Our Data Protection Policy is based on your right to privacy
The Finnish Motor Insurers' Centre, the Finnish Patient Insurance Centre, the Finnish Environmental Insurance Centre and the Finnish Pharmaceutical Insurance Pool together form the Insurance Centre Group. In addition to some shared functions, the Insurance Centre Group has shared values and a data protection policy.
Protecting personal data is a priority for the Insurance Centre Group. The term "personal data" refers to all data that can be used to uniquely identify a person directly or by connecting different data together. Like other operators in the insurance sector, we have many statutory tasks that require the collection and use of personal data. Protection of data and privacy are accentuated in all our operations.
Our personal data files, processes, guidelines and personal data processing agreements are in compliance with the requirements of the General Data Protection Regulation. We have provided training for our personnel on data protection regulation, and we have appointed a person responsible for data protection-related matters in all our operations.
We aim to maximise the transparency of our operations. Below, you can read about our data protection practices.
What personal data do we collect and for what purpose
The personal data to be collected depends on the type of customer relationship you have. The collected personal data may include the following:
- Name and social security number
- Contact information
- Various information related to the management of the customer relationship
- Information related to fulfilling statutory obligations
- Information related to the use of products or services
- Sensitive information, for example, concerning health or legal processes
The primary purpose for collecting and processing your personal data is to perform statutory tasks related to the management of insurance policies and compensations. Personal data can also be processed in connection with other tasks required by law or official regulations, such as actuarial or statistics operations and traffic safety. In addition to these, personal data may be used in product and service development, promotion of data security, marketing and other necessary customer relationship management tasks, and the prevention of abuse.
Personal data is only used for predefined purposes or purposes that are compatible with these. We always ensure that a legally valid reason exists for processing personal data. Usually, the need to process personal data is based on binding legislation or agreement such as an insurance policy.
How do we process your personal data
We collect and process personal data in accordance with data protection legislation, guidelines provided by data protection authorities, and the good information management and processing practices applied in the financial sector.
Appropriate, secure and careful processing of personal data ensures that no unauthorised use of personal data takes place and that your privacy is not put to risk under any circumstances. Personal data is protected using the appropriate technical and organisational means.
Personal data is only processed by employees who need them for performing their work duties. These employees are bound by an obligation of professional secrecy. The regularly provide training for our personnel and monitor the use of systems that contain personal data. All processing of personal data is strictly confidential, follows good information processing practices and is limited to what is necessary considering the purpose of the personal data.
We only retain personal data as long as it is needed for the purposes mentioned in the privacy statement, or required by legislation or an agreement. We strive to maintain the correctness and currency of the personal data by removing and rendering anonymous any personal data that is no longer necessary, and by updating outdated data.
Personal data is not disclosed to other parties without the consent of the customer, or a legal obligation. In the case of any transfers to third countries outside the EU/ETA we manage the adequate level of personal data protection as required by legislation.
If subcontractors are used for processing personal data, we carry the responsibility for the actions of the subcontractors. All service providers that process personal data on our behalf are carefully selected, and the highest possible level of data protection is required from them. Agreements are signed with any subcontractors to commit them to act in compliance with data protection legislation.
Your rights with regard to the processing of personal data
According to the General Data Protection Regulation of the EU, you have the right to receive open and transparent information on the processing of your personal data, gain access to your data saved in our personal data file, demand that incorrect information is rectified, and to forbid unnecessary processing of the data. Please note that when personal data is processed based on a statutory obligation of the Insurance Centre, some of these rights may be limited.
To exercise the rights that are described below in more detail, contact us as described under Contact information. We will respond to your requests within one month of receiving the request.
The right to access and rectify information
You have the right to know whether we process your personal data. If your personal data are being processed, you have the right to get a copy of the data.
You have the right to request the rectification of any incorrect personal data as well as the completion of data that is not complete. To exercise these rights, a request may need to be sent to the original source of the data. For example, rectification of errors found in medical records or statements need to be requested directly from the place where treatment has taken place.
The right to restrict processing and to erase data
In certain situations, you have the right to request that the processing of your personal data is restricted, or that the data is erased. However, the right to request restriction or erasure does not apply to the processing of personal data related to statutory insurance policies, or situations in which the processing of data is necessary to fulfil a statutory obligation. The right to erase data may be exercised for example when withdrawing the consent that the processing has been based on, or when the personal data is no longer needed to fulfil the purpose for which it has been collected.
The right to move the data from one system to another
You have the right to receive the personal data which you have sent to us in a structured and commonly used form, and to transmit it to another controller, if the processing of the personal data is based on consent or agreement. However, this right does not apply to the processing of personal data related to statutory insurance policies, or situations in which the processing of data is necessary to fulfil a statutory obligation.
The right to object to the processing of personal data
You have the right to object to the processing of your personal data insofar as the processing is based on the fulfilment of the rightful benefits of us or a third party, for example, regarding a customer relationship. At any time, you have the right to object to the processing of your personal data for the purposes of direct marketing. You also have the right to object to profiling carried out using your personal data.
The right to file a complaint
If you consider the processing of your personal data to be in conflict with the currently valid legislation, you can file a complaint with the data protection authority. For more information, see https://tietosuoja.fi/en/home
To update contact information related to compensation claims, to request documents and to discuss other similar matters, please contact our compensation service.
If you want to access or rectify your personal data or exercise another of your rights listed above, use the attached form.