Customer Register

Data controller

Mandatum Life Insurance Company Limited (Mandatum Life) (Business ID 0641130-2)
Bulevardi 56
00120 Helsinki
Finland

Contact information for the data protection officer

Mandatum Life data protection officer contact is following:
Mandatum Life Insurance Company Ltd.
Vesa Tupala, Data Protection Officer
P.O. Box 627
FI-00101 HELSINKI
Finland
dpo@mandatumlife.fi

In Baltics you can contact Mandatum Life’s customer service in each country with regard to data protection issues.

Mandatum Life, Customer Service
Lõõtsa 12, Tallinn, tel. +372 6 812 300

Kronvalda bulvāris 3 – 3, Rīga, LV-1010
LV tel. +371 67503333

Saltoniškių g. 2, Vilnius LT-08126
LT +370 5 210 9390 Vilniuje

Purpose and legal basis for the processing of personal data

The purpose of processing personal data is managing Mandatum Life’s insurance and wealth management operations, including the marketing, offering, development, sales and administration of services and products, as well as the arrangement of customer events. To fulfil our statutory obligations, we process personal data e.g. on the basis of legislation related to the knowledge of a customer and the insurance company’s risk management. We also process personal data due to enquiry, reporting and storage obligations based on legislation, administrative provisions and instructions. Personal data is also processed to carry out customer satisfaction surveys and for statistical purposes.

The legal basis for the processing of personal data is the fulfilment of the legal obligation of Mandatum Life, the implementation of the agreement between Mandatum Life and the customer and the fulfilment of the legitimate interests of Mandatum Life (for example, with regard to carrying out customer satisfaction surveys, developing services and marketing to potential customers) and in certain cases -consent.

Categories of data subjects

  • Insurance customers (insured persons, policyholders and beneficiaries), their representatives and payers of insurance premiums
  • Wealth management customers and their representatives
  • Potential customers
  • Former customers
  • Persons related to corporate customerships
  • Persons regarding whom the processing of personal data is related to the statutory obligation set for the register owner (for example, beneficial owners and related parties of politically influential people)

 Disclosure of data

We may disclose personal data to authorities and other parties referred to law regulating insurance activities or other regulations, mainly to the following:

  • Authorities
    • Personal data may be disclosed to authorities, for example, the tax authorities and enforcement offices, when required by law.
  • Other insurance companies
    • Personal data may be disclosed to another insurance company in reinsurance situations.
  • The Estonian insurance companies high risk persons register
    • When the insurance application is being processed, the customer’s data might be checked on the basis of personal data in the high risk persons register.
  • Companies belonging to the same group or conglomerate referred
    • With regard to the Sampo Group, data may be disclosed to the If insurance company but we ask consent separately to do so.
  • Recipients carrying out scientific or historical research.

Transfer of personal data outside the European Union or the European Economic Area

We primarily process data within the EU and the EEA. If data is transferred outside the EU and the EEA (for example, in such a way that the data is processed or stored on servers located in these countries) to countries for which the European Commission has not issued a decision of adequacy of data protection, we will take care of the data protection, for example, by utilising standard contractual clauses approved by the European Commission. Sensitive data is not transferred outside the EU and the EEA. Transferred data is processed only on behalf of Mandatum Life.

Retention period for personal data

The customer’s data is stored 13 years after the end of the most recent contract or payment of the most recent out payment. Data related to the know your customer obligations is stored for 5 years in Estonia, 10 years in Latvia and 8 years in Lithuania after the end of the most recent contract. Telephone recordings, what we are doing in Estonia, are stored for 10 years.

Data related to taxation and reporting obligations (incl. obligations resulting from international FATCA/CRS agreements) are stored for 10 years after the end of each tax year.

Data of persons who have received an insurance quote is retained up to 5 years after the quote was made, if the quote did not lead to a contract. We store the data of other potential customers for a maximum period of 3 years.

Categories of personal data

We process personal data only to the extent necessary and as required by law. The data we process depends on what person or customer group you belong to.

  • Basic customer data
    • For example, name, date of birth, identification number, contact information, language, nationality, information of power of attorney and guardianship information, health data.
  • Customer’s contract data
    • For example, contract type and category, customer’s status in policy (insured person, policyholder or beneficiary), financial data, insurance premiums, insurance savings, sensitive data, contract validity, start and end date, information on the quote the contract was based on, health reports, potential constraints and beneficiary provisions.
  • Data related to insurance premiums
    • For example, payments made, open invoices and debt collection data.
  • Data related to life insurances
    • For example, insurance needs assessments, tax data, medical examinations and reports, as well as professional and hobby data that have an effect on risk.
  • Data related to investment-linked insurances
    • In addition to the above, for example, investment type and category, fund data, investment plan.
  • Communication
    • For example, online messages, marketing authorisations and opt-out, information from the contact channel, information on meetings and telephone data
  • Telephone records
    • Records from Mandatum Life’s customer service only in Estonia
  • Data required by specific legislation
    • For example, data processed and stored under the legislation related to the prevention of money laundering.
  • Links to customers
    • For example information on representing a company or organisation, information on being a corporate or institutional customer.
  • Responses to customer satisfaction surveys

Rights of the data subjects

You have the right to access your personal data processed by Mandatum Life, the right to correct the data and, when the conditions are fulfilled, the right to delete the data, the right to limit or resist the processing of the personal data, as well as the right to transfer the data elsewhere. To learn more about your rights and how to use them, please see Mandatum Life’s privacy policy.