Name of the Data Processing Register
OmaTurva Oy customer and insurance register.
Data Processing Controller
OmaTurva Oy (OmaTurva): Company identification number 3252490-9.
1. Purpose of personal data processing
Personal data is processed to manage the customer relationship and other comparable relationships as well as for customer service, marketing, opinion and market research, and for the development of continuous product and service development, maintenance and testing of information systems with the aim of improving current products and/or bringing new products and services to customers in a customer-oriented manner.
OmaTurva Oy can record sales calls for customer service authentication and verification purposes and for training purposes to improve customer service. OmaTurva Oy anonymizes the personal data collected and used in this way by all reasonable means.
The customer's identification information and other personal data of the registered person can be used for the prevention, disclosure and investigation of the money laundering and terrorist financing act in accordance with the Act on the Prevention of Money Laundering and the Financing of Terrorism (the 'Money Laundering Act'), as well as for the investigation of money laundering and terrorist financing and the crime by which the property or proceeds of crime that are the subject of money laundering or terrorist financing have been obtained for. Information obtained solely for the prevention and detection of money laundering and terrorist financing will not be used for a purpose that is incompatible with these purposes.
The basis for the processing of personal data is the controller's legitimate interest, which is based on a factual connection between the parties. The information can also be used to comply with statutory obligations. After the end of the customer relationship, OmaTurva Oy may, in accordance with the legislation, transfer the data of the registered person necessary for the implementation of direct marketing to its direct marketing register and continue to process personal data for direct marketing purposes with regard to this data content. The registered person has the right at any time to prohibit the processing of information about him for direct marketing.
2. Personal data groups
OmaTurva Oy collects and processes the personal data of the groups of people mentioned below in its business operations:
- Persons who have or have had a customer relationship or a relationship comparable to it (insured, beneficiary, etc.) with an insurance company with which OmaTurva Oy has or has had an insurance agent agreement
- Persons who, in order to establish a customer relationship, have made an insurance application or offer to an insurance company - with which OmaTurva Oy has or has had an insurance agent agreement - or to whom the insurance company has made an offer to obtain insurance (potential customer)
- Persons belonging to OmaTurva Oy's marketing target groups
- Users of OmaTurva Oy's digital services (for example websites, mobile service, people who participated in webinars) and social media channels (for example Facebook, Twitter, LinkedIn)
- Persons for whom the processing of personal data is related to OmaTurva Oy's statutory obligation
- Contact and responsible persons of OmaTurva Oy's partners
3. Data content of the register
The register contains the following data groups:
- Basic information (such as name, social security number and postal/visiting address);
- Other contact information (such as email address and phone number);
- Information on the payment and return of insurance premiums (such as bank account number and information on the unusual billing address or payer of insurance premiums);
- Customer service control information (such as information about direct marketing, call or customer newsletter blocking by the registered person);
- Contact information (such as correspondence and possible direct marketing campaigns);
- Information on customer-specific benefits;
- The customer's insurance contract information, excluding health information (such as type of insurance, insurance number, insurance start and end dates, insurance status information, beneficiary information, hobby information affecting the insurer's risk);
- Information to be collected for insurance needs mapping
- Billing, payment and collection information;
- Identification information of the customer's compensation processing and information about damages;
- Details of any loans, pledges or guarantees;
- OmaTurva Oy's online service access rights information and online service audit trail information;
- Telephone records information;
- Information required by the Money Laundering Act;
- Other necessary information regarding customer care, customer relationship and service development
4. Regular sources of personal data
Personal data is mainly collected from the data subject himself. For example, we collect the name, social security number, email address and phone number from our new customers so that we can offer the customer the product or service in question. Insurance needs mapping, taxation information and professional and hobby information affecting risk may also be needed to provide services in insurance operations.
We also collect information based on the use of our online services and messages that the customer has sent us through our digital and social media channels, such as feedback or requests. Calls and chat conversations may also be recorded and saved to confirm assignments or for documentation, quality control and development purposes.
Personal data is also collected and updated within the limits of the applicable legislation from publicly available sources, which are related to the implementation of the customer relationship between the controller and the registered person and with which the controller fulfills its obligations related to maintaining customer relationships. Commercial or publicly available data sources from which we can collect personal data are:
- registers maintained by authorities (e.g. population register, tax administration registers, company registers and supervisory authority registers),
- public stock exchange announcements,
- sanctions lists (for example, the national sanctions list maintained by the Central Criminal Police, the list maintained by the EU and the UN and the US Office of Foreign Assets Control (OFAC),
- credit information registers
- commercial information brokers who provide information on, for example, beneficial owners and politically influential persons.
5. Regular recipients of data (transfers)
Personal data can be disclosed to an insurance company with which OmaTurva Oy has or has had an insurance agent agreement, and the customer has or has had a product or service of the insurance company.
Personal data can be transferred outside of OmaTurva if permitted or required by law. Information can be disclosed, for example
- to the authorities (such as the police, the tax administration, the National Pension Institute and enforcement authorities),
- for reinsurance companies
- for companies belonging to the same economic association
Based on the customer's consent or agreement, we also hand over information to our partners that are related to products or services chosen by customers.
Personal data is transferred within the European Union or the European Economic Area outside only on the grounds required by data protection legislation, for example when service providers process personal data on behalf of the controller.
6. Protection of personal data
As principles of personal data protection, OmaTurva Oy follows good data management practices and the duty of care and protection in accordance with data protection legislation. OmaTurva Oy and potential service providers participating in the processing of personal data implement the necessary technical and organizational measures to protect personal data from unauthorized access and accidental or illegal data destruction, alteration, transfer, transfer or other illegal processing.
Only those separately authorized employees of OmaTurva Oy and employees of OmaTurva Oy's partners or insurance agents of partners who are required to process personal data in their work duties or based on the Agent Agreement have access to personal data.
The personal register and the data stored in it are protected, among other things, by limited access rights and passwords, which are only in the possession of persons authorized to use the system in question. Information is stored only as long as is necessary for the purposes of personal data processing. Data deletion times and deletion policies are defined, and outdated and unnecessary personal data is deleted. The data retention period may vary by data group, and OmaTurva Oy may have an obligation to retain some data based on legislation.
7. Rights of the data subject
The registered person has the right to check his/her personal data stored in the register and to request the correction of incorrect data. In certain situations, the registered person also has the right to request the personal data concerning him/her to be rectified, deleted from the register, and to request their transfer to another controller.
The operations of the registrar are subject to statutory obligations to store data, and the registrar or the insurance companies for which OmaTurva Oy acts as an agent may have an obligation to process your personal data, even if you request to limit the processing or delete the data. The confidentiality obligations contained in the special legislation concerning the insurance and financial sector may also limit the use of the registered person's right to access information.
The registrar corrects incorrect, unnecessary, incomplete or out-of-date information on its own initiative or at the justified request of the customer. OmaTurva Oy and its current partners may direct electronic marketing to the data subject, if the data subject has given his consent. The registered person has the right to withdraw their consent at any time.
Providing personal information is a prerequisite for introducing or using insurance services and products. OmaTurva Oy reserves the right to suspend the provision of services and products or prevent access to the services, if the data subject does not provide information relevant to the service or requires their deletion.
OmaTurva Oy always tries to resolve possible disagreements directly with the registered person. However, the registered person has the right to file a case regarding the processing of personal data.
Cookies are small text files that are stored on the visitor's computer or other device when visiting OmaTurva Oy's website and its subpages. The term 'cookie' in this privacy statement also covers other similar technologies and tools that collect and store information on your browser, and in some cases transfer such information to third parties in the same way as cookies.
On OmaTurva's website and the services on its subpages, cookies are used to maintain the user's session after logging in to the online service and to remember the choices made by the user when moving from one page to another. With the help of cookies, we can also identify and, for example, keep statistics on visitors to our site.
9. Principles of personal data protection
To protect the data in the register, technical and organizational protection measures are used, which include e.g. the following:
- With the help of data processing rights management, it is monitored that only authorized persons are allowed to process the data in the register.
- The persons handling the data in the register have a statutory duty of confidentiality and have signed a non-disclosure agreement.
- The register is maintained in an information network that is isolated from the public communication network by means of firewall solutions.
- Confidential information transferred in the public telecommunications network is encrypted by technical means.
- Physical documentation is stored in facilities protected by access control.
- The use of the register is controlled by means of user rights management.
- In the processing of personal data, the rules of conduct regarding the processing of personal data in the financial sector confirmed by Finanssiala ry are followed.
10. Retention period of personal data or criteria for determining the retention period
We keep personal data as long as it is needed to implement the contract and as long as the data retention requirements according to laws and regulations so require. If we store personal data for purposes other than the execution of the contract, such as preventing money laundering, accounting and implementing solvency requirements, we only store data as long as it is necessary from the perspective of the customer, customer relationship management or customer acquisition and/or regulated by law and regulations. Examples of the retention periods we apply:
- We keep the information of potential customers for a maximum of 3 years from the last personal contact or contact.
- We keep the information of an individual offer that does not lead to a contract for 3 years from the customer's application for insurance in our electronic service or from the time the offer is given
- If a person has ordered a newsletter or a printed magazine from us or given marketing permission, the data will be stored as long as the order/permission is valid.
- In insurance contracts, we store personal data for a maximum of 13 years after the end of the last contract or the payment of the last compensation
- We keep information related to knowing the customer for 5 years after the end of the last contract.
- We keep call recordings related to contract management for 10 years.
- We keep data from customer satisfaction surveys for 5 years.
- We keep information related to taxation, accounting and reporting obligations (including obligations arising from international FATCA/CRS agreements) for 6 years after the end of each tax year.
In matters related to data protection, we ask that you primarily contact OmaTurva Oy's customer service at firstname.lastname@example.org