- Companies in Oy Suomen Tietotoimisto – Finska Notisbyrån Ab (“STT”) group of undertakings are committed to protecting the privacy of the users of their services in compliance with the personal data legislation in force at any given time and other applicable legislation.
- STT is a news agency that creates, refines and transmits information and sells, markets and develops communication services. To provide these services and deliver orders, we primarily process personal data provided by our Clients themselves.
- This privacy statement explains in further detail the following:
- What kind of information is collected about users
- The reasons for collecting data
- How long the data will be stored
- How cookies are used in the Service
- The user’s possibilities to influence the use of data
We recommend that users familiarise themselves with the content of the Privacy Statement. By using our services, the user accepts the terms and conditions in this Privacy Statement. If you, as a user, do not agree to these terms and conditions, you have no right to use our services.
1. What personal data is collected about me and for what purpose?
We only collect personal data about users as necessary for pre-defined purposes. The purpose specifies what data is collected about the user in each situation. When collecting data, we specify the data that is a prerequisite for using the services and what data users can provide, should they wish to do so.
We classify the data we process into data provided by the user or personally identifying data, data based on service usage, derived data and data obtained from other sources as follows:
1) Data provided by the user or personally identifying data:
We collect data provided by the user for example for delivering the service and invoicing purposes, for managing and developing the customer relationship, and for marketing purposes and opinion polls. We cannot deliver the service ordered by the user unless we have contact and invoicing details. We can also collect other data provided by the user to target contents and marketing to better meet the user’s preferences. Data processing for delivering the service may include authentication of logon, (technical) customer service, customising the service and contents, updating customer information, delivering messages about the service, and meeting statutory obligations.
This data includes:
• contact details, including name, address, phone number and email address
• registration data required for the digital account, including user ID, screen name, password and any other identifying code
• demographic data, including title or profession and native language
• information about the customer relationship, including invoicing and payment information, product and order information, customer feedback and contacts, and cancellation data
• profiling and interest information provided by the user
• permissions and consents
• information about blocking of offers
• information provided for questionnaires and surveys
• other information collected on the basis of the user’s consent
2) Data based on service usage:
• information about the use and browsing of service features
• the page from which the user moved to our website
• model of the device
• individual device and/or cookie identifier
• browser and browser version
• IP address
• time and duration of the session and
• screen resolution and operating system
• other information collected on the basis of the user’s consent
3) Data derived from service usage:
Using analytics, we can make conclusions based on detected service usage and/or information provided by the clients themselves, for example about the user’s potential subjects of interest, or segmentation into a certain group of users. We use the data for statistical purposes and analytics, service and business development and tailoring of contents, advertising and marketing messages.
4) Data obtained from other sources:
We may use third party sources of data to update and enhance the data. We may also receive the information required for activating a user account from the user’s employer or another organisation which has obtained the right of use for the user. For journalistic purposes, we may obtain personal data from several different sources.
If we process data for purposes other than the abovementioned, we ensure that the processing complies with the purpose for which the data was originally collected.
2. What is the basis for collecting my personal data?
We process data on the following grounds, based on data protection legislation:
- Agreement: We process the data provided by the client to fulfill the agreement on the service or product ordered by our client. Since personalisation of contents is a feature characteristic of some services, we consider it to be integral to fulfilling the agreement.
- Consent: We can process the data provided by the user or detected data based on the user’s consent or the legitimate interest mentioned below, among others for marketing purposes. We can also request the user’s consent in case the purposes of the processing change.
- Legitimate interest: We process data for the purposes of managing and developing customer service, authentication of customer transactions, implementation of services, development of business and customer service, prevention and investigation of misuse, and marketing. We process the data within the STT Group. We consider these purposes to be necessary for our business and thus to constitute a legitimate interest for us. Users have the right to object, on grounds relating to their particular situation, to processing of data.
- Legal obligation: We may be obligated to store some of the client’s personal data to comply with accounting legislation or other mandatory legislation even after the termination of a customer relationship or for another reason for processing of personal data. In such cases, the processing is based on compliance with a legal obligation.
- Journalistic purposes: We process personal data, including people’s names or photographs, which may allow their personal identification, for journalistic purposes.
3. How long will my data be stored?
We will only store users’ data as long as necessary for the abovementioned purposes, in compliance with legislation in force at any given time. The user can also personally influence the period for which the personal data will be stored in ways listed in section 5 below.
If the user has not logged into a digital account within the last, typically, eighteen (18) months, the user will be requested to renew the user rights. If the user does not renew the user rights or the user’s customer relationship, or other reason for processing of personal data has ended, the user’s personal data will be erased or partially transferred to the marketing register or converted into a format in which the data subject can no longer be identified.
The data will typically be stored in the marketing register for as long as the person works in a position to which the marketed product or service is relevant, and has not refused to accept marketing communications. If the person refuses marketing, we will retain information about the ban and contact information in order to ensure that the ban is observed.
We may be obligated to store some of the user’s personal data to comply with accounting legislation or other mandatory legislation even after the termination of a customer relationship, or other reason for processing of personal data. Invoicing information will typically be stored for seven years.
4. Are cookies used on the website and what are they?
We may collect data concerning the user’s terminal device by way of cookies and other similar techniques. Cookies are small text files stored by the browser on the user’s terminal device. Cookies often include an anonymous, individual identifier to enable us to identify and calculate the browsers visiting our website.
Cookies do not move on their own in the web, but they are placed on the user’s device only alongside the website viewed by the user. Only the server which sent the cookie can read and use the cookie later. Cookies or other techniques do not damage the user’s terminal device or files, and cookies cannot be used for operating software or spreading malware.
We use both session-specific cookies which become outdated when the user shuts down the web browser, and permanent cookies, which remain on the user’s device for a certain period or until the user erases them. The period for which permanent cookies remain valid varies from some months to some years. The user can also personally influence the period for which the personal data will be stored in ways listed in section 5 below.
Cookies and other similar techniques are used for the purpose of analysing and developing our services further to provide better services for users. For example, thanks to these techniques, the user will not have to re-enter the user ID, password and personal preferences each time the service is used, should the user so wish.
We utilise cookies and other similar techniques for statistical monitoring of visitor numbers in our services. To improve the usability of our websites, we may conduct short-term surveys in which we save data on the movements and clicks of the user’s mouse on a certain page.
Users cannot be identified on the basis of cookies only. In compliance with privacy legislation, information collected by way of cookies and other similar techniques may possibly be linked with information received from the user in other contexts, in order to develop our services to meet the user’s preferences even better and to customise contents, marketing communications and advertising. In cases like this, we will inform the user separately.
Our services may also include so-called third party cookies. Third parties refer to parties outside STT, including providers of measurement and monitoring services. These so-called third parties can place cookies on the user’s device when the user visits our services, for example to compile statistics of visitor numbers on various websites. Through contractual arrangements, we aim to ensure that these third parties comply with the legislation in force at any given time and the self-regulation guidelines of the industry.
5. How can I influence?
We are committed to offering our users choices and administrative options when it comes to privacy. The various ways in which our users can influence the collection and processing of data are listed below.
- Right to access and verify, rectify, transfer or delete data: Users have the right to access and verify the personal data stored about them. At the user’s request, we will rectify, erase or complete personal data which is inaccurate, unnecessary, incomplete or outdated in view of the purpose of processing. Should users so wish, they also have the right to have the personal data transferred. Users can update and/or access their personal data by contacting our customer service.
- How to erase cookies: Users can erase cookies in the browser settings. When the user erases cookies at regular intervals, the identifier, on the basis of which the user’s profile is created, changes. Erasing cookies will not, however, stop the collection of data completely. Instead, the profile based on previous user behaviour data will be reset.
- Right to refuse direct marketing and the related profiling: Our clients can prohibit disclosure of their personal data and processing for direct marketing purposes at any time by clicking on the link at the end of the message, or by contacting our customer service.
- Right to object and withdrawal of consent: Users have the right to object to the processing of data, based on legitimate interest, on grounds relating to their particular situation. Users may also withdraw their consent at any time.
- Right to appeal: Users have the right to lodge a complaint with the competent public authority, if they consider their personal data to have been processed contrary to this privacy statement and legislation in force at any given time. The Data Protection Ombudsman’s contact information is available at the end of this privacy statement.
6. Will my personal data be disclosed or transferred to third parties?
We do not sell, lease, transfer or disclose identified users’ personal data to any third parties except in the cases listed below:
- STT Group: We may process users’ personal data within STT Group. An up-to-date list of STT Group companies is available here.
- Consent: We may only disclose the user’s data to third parties if the user has given consent to do so.
- Journalism: We may disclose the user’s personal data, including the person’s photograph, for journalistic or artistic purposes, or the purposes of literary expression.
- Public authorities: We may disclose the user’s personal data as required by competent public authorities or other parties, based on legislation in force at any given time.
- Research: We may disclose data for scientific or historical research purposes, provided that, as a rule, the data is converted into a format in which the data subject is no longer identifiable.
- Corporate transactions: In case of mergers, acquisitions or other corporate transactions, the users’ personal data can be disclosed to the buyers and their advisers.
- Direct marketing, opinion and market surveys: We may disclose a client’s personal data for direct marketing purposes and opinion and market surveys, unless the client has prohibited it.
- Legitimate interest or legal obligation: We may disclose personal data to third party enterprises, organisations or individuals, if we believe that the use, storage or disclosure of such data is necessary to fulfil an agreement, to investigate possible offences, to protect other users of our services or our legal rights.
- Aggregate data: We may use and disclose aggregate data for reporting and product development purposes. Such data is modified so that individual users cannot be identified in it.
We use subcontractors’ services for processing the data and in such cases, we ensure, through contractual arrangements, that the data is processed in compliance with legislation in force at any given time, and this privacy statement.
As a rule, we do not transfer data outside the European Union or European Economic Area. If we transfer data outside the European Union or European Economic Area, we ensure a sufficient level of protection of personal data through various measures, including agreeing on matters relating to the confidentiality and processing of personal data as required by law, for example using the standard contractual clauses approved by the European Commission, and otherwise so that the processing of personal data complies with this privacy statement. The transfer of data outside the European Union or European Economic Area may also be based on the user’s consent.
7. How is my personal data protected?
We use the necessary technical and organisational data security methods to ensure the protection of personal data from unauthorised access, disclosure, destruction, loss or other unlawful processing. Such methods include the use of firewalls, encryption technologies, safe IT areas, appropriate access control, controlled granting of user rights and supervision of their use, guidelines for staff members participating in the processing of personal data, and the careful selection of subcontractors.
8. Is children’s personal data processed in the services?
Our services are not intended for children, as only persons of legal age can register in our services. However, for example our picture archive may include photographs of children. If we specifically photograph a certain child or children for marketing purposes, we will request consent from the child’s parent or other guardian.
9. Can this privacy statement be amended?
We develop our services continually and reserve the right to amend this privacy statement by notifying about it in our services. Amendments can also be based on changes in legislation. We recommend that you review the contents of the privacy statement on a regular basis.
10. Whom can I contact?
The primary point of contact is the customer service specific for each service. Links to our services are available here.
Users may also send enquiries about this Privacy Statement to:
Oy Suomen Tietotoimisto – Finska Notisbyrån Ab
P.O.Box 660, 00181 Helsinki, Finland
Supervisory authority contact details:
Office of the Data Protection Ombudsman
Visiting address: Ratapihantie 9, 6th floor. 00520 Helsinki
Postal address: P.O.Box 800, 00521 Helsinki, Finland
Switchboard: +358 29 56 66700
Updated 31 January 2019.