal data, as intended by the data protection legislation, does not apply to data processed within Veritas’ statutory pension insurance activities, nor to situations in which the data is necessary for the purpose of drafting, issuing or defending a legal claim. Personal data pertaining to pension insurance cannot, therefore, be removed, even on the basis of a demand, during the period of time when the data is necessary for the management of the statutory pension insurance.
However, your personal data will be removed, without any separate request, after the prescribed period of storage has ended.
Can I refuse or restrict the processing of my personal data?
As our activities involve the implementation of statutory pension security, we are obligated to process your personal data and, thus, you cannot refuse or restrict this processing, unless there are clear grounds for such restrictions.
Can I demand the transfer of my personal data to another system?
The right to require the transfer of personal data to another system, as intended by the data protection legislation, does not apply to statutory pension insurance activities and, thus, the transfer of personal data is not possible.
To whom can I lodge a complaint about the processing of my personal data?
In case we refuse to take measures as requested by you, we inform you of the legally justifiable reason for our refusal without undue delay and no later than one month from the date on which we received your request.
If you have received a negative response to your request from Veritas, you can submit the matter for review by the Data Protection Agency. The contact information for the Data Protection Agency is provided in our response. You can appeal the decision of the Data Protection Agency to the Administrative Court in accordance with the Administrative Judicial Procedure Act (Hallintolainkäyttölaki 586/1996). The decision of the Data Protection Agency contains appeal instructions that guide you through the process of appeal to the Administrative Court.
How can I contact Veritas?
With regard to personal data requests, please contact us primarily through our website at veritas.fi.
You can also contact Veritas by phone, mail or via a protected e-mail service.
What is the legal basis for this document?
This document is based on the requirements of the EU General Data Protection Regulation.