Data protection at Tietokeskus
General principles of processing personal data
Data protection and privacy are important for Tietokeskus. When using our services, you provide us with personal information, and we will not break this trust.
- We process personal data carefully and with a high level of professionalism.
- We use appropriate technical measures to protect personal data.
- We always use personal data systematically and lawfully. We collect only the personal data that is necessary for our operations.
Personal data means all data attributable to a natural person.
What personal data do we collect?
This depends on the services you use. Below are examples of data that our register may include.
We collect information about you so we can identify you as our customer and keep in touch with you. This type of general information includes your name, telephone number, address, workstation location, email address and instant messaging address, for example.
Information about your employer
Tietokeskus engages in B2B business. The personal data we collect is usually based on a customer relationship between Tietokeskus and the employer of the person in question. For this reason, we also collect information about your employer.
Information related to our services and your devices
When we provide our customers with maintenance and expert services, we store data related to these services that can be attributed to a natural person. Such information includes support requests in the ticketing system, the network location or physical location of the device, the user IDs of the users logged in to the device or information about the user designated for the device, for example.
Sometimes our customers request that we include the users to whom we have delivered devices as reference information in invoices. This information is also stored in our systems.
Information related to payment transactions
When you make purchases from our online store, we store information related to the payment transaction. However, we never store your credit card number.
Password and user ID information
If you have user IDs for our online services, we need your individual user ID. Your password is always stored encrypted in our systems, and it cannot be read as clear text from the stored data.
Phone and video recordings and log data
We may record our customer service calls for quality assurance or training purposes or to fulfil our accountability obligation. When you are using Tietokeskus’ online services, identity attributes related to you may be stored in your servers’ log files.
Customer enquiries and information from social media
The email messages you send to us and your chat conversations with us are stored in our systems, along with your other communication history. In addition, we have a social media presence, and information from your public profile may be stored in our systems.
Where do we collect your personal data?
Directly from you
We collect your data when you contact our customer service department or use our services.
From your employer
We provide services to companies, and our corporate customers provide us with information about their employees or other natural persons related to the service delivered to the customer. Depending on the situation, this data may be part of your employer’s personnel register, and Tietokeskus serves as the processor. In some cases, data may also be stored in Tietokeskus’ customer register.
From websites and public social media profiles
From our partners
We may receive contact information from hardware suppliers for warranty maintenance, for example, or from insurance companies for fixing a broken device. We may also engage in marketing communications in cooperation with our partners.
From technical systems
When providing services, we use systems that help us maintain the devices you use. These maintenance systems may collect data about devices, and this data is also related to you as the user of the device. This information may include the network location and the physical location of the device, in addition to information related to using the device.
How do we use your personal data?
Sales and customer relationship management
We process your personal data to identify you as our customer, communicate with you and send you messages about our services.
We process your personal data to further develop our business operations and products and to conduct marketing research and analysis, including customer satisfaction surveys.
We collect and analyse personal data, such as information about your online behaviour or location, to send you information about our services or other messages that we think may be useful to you. We may also improve your user experience on our website based on your personal data.
Provision of services
We need your personal data in order to provide you with services that help you benefit from information technology and enjoy its use. For example, our helpdesk needs your personal data in order to identify you as a user of the service and to view information about the device you are using. In life-cycle and logistics services, we need your personal data in order to provide you with a new device.
We also use the data we collect to compile statistics and measure our operations.
Grounds for personal data processing
We always process your personal data based on one of the following legal grounds:
- You have given us consent to process your personal data. Consent can be given by using our services or contacting our customer service department. You may withdraw your consent at any time.
- The processing of your personal data is necessary for the execution of our agreement with your employer or employer’s partner.
- Personal data processing is necessary for the purposes of our, or third parties’, legitimate interests. This may mean, for example, that we process your personal data to prevent fraud, target direct marketing at you or maintain the security of our information systems.
- Personal data processing is necessary for protecting your or someone else’s vital interest.
- Personal data processing is necessary for compliance with our statutory obligations.
Automatic decision-making and profiling
We may use automatic decision-making in some of our services, such as our online store, or in the automatic processing of service requests. Automatic decision-making is based on the information provided to us.
We use profiling to send marketing messages that we believe are suitable for you, and we seek not to send messages that are irrelevant to you. You have the right to refuse to be subjected to profiling for direct marketing purposes.
Data storage and security
Disclosure of personal data to third parties
We will not disclose your personal data to third parties without your consent, unless one the following conditions is met:
- The disclosure of data is based on a law, a regulation or an agreement binding on Tietokeskus.
- Tietokeskus and a third party have entered into an agreement on personal data processing.
- The disclosure of personal data is necessary for a service provided by Tietokeskus to you or your employer. For example, when ordering a licence or registering a device warranty, we may have to disclose the contact information of the end customer’s contact person to the supplier or manufacturer.
- Your personal data was collected in connection with an event we organised in cooperation with our partners. We may disclose your personal data to such partners for marketing communication purposes related to the event.
International transfer of personal data
As a rule, your personal data will be stored only within the European Union (EU) and the European Economic Area (EEA). However, some of our partners may be based in non-EU or non-EEA countries. We may, for example, transfer data classified as personal data to processors providing cloud services in the United States or elsewhere outside the EU and the EEA. In such cases, Tietokeskus has entered into a separate GDPR-compliant data processing agreement with the partner in question, or the transfer is made within the framework of an agreement approved by the EU (e.g. Privacy Shield).
You have the right to review your personal data that has been stored in our registers, the right to have inaccurate personal data rectified, the right to have your personal data erased (right to be forgotten), the right to transmit your personal data to another service, and the right to restrict the processing of your personal data. You can exercise your rights by contacting us by email at firstname.lastname@example.org or by calling Eetu Salpaharju, who is in charge of data protection at Tietokeskus, tel. +358 207 191 614.
Register description in accordance with section 10 of the Personal Data Act (523/1999)
Tietokeskus Finland Oy
Business ID 0204687-0
Contact person for the register
Name of the register
Tietokeskus’ customer register
Purpose of personal data processing
Personal data is processed for the purpose of managing Tietokeskus companies’ (the controller and its subsidiaries) business operations, service provision and customer relationships. This also covers the sale and marketing (including direct marketing) of the products and services provided by Tietokeskus.
Data content of the register
The register contains information about Tietokeskus’ private customers and the contact persons of its corporate customers as follows:
- Customer ID/user ID for services provided by Tietokeskus or its partners
- Telephone number
- Email address
- Information about service events and the related records (ticketing)
- Information about devices related to a person
- Device serial number
- Device login history
- Location information
- Network location
- Log data collected by the device and the management system
- Letters, emails and instant messages
- Telephone calls (identity attributes and recordings)
- Employer or other related organisation
- Purchase history and information related to purchase events, payment transactions and delivery events
- Customer service management information
- Direct marketing opt-outs
- Service event information
- Information related to a person’s behaviour in Tietokeskus’ and its partners’ online services
- Log data
Sensitive data as described in section 11 of the Personal Data Act will not be stored in the register.
Regular sources of data
- Information provided by the data subject
- Information provided by Tietokeskus’ corporate customers about the users of its services
- The systems used for the provision of services, such as ticketing systems with their self-service portals and systems used for the maintenance of service devices.
- Tietokeskus’ website
Regular destinations of disclosed data
Tietokeskus discloses personal data only with consent from the data subject under circumstances that comply with current legislation and when the disclosure of personal data is necessary for a service provided by Tietokeskus to its customer.
Transfer of data to non-EU or non-EEA countries
Data from the register may be transferred to non-EU or non-EEA countries, when Tietokeskus uses cloud services located in such countries, for example.
The transfer of data to non-EU or non-EEA countries requires that:
- The country in question ensures a sufficient level of data protection, or
- The controller ensures, through contractual clauses or by other means, a sufficient level of protection of the data subjects’ privacy and rights, or
- The data subject has given their express consent for the transfer.
Principles of register protection
- The servers on which data is processed are located in facilities with sufficient physical protection. In addition, the servers are protected by means of firewalls and other appropriate technical measures.
- Personal user IDs are always required for logging in to the systems in which personal data is processed or stored. Credential management is used to ensure that the data subjects’ information can be processed only by employees who are entitled to do so.
- The employees who process data contained in the register have signed a non-disclosure agreement.
- Documents are stored in facilities with access control and a burglar alarm system.
- Material is transferred encrypted in public data communication networks.
- The employees who process personal data are provided with training related to data protection and information security on a regular basis.