Protection of personal data
Varma provides pension cover in accordance with the Employees Pensions Act (TyEL) and the Self-employed Persons Pensions Act (YEL). In order to carry out this task, Varma maintains and handles the personal data of the insured and pension recipients. Regulations concerning the handling of personal data within the earnings-related pension system are laid out in the Employees Pensions Act (TyEL) and other insurance and insurance company legislation.
What data does Varma collect?
We collect the personal data of policyholders, i.e. employers and self-employed persons, the insured and pension applicants and recipients, and from official registers that Varma is legally entitled to use. We may also collect your personal information for different purposes based on your consent. You have the right to cancel your consent at any time. The cancellation of consent does not affect the legality of consent-based processing that took place prior to the consent being cancelled.
As part of its investment operations, Varma is a developer of rental flats and grants customer credit. Personal data is gathered from persons applying for flats and from lessees in connection with rental activities. In addition to the information provided by the applicants for flats and credit themselves, Varma verifies their credit information. Personal data on private customers and guarantors is compiled in the loan register.
We gather personal data expressly for the above-mentioned purposes and only to the extent that is necessary. We try to ensure that the data is accurate, complete and up-to-date.
The personal identity code is used as an identifier in Varma’s pension insurance operations, the renting of flats and granting of credit. When making pension decisions and selecting lessees on social grounds, we may also deal with sensitive data such as data concerning a person’s state of health.
Recording of customer phone calls and information related to the Chat service to improve quality
The customer calls made to our customer service numbers are recorded in order to improve the quality of our customer service. The person’s identification information is removed from telephone calls intended for training purposes. Discussions that take place in our Chat service are saved for statistical purposes in order to improve quality.
Phone call and Chat information is saved securely and in accordance with the data protection legislation. The information is processed in accordance with regulations that are binding on Varma and is not used for any other purpose. Read more about prosessing of your personal data at Varma.
You can check your personal data
The file descriptions of the personal data files are available on this website and also at the company’s service point at the address Salmisaarenranta 11, Helsinki. Everyone who has personal data in the registers maintained by the company has the right to check the data pertaining to themselves and to request that any erroneous data be corrected.
Disclosure of information to third parties
The personal data in our registers can be disclosed to, for example, the Finnish Centre for Pensions and other parties implementing statutory pension cover and social security. Data is disclosed to authorities in accordance with the law. Data is not disclosed to outside parties. Unless expressly prohibited by the data subject, this information can be used for direct marketing purposes, in accordance with the regulations concerning the protection and processing of personal data valid at any given time. Varma may use subcontractors to process data.Subcontractors are required to sign a non-disclosure agreement, and personal data protection is secured through contractual arrangements. Varma can disclose personal data to the authorities of other social security agreement countries also outside the European Union when carrying out tasks related to earnings-related pension cover.
Data is safe with Varma
Our personnel are bound by confidentiality as dictated by law. In addition Varma’s personnel must enter into a non-disclosure agreement as part of their employment contracts.
Varma maintains high-quality data security in its internal data network. The transfer of personal data in the public data network is secured using sufficiently secure and appropriate encryption technology.
The company’s eServices may contain links to websites maintained by other instances. Varma is not responsible for the activities of the providers of these websites.
The EU General Data Protection Regulation
The EU's new General Data Protection Regulation (GDPR) entered into force on 25 May 2018. Varma prepared for the regulation by developing its operations such that they comply with the new regulation. Work on our IT systems in the area of data protection is also under way. As a controller, Varma requires that its contractual partners who process personal data comply with the GDPR in their role as processors. This requirement will be implemented by including data processing in contractual arrangements. Before the GDPR entered into force, we had also adopted
The impacts of the EU's data protection regulation – clarifying statement (pdf).