Privacy statement of Ilmarinen's marketing register

According to the European Union’s General Data Protection Regulation (GDPR) 679/2016, articles 12–14.

1. Name of personal data register

Ilmarinen’s marketing register

2. Controller

Ilmarinen Mutual Pension Insurance Company
Porkkalankatu 1
FI-00180 Ilmarinen

Contact person for matters related to the register:
Data Protection Officer
Anttipekka Murhu
Tel. +358 10 284 2249

3. Forwarding of data subject’s requests

Written requests concerning the rights of the data subject, in accordance with sections 10–15, shall be addressed to:
Personal data matters
Ilmarinen Mutual Pension Insurance Company
Porkkalankatu 1, FI-00018 ILMARINEN

4. Grounds for processing of personal data

The grounds for processing potential customers’ personal data in Ilmarinen’s marketing register are the legitimate interest referred to in the General Data Protection Regulation, the agreement and the consent given by the data subject.

5. Purposes

The purposes of use of Ilmarinen’s marketing register are:

  • Marketing, direct marketing and implementation and monitoring of
    marketing campaigns of Ilmarinen and Ilmarinen’s partners
  • Opinion polls and marketing surveys and the implementation of
    personalised mailing comparable to these

6. Information content

Personal data of potential customers and current client companies’ employees are saved in Ilmarinen’s marketing register, such as:

  • Name of data subject
  • Title or profession
  • Age
  • Gender
  • Native language
  • Identifier linked to the data subject
  • Contact details: postal address, telephone number and email address
  • Data describing the data subject’s task and position in business or public office
  • Data collected while using the services and on the online services

In order to implement the direct marketing consent and prohibition obligations, marketing consent and prohibitions given by the data subject are also processed in the marketing register.

7. Use of cookies

The cookies used in Ilmarinen’s online service and any other internet
identifiers enable the implementation of the online service and improve the
security and user-friendliness of the services.

Based on the data collected in the online service, Ilmarinen can analyse and develop its services, knowing what information contents interest users and how the online service is used. The data can also be used for Ilmarinen’s and its marketing partners’ communications, targeting of marketing and for optimising marketing measures.

The online service user can giver his/her consent or refuse the use of cookies in his/her browser settings or use a service designed for the purpose. If cookies are disabled, some of the services on Ilmarinen’s website may not be available.

8. Regular data sources

The data of Ilmarinen’s customers and their contact persons are received from Ilmarinen’s customer register and investment operations register. Data used in marketing is also acquired from the data subject him-/herself and by collecting data through service and marketing events and in connection with the use of the services. Personal data can also be acquired from external data sources.

9. Disclosures and transfers

Ilmarinen only discloses personal data in accordance with the right to be
informed based on legislation and in accordance with disclosure rights and
obligations. In special cases, personal data can be disclosed also with the
consent of the data subject.

The processing of the personal data of people operating on behalf of
Ilmarinen is always based on order contracts and instructions, which specify the parties’ rights and obligations in the processing and protection of personal data.

Ilmarinen primarily processes personal data in Finland, the EU/EEA area or in other countries approved by the EU Commission as having a sufficient level of data protection. To ensure a sufficient level of data protection, the standard contractual clauses approved by the European Commission are used or, for the USA, the Privacy Shield procedure.

10. Right of access

A data subject is entitled to access the data that has been recorded in
Ilmarinen’s marketing register on him/her.

The data subject must present in the request for access his/her name and
personal identity code so that the data can be found. The response to the
request for access will be delivered to the data subject’s verified address.

11. Right to data portability

The data subject is entitled to receive as a file the personal data processed by the information systems that applies to him/her, which he/she has supplied to the controller and whose processing is based on the data subject’s consent or an agreement with the data subject. The data subject may also request that the controller transfer the data in question to another controller, if this is technically possible.

12. Right to rectification

The data subject is entitled to require that inaccurate personal data be rectified. The changes in personal data will primarily be made in connection with use of the service following authentication.

The request must contain the name and identity number, specific and justified request for rectification and an explanation of how the information should be rectified.

13. Right to object

The data subject is entitled to object to the processing of personal data that applies to him/her when the processing is based on a general or legitimate interest, such as direct marketing.

The data subject is entitled to object to the use of his/her personal data for
marketing at any time. To do this, the data subject must inform Ilmarinen of a marketing ban or withdraw his/her consent.

14. Right to restriction of processing

The data subject can request that Ilmarinen restrict the processing of his/her personal data when:

  • The accuracy of the personal data is contested by the data subject.
    However, there is no right of restriction on the part of Ilmarinen’s statutory operations if the request for restriction is manifestly unfounded.
  • The processing is verifiably and justifiably unlawful and the data subject
    opposes the erasure of the personal data.
  • When Ilmarinen expresses that it no longer requires the personal data
    that has been requested to be restricted for the purposes of the
    processing as specified in the privacy statement, but the data subject
    requires them for the establishment, exercise or defence of legal claims.
  • The data subject has objected to the processing of the personal data,
    pending the verification whether the legitimate grounds of the controller
    override those of the data subject.

The request must contain the name and identity number, specific and justified request for restriction.

15. Retention periods and data erasure rights

Ilmarinen retains personal data in operations based on its statutory obligation. The retention periods are determined in accordance with earnings-related pension legislation or other applicable legislation.

In non-statutory operations, Ilmarinen must retain personal data for as long as any one of the processing grounds presented in section 4 of this privacy
statement is valid and the personal data is necessary for its purposes.

Personal data shall also be erased, if necessary, when the data subject
objects to the processing of personal data based on a legitimate or general
interest, and there are no other grounds for the processing.

16. Right to appeal to a supervisory authority

The data subject is entitled to bring the matter before the Data Protection
Ombudsman, if the data subject considers that the processing of the personal data that apply to him/her breach the relevant legislation.

17. Principles of register protection

At Ilmarinen, information security and the protection of personal data are an integral part of the information systems’ functionality and data architecture. Requirements for the information systems’ security and the integrity, confidentiality, availability and continuity of the data processing are always established beforehand when the systems are designed. Ilmarinen processes all personal data securely and pursuant to legislation and develops and inspects information security systematically.


Privacy statement of Ilmarinen’s marketing register 25 May 2018