We are Telia Eesti AS (Mustamäe tee 3, 15033 Tallinn, Estonia with reg. code 10234957) (hereinafter ‘Telia’) and, here's how we, as the controller of your personal data process and protect it.
Telia recognizes that the protection of personal data is important to our customers and other individuals whose personal data we are processing. Therefore, we protect the privacy of every data subject with responsibility and care.
When processing personal data, Telia shall comply with the , the Electronic Communications Act and other directly applicable legal acts regulating the processing of personal data.
1. What is in this Privacy Notice?
This Privacy Notice applies to the processing of personal data of natural persons, regardless of whether you are a consumer, a user of the services we provide or business customer. In addition, Telia may have service-specific privacy notices, which describe the processing of personal data in the context of a specific service or domain. You can find them on our website.
This Privacy Notice sets out:
- how we collect personal data;
- what personal data we process;
- for what purposes and based on which legal grounds we process your personal data;
- for how long we process your personal data per purpose;
- how we protect and safeguard your personal data;
- to whom we disclose your personal data;
- what rights you have regarding the processing of your personal data and how you can execute them.
What is not covered in this notice?
This Privacy Notice does not apply to the processing of your personal data by other companies when you are using their services or websites even if they were accessed through Telia's communications network or services. Those companies have their own privacy and cookie notices and they are responsible for processing your data.
Telia offers a wide range of products and services. The information we collect about you depends on the products and (or) services you order and (or) use and the data you provide to us when you order products and (or) services or register on our websites, applications and other platforms.
You are not obliged to disclose any personal data to Telia, but please note that if you choose not to disclose your personal data, we will not necessarily be able to provide you with all our services or offer relevant products/solutions to you.
Telia collects and further processes your personal data from the following sources:
Directly from you
This data derives from you, when you do business with us, buy or subscribe to our services, or when you register with or log in to our services, visit our website, reply to our customer satisfaction survey or contact us by phone, email or chat.
Generated data
This data is generated when you use our communication networks or our services, i.e., when you are making phone calls, sending messages (SMS), browsing the Internet, using TV and entertainment services, visiting our websites and applications etc.
Derived data
This data is created based on your personal data, such as conclusions about your possible interests or consumption habits, made e.g., by means of analytics for marketing purposes.
Other source data
This data is obtained from other service providers, public authorities, or publicly available registers, such as state agencies (ie population register, e-business register), banks or credit bureaus (for credit-check and solvency assessment). We also process personal data received from other Telia companies in accordance with this Privacy Notice under the conditions laid down by law.
Personal data (hereinafter also data) is data that is directly or indirectly associated to you as a private individual (it can be the customer or a user using services under the customers contract, such as business customer employees, partners representatives or private customers family members, authorized persons).
For the sake of clarity, we group your personal data into the following data categories:
We collect and process your personal data to the extent it is needed for specified and legitimate purposes and only if necessary to fulfil the purpose.
In this Privacy Notice we have grouped all purposes of processing into nine categories. You have different rights and opportunities to influence and make choices regarding the processing of your personal data that are described in this Privacy Notice.
Telia applies a legal ground for each processing activity. Telia processes your personal data based on your consent, in order to fulfil the contract between you and Telia, in order to fulfil a legal obligation derived by law or based on Telias legitimate interest.
Data processing based on consent
With your consent, Telia may process your basic personal and/or traffic data. When requesting your consent, we will inform you of the purpose and how you can withdraw your consent at any time.
Performance of a contract
We process personal data on the legal ground performance of contract when it is strictly necessary. Such processing of personal data primarily manifests in allowing a certain result for our services and products and this cannot be achieved by avoiding the processing of personal data.
Compliance with an obligation arising from legislation
If data processing is necessary for the performance of an obligation arising from law, Telia cannot decide on the collection and further processing of such personal data, nor can you.
Processing based on legitimate interest
When we process personal data based on the legal ground legitimate interest we balance between your and our rights. We process personal data on this legal ground for improving and developing our communications network and systems, usage statistics, etc. because we want to ensure our customers high quality of services, smooth products and service delivery and the best customer experience.
If we process personal data for marketing and profiling purposes on the legal ground legitimate interest, you always have the right to object to the processing via Telia’s e-environment.
Automated decision making is a means of processing of your personal data where decisions are made by technological means without human involvement. An automated decision can be based on different processing activities, for example, profiling, and these processing activities need to have appropriate legal grounds in place. If there is any human intervention involved, the processing is not considered being automated (e.g., if a person reviews a credit-check prior to the decision).
Telia uses the legal grounds performance of contract and a legal obligation arising from law when processing personal data within the scope of automated decision making.
In case you are not satisfied with the automated decision made by Telia regarding you, you have the right to
- ask Telia for a human intervention instead of the automated decision making,
- express your point of view and
- to contest the decision.
We will store your personal data for the period required to attain the purposes stated in the privacy notice or until the legal obligation stipulates that we do so as stated above in section 4.2.
It should be considered that in certain cases, exceptions apply to maturities. For example, some automatic maturities do not apply in case of debts or in cases where Telia needs to retain your personal data in order to defend itself in legal disputes and claims in which case we store the data until it is necessary to defend Telia in any proceedings against us have ceased. Neither do these rules apply to the storing of anonymous data, as in such case, we are no longer dealing with personal data.
Below you can find different recipients to whom we provide your personal data.
Our partners who process Personal data on our behalf are sometimes located outside the European Union (EU) or the European Economic Area (EEA). When transferring Personal data outside the EU or EEA, we ensure by means of agreements (e.g. by the use of the EU Commission’s standard contractual clauses) or otherwise (an adequacy decision by the European Commission) that the transfers are implemented as required by law. In addition, we ensure that Personal data remains protected regardless of whether they are transferred outside of the EEA.
We assess risk factors related to the transfer to or access to personal data from outside EU/EEA by conducting a transfer impact assessment (TIA). Telia uses TIAs to verify, on a case-by-case basis, whether the law of the third country ensures adequate protection of personal data when transferred. We collaborate with our sub-processors to gather sufficient information to perform and complete TIAs. Based on the law or practices of the country the data is transferred and the effectiveness of the appropriate safeguards we review whether and which supplementary measures should be implemented. In determining which supplementary measures are most appropriate, we assess the effectiveness of such measures in the context of the transfer or other applicable scenario, the third country law and practices and the transfer tool used.
The European Commission’s list of countries outside of the EU that offer an adequate level of data protection can be found on European Commission's website.
The European Commission’s standard contractual clauses can be found on European Commission's website.
9.1 How we safeguard your data
Safeguarding your personal data is of the utmost importance to us why we implement necessary organisational and technical security measures to ensure the integrity, availability and confidentiality of the data. These measures include the protection of employees, information, IT infrastructure, internal and public networks, as well as office buildings and technical equipment.
The purpose of information security activities is to implement the appropriate level of protection of information, risk mitigation and risk prevention. We ensure the security of the communication network and the confidentiality of the message contents and form of messages sent by you, as well as the time and method of sending them, in accordance with terms and conditions that apply to Telia services and with legislation. The measures required for this are implemented by Telia's internal security regulations.
Our employees are subject to data confidentiality and protection requirements. Personal data protection training is provided to them, and employees are liable for fulfilling their obligations. Also, our partners are required to ensure that their employees comply with the same rules as we do, and their employees are liable for meeting the requirements for the use of personal data.
Learn more about Telia’s information security policies in general on Telia Company’s website.
9.2 How you can safeguard your data
Prior to disclosing your personal data to a third party or entering it somewhere, consider who will receive the data and how securely it will be stored. In the case of communication and internet services, it must be considered that by enabling access to your data (e.g., on our self-service), either due to your own negligence or any other reason, you will be providing access to call logs, service details, invoicing information and data of associated persons.
If you suspect that your personal data has been processed contrary to our privacy notice or that your information has been disclosed to strangers, be sure to inform us as soon as possible by contacting us using the below described methods. This way we can solve the situation as quickly as possible and help minimize potential losses. You can always check and change your data using the below presented methods.
Your rights and options depend on the purposes of the processing and on the situation.
Take a closer look at your rights and options.You can exercise all the above-mentioned rights by contacting Telia and verifying your identity in any convenient manner:
- by e-mail to our DPO at privacy@telia.ee;
- by calling customer care (+372) 639 7130 or sending an email to info@telia.ee
Once we have identified you properly, we will promptly register and process your request. We will provide you with information on the action taken on your request no later within one month of receipt of the request.
In case we are not able to find a solution together and you remain dissatisfied, you have the right to contact and make a complaint to the Data Protection Inspectorate (www.aki.ee), which is responsible for the supervision and control of personal data protection legislation.
Telia is committed to conducting responsible and sustainable business. If you suspect that Telia has acted contrary to the legislation or the Privacy Notice, you can also report the matter confidentially through Telia Company’s Speak Up Line (so-called whistleblowing system).
Learn more about privacy in Telia Company on Telia Company’s website.
Learn more about security at Telia Company on Telia Company’s website.
Just as modern communications services, devices and solutions are evolving at a fast pace, so are the data processing activities necessary to provide those. We will do our best to keep the Privacy Notice up-to-date and available to you on the Telia website www.telia.ee. For this reason, we encourage you to periodically visit our website, where you will always find the most current version of this Privacy Notice. We may also notify you of the most significant changes that concern you in the Privacy Notice on our website, by email or in any other reasonable manner.
Contact expert
