Sonera Privacy Policy

1 Sonera’s data policy

The purpose of this policy is to describe the principles and practices that we follow at TeliaSonera Finland Oyj (hereinafter “Sonera”) to guarantee the protection of our customers’ privacy, confidential communications and other legitimate interests. Sonera updates this policy according to the development of its operations and services. We advise to check for the latest version regularly.
 

1.1 General principles for processing data

We respect the privacy of our customers and the confidentiality of communications. When processing our customers’ personal data and other customer information, we adhere to Finnish laws and decrees along with authority regulations and instructions based on them, as well as to good data handling practices.

The processing of personal data and other customer information at Sonera is based on a customer relationship, some other appropriate connection or the customer’s consent.
We update the data using selected external sources such as the Finnish Population Register and the mailing and telephone preference service lists issued by Suomen Asiakkuusmarkkinointiliitto (ASML). We collect personal data and other customer information when concluding contracts, when a customer registers for one of our services or uses our services, or otherwise directly from the people registering as users of our services. Moreover, we collect personal or contact information on potential customers when someone participates in a competition or customer event or contacts Sonera. The data is stored in our permanent direct marketing register and handled in accordance with the description of file.

Sonera has the right to record customer service calls in order to verify any agreements concluded on the phone, to monitor and develop the quality of our services, and to develop the company’s customer service.

As our customer, you have the right to check what information has been stored on you in our personal data file, unless effective legislation otherwise stipulates. Within the limits of the law, you may also forbid the use of your information.

We keep our customers’ personal data and other customer information confidential and use the personal data only for purposes listed in our customer register’s description of file or otherwise permitted or required by law. We aim to make sure that the personal data and other customer information are up-to-date and correct. We do not keep outdated or unnecessary information. We take appropriate care to surrender information only to those entitled to it by virtue of legislation in force. We protect our customer data as effectively as possible and seek to prevent outsiders from accessing our information systems.

Our information systems make use of advanced access right management and the use of our information systems is monitored. Personal data and other customer information is only processed by designated Sonera employees or persons working for Sonera whose lawful duties make it necessary to process personal data and other customer information.

Our employees handling personal data and other customer information are under the obligation of secrecy regarding the data they process as part of their work. Our personnel are constantly trained on matters of privacy. Personal data and other customer information may be surrendered to authorities requesting for them if the authorities have a legal right to access them. Sonera is under the obligation to surrender information concerning our customers to the extent required by law to, for example, the Finnish Communications Regulatory Authority, the Data Protection Ombudsman, the Police and emergency centre authorities and also other authorities on grounds stipulated by law.

When using subcontractors, we take appropriate care to ensure that also our subcontractors operate in accordance with this policy.
 

1.2 Processing of data related to electronic communications

We treat messages and related information transferred via our network and communications services as well as information on the location of a subscription or terminal device as confidential.

In the provision of electronic communications, data is created which may, for example, convey the subscriptions and terminal devices used by the communicating parties, the start and end times of communications, the duration and routing of communications, the data transfer protocol, the volume of transferred data, the location of a subscription or terminal device in the coverage area of a particular mobile network base station or some other location, the format of the data transferred in the communications network, and other similar information processed in the communications network while transferring, distributing or providing messages. This kind of information, when it may be linked to a particular person, is referred to as identification information.

We store identification information needed for billing at least three months from the due date of the bill. We store identification information for a maximum of three years from the due date of the bill, unless it has to be kept for a longer time for collection-related reasons.

We process identification information in order to execute and use network and communications services and location services and to protect the data in these services. We process identification information in order to determine charges between telecommunications companies and companies offering location services and for the billing related to these services to the extent necessary. We process identification information for the purpose of technical development of network, communications and location services.

We process identification information if this is necessary in order to detect, prevent or bring into pre-trial investigation such incidents of misuse where an individual fee-based service has been used without charge, or corresponding incidents. Identification information is also processed in order to detect technical faults or errors in communications transmission.

With the consent of the subscriber or user in question, we process identification information for the purpose of marketing communications or location services.

In all of the abovementioned situations, Sonera processes the identification information only to the extent necessary for performing the processing task in question and we always pay attention to the protection of our customers' privacy and confidential messages.
 

1.3 Ensuring information security

We attend to the information security of our services by applying practices that are appropriately proportioned to the gravity of the threats on the one hand, and the technical level of development and costs on the other. We take great care in our measures to prevent security breaches and disruptions, and aim in every way to prevent confidentiality or the protection of privacy from being unnecessarily jeopardized.

When possible, we provide information on information security related measures and other issues in the appropriate manner, for example on our website or in customer bulletins.

We may take necessary measures to prevent security breaches and disruptions. For example, we may prevent the reception of e-mail messages, remove viruses and malware from messages and carry out related technical measures to the extent permitted and required by law.

When taking these measures, we always make sure that they are necessary for securing the availability of communications networks and services and location services and our customers' communication opportunities.

We use appropriate encryption and other security arrangements in order to protect messages and identification information transmitted in our communications networks from outside exposure. In certain Sonera Internet services, we use the industry standard based Secure Sockets Layer (SSL) or a similar encryption method. This way, we are able to protect the personal data and credit card details of our customers when information is transmitted online for example when making online purchases. Customers need to have a sufficiently up-to-date browser that is SSL (or similar technology) enabled.

However, we kindly ask you to bear in mind that no company is able to guarantee 100 per cent secure services. Everyone must also personally take the necessary and appropriate information security precautions, for example store and use their connections and terminal devices with care, monitor the use of the equipment and make sure that they use up-to-date virus and firewall services and operating system updates.
 

1.4 Cookies

Our customers are able to surf on the Sonera Internet service sites anonymously. The description of file of Sonera’s Internet services customer database is applied to country identification-related processing of personal data. As many other websites, our website makes use of ‘cookies’ technology. When a customer connects to our service for the first time, a randomly generated unique number is stored in a cookie that does not identify the user’s identity. Cookies help us determine the most popular sections of our website, where users go and how long they stay. For example, the information is used for implementing and developing services and targeting website advertisements in services or networks provided by Sonera or its partners.

Cookies may be disabled in the browser settings. We would like to remind our customers, however, that in some cases this may slow down website browsing or prevent access to certain pages altogether. As our customer, you can read about the cookies we are using here.

Sonera’s websites include links and connections to third-party websites as well as social extensions (e.g. Facebook’s social plugins). Third-party extensions found on Sonera’s websites are downloaded from servers associated with these services, and thus the third party may use its own cookies, as if the customer were on a third-party website, to offer targeted advertising or to create statistics on users of the website. Third-party services or third-party applications found on Sonera’s websites are subject to the third party’s terms or use and other terms. With contractual arrangements, Sonera aims to make sure that these third parties adhere to effective legislation as well as to guidelines issued self-regulatory bodies.
 

1.5 Direct marketing

We may send our customers direct marketing messages concerning our products and other customer-relevant information, including electronic messages. We always aim to keep the information useful and the number of messages reasonable. As our customer, you always have the right to prohibit us from sending direct marketing material. To unsubscribe to SMS marketing, send the message KIELTO to 15400. The message is free of charge. To unsubscribe to e-mail marketing, send an e-mail to kielto@sonera.com.
 

1.6 Using location data

The provision of communications services entails the creation and storage of data identifying the location of individual subscriptions or terminal devices, up to a precision of, for example, the nearest mobile network base station or installation address. Without this information, we would be unable to provide mobile and other communications services.

The precision of location information based on mobile network base station data depends on the area in which the user is at the particular moment. Compared to more sparsely populated areas, the precision is better in cities because of the larger number of base stations. The precision may vary from hundreds of meters to kilometres.

Location service related positioning always requires the service-specific consent of the owner of the locatable device. Customers who have concluded a subscription agreement with Sonera may at any time prohibit Sonera from processing location data and from disclosing it to companies offering location services. However, if the person prohibiting the use of location data should later want to use a location service, for example to find the address of the nearest pizza restaurant, the person must first contact Sonera and cancel the ban, after which the company offering location services can locate the person’s subscription or terminal device based on the person’s request in order to offer the service.

When surrendering information to location service providers, we take appropriate care to ensure that the service provider has the required consents from the locatable person.

To the extent permitted by effective legislation, our customers have the right to gain access to identification information concerning the location of their subscription or terminal device. Parents and carers may make requests on behalf of children under the age of 15. On behalf of other legally incompetent persons, requests may be made by the guardian.
 

1.7 Subscriber directories

Phone numbers and other contact information that our customers have submitted for publication in a telephone directory are published in the directories of public directory enquiries services. Services enabling you to access subscription data maintained by Suomen Numeropalvelu Oy include: Sonera Service Directory SMS search (“Find” to 15400), Fonecta directory enquiries (02 02 02) and other 02 02-prefixed directory enquiry services, Numerotiedustelu 118, and electronic (online) directory services (Fonecta, Eniro). The users of electronic directory services may search, by entering a telephone number, for listed names and address information published in the directory.

Telecommunications companies are obliged to surrender the information submitted for publication in a directory to other directory service providers as well.

Anyone has the right to forbid the publication of all or part of their personal details in a telephone directory or directory enquiries service. You can also prohibit a telecommunications company from surrendering the said information. If published information is incorrect, we take appropriate measures to rectify the incorrect information. Please note, however, that mistakes found in a paper directory may only be corrected when the next telephony directory is published. The same applies to removing information from a paper directory.
 

1.8 Subscription identification

Subscription identification refers to caller ID, i.e. displaying the calling number to the other party of the communication. Caller ID blocks are available for those of our subscriptions that involve subscription identification, i.e. fixed-line and mobile subscriptions. Blocks are described in detail in the instructions for use delivered with subscription agreements. More information is also available at our customer service or service points.

Caller ID blocks are only available for voice transmission services, i.e. phone calls. Subscription identification cannot be blocked in SMS, MMS, WAP or other data transfer connections, but in these services the caller ID may sometimes be displayed to the other party of communication despite the block.

Caller ID blocks do not apply to emergency phone calls, but the calling number is always shown to emergency authorities. Blocks may also be bypassed by police when it is exercising its right of data acquisition.
 

1.9 Social extensions

Sonera’s websites include links and connections to third-party websites as well as social extensions (e.g. Facebook’s social plugins).
Extensions maintained by third parties found on Sonera’s websites are downloaded from servers associated with these services.

Further information on privacy in social network services:

These third-party services or third-party applications found on Sonera’s websites and services are subject to the terms or use and other terms of the third party in question.