Effective April 17, 2023
We will give you additional privacy information that is specific to a product or service in Supplements to this Policy and other notices you may see while using our products or services. If there is a difference between such Supplements or notices and this Policy, the Supplements and notices should be considered first. Please take a moment to familiarize yourself with our Policy and let us know if you have any questions.
Information you provide us. When you make a purchase, use, or register into our products and services, create an account, take part in campaigns or programs and otherwise interact with us, we collect information such as your name, email address, phone number, street address, age, language, user names and passwords, feedback, information relating to your devices and payments. This includes, for example, data concerning the activation of your device, positioning and location data, data collected in connection with user experience and developer programs, data needed for account creation, information relating to your communications and interactions, purchase and other transaction data, credit data as well as online identifiers from our websites and online services. We also maintain records of your consents, preferences and settings relating to, for example, location data, marketing and sharing of personal data.
We process various technical details and identifiers such as IMEIs, MACs, S/Ns, UUIDs etc. which are not considered personal data unless a person can be identified by HMD based on the data by means reasonably likely to be used.
Information we receive from third-party sources. We receive certain information from third party social network services, for example, when you log in to your account by using your social network account login details. See our Nokia Phones Account and Community Supplement for more information.
We process your personal data for the following purposes. One or more purposes may apply simultaneously.
• Providing our products and services. We process your personal data to provide you with our products and services and to ensure their functionality and security. For example, we collect your name, address, and payment information to process and deliver your purchases and use device activation data to measure your device warranty and to provide you with the related customer support services. For more information about the device activation, see our Nokia Phones and Tablets Supplement.
• Providing customer service. We provide you with an easy access to our online services and personal data associated with your profile and device via Nokia phones account. To create the account, we collect personal data from you. We also use your personal data to provide customer service and support via our Nokia mobile support and community. See our Nokia Phones Account and Community Supplement and Nokia mobile Support Supplement for more information.
• Communicating with you. We use your personal data to communicate with you, for example, to notify you about software updates, service changes or to send you critical alerts and other such notices relating to our products and/or services and to contact you for customer support related purposes. For more information about how we use your personal data to provide you with our customer support services, see our Nokia mobile Support Supplement.
• Developing products and services. We utilize personal data to develop our products, services, customer support, sales, and marketing. For example, you can join our User Experience Program and help us to improve the quality and performance of our products and services. For more information about how we use your personal data to develop our products and services, see, for example, our User Experience Program Supplement. We also combine personal data collected in connection with your use of a particular HMD product and/or service with other personal data we have about you to develop our products and services.
• Personalizing our services and products. We use your personal data to personalize our products and services that you are using and to provide you with more relevant services that match with your profile and interest, for example, to make recommendations and to display customized content in our services.
• Marketing and targeted advertising. We process your contact details, such as your name and email address, to inform you about our new products, services, or promotions we may offer and to conduct market research. We use your personal data, such as your Nokia phones account data, to provide you with more relevant services that match with your profile and interests, for example, to make recommendations on accessories. This may include displaying HMD and third-party content.
• Automated decision-making concerning credit decisions. When you wish to subscribe to HMD’s products, your creditworthiness may be verified by an independent service provider to determine if the credit can be granted. The credit check process requires that your personal data is combined with the service provider’s data, and HMD uses data to determine if subscription may be accepted. HMD verifies that you are known in the given address, have a credit score which is accepted by HMD, and that you are not on known sanction lists. Credit decisions are made automatically to ensure fast and accurate decisions without human error, and automated processing is less intrusive than processing with human intervention. The logic of automated decision-making, the sources of data, and your right to contest the decision and to request human intervention have been described further in the Credit Score Check Supplement. Your credit score is determined based on your consent.
• Preventing fraud, misuse, and legal claims. We process your device activation and location data also to prevent fraud, misuses, and legal claims. See our Nokia Phones and Tablets Supplement for more information. We also verify transactions to prevent fraud as described in our Online Stores, Websites and Newsletter Supplement.
• Complying with legal obligations. Occasionally we may need to process your personal data to comply with legal obligations to which HMD is subject to. We only process your personal data which is necessary for complying with such a requirement. HMD may have, for example, a legal obligation to disclose your personal data to the authorities when requested. We also screen sanctions lists prior to entering into an agreement with you to comply with legal requirements.
We process your personal data only when it is lawful to do so. The processing is based on the following legal grounds:
Contract. Processing of your personal data is necessary for the performance of a contract between you and HMD. We use your personal data to provide you with our products and services and to ensure their functionality and security. If you do not provide us with the necessary information, it may mean that we are not able to provide the product or service to you. Contract is the basis for the processing, for example, when
we collect necessary personal data to process the payment and deliver your purchases as well as to authenticate transactions;
you activate your device electronically and your device and application type, as well as unique device, application, network and subscription identifiers are sent to HMD;
we communicate with you, for example, to notify you about software updates, to send you critical alerts and other important notices relating to our products and/or services and to contact you for customer support related purposes; and
you sign up for Nokia phones account to manage your profile and interact on the Community forum.
Legitimate interest. We process personal data when it is necessary for the purposes of legitimate interests pursued by HMD. Legitimate interest refers to an interest which is lawful and important for HMD. In processing activities based on legitimate interest, your rights are taken into account and balanced with the interests of HMD. You may obtain more information on the balancing tests by contacting us. You have the right to object to processing based on legitimate interest. Read more about your rights and how to contact us in section "What are your rights?". Legitimate interest is the basis for the processing, for example, when
we contact you to inform you of new similar products or services that you have previously obtained from us;
we personalize our offering to provide you with more relevant services that match with your profile and interests, for example, to make recommendations and to display customized content in our services. This may include displaying third party content;
we analyze information on your interests, buying behavior and feedback to develop our business operations, products and services; and
we process personal data to prevent and investigate fraud, money-laundering, terrorist financing and other misuses and defend HMD's legitimate interests, for example, in civil or criminal legal proceedings.
Consent. Processing of your personal data can be based on your consent. In these situations, we ask your consent before your personal data is processed. Giving a consent is always voluntary and you have the possibility to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal. We maintain records of your consents, preferences and settings relating to, for example, marketing, location data, and sharing of personal data. Consent is the basis for the processing in the following situations.
You participate in the User Experience Program and we collect details of how you use a particular HMD product and/or service to improve it. You can withdraw your consent in your device's settings. For more information, please see our User Experience Program Supplement.
You subscribe to our mailing list to hear about new products, services and promotions. You can withdraw your consent for marketing by using the unsubscribe link at the bottom of the newsletter.
Use of HMD products and services may involve use of location data based on your consent. You can withdraw your consent for the processing of location data in your device's or application's settings.
When you agree to it, we can process your personal data for marketing purposes and share data with our marketing partners. We also personalize our offering to provide you with more relevant services that match with your profile and interests, for example, to make recommendations and to display customized content in our newsletter. This may include displaying third party content.
In case you want to subscribe to our products, we determine your credit score based on your consent. For more information, please see our Credit Score Check Supplement.
Legal obligation. HMD may need to process your personal data to comply with legal requirements to which HMD is subject to. HMD may have, for example, a legal obligation to disclose your personal data to the authorities when requested, and to screen sanctions.
We do not sell, lease or rent your personal data to third parties. We share your information internally within our company, but only to those who need it to provide you with the products and services or to respond to your requests. Further, we share your personal data with service providers and third parties in the following situations, and only to the extent necessary for the purposes described in this Policy.
HMD service providers and authorized third parties. We share your personal data with our service providers which we have carefully selected to supply services for us or on our behalf, such as companies that help us with repairs, customer service and support, electronic commerce, data storing, managing and analyzing customer data, and conducting research, advertising, or billing through your network service provider or otherwise. These service providers are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.
We can also disclose your personal data with our business partners with whom we work to provide you with the products and services that you have purchased or requested. The partners we have partnered up with include payment service providers to allow electronic payment methods, online financial service providers to offer financing for your purchases, service providers to help us with credit check and fraud detection, logistic service providers to provide smooth delivery and return of your purchases, and social network services for account login. These business partners process your personal data for their own purposes and according to their own terms and privacy policies, which we recommend you to check carefully. For example, in order to offer you Klarna’s payment methods, we pass your contact and order details to Klarna in the checkout, in order for Klarna to assess whether you qualify for their payment methods, and to tailor those payment methods for you. In such case, your personal data transferred is processed in line with Klarna’s own privacy notice.
Marketing. We may share your personal data with our marketing partners, for example to manage marketing campaigns. We may conduct joint marketing and other communications with our partners. Our marketing partners are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.
International transfers of personal data. The main location of the data is in the EU/EEA and the data is hosted on cloud platforms. Due to service performance and localization requirements, providing our products and services requires also using resources and servers located in various countries and regions around the world, including the European Union, United States of America, Singapore, and China. Therefore, your personal data may be transferred across international borders outside the country where you use our products and services, including to countries outside the European Economic Area (EEA) that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, especially by using the European Commission’s Standard Contractual Clauses of 2021, and by requiring the use of other appropriate technical and organizational information security measures. You may obtain more information on the transfer safeguards by checking relevant Supplement or by contacting us.
Mandatory disclosures. We may be obligated by mandatory law to disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where we or third parties acting on our behalf operate. We may also disclose and otherwise process your personal data in accordance with applicable law to defend HMD’s legitimate interests, for example, in civil or criminal legal proceedings.
Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.
How do we address the privacy of children? HMD products and services are typically intended for general audiences. We acknowledge that our customers may include children. We hope that guardians will discuss the processing of personal data with their children. In case you have any questions concerning the way children’s personal data is processed within HMD’s services or products, we are happy to provide additional information and answer any questions.
What steps are taken to safeguard personal data? Privacy and security are key considerations in the creation and delivery of our products and services. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training, and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our databases containing personal data to authorized persons having a justified need to access such information.
We take reasonable steps to keep the personal data we possess accurate and to delete or de-identify unnecessary personal data. Retention periods vary depending on the type of data and the service or product in question. The retention time of your personal data is determined in accordance with the following criteria:
|What personal data is being retained?||How long is the data retained?|
|Device activation data||6 months after the device has been activated.|
|User experience program data||12 months after the data is collected.|
|Account data||As long as the account is active and 30 days after the account has been deleted or service unsubscribed. Inactive accounts which have not been used are deleted after 48 months unless the account is reactivated.|
|Community forum data||Messages posted on the forum: until they are deleted by the user or moderator.|
|Communication and interaction data||Customer support: 5 years after the last correspondence between the customer and the customer support.|
|Subscription-related communication||12 months after the end of a subscription agreement.|
|Purchase and transaction data||Purchase and transaction data are retained for 6 years after the purchase or subscription start date or 1 year after the end of the subscription, whichever is the latest.|
|Credit data||Your credit score is retained for 6 years after the subscription.|
|Marketing data||Email addresses: 30 days after the mailing list has been unsubscribed.|
Personal data may be retained longer than indicated above in a singular case when it is actively processed for a compelling purpose, such as legal claims. In such cases, the personal data is disposed as soon as it is no longer needed for the specific purpose.
You have a right to know what personal data we hold about you as specified below. You have a right to have incomplete, incorrect, or outdated personal data completed or updated. In certain cases, you have a right to erasure, restriction, or data portability, or to object to processing of your personal data. You also have a right to withdraw your consent at any time. You may exercise your rights by managing your account and choices through available profile management tools on your device and our services, or by contacting us. In some cases, especially if you wish us to delete or stop processing your personal data, this may also mean that we may not be able to continue to provide the services to you.
• Right of access. You have the right to know what personal data we hold about you or to receive a confirmation that we do not process data concerning you. You can access your data through your account's settings. You can also request access to your data by using the contact details below.
• Right to rectification. You have the right to have incomplete or incorrect personal data rectified. You can correct and update your data through your account's settings and we encourage you to do this from time to time to ensure your personal data is up to date. You can also request rectification or completion of your data by using the contact details below.
• Right to withdraw consent. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal. You can withdraw your consent in your device’s or application’s settings and for marketing newsletters by using the unsubscribe link at the bottom of the newsletter.
• Right to be forgotten. You have the right to have your personal data erased in certain situations, for example, when the processing of your data is no longer necessary for the purposes for which it was collected, or if the processing is based on your consent and you want to withdraw your consent and there are no other bases for processing. Please note that the data can be necessary to perform the contract between you and HMD, or HMD can have compelling legitimate grounds to retain certain data. If you want to delete such information, it means that we may not be able to continue to provide the services to you. You can erase your data via your account's settings or by using the contact details below.
• Right to object. When the processing of your personal data is based on a legitimate interest, you have the right to object to such processing. You can request that we stop processing your personal data for direct marketing or profiling purposes. You can unsubscribe from our newsletter by clicking on the unsubscribe link at the bottom of our newsletters. Critical alerts and other important notices may still be sent to you. You can use your right to object via your account's settings or by using the contact details below.
• Right to restriction of processing. In certain situations, you may have the right to restrict the processing of your data. When the processing has been restricted, your data will only be stored and not processed further. For example, if you contest the accuracy of your data, you have the right to have the contested data under a restriction of processing while it is ensured that your data is accurate. You can use your right to restrict the processing by using the contact details below.
• Right to data portability. When processing is carried out by automated means and based on a contract or consent, you have the right to obtain the data you have provided to HMD in a machine-readable format so that you can transfer it to another controller. This can be executed through your account's settings or by using the contact details below.
• Rights related to automated decision-making. In case a decision concerning you is based solely on automated processing and potentially produces legal effects or similarly significant effects on you, you have always the right to obtain human intervention on the decision making, express your point of view and to contest the decision. You can execute these rights by contacting our customer support.
If you cannot use your rights directly through the HMD products and services you use, you can contact us via
HMD Global Oy is the controller of your personal data when the personal data is processed in connection with our products and services. Our Data Protection Officer is Jari Koljonen.
In matters pertaining to HMD’s privacy practices, you may also contact us at: HMD Global Oy, c/o Privacy, Bertel Jungin aukio 9, 02600 Espoo, Finland
Our products or services may contain links to other companies’ websites and services that have privacy policies of their own. All links to such websites and services are provided for your convenience only. Before submitting your personal data to third parties, HMD recommends taking a moment to familiarize yourself with these third-party privacy policies.
HMD may from time to time update this Policy to reflect changes in our personal data processing practices with respect to our products and services, or applicable law. We will also indicate when this Policy was last updated at the top of this Policy. We seek to inform you personally of all significant changes to this policy by email or by other notification mechanisms.
You can find previous versions of this document here: