Private Customers  >  Terms of use  > Processing of personal data


Processing of personal data

Privacy statement

Updated May 18th 2017

Processing your personal data carefully and cautiously is of primary importance to us at OP Financial Group. We process your personal data in compliance with data protection legislation and good information management and processing practice. We always act in accordance with good insurance and banking practices and ensure that your privacy is not in jeopardy.

Processing your personal data helps us provide you with better service. We collect and use personal data to produce products and services and to develop and provide completely new types of services. This is how we can better respond to your needs.

Please note that our website may include links to the website or services of other companies which have their own specific privacy protection practices. In such cases, we recom-mend reading the privacy protection practices of the third parties concerned.

We provide additional information on privacy protection in connection with most individual services, products, sites and applications. Such additional information provided in these cases prevails over this text.

Our privacy practices may change slightly when we develop services or legislation changes. Up-to-date information on our practices can be found on this website.

For what purposes do we collect and process your personal data?

We process your personal data to be able to provide you with high-quality and personalised products and services and better customer service. We are determined to continuously improve and enhance quality and functionality. We may use your personal data to further develop our products, services, customer service as well as sales and marketing. We may use your personal data to offer products and services, answer your requests and questions, execute agreements, process orders and performing similar functions. We also use your data for OP Financial Group's risk management purposes and to fulfil the obligations based on laws and regulations and instructions issued by the authorities, such as authenticating users and ensuring data security as well as preventing and investigating fraud.

We also use your personal data for customer communication purposes. For example, we can send you newsletters as well as notifications of changes related to our products and services. We may use your personal data for product and service marketing and market re-search with your consent, or when it is otherwise permitted. Furthermore, we may also use your personal data to target our products and services to you, for example, by recommending or demonstrating targeted content on our service. This may include showing the content of OP and third parties. Processing personal data also helps us to allocate our investments in service development.

With your permission and within the limits permitted by law, we may also combine information collected in connection with certain of our products and/or services with information collected in connection with our other products and/or services.

Where do we obtain your personal data?

We obtain your data directly from you. The data may be observed in the use of services or derived from their use. In addition, we obtain data from registers maintained by the authorities, credit information and customer default registers as well as other reliable registers.

Who can process your personal data?

Those processing your data include only OP Financial Group entities, or service providers and their employees, with the right to process personal data.

The Group's service providers may disclose your data not only within the Group but also outside of the Group directly for certain purposes based on law as well as with your con-sent. Your data will always be processed exercising due care and complying with good data processing practices.

What personal data do we collect about you?

We collect your personal data, for instance, when you become our customer, in connection with selling and using products and services, during marketing campaigns or surveys and during your other transactions with us. We collect only data about you relevant to the purpose of use of the product and service concerned. You provide us with information, for example, when you request services, participate in surveys or campaigns or answer questions in connection with the services we provide. We also get information by observing how you use our services.

Such personal data we collect include:

  • Details related to identifying and verifying the identity of a person, such as the name and personal ID code;

  • Contact information, such as address, email address and phone number;

  • Various information related to customer relationship and its management;

  • Information required for the fulfilment of obligations laid down in laws;

  • Information related to the adoption of products and services; and

  • information about the use of products and services, such as usage and browsing data on services that we, for example, collect on our website and mobile services. The personal data we collect is determined by the product and service concerned.

How do we use cookies?

We use cookies (small text files stored on a device) to provide and further develop our services. We also use cookies to personalise the content and target marketing efforts. Through cookies, we can, for example, better provide real-time and personalised services by showing the content that interests the user. They also enable, for example, login and authentication, saving personal settings and specifications, analysing the performance of our website as well as preventing fraud. When you use our online services, they collect, for example, the following information: IP address, links you use, what advertisements or other contents you have viewed, from what page you come and what page you visit, time of browsing, type of your browser or application and other similar information. Our website and services may contain third-party cookies.

We use session and persistent cookies. Session cookies exist only during a session, or a single visit, and are deleted automatically when the browser is closed. Permanent cookies exist for a specified period and remain on your computer after the expiry of the session unless you delete them yourself before that. Cookies do not harm your device or files in any way.

You can manage cookies, for example, through the browser's management functions. More information about cookies can be found in the privacy protection or instructions documentation of each browser. Given that the features of certain services are determined according to cookies, disabling and deleting cookies (browser and other selections) may weaken the functionality and user experience of the online or mobile application service concerned provide by OP Financial Group. For example, you cannot necessarily authenticate yourself on the online service or use all features and you may lose specified settings. 

To whom do we disclose your personal data?

We disclose your data, within the limits permitted by law, within OP Financial Group and to a company or entity belonging to the same amalgamation, for customer relationship management and marketing. In addition, we disclose data for risk management purposes within OP Financial Group.

OP Financial Group uses suppliers in the provision of services and discloses personal data, for example, to the authorities to fulfil its statutory obligations (such as the tax, enforcement or social welfare authorities), to the Population Register Centre for address updates and to Suomen Asiakastieto Oy for monitoring payment defaults. To prevent crime against banks and insurance companies, we hand over your personal data to registered maintained jointly by banks and insurance companies.

As a rule, we process data within the EU and EEA. If we transfer data outside of the EU or EEA, we will ensure the sufficient level of personal data protection as required by legislation, such as by applying the standard contractual clauses adopted by the European Commission.

Your rights as our customer

You have the right to check information on yourself, demand correction of stored false or insufficient data and demand deletion of data in the register unnecessary or outdated for processing purposes.

You also have the right to forbid the use of your data for both marketing and opinion surveys and direct marketing purposes by contacting the controller or by changing settings on the online service. You can also opt out of receiving targeted advertisements based on your behaviour on the online service. Following the opt-out, you will see as many advertise-ments as before but these are not targeted based on subjects that interest you.

How is your personal data protected?

We protect your personal data exercising special care by using appropriate data protection and data security methods. These methods include proactive and reactive risk management, use of fire walls, encryption techniques and secure IT areas as well as access control and security systems, security planning, controlled granting and monitoring of access/user rights, ensuring skills through training for personnel involved in processing personal data and through assessments as well as careful selection of suppliers. We are continuously updating our in-house practices and guidelines in an appropriate manner.

Why do we take care of children's privacy protection?

We collect and process data about children under 15 years of age mainly with the consent of their parents or guardians. Without their consent, we collect such data only for certain, specifically defined and limited purposes (for example, a minor may be named a beneficiary in an insurance policy without the consent of the guardian/parent).

How do we retain your data and keep it up to date?

We retain your data for at least the time you are our customer. After the customer relationship ends, the retention period depends on the data and its purpose of use. For example, we retain your KYC information for five years of the end of the customer relationship and, as a rule, retain data on potential customers for six months of its collection. We comply with statutory obligations in retaining data.

We seek to keep the personal data in our possession correct and up to date by deleting unnecessary data and updating outdated data. However, we ask you to check every now and then whether your data is up to date.

Who can I contact?

Please, in the first place send your queries and requests related to personal data processing to the controller. The controller is determined on the basis of the customer relationship. If you are an OP cooperative bank customer, your own cooperative bank is the controller. For insurance customers, the controller is the insurance company which granted the insurance policy.

For more information on privacy and data protection, please visit an OP cooperative bank or call our telephone service, tel. 010 253 1333.

We are also pleased to answer any questions related to personal data processing and priva-cy protection at: tietosuojavastaava(a)

File descriptions (in Finnish)

Customer data file descriptions of Group member banks and OP Corporate Bank plc

Customer, insurance and claim data file descriptions of the insurance company

In order to prevent insurance fraud, Finnish insurers have a joint claims register, which contains certain data on claims with the aim of thwarting multiple claims filed for the same damage or loss with several insurance companies. Likewise, information on a person who has committed insurance fraud is recorded in a joint fraud register. The Data Protection Board has granted specific permission to keep these joint registers.


The javascript support on your browser is disabled. All parts of the website don't work correctly without javascript.