Your personal data is safe with us
At Telia Finance your safety and security as a customer has always been our top priority. Find out more about how we protect your privacy and handle the personal data you choose to share with us in our privacy policy.
What is in this Privacy Notice?
This Privacy Notice applies to the processing of personal data of natural persons, regardless of which of our financial products and services you are using and whether you are a private or business customer.
This Privacy Notice sets out:
- Who is in charge of your data?
- What is personal data and what kinds of personal data do we process?
- How do we collect your personal data?
- How long and for which purposes do we store your data?
- What is automated decision making and what do we use it for?
- What is profiling and what do we use it for?
- To whom do we disclose your personal data?
- Is your data transferred outside the European Union or European Economic Area?
- How do we safeguard your personal data?
- What are your rights as a data subject?
- How can you exercise your rights and contact us?
- Changes to this Privacy Notice.
You can read the consolidated version of this Privacy Notice here.
What is not covered in this Notice?
This Privacy Notice does not apply to the processing of your personal data by other companies when you are using their services or websites, even if they were accessed through Telia Finance's website or services. Those companies have their own privacy and cookie notices, so remember that the information you give to them will follow their rules and not ours. Make sure to check their Privacy Notice so you know how they will process your personal data.
Privacy notice of Telia Finance
We are Telia Finance AB, reg. 556404-6661, Stjärntorget 1, 169 94 Solna, Sweden (hereinafter ‘Telia Finance’) and here's how we, as the controllers of your personal data, process and protect it.
Telia Finance recognizes that protection of personal data is extremely important to our customers and other individuals whose personal data we process. Therefore, we protect the privacy of every data subject with the utmost responsibility and care.
When processing personal data, we comply with the General Data Protection Regulation (GDPR) and other directly applicable legal acts regulating the processing of personal data.
We are Telia Finance AB, reg. 556404-6661, Stjärntorget 1, 169 94 Solna, Sweden (hereinafter ‘Telia Finance’) and here's how we, as the controllers of your personal data, process and protect it.
Telia Finance recognizes that protection of personal data is extremely important to our customers and other individuals whose personal data we process. Therefore, we protect the privacy of every data subject with the utmost responsibility and care.
When processing personal data, we comply with the General Data Protection Regulation (GDPR) and other directly applicable legal acts regulating the processing of personal data.
Data Subject Rights
You have the right to access your personal data that Telia Finance holds, free of charge. Additionally, you have the right to be informed of the purposes of data processing, categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and the storage terms of the data. Access to the data is possible by filling in our form and following the instructions therein. To do so, you need to properly authenticate yourself in accordance with the instructions specified in the form. We will respond to your requests without unnecessary delay and within one month. A copy of your personal data will be sent by post to your registered address.
You have the right to access your personal data that Telia Finance holds, free of charge. Additionally, you have the right to be informed of the purposes of data processing, categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed and the storage terms of the data. Access to the data is possible by filling in our form and following the instructions therein. To do so, you need to properly authenticate yourself in accordance with the instructions specified in the form. We will respond to your requests without unnecessary delay and within one month. A copy of your personal data will be sent by post to your registered address.
You have the right to obtain from Telia Finance the rectification of incorrect or inaccurate personal data concerning you and to have incomplete personal data completed. For example, in the event that upon access to your personal data, you determine that the data is incorrect, incomplete or inaccurate. When your personal data is rectified, we will do our best to notify the parties to whom we have submitted the relevant information to let them know that something has been rectified.
You have the right to obtain from Telia Finance the rectification of incorrect or inaccurate personal data concerning you and to have incomplete personal data completed. For example, in the event that upon access to your personal data, you determine that the data is incorrect, incomplete or inaccurate. When your personal data is rectified, we will do our best to notify the parties to whom we have submitted the relevant information to let them know that something has been rectified.
You have the right to object to the processing of your personal data in some circumstances when your data is being processed based on legitimate interest. If we agree to your objection, we will stop processing your data for that purpose unless we can give strong and legitimate reasons to continue processing your data despite your objection. This applies to the automatic decision-making, including profiling, conducted by Telia Finance for the purpose of determining your eligibility for credit before entering into contract with you. This right cannot be used in a situation where we are required to compile, submit or defend a legal claim (e.g., we believe that a person has breached the contract and therefore must turn to a court or other law enforcement agency to protect our rights).
You have the right to object to the processing of your personal data in some circumstances when your data is being processed based on legitimate interest. If we agree to your objection, we will stop processing your data for that purpose unless we can give strong and legitimate reasons to continue processing your data despite your objection. This applies to the automatic decision-making, including profiling, conducted by Telia Finance for the purpose of determining your eligibility for credit before entering into contract with you. This right cannot be used in a situation where we are required to compile, submit or defend a legal claim (e.g., we believe that a person has breached the contract and therefore must turn to a court or other law enforcement agency to protect our rights).
You are entitled to erase your data in certain circumstances, for example, if
- the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
- you initially consented to the use of your data but have now withdrawn your consent and there is no other legal ground for the processing,
- you have objected to the processing and there is no overriding legitimate ground for the processing (your interests outweigh our interests),
- it was identified that your data have been unlawfully collected and further processed,
- Telia Finance has a legal obligation to erase the data.
If your personal data is erased, we will do our best to notify the parties to which we have submitted the personal data to let them know about the deletion.
Your right to erasure does not apply, for instance, if
- the processing is necessary,
- for exercising the right of freedom of expression and information,
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
- for the establishment, exercise or defence of legal claims.
You are entitled to erase your data in certain circumstances, for example, if
- the processing of personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
- you initially consented to the use of your data but have now withdrawn your consent and there is no other legal ground for the processing,
- you have objected to the processing and there is no overriding legitimate ground for the processing (your interests outweigh our interests),
- it was identified that your data have been unlawfully collected and further processed,
- Telia Finance has a legal obligation to erase the data.
If your personal data is erased, we will do our best to notify the parties to which we have submitted the personal data to let them know about the deletion.
Your right to erasure does not apply, for instance, if
- the processing is necessary,
- for exercising the right of freedom of expression and information,
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
- for the establishment, exercise or defence of legal claims.
Telia Finance must restrict the processing of your personal data in certain circumstances. For example, if you have requested to rectify your data, made an objection to your personal data processing, you may ask to temporarily limit the use of your data while your request is being considered; you may also ask Telia Finance to limit the use of your data rather than delete it if Telia Finance processed your data unlawfully but you do not want it deleted, or Telia Finance no longer needs your data but you want Telia Finance to keep it in order to create, exercise or defend legal claims.However, you should consider that this right requires a very precise formulation of the purpose and may, in some cases, result in temporary suspension of services.
Telia Finance must restrict the processing of your personal data in certain circumstances. For example, if you have requested to rectify your data, made an objection to your personal data processing, you may ask to temporarily limit the use of your data while your request is being considered; you may also ask Telia Finance to limit the use of your data rather than delete it if Telia Finance processed your data unlawfully but you do not want it deleted, or Telia Finance no longer needs your data but you want Telia Finance to keep it in order to create, exercise or defend legal claims.However, you should consider that this right requires a very precise formulation of the purpose and may, in some cases, result in temporary suspension of services.
You have the right to access your personal data, or have it transferred directly to another data controller, in a structured, commonly used and machine-readable format (provided that the other data controller has the capacity to receive the data in such format).
You have the right to access your personal data, or have it transferred directly to another data controller, in a structured, commonly used and machine-readable format (provided that the other data controller has the capacity to receive the data in such format).
If you believe that your personal data is being processed in violation of current regulations, you have the right to lodge a complaint. Read more about this under “How can you exercise your rights and contact us?”
If you believe that your personal data is being processed in violation of current regulations, you have the right to lodge a complaint. Read more about this under “How can you exercise your rights and contact us?”
If you have suffered damage due to personal data being processed in violation of applicable laws or regulations, you may be entitled to damages. Damages claims can be brought forward to Telia Finance or to a court.
If you have suffered damage due to personal data being processed in violation of applicable laws or regulations, you may be entitled to damages. Damages claims can be brought forward to Telia Finance or to a court.
You can exercise all the above-mentioned rights by contacting Telia Finance and verifying your identity by filling in the below form, and sending it to Stjärntorget 1, 169 94 Solna, Sweden.
If you have any questions regarding your rights, please contact our Data Protection Officer.
Once we have identified you properly, we will promptly register and process your request. We will provide you with information on the action taken on your request no later than within one month of receipt of the request.
In case we are not able to find a solution together and you remain dissatisfied, you have the right to contact and make a complaint to the Swedish Authority for Privacy Protection (IMY), which is responsible for the supervision and control of personal data protection legislation.
You can exercise all the above-mentioned rights by contacting Telia Finance and verifying your identity by filling in the below form, and sending it to Stjärntorget 1, 169 94 Solna, Sweden.
If you have any questions regarding your rights, please contact our Data Protection Officer.
Once we have identified you properly, we will promptly register and process your request. We will provide you with information on the action taken on your request no later than within one month of receipt of the request.
In case we are not able to find a solution together and you remain dissatisfied, you have the right to contact and make a complaint to the Swedish Authority for Privacy Protection (IMY), which is responsible for the supervision and control of personal data protection legislation.
We collect and process your personal data to the extent that it is needed for specified and legitimate
purposes and only if necessary to fulfil the purpose. We process your personal data for as long as necessary and no longer than needed, taking into account the maximum retention times presented below. It should be considered that in certain cases, exceptions apply. For example, some automatic retention times do not apply in case of debts.
Telia Finance takes all necessary measures to ensure that outdated or unnecessary information is not stored and that personal data and other information about you is correct and constantly updated.
Telia Finance processes personal data based on four legal grounds (performance of contract, legal obligation, legitimate interest, and consent). The different legal grounds grant you different rights and opportunities to influence and make choices regarding the processing of your personal data.
We collect and process your personal data to the extent that it is needed for specified and legitimate
purposes and only if necessary to fulfil the purpose. We process your personal data for as long as necessary and no longer than needed, taking into account the maximum retention times presented below. It should be considered that in certain cases, exceptions apply. For example, some automatic retention times do not apply in case of debts.
Telia Finance takes all necessary measures to ensure that outdated or unnecessary information is not stored and that personal data and other information about you is correct and constantly updated.
Telia Finance processes personal data based on four legal grounds (performance of contract, legal obligation, legitimate interest, and consent). The different legal grounds grant you different rights and opportunities to influence and make choices regarding the processing of your personal data.
Legal grounds
Personal data processing for the following purposes is necessary for Telia Finance to perform a contract with you or to take steps prior to entering a contract with you. We have identified what type of information we need for the provision of our financial products and services in order to ensure the quality level set out in the relevant contract and therefore we are able to keep the processing of personal data to a minimum.
Personal data processing for the following purposes is necessary for Telia Finance to perform a contract with you or to take steps prior to entering a contract with you. We have identified what type of information we need for the provision of our financial products and services in order to ensure the quality level set out in the relevant contract and therefore we are able to keep the processing of personal data to a minimum.
Order management and product and service delivery e.g., creating a contractual offer when requested by the individual.
Basic personal data such as personal identification information, contact information, credit information, Telia product information, credit information
We process your data for up to three years after creation of an order.
Customer administration, e.g., establishing and terminating customer relationships, updating customer data, submitting formal notifications, and responding to enquiries.
Basic personal data such as personal identification information, contact information, financial engagement data, transaction monitoring data.
We process your data up until the end of the customer relationship and three years thereafter for administrative purposes.
Service quality assurance, i.e., ensuring quality of services in accordance with contractual obligations.
Basic personal data such as personal identification information, contact information and transaction monitoring data.
We process your data up to three years from creation.
Billing and payment, i.e., calculating payments, billing, issuing invoices, collecting payments and debts.
Basic personal data such as personal identification information, contact information, financial engagement information and payment information.
We process your data up until the end of the customer relationship and three years thereafter for administrative purposes.
Incident management, e.g., resolving incidents and issues related to the performance of the contract with the customer.
Basic personal data such as personal identification information, contact information, financial engagement information and payment information.
We retain your data up to two years after the incident has been resolved.
Processing purpose | Data categories with examples of attributes | Maximum retention time |
|---|---|---|
Order management and product and service delivery e.g., creating a contractual offer when requested by the individual. | Basic personal data such as personal identification information, contact information, credit information, Telia product information, credit information | We process your data for up to three years after creation of an order. |
Customer administration, e.g., establishing and terminating customer relationships, updating customer data, submitting formal notifications, and responding to enquiries. | Basic personal data such as personal identification information, contact information, financial engagement data, transaction monitoring data. | We process your data up until the end of the customer relationship and three years thereafter for administrative purposes. |
Service quality assurance, i.e., ensuring quality of services in accordance with contractual obligations. | Basic personal data such as personal identification information, contact information and transaction monitoring data. | We process your data up to three years from creation. |
Billing and payment, i.e., calculating payments, billing, issuing invoices, collecting payments and debts. | Basic personal data such as personal identification information, contact information, financial engagement information and payment information. | We process your data up until the end of the customer relationship and three years thereafter for administrative purposes. |
Incident management, e.g., resolving incidents and issues related to the performance of the contract with the customer. | Basic personal data such as personal identification information, contact information, financial engagement information and payment information. | We retain your data up to two years after the incident has been resolved. |
We process your personal data to comply with our statutory obligations, e.g., legislation regarding accounting, audit and tax.
Furthermore, we are, as a financial company, obliged to protect our company against fraud, corruption, money laundering and terrorist financing. To do this, we need to know our customers and their business well and understand the background to our customers’ transactions and agreements with us.
As part of our safety work, we conduct so called “know your customer” (KYC) due diligence where we identify and verify your identity. We also perform continuous screenings of all new and current customers against international sanction lists of persons or companies connected with money laundering, terrorist financing, corruption and terrorism to make sure that we do not do any business with anyone on such lists.
Telia Finance is further obligated to conduct screening against lists on Politically Exposed Persons (“PEP”). The result from the screening only indicates whether the individual appears on the list or not, i.e., is considered a Politically Exposed Person. However, a positive result in the PEP screening triggers an investigation which could in turn reveal more details about the PEP, such political party affiliation.
We process your personal data to comply with our statutory obligations, e.g., legislation regarding accounting, audit and tax.
Furthermore, we are, as a financial company, obliged to protect our company against fraud, corruption, money laundering and terrorist financing. To do this, we need to know our customers and their business well and understand the background to our customers’ transactions and agreements with us.
As part of our safety work, we conduct so called “know your customer” (KYC) due diligence where we identify and verify your identity. We also perform continuous screenings of all new and current customers against international sanction lists of persons or companies connected with money laundering, terrorist financing, corruption and terrorism to make sure that we do not do any business with anyone on such lists.
Telia Finance is further obligated to conduct screening against lists on Politically Exposed Persons (“PEP”). The result from the screening only indicates whether the individual appears on the list or not, i.e., is considered a Politically Exposed Person. However, a positive result in the PEP screening triggers an investigation which could in turn reveal more details about the PEP, such political party affiliation.
Accounting, e.g., valuation of charging records, accumulation and processing of charging records, processing for payment of bills, etc. as required by accounting legislation.
Basic personal data such as contact information, Telia product information, personal identification information and payment information.
We will process your data only as long as required by law, i.e., seven years after end of calendar year in which the accounting year was closed.
Retention of data to comply with Anti-Money Laundering and counter terrorist financing legislation.
Basic personal data such as KYC-data, financial engagement information, credit information, transaction monitoring data, payment information, result of screenings against international sanction lists (read more under “Compliance with an obligation arising from legislation”) and any profiles regarding this attached to you.
We will archive your data for five years after the end of our relationship with you.
Retention of data due to suspicion of criminal activity.
Basic personal data as per request from financial police or Financial Supervisory Authorities.
If required by law, we will retain your data in order to provide data to financial police or Financial Supervisory Authorities.
Court orders. Providing data to court and to other law enforcement and/or public authorities according to law.
Basic personal data as per request from court.
If required by law, we will retain your data in order to provide data to court and to other law enforcement and/or public authorities. We will only process the data as long as necessary according to the applicable law.
Authority and individual reporting, e.g., providing data subjects right to access report or reporting personal data breaches.
Basic personal data as per request from authorities.
In case of a data breach, we will retain your data for two years after it is reported to the authorities.
In case we receive a customer complaint related to financial agreements, we will retain the data for up to three years.
Mandatory Customer identification, for our Know your customer due diligence.
Basic personal data such as KYC information and result of screenings against international sanction lists (read more under “Compliance with an obligation arising from legislation”.
We retain your data in accordance with applicable law for five years after the end of customer relationship.
Mandatory credit checks for assessing a customer’s creditworthiness required by the law and for the verification of the data submitted.
Basic personal data such as credit information and personal identification information.
We will retain your data to comply with our legal obligations, at the longest, during the duration of your agreement with us.
Profiling to counteract fraud.
Basic personal data such as personal identification data, transactional monitoring data and profiles attached to you.
We will retain your data to comply with our legal obligations, at the longest, during the duration of your agreement with us.
Data processing purpose | Data types with examples of attributes | Maximum retention time |
|---|---|---|
Accounting, e.g., valuation of charging records, accumulation and processing of charging records, processing for payment of bills, etc. as required by accounting legislation. | Basic personal data such as contact information, Telia product information, personal identification information and payment information. | We will process your data only as long as required by law, i.e., seven years after end of calendar year in which the accounting year was closed. |
Retention of data to comply with Anti-Money Laundering and counter terrorist financing legislation. | Basic personal data such as KYC-data, financial engagement information, credit information, transaction monitoring data, payment information, result of screenings against international sanction lists (read more under “Compliance with an obligation arising from legislation”) and any profiles regarding this attached to you. | We will archive your data for five years after the end of our relationship with you. |
Retention of data due to suspicion of criminal activity. | Basic personal data as per request from financial police or Financial Supervisory Authorities. | If required by law, we will retain your data in order to provide data to financial police or Financial Supervisory Authorities. |
Court orders. Providing data to court and to other law enforcement and/or public authorities according to law. | Basic personal data as per request from court. | If required by law, we will retain your data in order to provide data to court and to other law enforcement and/or public authorities. We will only process the data as long as necessary according to the applicable law. |
Authority and individual reporting, e.g., providing data subjects right to access report or reporting personal data breaches. | Basic personal data as per request from authorities. | In case of a data breach, we will retain your data for two years after it is reported to the authorities. In case we receive a customer complaint related to financial agreements, we will retain the data for up to three years. |
Mandatory Customer identification, for our Know your customer due diligence. | Basic personal data such as KYC information and result of screenings against international sanction lists (read more under “Compliance with an obligation arising from legislation”. | We retain your data in accordance with applicable law for five years after the end of customer relationship. |
Mandatory credit checks for assessing a customer’s creditworthiness required by the law and for the verification of the data submitted. | Basic personal data such as credit information and personal identification information. | We will retain your data to comply with our legal obligations, at the longest, during the duration of your agreement with us. |
Profiling to counteract fraud. | Basic personal data such as personal identification data, transactional monitoring data and profiles attached to you. | We will retain your data to comply with our legal obligations, at the longest, during the duration of your agreement with us. |
Legitimate interest means that we want to use your personal data first and foremost to improve our services and for the promotion of customer communication and business activities. All of which is not strictly necessary for the performance of a contract. Additionally, we will be able to compile statistics necessary for making the right business decisions. This way we can provide our customers with services, price solutions, service, etc. that meets their expectations.
Legitimate interest is, above all, the balance between your and our rights. In modern customer relations, it is assumed that the service provider will make the use of the service and servicing as simple and accurate as possible for the customer. However, this can be best achieved if we are able to use your personal data to do so.
Telia Finance strives to live up to your expectations – ensuring high quality of services, smooth product and service delivery, the best customer experience and therefore, has a legitimate interest in processing your personal data for the below provided purposes.
Legitimate interest means that we want to use your personal data first and foremost to improve our services and for the promotion of customer communication and business activities. All of which is not strictly necessary for the performance of a contract. Additionally, we will be able to compile statistics necessary for making the right business decisions. This way we can provide our customers with services, price solutions, service, etc. that meets their expectations.
Legitimate interest is, above all, the balance between your and our rights. In modern customer relations, it is assumed that the service provider will make the use of the service and servicing as simple and accurate as possible for the customer. However, this can be best achieved if we are able to use your personal data to do so.
Telia Finance strives to live up to your expectations – ensuring high quality of services, smooth product and service delivery, the best customer experience and therefore, has a legitimate interest in processing your personal data for the below provided purposes.
Customer care and relationship (inquiries, communications, and Customer service).
For customer care and relationship purposes, we have concluded that the processing is highly beneficial to provide customer care, to improve our customer care services, and to measure their efficiency at the same time as the customer will have an improved customer experience where their needs will be met faster and in a more efficient way.
Basic personal data such as customer identification information, contact information, demographic data, and Telia product information data.
We process your data for this process for up to three years after the end of your agreement with us.
Business reporting purposes, i.e., processing personal data for statistics and analytics to detect trends and correlations.
For business reporting purposes, we have concluded that the
processing will support us in creating more relevant offerings and general recommendations that may benefit our customers.
Basic personal data such as customer identification information, contact information, demographic data, and Telia product information data.
We process your data for up to three years after its creation.
Revenue assurance purposes, i.e., identifying and detecting unbooked or lost revenue.
For revenue assurance purposes, we have concluded that the processing is of fundamental importance to ensure Telia Finance’s revenues and that this is in the interest of our customers and our owners.
Basic personal data such as contact information, financial engagement information, Telia product information, payment information
We process your data for up to five years after its creation.
Fraud detection purposes, e.g., identifying misuse, fraud prevention in sales, and identifying customers.
For fraud detection purposes, we have concluded that this processing has benefits for Telia Finance, our customers, users, the economy, and society at large, when avoiding damages.
Basic personal data such as personal identification information, contact information, Telia product information and transaction monitoring data.
We will process your data up to 3 years for fraud prevention detection and, if we register an improper use of our services or likewise, we will retain data in connection to such unauthorized use up to 1 year from the time we registered such activity.
Service and product improvement.
For service and product improvement purposes, we have concluded that this processing is needed for Telia Finance to provide services from a business and security perspective.
Basic personal data such as Telia product information, demographic information, financial engagement information, payment information, credit information and customer communication information.
We process your data up to two years from the end of your customer relationship with Telia Finance.
Basic profiling activities. This means that we will create a profile about you to better understand you as a customer and tailor the communications we send you (such as payment reminders).
Basic personal data such as personal identification information, contact information, payment information, demographic data.
When we conduct profiling, we will cease processing your data two years after the end of your agreement with us.
Purpose and legitimate interest assessment | Data categories with examples of attributes | Maximum retention time |
|---|---|---|
Customer care and relationship (inquiries, communications, and Customer service). For customer care and relationship purposes, we have concluded that the processing is highly beneficial to provide customer care, to improve our customer care services, and to measure their efficiency at the same time as the customer will have an improved customer experience where their needs will be met faster and in a more efficient way. | Basic personal data such as customer identification information, contact information, demographic data, and Telia product information data. | We process your data for this process for up to three years after the end of your agreement with us. |
Business reporting purposes, i.e., processing personal data for statistics and analytics to detect trends and correlations. For business reporting purposes, we have concluded that the processing will support us in creating more relevant offerings and general recommendations that may benefit our customers. | Basic personal data such as customer identification information, contact information, demographic data, and Telia product information data. | We process your data for up to three years after its creation. |
Revenue assurance purposes, i.e., identifying and detecting unbooked or lost revenue. For revenue assurance purposes, we have concluded that the processing is of fundamental importance to ensure Telia Finance’s revenues and that this is in the interest of our customers and our owners. | Basic personal data such as contact information, financial engagement information, Telia product information, payment information | We process your data for up to five years after its creation. |
Fraud detection purposes, e.g., identifying misuse, fraud prevention in sales, and identifying customers. For fraud detection purposes, we have concluded that this processing has benefits for Telia Finance, our customers, users, the economy, and society at large, when avoiding damages. | Basic personal data such as personal identification information, contact information, Telia product information and transaction monitoring data. | We will process your data up to 3 years for fraud prevention detection and, if we register an improper use of our services or likewise, we will retain data in connection to such unauthorized use up to 1 year from the time we registered such activity. |
Service and product improvement. For service and product improvement purposes, we have concluded that this processing is needed for Telia Finance to provide services from a business and security perspective. | Basic personal data such as Telia product information, demographic information, financial engagement information, payment information, credit information and customer communication information. | We process your data up to two years from the end of your customer relationship with Telia Finance. |
Basic profiling activities. This means that we will create a profile about you to better understand you as a customer and tailor the communications we send you (such as payment reminders). | Basic personal data such as personal identification information, contact information, payment information, demographic data. | When we conduct profiling, we will cease processing your data two years after the end of your agreement with us. |
With your consent, Telia Finance may process your personal data. When requesting your consent, we will inform you of the purpose and how you can withdraw your consent at any time.
With your consent, Telia Finance may process your personal data. When requesting your consent, we will inform you of the purpose and how you can withdraw your consent at any time.
When conducting mandatory credit checks, Telia Finance uses automated decision making, including profiling. This means that a decision may be taken by automated means without human involvement. These decisions can, for instance, be based on the result of profiling.
Profiling is any form of automatic processing of personal data conducted to analyse certain personal characteristics of a natural person, such as to analyse or predict an individual’s financial situation.
Note that, although it increases objectivity and transparency in decisions, profiling in this way includes a margin of error because the correlations are based on mathematical and statistical procedures. This is an inherent characteristic of profiling and a major risk to individuals’ privacy as two kinds of error might occur:
a) wrongly assigning a person to a category or
b) wrongly excluding a person from a category to which they should belong.
Hence, when we use automated decision making, you always have the right to:
1) obtain human intervention,
2)express your point of view and obtain an explanation of the decision reached after such assessment, and
3) challenge the decision.
Telia Finance uses the legal ground performance of contract, when processing personal data within the scope of automated decision making.
How we use automated decision-making, including profiling in the credit process
Credit score
We use automated decision making to determine your eligibility for credit before entering into a contract with you. Our automated credit decisions are based on your credit history and credit information you have shared with us or other companies in the Telia Company Group or information available from public sources. We may decide not to grant you credit or not to enter into a contract with you based on the credit check result.
When we use profiling, it means that we process your data using various methods of statistical, mathematical, or predictive analysis for creating various links, probabilities, correlations, patterns, models, profiles, etc. As a result, we can predict or derive your ability to handle payments.
We have some basic requirements that must be met for the application to proceed in the process:
- the applicant must be at least 18 years of age,
- the applicant must be registered in the national population register in the country where the credit is applied for,
- the applicant must not be under guardianship.
We use both external and internal information when conducting credit checks. External information is obtained, among other things, from the data you provide in your credit application and is compared with information obtained from various authorities such as the tax authority and the enforcement authority, as well as from external credit reporting companies. Your income is then set against current debts and living expenses to ensure your repayment ability. Additionally, we will take into consideration whether you are a new customer or if you have had prior engagements with the Telia Company Group when assessing your creditworthiness. If you are a new customer, this will indicate a higher risk for us compared to if you are already known to the Telia Company Group.
When assessing internal information, we will review your payment history as a current or previous customer within the Telia Company Group. The fact that you already are a customer and that we have information about how you handle payments will most likely be considered a positive factor in the automated credit assessment and can therefore lead to an affirmative decision. On the other hand, if it appears that you have not been able to handle payments as a customer within the Telia Company Group, this will likely have a negative effect on the decision. All these different factors generate a risk score that is the basis of the decision to grant the credit or not.
When conducting mandatory credit checks, Telia Finance uses automated decision making, including profiling. This means that a decision may be taken by automated means without human involvement. These decisions can, for instance, be based on the result of profiling.
Profiling is any form of automatic processing of personal data conducted to analyse certain personal characteristics of a natural person, such as to analyse or predict an individual’s financial situation.
Note that, although it increases objectivity and transparency in decisions, profiling in this way includes a margin of error because the correlations are based on mathematical and statistical procedures. This is an inherent characteristic of profiling and a major risk to individuals’ privacy as two kinds of error might occur:
a) wrongly assigning a person to a category or
b) wrongly excluding a person from a category to which they should belong.
Hence, when we use automated decision making, you always have the right to:
1) obtain human intervention,
2)express your point of view and obtain an explanation of the decision reached after such assessment, and
3) challenge the decision.
Telia Finance uses the legal ground performance of contract, when processing personal data within the scope of automated decision making.
How we use automated decision-making, including profiling in the credit process
Credit score
We use automated decision making to determine your eligibility for credit before entering into a contract with you. Our automated credit decisions are based on your credit history and credit information you have shared with us or other companies in the Telia Company Group or information available from public sources. We may decide not to grant you credit or not to enter into a contract with you based on the credit check result.
When we use profiling, it means that we process your data using various methods of statistical, mathematical, or predictive analysis for creating various links, probabilities, correlations, patterns, models, profiles, etc. As a result, we can predict or derive your ability to handle payments.
We have some basic requirements that must be met for the application to proceed in the process:
- the applicant must be at least 18 years of age,
- the applicant must be registered in the national population register in the country where the credit is applied for,
- the applicant must not be under guardianship.
We use both external and internal information when conducting credit checks. External information is obtained, among other things, from the data you provide in your credit application and is compared with information obtained from various authorities such as the tax authority and the enforcement authority, as well as from external credit reporting companies. Your income is then set against current debts and living expenses to ensure your repayment ability. Additionally, we will take into consideration whether you are a new customer or if you have had prior engagements with the Telia Company Group when assessing your creditworthiness. If you are a new customer, this will indicate a higher risk for us compared to if you are already known to the Telia Company Group.
When assessing internal information, we will review your payment history as a current or previous customer within the Telia Company Group. The fact that you already are a customer and that we have information about how you handle payments will most likely be considered a positive factor in the automated credit assessment and can therefore lead to an affirmative decision. On the other hand, if it appears that you have not been able to handle payments as a customer within the Telia Company Group, this will likely have a negative effect on the decision. All these different factors generate a risk score that is the basis of the decision to grant the credit or not.
Information that will influence the scoring.
External information, such as:
- Information provided by you in your credit application: main occupation, stated income, type of housing, dependent children, number of adults in the household, debts and living expenses.
- Credit information: taxed income, capital income, and all other information available about you being held by the Tax Agency.
- Information from the Population Register: age, where you live, how long you have lived there, marital status and other demographic parameters, etc.
- Payment remark information from the Enforcement Authority: information regarding current debts and record for non-payment of debt, etc.
Internal information, such as:
- Customer information from the Telia Company Group: your historical ability to pay invoices and handle payments in general as a current or previous customer, etc.
Information with a decisive impact, i.e., that would lead to rejection.
Payment remarks, foreclosure, ongoing personal bankruptcy, and, in some situations, low income, etc.
Algorithmic influence | Category of data |
|---|---|
Information that will influence the scoring. | External information, such as:
Internal information, such as:
|
Information with a decisive impact, i.e., that would lead to rejection. | Payment remarks, foreclosure, ongoing personal bankruptcy, and, in some situations, low income, etc. |
Profiling is any form of automatic processing of personal data conducted to analyse certain personal characteristics of a natural person, such as to analyse or predict an individual’s financial situation.
We use profiling to tailor our communications to you; more specifically we analyze your payment history to provide you with customized payment reminders. You can request not to be profiled for this purpose by contacting our customer service. See more under “How long and for which purposes do we store your data?” regarding processing based on legitimate interest.
We also use profiling for monitoring your transactions in Telia Finance to counteract fraud and to fulfil our legal obligations in accordance with money-laundering regulations. For this purpose, we use basic personal data such as personal identification data, transactional monitoring data and profiles attached to you. This data is processed for this purpose during your whole customer relationship with us.
Profiling is any form of automatic processing of personal data conducted to analyse certain personal characteristics of a natural person, such as to analyse or predict an individual’s financial situation.
We use profiling to tailor our communications to you; more specifically we analyze your payment history to provide you with customized payment reminders. You can request not to be profiled for this purpose by contacting our customer service. See more under “How long and for which purposes do we store your data?” regarding processing based on legitimate interest.
We also use profiling for monitoring your transactions in Telia Finance to counteract fraud and to fulfil our legal obligations in accordance with money-laundering regulations. For this purpose, we use basic personal data such as personal identification data, transactional monitoring data and profiles attached to you. This data is processed for this purpose during your whole customer relationship with us.
Personal data (hereinafter also data) is data that is directly or indirectly linked to you as a private individual.
Personal data (hereinafter also data) is data that is directly or indirectly linked to you as a private individual.
For the sake of clarity, we group your personal data into the following data categories:
Basic personal data is any information relating to an identified or identifiable natural person that does not fall under any other data type. Telia Finance processes your basic personal data, including, for example: personal identification information (name, personal ID code, date of birth, citizenship), contact information (address, e-mail, telephone number), information related to ordering and provision, delivery of financed products and services, financial agreements, financed products, services and their changes; information related to payments, evaluation of solvency and debts, consents and objections that you have provided, your communication with Telia Finance, etc.
Basic personal data is any information relating to an identified or identifiable natural person that does not fall under any other data type. Telia Finance processes your basic personal data, including, for example: personal identification information (name, personal ID code, date of birth, citizenship), contact information (address, e-mail, telephone number), information related to ordering and provision, delivery of financed products and services, financial agreements, financed products, services and their changes; information related to payments, evaluation of solvency and debts, consents and objections that you have provided, your communication with Telia Finance, etc.
Personal identification information
Such as first and last name, date of birth, personal ID, ID document (passport, driver’s licence, ID card or digital strong customer identification), social security number,
Contact information
Such as mobile phone number, e-mail address, address (residence, billing), changes made to contact data.
Credit information (information needed to determine your eligibility for credit)
Such as main occupation, stated income, type of housing, dependent children, number of adults in the household, debts and living expenses, taxed income, capital income, and all other information available about you being held by the Tax Authority, Population Register and the Enforcement Authorities (see more under “What is automated decision making and what do we use it for?”).
Financial engagement information
Such as information regarding your financial product (such as consumer credit or loan or business financing offering if you are a business customer) such as credit limits, account number, size of actual credit, payment period, surety information if applicable.
Telia product information (information related to the products that you choose to finance through us)
Which of Telia merchandise and services you choose to finance through Telia Finance and what kind of financial product you used to finance the purchase. The delivery status of the merchandise or services performed.
KYC information (Know your customer information)
Such as social security number (SSN), first and last name, address, country of residence, citizenship, origin of funds which will be used to pay the invoices, which financial product will be used, information if you are a PEP (Politically Exposed Person) or a relative to a PEP.
Transaction monitoring data
Social security number, corporate identification number (if business customer), truncation dates and transaction sums.
Payment Information (Information related to payments, evaluation of solvency and debts)
Bank account number, bank name and details, VAT payer code, billing data (invoice date, invoice due date, invoice number, invoice lines) and payment data (payment ID, payment amount, payment date), billing provision method payment method, information about debts and status of debts to third parties.
Consents / objections that you have provided
If you have provided consent, information about the consents that you have provided, withdrawals, and objection to personal data processing.
Demographic data
Age, date of birth, language and gender.
Profiles attached to you
Profiles, data which have been generated by Telia Finance when conducting automated decision making, including profiling.
Customer communication data
Phone call records (recordings of the conversations with customer care), call duration, callers' phone numbers, content of e-mails, reclamation content and time stamps for the aforementioned.
| Personal identification information | Such as first and last name, date of birth, personal ID, ID document (passport, driver’s licence, ID card or digital strong customer identification), social security number, |
| Contact information | Such as mobile phone number, e-mail address, address (residence, billing), changes made to contact data. |
| Credit information (information needed to determine your eligibility for credit) | Such as main occupation, stated income, type of housing, dependent children, number of adults in the household, debts and living expenses, taxed income, capital income, and all other information available about you being held by the Tax Authority, Population Register and the Enforcement Authorities (see more under “What is automated decision making and what do we use it for?”). |
| Financial engagement information | Such as information regarding your financial product (such as consumer credit or loan or business financing offering if you are a business customer) such as credit limits, account number, size of actual credit, payment period, surety information if applicable. |
| Telia product information (information related to the products that you choose to finance through us) | Which of Telia merchandise and services you choose to finance through Telia Finance and what kind of financial product you used to finance the purchase. The delivery status of the merchandise or services performed. |
| KYC information (Know your customer information) | Such as social security number (SSN), first and last name, address, country of residence, citizenship, origin of funds which will be used to pay the invoices, which financial product will be used, information if you are a PEP (Politically Exposed Person) or a relative to a PEP. |
| Transaction monitoring data | Social security number, corporate identification number (if business customer), truncation dates and transaction sums. |
| Payment Information (Information related to payments, evaluation of solvency and debts) | Bank account number, bank name and details, VAT payer code, billing data (invoice date, invoice due date, invoice number, invoice lines) and payment data (payment ID, payment amount, payment date), billing provision method payment method, information about debts and status of debts to third parties. |
| Consents / objections that you have provided | If you have provided consent, information about the consents that you have provided, withdrawals, and objection to personal data processing. |
| Demographic data | Age, date of birth, language and gender. |
| Profiles attached to you | Profiles, data which have been generated by Telia Finance when conducting automated decision making, including profiling. |
| Customer communication data | Phone call records (recordings of the conversations with customer care), call duration, callers' phone numbers, content of e-mails, reclamation content and time stamps for the aforementioned. |
Special categories of personal data include racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data used to as a unique identifier of a natural person, health data or data on sex life and sexual orientation of a natural person.
We do not retain or collect such data, unless you have provided this information to us yourself or provided us with explicit consent to process such personal data in which case you will be informed about the processing activities performed in more detail upon providing consent. However, when we collect data for our know your customer process in accordance with anti-money laundering legislation, we might indirectly learn about your political views if you are a PEP (politically exposed person).
Special categories of personal data include racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data used to as a unique identifier of a natural person, health data or data on sex life and sexual orientation of a natural person.
We do not retain or collect such data, unless you have provided this information to us yourself or provided us with explicit consent to process such personal data in which case you will be informed about the processing activities performed in more detail upon providing consent. However, when we collect data for our know your customer process in accordance with anti-money laundering legislation, we might indirectly learn about your political views if you are a PEP (politically exposed person).
Device tracking data consists of data collected by means of cookies and similar tracking technologies in connection with web or mobile browsing. For more information about the cookies used by Telia Finance, read more in our cookies notice.
Device tracking data consists of data collected by means of cookies and similar tracking technologies in connection with web or mobile browsing. For more information about the cookies used by Telia Finance, read more in our cookies notice.
We may also process anonymous or aggregated data that is not associated with you as an individual. Such data is not personal data according to GDPR.
We may also process anonymous or aggregated data that is not associated with you as an individual. Such data is not personal data according to GDPR.
Telia Finance offers a wide range of financial products and offerings. The information we collect about you depends on the data you provide to us when you order and use our financial products and offerings and when you register on our websites, applications, and other platforms.
Telia Finance offers a wide range of financial products and offerings. The information we collect about you depends on the data you provide to us when you order and use our financial products and offerings and when you register on our websites, applications, and other platforms.
Telia Finance collects and processes your personal data from the following sources:
This data derives from you, when you do business with us, when you register or log in to our applications, visit our website,reply to our questions in relation to KYC (know your customer) reply to our customer satisfaction survey or contact us by phone, email, or chat.
This data derives from you, when you do business with us, when you register or log in to our applications, visit our website,reply to our questions in relation to KYC (know your customer) reply to our customer satisfaction survey or contact us by phone, email, or chat.
This data is generated when you are visiting our websites or our applications.
Read more in our cookie notice.
This data is generated when you are visiting our websites or our applications.
Read more in our cookie notice.
This data is created based on your personal data, such as the results of automated decision-making, including profiling made by means such as credit checks, transaction monitoring, personalized payment reminders, and data created by analysis.
This data is created based on your personal data, such as the results of automated decision-making, including profiling made by means such as credit checks, transaction monitoring, personalized payment reminders, and data created by analysis.
This data is obtained from public authorities, or publicly available registers, such as SPAR, or from sanction lists provided by international organizations so that we can perform controls in accordance with anti-money laundering legislation, and from credit bureaus (for credit-check and solvency assessment). We also process personal data received from other Telia companies and our partners in accordance with this Privacy Notice.
This data is obtained from public authorities, or publicly available registers, such as SPAR, or from sanction lists provided by international organizations so that we can perform controls in accordance with anti-money laundering legislation, and from credit bureaus (for credit-check and solvency assessment). We also process personal data received from other Telia companies and our partners in accordance with this Privacy Notice.
Data Recipients
In some cases, we use our own group companies as subcontractors to provide you with our services. This means that they also need a certain amount of information about you as a customer. However, these parties are not allowed to use information about you for any purpose other than providing the service, and on the terms that we specify. We also share certain limited credit information about you with other group companies within the Telia Company Group in order to reduce the Telia Company Group’s credit losses and to protect you from over-indebtedness.
In some cases, we use our own group companies as subcontractors to provide you with our services. This means that they also need a certain amount of information about you as a customer. However, these parties are not allowed to use information about you for any purpose other than providing the service, and on the terms that we specify. We also share certain limited credit information about you with other group companies within the Telia Company Group in order to reduce the Telia Company Group’s credit losses and to protect you from over-indebtedness.
These partners (such as our suppliers or debt collection partners) are our personal data subprocessors and may only process your personal data in accordance with our instructions and to the extent necessary for the proper performance of their obligations under their contract with Telia Finance.
When using subprocessors, we ensure that all processing of personal data takes place in accordance with this Privacy Notice. The subprocessors referred to herein include, for example, ICT service providers.
These partners (such as our suppliers or debt collection partners) are our personal data subprocessors and may only process your personal data in accordance with our instructions and to the extent necessary for the proper performance of their obligations under their contract with Telia Finance.
When using subprocessors, we ensure that all processing of personal data takes place in accordance with this Privacy Notice. The subprocessors referred to herein include, for example, ICT service providers.
We disclose personal data to state authorities, including the police, prosecutors and courts if the corresponding obligation arises from the legislation. For example, providing information for the purpose of preventing, investigating and detecting criminal activities, such as money laundering, terrorist financing, etc., to the extent required by the law and in accordance with a predefined procedure. Whenever we transfer your data to the authorities, they become the controller of the transferred data and process it in accordance with their own privacy rules and purposes.
We disclose personal data to state authorities, including the police, prosecutors and courts if the corresponding obligation arises from the legislation. For example, providing information for the purpose of preventing, investigating and detecting criminal activities, such as money laundering, terrorist financing, etc., to the extent required by the law and in accordance with a predefined procedure. Whenever we transfer your data to the authorities, they become the controller of the transferred data and process it in accordance with their own privacy rules and purposes.
Companies which take over (purchase) the right to claim.
Telia Finance (the creditor) is allowed to transfer the right to collect debts from a portfolio to another company through a sale agreement. The company that buys the debt then becomes the new creditor. This transfer does not require the debtor’s approval, but the debtor must be informed by either the original creditor or the new one. Any personal data shared during this process must follow legal data protection requirements. The new creditor becomes the controller of your personal data after the transfer.
This means that if Telia Finance sells your debt to another company, that company becomes your new creditor and personal data controller. You do not need to give permission for this, and either we or the new creditor will let you know about the change. Any sharing of your data follows legal data protection rules.
Debt collection companies, to the extent necessary to initiate and enforce debt collection.
Providers of legal, auditing and other professional services, bailiffs, etc. These can be either subprocessors or controllers depending on the specific context of the service provided.
The acquirer in the context of a merger or acquisition. The acquirer becomes the controller of any personal data transferred with the merger or acquisition.
Companies which take over (purchase) the right to claim.
Telia Finance (the creditor) is allowed to transfer the right to collect debts from a portfolio to another company through a sale agreement. The company that buys the debt then becomes the new creditor. This transfer does not require the debtor’s approval, but the debtor must be informed by either the original creditor or the new one. Any personal data shared during this process must follow legal data protection requirements. The new creditor becomes the controller of your personal data after the transfer.
This means that if Telia Finance sells your debt to another company, that company becomes your new creditor and personal data controller. You do not need to give permission for this, and either we or the new creditor will let you know about the change. Any sharing of your data follows legal data protection rules.
Debt collection companies, to the extent necessary to initiate and enforce debt collection.
Providers of legal, auditing and other professional services, bailiffs, etc. These can be either subprocessors or controllers depending on the specific context of the service provided.
The acquirer in the context of a merger or acquisition. The acquirer becomes the controller of any personal data transferred with the merger or acquisition.
Our partners who process personal data on our behalf are sometimes located outside the European Union (EU) or the European Economic Area (EEA). When transferring personal data outside the EU or EEA, we ensure that the transfers are implemented as required by law, for instance by relying on the EU Commission’s standard contractual clauses or adequacy decisions. In addition, we ensure that personal data remains protected regardless of whether it is transferred outside of the EEA.
We assess risk factors related to the transfer to or access to personal data from outside EU/EEA by conducting a transfer impact assessment (TIA). Telia Finance uses TIAs to verify, on a case-by-case basis, whether the law of the third country ensures adequate protection of personal data when transferred. We collaborate with our sub-processors to gather sufficient information to perform and complete TIAs. Based on the law or practices of the country the data is transferred to and the effectiveness of the appropriate safeguards, we review which supplementary measures should be implemented.
Read more about the countries outside the EU that offer an adequate level of data protection in the European Commission’s list and in the European Commission’s standard contractual clauses. Information about international transfers is available on the Local Data Protection Agency’s webpage.
Our partners who process personal data on our behalf are sometimes located outside the European Union (EU) or the European Economic Area (EEA). When transferring personal data outside the EU or EEA, we ensure that the transfers are implemented as required by law, for instance by relying on the EU Commission’s standard contractual clauses or adequacy decisions. In addition, we ensure that personal data remains protected regardless of whether it is transferred outside of the EEA.
We assess risk factors related to the transfer to or access to personal data from outside EU/EEA by conducting a transfer impact assessment (TIA). Telia Finance uses TIAs to verify, on a case-by-case basis, whether the law of the third country ensures adequate protection of personal data when transferred. We collaborate with our sub-processors to gather sufficient information to perform and complete TIAs. Based on the law or practices of the country the data is transferred to and the effectiveness of the appropriate safeguards, we review which supplementary measures should be implemented.
Read more about the countries outside the EU that offer an adequate level of data protection in the European Commission’s list and in the European Commission’s standard contractual clauses. Information about international transfers is available on the Local Data Protection Agency’s webpage.
Safeguarding your personal data is of the utmost importance to us. We implement the necessary organizational and technological security measures to ensure the integrity, availability and confidentiality of the data. These measures include the protection of employees, information, IT infrastructure, internal and public networks, as well as office buildings and technical equipment.
Special attention is given to information such as your personal data. Information security and ensuring appropriate protection of personal information is vital for us. We strive to implement security measures to set appropriate level of protection of information and to prevent and detect disclosure of personal data to any unauthorized parties.
Our employees are subject to data confidentiality and protection requirements as well as bank secrecy. Furthermore, personal data protection training is provided to them, and employees are liable for fulfilling their obligations. Also, our partners are required to ensure that their employees comply with the same rules as we do, and their employees are liable to meet the requirements for the use of personal data.
Safeguarding your personal data is of the utmost importance to us. We implement the necessary organizational and technological security measures to ensure the integrity, availability and confidentiality of the data. These measures include the protection of employees, information, IT infrastructure, internal and public networks, as well as office buildings and technical equipment.
Special attention is given to information such as your personal data. Information security and ensuring appropriate protection of personal information is vital for us. We strive to implement security measures to set appropriate level of protection of information and to prevent and detect disclosure of personal data to any unauthorized parties.
Our employees are subject to data confidentiality and protection requirements as well as bank secrecy. Furthermore, personal data protection training is provided to them, and employees are liable for fulfilling their obligations. Also, our partners are required to ensure that their employees comply with the same rules as we do, and their employees are liable to meet the requirements for the use of personal data.
Changes to this Privacy Notice
Telia Finance has the right to amend this Privacy Notice at any time. The latest version will always be available on this page. Telia Finance will inform you of any material changes to the Privacy Notice.
