1. Varma’s eServices
These Terms apply to the digital Varma eServices (Service) that are produced by Varma Mutual Pension Insurance Company (Varma) and which can be used by entrepreneurs or employers (Customer) to manage their affairs with Varma. In the Service, the Customer can manage, among other things, its insurance and financial matters (Insurance Policies) and examine information related to its company’s work-ability management (Work-Ability Risk Management). In addition, the Customer can send messages and attachments securely in the Service.
The Service requires that the Customer be a current policyholder with Varma, and it can be used for as long as it is necessary to perform actions related to terminating the insurance policy.
Use of the Service requires the Customer’s identification. Customer identification takes place via the Suomi.fi service using the strong identification means chosen by the Customer. For identification, the customer must have a personal, strong means of identification, a mobile certificate or personal Finnish banking codes. If the Customer is not using any of the above-mentioned means of identification, Varma will give the Customer a user ID to use the Service once the Customer has provided Varma with some other reliable proof of identity.
3. Confidential earnings-related pension information and data protection
The Customer acknowledges and accepts that the Customer’s confidential information is processed in the Service.
The Service contains confidential information on Varma’s policyholders and confidential personal data on Varma’s insured and pensioners that is subject to insurance secrecy. The information in the Service includes confidential earnings-related pension information on Varma’s insured persons and pensioners at the individual level, such as information on their earnings and their right to pension, as well as information on the Customer’s trade secrets and financial position, such as information on the Customer’s earnings-related pension contributions and confirmed income. Information in the Service concerning pension decisions may include information on special categories of personal data as referred to in the EU’s General Data Protection Regulation (GDPR), for instance information on work ability, which must be processed with special care.
The Customer and Varma are both controllers according to the GDPR and are responsible, each for their own part, for processing personal data based on the GDPR and the data protection legislation or regulation (Data Protection Legislation) valid and applicable at any given time. As a regulatory operator, Varma provides pension cover in accordance with the Employees Pensions Act (TyEL) and the Self-Employed Persons Pensions Act (YEL). Varma processes and maintains the Customer’s personal data in the above-mentioned task. The Service is part of the earnings-related pension insurance customer relationship.
The Customer acts as a controller when managing earnings-related pension matters as part of its financial and HR management and using the information in the Service for that purpose. In acting as a controller, the Customer commits to process personal data in compliance with the Data Protection Legislation and in accordance with the purpose for using the aforementioned data. The personal data in the Service can be processed only by persons who have the right to process the personal data in question by virtue of their job. Special attention must be paid to this when it comes to an individual’s work-ability-related employment pension information contained in the Service. The same applies to business secrets in the Service.
More information on Varma’s processing of the Customer’s personal data is available in Varma’s separately maintained information material concerning TyEL companies’ contact persons and YEL and TyEL insured persons. See the relevant information materials on each group of data subjects.
4. Customer’s responsibility when using the Service
The Customer is responsible for ensuring that the Service is used in compliance with these Terms, with Varma’s guidelines given at any time, and with the applicable legislation. The Customer shall assume responsibility for all transactions carried out using the Service’s user rights. The contents of the transactions and messages in the Service are considered to correspond to those saved in the System. The Customer is responsible for ensuring that no illegal or inappropriate material is sent to the Service and affirms that its communication in the Service does not violate anyone’s right to privacy.
5. Varma’s responsibility for the Service
Varma is responsible for the operation of the Service when fulfilling its statutory duty, and ensures the correctness of the information in the Service. The information in the Service is partly of a general nature, and Varma cannot guarantee its fitness for a particular purpose. Varma carries out research and studies related to managing the disability risk. The information in the Service may be used anonymously in this research and study work. The results of research and studies that have been carried out may also be used at Varma to develop services and operations and in communications and marketing.
Varma assumes no liability for loss or damage caused by non-operation of the Service. Varma accepts no responsibility for damage, costs or losses arising from the use of the Service or from inability to access or use the Service or for any loss or damage relating thereto. Nor does Varma accept liability for any loss or damage arising from telecommunications failures, computer system errors, harmful programs or data security risks. Varma does not guarantee that the Service will function without interruption or error.
The Service may also offer connections (links) to third-party services. Varma is not responsible for the contents or availability of such third parties’ services, nor for the correctness of the information provided by third parties.
Varma has the right to limit or terminate the Customer’s use of the Service or to remove user rights if the use of the Service infringes on these Terms, legislation, information security or official regulations.
6. Data security
User rights to the Service are personal and non-transferrable. The Customer is responsible for carefully storing user IDs and passwords such that they do not fall into unauthorised hands. The information in the Service is processed by persons who are subject to an obligation of secrecy, and the Customer is responsible for guiding these persons in matters concerning data protection and information security. The Customer is responsible for the user rights it grants to the Service and for all actions it performs in the Service.
Varma and the Customer shall ensure, each for their own part, the information security of personal data through appropriate technical and organisational arrangements in order to prevent the unauthorised use of personal data and other Customer information and to prevent the unintentional disappearance, altering, destruction or damage thereof.
The Customer is obligated to notify Varma immediately if the Customer becomes aware of the unauthorised use and unintentional loss, alteration, destruction or damage of customer information where this is related to the Service offered by Varma to the Customer. The Customer must notify Varma of such occurrences by phone at the number 010 192 100 (Mon–Fri, 8 am–5 pm) or via secure email.
7. Authorisation to use the Service
7.1 Access management
The personal information and other customer information contained in the Service can be processed only by named persons who have the right to do so by virtue of their tasks. The Customer must define the customer organisation’s user rights roles and responsibilities and appropriately document its access management. The Customer is responsible for ensuring up-to-date access management and that all user-right holders fulfil the requirements for being granted user rights. The Customer is furthermore responsible for ensuring that user-right holders process the personal data and other customer information contained in the Service solely for the purposes defined in these Terms.
The Customer must regularly remove expired user rights. The Customer is obligated to terminate the user rights of a user whose employment relationship has ended or whose work role has changed such that the criteria for having user rights are no longer met. The Customer is bound by and responsible for all actions performed by user-right holders in the Service, within the limits and period of validity of their user rights.
The Customer must appoint at least one Service administrator, who, as the controlling person responsible, shall be responsible for ensuring that the user rights are up to date and that the rights to the Service have been appropriately granted. The administrator may add, change or remove user rights in the Service such that it is binding on the Customer.
The Customer is responsible for the administrator’s actions. The administrator may also have another task-based role on the basis of which he/she may add, change or remove his/her own user rights to or from the Service. The Service’s administrator manages, based on his/her position in the Customer’s organisation, all the Customer’s user rights related to using the Service and oversees all the Customer’s user rights to the Service. The administrator defines the extent to which a user is authorised to use the Service.
7.3 Notification of changes
The Customer can notify Varma of changes concerning user rights. If the notification arrives at Varma outside of its service hours, it shall be deemed to have arrived on the next weekday at 8 am. Varma’s service hours are weekdays from 8 am until 4 pm.
8. Equipment, software and telecommunication lines
The Customer shall purchase, at the Customer’s own expense, all the necessary equipment, software and telecommunication lines required for the Service and shall also be responsible for their operation and maintenance costs, as well as for their functionality and compatibility with the Service. Varma and the Customer shall each be responsible for the proper information security of their own information systems.
9. Intellectual property rights
Varma reserves the proprietary rights, copyright and other immaterial rights to the Service, unless separate notice has been given. Varma is responsible for ensuring that the Service does not violate the intellectual property rights of a third party.
The Customer may save or print material from the Service solely for the Customer’s own use. Copying, disseminating and modifying material, as well as linking websites and all commercial use or publication of material without Varma’s explicit written consent are prohibited.
10. Changes and termination of the Service
Varma retains the right to change these Terms and the Service. If the change increases or substantially weakens the Customer’s rights, Varma shall inform the Customer of the change via email or in a service message prior to the change taking effect. The Customer is considered to have received Varma’s notification at the latest on the seventh (7) day from when the notification was sent to the Customer via email or in a service message.
The Customer is considered to have accepted a change to the Terms once notification of the change has been given in the manner described above and the Customer uses the Service after the change has been made. If the Customer rejects the change that has been made, the Customer must refrain from using the Service and immediately notify Varma thereof. The Customer must terminate the web service agreement concerning the Service in writing before the change takes effect.
Varma shall always have the right to stop providing the Service.
The Customer’s right to use the Service ends when the actions related to terminating the Customer’s insurance policy have been completed. The Customer shall not be entitled to any compensation due to the termination of the use of the Service. If the Customer has had an interface in use via the Service, information can no longer be transmitted via the Service’s interface once the insurance agreement ends. Information that is transmitted before the insurance agreement has ended remains in the Customer’s use.
11. Supervisory authority and applicable law
Varma’s insurance business is supervised by the Finnish Financial Supervisory Authority (FIN-FSA). Contact information: Finnish Financial Supervisory Authority, Snellmaninkatu 6, P.O. Box 103, FI-00101 Helsinki, Finland. Tel. +358 10 831 51. These terms and conditions are governed by Finnish law.