Elisa's data protection principles
This summary describes the basic principles of how Elisa collects different kinds of data about its customers. The matters described in the abstract are explained in more detail in Elisa's data protection principles.
How do we collect data about you?
Collecting your personal data (such as name and contact information) is most often based on your customer relationship or some other relevant connection with us. For instance, we collect data when you sign an agreement with us, register as a user of our service, use Elisa's services, or otherwise provide us with information.
When you use Elisa's network and communication services, for instance by making a call or sending an SMS or e-mail, identification data is stored in our systems for the use of the network and services.
We can collect data based on your given consent.
We record customer service calls to be able to verify the actual discussion, if necessary.
We also collect our potential customers' data when they participate in competitions, draws or customer events.
We also update our data from public address information sources, such as Itella and the Population Register Centre.
We also use the names "customer information" and "account information" for personal data, and "network trace" or "information created during communication" for identification data.
What data do we collect?
The personal data collected is defined in more detail in the Description of the File for Elisa's customer register, which can be found at www.elisa.fi/sopimusasiat. This data includes your name, address, telephone number, e-mail address and direct marketing blocks and consent, information on company contact person, information provided by you yourself, customer classification information, order, delivery, agreement and invoicing information, and other information we store that can be connected to you.
Data created and collected during communication includes information on the communicating parties, time of the connection, routing information, data transfer protocol, format of the connection, and location information.
During Internet browsing, so-called "measurement data" is collected with the help of cookies. This data cannot be connected to a person.
How do we handle your information?
Please note that Elisa's entire personnel and its subcontractors are acting under an obligation of secrecy when handling data related to you.
We maintain the confidentiality of the data concerning you and ensure that it is only used for the predefined purposes.
Your data is handled for the purposes of producing and delivering the agreed communication and other services, developing the services, invoicing, providing you the best and most comprehensive service possible, and informing you of our services.
We also use your data for customer communication, such as sending information concerning our services and for direct marketing purposes.
We also use the data for customer profiling with the help of invoicing, usage amounts, duration of the customer relationship and external classifications. We utilise both summarised usage data and person-specific data to create target groups for marketing.
We handle the data of our potential customers for direct marketing purposes.
We strive to ensure that the customer data is up to date and correct.
We delete obsolete and unnecessary data when possible.
We protect all data concerning you through task-based, personal access rights and prevent the access of outsiders to the data.
Where do we submit your data?
We only submit your data to the extent allowed by the relevant legislation and as specified in the Description of the File to the authorities and other telecommunications companies.
If we use subcontractors, we will sign a security agreement with them that also covers the use of your data. We are also responsible for this kind of handling to you.
Elisa's data protection principles
The purpose of this data protection policy is to describe the principles and practices that we observe at Elisa to ensure the privacy protection, confidentiality of communication and legal protection of our customers.
Elisa updates this policy regularly as the operations or services change or develop. Because of this, we encourage you to regularly review the latest statement.
Elisa Rahoitus Oy, which operates under the supervision of the Finnish Financial Supervisory Authority as a body with a payment institution permission and the permission to issue electronic money, observes Elisa's data protection procedures described herein as applicable, with special consideration of banking secrecy and regulations concerning payment institutions. The Description of File for Elisa Rahoitus can be found on the website of Elisa Lompakko at www.elisa.fi/lompakko.
Basic values important to Elisa include the confidentiality of communication and protection of the privacy of customers.
Basic values important to Elisa include the confidentiality of customer data and communication, as well as protection of the privacy of customers in all of the company's operations. When handling the personal data of our customers, we follow Finnish legislation, orders and instructions of the authorities and good data processing practices.
Elisa implements a high level of data protection. Personal and identification data as well as location-related data is only collected for specific predefined and legal purposes and is not handled in a way incompatible with these purposes.
We constantly train our personnel on the principles of data handling and monitor the use of the data by appropriate means.
The general principles of handling customer data
The handling of personal data must always be properly justified for Elisa's operations. Elisa has defined the purpose of collecting, handling and submitting personal data in the Description of File for its customer register. The Description of File can be found at www.elisa.fi/asiakaspalvelu. Elisa only handles customer data necessary for its operations, as defined in the purpose of use stated in the Description of File for the customer register. We strive to ensure that we do not handle incorrect, incomplete or obsolete data.
The handling of customer data is usually based on a pertinent relationship, such as an agreement you have signed with Elisa, information received during the use of or registration for a service, or your given consent. We can handle your data based on other grounds as well, such as at your own request or when compelled by legislation. Your information can be handled within the Elisa Group. We regularly update your contact information by using the public address services of Itella and the Population Register Centre. Elisa checks for any marketing blocks from Suomen Asiakkuusmarkkinointiliitto's blocking service approximately once a month.
We record your conversations with our customer service to verify a business transaction and to monitor and develop the quality of service.
Please note that as an Elisa customer, you are entitled to inspect what data concerning you has been stored in our information systems, or that there are no data concerning you in our file. You can also deny the use of your data as provided by the relevant legislation. The inspection can be made once a year without charge. The request to inspect the data must be made with a document that is signed or verified in a comparable manner, or in person at an Elisa store.
Submitting the data
Elisa can only submit your data to third parties as provided by the relevant legislation. We mainly submit information to the authorities, for example the Finnish Communications Regulatory Authority, the Data Protection Ombudsman, the police and emergency exchange authorities, and other authorities based on grounds specified by the legislation. In addition, we may submit your data to subcontractors, in which case we will ensure that the confidentiality of the data is maintained, and we will be responsible to you for the data handling in this case as well. If we handle your data outside the EU/ETA region, we will protect your data by signing an agreement with the subcontractor that ensures the proper handling of the data.
Handling identification and location data related to electronic communication
Elisa treats all data and messages created during communication as confidential. Our personnel is bound by an obligation of secrecy and a prohibition of using any messages or other confidential information. When communication takes place through a network it always leaves a trace. These network traces are called identification data if they can be connected to a person. Network traces are created, for instance, when making telephone calls, sending e-mail and SMS messages, and browsing the Internet, and may contain information on the communicating parties, the connection route or routing, the data transfer protocol used, the time of the event, and the terminal devices used or their location.
Elisa handles the identification and location information of communication according to the Act on the Protection of Privacy in Electronic Communications (516/2004) for the purposes, for instance, of implementing and using services as well as invoicing, technical development and, at the customer's consent, marketing. The data can also be used for the invoicing of other service providers to the extent that this is necessary.
Elisa may also handle identification data in cases of misuse, breach of data security and fault repair.
In all of the above situations, we only handle identification and location data to the extent that it is necessary to accomplish a certain specific task.
Utilising location data
Location data indicates the geographical location of a mobile phone. It is used for offering location services and as a technical aid in transmitting communication. The more base stations there are in a certain area, the more accurately the location of a subscription can be established. In a densely populated area, location can be established with an accuracy of a few hundred metres, but in sparsely populated areas, the accuracy may be no better than several kilometres.
Location data can be utilised in various services, for instance, when a customer orders the information on the nearest pharmacy or restaurant to their phone.
Actual locating where another person can track where another person is located requires the consent of the person to be located. For a child under 15 years of age, the consent is provided by a parent or guardian. The customer can tell the telecommunications company that the subscription may not be located at all. Please note that such a prohibition of locating the subscription submitted to Elisa covers the locating services of all companies. Actual locating services may be offered by other service providers in addition to Elisa.
If we submit location information to providers of locating services, we ensure through appropriate means that the there is a consent from the person to be located.
Our customer is also entitled to obtain the identification data indicating the location of a subscription or terminal device they are using to the extent allowed by the relevant legislation. A parent or guardian can make the request on behalf of a child under 15 years of age. For other persons without legal capacity, the request can be made by their guardian.
Persons authorised to handle identification and location data
Only specific persons at Elisa whose work requires access to identification and location data may handle such data. In practice, the authorisation is only granted to persons performing tasks related to invoicing, the maintenance or development of communications networks or services, the prevention and investigation of misuse, or customer service and marketing. Persons granted the right to handle the data may only handle it to the extent required for performing individual tasks.
Duration of the handling of identification and location data and storage of the data
We handle identification and location data for as long as is required for the purposes of invoicing, technical development, fault repair, marketing, the investigation of misuse, or data security. However, handling only takes place to the extent required by the actions and without unduly compromising the confidentiality of a message and the protection of privacy.
We store data required of invoicing for at least three months from the due date of the invoice and for no longer than three years from the due date of the invoice, unless it is necessary to store the data for a longer period of time due to reasons related to collecting the invoice. Otherwise, the data is stored to the extend allowed and required by the relevant legislation.
We also collect data concerning visits to websites. Such data includes the IP address and the corresponding DNS name, the organisation that registered the IP address, the name and address of the visited page, the time of loading the page and the type of the browser.
Please note that the IP address is a required identification for the functioning of the Internet, used for directing the messages transmitted over the Internet to the correct places. As a rule, the IP address is not connected to the person using the computer, but it can be connected to the organisation that registered the IP address. The IP address connection can be established at the request of the authorities.
As Elisa's customer, you can browse our websites anonymously. However, like other websites, we are using the cookie technology. When you first contact our service, the cookie sets a random number for the browser that does not indicate your identity. The cookies help Elisa determine which are the most popular sections of its websites, where do the visitors go and how long do they stay there. The data is used for implementing and developing services and targeting advertisements on the websites.
You can prevent the cookie from being stored by changing your browser settings. In some cases, the prevention may lead to slower browsing of the pages or the website not working at all.
We ensure the data security of our services by using methods that are in proportion to the severity and sophistication of the threats as well as the cost. Elisa is careful in performing actions that aim at preventing breaches of data security or eliminating disturbances that affect data security. In addition, we use all means to ensure that the confidentiality of messages or the protection of privacy is not unduly compromised when performing the above actions.
We provide information on actions related to the data security of our services and other matters concerning data security through appropriate channels, such as our website or customer bulletins.
In order to prevent breaches of data security and eliminate disturbances affecting data security, we may take the required action by, among other things, preventing the reception of e-mail messages, removing viruses and other malware from the messages, and taking other comparable technical measures necessary within the allowed and required limits specified in the relevant legislation. We use physical, administrative and technical protection measures to keep messages and identification data transmitted over the communications network secret. These actions decrease the risk of data concerning you being disclosed to third parties and prevent misuse and other unauthorised access. Some of our services also use standardised encryption methods.
Please note that as an Elisa customer, you should also use the most appropriate methods to ensure your own data security. We encourage you to store and use our services and your terminal devices carefully and control their use, e.g. by employing PIN codes, and to use sufficient antivirus and firewall services and keep them as well as the operating system updated.
Identification of the subscription
Identifying the subscription refers to displaying the calling number to the other person when making a call. Blocks against identification are available for subscriptions operating in Elisa's network. You can obtain detailed information on the blocks in the instructions delivered with the agreement, through online channels, our customer service and our shops.
Blocks of subscription identification only apply to voice transmission services. When using other services, identification of the subscription cannot be prevented and the ID of the subscription may be transmitted to the other party of the connection despite the use of a block.
Blocks against identifying the subscription do not apply to emergency calls. The number of the calling subscription is always transmitted to the authorities.
Customer communications and direct marketing
Elisa sends customer messages concerning its products and services to its customers without a separate consent.
Elisa also sends direct marketing messages in electronic format. You have the right to forbid Elisa from sending any direct marketing messages. You can forbid marketing via SMS messages by using the OmaElisa and OmaSaunalahti online service channels or by following the instructions included in the direct marketing message.
Some subscription types include an automatic consent to direct marketing as specified in the terms of agreement (e.g. the Norppa+ subscription). If you wish to stop receiving the messages for these subscriptions, you will need the change the subscription type. Our goal is to only send current and useful information and to keep the amount of messages reasonable.
Publishing your contact information in directory services
Telecommunications companies are obligated to also deliver information submitted for publishing in a directory to other providers or directory and number information services. Elisa cooperates with Eniro and Fonecta in fulfilling its legal obligation to publish its customer's basic information, if the customer so wishes, in a telephone directory and a number information service. The basic information to publish include the customer's name, address and telephone number.
The information you have provided to Elisa for publishing is forwarded to a national database maintained by Suomen Numeropalvelu Oy (SNOY). You have the right to deny the publishing of data concerning you in a directory service. The national database must submit the name, address and telephone subscription number to any company for the purpose of maintaining a telephone directory or number information service. The SNOY database provides information to Finnish number information services, such as the 118, 0100100, 020202, and 020200 numbers, as well as to online directory services. However, the publisher of the directory and the service provider are responsible for the information they publish.
You have the right to deny the publishing of data concerning you in the directories fully or in part. You can also forbid the data from being forwarded further by informing our customer service of this. In addition, if the published information contains an error, we will try to fix the error at your request as soon as possible.
Secret telephone numbers
You must separately agree on a secret telephone number with Elisa. If you wish to use a secret number, we recommend changing the number or opening a new subscription.