Terms of use for the Varma Online Service (Terms)

The Varma Online Service (Service) is a digital online service produced by Varma Mutual Pension Insurance Company (Varma) in which entrepreneurs and employers that are Varma’s policyholders and private persons insured by Varma (Customer) can manage their earnings-related pension matters.

The Service is part of Varma’s website (Website) and online and mobile services, the use of which requires the Customer’s commitment to also comply with the general terms of use for Varma’s website. See the general terms of use.

Use of the Service requires that a customer who is Varma’s policyholder has been granted user rights to the Service from Varma. The Service can be used to the extent agreed while the insurance policy is valid, and for as long as is necessary to carry out transactions related to terminating the insurance policy with Varma.

Insured private persons must have a Finnish identity code in order to use the Service.

Use of the Service requires the Customer’s identification. Customer identification takes place via the Suomi.fi service using the strong identification means chosen by the Customer. For identification, the customer must have a personal, strong means of identification, a mobile certificate or personal Finnish banking codes.

If the above-mentioned means of identification are not in use, Varma will give its customer who is a policyholder a user ID to use the Service once the customer has provided Varma with reliable proof of identity. User rights to the Service are personal and non-transferrable. The Customer is responsible for carefully storing user IDs and passwords to ensure that they do not fall into unauthorised hands.

The Customer acknowledges and accepts that the Customer’s confidential information is processed in the Service.

The Service contains confidential information about Varma’s policyholders that is covered by insurance secrecy, for instance, information about their earnings-related pension insurance contributions and YEL income, as well as confidential personal data about Varma’s insured and pension recipients, for instance, information about their earnings and entitlement to pension. Information in the Service concerning pension decisions may include information on special categories of personal data as referred to in the EU’s General Data Protection Regulation (GDPR), for instance, information on work ability, which must be processed with special care.

Both Varma and Varma’s customer who is a policyholder are controllers according to the GDPR and are responsible, each for their own part, for processing personal data based on the GDPR and the data protection legislation or regulation (Data Protection Legislation) valid and applicable at any given time. As a regulatory operator, Varma provides pension cover in accordance with the Employees Pensions Act (TyEL) and the Self-Employed Persons Pensions Act (YEL). Varma processes and maintains the Customer’s personal data in the above-mentioned task. The Service is part of the earnings-related pension insurance customer relationship.

A customer who is a policyholder acts as a controller when managing earnings-related pension matters as part of its financial and HR management and using the information in the Service for that purpose. In acting as a controller, the customer commits to process personal data in compliance with the Data Protection Legislation and in accordance with the purpose for using the aforementioned data. The personal data in the Service can be processed only by persons who have the right to process the personal data in question by virtue of their job. Special attention must be paid to this when it comes to an individual’s work-ability-related employment pension information contained in the Service. The same applies to trade secrets in the Service.

More information on Varma’s processing of the Customer’s personal data is available in Varma’s separately maintained information material concerning TyEL and YEL insured persons, pension customers or rehabilitants and TyEL companies’ contact persons. Read about personal data processing at Varma.

Varma carries out research and studies related to managing disability risk. The information in the Service may be used anonymously in this research and study work. The results of research and studies that have been carried out may also be used at Varma to develop services and operations and in communications and marketing.

The customer shall assume responsibility for all transactions performed in the Service with proper authentication. The contents of the transactions and messages in the Service are considered to correspond to those saved in Varma’s data system.

The Customer is responsible for ensuring that no illegal or inappropriate material is sent to the Service and affirms that its communication in the Service does not violate anyone’s right to privacy.

Varma has the right to limit or terminate the Customer’s use of the Service or to remove user rights if the use of the Service infringes on these Terms, legislation, information security or official regulations.

By accepting the Terms, the Customer gives their general consent to Varma to send messages, announcements, the Customer’s consultations and notifications to the Service. In this case, these documents will no longer be sent primarily by post to the Customer.

An electronic message is considered to be delivered immediately, and a notification is considered to be delivered to the Customer on the third day after it has been submitted to the Service.

Varma is responsible for the operation of the Service when fulfilling its statutory duty, and ensures the correctness of the information in the Service. The data in the Service is partly of a general nature, and Varma cannot guarantee its fitness for a particular purpose.

Varma assumes no liability for loss or damage caused by non-operation of the Service. Varma accepts no responsibility for damage, costs or losses arising from the use of the Service or from inability to access or use the Service or for any loss or damage relating thereto. Nor does Varma accept liability for any loss or damage arising from the Customer’s or a third party’s possible telecommunications failures, computer system errors, harmful programs or data security risks. Varma does not guarantee that the Service will function without interruption or error.

The Service may also offer connections (links) to third-party services. Varma is not responsible for the contents or availability of such third parties’ services, nor for the correctness of the information provided by third parties.

According to Section 8 of the Act on Electronic Services and Communication in the Public Sector (13/2003): “The risk of delivery of an electronic message is borne by the sender”. Varma is not responsible for any damage caused to the Customer from the delay, loss, damage or misdirection of messages.

Data in the Service that is processed by persons on behalf a customer who is a policyholder is subject to the non-disclosure obligation. The policyholder-customer is responsible for guiding these persons in matters concerning data protection and information security. The policyholder-customer is responsible for the user rights it grants to the Service and for all actions it performs in the Service.

Varma and the Customer shall ensure, each for their own part, the information security of personal data through appropriate technical and administrative measures in order to prevent the unauthorised use of personal data and other Customer information and to prevent the unintentional disappearance, altering, destruction or damage thereof.

The Customer is obligated to notify Varma immediately if the Customer becomes aware of the unauthorised use and unintentional loss, alteration, destruction or damage of customer information where this is related to the Service offered by Varma to the Customer. The Customer must notify Varma of such occurrences by phone at the number 010 192 100 (Mon–Fri, 8 am–5 pm) or via secure email.

The personal information and other customer information contained in the Service can be processed only by designated persons who have the right to do so by virtue of their tasks. The Customer must define the customer organisation’s user rights roles and responsibilities and appropriately document its access management. The Customer is responsible for ensuring up-to-date access management and that all user-right holders fulfil the requirements for being granted user rights. The Customer is furthermore responsible for ensuring that user-right holders process the personal data and other customer information contained in the Service solely for the purposes defined in these Terms.

The Customer must regularly remove expired user rights.

The Customer is obligated to terminate the user rights of a user whose employment relationship has ended or whose work role has changed such that the criteria for having user rights are no longer met. The Customer is responsible for all actions performed by user-right holders in the Service, within the limits and period of validity of their user rights.

The Customer must appoint for the Service at least one main user, who, as the controlling person responsible, shall be responsible for ensuring that the user rights are up to date and that the rights to the Service have been appropriately granted. The main user may add, change or remove user rights in the Service such that it is binding on the Customer.

The Customer is responsible for the main user’s actions. The main user may also have another task-based role on the basis of which they may add, change or remove user rights to or from the Service. The Service’s main user manages, based on their position in the Customer’s organisation, all the Customer’s user rights related to using the Service and oversees all the Customer’s user rights to the Service. The main user defines the extent to which a user is authorised to use the Service.

The Customer can notify Varma of changes concerning user rights. If the notification arrives at Varma outside of its service hours, it shall be deemed to have arrived on the next weekday at 8 am. Varma’s service hours are weekdays from 8 am until 5 pm.

A private person insured by Varma and a self-employed person who is Varma’s policyholder can choose a separate online service within the Service, in which case, in addition to these Terms, the terms concerning online transactions in the Service must primarily be applied.

The Customer and Varma can securely send a message or attachment in the Service. If the Customer has given their email address to Varma, they will receive a notification of the arrival of a message or attachment in the Service.

A representative of an accounting firm or insurance brokerage may obtain user rights to the Service to the agreed extent for a customer who is Varma’s policyholder, provided that separate consent or authorisation to that effect has been given by the Customer.

The accounting firm or insurance brokerage shall assume responsibility for all transactions carried out using the Service’s user rights.

The user rights to the Service that the accounting firm or insurance brokerage obtains from Varma are valid under the same terms as what is stated in these Terms regarding the Customer’s user rights. The obligations set for the Customer in the Terms also apply to the accounting firm or insurance brokerage acting on the Customer’s behalf.

The Customer and the accounting firm or insurance brokerage must immediately inform Varma of the termination of authorisation or consent in order to terminate the user rights to the Service.

The Customer shall purchase, at the Customer’s own expense, all the necessary equipment, software and telecommunication lines required for the Service and shall also be responsible for their operation and maintenance costs, as well as for their functionality and compatibility with the Service. Varma and the Customer shall each be responsible for the proper information security of their own IT systems.

Varma reserves the proprietary rights, copyright and other immaterial rights to the Service, unless separate notice has been given. Varma is responsible for ensuring that the Service does not violate the intellectual property rights of a third party.

The Customer may save or print material from the Service solely for the Customer’s own use. Copying, disseminating and modifying material, as well as linking websites and all commercial use or publication of material without Varma’s explicit written consent are prohibited.

Varma reserves the right to change these Terms and the Service. If the change substantially increases or weakens the Customer’s rights, Varma shall inform the Customer of the change via email or in a message to be added to the Service prior to the change taking effect.

The Customer is considered to have accepted a change to the Terms once notification of the change has been given in the manner described above and the Customer uses the Service after the change has been made. If the Customer rejects the change that has been made, the Customer must refrain from using the Service and notify Varma thereof without delay. Varma’s customer who is a policyholder must also terminate the agreement concerning the Service in writing.

Varma shall always have the right to stop providing the Service.

The Customer shall not be entitled to any compensation due to the termination of the use of the Service. If the Customer has had an interface in use via the Service, information can no longer be transmitted via the interface once the insurance policy ends. Information that is transmitted before the insurance policy has ended remains in the Customer’s use.

Disputes arising from these Terms shall definitively be resolved together with Varma’s customers who are policyholders in arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one, and the arbitration shall take place in Helsinki, Finland, in the Finnish language.

Disputes with insured private persons arising from these Terms shall be resolved in the Helsinki District Court or in the district court of the locality in Finland in whose jurisdiction the person is domiciled or has a permanent residence.

Varma’s insurance business is supervised by the Finnish Financial Supervisory Authority (FIN-FSA).

Contact information:
Finnish Financial Supervisory Authority, Snellmaninkatu 6, P.O. Box 103, FI-00101 Helsinki, Finland.
www.finanssivalvonta.fi
Tel. 09 183 51.

These terms and conditions are governed by Finnish law.