Mandatum Life Privacy Policy - valid through 14 December 2020

In this privacy policy we will inform you about the use of personal data at Mandatum Life, including what kind of personal data we process, how we use your data and what rights you have regarding the processing of your data. You can find more detailed information in our register descriptions and the descriptions regarding the members of institutional customers. You can find links to them in section 11 of this privacy policy.

1. General Information about the Privacy Policy

As a customer of Mandatum Life you trust us with your personal data. Sharing your data with us allows us to serve you better, for example by offering you products and services that are more suitable for you and by assisting you better when you contact us. This privacy policy describes how and why we process your personal data and what kind of data we collect. This privacy policy applies to all operations of Mandatum Life that involve the processing of personal data. Examples of these include the use of our online and mobile services, applying for an insurance or filing an insurance claim and using our wealth management services. This privacy policy covers the companies of the Mandatum Life Group, including Mandatum Life Insurance Company Ltd, Mandatum Life Services Ltd, Mandatum Life Investment Services Ltd, Mandatum Life Private Equity Partnership Ky and Mandatum Life Fund Management S.A.

Data protection refers to the protection of personal data and ensuring the appropriate processing of such data. Personal data means information that relates to an identified or identifiable person. This privacy policy applies to the processing of personal data of natural persons. These persons include for example the private customers of Mandatum Life or persons related to corporate customers of Mandatum Life. Section 2 of this privacy policy describes the categories of data subjects in more detail. You can read more about your rights in section 6 of this privacy policy.

Mandatum Life is committed to processing your personal data in accordance with the relevant legislation, including the General Data Protection Regulation, the Data Protection Act, the Information Society Code, the Insurance Companies Act, the Act on Investment Services, the Act on the Protection of Privacy in Working Life and other applicable regulation.

Protecting your data and your privacy and processing your data in a secure manner are very important to Mandatum Life, so whether you are a new or a long-time customer of ours, we recommend that you familiarize yourself with our practices. And in case you have any questions, do not hesitate to contact us!

2. Whose Data Do We Process?

The privacy policy of Mandatum Life applies to the following categories of data subjects:

  • Customers of Mandatum Life (for example the insured persons, policyholders, beneficiaries, investment services customers, trading customers and persons associated with corporate customers)
  • Members of the institutional customers of Mandatum Life (pension funds and personnel funds)
  • Persons in Mandatum Life's marketing target groups
  • Users of Mandatum Life's digital services (for example the website and mobile services)
  • Customers of Kaleva Mutual Insurance Company (for example insured persons, policyholders and beneficiaries)
  • Persons whose personal data is processed due to a legal obligation of Mandatum Life
  • Tenants of real estate owned by Mandatum Life
  • Employees of Mandatum Life, others working for Mandatum Life and job applicants

Generally we receive personal data from the persons themselves before and during the customer relationship, employment or other contractual relationship. Regarding group insurance plans of employers we also receive data from the employers of the insured persons. Based on applicable legislation we receive data from other companies, such as group companies of Sampo. We also receive data from our partners, from the joint abuse register of insurance companies and from public registers.

3. How and Why We Process Personal Data?

The Customers of Mandatum Life

We process personal data of our insurance, investment service and trading service customers to manage customer relationships and to market and develop our services. We also process personal data to fulfil our legal obligations. The categories of data we process and the details of the processing depend on what group of persons or customers you belong to.

Members of Institutional Customers (Pension Funds and Personnel Funds)

Mandatum Life Services Ltd offers pension funds services for daily operations, such as services related to fund management, pension processing, actuarial services, financial accounting, wealth management and risk management. For personnel funds, Mandatum Life Services Ltd offers services related to management, including maintenance of membership data, payment of the members’ fund shares, financial accounting and advising of members. When providing services to institutional customers and their members, Mandatum Life Services Ltd is the data processor and each pension fund or personnel fund is the data controller. We process personal data of members of Mandatum Life Customer Community based on consent and personal data is stored in Customer Register of Mandatum Life.

Customers of Kaleva

Mandatum Life handles the insurance and claim services for the Kaleva Mutual Insurance Company (except for Kaleva’s Primus insurances). For the customers of Kaleva, Mandatum Life is the data processor and Kaleva is the data controller.

Employees, job applicants and others working for Mandatum Life

We process personal data regarding employment or other contractual relationships and for example to fulfil our statutory employer obligations and to pay out salaries, commissions or fees.

Regarding job applicants, we process personal data provided to us by the applicant during the recruiting process in order to fill open positions.


Mandatum Life owns real estate as part of its investment portfolio. Colliers International Finland handles the renting. You can find information about the processing of personal data done by Colliers International Finland from the company’s website.


Profiling refers to automatic processing of personal data which includes for example evaluating or predicting the interests or the behaviour of a person. We use profiling to offer our customers more tailored and individual customer service and more suitable products and services. We also use profiling to target our advertising. You can find more information about profiling and the data used for profiling from the customer register description and the marketing register description. The profiling does not include automated decision-making.

Automated Decision-Making

Automated decision-making refers to making decisions solely based on the automatic processing of personal data. We use automated decision-making when processing insurance claims in order to process the claims quickly and to provide better service to our customers. When making automated decisions, we assess whether the policy conditions for paying the claim are met. In addition to the information given by the customer when filing the claim, we use information of the customer, their contracts and claims when making the decisions. The automated decision-making only applies to positive decisions, and decisions rejecting the claim are always processed by a person. If you wish, you can ask for reprocessing of the automated decision. In such a case, your claim is processed by a person.

More specific information

You can find more detailed descriptions of the categories of data, the purposes and legal grounds for the processing in our register descriptions and the descriptions regarding the members of institutional customers. You can find them in section 11 of the privacy policy. The privacy policy and register descriptions for Kaleva are available at Kaleva’s website (in Finnish). The trading platform of the Mandatum Trader service is provided by Saxo Bank A/S, whose privacy policy is available on the Saxo website.

4. How Long Is Personal Data Retained for?

We retain personal data for as long as is necessary for the purposes for which the data is collected or as long as required by law. The retention periods depend on the data and which group of customers or persons you belong to. The retention periods also depend on the statutes of limitations in the Insurance Contracts Act and the anti-money laundering legislation. In cases where different retention periods apply to the same documents, the documents are stored according to the longest period. You can find a more detailed description of the retention periods for in our register descriptions.

5. Is Personal Data Disclosed or Transferred to Others?

Disclosures and Transfers of Personal Data

Personal data can be disclosed to recipients outside Mandatum Life as allowed or as required by law. Data may be disclosed for example to authorities (such as the Tax Administration, the Social Insurance Institution and enforcement authorities) and to the joint claims and abuse registers of insurance companies. Based on the Insurance Companies Act data may also be disclosed to other companies of the Sampo Group and insurance undertakings in the same insurance group.. Based on the customer’s consent or an agreement the customer’s data is disclosed to our partners that are involved in the products or services used by the customer. You can read more about the disclosures of personal data in our register descriptions.

Transfer of Personal Data Outside the EU and the EEA

Personal data is mainly stored and processed within the EU and the EEA. If data is transferred outside the EU and the EEA to countries for which the European Commission has not issued a decision of adequacy of data protection, we will take care of protecting the data for example by using the standard contractual clauses approved by the European Commission. Transferred data is processed only on behalf of Mandatum Life.

6. What Rights Do You Have?

You have for example the right to access your data, the right to rectify inaccurate data and the right to erasure as described in more detail below. Please also note that Mandatum Life has legal obligations to store some of the data and Mandatum Life may have an obligation to process your personal data even if you object to the processing or ask for the data to be erased.

You can use your rights described below by contacting our customer service.

If you are a member of a pension or personnel fund that is an institutional customer of Mandatum Life, note that the fund is the data controller. You can find more information on the rights of the members of institutional customers in the processing descriptions in section .

The Right of Access by the Data Subject

You have the right to receive confirmation on whether Mandatum Life is processing your personal data. If your personal data is being processed, you have the right to access the data and to receive a copy of the data. The confidentiality obligations set in the legislation applicable to the insurance and finance sector may restrict the use of your right to access information.

The Right to Rectification

You have the right to request that Mandatum Life rectifies any inaccurate personal data and completes any incomplete data.

The Right to Erasure (the Right to Be Forgotten)

You have the right to request the erasure of your data and if the processing is based on your consent, the right to withdraw your consent. If you request the erasure of your data or withdraw your consent, we will delete the data unless there are other legal grounds for the processing or unless we have a legal obligation to store the data. In any case, we will delete your data after the retention period has ended.

The Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data when the conditions set in legislation are met. Please also note that the right to restriction of processing does not apply to the processing of personal data carried out to fulfil the legal obligations of Mandatum Life.

The Right to Data Portability

If the processing of your personal data is based on your consent or the performance of a contract, you have the right to receive the personal data you have provided us in a structured and commonly used format and the right to have the data transferred to another data controller.

The Right to Object

You have the right to object to the processing of your personal data if the processing is based on the legitimate interests of Mandatum Life or a third party.

You also have the right to object to the processing of your personal data for direct marketing purposes. You can find more information on opting out of direct marketing in section of the privacy policy.

The Right to Lodge a Complaint

If you find the processing of your personal data to be in conflict with the applicable legislation, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman.

7. Cookies

Cookies are small text files that are stored on the visitor’s computer or other device when visiting the website of Mandatum Life. Cookies are used for example to maintain the session after the user logs in to the web service and to remember the selections made by the user when moving from one page to another. We also use cookies for example to individualize website visitors and to compile statistics of the visits to our website. Cookies are also used in the chat service of Mandatum Life’s website and to target marketing. Both session cookies and persistent cookies set by Mandatum Life and our partners are used on Mandatum Life’s website and web service. You can read more information on cookies from our cookie policy.

8. Marketing

We use personal data for marketing our services and products for the current and potential customers of Mandatum Life. The marketing is carried out online, by mail and by telephone. We also contact our current customers with customer communications (for example newsletters, event invites and feedback surveys). Our online marketing consists of for example e-mails and advertisements on websites and in our mobile apps. You can find more information in our marketing register description.

Opting Out of Marketing

You can manage your e-mail subscriptions through our web service. In addition, each e-mail message includes a link through which you can unsubscribe from similar e-mails. You can also opt out of direct marketing by contacting our customer service.

We obey the marketing bans in the population register maintained by the Digital and Population Data Services Agency  and in the Robinson Register maintained by the Data & Marketing Association of Finland, unless you have separately allowed marketing by Mandatum Life.

You can control the cookies that are used to target online advertising through the settings of your web browser. Please also note that preventing the use of cookies may impact the functionality of our website.

9. Terms Applicable to Mobile Applications and Biometric Authentication

Our mobile applications can be downloaded from the Apple App Store and the Google Play store. The terms of use of Mandatum Life’s website and this privacy policy apply to the mobile applications. In addition, the terms of use of Apple and Google apply to the use of the Apple App Store and the Google Play store.

You can use biometric authentication in our mobile applications if your device supports it. This means authenticating by using your fingerprint or facial recognition. The device only provides the applications with the identification information of the user, but not the fingerprint or facial image. Before using the biometric authentication, you must accept the separate terms of use for biometric authentication.

10. How is Personal Data Protected and What Kinds of Risks Are Involved?

We use necessary and appropriate technological and administrative security methods in accordance with the best practices to protect personal and other data. These methods include the use of firewalls, strong encryption techniques and secure facilities, access controls and the limited granting of rights, staff training as well as the careful selection of subcontractors. In addition to complying with the applicable legislation, the subcontractors are contractually bound to comply with the data protection principles and guidelines of Mandatum Life.

The processing of personal data is only allowed for employees who need to access the data to carry out their tasks. The systems containing personal data have individual user accounts and the use of the systems is monitored. In addition to a statutory confidentiality obligation, employees of Mandatum Life who process personal data are bound by a separate confidentiality agreement. Personal data that is no longer necessary is deleted securely.

Despite careful and appropriate security measures, data processing always includes a risk. If a security breach that is likely to result in a high risk to your privacy or other rights takes place despite the security measures, we will contact you as soon as possible.

We also recommend that you familiarise yourself with the terms of use of Mandatum Life's web service and website and the information security guidelines for the users of the mobile service and make sure that the equipment and connections that you use are up to date with regard to security. You can also find more information and general information security tips and instructions for example from the website of the National Cyber Security Centre (in Finnish).

11. Register Descriptions of Mandatum Life

Mandatum Life
Customer Register Description
Insurance Register Description
Compensation Register Description
Marketing Register Description
Recruitment Register Description

Mandatum Life Services
Description of Data Processing regarding the members of personnel funds
Description of Data Processing regarding pension compensation
Description of Data Processing regarding the member registers of pension funds
Description of Data Processing regarding supplementary pension liability calculations
Description of Data Processing regarding statutory pension liability calculations
Description of Data Processing regarding IFRS calculations

12. Who Can I Contact?

If you have questions about data protection, we ask that you primarily contact the customer service of Mandatum Life. You can reach the data protection officer of Mandatum Life at

Last updated on September 18, 2020.