logo

PRIVACY POLICY OMALAINA

  1. Introduction

Your personal privacy is important to us, and your personal data is therefore processed securely and in accordance with applicable regulations. 

This Privacy Policy explains how we collect and use your personal data when you use Omalaina’s loan, credit card and insurance brokerage services individually referred to as the ”Service”, and collectively the ”Services”), when you have provided consent for marketing (”marketing consent”) or when we process personal data about you in other circumstances. It also describes your rights and how you can exercise these rights.

Omalaina is a part of Sambla Group, -concern and the data controller for the processing of personal data under the Omalaina brand is Sambla Group Oy, corp. reg. no. 2521965-8, Urho Kekkosen Katu 7B, 00100 Helsinki. Sambla Group Oy is therefore responsible for ensuring that your personal data is processed in accordance with applicable data protection legislation, i.e. the EU General Data Protection Regulation (“GDPR”) and supplementary national legislation.

If you have any questions about the processing of your personal data, you can contact us at any time by sending an email to asiakaspalvelu@omalaina.fi.

  1. Important terms

Personal data refers to any information that can be linked to a specific person, either directly or indirectly in combination with other information. Examples of personal data include your social security number, name, address, and IP address.

Processing of personal data refers to any operation or set of operations performed on your personal data, whether or not by automated means. Examples of processing personal data include collecting, recording, storing, and analyzing your personal data.

  1. What information do we collect and what do we do with it?

The following is a summary of the types of personal data we collect and process and why. In section 8 of this policy, we explain in more detail how we process your data in different contexts.

Information you provide to us (when you use our services or contact us)

We obtain some personal data directly from you when you use the Service or contact us. This data may include, for example, your name and that of any co-applicants, your social security number, address, income, type of housing, etc. The data is used to process your application and to apply for loan and credit card offers from our partners. The identification data is also used to fulfill our statutory obligation to know our customers.

Information we collect from other sources or third parties

We collect some personal data from other sources. We collect your income and credit information in order to provide the Service when you apply for a loan or credit card. Credit information is collected from the credit information company Dun & Bradstreet Finland Oy. In certain cases, some lenders or credit card issuers with whom we cooperate may order a credit check on you from another credit reference agency (e.g., Bisnode) to ensure that the information provided is correct.

When you use our digital channels (e.g., our website), we collect technical information, which may include the URL from which you accessed the login page, your IP address, your unique device ID, your usage history, your browser type, language, authentication information, and operating system. We collect this information to facilitate, improve, and develop the Service and to ensure that the Service is used correctly. The information is also used internally for statistical purposes. Some of the technical information is collected using cookies. For more information on how we use cookies and how you can prevent the use of cookies, please see our Cookie Policy at https://www.omalaina.fi/evasteet.

Information we collect for marketing purposes

If you have given your marketing consent when submitting your application, we will collect your personal data (e.g., name, email address, and phone number) for marketing purposes. If you are a subscriber to our newsletter or have given your marketing consent, we may contact you with offers by mail, phone, text message, or email until you unsubscribe from the newsletter or withdraw your marketing consent. You can opt out of receiving future mailings by using the link provided in each email/text message or by sending us an email at asiakaspalvelu@omalaina.fi.

If you are not our customer, we may collect your personal data (e.g., name, phone number, and address) from address providers for marketing by phone and mail.

You can request to be removed from marketing communications at any time by using the link provided in each email/text message or by sending us an email at asiakaspalvelu@omalaina.fi.

We use automated decision-making

Automated decision-making means that a decision is made solely on the basis of the automated processing of your personal data. When you use our loan or credit card brokerage service, we and the lenders and credit card issuers we work with use automated decision-making. This means that the information you provide and the information we obtain about you and any co-applicants through a credit check are automatically compared to the basic requirements for borrowers that the lenders and credit card issuers we work with apply when granting loans or credit cards, including income, type of employment, loan amount applied for, and similar information. If you do not meet the basic requirements set by a particular lender or credit card issuer, your application will be automatically rejected and will not be offered to that lender or credit card issuer. In certain cases, you have the right to request a manual decision-making process. In such cases, please contact us using the contact details provided below. You can also request additional information from each lender or credit card issuer about how it uses automated decision-making and how that lender or credit card issuer processes personal data. The purpose of our automated decision-making is to enable us to provide with a fair and appropriate loan and credit card brokerage service, and it is necessary for the performance of our contract with you. If you wish to comment on an automated decision we have made, please email us at asiakaspalvelu@omalaina.fi.

  1. Who we may disclose your information to

We take all appropriate contractual, legal, technical, and organizational measures to ensure that your personal data is processed securely and that an adequate level of protection is maintained when data is transferred or disclosed to selected third parties. Such third parties include:

Service providers: Certain service providers who provide IT services or assist us with marketing, analysis, or statistics may have access to your personal data.

Credit reference agencies and similar service providers: When you use our loan or credit card brokerage service, your personal data may be disclosed to credit reference agencies for the purpose of assessing your creditworthiness. Your personal data may also be disclosed to service providers that offer identity verification, customer identification, and fraud prevention services so that we can verify your identity and address and protect you from fraud.

Authorities: We disclose necessary information to authorities such as the police, the Financial Supervisory Authority, or other authorities if we are required to do so by law. For example, we are required by law to provide information on measures to combat money laundering and terrorist financing.

Lenders and credit card issuers: When comparing loans and credit cards, we forward your application to lenders and credit card issuers with whom we cooperate and whose basic requirements are met by your application. The lenders and credit card issuers who receive your application are controllers of their own personal data processing. Information about the lenders and credit card issuers we work with is available on our website.

Insurers: When you sign a contract, we’ll send your insurance info to the insurers we work with if you’ve said you’re interested in insurance. You can find info about the insurers we work with on our website.

Group companies: We may share information with our own group companies to streamline internal processes and compile joint statistics.

Business acquisition: If we sell or buy businesses, we may disclose your personal data to the potential seller or buyer of that business. If a third party acquires us or a substantial part of our business, our customers’ personal data may be transferred. Before such a transfer, we will ensure that an appropriate confidentiality agreement has been entered into.

  1. Where do we process your personal data? 

We mainly process your personal data within the EU/EEA. In exceptional cases, personal data may be processed in a country outside the EU/EEA, i.e., in a so-called third country, as we occasionally use service providers located outside the EU. Companies that process personal data on our behalf always sign a data processing agreement with us, the purpose of which is to ensure a level of personal data protection equivalent to that required by the GDPR. For partners outside the EU/EEA, special security measures are implemented, for example through agreements containing standard clauses of the European Commission on data transfer, which are intended to ensure a level of protection for personal data equivalent to that in the EU/EEA.

  1. How long do we retain your personal data?

Your personal data will only be retained for as long as it is necessary for the purpose of processing or as required by applicable law. The sections above on each processing purpose provide detailed information on how long we store your personal data for different purposes.

  • Personal data required for the provision of our Services will be retained for as long as necessary to perform our agreement with you and for five years thereafter. We have a legal obligation to retain certain data for a specified period of time, for example, to comply with the Accounting Act, the Money Laundering Act, and other similar requirements that apply to us as a loan, credit card, and insurance broker. When it is no longer necessary to retain the data, we will delete it.
  • Personal data required to perform an agreement we have entered into with a specific lender or credit card issuer will be retained for as long as necessary under that agreement.
  • Personal data that we use to send direct marketing to you, who are not our customer, will only be used for marketing purposes and will be deleted afterwards.
  • Personal data that is processed because you have given your marketing consent will be retained for as long as you subscribe to marketing. If you unsubscribe from our marketing list, the data will be deleted as soon as possible.
  • Communications with you regarding customer service issues and complaints will be retained for as long as the case is active or for as long as the data is needed to defend ourselves against legal claims, and will be filtered out after five years.
  • For analysis and statistical purposes, only data that is not personal data as defined by the GDPR will be stored.
  1. What are your rights?

Right to access your personal data

You can request a copy of your data – a so-called register extract – if you want to know what information we have about you. Please note that the right to access data is not absolute and may be restricted for various reasons in accordance with applicable law.

Right to rectification

You have the right to request that we correct any inaccurate personal data about you or complete any incomplete personal data.

Right to erasure

You have the right to request the erasure of certain personal data. This right only applies to data that can be processed in accordance with the law if you withdraw your consent and object to the processing of the data. If you want such personal data to be deleted, please send an email toasiakaspalvelu@omalaina.fi . Please use the subject line ”Request for deletion of data.”

In order to process your request, we need the following information: your phone number, email address, and personal identification number, or alternatively, you can request a callback to verify your identity using your online banking credentials.

Please note that if you have used the company’s services, we must retain your personal data in accordance with their purpose, legal requirements, and our privacy policy. Once the purpose of storage has been fulfilled, the personal data will be deleted.

Right to restrict processing

You have the right to restrict the processing of your personal data if, for example, you dispute the accuracy of the data.

Right to object to processing

When we consider that we have a legitimate interest in processing your personal data, you may object to the processing at any time. If you decide to object to the processing, we will no longer be allowed to process your personal data for that purpose unless we can demonstrate a legitimate interest in doing so. Such legitimate interest must be more significant than your own interest in objecting to the processing of personal data on the basis of privacy protection. You may also object to our processing for direct marketing purposes at any time.

Right to data portability

You have the right to receive and/or request the transfer of personal data that you have provided to us to another controller. The personal data must be in a structured, commonly used, and machine-readable format. One condition for data portability is that the transfer is technically feasible and can be done automatically.

Right to lodge a complaint

If you have any comments or complaints regarding our processing of personal data, or if you wish to exercise any of your rights, you can send us an email atasiakaspalvelu@omalaina.fi.

If, contrary to expectations, we are unable to find a solution together, you can contact the Data Protection Ombudsman, who is the supervisory authority for the processing of personal data:

Office of the Data Protection Ombudsman, PO Box 800, 00531 Helsinki

Email: tietosuoja(at)om.fi

Telephone: 029 566 6700

Website: www.tietosuoja.fi

  1. Detailed information on the processing of personal data and the grounds for it

Processing of personal data in connection with loan and credit card brokerage

Purpose of processing – what we do and why Types of personal data processed for this purpose Legal basis for the processing of personal data in accordance with the GDPR Retention period for personal data
Processing your loan and credit card application To provide the service In accordance with our user agreement, including presenting loan and credit card offers from lenders and credit card issuers with whom we cooperate, and if you enter into a loan or credit card agreement with such a lender, the performance of the agreement we have with that lender or credit card issuer
  • Name, 
  • Address
  • Phone
  • Email
  • Personal identification number
  • Account number
  • Information about your employment status
  • Information about your living situation 
  • Marital status 
  • Number of children 
  • Credit information
  • Other possible application information
 Processing is necessary for the performance of a contract with you and/or for taking steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR) Processing will continue for the duration of the customer relationship. Upon termination of the customer relationship, we will retain your data for five years from the date of termination.
Knowing and identifying the customer
  • Name
  • Address
  • Phone
  • Email
  • Personal identification number
  • Account number
  • Credit information
 Processing is based on an assessment of interests (Article 6(1)(f) of the GDPR). In its assessment of interests, the Company has determined that the processing of data is necessary for the purposes of our legitimate interests (prevention of fraud and abuse). Processing will continue for the duration of the customer relationship. Upon termination of the customer relationship, we will retain your data for five years from the date of termination.
Submitting loan or credit card applications to lenders or credit card issuers with whom we cooperate and whose basic requirements you meet.
  • Name
  • Address
  • Phone
  • Email
  • Personal identification number
  • Account number
  • Information about your employment status
  • Information about your living situation
  • Marital status
  • Number of children
  • Credit information
  • Declaration of inclusion on sanctions lists
  • Possible PEP status (politically exposed person)
  • Other possible application information
 Processing is necessary for the performance of a contract with you and/or to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR).  Processing will continue for the duration of the customer relationship. Upon termination of the customer relationship, will retain your data for five years from the date of termination of the customer relationship
Contacting the customer by email, text message, telephone, and post For the purpose of managing the service and customer relationship.
  • Name 
  • Address
  • Phone
  • Email
  • Possible loan information
  • Other necessary information
 Processing is necessary for the performance of a contract with you and/or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR). Processing will continue for the duration of the customer relationship.
Handling customer service matters and complaints when the customer is in contact with the service provider
  • Name
  • Address
  • Phone
  • Email
  • Personal identification number
  • Any other information we may need to process your complaint.
 Processing is necessary for the performance of a contract with you and/or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR). This processing will continue for as long as the data is needed, but for no longer than five years, unless applicable legislation or a requirement by a public authority requires us to retain the data for a longer period.
Investigating, preventing, detecting, and combating fraud and misuse of the Service ( )
  • Name
  • Address
  • Phone
  • Email
  • Personal identification number
  • Any other information we may need
 Processing is based on an assessment of interests (Article 6(1)(f) of the GDPR). In assessing interests , the Company has determined that the processing of data is necessary for the purposes of our legitimate interests (prevention of fraud and abuse). Processing may also be based on compliance with our legal obligations. This processing will continue for five years after the end of the customer relationship or longer if necessary to investigate a possible crime or to fulfill our other legal obligations.
Recording of calls to document and verify any agreements and consents and to improve our communications.
  • Name
  • Address
  • Phone
  • Email
  • Any other information you provide during the call
 Processing is based on an assessment of interests (Article 6(1)(f) of the GDPR). In assessing the interest, the Company has determined that the processing of data is necessary for the purposes of our legitimate interests (handling potential customer complaints and misconduct, ensuring the quality of customer service and sales, and for training purposes). We store recorded calls for 12 months.

Processing of personal data in connection with insurance brokerage

Purpose of processing – what we do and why Types of personal data processed for this purpose and their source Legal basis for the processing of personal data in accordance with the GDPR Retention period for personal data in different processing options
Registration and management of your insurance application To provide you with the service in accordance with our agreement
  • Name
  • Contact details (e.g., address, phone number, email)
  • Personal identification number
  • Account number
  • IP address and other technical information
  • Other information you may provide when registering for insurance at 
 Processing is necessary for the performance of a contract with you and/or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR). Processing will continue for the duration of the customer relationship. Upon termination of the customer relationship, we will retain your data for five years from the end of the customer relationship in accordance with the Act on the Prevention of Money Laundering and Terrorist Financing (2017/444).
Knowing and identifying the customer and analyzing customer data in the sanctions system
  • Name
  • Contact details (address, telephone number, email)
  • Personal identification number and date of birth
  • Account number
  • Employment and income details
  • Insurance details
  • Possible PEP status
  • Possible sanctions list hits
  • Electronic identification details
 Processing is based on our legal obligation (GDPR Article 6(1)(c)) to know and identify our customers and verify their identity (Act on the Prevention of Money Laundering and Terrorist Financing (2017/444)). Processing continues for the duration of the customer relationship. When the customer relationship ends, we will retain your data for five years from the end of the customer relationship in accordance with the Act on the Prevention of Money Laundering and Terrorist Financing (2017/444).
Transfer of insurance information to the insurance company
  • Name
  • Contact details (e.g., address, phone number, email)
  • Personal identification number
  • Account number
  • IP address and other technical information
  • Other information you may provide when registering for insurance
 Processing is necessary for the performance of a contract with you and/or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR). This processing will continue for as long as you use our service.
Contacting the customer by email, text message, telephone, and post for the purpose of managing the service and customer accounts.
  • Name 
  • Address
  • Phone
  • Email
  • Any loan information
  • Other necessary information
 Processing is necessary for the performance of a contract with you and/or to take steps at your request prior to entering into a contract (Article 6(1)(b) of the GDPR). Processing will continue for the duration of the customer relationship.
Recording of calls to document and verify any agreements and consents and to improve our communications.
  • Name
  • Address
  • Phone
  • Email
  • Any other information you provide during the call.
 Processing is based on an assessment of interests (Article 6(1)(f) of the GDPR). In assessing the interest, the Company has determined that the processing of data is necessary to pursue our legitimate interests (handling potential customer complaints and misconduct, ensuring the quality of customer service and sales, and for training purposes). We store recorded calls for 12 months.
Handling customer service issues and complaints when the customer is in contact with the service provider
  • Name
  • Address
  • Phone
  • Email
  • Personal identification number
  • Any other information we may need to process your complaint.
 Contacting you by email, text message, phone, and mail For the purpose of managing the service. This processing will continue for as long as the information is needed, but for no longer than five years, unless applicable legislation or official requirements oblige us to retain the information for longer.
Maintaining, developing, testing, and improving our Service and the platforms and programs used to provide it, as well as for statistical purposes.
  • Address
  • Account number
  • Employment status
  • Housing information
  • Marital status
  • Number of children
  • Credit information (annual income, any payment default entries)
  • Forced information
  • IP address
  • Browser type
  • URL address through which the page was accessed and other technical information
 Processing is necessary for the performance of a contract with you and/or in order to take steps prior to entering into a contract at your request (Article 6(1)(b) of the GDPR).  This processing will continue for as long as you use our service.

Processing of personal data in connection with marketing

Purpose of processing – what we do and why Types of personal data processed for this purpose and their source Legal basis for the processing of personal data in accordance with the GDPR Retention period for personal data in different processing options
Managing your marketing orders
  • Name
  • Contact details (e.g., address, phone number, email)
  • Personal identification number
  • Account number
 Processing is necessary for the performance of a contract with you (Article 6(1)(b) of the GDPR). This processing will continue for as long as you subscribe to our marketing communications.
Sending information, offers, marketing content, and newsletters by post, telephone, text message, and email in accordance with our terms and conditions for marketing consent.
  • Name
  • Address
  • Phone
  • Email
 Processing is based on consent (GDPR Article 6(1)a). This processing will continue for as long as you subscribe to our marketing communications.

  1. Changes to the privacy policy 

We reserve the right to make changes and updates to our privacy policy. The latest version is always available on our website at www.omalaina.fi. If the updates have a significant impact on our processing of personal data, you will be informed of the changes on our website in good time before the updates take effect. If you have any comments regarding our processing of personal data after the updates, you can send us an email at asiakaspalvelu@omalaina.fi.