Membership and Payment Registry
Includes a caption of handling processes and facts to inform a registered person.
Data Protection Regulation (2016/679) Articles 13, 14 and 30.
Updated 23.6.2022 (version 2.1)
|1) The name of the registry||Membership and payment registry|
|2) The holder of the registry||The Unemployment fund for highly educated KOKO
Ratavartijankatu 2, 00520 Helsinki
puh. 09 4763 7600
|3) Person in charge of the registry||Fund Director Outi Mäki, contact details in section 2|
|4) Contact person of the registry||Benefit Director Anna-Stiina Luukkainen, contact details in section 2|
|5) Data protection officer||Chief Information Officer Kirsi Liikkanen, kirsi.liikkane(at)kokokassa.fi|
|6) The purpose of handling personal information||The purpose of an unemployment fund is arranging the benefits meant in the Unemployment Security Act and Act on Job Alternation Leave for its members. To deliver this assignment, personal information of the KOKO fund’s members is collected in our membership and payment register. The data will be used in the legislated processing of membership and benefit matters. In addition, the data will be used to report allowance information to the Finnish Tax Administration, the Finnish Centre for Pensions, the Ministry of Social Affairs and Health, the Ministry of Economic Affairs and Employment of Finland, the Financial Supervisory Authority and other parties with a legislative right to receive information.
Processing personal information is based on section 1 c) of the Data Protection Regulation (2016/679). The liability is based on the Article 1 of the Unemployment Funds Act (24.8.1984/603).
The personal registry information is used to carry out arranging benefits set out by legislation in force at a time. Such benefits are earnings-security denoted in the Unemployment Security Act (1290/2002) and alternation compensation denoted in the Act on Job Alternation leave (1305/2002). The information is also used for serving the members of the unemployment fund in membership and benefit related matters.
KOKO fund is not capable of executing paying out the benefits handled by the fund unless the registered person submits the information necessary for the handling.
No automatic decisions or profiling is directed on the registered.
|7) Data contents of the registry||The following information is saved on the KOKO fund’s payout database with a storing time defined in the plan of forming archives:
Chats will be stored for 13 months in the service provider’s (Ninchat) server.
When visiting our customer service desk, the following information will be stored for the duration of 2 months: The date and time of the visit, member number, birth year, language, information on whether the person was a member via a union or a direct member and the cause of the visit. After the 2-month period the information will be anonymized, and they can only be used as statistics to improve our operations.
The information given on the appointment calendar will be removed within a week from your visit.
|8) Regular data sources||Personal information is collected from the members of the fund themselves and the background organizations. When handling the applications, further information can be collected from employers and such authorities and authoritative registers which the KOKO fund is legally entitled to use. Personal information is only collected to perform tasks set out in the legislation and only in the extent necessary.
Regular data sources:
|9) Regular release of data||The information of the membership registry is only given to members themselves and on their express consent or the consent of their legal representative or based on legislation that allows giving out information.
The data will not be released to third parties, nor will it be used for direct marketing.
Regular transfer of personal information:
The KOKO fund may use subcontractors, to whom information will be released in order to carry out their task. Any subcontractor will be obliged to commit to secrecy.
The customer’s membership number and first name are transferred to the Ninchat service when a chat is started in eService. Chats will be stored in Ninchat’s server for 13 months.
Documents signed through the Visma Sign service are also stored in Visma’s archives for seven years. The signer can view the documents they have signed by registering with the service at https://vismasign.com.
When joining a virtual meeting via Microsoft Teams, the name given by the customer is communicated to Microsoft https://www.microsoft.com/en-gb/trust-center/privacy
|10) Transferring data outside of the EU or ETA||No information is released outside the EU or the European Economic Area.|
|11) Principles of protecting the registry||Manual material:
Will be stored in the KOKO fund’s archives. The insuring organizations will store information related to membership and basic information based on the service agreements.
The registry entries of the payout system are stored in a database assigned by the KOKO fund and maintained by Futunio Oy according to a separate agreement. The database is secured, and a personal ID and password are required to gain access. An updated copy of the database is stored in a locked and secured premise by Futunio Oy.
Chats will be stored in the Ninchat’s encrypted file system.
A log of the visits to the customer service desk is kept in a database with a limited access. A personal user ID and a password are required to access the database.
The handling of the data is limited so that the information specified on this registry caption is only allowed to be handled by a person working for the KOKO fund with a relevance to their work assignments and the separately assigned individuals working for subcontractors.
All KOKO fund officials are obliged to confidentiality regarding the registry information. The obligation will remain after employment.
|12) Rights of the registered||The rights of a registered person are defined by articles 15-22 of the EU’s Data Protection Regulation. Any requests regarding the registry must be delivered to the KOKO fund in writing. The keeper of the registry may ask the person making the request to provide proof of identity, if needed. If a request is denied, a written certificate of denial is given.
A person is entitled to get a confirmation on whether their information is being handled. In addition, a registered person is entitled to check the information regarding themselves in the registry and ask for the potential errors to be corrected. A request to check the information must always be delivered to the KOKO fund in writing. The information can also be checked and updated on eService (please find the link on KOKO’s website www.kokokassa.fi.
A registered person is entitled to demand their information to be removed according to Article 17. This right is limited by situations defined in Article 17, where the right to removal does not exist, such KOKO fund’s legislative duty to store the data.
A registered person has the right to demand limiting the handling of the data according to the Article 18, for example when the Registered denies the accuracy of the data.
The Registered is entitled to get the personal data concerning themselves transferred from one system to another in the way defined by Article 20. These situations do not apply to an unemployment fund, but there is a commonly agreed procedure among unemployment funds to transfer a membership from one fund to another in a simple manner.
If the handling is based on a consent according to Article 6, a registered person is entitled to cancel their consent based on section 3 of Article 7. By default, KOKO fund is not handling the information based on a consent, and therefore this will not be relevant.
The fund will not send its members any direct marketing material. However, inquiries related to customer satisfaction or other surveys can be sent, as well as bulletins aiming at promoting employment. Members can forbid sending all inquiries and bulletins by sending a written, informal notification to the KOKO fund.
A registered person is entitled to file a complaint to a supervising authority if they consider their rights to have been violated in light of the Data Protection Regulation.