Privacy statement of Ilmarinen's marketing register

According to the European Union’s General Data Protection Regulation (GDPR) 679/2016, articles 12–14.

1. Name of personal data register

Ilmarinen’s marketing register

2. Controller

Ilmarinen Mutual Pension Insurance Company
Porkkalankatu 1
FI-00180 Ilmarinen

Contact person for matters related to the register:
Data Protection Officer
Anttipekka Murhu
Tel. +358 10 284 2249

3. Forwarding of data subject’s requests

Written requests concerning the rights of the data subject, in accordance with sections 10–15, shall be addressed to:
Personal data matters
Ilmarinen Mutual Pension Insurance Company
Porkkalankatu 1, FI-00018 ILMARINEN

4. Grounds for processing of personal data

The grounds for processing potential customers’ personal data in Ilmarinen’s marketing register are legitimate interest referred to in the General Data Protection Regulation, contract and consent given by the data subject.

5. Purposes

The personal data in Ilmarinen’s customer register is processed for the following purposes:

  • Marketing, direct marketing and implementation and monitoring of
    marketing campaigns of Ilmarinen and Ilmarinen’s partners
  • Opinion polls and marketing surveys and the implementation of
    personalised mailing comparable to these

Ilmarinen records calls in order to substantiate service transactions, develop customer services, fulfil rights and obligations and ensure security.

6. Categories of personal data

Personal data of potential customers and current client companies’ employees are saved in Ilmarinen’s marketing register, such as:

  • Name of data subject
  • Title or profession
  • Age
  • Gender
  • Native language
  • Identifier linked to the data subject
  • Contact details: postal address, telephone number and email address
  • Data describing the data subject’s task and position in business or public office
  • Data collected while using the services and on the online services

In order to implement the direct marketing consent and prohibition obligations, marketing consent and prohibitions given by the data subject are also processed in the marketing register.

7. Use of cookies

The cookies used in Ilmarinen’s online service and any other internet
identifiers enable the implementation of the online services and improve the security and user-friendliness of the services.

Based on the data collected in the online service, Ilmarinen can analyse and develop its services, knowing what information contents interest users and how the online service is used. The data can also be used for the targeting of Ilmarinen’s and its marketing partners’ communications and marketing as well as for optimising marketing measures.

The online service user can give his/her consent or refuse the use of cookies in his/her browser settings or use a service designed for the purpose. If cookies are disabled, some of the services on Ilmarinen’s website may not be available.

Read more about Ilmarinen's cookie policy

8. Regular data sources

The data of Ilmarinen’s customers and their contact persons are received from Ilmarinen’s customer register and investment operations register. Data used in marketing is also acquired from the data subject him-/herself and by collecting data through service and marketing events and in connection with the use of the services. Personal data can also be acquired from external data sources, such as the business information system maintained by the Finnish Patent and Registration office.

9. Disclosures and transfers

Ilmarinen only discloses personal data in accordance with the right to be
informed based on legislation and in accordance with disclosure rights and obligations. In special cases, personal data can be disclosed also with the consent of the data subject.

Personal data can be transferred to Ilmarinen’s service providers acting on behalf of Ilmarinen. The processing of the personal data of the processors operating on behalf of Ilmarinen is always based on order contracts and instructions, which specify the parties’ rights and obligations in the processing and protection of personal data.

Ilmarinen primarily processes personal data in Finland, the EU/EEA area or in other countries approved by the EU Commission as having a sufficient level of data protection. To ensure a sufficient level of data protection in other countries, the standard contractual clauses approved by the European Commission are used. When personal data is transferred to the United States, the transfers may also be based on the EU-U.S. Data Privacy Framework.

10. Right of access

A data subject is entitled to access the data that has been recorded in
Ilmarinen’s marketing register on him/her.

The data subject must present in the request for access his/her name and
personal identity code so that the data can be found. The response to the
request for access will be delivered to the data subject’s verified address.

11. Right to data portability

The data subject is entitled to receive as a file the personal data processed by the information systems that applies to him/her, which he/she has supplied to the controller and whose processing is based on the data subject’s consent or a contract with the data subject. The data subject may also request that the controller transfer the data in question to another controller, if this is technically possible.

12. Right to rectification

The data subject is entitled to require that inaccurate personal data be rectified. The changes in personal data will primarily be made in connection with use of the service following authentication.

The request must contain the name and identity number of the data subject, a specific and justified request for rectification and an explanation of how the information should be rectified.

13. Right to object

The data subject is entitled to object to the processing of personal data that applies to him/her when the processing is based on a general or legitimate interest, such as direct marketing.

The data subject is entitled to object to the use of his/her personal data for marketing at any time. To do this, the data subject must inform Ilmarinen of a marketing ban or withdraw his/her consent.

14. Right to restriction of processing

The data subject can request that Ilmarinen restrict the processing of his/her personal data when:

  • The accuracy of the personal data is contested by the data subject.
    However, there is no right of restriction on the part of Ilmarinen’s statutory operations if the request for restriction is manifestly unfounded.
  • The processing is verifiably and justifiably unlawful and the data subject opposes the erasure of the personal data.
  • When Ilmarinen expresses that it no longer requires the personal data
    that has been requested to be restricted for the purposes of the
    processing as specified in the privacy statement, but the data subject
    requires them for the establishment, exercise or defence of legal claims.
  • The data subject has objected to the processing of the personal data,
    pending the verification whether the legitimate grounds of the controller override those of the data subject.

The request must contain the name and identity number of the data subject and a specific and justified request for restriction.

15. Retention periods and data erasure rights

Ilmarinen retains personal data for as long as any one of the processing grounds presented in section 4 of this privacy statement is valid and the personal data is necessary for its processing purposes. Telephone recordings are retained for 6-12 months. Once the retention period of personal data has expired or the data subject objects to the processing of personal data based on a legitimate interest and there are no other grounds for processing the data, the data will be erased.

16. Right to appeal to a supervisory authority

The data subject is entitled to bring the matter before the Data Protection
Ombudsman, if the data subject considers that the processing of the personal data that apply to him/her breach the relevant legislation.

17. Principles of register protection

At Ilmarinen, information security and the protection of personal data are an integral part of the information systems’ functionality and data architecture. Requirements for the information systems’ security and the integrity, confidentiality, availability and continuity of the data processing are always established beforehand when the systems are designed. Ilmarinen processes all personal data securely and pursuant to legislation and develops and inspects information security systematically.

Privacy statement of Ilmarinen’s marketing register updated 18 December 2023.