Privacy statement for recipients of fees, employees of contractual partners and external board professionals
Elo processes the personal data of the persons working on its commission, persons receiving fees, and employees of contractual partners, as well as external board professionals for the performance of agreements. We process personal data in accordance with the currently applicable legislation and ensure the protection of privacy. This privacy statement describes in more detail the purposes for which Elo processes personal data and how information is processed.
Data controller and Data Protection Officer
The data controller for your personal data is Elo Mutual Pension Insurance Company (”Elo”), at Revontulentie 7, 02100 Espoo, p. 020 703 50 (switchboard)
Read more about data protection at Elo or get in contact with our Data Protection Officer:
Sari Läntinen, tietosuoja@elo.fi, p. 020 703 50 (switchboard).
For what purposes do we process your personal data?
The personal data of employees of contractual partners (e.g., consultants, maintenance personnel) is processed for communication, access management and access rights management. It is our legal obligation to enable and control access, as well as the management of systems and access rights. We also process personal data based on a legitimate interest in connection with access management and camera surveillance to ensure the safety of those on the premises and to prevent situations where security or property may be at risk and to ensure uninterrupted working environment on our premises. More information about personal data processing in connection with access control and camera surveillance can be found here.
In connection with our investment operations, we process the information about external board professionals and other persons that are available for board positions. The processing is based on a contract in the case of an active board appointment. We also process information about potential external board professionals. In this case, the data processing is based on our legitimate interest to identify potential board members.
What personal data do we process about you?
Your personal data is any information that can be linked to you or used to identify you. We process your personal data only to the extent that is necessary for the performance of the tasks.Read more about the purposes of processing, personal data categories and legal bases of processing >
What are the sources of your personal data?
Elo collects the personal data persons working on a commission or receiving fees directly from the person or his or her representative. Personal data of the employees of contractual partners or service providers are collected directly from the person, or the company represented by him or her. Access control and camera surveillance are also carried out at Elo’s office premises, from which personal data can be collected. We receive information about board professionals directly from the data subject, as well as from Elo’s own information collecting.To whom is your personal data transferred or disclosed?
Information is only disclosed to third parties when the recipient has the right, by law, to receive information from Elo, or in exceptional circumstances upon consent of the data subject. Elo discloses the information of fee recipients for example to the Incomes Register.Elo uses trusted external service providers, which process personal data on behalf of Elo. These are for example information system providers.
Will your data be transferred outside Europe?
Elo does not, in principle, transfer the personal data of fee recipients, employees of contractual partners or external board professionals outside European Union or European Economic Area.How long do we retain your data?
We retain your personal data only as long as necessary to fulfil the purposes set out in this privacy statement or in accordance statutory retention periods, after which the data will be deleted.Personal data processed for the payment of fees and expenses are retained for 10 calendar years from the last payment made, unless a longer retention period is provided elsewhere in the legislation.
The basic access management information is retained for the duration of the contractual relationship and the access control logs for two years. Personal data that is processed for the system, device and access management purposes is retained for three months from the end of the contractual relationship, after which they shall be stored for ten years in the history database of the system.
We process information about board professionals for ten years from the end of the contract. We process information about potential board professionals as long as he or she is available, or for five years.
What are your rights as a data subject?
You have the rights provided by data protection law to the personal data processed at Elo.
• Right to access data: You have the right to know what information Elo is processing about you. You also have the right to receive a copy of the data that is being processed as well as the necessary information related to the data processing.
• Right to rectify information: You have the right to have inaccurate, outdated, or incomplete information about yourself rectified or supplemented.
• Right to deletion of data: You have the right to request the deletion of information concerning you under certain conditions. Personal data may be deleted, for example, if it is no longer needed for the original processing purposes or if you object to the processing of your personal data for direct marketing. Please note that despite of your request, Elo may have to continue processing your information, for example to comply with legal obligations, when it will not be possible to delete the data.
• Right to restrict processing: In certain situations, you have the right to demand that the processing of your personal data is restricted so that Elo only has the right to retain such personal data. You can for example request that the processing of your information is restricted for the period of the investigation, if you consider that the information about you is inaccurate or the accuracy needs to be further investigated.
• Right to request data to be transferred to another system: If the processing of your personal data is based on consent or contract, you have the right to have your data transferred to another data controller. The right of transfer applies to data that you have provided to Elo yourself and that is stored in an electronic information system. If technically possible, data controller must transfer your information directly to another controller.
• Right to object processing: In certain situations, you have the right to object processing of your personal data if the processing is not based on legal obligation or contract.
• Automated decisions, including profiling: You have the right not to be subject of a decision that is based solely on automated processing, such as profiling, which has legal or other significant effects on you.
If you would like to exercise your rights, please submit an identifiable written request to Elo’s Data Protection Officer via email (tietosuoja@elo.fi) or by mailing Elo Mutual Pension Insurance Company, Data Protection Officer, 00041 Elo. Please note that you will need to prove your identity before the request is fulfilled, so please include your up-to-date contact details in the request.
Elo will respond to requests without undue delay, in any case within one month of receipt of the request. The provided information and actions based on the data subjects’ requests are primarily free of charge, unless the requests are manifestly unfounded, unreasonable, or repetitive, in which case Elo may also refuse to fulfil the request on these grounds.
If you suspect that your personal data has been processed in breach of data protection law, you have the right to lodge a complaint with the data protection authority, Office of the Data Protection Ombudsman, P.O. Box 800, 00531 Helsinki or www.tietosuoja.fi.