Information on processing of personal data within Alandia
When using Alandia in information, this refers to Alandia Försäkring Abp and Alandia’s subsidiaries. Alandia is granted concession in Finland and its operations are monitored by the Finnish Financial Supervisory Authority “FIN-FSA”; www.finansinspektionen.fi, and the Data Ombudsman’s Bureau; www.tietosuoja.fi. In cross-border trade, Alandia’s operations can be monitored by other supervisory authority, for example in Sweden, by the Swedish Financial Supervisory Authority “FI”; www.finansinspektionen.se and The Swedish Data Protection Authority; www.datainspektionen.se
Unless otherwise stipulated, Alandia is responsible for personal data. Alandia processes personal data in accordance with the General Data Protection Regulation, the Finnish Insurance Companies Act and industry-specific recommendations.
In the processing of personal data, good information security is ensured and those who handle the personal data are by law obliged to handle all personal data by confidentiality.
The legal basis for the processing of personal data in claims is for fulfilling agreements, legal obligation and asserting or defending legal claims. If the personal data is sensitive, Alandia processes the personal data to establish, assert and defend legal claims.
Alandia process personal data when a request for a claim is made. In connection with this, Alandia may also handle information about persons who are injured, causing, witnesses or otherwise related to a claim, how the claim occurred and the prevailing conditions. Depending on insurance and claim, Alandia may also need to process personal data that is sensitive.
The lawfulness for the processing of personal data in claims is for fulfilling agreements, legal obligation and asserting or defending legal claims. If the personal data is sensitive, Alandia processes the personal data to establish, assert and defend legal claims.
Alandia is obliged in some cases to
- keep records of customer complaints,
- record incidents and,
- act on money laundering and terrorist financing.
Alandia’s legal basis for these proceedings is to fulfil legal obligations.
Alandia process personal data to provide information, give advice and for marketing for products and services.
If personal data is processed as part of a commercial relationship the lawfulness of the processing is Alandia’s legitimate interests and if the receiving party is not a part of a commercial relationship the lawfulness of the processing for Alandia is consent. The receiver can choose to unsubscribe from the marketing.
In product and service development, Alandia’s analyses can be based on data consisting of personal data collected from Alandia’s website.
The lawfulness of the processing is Alandias´s legitimate interest in being able to perform customer and business analysis to improve the product range and customer experience.
The personal data that Alandia process is mainly related to costumers, brokers, witnesses, surveyors, lawyers, service providers and other business partners.
Alandia process personal data in the following categories:
1. Identification data , e.g., costumer identification number or national identity number.
2. Contact details, e.g., name, adress, telephone number or e-mail.
3. Insurance and financial information e.g., costumer data, insured objects and claims data.
4. Creditdata, e.g., data on costumers credit worthiness.
5. Data that are required by law, e.g., residence of taxpayer and customer due diligence´ data.
6. Special categories of personal data, e.g., personal data concerning health.
7. Personal data relating to criminal convictions, offenses, sanctions and PEP e.g., personal data collected in the case of suspected fraud.
8. Personal data related to communication, e.g., e-mail and logs.
9. Personal data indirect relates to a person, e.g., area code.
10. Personal data related to children below the age of 16 years, e.g., in claims.
Alandia will not pass or disclosure any confidential information if not the data subject has given his consent or Alandia is required by law to do so.
When data processors processes person data on behalf of Alandia the processor is obliged to handle the personal data under the same requirements as Alandia regarding information and data security.
Alandia hires suppliers and processors outside the EU / EEC. These ensure that personal data is protected in a correct manner and in accordance with the requirements set by the General Data Protection Regulation.
Alandia may need to retain personal data for following reasons:
- To fulfil regulatory requirements; e.g. anti money laundering, book-keeping and costumer complains,
- To fulfil Alandia’s obligations in accordance with an agreement,
- To conduct marketing or
- To establish, exercise or defence legal claims.
Personal data in connection with claims and legal obligations will be retained if the case is not time barred. The legal requirement determines the retaining period for the personal data processed
Personal data retained for regulatory requirements will not be retained after the legal requirements have expired.
When Alandia request and receives consent to process personal data for marketing the data subject can withdraw the consent. By that Alandia is obliged to stop processing the personal data. Withdrawing consent cannot be back-dated.
Alandia respects the data subject’s rights regarding the processing of personal data. If the data subjects want to exercise these, he should contact Alandia. The data subject must state which right he wishes to exercise and, if possible, state which information the request relates to. Alandia will respond to the data subject´s inquiry within a month. If the request cannot be answered within one month, Alandia will give a reasoned answer to the data subject.
The data subject shall have the right to access their personal data stored in Alandia and to get a copy of the personal information.
The data subject has the right to have inaccurate data rectified or completed if it is incomplete.
The right to be forgotten is not absolute and only applies in certain circumstances:
- The personal data is no longer necessary for the purpose which it was originally collected or processed for
- Alandia rely on consent as the lawful basis for holding the data, and the individual withdraws their consent
- Alandia rely on legitimate interests as the basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing
- Alandia process the personal data for direct marketing purposes and the individual objects to that processing
- Alandia have processed the personal data unlawfully
Data subjects have the right to object to the processing of their personal data in certain circumstances, which e.g. includes an absolute right to stop their data being used for direct marketing.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. If the data subjects want to use his right he shall contact Alandia.
If the data subject is not satisfied with the way Alandia is processing the personal data, he may contact Alandia´s DPO (dpo@alandia.com) and have the right to file a complaint to the relevant local supervisory authority, in Finland Dataombudsmannens byrå, Bangårdsvägen 9, 6:e vån, 00520, Helsingfors, e-mail tietosuoja@om.fi, www.tietosuoja.fi.