Siirry suoraan sisältöönSiirry suoraan alatunnisteeseen
Personal customersBusiness Customers
FI
InsurancesUnion memberContact us
Service channels
Front pageInsurancesVehicleHomeHealthTravelUnion memberContact usService channelsPersonal customersBusiness Customers
InsurancesUnion memberContact us
Select a pageService channels
Data protection
How do we process personal data?
The data subjects are Turva's insurance and insurance claims customers. In the case of institutional customers, the data subjects are their affiliated persons, such as beneficial owners. Data subjects also include customers who have previously been our customers as well as potential customers and their affiliated persons. Persons related to the customer, such as guardians and attorneys-in-fact, are also data subjects.We only process personal data that is necessary for our purposes, such as:
  • personal data related to identification, including name and personal identity code
  • contact information, including name, address, email and phone number
  • information related to the services and products we offer, such as the content of insurance coverage and health declaration
  • information related to the customer relationship and its management, such as language and contacts
  • information about choices made by the customer, such as restrictions on direct marketing
  • customer communications, such as call recordings, audio recordings of online meetings, chat conversations and online messages
  • information required by law, such as personal data used to identify the customer in accordance with the Anti-Money Laundering Act
  • trade union information, if the customer has given permission to process the data
We process personal data only for predefined purposes, such as:
  • customer service and communication as well as customer relationship management, such as responding to contacts and sending out announcements about products
  • provision and development of our services and products, such as the performance of insurance contracts and claims processing on the basis of insurance contracts
  • marketing of our services and products, targeted marketing and direct marketing, such as targeted online marketing and direct marketing messages
  • opinion and market research, such as sending out customer service feedback surveys
  • organising and enabling participation in promotions, raffles and competitions
  • monitoring, analysing and compiling statistics on the use of our services and products, such as tracking and analytics of pages visited on our website
  • ensuring the security of our services and risk management
  • detection and investigation of nonconformities, such as fraud against insurance companies
  • fulfilling obligations based on law and in accordance with official directions and instructions, such as collecting customer identification data and monitoring sanction lists
We process personal data mainly on the basis of a contractual relationship and the measures preceding it. The performance of a contract is the primary basis for processing, in cases such as when we process the policyholder's personal data for the purpose of giving an insurance quote and later when the insurance contract is in force.The processing of personal data may also be based on the consent of the data subject or on the legal obligations or legitimate interests of the controller of the data, Turva. We may disclose information to our service provider partners on the basis of consent, whereas the Anti-Money Laundering Act obligates us to collect and store certain identifying personal data on our customers. Data processing is based on legitimate interest for example when we process personal data for marketing purposes, including for the purposes of targeting of advertising, targeted online marketing or direct marketing, for combating abuse and fraud or to pay a claim to a victim outside the customer relationship.
We mainly collect your personal data directly from you. You provide us with your data when you interact with us, such as when you enter into an insurance or investment service contract, claim compensation, log in to our online service, call our customer service or participate in our competitions. We may also collect data about you by observing how you use our services, especially through cookies. Our use of cookies is described in more detail in the section on cookies.We also collect your data from third parties, such as parties authorised by you, registers maintained by the authorities, credit information registers, joint registers of insurance companies, medical institutions and other insurance companies. We update addresses from Posti's address service and cross-check with the Population Information System to ensure that the information is accurate and up-to-date.
Your data will only be processed by Turva employees who need access to the data to perform their duties. Turva's employees are bound by a statutory obligation of secrecy, and each employee must also sign a non-disclosure agreement in which they pledge to keep customer information confidential.In producing and providing our services, we use partners to whom we transfer personal data for processing. These partners act as our sub-processors and process personal data in accordance with our instructions. We require our sub-processors to protect personal data appropriately and we inspect and audit their operations.
We disclose personal data to parties outside Turva only with your consent or when there is a legal basis for disclosing the data. We may disclose your data based on your consent, such as when we send a direct billing authorisation to a medical institution. Based on the law, we may disclose your data to the authorities, such as tax authorities, prosecutors and pre-trial investigation authorities, and to other insurance companies. In addition, we may disclose limited amounts of personal data to advertising platform service providers for our marketing purposes, including for the targeting of advertising or for implementing targeted online marketing.To read more about how we target advertising and online marketing, see "Targeted paid online marketing and joint controllership with advertising platform service providers". You can find this topic in the Other section at the bottom of the page.The disclosure of personal data refers to situations where personal data is given to another controller to process. We also transfer personal data for processing purposes to our partners, who process personal data on our behalf and thus act as our sub-processors.
We have defined retention periods for the personal data we collect, taking into account the requirements of legislation and the effectiveness and fluency of business operations, such as insurance and investment services. Occasionally, we may be required by law to retain data for a certain period of time. This is not always the case, in which case we retain the data for as long as it is necessary for us.We store data necessary for the customer relationship at least for the duration of the customer relationship. In general, it is necessary for us to continue storing data even after the customer relationship has ended.The retention period of your personal data varies depending on the type of service transactions you have or have had. For example:
  • As a rule, the retention period for insurance and claims data is 100 years from the end of the insurance or the last date of processing of the claim in statutory CTP and accident insurance, and at least 10 years in voluntary types of insurance.
  • Data related to non-life insurance quotes is stored for at least 18 months from the date of the quote.
  • Life insurance and claims data are stored for at least 10 years from the end of the insurance.
  • Data related to life insurance quotes is stored for at least 3 years from the date of the quote.
We record phone calls, audio recordings of online meetings, chat conversations and online messages. They are used for verifying transactions, ensuring the quality of customer service and development and training purposes.
Automated decision-makingWe use automated decision-making. Automated decision-making means that a decision is made entirely on the basis of automated personal data processing without the input of a human. We use automated decision-making to improve the efficiency of our insurance and claims processing and other services we provide, for example.The data used in automated decision-making include information provided by you and information already in our systems. We may also use personal data obtained from third parties, such as a credit information register, and information about insurance terms and conditions and our internal guidelines.We will notify you of automated decision-making separately in connection with each service that uses automated decision-making and, if necessary, ask for your consent to its use.Once you have received the automated decision, you have the right to appeal against and request that the matter be reviewed by a human employee.We use automated decision-making in non-life insurance operations in the following contexts, among others:
  • Purchasing insurance
    We may use automated decision-making to decide whether or not to grant an insurance purchased online. The automated system may decide to either grant the insurance or forward the matter to an employee for further processing. Automated decisions are based on information provided by the customer, existing information in our systems and information obtained from third parties, such as a credit information register.
  • Claims settlement
    We may use automated decision-making to settle claims and as part of other activities related to claims processing. The automated system may decide to either pay the claim or forward the matter to an employee for manual processing. Automated decisions are based on information provided by you, existing information in our systems, and information obtained from third parties, such as the claims register, as well as insurance terms and conditions.
ProfilingWe also make use of profiling. Profiling means the automated processing of personal data where we evaluate certain personal characteristics by combining and analysing data.We use profiling for the following purposes, among others:
  • In insurance processing to price the insurance based on the risk of damage. The risk of damage is calculated based on information about the customer and the insured object.
  • In claims settlement, when we carry out a risk assessment of the damage in order to identify the risk of fraud. The risk assessment is based on information about the customer and claim.
  • For targeted marketing.
We may transfer your personal data outside the EU and EEA within the limits of data protection legislation.Some external service providers or other recipients of personal data may be located or process personal data outside the EU or EEA. We use the necessary transfer mechanisms and complementary safeguards permitted by law to ensure that the level of protection of personal data is not compromised in situations where the data is transferred outside the EU or EEA. Such transfer mechanisms include, for example, adequacy decisions by the European Commission and the use of standard contractual clauses with recipients of data located outside the EU or EEA.The standard contractual clauses we use are available on the EU legislative and justice website: Commission Decision (2021/914) (in Finnish). You can also request a copy of the standard contractual clauses by contacting our Data Protection Officer.
We may use your customer due diligence information and other personal data for the prevention, uncovering and investigation of money laundering and the financing of terrorism as prescribed in the Anti-Money Laundering Act, and in bringing under investigation money laundering and financing of terrorism as well as the crime committed to obtain the assets or proceeds of crime involved in the financing of money laundering or the financing of terrorism.We may use your personal data to determine whether you are subject to international sanctions we are required to comply with.
Finnish insurance companies maintain shared registers about insurance claims and fraudulent claims. Insurance companies disclose information on claims and crimes and suspected crimes against the company to the registers. Insurance companies use the information in the registers when granting insurance and processing claims. The purpose of the registers is to prevent and detect insurance fraud and crime by sharing information between insurance companies. Turva also discloses information to registers and uses the information in the registers.Claims registerWe register information about claims reported to us in the insurance companies' joint claims register. The register collects information on the claim and the insured person. When the insurance company submits the basic information in the claim to the claims register, the company receives information about claims filed by the applicant at other insurance companies. Based on the information in the claims register, we may also exchange more detailed information about claims between other insurance companies. We use the information in the claims register to prevent fraud against insurance companies, with the purpose to prevent a person from filing false claims at several insurance companies.Fraudulent claims registerWe register information on crimes and suspected offences against our insurance operations in the insurance companies' common fraudulent claims register. The register collects information on the claim and the insured person. In addition, we check the information entered in the register. Entering information in the fraudulent claims register requires that a suspected criminal act has been reported to the police or prosecutor. Entries made on the basis of a suspected crime are erased from the register if the person in question is found innocent of the act in a court of law or the case is dropped. We use the information in the fraudulent claims register in insurance handling and claims settlement to prevent and detect crime against insurance companies.
We use the necessary and best-practice technical and organisational data security methods to safeguard personal data. We protect personal data so that it cannot be accessed without authorisation or lost, destroyed or altered without a basis.We ensure the protection of personal data with firewalls, separation of environments and various encryption and protection technologies, among other measures. We continuously monitor our data security. We make sure that our data centres are secure and access control is at an appropriate level.Access to personal data is restricted with suitable access rights restrictions, and we apply access rights management processes. Access rights are always based on work duties. Personal data can only be accessed by employees who have a need to do so for the performance of their duties. We monitor to ensure that access rights are necessary at all times and remove expired access rights.We collect logs on the processing of personal data. Logs indicate what, why and when a processing activity occurred. We use logs to monitor the processing of personal data, ensure that no errors have occurred and investigate possible errors.Our employees involved in processing personal data are regularly trained and provided with instructions.We also require our sub-processors to safeguard the data appropriately, and inspect and audit their operations.
Data subjects’ rightsYou have a number of rights related to the processing of your personal data, which are described below.You can exercise your rights by contacting our Data Protection Officer or through other means indicated by us for this purpose. The contact details of our Data Protection Officer can be found at the bottom of this page in the contact information section. Below, under each right, we explain in more detail how you can exercise that particular right.Please note that we need to be able to identify you in order to process your request, so when contacting us about the exercise of your rights, you need to include sufficient identifying information such as name, personal identity code, postal address and telephone number.As a rule, exercising your rights is free of charge for you. However, in the case of clearly unfounded or excessive requests, we may charge a reasonable fee or refuse to comply with the request.
If the processing of your personal data is based on your consent, you have the right to withdraw your consent. The withdrawal of consent has no effect on past processing activities.When requesting consent, we will also tell you how you can withdraw your consent. In matters related to the withdrawal of consent, you can also contact our Data Protection Officer.
You have the right to know whether we process your personal data and, if so, to receive a copy of all your data and detailed information about the processing of your personal data.Your key customer information are listed in our online service, where you can view the information at any time. If you wish to view your personal data more extensively, you can submit a separate request for access to your data. You can request access using the request access form.You can send the form or your questions regarding the processing of your data to us using the contact details of our Data Protection Officer.If your request for access concerns an individual claim, you can most quickly and easily request the data by contacting the party that made the claim settlement decision directly.Contact details of the Data Protection Officer:Email: tietosuoja(at)turva.fiMailing address:
Turva Mutual Insurance Company
Legal and compliance / Data Protection Officer
PO Box 117
FI-33100 Tampere
You have the right to request the rectification (correction) of inaccurate or incomplete data.Your key customer information is listed in our online service, where you can also manage the information. You can also update your customer information by contacting our customer service or visiting our branch office. See our contact information for details. You can also send a separate rectification request to our Data Protection Officer.Data subjects have the right to request the erasure of their personal data.In certain situations, you have the right to demand the erasure of your data. Personal data may be erased at your request if the retention period of the data has expired or the data is otherwise deemed unnecessary or unjustified. We cannot erase data that must be stored due to a legal obligation or other justified need.You can also send the request to erase your data to our Data Protection Officer. To identify the customer making the data erasure request, we need your name, address, phone number and personal identity code.
You have the right to prohibit the processing of your data for direct marketing purposes and for profiling related to direct marketing.You can manage direct marketing permissions in our online service. You can also prohibit direct marketing and related marketing activities by contacting our customer service or visiting our branch office. You can unsubscribe from direct marketing messages by clicking on the link provided in the message.In certain situations, you have the right to request that the processing of your data be restricted or otherwise object to the processing of your data. You can also request the transfer of personal data that you have provided in a machine-readable format, where technically feasible.You can exercise these rights by contacting us with the contact details of our Data Protection Officer.
We use automated decision-making. We will notify you of this separately in connection with each service that uses automated decision-making and, if necessary, ask for your consent to its use.Once you have received the automated decision, you have the right to appeal against and request that the matter be reviewed by a human employee.You can exercise your right by contacting the party that issued the decision.
Privacy statementsTurva has several personal data files, each of which has its own privacy statement. In the privacy statement, we explain important information related to the processing of personal data, such as the controllers, types of personal data collected, purposes of processing and the legal basis for processing.You can read the privacy statement for Turva’s common customer data file and the privacy statements of other key data files from the links below.The privacy statements are available in Finnish.We reserve the right to change and update the privacy statements if necessary.
Contact details
The controller is Turva Mutual Insurance Company. The controller for life insurance products is LocalTapiola.
Further information on the processing of personal data is available at Turva’s branch offices. In questions about the processing of personal data and data security, you can email us at tietosuoja(at)turva.fi.Contact information for Turva’s Data Protection Officer:
Phone: 03 2313 9355
Email: tietosuoja(at)turva.fiMailing address:
Turva Mutual Insurance Company
Legal and compliance / Data Protection Officer
PO Box 117
FI-33100 Tampere
If you feel that our processing of personal data violates the law, you have the right to lodge a complaint with the supervisory authority. In Finland, the supervisory authority is the Data Protection Ombudsman. However, we recommend that you first contact us using the contact details of our Data Protection Officer.Contact information of the Office of the Data Protection Ombudsman Email: tietosuoja@om.fi
Mailing address: PO Box 800, FI-00531 Helsinki
Phone: 029 566 6700
Customer due diligenceWe identify and know our owner-customers and partners. Knowing our customers also helps us provide them with even better service.
The first and foremost reason why we ask for your customer information is to ensure that the customer’s interests are met. In addition, as a financial sector operator, Turva is required by the law to identify and know its customers. By identifying and knowing its customers, Turva ensures that customer information is up-to-date and prevents abuse in the financial sector.
Other
Turva has a strong presence in various social media channels. Where applicable, we act as joint controllers of personal data with social media service providers (Meta, LinkedIn and Twitter) for Turva's community pages, messaging services, tracking pixels and visitor data in these channels. This information applies to persons who have interacted with one of the social media community pages managed by Turva or have accepted social media cookies on the Turva website.We process the data subject's personal data on the basis of our legitimate interest. In the case of tracking pixels, the processing is based on the consent given by the data subject. We use the data to maintain community pages, market Turva's services, products and offers, carry out competitions and raffles, receive feedback, purchase advertising from social media channels, measure the availability of pages or advertisements, and to provide customer service on social media. We only process data for our own purposes. Social media service providers process data in accordance with their own data protection principles and are generally responsible for compliance with data protection legislation and the implementation of data security and the rights of data subjects. You can manage your privacy settings in the service in question.We obtain information that a data subject has made public in the service, such as username and profile picture. In addition, the data subject may provide other information on their own initiative through comments, publications or messaging services. We also receive anonymised statistical data about visitors to our community pages and how visitors interact with the page content (Meta Page Insights, LinkedIn Page Analytics and Twitter Analytics). The data we store in the data file is not transferred outside the European Union or European Economic Area.The controller determines the retention period of personal data, taking into account applicable legislation as well as the needs and efficiency of business operations. The purpose of the retention periods is to safeguard the rights of both the data subjects and Turva. We may process comments, posts and messages on community pages until the data subject deletes the comment or post. We may also delete a comment or post earlier if we deem it necessary to ensure the appropriateness of comments and posts, for example. Data subjects may request the deletion of a conversation in the messaging service from the owner of the community page in the service. You can also restrict the processing of your personal data by unliking and/or unfollowing the community page.Facebook and InstagramWhere applicable, we act as joint controllers with Meta Platforms Ireland Ltd. (Meta) with respect to Turva's community pages, messaging service, insights and tracking pixel in the service.We have signed an addendum on joint controllership, which defines the responsibilities of both controllers regarding compliance with obligations under the EU General Data Protection Regulation (GDPR) and the joint processing of personal data. Learn more at https://www.facebook.com/legal/controller_addendumFor Facebook Insights (Page Insights), the controllers' responsibilities for complying with their obligations under the GDPR are described in the Page Insights Controller addendum. Learn more at https://www.facebook.com/legal/terms/page_controller_addendum Meta processes personal data in accordance with its own privacy policies. For more information about the purposes, legal bases and privacy policies of Meta's processing of personal data as well as the information required by the joint controllership and Articles 13(1)(a) and (b) of the GDPR, please see Facebook's Privacy Policy at www.facebook.com/privacy/policyLinkedInWhere applicable, we act as joint controllers with LinkedIn Ireland Unlimited Company (LinkedIn) with respect to Turva's community pages, messaging service, insights and tracking pixel in the service.We have signed an addendum on joint controllership for the processing of visitor data (Page Insights), which defines the responsibilities of both controllers regarding compliance with obligations under the EU General Data Protection Regulation (GDPR) and the joint processing of personal data. For more information, please visit: https://legal.linkedin.com/pages-joint-controller-addendum For more information about the purposes, legal bases and privacy policies of LinkedIn's processing of personal data as well as the information required by the joint controllership and Articles 13(1)(a) and (b) of the GDPR, please see LinkedIn's Privacy Policy at https://www.linkedin.com/legal/privacy-policy TwitterWhere applicable, we act as joint controllers with Twitter International Unlimited Company (Twitter) with respect to Turva's community pages, messaging service, insights and tracking pixel in the service.For more information about the purposes, legal bases and privacy policies of Twitter's processing of personal data as well as the information required by the joint controllership and Articles 13(1)(a) and (b) of the GDPR, please see Twitter's Privacy Policy at https://twitter.com/en/privacy
Our websites and services may contain links to third-party sites and services and embedded content from third parties, such as Google Maps and YouTube videos. These third parties have their own privacy policies, which you can read on their respective websites.
In order to implement the principle of public access, Turva maintains a description of its data reserves. This is known as the description of document publicity. The purpose of the description is to assist Turva's customers when they wish to make a request for information concerning Turva's documents.
On this page, you can read pre-contract information related to distance sales when purchasing insurance from Turva.
For the purposes of this context, targeted paid online marketing means the targeted displaying of paid advertising elsewhere on the internet than on our own websites together with advertising platform service providers.

Turva purchases targeted online marketing from the service providers of various advertising platforms. As applicable, we act as joint controllers in respect of personal data together with each advertising platform service provider (Sanoma, Alma Media, Meta, Adform) when we cooperate in the processing of personal data in order to target online marketing on the advertising platform of the service provider in question. We have concluded written agreements on the processing of personal data with all entities that act as joint controllers.

The advertising platform service providers process the personal data we disclose only for targeting our advertising and for displaying it on their advertising platforms to the target groups we have determined. The service providers erase the personal data we disclose after the effecting of online marketing, but in any case not later than 6 months after this effecting. In addition Meta event data may be retained by Meta for up to two years and Adform may retain combined aggregated data (without the possibility to re-identify the programmatic advertising ID data) for 13 months for Turva’s programmatic advertising reporting purposes.

We process the data subject’s personal data on the ground of our legitimate interest. In server-side online marketing and programmatic advertising that is based on online behaviour, data processing is, in part, also based on the data subject’s cookie consent.Target group list-based online marketingIn target group list-based online marketing, we target advertising based on a target group listing extracted from our registers. Into a tool provided by the advertising platform service provider, we upload the target group list we have compiled. This list contains pseudonymised personal data: a hashed mobile phone number and a hashed email address. The pseudonymisation and hashing procedures we employ mean that personal data are processed into an encoded format in such a way that they are no longer directly identifiable.

The advertising platform service provider compares the pseudonymised target group we uploaded with their own customer records in order to find matching data. After a successful matching process, our and the advertising platform service provider’s combined data create custom audience lists to which our advertising is further targeted on the digital advertising platform (in the media) of the service provider in question.

In target group list-based targeting of advertising, depending on our advertising campaigns, we use solutions provided by three different advertising platform service providers: Meta, Sanoma, and Alma Media.Server-side targeting of online marketingIn server-side online marketing that is based on online behaviour, we target advertising to users who have visited our website, on the basis of their website visit data. Server-side targeting and marketing is effected only to those users who, when asked for their consent for the use of cookies on our website, accepted the following category: Use of Advertising cookies.

Website visit data and the user’s pseudonymised personal data, that is a hashed telephone number and/or a hashed email address, the country indication (Finland) for the targeting of advertising, the ID detail, are disclosed, in a server-based manner, from the user’s browser to the advertising platform service provider. The ID detail will not be linked to your customer details at Turva. The ID detail is a unique series of numeric characters with which Turva may request advertising to be displayed in the user’s browser on the advertisement platforms we use, if the user has consented to Advertising cookies. For server-based targeting of advertising that is based on online behaviour, we use Meta.Programmatic advertisingAt the websites of Turva, in our advertising campaigns we use programmatic advertising tracking techniques provided by Adform. Programmatic advertising is one way to purchase digital advertising automatically. An Adform cookie will be placed on your device after you have given us your consent for the Advertising category of cookies. Adform cookie ID (3rd party cookie)Personal data are collected for the purpose of analysing and optimising advertising campaigns, and for combining IDs of Adform customers, including Turva.

The Adform cookie collects the following personal data or advertising materials: Adform cookie ID, device type/ID, website or advertising material click time, website or advertising material URL address, data automatically sent by your device (including the language setting, IP address, demographic data).Turva ID (1st party cookie)The Turva ID can be supplied to Adform after you have given us your consent for the Advertising category of cookies on Turva websites. The Turva ID is a unique series of numeric characters with which Turva may request advertising to be displayed in the user’s browser on the advertisement platforms we use, if the user has consented to cookies. Subject to your cookie consent, we will share the Turva ID with Adform in order to optimise advertising campaigns and deliver targeted advertisements.

The following data will be processed together with the Turva ID: device type/ID, website or advertising material click time, website or advertising material URL address, data automatically sent by your device (including the language setting, IP address, demographic data).Joint controllership Turva and Adform (hereinafter the ‘Parties’) are joint controllers in the phases where your personal data are collected and transferred to Adform using the Adform cookie and, where necessary, in certain activities that process the Turva ID data in connection with targeted advertising, as described above. Under the contract signed between the Parties, both Parties are responsible for the implementation of your data protection rights. If you wish to exercise your rights, please contact Adform using this link and/or contact Turva at tietosuoja@turva.fi. You can withdraw your consent at any time by contacting Adform via this link, and for Turva you can cancel your cookie consent in the cookie settings for the ‘Advertising’ category of cookies.

When Adform processes data for its own purposes, Adform is the controller and alone responsible for the optimisation of advertising campaigns and target groups. Adform analyses the data collected through cookies in order to deliver targeted advertisement purchases on behalf of the Adform customer programme (including Turva) in accordance with the Adform data privacy policy.

The Adform cookie placed in your browser will be removed in 60 days. However, if you decide to withdraw your consent, Adform will not collect any data even if the cookie remains placed in your device. The same retention of data applies to the Turva ID, which Turva will share with Adform subject to your cookie consent or which Adform will collect from the Turva Group websites subject to your cookie consent.

Read more about the data protection policies of the advertising platform service providers we use:AdformAlma Media

Meta

Sanoma
Contact usData protectionDo you still want to change the language?YesNo