1 GENERAL
The purpose of this notice is to provide privacy information required by the EU General Data Protection Regulation (GDPR) to both the data subject, i.e., the data controllers’ client, and to the supervisory authority. The registers are the companies’ client registers, and they cover the clients and prospective clients of the data controllers.
2 DATA CONTROLLERS AND CONTACT DETAILS
Name and business ID:
Meklaritalo Oy, 2282436-9, ”data controller”
ITM Brokers Oy, 1870131-5, ”data controller”
Address: Kuninkaankatu 22 B, 5. krs, 70100 KUOPIO
E-mail: toimisto (at) meklaritalo.fi
3 PURPOSE OF AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The purpose of and the applicable legal basis for the
use of personal data are as follows:
Providing and developing insurance broking services
and related consultancy and advisory services based on agreements with
corporate and public entity clients.
Fulfillment of statutory obligations and legal requirements (such as identification of the client and the prevention of money laundering and terrorist financing), including compliance with the regulations and instructions of the supervising authorities (Financial Supervisory Authority).
We are lawfully registered by the Financial Supervisory Authority who regulates and supervises our activities. Insurance brokerage is subject to special legislation that controls the operations of registered insurance brokers, including strict obligation of confidentiality as regards personal data and other client-specific information
4 CATEGORIES AND CONTENTS OF PERSONAL DATA
Regarding our corporate and
public entity clients, our client registers may contain statutory information
required to identify the clients and their status; ID numbers, names,
addresses, financial data, insurance contracts, resumes of insurances,
insurance solutions, quotations, proposals, service contracts as well as
invoicing and payment data of our clients.
As regards persons employed or represented by our
client entities, the client registers may contain:
- names, ID numbers,
titles - addresses, telephone
numbers and e-mail addresses - information on
employment and remuneration history - limited health
status data.
5 SOURCES OF PERSONAL DATA
Personal data may be
obtained from our contractual corporate and public entity clients, the subject
individuals themselves, insurance companies, cookies, and publicly available
sources.
6 RECIPIENTS AND GROUPS OF RECIPIENTS OF PERSONAL DATA
Personal data may be disclosed, i.a., to insurance companies, pension institutions, social insurance institutions, health care providers, client entities, and the subject individual for the fulfillment of our contractual obligations as well as to competent authorities under statutory circumstances.
7 TRANSFERRING PERSONAL DATA
Personal data processed by us or by our subcontractors is not transferred outside the EU or the EEA.
8 PROTECTION OF THE REGISTER
The protection of the means and equipment for storing data
and documents is appropriately maintained, and the documents are stored in a
secured space. The access control at the data controllers’ premises has been
appropriately arranged.
The right to access
the data and documentation (whether in electronic or written form) is controlled
by each responsible broker who will only allow access for other employees of
the controllers who are under obligation of confidentiality.
9 DATA RETENTION
Data will only be saved as long as our contractual
obligations to the client or our statutory obligations so require. Unnecessary
and outdated data will be erased, also at other times when deemed necessary or
required by law or statutory regulations.
10 RIGHTS OF THE DATA SUBJECT
Each individual data subject has the right to receive confirmation from the data controllers as to whether personal data concerning the data subject is being processed, or whether personal data has been processed. The data subject is entitled to receive a copy of the processed personal data and the personal data undergoing processing.
The data subject also has the right to request the
rectification, erasure or processing restriction of their personal data collected
by the controllers and the right to prohibit the processing of personal data
for direct marketing purposes.
Where processing of personal data of the data subject is based on consent, the data subject shall have the right to withdraw their consent. However, a withdrawal of consent may detrimentally affect the usability and functionality of the service in question. The withdrawal of consent shall not affect the right and lawfulness of processing based on consent prior to its withdrawal.
All requests mentioned here shall be provided to the
data controllers.
In case the data subject finds the processing of their
personal data unlawful, they have the right to lodge a complaint with the
competent supervisory authority.