Telia Cygate Privacy Notice
Updated 25 September 2020
We at Telia Cygate understand that privacy is important. We are committed to respecting and protecting privacy. Our customers entrust us with their confidential data, and we have an obligation to act in accordance with this trust every day.
In this Privacy Notice, we state:
- how we collect personal data
- what personal data we process
- for what purposes we process personal data
- how we protect and safeguard personal data
- to whom we disclose personal data
- how long we retain personal data
- how we make changes to our privacy notices
- what rights and options you have regarding the processing of your personal data.
When we process your personal data, we comply with EU and Finnish legislation, as well as the regulations and instructions issued by the authorities.
Anonymised data refers to data that can no longer be associated with a person because all identifying elements have been removed.
A customer is the contact person of an organisation that orders, buys or uses our services or is a potential customer. The customer can also be a person acting on the authority of an organisation in a contractual relationship, a person in a position of responsibility or a competent body. The organisation in a contractual relationship with Telia Cygate is responsible for ensuring that all of its contact persons are aware of the content of the Privacy Notice and that they understand it.
Personal data refers to data that can be directly or indirectly associated with an individual person. The types of personal data we process are described below in the Privacy Notice.
Personal data review request refers to a message that a customer representative sends to Telia Cygate requesting the data on the person concerned to be altered, updated, reviewed or erased.
Legitimate interest means that we may process a customer’s personal data if the processing is in the interests of Telia Cygate and the customer. This is possible, for example, if Telia Cygate is in a contractual relationship with the customer and performs tasks related to its business.
Service refers to any of the products and services that Telia Cygate offers and that the customer can order, purchase, use or receive.
Pseudonymised data refers to data that cannot be associated with an individual person when used for its intended purpose, but the person is identifiable if the data are combined with data stored elsewhere.
A controller is a person or organisation that determines the purposes and means of processing personal data.
A data subject is a person whose personal data are stored.
Traffic data refers to data that are processed on a communications network in order to transmit a message or invoice for a service. Data generated in connection with the use of communications services includes information about the parties of communications and the terminal device, the start and end time and duration of communications, the routing of the message, the data transmission protocol, the volume of data transmitted, the location of a subscription or terminal device in a specific base station area, or other location data, or other similar data processed in the communications network in order to transmit, distribute or forward messages. If the traffic data can be associated with a person either directly or indirectly, it is also considered to be personal data.
HOW DO WE COLLECT PERSONAL DATA?
Telia Cygate provides a wide range of Services. The personal data we collect depends on the Services that the customer uses. We collect personal data from the customer’s contact person (such as the Service administrator), as well as from the customer’s representatives and employees.
We collect personal data, which:
- our Customers’ contact persons give to us in the course of transactions with us, such as when they buy, use or log into our Services, order our newsletter or contact us.
- is generated when a Service is used, within the limits of the law, such as when a customer’s personnel use our communications network and other Services (such as when they make a phone call or send an email, visit our website or log into a service).
- we receive from elsewhere, such as from our partners or other public sources.
It is not mandatory to provide any personal data to Telia Cygate, but if our customer decides not to do so, we may not be able to provide access to our Services.
WHAT PERSONAL DATA DO WE COLLECT?
We collect personal data that can be categorised as follows:
- Basic details such as names and contact details (email addresses and phone numbers), the company’s name, the desired contact method, rank or profession, position of responsibility or job, and possibly also social media identifiers
- Data collected and created when users register and log in to Telia Cygate’s services and portals, such as the date and time when user IDs are created, user IDs themselves and the passwords sent to customers
- Data related to the customer relationship and contractual relationship, such as information related to the service, products and orders, and the information needed for their delivery, subscriber and user information, information related to invoicing, credit control and payments, bank details, information related to transactions (power of attorney, authorisation), customer contacts and related recordings, e.g. calls, email and chat messages to customer service, feedback messages, any video recordings that may be made by security cameras when you visit our premises
- Data generated when Telia Cygate’s website and mobile apps are used
- Data generated in connection with the use of communications services and other Services, such as traffic data related to phone calls and emails, information on the parties to communications, time of the connection, data transfer protocol, location data and data related to the end device
- Data collected in connection with registration for events, competitions and prize draws organised by Telia Cygate.
- Data related to direct marketing campaigns, permissions and prohibitions related to direct marketing, interests, subscriptions to newsletters and invitations to events, data related to the targeting of direct marketing
- Recordings of phone calls to sales and customer service, stored for the purpose of confirming assignments or developing the service
- Other data that we collect with your consent and that we specify when requesting your consent.
HOW DO WE USE PERSONAL DATA?
At Telia Cygate, we collect, process and use personal data that are needed for conducting our business, efficient customer service and appropriate commercial activities.
The processing of personal data is most often based on an agreement you have made with us or on Telia Cygate’s legitimate interest in connection with the use and provision of services. Telia Cygate is entitled to process personal data for customer relationship management and in order to serve our Customers. For example, this makes it possible to conduct targeted marketing and advertising. We can also process personal data on the basis of the law. We may also process personal data for all purposes to which you consented. When we request your consent, we will explain the meaning of the consent to personal data processing and how you can withdraw your consent.
The primary purposes of processing personal data are to collect, process and verify personal data before making an agreement and to document, manage and implement the tasks based on the agreement.
Examples of tasks related to implementing an agreement:
- Delivering and invoicing for equipment and services acquired from Telia Cygate
- Maintenance, support and customer service matters during the term of the agreement
We also process personal and traffic data in order to detect technical faults and errors, to ensure the information security of all of our Services, data systems and communications networks, and to test their operations. If necessary, we may also process personal data to detect or prevent misuse of Services. For the purposes of information security, we may also collect data on your use of Services, such as the successful and failed logins to Services that require registration. We may process traffic data for the technical development of a communications service, such as optimising the operations of communications networks.
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
We may disclose your personal data to the extent permitted and required by law. We may also process anonymized or statistical data that cannot be associated with you as a person. Such information can also be disclosed to third parties for purposes other than those described in the Privacy Notice.
We may disclose your personal data to the following parties:
Companies with the same parent company (Telia Company) as Telia Cygate to the extent permitted by applicable legislation. Our Group companies may use your personal data for the purposes defined in this Notice, including for marketing their products or services to you.
Subcontractors operating on Telia Cygate’s behalf who process personal data for us on the basis of an assignment. These third parties are not allowed to use the personal data for any purpose other than providing the service agreed with us. When using subcontractors, we will ensure in an appropriate manner that the processing takes place in accordance with the Privacy Notice. The processors referred to herein include IT service providers, suppliers of goods, equipment servicing partners, and marketing offices performing marketing on our behalf.
Our partners who process personal data on our behalf may be located outside Finland, the European Union or the European Economic Area. When transferring personal data outside the EU or EEA, we ensure by means of agreements (e.g. by the use of the EU Commission's standard contractual clauses) or otherwise that the transfers are implemented as required by law. In addition, we ensure, and also expect our processors to ensure, as required by legislation, that your personal data remain protected regardless of whether they are transferred outside the EU or EEA.
Other service providers who offer or are committed to providing you with services. For example, a service may be provided in the event of a fault or disturbance.
Other third parties with your consent, which we may have received in connection with a particular service.
In relation to legal proceedings or at the request of the authorities or other circumstances when required or permitted by law. In such cases, disclosure will be based on a law or court order in conjunction with legal proceedings or an official process.
In connection with mergers, acquisitions and business transactions and transfers.
HOW DO WE PROTECT AND SAFEGUARD YOUR PERSONAL DATA?
Information security and protection of customer data are of paramount importance to us. We continuously work to safeguard our customers’ rights. We take care of the security of our personnel, data, information systems and public communications networks as well as our offices and technical facilities. We pay special attention to protecting the data we process, such as your personal data.
Telia Cygate uses appropriate organisational and technical security measures to protect the data we possess from misuse, loss, unauthorised use, disclosure, alteration and destruction. Personal data can only be accessed by the people who need to process it to do their work, and only with limited access rights. Access to data is subject to technical restrictions according to access right groups and users.
HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We only keep personal data for as long as it is necessary to fulfil the purposes defined in the Privacy Notice unless otherwise required by legislation. No corresponding restrictions apply to anonymised data.
We do not retain outdated or unnecessary information. We aim to make sure that personal data and your other customer data are up-to-date and correct.
Personal data processed on the basis of a contractual relationship are retained, as a rule, for the duration of the contractual relationship or as long as required to provide the services. After the end of the contractual relationship or the end of the provision of services, personal data will be retained for as long as they are needed for purposes such as unfinished business, invoicing, complaints or the warranty period.
As a rule, the data are retained for at least three years and no more than six years after the end of the customer relationship. The retention times for individual data types may also be shorter.
Personal data processed on the basis of legitimate interest are processed for as long as there are grounds for processing. If the customer is entitled to object to the processing, the data are erased when the customer’s request related to the objection has been processed and approved. An example of this kind of processing falling within the scope of legitimate interest is direct marketing to the customer after the end of a contractual relationship.
Data processed on the basis of statutory obligations are processed and retained for as long as required by law. Obligations related to the retention of personal data are set by laws such as accounting and money laundering legislation and the Act on Electronic Communications Services.
The retention period for data processed on the basis of consent is determined according to the purpose of the processing. Consent is requested in situations such as customer events or when marketing messages are sent.
RIGHTS RELATED TO PRIVACY PROTECTION
As a data controller, Telia Cygate must guarantee that every data subject has rights over his/her personal data in accordance with the General Data Protection Regulation.
RIGHT TO ACCESS YOUR PERSONAL DATA
Customers have the right to receive confirmation of whether their personal data are being processed, and, if they are, to gain access to the data. Our customers have the right to review their data free of charge once every six months.
RIGHT TO RECTIFY DATA
If the data are incorrect or incomplete, customers have the right to request rectification of the data.
RIGHT TO REQUEST THE ERASURE OF DATA (RIGHT TO BE FORGOTTEN)
You can ask Telia Cygate to erase your personal data if:
- you withdraw your consent for the data to be processed and there are no other justifications for processing the data
- you object to your data being processed, and there is no acceptable reason to continue processing the data
- you object to your data being processed for the purpose of direct marketing
- Telia Cygate is considered to have processed personal data unlawfully
RIGHT TO RESTRICT THE PROCESSING OF PERSONAL DATA
If you dispute the accuracy of the data or the legality of processing the data, or if you have exercised your right to object to your data being processed, you can ask us to limit the processing of your personal data so we do nothing other than store it. In such cases, the sole processing of your data will be the act of storing it until the accuracy of the data has been verified.
RIGHT TO OBJECT TO THE PROCESSING OF PERSONAL DATA
You are entitled to object to the processing of your personal data based on Telia Cygate’s legitimate interests, including profiling. Telia Cygate may reject the request if the processing is necessary in order to implement Telia Cygate’s mandatory and legitimate interests. You are always entitled to object to the processing of your personal data for direct marketing purposes and for profiling related to direct marketing.
RIGHT TO DATA PORTABILITY
You have the option of asking Telia Cygate to provide personal data that has been delivered to Telia Cygate for processing on the basis of consent or the implementation of an agreement. It is possible to receive the data in a structured, commonly used and machine-readable format, and customers have the right to transfer the data to another controller.
RIGHT TO GRANT AND WITHDRAW CONSENT
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
Personal data review requests submitted to Telia Cygate are assessed for each situation and case individually. Note that Telia Cygate may ask you to visit its office to verify your identity and to provide you with the data that you have requested.
CHANGES TO THE PRIVACY NOTICE
We are continuously improving and developing our services, products and website, so the Privacy Notices may change occasionally. We advise you to check the latest version of the Notice on our website regularly.
HOW TO CONTACT US
If you have any questions related to personal data processing and the Privacy Notice or if you would like to send a review request, please contact us at:
Telia Cygate Oy
00051 TELIA, Finland
Data Protection Officer:
Telia Company is committed to conducting responsible and sustainable business. If you suspect that Telia Company has acted in contravention of legislation or the Privacy Notice, you can also report the matter confidentially on Telia Company’s Speak-Up Line (a whistleblowing system).
If you have any questions or you want to discuss how Telia Company protects your privacy, please contact our Group Data Protection Officer at DPO-TC@teliacompany.com.
Telia Company Group’s data protection
Cookies may be blocked in the browser settings. In some cases, this may slow down the browsing of our website or completely prevent access to a certain page.
We typically use information collected using cookies for the following purposes:
Functional cookies and provision of Services: Cookies are very important for the operation of our website and electronic Services, and they enable a smooth user experience. For example, if a user so desires, they do not have to enter their username, password and personalisation options every time they log in to our Service.
Targeting of marketing: Cookies also enable us to collect information in order to target advertising or content to a specific browser by creating different target groups. Telia Cygate’s website may contain links and connections to third-party websites, products and services, as well as third-party social plugins. The third-party services and applications on Telia Cygate’s website are subject to the third party’s privacy notice. We recommend that you familiarise yourself with the third party’s privacy practices.