For what purpose and on what grounds is Veritas processing my personal data?
Veritas manages statutory pension security in accordance with the Employees’ Pensions Act (TyEL) and Self-employed Persons’ Pensions Act (YEL). For the purposes of this duty, we store and process personal data concerning the insured.
Your personal data is processed in the following situations:
- Insuring, insurance management
- Calculation of provisions for unearned premiums and related statutory statistics
The procedures required for us to fulfil our statutory duties are comprehensively defined by law. We do not process your personal data for any reason other than the aforementioned purposes.
What personal data concerning me is processed by Veritas?
In order to fulfil our statutory duties, we process information about you that falls within the following two categories of personal data:
- Basic information and information for identification and communication purposes, and
- Information required for insuring, and the management and determination of insurance contributions.
This information includes:
- Basic information and information for identification purposes: last name, first name, personal ID number or date of birth
- Information required for insuring and insurance management, such as information about the employment relationships of insured employees (employer, salary/wage information, and, in some cases, the starting and ending dates of the obligation to insure), information about pension security included in the insurance policy
Who supplies Veritas with the personal data that is necessary to handle my matters?
For the management of your pension or rehabilitation matters, we regularly receive information from the following sources:
- The employer
- Finnish Centre for Pensions
- Registers of the authorities
- Arek earnings and accrual system and information service
- Other pension institutions and insurance companies
- Our chat service provider.
The aforementioned parties are bound by obligations for confidentiality. They are permitted to disclose to Veritas Pension Insurance only such personal data that is necessary for the handling of your matters and only in accordance with the provisions on confidentiality.
How long does Veritas store my personal data?
Veritas Pension Insurance has a legal obligation to store your personal data for the implementation of earnings-related pension security. With regard to the storage of this data, we comply with the provisions of the statutory pension legislation (TyEL, Section 218, and YEL, Section 160). Your personal data is only stored for the period of time that is determined as being necessary for the management of a pension or rehabilitation case.
The set time periods are as follows:
- For information related to insuring, the management of insurance contributions, and the determination (and collection) of insurance contributions: throughout the validity of the insurance policy plus ten years thereafter
- For the calculation of the provision for unearned TyEL premiums: throughout the lifetime of the TyEL insured person plus six calendar years thereafter
- For appeals: 50 years, unless the data is required to be stored as pension or insurance documents for a longer time.
- Chat service information: One month and seven days
At the end of these set periods, we shall remove your personal data from our data systems.
To whom can Veritas disclose my personal data?
We disclose the necessary personal data only to those parties that have a statutory right to receive data for a purpose specified by law. Such parties include, for example, different authorities. Additionally, for the purpose of processing and storing data, we use the services of subcontractors and we are, by virtue of the law, liable for their activities as strictly as we are for our own.
For the purpose of insuring or insurance management, the following parties are legally entitled to receive personal data:
- Your employer
- Finnish Centre for Pensions
- Tax authorities
- Other pension and insurance institutions
What type of security measures and procedures does Veritas use to protect my personal data?
We always process your personal data carefully and in a manner that protects your privacy. This is ensured through the use of the necessary technical and administrative measures.
Through access rights management, we ensure that your personal data is only accessed and processed by persons who have the authority to do so.
Our personnel are bound by the statutory obligation of confidentiality and every employee has signed a separate confidentiality agreement. Our personnel are trained and instructed on the processing of personal data and the prevention of related risks. Through internal supervision, we ensure that our personnel comply with the principles for processing personal data.
The same provisions relating to secrecy and confidentiality agreements also apply to our subcontracting partners.
With the help of access control and different security systems, your information is safely stored in protected data centres and Veritas’ own premises. We also utilise separate technical data security solutions to ensure that the reliability, integrity, usability/accessibility and fault tolerance of your personal information meets the criteria specified in the data protection legislation.
Is my personal data transferred and processed outside of the EU/EEA area?
Yes. In the course of such transfers, personal data is secured through contractual arrangements in accordance with EU model clauses.
Is my personal data used for making automated decisions or profiling?
No, it is not.
How can I get more information about the processing of my personal data?
If you would like further information about the processing of your personal data at Veritas, please read the ‘Data protection’ section on our website at veritas.fi.
Do I have a right to receive information about personal data concerning me?
You are entitled to get a confirmation about whether personal data concerning you is being processed by Veritas.
If we are processing your personal data, you are entitled to get a copy of this processed information.
Please submit your information request through our website at veritas.fi. An information request requires strong authentication.
We will send the requested information to you no later than one month from the date on which we receive your request. This time limit can be extended to a maximum of two months in certain situations. If the time limit is extended, we will notify you thereof within one month after receiving your request.
How can I complete or correct my personal data?
If the personal data that we send to you is deficient, incorrect or erroneous, you are entitled to request that your information be completed or corrected. This also concerns outdated information. We ask that you submit your completion or correction request to Veritas through our website.
Do I have a right to have my personal data removed?
The right to require the removal or deletion of personal data, as intended by the data protection legislation, does not apply to data processed within Veritas’ statutory pension insurance activities, nor to situations in which the data is necessary for the purpose of drafting, issuing or defending a legal claim. Personal data pertaining to pension insurance cannot, therefore, be removed, even on the basis of a demand, during the period of time when the data is necessary for the management of the statutory pension insurance.
However, your personal data will be removed, without any separate request, after the prescribed period of storage has ended.
Can I refuse or restrict the processing of my personal data?
As our activities involve the implementation of statutory pension security, we are obligated to process your personal data and, thus, you cannot refuse or restrict this processing, unless there are clear grounds for such restrictions.
Can I demand the transfer of my personal data to another system?
The right to require the transfer of personal data to another system, as intended by the data protection legislation, does not apply to statutory pension insurance activities and, thus, the transfer of personal data is not possible.
To whom can I lodge a complaint about the processing of my personal data?
In case we refuse to take measures as requested by you, we inform you without undue delay of the legally justifiable reason for our refusal and no later than one month from the date on which we received your request.
If you have received a negative response to your request from Veritas, you can submit the matter for review by the Data Protection Agency. The contact information for the Data Protection Agency is provided in our response. You can appeal the decision of the Data Protection Agency to the Administrative Court in accordance with the Administrative Judicial Procedure Act (Hallintolainkäyttölaki 586/1996). The decision of the Data Protection Agency contains appeal instructions that guide you through the process of appeal to the Administrative Court.
How can I contact Veritas?
With regard to personal data requests, please contact us primarily through our website at veritas.fi.
You can also contact Veritas by phone, mail or via a protected e-mail service.
What is the legal basis for this document?
This document is based on the requirements of the EU General Data Protection Regulation.