Mandatum Life is committed to processing your personal data in accordance with the relevant legislation, including the General Data Protection Regulation, the Data Protection Act, the Information Society Code, the Insurance Companies Act, the Act on the Protection of Privacy in Working Life and other applicable regulation.
Protecting your data and your privacy and processing your data in a secure manner are very important to Mandatum Life, so whether you are a new or a long-time customer of ours, we recommend that you familiarize yourself with our practices. And in case you have any questions, do not hesitate to contact us!
2. Whose Data Do We Process and Where Do We Collect Data From?
Customers of Mandatum Life (for example the insured persons, policyholders, beneficiaries and persons associated with corporate customers)
Members of the institutional customers of Mandatum Life (pension funds and personnel funds)
Mandatum Life's marketing target groups (for example private persons and companies)
Users of Mandatum Life's digital services (for example the website and mobile services)
Customers of Kaleva (for example insured persons, policyholders and beneficiaries)
Persons whose personal data is processed due to a statutory obligation of Mandatum Life
Employees, job applicants, representatives and others working for Mandatum Life
Personal data is mainly collected from the persons themselves before and during the customer relationship, employment or other contractual relationship. We also receive data from employers with regard to the employer’s group insurance plans. We receive data from the joint claims and abuse registers of insurance companies. We also receive data from public registers maintained by authorities and other reliable parties. For example, we automatically update the addresses of customers with the population register data received from Bisnode Finland Ltd. If necessary, we check credit information from the credit information registers of Suomen Asiakastieto Ltd and Bisnode Finland Ltd. We use contact information from Bisnode Finland Ltd and Fonecta Ltd for marketing targeted at companies. Suomen Asiakastieto Ltd, Bisnode Finland Ltd and Fonecta Ltd provide information about their processing of personal data on their websites.
3. How and Why We Process Personal Data?
The Customers of Mandatum Life
We process personal data for example to manage customer relationships and to market and develop our services. We process personal data only to the extent necessary or as required by law. The categories of data we process and the details of the processing depend on what group of persons or customers you belong to. We categorize customers into different groups, for example based on what kinds of products they have selected or based on their investment capital. This helps us to offer each customer group products and services that are most interesting and best suited for them. When we offer investment solutions related to our services, we assess the customer's investing and saving needs and willingness and capability to take risk in accordance with our statutory obligations.
When we process insurance claims, we use personal data for making automated decisions in accordance with the Insurance Companies Act. We store customer service calls to ensure the quality of customer service and to confirm assignments or deals. Personal data is also processed to carry out customer satisfaction surveys. We process personal data for statistical purposes in order to fulfil our statutory obligations and in order to report on our rewarding services. Individual persons or companies are not identifiable from the statistics or reports.
Members of Institutional Customers (Pension Funds and Personnel Funds)
Mandatum Life Services Ltd offers pension funds services for daily operations, such as services related to fund management, pension processing, actuarial services, financial accounting, wealth management and risk management services. For personnel funds, Mandatum Life Services Ltd offers services related to management, including maintenance of membership data, payment of the members’ fund shares, financial accounting and advising for members. When offering services to institutional customers and their members, Mandatum Life Services Ltd is the data processor and each pension fund or personnel fund is the data controller.
Customers of Kaleva
Mandatum Life handles the insurance and claim services for the Kaleva Mutual Insurance Company (with the exception of Kaleva’s Primus insurances). For the customers of Kaleva, Mandatum Life is the data processor and Kaleva is the data controller. We only process personal data in order to manage the customer relationship and to pay out indemnities and only to the extent necessary or as required by law.
Employees, job applicants, representatives and others working for Mandatum Life
We process personal data with regard to the employment or other contractual relationship and for example to fulfil our statutory employer obligations and to pay out salaries, commissions or fees.
As regards job applicants, we process personal data provided to us by the applicant during the recruiting process in order to fill open positions.
More specific information
4. How Long Is Personal Data Retained?
We retain personal data for as long as is necessary for the purposes for which the data is collected or as long as required by law. The retention periods depend on which group of customers or persons you belong to. The retention periods also depend on the statutes of limitations in the Insurance Contracts Act and the anti-money laundering legislation. In cases where different retention periods apply to the same documents, the documents are stored according to the longest period. You can find a more detailed description of the retention periods for in our register descriptions.
5. Is Personal Data Disclosed or Transferred to Others?
Disclosures and Transfers of Personal Data
Personal data can be disclosed to recipients outside Mandatum Life as allowed or as required by law. Data may be disclosed for example to authorities (such as the Tax Administration, the Social Insurance Institution and enforcement authorities) and to the joint claims and abuse registers of insurance companies. Based on the Insurance Companies Act data may also be disclosed to other companies that belong to the same conglomerate referred to in the Act on the Supervision of Financial and Insurance Conglomerates. These companies are Sampo Plc, If P&C Insurance Company Ltd, Kaleva Mutual Insurance Company and Varma Mutual Pension Insurance Company. Personal data may be disclosed to these companies for the purposes of customer service, managing the customer relationship, marketing and risk management of the conglomerate in accordance with the applicable legislation. The processing of personal data within the conglomerate is restricted only to a limited group of persons and sensitive data is not disclosed. Personal data of the employees of Mandatum Life is disclosed to the occupational health care provider, the employment pension company and the companies that provide services for the employees. You can read more about the disclosures of personal data in our register descriptions.
Transfer of Personal Data Outside the EU and the EEA
Personal data is mainly stored and processed within the EU and the EEA. If data is transferred outside the EU and the EEA to countries for which the European Commission has not issued a decision of adequacy of data protection, we will take care of protecting the data for example by using the standard contractual clauses approved by the European Commission. Transferred data is processed only on behalf of Mandatum Life.
6. What Rights Do You Have?
You have for example the right to access your data, the right to rectify inaccurate data and the right to erasure as described in more detail below. Please also note that Mandatum Life has statutory obligations to store some of the data and Mandatum Life may have an obligation to process or store your data even if you object to the processing or ask for the data to be erased.
You can use your rights described below by contacting our customer service.
We will respond to your request within one month of receiving the request. In special circumstances we can extend the time limit by two months as allowed by legislation, taking into account the complexity and number of the requests.
If you are a member of a pension or personnel fund that is an institutional customer of Mandatum Life, note that the fund is the data controller. In these cases the use of your rights depends on the legislation applicable to the institutional customer, the rules of the institution as well as the service agreement between Mandatum Life and the institutional customer. You can find more information on the rights of the members of institutional customers in the processing descriptions in section 10.
The Right of Access by the Data Subject
You have the right to receive confirmation on whether or not Mandatum Life is processing your personal data. If your personal data is being processed, you have the right to access the data and to receive a copy of the data. The confidentiality obligations set in the legislation applicable to the insurance and finance sector (for example the Act on Detecting and Preventing Money Laundering and Terrorist Financing) may restrict the use of your right to access information.
The Right to Rectification
You have the right to request that Mandatum Life rectifies any inaccurate personal data and completes any incomplete data.
The Right to Erasure (the Right to Be Forgotten)
You have the right to request the erasure of your data and if the processing of your data is based on your consent, the right to withdraw your consent. If you request the erasure of your data or withdraw your consent, we will delete the data unless there are other legal grounds for the processing or unless we have a statutory obligation to store the data. In any case, we will delete your data after the retention period has ended.
The Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in cases where the conditions set in legislation are met. Please also note that the right to restriction of processing does not apply to the processing of personal data carried out to fulfil the statutory obligations of Mandatum Life.
The Right to Data Portability
If the processing of your personal data is based on your consent or the performance of a contract, you have the right to receive the personal data you have provided us in a structured and commonly used format and the right to have the data transferred to another data controller.
The Right to Object
You have the right to object to the processing of your personal data if the processing is based on the legitimate interests of Mandatum Life or a third party.
The Right to Lodge a Complaint
If you find the processing of your personal data in conflict with the applicable legislation, you have the right to lodge a complaint with the data protection authorities.
In addition to managing the customer relationship we use personal data for marketing our services and products. The marketing is carried out online, by mail and by telephone. The marketing can be targeted at the current and potential customers of Mandatum Life. In addition to marketing, we also contact our customers with customer communications. As regards the members of the institutional customers of Mandatum Life, we only market to the members who have given us their consent for marketing.
Our online marketing consists of for example e-mails and online advertisements. Our e-mails include newsletters for different customer groups and for example event invitations. We use partner companies to target our online advertising for example so that people are shown ads related to products and services whose pages they have visited before. The targeting of advertising takes place automatically and utilizes cookies and the data used is not connected with the data related to the insurances or investments of the customer.
Opting Out of Marketing
You can manage your e-mail subscriptions through our web service. In addition, each e-mail message includes a link through which you can unsubscribe. You can also opt out of marketing communications by contacting our customer service.
We obey the marketing bans in the population register maintained by the Population Register Centre and in the Robinson Register maintained by the Data & Marketing Association of Finland, unless you have separately allowed marketing by Mandatum Life. You can find more information on the marketing bans from the websites of the Population Register Centre and the Data & Marketing Association of Finland (in Finnish).
Cookies are small text files that are stored on the visitor’s computer or other device when visiting the website of Mandatum Life. Cookies are used for example to maintain the session after the user logs in to the web service and to remember the selections made by the user when moving from one page to another. We can also utilize cookies for example to individualize website visitors and to compile statistics of the visits to our website. Cookies are also used in the chat service of Mandatum Life’s website and to target marketing. Both session cookies and persistent cookies set by Mandatum Life and our partners are used on Mandatum Life’s website and web service.
8. Terms Applicable to Mobile Applications
9. How is Personal Data Protected and What Kinds of Risks Are Involved?
We use the necessary and appropriate technological and administrative data protection methods in accordance with the best practices to protect personal and other data. These methods include the use of firewalls, strong encryption techniques and secure facilities, access controls and the limited granting of rights, training of the staff as well as the careful selection of subcontractors. The subcontractors are contractually bound to comply with the applicable legislation and the data protection principles and guidelines of Mandatum Life.
The processing of personal data is only allowed for employees who need to use the data to carry out their tasks. The systems containing personal data have individual user accounts and the use of the systems is monitored. In addition to a statutory confidentiality obligation, employees of Mandatum Life who process personal data are bound by a separate confidentiality agreement. Personal data that is no longer necessary is deleted securely.
Despite careful and appropriate security measures, data processing always includes a risk. If a data security breach that is likely to result in a high risk to your privacy or other rights takes place despite the security measures, we will contact you as soon as possible.
10. Register Descriptions of Mandatum Life
Mandatum Life Services
Description of Data Processing regarding the members of personnel funds »
Description of Data Processing regarding pension compensation »
Description of Data Processing regarding the member registers of pension funds »
Description of Data Processing regarding supplementary pension liability calculations »
Description of Data Processing regarding statutory pension liability calculations »
Description of Data Processing regarding IFRS calculations »
Register Descriptions for Kaleva are available at Kaleva’s website
11. Who Can I Contact?
If you have questions about data protection, you can contact our customer service.
Our Customer Service number