1 Sonera Data Protection Policy
The purpose of this policy is to describe the principles and practices that we follow here at TeliaSonera Finland Oyj (hereinafter "Sonera") to guarantee the protection of privacy, confidential communications and our customers’ other legitimate interests.
Sonera updates this policy with the development of its operations and services. We advise to check for the latest version regularly.
1.1 General principles for handling data
Sonera respects the privacy of its customers and the confidentiality of communication. We adhere to Finnish laws and regulations and any orders and instructions of the authorities basing on them, as well as to good data handling practices.
Personal and other customer data is processed in Sonera on the basis of a customer relationship, some other relevant connection or the consent of the customer. We update data using selected external sources such as the Population Register and the Mailing and Telephone Preference Service Lists of the Finnish Direct Marketing Association. We collect personal data and other customer information when concluding contracts, when a customer registers for one of our services or uses our services, or otherwise directly from the people registering as users of our services. Moreover, we collect personal or contact information on potential customers when someone participates in a competition or customer event or contacts Sonera. The data is stored in our permanent direct marketing register and handled in accordance with the description of file.
Sonera has the right to record customer service calls in order to verify any agreements concluded on the phone, to monitor and develop the quality of Sonera services, and to develop the company’s customer service.
As a customer of Sonera, you have the right to check what information has been stored on you in our personal data file, unless effective legislation otherwise stipulates. Within the limits of the law, you may also forbid the use of your details.
We keep our customers’ personal details and other customer data confidential and use the details only for purposes that are listed in our customer register’s description of file or otherwise permitted or required by law. We aim to make sure that the personal data and other customer information are up-to-date and correct. We do not keep outdated or unnecessary information. We take appropriate care to surrender information only to those entitled to it by virtue of legislation in force. We protect our customer data as effectively as possible and seek to prevent outsiders from accessing our information systems.
Our information systems use progressive access right management and the use of our information systems is monitored. Personal data and other customer information may only be handled by named Sonera employees or persons working for Sonera who have to process personal and other customer data in order to perform their lawful duties.
Our employees handling personal data and other customer information are under the obligation of secrecy regarding the data they process as part of their work. Our personnel are constantly trained in matters of data protection. Personal data and other customer information may be surrendered to authorities requesting for them if the authorities have a legal right to access them. Sonera is under an obligation to surrender information concerning the company’s customers to the extent required by law to for example the Finnish Communications Regulatory Authority, the Data Protection Ombudsman, the Police and emergency centre authorities and also other authorities on grounds stipulated by law.
When using subcontractors, we take appropriate care to ensure that also our subcontractors operate in accordance with this policy.
1.2. Handling of electronic communications related data
We treat as confidential messages and related information that are transferred in our network and communications services and information that concern the location of a subscription or terminal device.
In the execution of electronic communications, data is created which may for example convey the subscriptions and terminal devices used by the partners of communication, the moments on which communication started and ended, the duration and routing of communications, the data transfer protocol, the volume of transferred data, the location of a subscription or terminal device, for example the coverage area of a particular mobile network base station or some other location, the format of the data transferred in the communications network, any other similar information processed in the communications network while transferring, distributing or offering messages. This kind of information is referred to as identification information when it can be linked to a particular person.
We store the identification information required for billing at least three months of the bill due date. We store identification information for a maximum of three years of the due date of the bill, unless for collection-related reasons they need to be kept for a longer time.
We process identification information in order to execute and use network and communication services and location services and to protect the data of these services. We handle identification data in order to determine charges between telecommunications companies and companies offering location services and the billing for the related services in the extent necessary. We process identification information for the purpose of technical development of network, communications and location services.
We process identification information if it is necessary in order to detect, prevent or bring into preliminary investigation such incidents of misuse where an individual fee-based service has been used for free, or equal incidents. Identification information is processed also in order to detect technical faults or errors in communications transfer.
With the consent of the concerned orderer or user, we handle identification information for the purpose of marketing communications or location services.
In all of the above-mentioned situations, Sonera processes the identification data only to the extent necessary for performing the processing task in question and we always pay attention to the protection of our customers' privacy and confidential messages.
1.3 Ensuring information security
We attend to the information security of our services by applying practices that are appropriately proportioned to the gravity of the threats on the one hand, and the technical level of development and costs on the other. We take great care in our measures to prevent security breaches and disruptions, and aim in every way to prevent confidentiality or the protection of privacy from being unnecessarily jeopardized.
When possible, we provide information on information security related measures and other issues in the appropriate manner, for example on our website or in customer bulletins.
We may take necessary measures to prevent security breaches and disruptions, for example prevent the reception of e-mail messages, remove viruses and malware from messages and carry out related technical measures to the extent permitted and required by law.
When launching above measures, we always make sure that they are necessary for securing the availability of communications networks and services and location services and our customers' communication opportunities.
We use appropriate encryption and other security arrangements in order to protect messages transmitted in our communications networks and identification information from outside exposure. In certain Sonera Internet services the industry standard based Secure Sockets Layer (SSL) or a similar encryption method is used. This way, we are able to protect the personal data and credit card details of our customers when information is transmitted online for example when making online purchases. Customers need to have a sufficiently up-to-date browser that is SSL (or similar technology) enabled.
However, we kindly ask you to pay attention to the fact that no company is able to guarantee 100 percent secure services. Everyone must also personally take the necessary and appropriate information security precautions, for example store and use their connections and terminal devices with care, monitor the use of the equipment and make sure that they use up-to-date virus and firewall services and operating system updates.
1.4 Cookies
Our customers are able to surf on the Sonera Internet service sites anonymously. The description of file of Sonera’s customer database is applied to country identification-related processing of personal data. Similarly to many other websites, we use so-called cookies technology. When a customer enters our service for the first time, a randomly generated unique number is stored in a cookie. The user cannot be identified on its basis. Cookies help us to determine the most popular sections of our site, where users go and how long they stay. The information is used for example for service execution and development and website advertisement targeting.
Cookies may be disabled in the browser settings. We would like to remind our customers, however, that in some cases this may slow down website browsing or prevent access to certain pages altogether.
1.5 Direct marketing
We may send our customers direct marketing messages concerning our products and other customer-relevant information also electronically. We always aim to keep the information useful and the number of messages reasonable. As our customer, you always have the right to forbid us from sending direct marketing material. To unsubscribe to SMS marketing, send the message KIELTO to 15400. The price is €0.50/message. To unsubscribe to e-mail marketing, mail to kielto@sonera.com.
1.6 Using location data
In the provision of communications services, data is created and stored on the location of subscriptions or terminal devices, up to a precision of e.g. the nearest mobile network base station or the installation address. Without this information, we would be unable to provide mobile and other communications services.
The precision of location data which is based on mobile network base station data depends on the area the user is in at the particular moment. The precision is better in cities than in more sparsely populated areas because of their larger number of base stations. The precision may vary from hundred meters to kilometres.
Location service-related positioning always requires the service-specific consent of the owner of the locatable device. Customers who have concluded a subscription agreement with Sonera is at all times able to forbid Sonera from processing location data and giving them to companies offering location services. If a person who has forbidden the use of location data should later want to use a location service, for example find the address of the nearest pizza parlour, they must first contact Sonera and cancel the ban before they can allow a company offering location services to locate the person’s subscription or terminal device on the person’s request in order to offer the service.
When surrendering information to location service providers, we take appropriate care to ensure that the service provider has the required consents from the locatable person.
To the extent permitted by law in effect, our customers have the right to gain access to the identification data that concerns the location of their subscription or terminal device. Parents and carers may make requests on behalf of children under the age of 15. On behalf of other legally incompetent persons, requests may be made by the guardian.
1.7 Subscriber directories
The phone numbers and other contact details that our customers have submitted for publication in a telephone directory are published in the directories of public directory enquiries services. Services that list the subscription data maintained by Directory Assistance Services Finland include Sonera Finder SMS search ("Find” to 15400), ZED Finder SMS search ("Find” to 16400), Fonecta directory enquiries (02 02 02) and other 02 02-prefixed directory enquiry services, Directory Enquiries 118 and electronic (online) directory services (Fonecta, Eniro). Users of online directory services are able to search for the listed names and addresses of owners of subscription numbers.
Telecommunications companies are obligated to surrender the information submitted for publication in a directory to other directory service providers, as well.
Everyone has the right to forbid the publication of all or part of their personal details in a telephone directory or directory enquiries service. It is also possible to ban a telecommunications company from surrendering the said information. Upon request, we take the appropriate measures to amend any mistakes found in the details. Please note, however, that mistakes found in a paper directory may only be corrected when the next telephony directory is published. The same applies to removing information from a paper directory.
1.8 Subscription identification
Subscription identification refers to caller ID, i.e. displaying the calling number to the other party of communication. Caller ID blocks are available for those of our subscriptions that involve subscription identification, i.e. fixed-line and mobile subscriptions. Blocks are described in detail in the instructions for use that sent with subscription agreements. More information is also available by contacting our customer service or service points.
Caller ID blocks are only available for phone calls. Subscription identification cannot be blocked for example in SMSs, MMSs, and WAP and other data transfer connections; the caller ID may be displayed to the other party of communication, despite the block.
Caller ID blocks do not apply to emergency phone calls; the calling number is always displayed to emergency authorities. Blocks may also be bypassed when exercising the police’s right of data acquisition.