Siirry suoraan sisältöönSiirry suoraan alatunnisteeseen
Personal customersBusiness Customers
FI
InsurancesUnion memberContact us
Mobile application
Front pageInsurancesVehicleHomeHealthTravelUnion memberContact usMobile applicationPersonal customersBusiness Customers
InsurancesUnion memberContact us
Select a pageMobile application
Data protection
How do we process personal data?
The data subjects are Turva's insurance and insurance claims customers. In the case of institutional customers, the data subjects are their affiliated persons, such as beneficial owners. Data subjects also include customers who have previously been our customers as well as potential customers and their affiliated persons. Persons related to the customer, such as guardians and attorneys-in-fact, are also data subjects.We only process personal data that is necessary for our purposes, such as:
  • personal data related to identification, including name and personal identity code
  • contact information, including name, address, email and phone number
  • information related to the services and products we offer, such as the content of insurance coverage and health declaration
  • information related to the customer relationship and its management, such as language and contacts
  • information about choices made by the customer, such as restrictions on direct marketing
  • customer communications, such as call recordings, audio recordings of online meetings, chat conversations and online messages
  • information required by law, such as personal data used to identify the customer in accordance with the Anti-Money Laundering Act
  • trade union information, if the customer has given permission to process the data
We process personal data only for predefined purposes, such as:
  • customer service and communication as well as customer relationship management, such as responding to contacts and sending out announcements about products
  • provision and development of our services and products, such as the performance of insurance contracts and claims processing on the basis of insurance contracts
  • marketing of our services and products, targeted marketing and direct marketing, such as targeted online marketing and direct marketing messages
  • opinion and market research, such as sending out customer service feedback surveys
  • organising and enabling participation in promotions, raffles and competitions
  • monitoring, analysing and compiling statistics on the use of our services and products, such as tracking and analytics of pages visited on our website
  • ensuring the security of our services and risk management
  • detection and investigation of nonconformities, such as fraud against insurance companies
  • fulfilling obligations based on law and in accordance with official directions and instructions, such as collecting customer identification data and monitoring sanction lists
We process personal data mainly on the basis of a contractual relationship and the measures preceding it. The performance of a contract is the primary basis for processing, in cases such as when we process the policyholder's personal data for the purpose of giving an insurance quote and later when the insurance contract is in force.The processing of personal data may also be based on the consent of the data subject or on the legal obligations or legitimate interests of the controller of the data, Turva. We may disclose information to our service provider partners on the basis of consent, whereas the Anti-Money Laundering Act obligates us to collect and store certain identifying personal data on our customers. Data processing is based on legitimate interest for example when we process personal data for marketing purposes, including for the purposes of targeting of advertising, targeted online marketing or direct marketing, for combating abuse and fraud or to pay a claim to a victim outside the customer relationship.
We mainly collect your personal data directly from you. You provide us with your data when you interact with us, such as when you enter into an insurance or investment service contract, claim compensation, log in to our online service, call our customer service or participate in our competitions. We may also collect data about you by observing how you use our services, especially through cookies. Our use of cookies is described in more detail in the section on cookies.We also collect your data from third parties, such as parties authorised by you, registers maintained by the authorities, credit information registers, joint registers of insurance companies, medical institutions and other insurance companies. We update addresses from Posti's address service and cross-check with the Population Information System to ensure that the information is accurate and up-to-date.
Your data will only be processed by Turva employees who need access to the data to perform their duties. Turva's employees are bound by a statutory obligation of secrecy, and each employee must also sign a non-disclosure agreement in which they pledge to keep customer information confidential.In producing and providing our services, we use partners to whom we transfer personal data for processing. These partners act as our sub-processors and process personal data in accordance with our instructions. We require our sub-processors to protect personal data appropriately and we inspect and audit their operations.
We disclose personal data to parties outside Turva only with your consent or when there is a legal basis for disclosing the data. We may disclose your data based on your consent, such as when we send a direct billing authorisation to a medical institution. Based on the law, we may disclose your data to the authorities, such as tax authorities, prosecutors and pre-trial investigation authorities, and to other insurance companies. In addition, we may disclose limited amounts of personal data to advertising platform service providers for our marketing purposes, including for the targeting of advertising or for implementing targeted online marketing.To read more about how we target advertising and online marketing, see "Targeted paid online marketing and joint controllership with advertising platform service providers". You can find this topic in the Other section at the bottom of the page.The disclosure of personal data refers to situations where personal data is given to another controller to process. We also transfer personal data for processing purposes to our partners, who process personal data on our behalf and thus act as our sub-processors.
We have defined retention periods for the personal data we collect, taking into account the requirements of legislation and the effectiveness and fluency of business operations, such as insurance and investment services. Occasionally, we may be required by law to retain data for a certain period of time. This is not always the case, in which case we retain the data for as long as it is necessary for us.We store data necessary for the customer relationship at least for the duration of the customer relationship. In general, it is necessary for us to continue storing data even after the customer relationship has ended.The retention period of your personal data varies depending on the type of service transactions you have or have had. For example:
  • As a rule, the retention period for insurance and claims data is 100 years from the end of the insurance or the last date of processing of the claim in statutory CTP and accident insurance, and at least 10 years in voluntary types of insurance.
  • Data related to non-life insurance quotes is stored for at least 18 months from the date of the quote.
  • Life insurance and claims data are stored for at least 10 years from the end of the insurance.
  • Data related to life insurance quotes is stored for at least 3 years from the date of the quote.
We record phone calls, audio recordings of online meetings, chat conversations and online messages. They are used for verifying transactions, ensuring the quality of customer service and development and training purposes.
Automated decision-makingWe use automated decision-making. Automated decision-making means that a decision is made entirely on the basis of automated personal data processing without the input of a human. We use automated decision-making to improve the efficiency of our insurance and claims processing and other services we provide, for example.The data used in automated decision-making include information provided by you and information already in our systems. We may also use personal data obtained from third parties, such as a credit information register, and information about insurance terms and conditions and our internal guidelines.We will notify you of automated decision-making separately in connection with each service that uses automated decision-making and, if necessary, ask for your consent to its use.Once you have received the automated decision, you have the right to appeal against and request that the matter be reviewed by a human employee.