Asioi turvallisesti kanssamme. Lue, mitä me teemme turvallisuuden hyväksi ja kuinka voit itse vaikuttaa verkkoasiointisi turvallisuuteen.
Processing of personal data
The processing of personal data is an integral part of the operations of a lifelong security company. Therefore, we consider the careful and safe handling of personal data to be of prime importance. When processing personal data, we comply with legislation, follow good data management and processing practices, and exercise caution. We take measures to ensure that the privacy and other fundamental rights of our customers are not violated.
The staff of LocalTapiola Group are bound by a statutory obligation of confidentiality. Thus, the obligation of confidentiality ensures also the confidential processing of our customers' data.
What personal data do we collect?
We collect from our customers only data that is appropriate and relevant for the purpose of the product or service. The type of data collected from each customer at a certain situation is determined by the purpose of the product or service.
We may collect, for example,
- name and personal ID code for identification
- contact information (address, phone number and email address) for communication
- data related to customer relationship and management (e.g. age, mother tongue, submitted customer feedback and communications)
- recorded customer calls
- data related to purchases of services and products (e.g. bank account number and health declarations)
- data needed for meeting legislative requirements (e.g. data required by the Money Laundering Act)
- data on choices made by the customer, such as consents, restrictions or refusals related to the use of personal data
We have prepared register descriptions for the personal data registers. More information on the register descriptions is available in the section on register descriptions or at LocalTapiola offices (https://www.lahitapiola.fi/henkilo/asiakaspalvelu/yhteystiedot). Register descriptions can also be requested by emailing firstname.lastname@example.org.
Where do we collect personal data?
We collect personal data primarily from our customers in connection to use or sales of products or services as well as directly in other customer dealings. We receive data on our customers also when they participate in campaigns, surveys or contests. We may also receive data from parties authorised by customers.
In addition, we receive data from public registers and records managed by authorities and from credit information databases and registers listing customers who have engaged in fraudulent activities. For example, the Finnish Population Information System (VTJ) is used to ensure the accuracy and currency of the data.
We collect data from potential customers in connection to contests and prize draws.
Customer data is collected also using cookies. More information on cookies is available in the section on cookies.
For what purposes do we collect data?
We collect, store and process our customers' personal data only for predefined purposes of use. We may use the data we collect, for example, to determine how we can provide our customers with the best service and deliver our customers personalised products and services. We use personal data for purposes including:
- providing products and services
- fulfilling our contractual obligations
- identification of customers
- customer service
- marketing and opinion surveys
- enabling participation in and management of prize draws, contests or similar campaigns
- business operations, e.g. development and improvement of new products or services, identification and investigation of possible abuse, and internal quality assurance
- fulfilment of legal requirements and claims
Who processes the personal data and to whom is the data disclosed?
Companies part of the LocalTapiola Group may process our customers’ personal data in accordance with the current data protection legislation. However, access to personal data is granted only to employees whose job duties require the processing of personal data.
We disclose data we have received to third parties only with the consent of the customer concerned or when the disclosure of data is based on a provision of law. In such cases, we always ensure contractually that our customers’ personal data is processed carefully and in accordance with the data protection legislation.
Personal data is transferred outside of the European Union or the European Economic Area only in accordance with the data protection legislation, for example by using the standard contractual clauses approved by the European Commission.
How long is the data stored?
We store our customers' personal data only for as long as is necessary for their intended purpose or for as long as required by contract or law. Because of the regulation of the finance sector, we are obliged to store our customers' data throughout the duration of a customer relationship and in some cases after its termination. For example, we may be obliged to store some customer personal data in order to comply with accounting or other compelling legislation even after the termination of a customer relationship or other basis for the processing of personal data.
We do not store personal data that is not necessary for our business operations. Our customers can influence the storage time of their data according to the options described under Rights of the Registered.
Calls and chat conversations
We record customer phone calls and chat conversations to prove that a call or conversation has taken place. In addition, random calls may be recorded for short-term use in training, quality assurance and development of customer service.
We do not record all calls to or from LocalTapiola: the calls subject to recording include calls related to claims in non-life insurances, to LocalTapiola Life Insurance Company's insurance and claims issues, or any calls related to execution of asset management tasks.
The purpose of recording of phone calls is to prove, for example, that communication related to an incident of loss or claim or to asset management has taken place. The opportunity to investigate an event afterwards in unclear cases using recordings is in the interests of both the customer and LocalTapiola.
Call recordings and chat messages are subject to the confidentiality obligation and will not be disclosed to third parties except in situations permitted by law. We process call recordings with the same care as other personal data.
To protect personal data, we use technical and organisational information security measures in line with necessity and best practices. All our partners responsible for personal data storage as well as their systems have been audited or otherwise inspected.
Personal data is secured in such a way that accessing, disclosing, destroying or other processing is done appropriately and only by persons with the right to carry out the activities.
The protection of personal data is safeguarded for example with firewalls, different cryptographic techniques, and by ensuring the safety and appropriate access control of the equipment rooms. Appropriate access to personal data is ensured through access management processes, and the access is always based on work assignment and job role.
The processing of personal data is monitored for example by logging. Logs reveal what, why and when something occurred. Logs are used to investigate errors or to make sure that errors have not occurred and that the processed data is accurate. Staff participating in the processing of personal data is trained and instructed regularly. The operations of subcontractors are also regularly inspected and audited.