Integrity protection
Respect for privacy and confidentiality
Aktia Bank plc and its subsidiaries recognise and respect the fact that persons using our services rely on us to protect their privacy of information. All data submitted by customers is kept confidential.
Why do we collect, store and use data about our customers?
We collect, store and use customer data so we can provide customer support, risk management, official reports to authorities, and customer services (in order to identify and personify the customer, ensure adherence to agreements between the customer and Aktia, maintain contact, and conduct direct marketing).
Customer data helps us to better understand the needs of our customers. On the basis of this data we offer our customers products and services that interest them. Data is also used to find solutions to problems, and to produce and develop our services. We are always ready to explain our procedures to customers who wish to know more.
Staff have limited access to customer data
Only staff whose tasks require it have access to customer data. We train our staff so that they understand the importance of secrecy and the protection of customer information. We also have well-established principles for classifying data. This way we guarantee that data is managed confidentially.
Increased security for protecting customer data
We follow approved security rules and procedures to prevent unauthorised access to customer data. These rules and procedures include (among other things) system access control, firewalls, network security, use of fire-resistant cabinets for storage of documents, and secure destruction of obsolete data and documents.
Disclosure of information
Personal data of our customers is disclosed only within the framework of the prescribed secrecy applicable to banks, fund management companies and investment services providers, or with the consent of the data subject. Data may be exchanged between companies belonging to the Group in matters regarding customer service, customer support, marketing and risk management. Data is disclosed to authorities with legal right to access to such data without hindrance of secrecy regulations. Data can also be disclosed to our partners in the finance and insurance sectors, for use in their customer service.
We disclose data about our customers only if:
- the customer has authorised us to disclose such data
- the secrecy applicable to banks, fund management companies or investment services providers does not prevent disclosure, or if data is requested by a competent authority.
How is the customer's integrity preserved when doing business with a third party?
It is necessary to provide suppliers and service companies from which we purchase services with customer data. For example, when a payment card is ordered, we provide the card supplier with the necessary data. These suppliers and service companies are subject to secrecy and required to adhere to the law. We do not permit third parties to sell or use our customer data for their own purposes.
Recording of phone calls
Incoming and outgoing calls may be recorded in order to improve our customer service and security. Recordings may be used to verify assignments. Recordings may also be used to develop our customer service and to improve other services that we provide.
Web services
When customers visit our website, we follow the same rules on secrecy and integrity as when customers visit our branches. Read more about information security and Aktia's Terms and conditions. See below for further information on the use of cookies used in our web services.
Data protection regarding Aktia Bank Plc's shareholders and Annual General Meeting
Shareholders’ information on the ownership of the shares is collected from the shareholder register maintained by Euroclear Finland Ltd. Processing of shareholders’ personal data is based on legislation, such as the Finnish Companies Act and the Act on Book-Entry System. In addition, Aktia publishes information on its largest shareholders as a part of investor communication.
With respect to the General Meeting of shareholders, personal data is used only for the arranging and documentation of the Annual General Meeting, including the processing of any applicable registrations relating thereto. Personal data is required, for example, in order to verify the shareholder’s identity, shareholdings and his/her right to attend the Annual General Meeting.
Registration to and participation in the Annual General Meeting requires that the requested personal data is provided.
The following personal data may be collected and processed in connection with the Annual General Meeting:
- Name
- Personal ID or business identity code
- Contact details
- Date of registration and log data on registration and voting
- Book-entry account number
- Number of shares and votes
- Advance votes and voting instructions
- Possible information about proxy representative, assistant and power of attorney
- Other additional information provided in connection with the registration
Retention period of personal data
The personal data entered in or attached to the minutes of the Annual General Meeting shall be retained, in accordance with the Companies Act, for an indefinite period of time.
Otherwise, personal data will be retained for as long as is necessary for the purposes mentioned in this integrity protection statement, but no longer than one year after the end of the Annual General Meeting.
The retention periods mentioned here do not affect the retention of similar personal data for purposes other than those mentioned in this Data Protection Statement, for example as part of a shareholder register.
Personal data is collected mainly from the person himself/herself, or his/her representative.
Recipients of personal data
At the Annual General Meeting, the shareholders’ register including the names, residence and the number of shares and votes of the shareholders will be at display.
Personal data is transferred to Euroclear Finland Oy in order to collect information on shareholdings. Personal data is also transferred to Innovatics Oy, which acts as the technical provider of the registration system and advance voting for the Annual General Meeting, and to other service providers acting on behalf of Aktia.
Further, the requirements of applicable legislation, ongoing legal procedures or requests based on laws may require us to transfer personal data to authorities or to other third parties.
Data transfers outside the EU or the EEA
Text messages to shareholders registered for the Annual General Meeting will be sent via a Swiss service. The European Commission has adopted a decision on the adequacy of the protection of personal data in Switzerland. Otherwise, personal data will not be transferred outside the EU or the EEA.
A person has the following rights in relation to the processing of his/her personal data:
- access to or obtaining a copy of personal data
- correction of invalid information
- deletion of data or restriction of its processing, unless Aktia has a requirement to maintain the information based on legislation
- appeal to the supervisory authority of the Member State in which the person is domiciled or employed or where the alleged data protection infringement took place.
Requests related to the aforementioned rights must be submitted to the data controller. Additional information on processing of personal data is available from Aktia’s Data Protection Officer, [email protected].