The stakeholder group data file of OP Financial Group's Public Affairs

Privacy notice

1. General information

This Privacy Notice contains information required by the EU General Data Protection Regulation (hereinafter the General Data Protection Regulation) and the national law for a data subjects, that is, for the controller's customer, employees and for the supervisory authority.

2. Controller and its contact information

OP Cooperative
Postal address: P.O.Box 308 00013 OP
Street address: Gebhardinaukio 1 00510 HELSINKI
The controller's contact person: Noora Hammar
Email address:

3. Data Protection Officer's contact information

OP Financial Group's Data Protection Officer
OP Financial Group
Postal address: P.O. Box 308, 00013 OP

4. Name of the personal data file and data subjects

The stakeholder group data file of OP Financial Group's Public Affairs

Data subjects include the representatives of OP's stakeholder groups from local and regional communities, media, education sector, scientific communities, non-governmental organisations, industry associations, labour market organisations, policy-makers, authorities and decision-makers. Data subjects can be private individuals or representatives of their organisations.

5. Purpose of personal data processing and legal basis for processing

The purposes of use of personal data include the following:

  • Maintenance, management and development of stakeholder relations and public affairs
  • Monitoring and segmentation of stakeholder relations and public affairs so that the controller can provide these groups with targeted contacts within OP's context and have social dialogue
  • Business development
  • Opinion polls based on consent
Legal basis Example
Legitimate interests of the controller or a third party Personal data processing related to the purposes of use above is as a rule based on legitimate interests.
Consent Personal data processing may also be based on consent requested from the data subject, such as an opinion poll based on consent.

6. Categories of personal data

Category of personal data Data content of the category
Basic information Data subject's contact details, such as email address, organisation's postal address and twitter account.
Areas of interest Information on the data subject's areas of interest, such as the financial sector, economy/finances and responsibility.
Background information Occupation, other position with societal significance or a significant role in a social dialogue.
Social engagement

7. Recipients and recipient groups of personal data

Any personal data obtained may be used within OP Financial Group as permitted by the law, such as for preparing a guest list for events.

8. Transfer of personal data

The controller may use suppliers in data processing but no data will be transferred outside of the EU or EEA.

9. Personal data retention period or criteria for determining the period

Personal data will be retained as long as the data subject holds an occupation belonging to OP's stakeholder group or holds a social position. The personal data retention period is also determined by how the data subject maintains contact with OP Financial Group and participates in OP Financial Group's activities and events related to public affairs. After the stakeholder relation or relation related to public affairs has ended due, for example, to change in the occupation or social position, the data subject's data will be erased around after five years.

10. Personal data sources and updates

Personal data is collected from the data subjects themselves and from public sources, such as websites of state and municipal actors and companies as well as from public social media profiles. Personal data is updated on at regular intervals a few times a year. This also involves checking whether the data subject still holds an occupation belonging to OP's stakeholder group or a social position

11. Data subject's rights

Data subjects have the right to receive the controller's confirmation of whether their personal data will be processed or not, or whether they have already been processed.

If the controller processes a data subject's personal data, the data subject has the right to receive the information in this document and a copy of the personal data being processed or already processed.

The controller may charge a reasonable administrative fee for additional copies requested by the data subject. If the data subject submits a request electronically and has not requested any other form of delivery, the data will be delivered in a commonly used electronic format, provided that the data can be delivered in a secure manner.

The data subject also has the right to request the controller to rectify or erase their personal data and prohibit the processing of their personal data for direct marketing purposes.

When the application of the General Data Protection Regulation begins, the data subject, in certain cases, will also have the right to request the controller to restrict the processing of their personal data or to otherwise oppose the processing. In addition, under the General Data Protection Regulation, the data subject may request that the data they have provided themselves is transferred in machine-readable format.

All of the above requests must be submitted to the abovementioned contact person of the controller.

If a data subject considers that his/her personal data is not processed legally, he/she has the right to file a complaint with the supervisory authority.

12. Right to cancel prior consent

If the controller processes the data subject's personal data on the basis of consent, the data subject has the right to cancel such consent by contacting the controller. The cancellation of consent does not affect the lawfulness of processing performed prior to the cancellation.

13. Protection methods regarding the data file

The controller has protected the data appropriately in technical and organisational terms. The data file is protected using, for example, the following tools:

  • Protection of equipment and files
  • User identity verification
  • Access rights
  • Processing guidelines and supervision

The controller also requires that its suppliers ensure appropriate protection of the personal data to be processed.