Privacy statement for Tradeka´s sickness fund´s member and benefit register

Data required by the European Union’s General Data Protection Regulation (EU 2016/679) for the data subject

1. Data controller

Tradeka’s sickness fund

Mailing address: Jaakonkatu 3, 01620 Vantaa, Finland

Business ID: FI04326120

2. Contact person for the register

Emilia Haapaniemi

phone: +358 40 716 3265

email: emilia.haapaniemi@tradeka.fi

3. The purpose of processing personal data and the data subjects

Data subjects are current or former employees of Tradeka’s sickness fund’s stakeholder companies. The purpose of processing data is to enable handling and payment of additional benefit reimbursements outlined in the sickness fund rules and the benefits stipulated in the Health Insurance Act, and statistics and reporting related to reimbursements. The further purposes of processing data include management of fund membership, customer service, and membership-based statistics and reporting.

4. The legal basis of processing personal data

The processing of personal data is based on fulfilling legal requirements, any stipulations in the Act on insurance funds and any obligations in the Health Insurance Act. According to Tradeka’s sickness fund’s rules, membership in the fund becomes obligatory when an employee enters into an employment contract with a stakeholder company. Using the electronic service requires that the customer gives their consent for the service.

There is no automatised decision-making related to the processing of personal data. Furthermore, personal data is not used for profiling.

5. Personal data processed

The register is used for processing the following personal data:

  • First name, last name
  • Personal identification number
  • Address
  • E-mail address
  • Bank information
  • Tax district
  • Employment start and end date
  • Membership start and end date
  • Unpaid periods (absences)
  • Reimbursement decisions and payment information
  • Start and end time of using Tradeka’s sickness fund’s electronic service
  • Partners (e.g. dental clinics and pharmacies) provide the fund with data regarding the time of and the reason for using their services and costs thereof.

6. Regular sources of information

Information on the data subject is obtained from Tradeka’s sickness fund’s stakeholder company’s HR unit and as provided by the data subject. Any information stored in the electronic service by the data subject is collected through the service.

Information related to additional benefit payments is received from the sickness fund’s partners (e.g. dental clinics and pharmacies) that provide the fund with data regarding the time of and the reason for using their services and costs thereof.

7. Recipients of personal data

Personal data is processed in electronic systems and services for the purposes specified in this statement. We use external service partners for the production of our system and support services.

We ensure that our partners protect personal data as required by law.

We disclose data to authorities and to KELA as allowed and obligated by current legislation or, for example, to respond to requests for information by authorities.

Data is otherwise disclosed only with customer’s consent or by a specific request by the customer or to relevant boards and for scientific and historical research in accordance with § 165 of the Act on insurance funds.

8. Transfers of data out of EU or EEA

Personal data is not transferred to countries outside the European Union or the European Economic Area or to international organisations.

9. Register and data protection principles

We protect personal data carefully throughout its lifecycle with appropriate data privacy and security measures. Tradeka’s sickness fund’s system providers process personal data in secure data centres. Access to personal data is restricted, and personnel is obligated to maintain secrecy.

Tradeka’s sickness fund protects personal data by e.g. predictive risk management and security planning, data traffic protection, continuous information system maintenance, backups and by using secure device modes, access control and security systems. Physical documents with personal data are stored in locked and fireproof facilities. Access is granted and monitored with controlled procedures. We regularly train the personnel that processes personal data and make sure that our partners’ personnel also understands the confidential nature of personal data and the importance of processing it securely. Our vendor selection process is exhaustive. We constantly update our internal practices and guidelines.

If we, despite our best efforts to secure personal data, notice any misuse of it, we immediately take action to prevent any damage. We inform the appropriate authorities and the data subjects of the data breach as required by law.

10. Retention of personal data or criteria for the retention period

Under the Accounting Act, relevant documents related to membership and benefits are retained for 6 years following the current year. Personal data used by the electronic service is retained in the service register for the duration of the provided user consent. Documents are destroyed in a data-secure way.

11. Rights of the data subject

The data subject has the right to:

  • access their personal data
  • demand correction of their data
  • restrict the processing of their data
  • object to the processing of personal data
  • withdraw consent for data that has no other legal basis for its processing

If the data subject wants to exercise their rights or wants more information on the processing of their personal data, they may contact the data controller specified in this statement.

The data subject also has the right to lodge a complaint with a supervisory authority if the customer considers that the processing of their personal data infringes the applicable data protection regulation.

12. How can the data subject exercise their rights?

Please contact the data controller specified above in any matters related to the processing of your personal data.