Käyttämällä sivustoamme hyväksyt evästeiden käyttämisen laitteessasi ja tallentamisen siihen. Lisätietoa saat evästeitä koskevasta tietosuojaselosteesta. Lue lisää

Privacy Notice

Updated on May 23, 2018

We at Telia understand how important privacy is to our customers. We are committed to respecting and protecting our customers’ privacy. As our customer, you trust us with confidential data, and we have an obligation to act every day in accordance with the trust you place in us.

Download Privacy Notice (pdf)

In this Privacy Notice, we disclose:
  • how we collect your personal data
  • what personal data we process on you
  • for what purposes we process your personal data
  • how we protect and safeguard your personal data
  • to whom we disclose your personal data
  • how long we store your personal data
  • what rights and options you have regarding the processing of your personal data.

When processing your personal data, we comply with the EU and Finnish legislation applicable to Telia and with authority regulations and instructions.

The Privacy Notice applies to the processing of personal data of natural persons, regardless of whether you are a consumer or business customer. In addition, Telia may have service-specific privacy policies, which describe the processing of personal data in the service in question. You can find them on our privacy site.

The Privacy Notice does not apply to services or websites provided by other companies, even if they were accessed through Telia's communications network or services.

Definitions

The below terms are used in the Privacy Notice as follows:

Anonymized data refers to data that can no longer be associated with you as a person, as all identifiable elements have been removed.

Customer is a subscriber, buyer or user of our Services. The customer that has a contractual relationship with Telia is responsible for ensuring that all the users (e.g. family members using the same subscription) are aware of and understand the contents of the Privacy Notice.

Personal data refers to data that can be associated with you either directly or indirectly. The types of personal data we process are described below in the Privacy Notice.

Services refers to all products and services provided by Telia.

Traffic data refers to such data generated in connection with the use of a communications service that is processed in the communications network in order to transmit a message, to invoice for a communications service, or for other purposes permitted or required by law. Data generated in connection with the use of communications services include, for example, information about the parties of communications and the terminal device, the start and end time and duration of communications, the routing of the message, the data transmission protocol, the volume of data transmitted, the location of a subscription or terminal device in a specific base station area, or other location data, or other similar data processed in the communications network in order to transmit, distribute or forward messages. If the traffic data can be associated with you as a person either directly or indirectly, it is also considered to be personal data.

How do we collect your personal data?

Telia provides a wide range of services. What personal data we collect depends on the Services you use, subscribe to or buy, and on what data you submit to us or we collect in this connection or otherwise when you log in to our Service.

We can collect personal data from the following sources:

Directly from you yourself for instance when you do business with us, buy or subscribe to our Services and products, or when you register with or log in to our Services, visit our website, subscribe to our newsletter, reply to our customer satisfaction survey or contact us.

From other sources

Detected data generated in connection with the Service use are processed by us to the extent permitted by law for instance when you use our communications network, online services, TV and entertainment services, mobile apps and other Services (e.g. in connection with phone calls and sending of email or website visits).

Derived data we have created on the basis of your personal data, such as conclusions about your possible interests, made by means of analytics in order to target direct marketing.

Data obtained specifically from other sources, such as other service providers or publicly available registers, e.g. the Population Register Centre, Posti’s registers, the Robinson register of the Data & Marketing Association of Finland, Suomen Asiakastieto, Fonecta, Aller and Futusome.

Disclosure of personal data to Telia is not compulsory, but if you choose not to disclose your personal data, we will not necessarily be able to provide you with our Services.

What personal data do we process on you?

We may process the following types of personal and traffic data:

  • Basic details, such as name and contact details, the desired communications channel, title or profession, for corporate contact persons also the area of responsibility / position, and social media identification data.
  • Demographic data, such as age, date of birth, gender and mother tongue.
  • Personal identity number, if necessary in order to identify the customer for invoicing purposes, for example, or if otherwise permitted or required by law.
  • Data collected in connection with the registration with and login to Telia’s services and portals, such as usernames and passwords (e.g. Omat Sivut, Corporate Portal, Telia Yhteisö).
  • Data related to the customer relationship and contractual relationship, such as information related to the Service, products and orders, and the information needed for their delivery, subscriber and user information, information related to invoicing, credit control and payments, bank details, information related to transactions (powers of attorney, authorizations), customer contacts and related recordings, e.g. calls, email and chat messages to customer service, video recordings of security cameras of your visit to our premises.
  • Data created in connection with the use of communications services and other Services, such as the traffic data related to calls, messages and emails, information on the parties to the communications, the time of the connection, the data transmission protocol, location data, and information on the terminal device, and data generated during the use of Telia's website, mobile apps, and TV and entertainment services.
  • Other data describing the Service use, including any personal data collected by means of cookies and similar technologies in connection with web or mobile browsing. Read more about cookies.
  • Data related to the identification and registration of a customer or user, such as the usernames and passwords required for the management of mobile certificates.
  • Data collected in connection with registration for events, competitions and prize draws organized by Telia.
  • Data related to direct marketing campaigns, permissions and prohibitions related to direct marketing, interests, subscriptions to newsletters and invitations to events, data related to the targeting of direct marketing.
  • Other data that we collect with your consent and that we specify when requesting your consent.

Telia processes children’s personal data to the extent permitted by law, when appropriate in the case in question. Telia takes reasonable efforts to ensure and verify that the custodian of a child under the age of 13 has agreed to the processing of personal data, taking into account the available technology and the privacy risks related to the processing.

How do we use your personal data?

We collect, process and use personal data that are needed for conducting our business, efficient customer service and appropriate commercial activities, including the processing of personal data for anonymizing data.

The processing of personal data is most often based on an agreement you have concluded with us or on Telia's legitimate interest in connection with Service use and provision. Telia is entitled to process personal data for customer relationship management and in order to serve our Customers. This makes it possible, for example, to conduct targeted marketing and advertising. We may also process personal data based on other grounds, such as on the basis of your consent or the law.

In all of the above cases, we process personal data only for a specified purpose and to the extent necessary for it, taking the protection of our customers’ privacy always into account.

We may combine data collected in connection with different Services in so far as the data have been collected for the same purpose. If the customer is identifiable, we may combine their customer data with analytics data collected on them in order to be able to better target our Services for the customer's needs.

Telia processes personal data for the following purposes:

1. On the basis of a contractual relationship and in order to provide Services:

We process your personal data for the provision and production of Services. We process your personal and traffic data in order to transmit communications, to implement a service, and to ensure information security. We do this, for example, when switching a call or transmitting a text message or email to the recipient in our communications network. In addition, the provision of Services requires that we process personal data for managing a customer or contractual relationship, identifying customers or users, processing and delivering orders, invoicing, service and product quality control, credit control, debt collection, customer service, and for fixing various faults and incidents or for processing complaints.

The formation of a contractual relationship and/or the delivery of services may require an approved credit decision, which can be taken through automated decision-making. We also process personal data in customer communications, e.g. when sending notifications related to Services, and in order to contact customers in issues related to our Services.

We process your personal and traffic data in order to detect technical faults and errors, to ensure the information security of all of our Services, data systems and communications networks, and to test their operations. If necessary, we may also process your personal data to detect or prevent misuse and fraud related to our Services, for example if a communications service subject to a charge has been used free of charge. For purposes of information security, we may also collect data on your Service use, e.g. on successful and failed logins to our Services requiring registration.

We may process your traffic data for the technical development of a communications service, such as for optimizing the operations of communications networks. In addition, we may compile statistics for the development of Services and for other analysis needs and thus, for example, group our customers based on invoicing, data volumes, the duration of the customer relationship or external classifications, e.g. draw up reports on how different user groups use communications services or how a person’s place of residence and age affect their Service use.

We process your personal data internally for the development, management and quality control of our business, Services and related processes. Such processing may be necessary, for example, when we analyse delivery processes and complaints related to them in order to improve the efficiency of our delivery process and thereby to find a better and faster way to serve our customers. We also process personal data to better understand our customers’ needs and wishes as regards, for example, the features and contents of our Services.

2. On the basis of legitimate interest:

Telia may process your personal data on the basis of legitimate interest. Telia has legitimate interest to process your personal data in the following situations, for example:

Direct marketing: We process and utilize both anonymized data and personal data for marketing purposes and for building target groups for marketing within the limits of the valid legislation. In addition, we may process your personal data in order to target our marketing at the products and services that each customer finds interesting. We may use your personal data within the limits of the law for marketing both our own and our cooperation partners’ products and services, such as for direct marketing and market research, and for customer satisfaction surveys.

Personalization of services: We may process personal data or anonymized data for personalizing and targeting Services for instance by giving recommendations and by showing targeted contents in our Services or customer channels. We also process personal data and anonymized data in order to get a comprehensive picture about the customer's use of our Services and likings related to our Services. We use such profiled data in order to enable our customers to get a better experience of the use of our Services.

Statistical purposes: We may also process your personal data in order to create statistical analyses, which enable us to develop our customer offering or improve our services or products.

3. To comply with legal obligations:

We process your personal data in order to meet our legal obligations, such as for accounting and authority purposes.

4. For other purposes to which you have given your consent

We may process your personal data for all purposes to which you have given your consent. You can, for example, give your consent to the processing of your traffic data or location data in order for us to target such benefits at you that are topical or relevant to you.

When requesting your consent, we inform you thoroughly of the meaning of the consent to personal data processing and how you can cancel your consent.

How do we protect and safeguard your personal data?

Information security and protection of customer data is of utmost importance to us. It is important for Telia to ensure the availability, integrity and security of personal data. We strive to take appropriate actions in order to protect personal data and to prevent and detect unauthorized access to personal data and loss of personal data.

We take continuous efforts to safeguard our customers’ rights. We take care of the security of our personnel, data, information systems and public communications networks as well as our offices and technical facilities. We pay special attention to protecting the data we process, such as your personal data.

In data protection, we take into account the risks posed to privacy protection and business operations by the processing of personal data, the available technical options, and different kinds of threats in accordance with the applicable legislation, regulations and obligations under agreements.

To whom do we disclose your personal data?

We may disclose your personal data to the extent permitted and required by law. We may also process anonymized or statistical data that cannot be associated with you as a person. Such information can also be disclosed to third parties for other purposes than those described in the Privacy Notice.

We may disclose your personal data to the parties below.

1. The Telia Group companies to the extent permitted by applicable legislation. Our Group companies may use your personal data for the purposes defined in this Notice, including for marketing their products or services to you.  

2. Telia's subcontractors that process personal data on our behalf based on our assignment. These third parties are not allowed to use the personal data for any other purpose than for providing the service agreed with us. When using subcontractors, we will ensure in an appropriate manner that the processing takes place in accordance with the Privacy Notice. The processors referred to herein include, for example, IT service providers, equipment servicing partners, and marketing offices performing marketing on our behalf.

Our partners processing personal data on our behalf may be located outside Finland, the European Union or the European Economic Area. When transferring personal data outside the EU or EEA, we ensure by means of agreements (e.g. by the use of the EU Commission's standard contractual clauses) or otherwise that the transfers are implemented as required by law. In addition, we ensure, and also expect our processors to ensure, as required by legislation, that your personal data remain protected regardless of whether they are transferred outside the EU or EEA.

3. Contact data services. We disclose your personal data (such as name, telephone number and address) for publication in public contact data services (electronic directory services or telephone directory) as required by law. If you wish, you have the right to forbid the publication of your data in this way.

4. Other telecommunications companies or service providers that provide or are committed to providing you with services, for example, for invoicing purposes or in the event of a fault or disturbance.

When you leave our communications network and use the roaming services provided by other operators (e.g. when travelling abroad), the operators concerned are entitled to collect and process your personal data and receive your personal data from Telia. This processing and collection of personal takes place in accordance with the agreement terms of the operator in question, and this Privacy Notice does not apply to such processing. We encourage you always to read about the privacy practices of the operator in question.

When you, for example, order Spotify through us or want to get Norwegian Reward points for your phone bill, the service provision may require disclosure of your data to the service provider in question. If you send your device to us for servicing, the warranty procedure may require disclosure of your data to the manufacturer.

5. Other third parties with your consent, which we may have received in connection with a particular service, for example.   

6. In relation to legal proceedings or at the request of an authority on the basis of applicable law or court order or in connection with a trial or authority process. Under a court decision, your personal data may be disclosed, for example, to a copyright holder or their representative.

We may also disclose your data to a competent authority, such as the police or the emergency centre authorities, to the extent required by law in accordance with a predefined procedure.

7. As required or permitted by law, for example when providing a subscriber with a connection-specific itemization for an invoice.

8. In connection with mergers and acquisitions and various business transaction and transfers.

How long do we store your personal data?

We store your personal data only as long as necessary to implement the purposes defined in the Privacy Notice, unless otherwise required by legislation. No corresponding restrictions apply to the storing of anonymized data.

We do not store outdated or unnecessary information. We aim to make sure that your personal data and other customer data are up-to-date and correct.

Your data processed on the basis of a contractual relationship are stored, as a rule, for the duration of the contractual relationship or as long as the provision of the Services requires. After the expiry of the contractual relationship or the end of the Service provision, your personal and traffic data will be stored as long as they are needed, for example, for unfinished business, invoicing, complaints or warranty period.

The data are stored for at least three years as a rule and no more than six years after the end of the customer relationship. The storage times of individual data types may also be shorter: Internet logs (IP addresses), for example, are stored for 90 days.

Data processed on the basis of legitimate interest are processed for as long as there are grounds for their processing. If the customer is entitled to object to the processing, the data are erased when the customer's request related to the objection has been processed and approved. An example of this kind of processing falling within the scope of legitimate interest is direct marketing to the Customer after the end of a contractual relationship.

Data processed on the basis of legal obligations are processed and stored as long as required by law. Obligations related to the storage of personal data are set, for example, by the accounting and money laundering legislation and the Act on Electronic Communications Services.

The storage time of data processed with your consent is determined according to purpose of the processing. If you have given your consent to the processing of traffic data for direct marketing purposes and then cancel your consent, we will no longer process your traffic data in order to target direct marketing to you on the basis of them. However, we still have the right or obligation to process traffic data, for example, under a contractual relationship or legal obligation.

What rights and options do you have?

Your rights and options depend on the purposes of the processing of personal data and on the situation.

  • The right to access: You have the right to receive a confirmation of whether your personal data are processed, and if they are, to gain access to the data. If less than six months have passed since your previous inspection request, Telia may charge you for the inspection request according to the price-list.
  • The right to give and withdraw your consent: If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
  • The right to rectify data: You are entitled to have your personal data rectified or, in certain cases, to have defective personal data supplemented.
  • The right to object to the processing of personal data: You are entitled to object to the processing of your personal data based on Telia’s legitimate interests, including profiling. Telia may reject the request, if the processing is necessary in order to implement Telia's mandatory and legitimate interests. You are always entitled to oppose to the processing of your personal data for direct marketing purposes and for profiling related to direct marketing.
  • The right to data portability: You have the right to receive your personal data you have submitted to us for processing based on your consent or the implementation of an agreement. You are entitled to receive the data in a structured, commonly used and machine-readable format, and the right to transmit the data to another controller.
  • The right to be forgotten: You are entitled to ask Telia to erase data related to you, for example, if (i) you consider them unnecessary for the purposes described above, (ii) you cancel the consent you have given, (iii) you consider Telia to process your personal data unlawfully, or (iv) you object to the use of your personal data for direct marketing purposes.
  • The right to restriction of processing: You have the right under certain circumstances to require the controller to restrict the processing of your personal data.

In addition to the above, you have the right to forbid the publication of your personal data and the disclosure of your personal data to contact data services (so-called unlisted number).

How will you know if the Privacy Notice has been amended?

We will update the Privacy Notice, if necessary, as our operations and Services develop. We advise you to check for the latest version regularly on our website.

If there is a conflict between translations, the Finnish version shall prevail.

How can you exercise your rights and contact us?

You can exercise all the rights of a data subject by logging in to telia.fi and in the Minun Telia application.

Log in to the service through the above link or at www.telia.fi. You can also get more information from Telia's customer service, by calling 020 690 400 or at Telia Kauppa shops.

You can send any questions related to the processing of personal data or the Privacy Notice to the addresses below.

Controller

Telia Finland Oyj
Teollisuuskatu 15, FI-00510 Helsinki
P.O. BOX 106, FI-00051 TELIA
Business ID 1475607-9

Nationwide switchboard number 020401 (from abroad: +358 20401)
Data Protection Officer: tietosuoja-telia@teliacompany.com
Customer service and telephone 020 690 400

Complaints related to the processing of personal data and requests related to the exercise of rights:

Telia Finland Oyj
Customer Service
P.O. Box 0400
FI-65101 VAASA

If you think that Telia has acted contrary to the Privacy Notice or the valid legislation, you are entitled to file a complaint about the matter. You can also file a complaint with the Data Protection Ombudsman, who monitors the lawfulness of the processing of personal data, or the Finnish Communications Regulatory Authority, which monitors the lawfulness of the processing of traffic data in Finland.

Telia is committed to conducting responsible and sustainable business. If you suspect that Telia has acted contrary to the lgislation or the Privacy Notice, you can also report the matter confidentially through TeliaCompany’s Speak-Up Line (so-called whistleblowing system).

If you have any questions or want to discuss how Telia Company protects your privacy, please contact our Data Protection Officer at DPO-TC@teliacompany.com.

Telia Company Group's data protection: https://www.teliacompany.com/en/about-the-company/privacy

Laws applicable to the processing of personal data and traffic data

EU’s General Data Protection Regulation

Act on Electronic Communications Services