Processing of personal data, and data protection at Mela
In its capacity as controller, the Farmers’ Social Insurance Institution Mela ensures that the processing of the personal data of its customers, partners, stakeholders and personnel complies with the data protection legislation and Mela’s internal guidelines. Processing of personal data is limited, for example, according to the processor’s role in the organisation. At Mela, personal data is processed only by persons whose duties include the processing of the data in different situations.
Processing of personal data at Mela is usually based on law, but also on contracts or consents to some extent. The data can be used at Mela for the purpose of all benefits. You can verify the reason for processing and, on that basis, your rights with regard to your personal data in the information sheets section concerning the processing of personal data. In consent-based processing, the consent is requested when the data is collected, and you can also withdraw a consent you have given to Mela by sending a message to Mela’s customer service via secure email.
Mela collects only necessary data for various purposes. Further information about the personal data groups collected in Mela’s processes and the purposes of the processing is available in the Privacy policies section. The privacy policies also include information about the transfer of data to third countries, automatic processing, and profiling. Information about the protection measures to ensure secure processing of personal data is available in the section entitled Technical and organisational measures.
As our customer, you can inspect your own details via Mela’s online services or in Lomitusnetti. You can also send an inspection request by secure email to tietosuoja(at)mela.fi.
Mela’s Data Protection Officer is Hanna-Maria Keskinen
Telephone +35829 435 2251
Further information about the processing of personal data at Mela is provided in the privacy statements. The various benefits of the Mela insurance are based on different purposes of use. Legislation that forms the basis for the processing imposes, e.g. different storage times for personal data. Mela retains personal data for the time laid down in legislation. After that, the data will be destroyed.
Read the privacy statements in the Forms section
At Mela, personal data is collected in registers according to the purpose of their use. The following privacy policies explain the purpose of processing personal data, the personal data groups processed, transfer of data to third countries, automatic processing, and profiling.
Customer relationship management
Human resources process
Real estate process
Mela sickness allowance
Process for temporary help for reindeer herders
Access rights to financial management
Supervision of farm visits
Holiday relief for fur producers
Requests for research material
Workflow accounts payable
Rent account ledger
Support the Farmer project
Mela’s employees are subject to a statutory obligation of confidentiality and discretion, and they have signed a written confidentiality commitment as part of their contract of employment. Mela’s employees are trained and instructed in data security and data protection issues.
Movement within Mela’s business premises requires an access pass granted by access control. Manually processed document materials are stored in a locked facility, which is protected with access control.
In Mela’s electronic systems
- The user is identified with their personal ID before gaining access to the service and the data contained in the register.
- The user has access rights to the data in the register if the processing of the data in the register is part of the user’s job description.
- The data has been saved in Mela’s information network, which is accessible only by persons authorised to use the network.
- Transfer of data in a public network is encrypted.
- The availability of the service and the data in the register is ensured and controlled in terms of the data, equipment and equipment room.
- Access to the equipment room and the equipment is restricted to persons whose job description includes tasks related to the equipment room or equipment.
- The validity of software used in the service is monitored.
- Mela uses outside service providers to carry out the services. They are subject to the same confidentiality rules as Mela’s personnel.
In addition to the above, the following principles are followed with respect to service companies managing data processing tasks (recipients of personal data):
- Data processing is based on agreements as well as access rights granted and supervised by Mela.
- Equipment containing Mela’s data is maintained and protected by the service company or the IT infrastructure service provider.
Personal data is disclosed only with the data subject’s consent or when the recipient of the data is legally entitled to receive the data. Controllers, joint controllers and personal data processors to whom personal data is disclosed are “recipients”.
The recipients of personal data are as follows:
Deloitte Consulting Oy / Solita Oy
DXC Finland Oy
Finla Terveyspalvelut Oy
IBM Finland Oy
Link Mobility Oy
NewSec Asset Management Oy
Tieto Finland Oy
Tools Finland Oy
Finnish Institute of Occupational Health
Other pension providers and organisations
Other insurance companies
Finnish Tax Administration
Local units for holiday relief
You have the right to inspect your own personal data recorded in Mela’s registers. As Mela’s customer, you can inspect and print out your register and personal data in Mela’s e-services (in Finnish and Swedish).
You may also ask to receive your personal documents and personal data in Mela’s registers electronically by sending a request for inspection of personal data by secure email to tietosuoja (at) mela.fi. We will respond to you within one month of receipt of the request. You may also arrange to visit Mela in person in order to inspect your personal data.
You have the right to demand for rectification of incorrect data in the register. The request for rectification must be made in writing and in sufficient detail.
The request for rectification may be sent by email or by post to the contact person specified in the privacy policies or to the Data Protection Officer. Mela will respond to the request for rectification within one month of receipt of the request.
According to the EU General Data Protection Regulation, you may also have the right to have data erased, to restrict and object to the processing of data, and to have the data transferred from one system to another.
You can check your rights in the information sheets.
Mela will not disclose personal data for the purpose of direct advertising, distance selling or other direct marketing, market research or opinion polling, or vital records and genealogy.
As Mela’s customer, you may authorise or prohibit the use of your email address for purposes other than for benefits processing. This can be done in Mela’s online service. If you authorise the use for other benefit matters, Mela will not disclose your data to outside Mela.
If you notice that your personal data is missing, lost or altered, or it has been subject to unauthorised access, please send us a data breach notification by secure email to tietosuoja (at) mela.fi. You can also report any suspected personal data breach and we will investigate the matter.
Further information about the General Data Protection Regulation is available on the website of the Data Protection Ombudsman.
You have the right to submit a complaint to the Data Protection Ombudsman if you suspect that your rights based on the Regulation have been infringed.