Pension customer or rehabilitee

On what grounds and for what purpose will Varma process my data?

Varma provides statutory pension cover in accordance with the Employees Pensions Act (TyEL) and the Self-employed Persons Pensions Act (YEL). In this task, we maintain and process personal data about pensioners. Your information will be processed in the following matters and activities:

  • management of a pension or rehabilitation case
  • measures relating to pension taxation
  • advice and pension estimates
  • determination of pension liabilities and related statutory statistics
  • consistent application of legislation.

These measures included in Varma’s statutory task are specified exhaustively in legislation.

We will not process your personal data for any purposes other than those mentioned above.

What information about me will Varma process?

In order to carry out its statutory task, Varma has information about you belonging to two categories of personal data:

  • basic information and information for communication and identification, and
  • information required for managing the pension or rehabilitation case, pension advice and pension payment and debt collection

The more detailed content of this information is described below:

  • basic information and information for communication and identification: last name, first name, date of birth, language, personal identity code, contact information (street address, postcode, city/town, country of residence, telephone number, e-mail address), online and electronic service user data
  • information required for managing a pension or rehabilitation case, such as occupation, date of death, family status data (guardianship data, children, information about spouse, i.e. marriage or registered partnership), spouse’s last name, first name and personal identity code, information about the validity of marriage or partnership, employer, information relating to the calculation of pension (employment history with income data), benefit decision history, retirement age, information about the accrual of pension
  • information relating to the payment of benefits, such as banking information for payments, amount, benefit recipients, taxation information
  • information about debt collection and enforced collection, such as fees and off-sets from pension, enforced collection from pension
  • information about other paid or rejected social benefits based on, for example, traffic or accident insurance, benefit application to Kela and decision concerning it
  • information based on pension estimate and other pension advice
  • information about legal representative, such as the legal representative’s name and contact information

Information about your health will be processed only when required for managing your case and only in the way specifically referred to in legislation.

From whom does Varma obtain the information required?

We regularly receive information for the management of your pension or rehabilitation case from:

  • employer
  • Finnish Centre for Pensions
  • tax administration
  • registers of the authorities
  • Arek’s earnings and accrual system and information service
  • doctors, hospitals and health centres
  • unemployment insurance fund
  • employment authorities
  • Population Register Centre
  • other pension institutions and insurance companies
  • social welfare authorities
  • enforcement authorities
  • Social Insurance Institution of Finland (Kela)
  • banks
  • Varma’s telephone and chat service providers

The above-mentioned parties are bound by the non-disclosure obligations concerning them. They may only disclose the information required for managing your case to Varma in accordance with their non-disclosure regulations.

For how long will Varma store my data?

Varma has a statutory duty to store your data in the provision of earnings-related pension. With regard to storage, we comply with the provisions of employment pension legislation (Employees Pensions Act TyEL section 218 and Self-Employed Persons’ Pensions Act YEL section 160). Your data will only be stored for the period specified for managing the pension or rehabilitation case. After the fixed period, we will erase your data from Varma’s information systems. The fixed periods are as follows:

  • management of a pension and rehabilitation case, payment of pensions: lifetime and following 5 calendar years
  • survivors' pension: time of payment of survivors' pension and following 5 calendar years
  • pension advice: 5 calendar years (e.g. a pension estimate is stored for 5 years after its calculation)
  • appeal: 50 years, unless the data has to be stored as pension or insurance documents for a longer period
  • calculation of pension liabilities for the employer: lifetime and following 6 calendar years
  • telephone call recordings: 6 calendar months
  • chat service data: 1 month and seven days
  • information related to making an appointment at a customer service point: 6 months

To whom may Varma disclose my information?

Varma may only disclose your information to parties with a statutory right to receive the information for a purpose specified by law. Such parties include various authorities in the way separately set out in legislation. In addition, we use subcontractors in the processing and storage of information. According to law, Varma is liable for their activities as strictly as it is for its own operations. In order to manage your pension or rehabilitation case, the following parties, among others, have the right to access the data according to law:

  • your employer
  • Finnish Centre for Pensions
  • tax administration
  • other pension or insurance institution
  • Social Insurance Institution of Finland (Kela)
  • unemployment insurance fund
  • social welfare authority
  • employment authority
  • enforcement authority
  • Pension Appeals Court
  • Insurance Court
  • bank
  • intermediate bank (Danske Bank, whose website contains a record of personal data processing)

What kinds of safety measures and procedures will Varma use to protect my personal data?

Personal data may only be processed by persons authorised to do so in accordance with access rights management. Access to personal data, hardware and servers is limited to persons whose duties require it. The persons processing the data are subject to a statutory secrecy obligation, and they have additionally signed a separate non-disclosure agreement.

Subcontractors may also be used for performing services. The subcontractors are subject to the same non-disclosure regulations and commitments as Varma’s employees.

The employees have been instructed in the processing of personal data, and they are trained and tested to understand and prevent risks to the data in the data file.

Compliance with the principles of processing personal data is verified through internal and external audits and by documenting our own operations.

Varma maintains high-quality data security in its internal data network. The transfer of personal data in the public data network is secured using secure and appropriate encryption technology. When transmitted through the public communications network, confidential data is secured by technical measures. The servers used in processing data are located in data centres protected with access control and security systems, and data files containing personal data have been isolated from public information networks with technical security measures. Personal data is stored in secured premises.

The data is backed-up regularly and log data is collected on the use of data to develop the services and investigate any incidents and cases of abuse.

The confidentiality, integrity, availability, data availability and redundancy of processing systems and services is ensured through various systems and methods, such as data security updates and system audits.

With regard to service companies engaging in data processing, the processing of data is based on agreements and access rights granted and supervised by Varma.

Will my data be transferred and processed outside the EU/EEA?

Yes. – In such transfers, the protection of personal data is secured through contractual arrangements pursuant to the EU model clauses.

Will automated decisions or profiling be made on the basis of my data?

We utilise automated decision-making in our pension processing. The automation speeds up and improves the processing. We always take legal and good governance requirements into account in this processing. You have the right to appeal a decision. More information will be given in connection with the decision.

How can I get additional information about the processing of my personal data?

If you would like to get additional information about the processing of personal data at Varma, please contact us by secure email.

Do I have the right to be informed of the personal data concerning me?

You have the right to receive a confirmation of whether personal data about you is processed by Varma. In case we process your personal data, you have the right to receive a copy of the data processed. Please send your request for information by using the personal data request form.

We will provide the information to you within a month of receiving your request. The fixed period may be extended by a maximum of two months in certain situations. If the period is extended, we will inform you of it within one month of receiving your request. What should I do to supplement or rectify my personal data? If you observe a shortcoming, inaccuracy or error in the personal data we have provided to you, you have the right to request your data is supplemented or rectified. The same right applies to outdated information. Please send your request to have your data supplemented or rectified by secure email.

Do I have the right to have my personal data erased?

The right to demand personal data to be erased referred to in data protection legislation does not apply to the processing of data in Varma’s statutory pension insurance operations or situations in which there is a statutory obligation to store the data or the data needs to be stored to prepare, present or defend a legal claim. Therefore, it is not possible to erase the data pertaining to pension insurance based on a demand during the period when it has to be stored for managing statutory pension insurance. However, we will erase your personal data without a separate request after the statutory fixed period for its storage has expired.

Can I prohibit or restrict the processing of my personal data?

Since it concerns the implementation of statutory pension security, Varma is obligated to process your personal data, and the processing cannot be prohibited. The right to demand the restriction of personal data processing referred to in data protection legislation does not apply to statutory pension insurance operations, so it is not possible to restrict the processing of data.

Can I demand that my personal data be transferred to another system?

The right to demand the transfer of personal data to another system referred to in data protection does not apply to statutory pension insurance operations, so it is not possible to transfer your data.

To whom may I complain about the processing of my personal data?

If Varma refuses to take measures based on your request, we will inform you of the legal grounds for our negative reply without delay and within a month of receiving your request at the latest. You can submit the matter to the Data Protection Ombudsman if you have received a negative reply to your request from Varma. We will include the contact details of the Data Protection Ombudsman in our reply. You may appeal against the decision of the Data Protection Ombudsman by appealing to the Administrative Court in accordance with the Administrative Judicial Procedure Act. The decision of the Data Protection Ombudsman includes instructions for appeal, which provides you with instructions for appealing to the Administrative Court.

How can I contact Varma?

Send a secure email.

What are the legal grounds of this document?

This document is based on the requirements of the EU’s General Data Protection Regulation.

© Varma Mutual Pension Insurance Company

(function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src = '//www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-MJL5CR'); (function(w, t, f) { var s='script',o='_giosg',h='https://service.giosg.com',e,n;e=t.createElement(s);e.async=1;e.src=h+'/live/'; w[o]=w[o]||function() {(w[o]._e=w[o]._e||[]).push(arguments)} ;w[o]._c=f;w[o]._h=h;n=t.getElementsByTagName(s)[0];n.parentNode.insertBefore(e,n); })(window,document,3860); (function(h,o,t,j,a,r){ h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)}; h._hjSettings={hjid:928553,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.async=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv='); var _vwo_code = (function () { var account_id = 65925, settings_tolerance = 2000, library_tolerance = 2500, use_existing_jquery = false, // DO NOT EDIT BELOW THIS LINE f = false, d = document; return { use_existing_jquery: function () { return use_existing_jquery; }, library_tolerance: function () { return library_tolerance; }, finish: function () { if (!f) { f = true; var a = d.getElementById('_vis_opt_path_hides'); if (a) a.parentNode.removeChild(a); } }, finished: function () { return f; }, load: function (a) { var b = d.createElement('script'); b.src = a; b.type = 'text/javascript'; b.innerText; b.onerror = function () { _vwo_code.finish(); }; d.getElementsByTagName('head')[0].appendChild(b); }, init: function () { settings_timer = setTimeout('_vwo_code.finish()', settings_tolerance); var a = d.createElement('style'), b = 'body{opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important;}', h = d.getElementsByTagName('head')[0]; a.setAttribute('id', '_vis_opt_path_hides'); a.setAttribute('type', 'text/css'); if (a.styleSheet) a.styleSheet.cssText = b; else a.appendChild(d.createTextNode(b)); h.appendChild(a); this.load('//dev.visualwebsiteoptimizer.com/j.php?a=' + account_id + '&u=' + encodeURIComponent(d.URL) + '&r=' + Math.random()); return settings_timer; } }; }()); _vwo_settings_timer = _vwo_code.init(); var _paq = _paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(["setCookieDomain", "*.varma.fi"]); _paq.push(["setDomains", ["*.varma.fi"]]); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//piwik.varma.fi/piwik/"; _paq.push(['setTrackerUrl', u+'piwik.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s); })();