Skip to content

Terms of use and privacy protection

Varma website – general terms of use

Use of Varma’s website and online and mobile services (the website) requires the user to comply with the following terms and conditions. Please familiarise yourself with them before using the website. In addition to these terms and conditions, special conditions may apply to Varma’s various services. Furthermore, services that require the use of banking codes or mobile certificates are subject to separate general terms and conditions.

The website and information and material contained therein are intended to be used in Finland.

Service provider

The main service provider of the website is Varma Mutual Pension Insurance Company. Visiting address: Salmisaarenranta 11, Helsinki. Mailing address: P.O. Box 1, FI-00098 VARMA, Business ID: 0533297-9. Telephone number: +358 10 2440.


Varma reserves the right to change the website’s terms of use, layout, contents, availability and services provided or other properties of the website or to close down the service at any time without advance notification and for any reason. Varma has the right to interrupt the service during maintenance and updating procedures.

Responsibility of the service provider

The information and material presented on the website cannot be considered as a binding offer, solicitation or other commitment by Varma. You can obtain more information on the products and services offered by contacting Varma.

Every effort has been made to ensure the accuracy of the information on the website. Varma does not accept liability for the accuracy of the contents on the website. The information on the website is of a general nature and Varma cannot guarantee its fitness for a particular purpose.

Varma accepts no responsibility for damage, costs or losses arising from the use of the website or from inability to access or use the website or internet-based services or for any loss or damage relating to them. Nor does Varma accept liability for any loss or damage arising from telecommunications failures, computer system errors, malware or data security risks. Varma does not guarantee that the website will function without interruption or error.

Third party information

Varma accepts no liability for material produced by a third party which may be accessed through a link on the website.

User responsibility

The user is responsible for any actions performed using the website and for ensuring that the information he or she sends through the website is correct and arrives at the intended destination. The user affirms and is responsible for ensuring that he/she does not submit any unlawful or inappropriate material to the website.

The user shall take all reasonable measures to ensure that any material submitted by him/her does not contain viruses or other destructive features.

Immaterial rights

Varma reserves the proprietary rights, copyright and other immaterial rights to the website, unless separate notice has been given. Varma reserves all rights to the website and its contents. The publication, reproduction, transmission or alteration of the website or layout is prohibited without the consent of the immaterial rights holder. This prohibition does not apply to storage on a computer or printing for personal use. The material may be quoted in accordance with the Finnish Copyright Act. In such a case, the source of the material must always be disclosed.

The user retains the right to the blog material that has been produced by the user and which is intended for publication on the user’s pages. The user grants Varma the irrevocable and free-of-charge right to make copies of the material and to publish and make the material available to the public. Varma can make changes to the material to the extent required to benefit from the above-mentioned right. Varma can transfer the rights granted to Varma herein to another party. The user is responsible for ensuring that this material can be used and, if necessary, published, and that it does not breach the copyrights or other rights of third parties.

Personal data

Varma processes personal data in accordance with the data protection legislation and Employees Pensions Act and ensures the protection of privacy in the handling of such data. User data collected in services requiring registration is stored in Varma's person registers. The information is used only for the purposes specified in the register description. Should it be required by a service transaction, Varma will save the messages to secure the contents of the message. Varma will disclose data in its possession to third parties only with the relevant person’s consent or if required by law. Register descriptions in accordance with the data protection legislation and further information on the protection of personal data is available on the website.


It is not possible to guarantee the confidentiality of e-mail messages transmitted via the internet. Users should avoid sending personal data or other messages of a confidential nature to Varma via e-mail.

At the user’s request, Varma is entitled to transmit information via e-mail to an e-mail address specified by the user. Varma is not liable for any damage arising from messages transmitted through the internet.

Messages transmitted through the internet-based insurance folders maintained by Varma are SSL protected.

Supervising authority

Varma's insurance business is supervised by the Finnish Financial Supervisory Authority (Fiva). Contact information for Fiva:
The Finnish Financial Supervisory Authority, Snellmaninkatu 6, P.O. Box 103, FI-00101 Helsinki, Finland. Tel. +358 10 831 51.

Governing law

These terms and conditions are governed by Finnish law.

Collection of information while on the website (cookies)

Current choice: All cookies allowed Analytic cookies are not allowed The chosen haven't been made. Please confirm cookie policy.

This website uses cookies. Cookies are small data files that are saved to your computer and which contain information about your visit on the website. The use of cookies enables Varma to improve the usability of its website, compile statistics on browsing activity and target information to you, the user. Cookies also save so-called personalised information about the pages you have visited.

Cookies save data files on the user’s IP address, time of visit, pages visited and type of browser, as well as the web address and server from which the user arrived at Varma’s website.

Approval of cookies

By visiting the website, you consent to Varma collecting, handling and analysing information related to usage, traffic and transactions on the website and other statistical data relating to the website. Varma may also request this type of information from reliable third parties. It is not possible to identify a person based on this information.

Disabling cookies

You can stop analytics cookies from being saved by clicking the “I do not accept analytics cookies” button. In practice, tracking only ends when you move on to the next page and the page is refreshed. After this, analytics cookies will no longer be loaded to the browser in connection with the loading of a page.

You can stop all cookies from being saved by changing the data security settings in your browser. It should be noted that cookies might be necessary for some services to function properly and as planned. Cookies must be enabled when you use Varma’s services that require logging in.

You can also set your browser settings so that you are informed of cookies being saved and thereafter can either accept or reject the cookie.

More information about cookies and the secure use of web services is available on the Finnish Communications Regulatory Authority’s website.

The Information Society Code, Section 205, states: The service provider may save cookies or other data concerning the use of the service in the user’s terminal device, and use such data, if the user has given his or her consent thereto and the service provider gives the user comprehensible and complete information on the purposes of saving or using such data.

Third party services that use cookies on the website

These services collect information anonymously and do not save any personal data.

The following third-party services which use cookies are linked to the website:

Adform collects information about the impacts of advertising and the user’s advertising-related activity. It is also used to target advertising based on sites the user is interested in.

We monitor the use of and activities on our website with the help of Google Analytics, Hotjar, HubSpot and Matomo. These services save, among other things, the number of visitors and the time they spend on different web pages.

We use Google Tag Manager to set cookies on our website.

The website also uses Facebook Pixel and LinkedIn Insight Tag cookies, which help us target advertising at the users visiting the website and monitor advertising results. However, Varma cannot identify the users that have visited the website.

Read more:
Facebook Pixel
LinkedIn Insight Tag

Data protection and information security

Ensuring data protection and information security is part of Varma’s responsible operations.

Data protection means that privacy protection is ensured when processing personal data. Through data protection, we ensure the confidentiality of data, protect personal data from harmful use and prevent unauthorised disclosure of personal data.

Information security includes all administrative measures and technical solutions with which we protect personal data and other confidential data. Through information security, we ensure that data can only be accessed by those who have the right to do so, when they need the data and that data is in the correct format and that it has not been altered.

Varma’s operations are regulated by the EU’s General Data Protection Regulation (GDPR), which is complemented by the national Data Protection Act. Further regulations on information security are included, for example, in the Act on the Openness of Government Activities and legislation concerning earnings-related pension.

Data is safe with Varma

All Varma employees and individuals working on assignments of Varma are obligated to comply with instructions and legislation related to information security. We ensure this by making sure that we have sufficient competence, for example, through regular training.

Our personnel are bound by confidentiality obligations as provided in legislation. In addition Varma’s personnel must enter into a non-disclosure agreement as part of their employment contracts.

Varma maintains high-quality data security in its internal data network. The transfer of personal data in open data networks is ensured through the use of secure and appropriate encryption technology.

Varma’s online service may contain links to websites maintained by other parties. Varma is not responsible for the activities of the providers of such websites.

Data protection

Protection of personal data

Varma provides pension cover in accordance with the Employees Pensions Act (TyEL) and the Self-employed Persons Pensions Act (YEL). In order to carry out this task, Varma maintains and handles the personal data of the insured and pension recipients. Regulations concerning the handling of personal data within the earnings-related pension system are laid out in the Employees Pensions Act (TyEL) and other insurance and insurance company legislation.

What data does Varma collect?

We collect the personal data of policyholders, i.e. employers and self-employed persons, the insured and pension applicants and recipients, and from official registers that Varma is legally entitled to use. We may also collect your personal information for different purposes based on your consent. You have the right to cancel your consent at any time. The cancellation of consent does not affect the legality of consent-based processing that took place prior to the consent being cancelled.

As part of its investment operations, Varma is a developer of rental flats and grants customer credit. Personal data is gathered from persons applying for flats and from lessees in connection with rental activities. In addition to the information provided by the applicants for flats and credit themselves, Varma verifies their credit information. Personal data on private customers and guarantors is compiled in the loan register.

We gather personal data expressly for the above-mentioned purposes and only to the extent that is necessary. We try to ensure that the data is accurate, complete and up-to-date.

The personal identity code is used as an identifier in Varma’s pension insurance operations, the renting of flats and granting of credit. When making pension decisions and selecting lessees on social grounds, we may also deal with sensitive data such as data concerning a person’s state of health.

Recording of customer phone calls and information related to the Chat service to improve quality

The customer calls made to our customer service numbers are recorded in order to improve the quality of our customer service. The person’s identification information is removed from telephone calls intended for training purposes. Discussions that take place in our Chat service are saved for statistical purposes in order to improve quality.

Phone call and Chat information is saved securely and in accordance with the data protection legislation. The information is processed in accordance with regulations that are binding on Varma and is not used for any other purpose. Read more about prosessing of your personal data at Varma.

You can check your personal data

The file descriptions of the personal data files are available on this website and also at the company’s service point at the address Salmisaarenranta 11, Helsinki. Everyone who has personal data in the registers maintained by the company has the right to check the data pertaining to themselves and to request that any erroneous data be corrected.

Disclosure of information to third parties

The personal data in our registers can be disclosed to, for example, the Finnish Centre for Pensions and other parties implementing statutory pension cover and social security. Data is disclosed to authorities in accordance with the law. Data is not disclosed to outside parties. Unless expressly prohibited by the data subject, this information can be used for direct marketing purposes, in accordance with the regulations concerning the protection and processing of personal data valid at any given time. Varma may use subcontractors to process data.Subcontractors are required to sign a non-disclosure agreement, and personal data protection is secured through contractual arrangements. Varma can disclose personal data to the authorities of other social security agreement countries also outside the European Union when carrying out tasks related to earnings-related pension cover.

File descriptions

Descriptions of processing activities and informing the data subject required by the General Data Protection Regulation

In records that comply with the General Data Protection Regulation (GDPR), we describe how Varma processes its customers’ personal data in its operations, the grounds for processing data, the data the company processes, how long the data will be stored, to whom Varma discloses the data and how data-processing security has been arranged

Read GDPR-compliant records

var sdkInstance="appInsightsSDK";window[sdkInstance]="appInsights";var aiName=window[sdkInstance],aisdk=window[aiName]||function(e){function n(e){t[e]=function(){var n=arguments;t.queue.push(function(){t[e].apply(t,n)})}}var t={config:e};t.initialize=!0;var i=document,a=window;setTimeout(function(){var n=i.createElement("script");n.src=e.url||"",i.getElementsByTagName("script")[0].parentNode.appendChild(n)});try{t.cookie=i.cookie}catch(e){}t.queue=[],t.version=2;for(var r=["Event","PageView","Exception","Trace","DependencyData","Metric","PageViewPerformance"];r.length;)n("track"+r.pop());n("startTrackPage"),n("stopTrackPage");var s="Track"+r[0];if(n("start"+s),n("stop"+s),n("addTelemetryInitializer"),n("setAuthenticatedUserContext"),n("clearAuthenticatedUserContext"),n("flush"),t.SeverityLevel={Verbose:0,Information:1,Warning:2,Error:3,Critical:4},!(!0===e.disableExceptionTracking||e.extensionConfig&&e.extensionConfig.ApplicationInsightsAnalytics&&!0===e.extensionConfig.ApplicationInsightsAnalytics.disableExceptionTracking)){n("_"+(r="onerror"));var o=a[r];a[r]=function(e,n,i,a,s){var c=o&&o(e,n,i,a,s);return!0!==c&&t["_"+r]({message:e,url:n,lineNumber:i,columnNumber:a,error:s}),c},e.autoExceptionInstrumented=!0}return t}( { instrumentationKey:"e0d09fd7-66d8-492a-9be1-1bddb519a28e" } );window[aiName]=aisdk,aisdk.queue&&0===aisdk.queue.length&&aisdk.trackPageView({}); (function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src = '//' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-MJL5CR'); (function(w, t, f) { var s='script',o='_giosg',h='',e,n;e=t.createElement(s);e.async=1;e.src=h+'/live/'; w[o]=w[o]||function() {(w[o]._e=w[o]._e||[]).push(arguments)} ;w[o]._c=f;w[o]._h=h;n=t.getElementsByTagName(s)[0];n.parentNode.insertBefore(e,n); })(window,document,3860); (function(h,o,t,j,a,r){ h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)}; h._hjSettings={hjid:928553,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.async=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'','.js?sv='); var _paq = _paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(["setCookieDomain", "*"]); _paq.push(["setDomains", ["*"]]); _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="//"; _paq.push(['setTrackerUrl', u+'piwik.php']); _paq.push(['setSiteId', '1']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s); })();