Effective April 17, 2023
This statement supplements HMD Global Privacy Policy for products and services.
When you purchase our products or services or engage in other transactions with us, we process your purchase and transaction data to provide you with our products and services. When you access our services online, our web servers automatically create records of your visit. We also use cookies on our websites, which is described in our Cookie Policy. We use the collected online identifiers as well as your purchase and transaction data for personalizing, marketing, and developing our products and services.
You can subscribe to our marketing newsletter from our website. In case you subscribe to our newsletter, we will process your data to provide you with the latest news concerning our products and services. Additionally, some of our applications and services allow you to subscribe to push notifications which promote HMD and third-party content.
When you make orders on our electronic commerce platforms, we process your data for fraud detection purposes. If we cannot verify the authenticity of your transaction, we are not able to enter into a contract with you to provide you with our products and services. Your personal data is disclosed to fraud detection service provider which confirms us the authenticity of the transaction and that you are not subject to sanctions.
| Online stores and websites | ||
|---|---|---|
| Why are we processing your data? | What is the basis for processing data? | What data are we processing? |
| Providing our products and services: To provide you with our products and services we need to process your personal data, for example, for the payment and delivery of your purchase and to send you transactional emails. | Contract between us. | Purchase and transaction data: name, contact details, records of purchases and downloads, your requests, the services and products provided to you, payment and delivery details, and your other interactions with us. |
| Marketing and targeted advertising: Collected data allows us to customize our offering and to have more relevant and meaningful content and ads on our websites. | Your consent. Please see our Cookie Policy for further details. | Purchase and transaction data: name, contact details, and records of purchases. Cookies: Please see our Cookie Policy. |
| Development of our products and services: We analyze data to understand our customers better and to improve our products and services. | Our legitimate interest of developing our products and services. | Purchase and transaction data: name, contact details, and records of purchases. Online identifiers: e.g., IP address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser and application type, and language. |
| Newsletter and push notifications | ||
|---|---|---|
| Why are we processing your data? | What is the basis for processing? | What data are we processing? |
| Personalization and marketing: We customize our newsletter and push notifications to provide more relevant and meaningful communication with you. We inform you about the latest news concerning our products and services.text in bold | Your consent. You can withdraw your consent for marketing by using the unsubscribe link at the bottom of the newsletter or from the application’s and device’s settings. | Marketing data: name, email address, device details, locale, dates added and modified, and reporting on email deliveries. |
| Fraud detection and sanctions screening | ||
|---|---|---|
| Why are we processing your data? | What is the basis for processing? | What data are we processing? |
| Preventing fraud: When you purchase devices from us, we verify the authenticity of the transaction to prevent frauds. | Contract between us. | Basic information: Name, and address. Order details: Purchased products, billing address, delivery address, and credit card holder name. |
| Sanctions screening: Before you enter into an agreement with us, we need to verify that you are not subject to sanctions. | Legal requirement to comply with sanctions. | Basic information: Name, and address. |
How long is the data retained?
Purchase and transaction data are retained for 6 years after the purchase or subscription start date or 1 year after the end of the subscription, whichever is the latest.
For cookies, please see Cookie retention times in our Cookie Policy.
Email addresses are deleted within 30 days after the mailing list has been unsubscribed.
Online identifiers are retained for 1 month.
Basic information and order details for fraud detection and sanctions screening are retained for the duration of entering into an agreement with HMD to purchase a device or for the duration of rejecting the purchase.
Do we transfer personal data?
| What personal data is transferred? | Who are the recipients of the personal data and where are they located? | What are the transfer safeguards? |
|---|---|---|
| Purchase and transaction data | Transactional data system provider in the EU/EEA | Data in the EU/EEA, Standard Contractual Clauses for their non-EU/EEA subcontractors |
| Cloud platform in the EU/EEA | Data in the EU/EEA | |
| Electronic commerce platform providers in the EU/EEA and the United States | Standard Contractual Clauses of European Commission for non-EU/EEA service providers | |
| Payment service providers in the EU/EEA, the United States and India | Standard Contractual Clauses of European Commission for non-EU/EEA service providers | |
| IT & consultancy service providers in the EU/EEA and India | Standard Contractual Clauses of European Commission for non-EU/EEA service providers | |
| Transactional messaging services in the United States | Standard Contractual Clauses of European Commission | |
| Marketing data | Push notification service providers in the United States | Standard Contractual Clauses of European Commission |
| Mailing service providers in the United States | Standard Contractual Clauses of European Commission | |
| Cookies | For 3rd party cookie providers, please see our Cookie Policy | Standard Contractual Clauses of European Commission for non-EU/EEA service providers when cookies contain personal data. Anonymisation when cookies do not contain personal data |
| Basic information and order details | Fraud detection and sanctions screening service providers in the EU/EEA and in the United States | Data in the EU/EEA for European service providers. Data remains in the country in question for non-EU/EEA service providers |
You can find previous versions of this document here: