Questions and answers
The EU’s new data protection regulation was transposed into national legislation on 25 May 2018, as of which the current national Personal Data Act will cease to be in effect. The objective is to create, for the first time, a harmonised set of rules on the processing of personal data covering all EU countries. The rules lay down the rights we all have regarding our personal data and the responsibilities that collecting and processing it entail. Ilmarinen has processed personal data responsibly already before the EU’s new data protection regulation. The EU’s new data protection regulation will change some aspects of personal data processing at Ilmarinen.
How will the EU's new data protection regulation and the changes it brings impact customers?
The changes brought about by the new data protection regulation mean that our customers can rely on Ilmarinen to take into account the new requirements in our operations and process their data responsibly, confidentially and in accordance with the EU's data protection regulation. Customers can see the changes in the following situations, for example:
- Customers will discover the impacts of the regulation more comprehensively through the provision of data protection information. We have updated and supplemented our data protection information on the web and during customer encounters during which we collect personal data from customers.
- Customers will have more extensive possibilities to influence the processing of their own data. They will have the right to obtain information about the processing of their personal data and to, for example, check, rectify, limit and erase their personal data. In addition, customers can forbid direct marketing.
- Customers can also see the more detailed rules concerning personal data processing practices in advanced means of identification when using our services or in changes in the ways in which personal data is used at Ilmarinen.
Will the EU’s data protection regulation impact the activities between an earnings-related pension insurance policyholder and Ilmarinen? Is it necessary to make separate agreements concerning the handling of data?
When handling the statutory earnings-related pension cover under the Employees Pensions Act (TyEL), Ilmarinen is a corporation appointed for the performance of a public task, exercising public authority, as referred to in section 4, paragraph 2 of the Act on the Openness of Government Activities. When handling this task, we are equated with, for example, the tax authority. The policyholder has the obligation to disclose the information concerning its employees to Ilmarinen for the implementation of TyEL insurance. When handling TyEL insurance, llmarinen thus acts in the capacity of a controller as referred to in the Personal Data Act and, in future, in the EU’s General Data Protection Regulation, and llmarinen is subject to the legal obligations pertaining to controllers. As an earnings-related TyEL pension insurance company, llmarinen is not a processor of the policyholder’s data. For these reasons, our customer relationship does not require any separate agreements concerning the handling of data.
Will the data protection regulation restrict the use of personal data?
The data protection regulation lays down more detailed ground rules concerning the processing of personal data: roughly, it is safe to say, however, that the regulation allows the processing of personal data to the same extent as the current Personal Data Act. The regulation does not render impossible the processing of personal data where it is legal, legitimate and generally accepted in society. Ilmarinen's core business is governed by law in terms of, among other things, pension insurance and investment operations. These will be permitted purposes of use also in future.
The regulation aims to prevent the use of personal data in a way that is detrimental to individuals or against the law. Ilmarinen does not engage in such activities that are detrimental to individuals.
Can a customer check what data has been stored about him or her in Ilmarinen's customer register? How?
Yes. By virtue of the Personal Data Act and the regulation, the customer has the right to check the data that has been saved on him or her. Ilmarinen's customers must submit a written and signed request to check the data to Ilmarinen's postal address: Tarkastuspyynnöt, Mutual Pension Insurance Company Ilmarinen, FI-00018 ILMARINEN.
In the request to check, customers must indicate their name and personal identity code so that we can locate their data. Ilmarinen will deliver the answer to the request to check to the customer's address, verified from the population information system.
Can a customer forbid the processing of his or her personal data?
A customer cannot forbid the processing of data that is necessary to implement pension insurance operations. Its processing is based on legislation.
A customer can forbid the processing of his or her personal data in direct marketing, for example.
Where can a customer obtain information about the processing of personal data at Ilmarinen?
On our website, customers can find information about data protection, such as Ilmarinen's personal-register-specific privacy statements and other information related to the processing, checking and erasing of personal data. Ilmarinen will also improve its communication of the personal data processing process to customers during various customer service situations and events.