Privacy policy and cookies

Data privacy statement

General information

This privacy policy describes the way in which Protector Vakuutus handles personal data. Personal data refers to all information related to identified or identifiable persons. Identifiable natural person refers to natural persons who can be directly or indirectly identified on the basis of identifying information such as their name, social security number, address, e-mail address, location information, licence plate number, or one or more of their distinguishable features, such as physical, physiological or psychological features. When processing personal data, we comply with the EU's General Data Protection Regulation 2016/679 (hereinafter the data protection regulation) and the Data Protection Act (1050/2018), which specifies and complements the above.

Controller

Protector Forsikring ASA, Finland branch (later Protector Vakuutus)

Postal address: PL 230, 00101 Helsinki

E-mail: info@protectorvakuutus.fi

Telephone number: 020 741 4000

Data Protection Officer

Data Protection Officer at Protector Vakuutus, DPO

Postal address: PL 230, 00101 Helsinki

E-mail: dpofi@protectorvakuutus.fi

Name of register

Protector Vakuutus’s customer database

Records of processing activities   

We process personal data in order to provide our customers with insurance services. If, for example, an injury occurs to a person that is covered by an insurance, we need personal information about the injured person in order to fulfil our obligations under the insurance contract and the law.

When processing personal data, we comply with the data protection regulation, current laws, the principles of care and good data processing practices. We operate in a way that ensures that the protection of the private life of the data subjects and other basic rights protecting privacy will not be restricted unless the restriction is based on statutory criteria.

Purposes of use of personal data

• production and management of insurance services and products (insurance operations, making and managing offers, execution and maintenance of insurance contracts, processing of claims)
• monitoring, development, automation, analysis and drawing up statistics of the use of insurance services and products for product and service development
• ensuring the safety of insurance services and investigating abuses
• customer service, management and development of customer relationships, customer communications
• fulfilment of our legal obligations and official regulations and instructions

Personal data is handled by our qualified and expert employees. We use reliable systems protected by strong information security systems to store and process personal data. Please find more information on the principles of personal data protection in section 5.8.

Parameters for processing personal data

We process data subjects' personal data mainly based on the contractual relationship and the measures taken prior to concluding the contract.

The processing of personal data can also be based on

• the data subject's consent, such as consent to obtain treatment information from a treatment facility,
• the legal obligations of the controller, such as the provisions of tax legislation and the Insurance Companies Act (521/2008) or
• the legitimate interests of the controller. In most cases, the legitimate interests of the controller are based on a customer or comparable relationship between the controller and the data subject.

The processing of data subjects' health data is based on legislative requirements and the consent of the data subject.

Registered groups  

Data subjects include insurance and compensation clients, such as

• policyholders
• insured persons
• other parties related to insurances and insurance management such as beneficiaries, caregivers and payers
• other parties related to compensation matters and the handling of compensation cases, such as bodies liable for repayment of compensation.

Grouping of personal data

The personal data processed at Protector Vakuutus can be divided into the following groups

• direct identifiers (such as name, social security number, e-mail address corresponding to name)
• strong indirect identifiers (such as bank account number, telephone number, licence plate number, postal address)
• indirect identifiers (such as age, gender, municipality of residence, postal code, time of incident, occupation, employer)
• customer transaction information (tasks and events related to managing customer relationships, such as changes to insurance policies and information regarding the processing of claims)
• special sensitive personal data (health data)
• recordings and content of messages (recordings and messages in different formats, for example call recordings, in which the data subject was a party)
• information regarding the object and coverage of an insurance (such as the insurance code)
• damage information (such as damage report and information regarding compensation decision)

Particularly sensitive personal data

In some cases, Protector Vakuutus will handle particularly sensitive personal data, such as health data. In such cases, the data subject will be asked to sign a power of attorney so that their personal data can be retrieved from doctors, hospitals, other healthcare providers or public registers, for example. In statutory compensation types, Protector Vakuutus has the right to request information without a separate power of attorney. Power of attorney is strictly limited to the information that Protector Vakuutus needs in order to fulfil its statutory obligations.

​​​​​​​Recipient groups

Recipients refer natural persons, legal entities, authorities, agencies and other bodies to which personal data is disclosed.

Personal data can be disclosed to parties within Protector Vakuutus and to companies belonging to the same economic interest grouping as permitted by law. Personal data may be disclosed to parties outside Protector Vakuutus only under the consent of the data subject or when there is a special legal basis for disclosing the data.

Personal data may be disclosed

• to treatment facilities under consent of the data subject
• to partners involved in the production or provision of services. Such partners can therefore act both as processors of personal data on behalf of the controller and as independent controllers
• as permitted by law, to authorities, such as bailiffs and social welfare authorities, the Financial Supervision Authority and the Finnish Tax Authority.

​​​​​​​Transfer of personal data

Protector Vakuutus does not transfer personal data to third countries or international organisations.

​​​​​​​Data retention periods

Protector Vakuutus determines the retention periods of personal data based on applicable legislation and the efficiency and smoothness of operations, such as claims processing and handling of insurance matters. Insurance operations are long-term in nature, so personal data is stored for a long time. Data subjects’ personal data must often be stored even after the client relationship has ended. The purpose of retention periods is to ensure the rights of both the data subjects and Protector Vakuutus.

Retention periods vary depending on the purpose for which the personal data has been handled. We are obliged to store personal data and documents used for various purposes for the period of time specified in insurance legislation. Retention periods also depend on the type of insurance. For example, in voluntary personal insurance, information about insurance contracts is stored for at least 20 years after the end of the contract. On the other hand, in statutory personal and traffic accidents, the retention period required by law is 100 years from the last date of processing of the claim.

​​​​​​​Principles of personal data protection

Data protection is of utmost importance to us, and we make sure that personal data is processed in accordance with the principles of confidentiality, integrity, accuracy and purpose limitation. To protect personal data, we use the necessary technical and organisational security measures in accordance with best practices, such as

• the restriction and management of data processing rights. Personal data will be processed only by designated persons who have exclusive access to the data in our system
• registration of personal data processing events
• instructing and training of personnel. All our employees have a duty of confidentiality both in relation to external persons and entities and in relation to other employees in our company. The obligation of confidentiality does not end when the employment relationship ends
• storage of processed data in physical form in a locked access-controlled space.
• ensuring the security of IT areas
• various encryption and protection methods (SSL encryption, passwords and other technical means)
• firewalls and division of environments
• access control

We do everything we can to ensure that personal data is processed and stored safely. However, if a situation were to occur in which a data security breach took placer and the severity of the situation was such that it would likely cause a risk to our customers' rights, we will notify both the customers and supervisory authorities in accordance with effective data security legislation. We document all data breaches.

​​​​​​​Rights of data subjects

Right of inspection

Data subjects have the right to receive confirmation from Protector Vakuutus about what personal data concerning them will be processed. Data subjects also have the right to know for what purpose and on what basis the personal data will be processed, to which recipients or groups of recipients the personal data will be submitted, how long the personal data will be retained and where the data comes from.

Right of rectification

Data subjects have the right to demand the correction or completion of incorrect or incomplete information.

Right of deletion

Data subjects have the right to request the deletion of their personal data unless the applicable data protection regulation require the data to be retained.

Other rights

In certain situations, data subjects have the right to request that the processing of their personal data be restricted or to otherwise object to the processing of their personal data. In addition, data subjects may request that the data they have provided be transferred in a structured, commonly deployed and machine-readable format based on the data protection regulation. In addition, data subjects have the right to ask Protector Vakuutus to transfer the provided personal data to another data controller, if the transfer is technically possible and if it is based on consent or an agreement.

Communications regarding the right of inspection, rectification and deletion as well as other rights must be submitted in writing and signed to the e-mail address indicated in section 3.

If a data subject considers that the processing of their personal data is not in accordance with the law, they have the right to file a complaint with the supervisory authority. The EDPS supervises compliance with data protection legislation.

(Latest version on October 6th 2023)

We use cookies and other online identifiers on our websites and online services in order to ensure a smooth user experience for you and provide better and more relevant content.

Below you will find more information about what cookies are, the kind of cookies Protector Insurance uses, and how you can manage their use.

What are cookies?

Cookies are small files that the web server stores on a device, such as a computer, tablet or phone, when you visit our website or services. Cookies contain character strings that enable the performance of different functions and register website interaction. Thus, cookies store information about internet users' online behaviour, such as the websites users visit and the language in which they use the internet. The purpose of cookies is not to damage your terminal device, and they do not read any other data from your device's hard drive or spread viruses. Cookies and the information collected with them help our website and services work optimally and serve you as well as possible. Cookies as such do not identify users individually, but identification is always tied to the browser or device you are using.

From the browser menu, you can choose which types of cookies will be saved on your computer.

Essential cookies

Some of the cookies we use are essential for the operation and safe and smooth functioning of our website and services. Essential cookies enable functionalities that are necessary for using our website and services, such as moving from one page to another, logging into protected parts of the site, and operating language settings.

Essential cookies are usually set by the first party and they are session specific. Essential cookies are automatically downloaded to your device and, by law, users’ consent is not required to use them. You can block the use of essential cookies in your browser settings and delete them from your device. If you prevent the use of essential cookies, you may not be able to use our websites and services in the intended manner.

Functional cookies

Functional cookies increase and improve a website's functionality, but they are not essential for using the site. Functional cookies enable the storage of information that changes the appearance or the functions of the website. This information includes, for example, your chosen language or region.

Statistics cookies, i.e., cookies that collect visitor and analytics data

Statistics cookies are used to collect information about how websites are used, for example through the storage of identified traffic sources (IP addresses), counting page loads or measuring website loading times and tracking how users navigate the website.

Cookies used by Protector Insurance

Our website uses first-party cookies from Google Analytics with the identifiers utma, utmb, utmbc umbt and utmbz. Google Analytics is a web analysis tool that collects information about website usage. The stored information includes, among other things: which pages of our website users visit, the duration of each visit and the country from which the website is accessed.

IP addresses are defined as personal information because they can be traced back to a specific piece of hardware and thus (generally) to an individual. The information collected from our site by Google Analytics cookies (including IP addresses) is aggregated and cannot be linked to individual users. Therefore, the IP addresses collected by Google Analytics are not considered personal data.

Our online service uses JWT cookies to store information about service users. JWT cookies collect information about user IDs, user identities and phone numbers, as well as information about what time users log into our services. These cookies enable access to the service for which login is necessary while ensuring data security and user-friendliness. Data collected using JWT cookies is automatically deleted when the user logs out of the service. The cookies are not deleted automatically if you close the browser without logging out first. Please note that we record log data when users are logged into the service. Log data is registered to ensure the safety and integrity of the website. We only store information about user activity when it is absolutely necessary.

Deleting and preventing the use of cookies

You can decide which types of cookies may be installed on your terminal device. By entering your browser settings, you can completely prevent the use of cookies, but in this case, you may not be able to use all websites and services as intended. It is also possible to delete cookies at regular intervals, in which case it is not possible to create a long-term user profile, as in the absence of basic data the profile has to be created again from scratch.

Please note that if you delete cookies, they will be created again the next time you visit our website or service (unless you have changed your settings so that the creation of cookies is prevented). You can edit cookie settings later by clicking on the round icon in the bottom left corner of the website.

Contact information

If you have any questions regarding the use of cookies, please contact us by email or post:

E-mail: dpofi@protectorvakuutus.fi (NOTE please only send questions related to data protection to this email. Information regarding customer and compensation services can be found in the Contact us section.

Postal address: Protector Forsikring ASA, Finland branch, PL 230, 00101 Helsinki