Privacy Statement for Insurance Registers
Updated 13 April 2022
Privacy Statement: Insurance register (Hidden defect insurances RS10 and RS11) – does not apply to the Kauppaturva insurance currently for sale!
Privacy Statement for Insurance Registers
In this privacy statement, we explain how we collect, process, disclose and protect the personal data contained in our insurance registers (Hidden defect insurances RS10 and RS11). By personal data, we mean all the data that concerns you as an identified or identifiable natural person. This includes data such as your name, address, phone number and photo. We also explain your rights as the data subject.
At Raksystems, we comply with the General Data Protection Regulation of the European Union (‘EU’) and other applicable data protection legislation in our processing of personal data.
Below, you can find further information about how we process your personal data. If some matter remains unclear, please contact us for more information.
Recipients of personal data
Your personal data is processed only by those members of the Raksystems Group who require the data for carrying out their work duties.
Your personal data may also be transferred to contracted external service providers for processing on our behalf. Such subcontractors include, for example, IT service providers who handle technical system maintenance. The service providers process your personal data in the manner specified by us; they do not have the right to use your data for their own purposes.
Purpose of personal data processing
The purpose of the personal data processing is to handle insurance activities and the related customer relationships, to fulfil related statutory obligations, and to comply with legal requests from public authorities.
Bases for personal data processing
As a general rule, the processing of personal data is necessary for executing a contract (such as an insurance contract) to which the data subject is a party or for executing pre-contractual measures at the request of the data subject.
In addition, we process your personal data based on:
- our legitimate interest (for example, the transfer of your personal data within our group;
- statutory obligations that we, as a company, must comply with;
- legal requests from public authorities.
Categories of persons in the register
The policyholders and claimants/beneficiaries of hidden defect insurances RS10 and RS11.
We only process your personal data to the extent necessary. The following data may be collected from data subjects:
- name, personal identification number, address, telephone number, e-mail, bank account data, language and other necessary data about the insured location, such as details of the seller and buyer of the property, property registry number, gross area, apartment area, housing company share numbers and name of housing company, date of trade, date of transfer of possession and deed of sale together with the information it contains.
- data and documentation related to insurance processing, such as applications, other correspondence, insurance claims, claim inspection reports and maintenance history.
- data from third party registers stored with your consent.
- details of application processing; date on which the insurance contract begins and ends; and data relating to premiums, such as discounts, payment status, and insurance premiums charged and paid.
- other data you have provided and added, as well as attachments with any accompanying images.
Regular sources of data
As a rule, we receive the data either from you yourself or from third party registers based on either your consent or your endorsement given in some other way.
Regular data disclosures and transfer of data outside the EU and European Economic Area
The data may be disclosed and transferred within the Group for purposes such as performing tasks necessary for the processing of insurance policies, providing services, enabling invoicing, and managing customer relationships or cooperation. It may also be disclosed to persons who have a statutory right to receive the data.
As a rule, we process data within the EU and the European Economic Area. Therefore, the data is not normally transferred or disclosed outside the EU and the European Economic Area unless this is necessary for processing the above-mentioned personal data, in which case we ensure an adequate level of data protection as required by legislation in general and particularly by the EU General Data Protection Regulation.
Retention period for personal data
We retain personal data for as long as it is needed to fulfil the obligations arising from the insurance contract or as long as such retention is required by law.
Principles of personal data protection
Personal data is primarily stored in an electronic format and protected by the necessary technical measures. Appropriate technical and organisational security measures are in place to protect personal data against loss, misuse, disclosure, alteration and destruction. Physical materials containing personal data are stored in locked rooms / filing cabinets which are accessible only to designated persons who are authorised to access them for work purposes. Access to databases and systems and the use of personal data is restricted to those employees, professionals and other persons employed by the controller who require access to the database in order to perform their work duties and who have the right to process such personal data for work purposes.
Rights of the data subject
The data subject has:
- the right to request from the controller access to, rectification of and erasure of personal data or restriction of processing of data concerning the data subject as well as the right to object to processing of their data and the right to data portability;
- to the extent that the processing of personal data is based on the consent of the data subject, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right not be subject to automated decision-making without a legitimate basis;
- the right to lodge a complaint with the supervisory authority concerning the processing of personal data.
Right to lodge a complaint with a supervisory authority
If you believe that we are not processing your personal data in accordance with the data protection regulations, you can lodge a complaint with the supervisory authority in the EU Member State where you have your permanent address or place of work or where you believe an infringement has occurred.
In Finland, this authority is the Data Protection Ombudsman: