Mandatum Life Privacy

In this privacy policy we will inform you about the use of personal data at Mandatum Life, including what kind of personal data we process, how we use your data and what rights you have with regard to the processing of your data. You can find more detailed information in our register descriptions and the descriptions regarding the members of institutional customers. You can find them in section 10 of the privacy policy.

1. General Information about the Privacy Policy

As a customer of Mandatum Life you trust us with your personal data. Sharing your data with us allows us to serve you better, for example by offering you products and services that are more suitable for you and by assisting you better when you contact us. This privacy policy describes how and why we process your personal data and what kind of data we collect. This privacy policy applies to all operations of Mandatum Life that involve the processing of personal data. Examples of these include the use of our online and mobile services, applying for an insurance or filing an insurance claim and using our wealth management services. This privacy policy covers the companies of Mandatum Life Group, including Mandatum Life Insurance Company Ltd, Mandatum Life Services Ltd, Mandatum Life Investment Services Ltd and Mandatum Life Fund Management S.A.

Data protection refers to the protection of personal data and ensuring the appropriate processing of such data. Personal data means information that can be used to identify you. This privacy policy applies to the processing of personal data of natural persons. These persons include for example the private customers of Mandatum Life or persons related to corporate customers of Mandatum Life. Section 2 of this privacy policy describes the categories of data subjects in more detail. You can read more about your rights in section 6 of this privacy policy.

Mandatum Life is committed to processing your personal data in accordance with the relevant legislation, including the General Data Protection Regulation, the Data Protection Act, the Information Society Code, the Insurance Companies Act, the Act on the Protection of Privacy in Working Life and other applicable regulation.
Protecting your data and your privacy and processing your data in a secure manner are very important to Mandatum Life, so whether you are a new or a long-time customer of ours, we recommend that you familiarize yourself with our practices. And in case you have any questions, do not hesitate to contact us!

2. Whose Data Do We Process and Where Do We Collect Data From?

The privacy policy of Mandatum Life applies to the following categories of data subjects:

  • Customers of Mandatum Life (for example the insured persons, policyholders, beneficiaries and persons associated with corporate customers)

  • Members of the institutional customers of Mandatum Life (pension funds and personnel funds)

  • Mandatum Life's marketing target groups (for example private persons and companies)

  • Users of Mandatum Life's digital services (for example the website and mobile services)

  • Customers of Kaleva (for example insured persons, policyholders and beneficiaries)

  • Persons whose personal data is processed due to a statutory obligation of Mandatum Life

  • Employees, job applicants, representatives and others working for Mandatum Life

Personal data is mainly collected from the persons themselves before and during the customer relationship, employment or other contractual relationship. We also receive data from employers with regard to the employer’s group insurance plans. We receive data from the joint claims and abuse registers of insurance companies. We also receive data from public registers maintained by authorities and other reliable parties. For example, we automatically update the addresses of customers with the population register data received from Bisnode Finland Ltd. If necessary, we check credit information from the credit information registers of Suomen Asiakastieto Ltd and Bisnode Finland Ltd. We use contact information from Bisnode Finland Ltd and Fonecta Ltd for marketing targeted at companies. Suomen Asiakastieto Ltd, Bisnode Finland Ltd and Fonecta Ltd provide information about their processing of personal data on their websites.

3. How and Why We Process Personal Data?

The Customers of Mandatum Life

We process personal data for example to manage customer relationships and to market and develop our services. We process personal data only to the extent necessary or as required by law. The categories of data we process and the details of the processing depend on what group of persons or customers you belong to. We categorize customers into different groups, for example based on what kinds of products they have selected or based on their investment capital. This helps us to offer each customer group products and services that are most interesting and best suited for them. When we offer investment solutions related to our services, we assess the customer's investing and saving needs and willingness and capability to take risk in accordance with our statutory obligations.

When we process insurance claims, we use personal data for making automated decisions in accordance with the Insurance Companies Act. We store customer service calls to ensure the quality of customer service and to confirm assignments or deals. Personal data is also processed to carry out customer satisfaction surveys. We process personal data for statistical purposes in order to fulfil our statutory obligations and in order to report on our rewarding services. Individual persons or companies are not identifiable from the statistics or reports.

Members of Institutional Customers (Pension Funds and Personnel Funds)

Mandatum Life Services Ltd offers pension funds services for daily operations, such as services related to fund management, pension processing, actuarial services, financial accounting, wealth management and risk management services. For personnel funds, Mandatum Life Services Ltd offers services related to management, including maintenance of membership data, payment of the members’ fund shares, financial accounting and advising for members. When offering services to institutional customers and their members, Mandatum Life Services Ltd is the data processor and each pension fund or personnel fund is the data controller.

Customers of Kaleva

Mandatum Life handles the insurance and claim services for the Kaleva Mutual Insurance Company (with the exception of Kaleva’s Primus insurances). For the customers of Kaleva, Mandatum Life is the data processor and Kaleva is the data controller. We only process personal data in order to manage the customer relationship and to pay out indemnities and only to the extent necessary or as required by law.

Employees, job applicants, representatives and others working for Mandatum Life

We process personal data with regard to the employment or other contractual relationship and for example to fulfil our statutory employer obligations and to pay out salaries, commissions or fees.

As regards job applicants, we process personal data provided to us by the applicant during the recruiting process in order to fill open positions.

More specific information

You can find more detailed descriptions of the categories of data, the purposes and legal grounds for the processing in our register descriptions and the descriptions regarding the members of institutional customers. You can find them in section 10 of the privacy policy. The register descriptions for Kaleva are available at Kaleva’s website (in Finnish).
 

4. How Long Is Personal Data Retained?

We retain personal data for as long as is necessary for the purposes for which the data is collected or as long as required by law. The retention periods depend on which group of customers or persons you belong to. The retention periods also depend on the statutes of limitations in the Insurance Contracts Act and the anti-money laundering legislation. In cases where different retention periods apply to the same documents, the documents are stored according to the longest period. You can find a more detailed description of the retention periods for in our register descriptions.

5. Is Personal Data Disclosed or Transferred to Others?

Disclosures and Transfers of Personal Data

Personal data can be disclosed to recipients outside Mandatum Life as allowed or as required by law. Data may be disclosed for example to authorities (such as the Tax Administration, the Social Insurance Institution and enforcement authorities) and to the joint claims and abuse registers of insurance companies. Based on the Insurance Companies Act data may also be disclosed to other companies that belong to the same conglomerate referred to in the Act on the Supervision of Financial and Insurance Conglomerates. These companies are Sampo Plc, If P&C Insurance Company Ltd, Kaleva Mutual Insurance Company and Varma Mutual Pension Insurance Company. Personal data may be disclosed to these companies for the purposes of customer service, managing the customer relationship, marketing and risk management of the conglomerate in accordance with the applicable legislation. The processing of personal data within the conglomerate is restricted only to a limited group of persons and sensitive data is not disclosed. Personal data of the employees of Mandatum Life is disclosed to the occupational health care provider, the employment pension company and the companies that provide services for the employees. You can read more about the disclosures of personal data in our register descriptions.

Transfer of Personal Data Outside the EU and the EEA

Personal data is mainly stored and processed within the EU and the EEA. If data is transferred outside the EU and the EEA to countries for which the European Commission has not issued a decision of adequacy of data protection, we will take care of protecting the data for example by using the standard contractual clauses approved by the European Commission. Transferred data is processed only on behalf of Mandatum Life.

6. What Rights Do You Have?

You have for example the right to access your data, the right to rectify inaccurate data and the right to erasure as described in more detail below. Please also note that Mandatum Life has statutory obligations to store some of the data and Mandatum Life may have an obligation to process or store your data even if you object to the processing or ask for the data to be erased.

You can use your rights described below by contacting our customer service.

We will respond to your request within one month of receiving the request. In special circumstances we can extend the time limit by two months as allowed by legislation, taking into account the complexity and number of the requests.

If you are a member of a pension or personnel fund that is an institutional customer of Mandatum Life, note that the fund is the data controller. In these cases the use of your rights depends on the legislation applicable to the institutional customer, the rules of the institution as well as the service agreement between Mandatum Life and the institutional customer. You can find more information on the rights of the members of institutional customers in the processing descriptions in section 10.

The Right of Access by the Data Subject

You have the right to receive confirmation on whether or not Mandatum Life is processing your personal data. If your personal data is being processed, you have the right to access the data and to receive a copy of the data. The confidentiality obligations set in the legislation applicable to the insurance and finance sector (for example the Act on Detecting and Preventing Money Laundering and Terrorist Financing) may restrict the use of your right to access information.

The Right to Rectification

You have the right to request that Mandatum Life rectifies any inaccurate personal data and completes any incomplete data.

The Right to Erasure (the Right to Be Forgotten)

You have the right to request the erasure of your data and if the processing of your data is based on your consent, the right to withdraw your consent. If you request the erasure of your data or withdraw your consent, we will delete the data unless there are other legal grounds for the processing or unless we have a statutory obligation to store the data. In any case, we will delete your data after the retention period has ended.

The Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in cases where the conditions set in legislation are met. Please also note that the right to restriction of processing does not apply to the processing of personal data carried out to fulfil the statutory obligations of Mandatum Life.

The Right to Data Portability

If the processing of your personal data is based on your consent or the performance of a contract, you have the right to receive the personal data you have provided us in a structured and commonly used format and the right to have the data transferred to another data controller.

The Right to Object

You have the right to object to the processing of your personal data if the processing is based on the legitimate interests of Mandatum Life or a third party.

You also have the right to object to the processing of your personal data for direct marketing purposes. You can find more information on opting out of direct marketing in section 7 of the privacy policy.

The Right to Lodge a Complaint
If you find the processing of your personal data in conflict with the applicable legislation, you have the right to lodge a complaint with the data protection authorities.

7. Marketing

In addition to managing the customer relationship we use personal data for marketing our services and products. The marketing is carried out online, by mail and by telephone. The marketing can be targeted at the current and potential customers of Mandatum Life. In addition to marketing, we also contact our customers with customer communications. As regards the members of the institutional customers of Mandatum Life, we only market to the members who have given us their consent for marketing.

Our online marketing consists of for example e-mails and online advertisements. Our e-mails include newsletters for different customer groups and for example event invitations. We use partner companies to target our online advertising for example so that people are shown ads related to products and services whose pages they have visited before. The targeting of advertising takes place automatically and utilizes cookies and the data used is not connected with the data related to the insurances or investments of the customer.

Opting Out of Marketing

You can manage your e-mail subscriptions through our web service. In addition, each e-mail message includes a link through which you can unsubscribe. You can also opt out of marketing communications by contacting our customer service.

We obey the marketing bans in the population register maintained by the Population Register Centre and in the Robinson Register maintained by the Data & Marketing Association of Finland, unless you have separately allowed marketing by Mandatum Life. You can find more information on the marketing bans from the websites of the Population Register Centre and the Data & Marketing Association of Finland (in Finnish).

You can control the cookies that are used to target advertising through the settings of your web browser. Please also note that preventing the use of cookies may impact the functionality of our website. We use Oracle Eloqua, Adobe Marketing Cloud and Adform to target our online advertising. You can also opt out of the targeting of advertising through the websites of Oracle, Adobe ja Adform (the selections made on these websites also impact other advertisers that use the services of Oracle, Adobe and Adform).

Cookies

Cookies are small text files that are stored on the visitor’s computer or other device when visiting the website of Mandatum Life. Cookies are used for example to maintain the session after the user logs in to the web service and to remember the selections made by the user when moving from one page to another. We can also utilize cookies for example to individualize website visitors and to compile statistics of the visits to our website. Cookies are also used in the chat service of Mandatum Life’s website and to target marketing. Both session cookies and persistent cookies set by Mandatum Life and our partners are used on Mandatum Life’s website and web service.

 

8. Terms Applicable to Mobile Applications

Our mobile applications can be downloaded from the Apple App Store and the Google Play store. The terms of use of Mandatum Life’s website and this privacy policy apply to the mobile applications. In addition, the terms of use of Apple and Google apply to the use of the Apple App Store and the Google Play store.

9. How is Personal Data Protected and What Kinds of Risks Are Involved?

We use the necessary and appropriate technological and administrative data protection methods in accordance with the best practices to protect personal and other data. These methods include the use of firewalls, strong encryption techniques and secure facilities, access controls and the limited granting of rights, training of the staff as well as the careful selection of subcontractors. The subcontractors are contractually bound to comply with the applicable legislation and the data protection principles and guidelines of Mandatum Life.

The processing of personal data is only allowed for employees who need to use the data to carry out their tasks. The systems containing personal data have individual user accounts and the use of the systems is monitored. In addition to a statutory confidentiality obligation, employees of Mandatum Life who process personal data are bound by a separate confidentiality agreement. Personal data that is no longer necessary is deleted securely.

Despite careful and appropriate security measures, data processing always includes a risk. If a data security breach that is likely to result in a high risk to your privacy or other rights takes place despite the security measures, we will contact you as soon as possible.

We also recommend that you familiarise yourself with the terms of use of Mandatum Life's web service and website and the information security guidelines for the users of the mobile service and make sure that the equipment and connections that you use are up to date with regard to data security. You can also find more information and general data security tips and instructions for example from the website of the Finnish Communications Regulatory Authority.

11. Who Can I Contact?

If you have questions about data protection, you can contact our customer service.

Send a message

A simple and safe way for customers to contact us is to send us a message through our Web Service

Call

Our Customer Service number

0200 31100
(lnc/mpc) Mon to Thu 8-17 and Fri 8-16

Ask us to contact you

Send us your details and we will contact you.

Use this form to make a request for contact. If you are a customer and would like to place an order, send a secure message by logging in to our Web Service or by calling our Customer Service.

Log in to Web Service »

*
* required field

Subscribe to our newsletter

What's going on? Keep up to date with market events.