Good to know
Transact safely with us. Read about the steps we take to ensure safe transacting and how you can contribute to the safety of your online transactions.
Processing of personal data
The processing of personal data is an integral part of the operations of a lifelong security company. Therefore, we consider the careful and safe handling of personal data to be of prime importance. When processing personal data, we comply with legislation, follow good data management and processing practices, and exercise caution. We take measures to ensure that the privacy and other fundamental rights of our customers are not violated.
The staff of LocalTapiola Group are bound by a statutory obligation of confidentiality. Thus, the obligation of confidentiality ensures also the confidential processing of our customers' data.
We only collect data that is appropriate and relevant for the use of products and services from our customers. The purpose of use of a product or service determines what type of information we collect about our customers in different situations.
We collect data such as
- name and personal identity code to identify you and verify your identity definitively
- contact information (address, telephone number and email address) so that we can contact you
- information related to the customer relationship and its management (such as age, native language, customer feedback provided and contacting)
- recorded customer calls
- information related to buying services and products (such as account number and health declarations)
- information required for fulfilling statutory obligations (such as the information required by the Anti-Money Laundering Act)
- information on the choices made by the customer, such as consent, restrictions and prohibitions regarding the use of personal data
We have drawn up privacy notices on the personal data we store, which can be found in the section on privacy notices or at LocalTapiola offices.
We collect personal data primarily from our customers in connection to use or sales of products or services as well as directly in other customer dealings. We receive data on our customers also when they participate in campaigns, surveys or contests. We may also receive data from parties authorised by customers.
In addition, we receive data from public registers and records managed by authorities and from credit information databases and registers listing customers who have engaged in fraudulent activities. For example, the Finnish Population Information System (VTJ) is used to ensure the accuracy and currency of the data.
We collect data from potential customers in connection to contests and prize draws.
Customer data is collected also using cookies. More information on cookies is available in the section on cookies.
We collect, store and process our customers' personal data only for predefined purposes of use. We may use the data we collect, for example, to determine how we can provide our customers with the best service and deliver our customers personalised products and services. We use personal data for purposes including:
- providing products and services
- fulfilling our contractual obligations
- identification of customers
- customer service
- marketing and opinion surveys
- enabling participation in and management of prize draws, contests or similar campaigns
- business operations, e.g. development and improvement of new products or services, identification and investigation of possible abuse, and internal quality assurance
- fulfilment of legal requirements and claims
Companies in the LocalTapiola Group may process our customers’ data in accordance with the applicable data protection legislation. Only the employees whose work requires them to process personal data may access personal data.
LocalTapiola Group discloses information concerning you to external parties only with your express consent or based on law, for example, to tax authorities. In addition, personal data may be disclosed to parties such as the partners used for producing or providing the services.
As a rule, LocalTapiola Group does not transfer data outside the EU or EEA. If data is transferred outside the EU or EEA, LocalTapiola will ensure that the processing of personal data complies in all respects with the requirements of data protection legislation. LocalTapiola Group transfers personal data outside the EU or EEA only to partners whose reliability it has verified. Typically, data may be transferred when a system is being developed or repaired by our partners.
Due to the regulation of the finance sector, we are generally obliged to store our customers' data throughout the duration of the customer relationship and, in part, also after its termination. If storing the data is necessary due to a statutory obligation or contract, for example, LocalTapiola is obliged to store the data for such a purpose for as long as is necessary. The operations of the finance sector are long-term by nature, and the retention periods are consequently very long. The purpose of the retention periods is to secure the rights of both the customers and LocalTapiola.
We do not retain any personal data that is not necessary for our business operations.
We record customer phone calls and chat conversations to prove that a call or conversation has taken place. In addition, random calls may be recorded for short-term use in training, quality assurance and development of customer service.
We do not record all calls to or from LocalTapiola: the calls subject to recording include calls related to claims in non-life insurances, to LocalTapiola Life Insurance Company's insurance and claims issues, or any calls related to execution of asset management tasks.
The purpose of recording of phone calls is to prove, for example, that communication related to an incident of loss or claim or to asset management has taken place. The opportunity to investigate an event afterwards in unclear cases using recordings is in the interests of both the customer and LocalTapiola.
Call recordings and chat messages are subject to the confidentiality obligation and will not be disclosed to third parties except in situations permitted by law. We process call recordings with the same care as other personal data.
We use the necessary and best-practice technical and organisational data security methods to protect personal data. All our partners responsible for storing personal data and their systems have been audited or otherwise inspected.
Personal data is protected to ensure appropriate access to, disclosure, deletion or other processing of data.
The protection of personal data is secured by measures such as firewalls, various encryption techniques and by ensuring the security and appropriate access control methods of data centres. Appropriate access to personal data is ensured through access rights management processes, in which access rights are always based on tasks and work roles.
The processing of personal data is monitored through measures such as logging. Log data indicates what, why and when something happened. The data is used to resolve error situations, to ensure that no errors occurred and that the processed data is correct. The employees involved in processing personal data are regularly trained and provided with instructions. In addition, subcontractors’ operations are inspected and audited as necessary.