General privacy notice
1 Introduction
LAST UPDATED December 2023
Nokia Corporation and its affiliates Affiliates | Nokia (collectively, “Nokia,” “we,” or “us”) want you to be familiar with how we collect, use and disclose personal data.
This Privacy Notice describes how we process personal data from individuals who are not employed by us but who we engage with through our customers, subcontractors, contractors, service providers, suppliers, professional and business partners (including universities and research institutions), investors, resellers, governmental and lobbying relations, visitors to our website and other relevant stakeholders.
“Personal data” is information that identifies an individual or relates to an identifiable individual.
For more information regarding personal data that we collect in our recruitment activities, please see our Jobs and Recruitment Notice.
For more information regarding personal data collected and processed by Nokia licensed products and/or services please see Licensed Products Notice.
You are not required to provide personal data to Nokia. If you choose not to provide your personal data to Nokia, we may not be able to provide you with either our products or services or all of their functionalities and/or to respond to queries you may have.
We may provide supplements to this notice with additional and/or updated privacy information regarding our privacy practices that are specific to a product or service or jurisdiction, details of which can be accessed via the relevant product or service or via our Supplemental Notices section.
To view this notice in a language other than English, or to download an English language PDF, please follow the relevant link below:
- Introduction
- Personal data we collect
- How we use personal data
- How we share your personal data
- Cookies and similar technologies
- Your choices and rights over your data
- How we keep data secure
- How long we keep your data
- Third-party services
- Children
- International data transfers
- Updates to this Notice
- Contact Us
2 Personal data we collect
We collect the following categories of personal data as further described in this notice:
Category of Data |
Examples |
---|---|
Identity data |
First name, last name, title, written or electronic signature, date and place of birth, passport or other official identity document numbers, nationality and/or residency information, photographs, images, gender. |
Contact data |
Home address, email address, social media identities and phone number. |
Role Based data |
Job title, business name, business address, business phone, business email, length of employment. |
Professional history |
CV, employment history, educational details and qualifications, background checks and assessments. |
Operational data |
Field of operation, projects you worked on for Nokia, information about job offers from Nokia, photographs, accident reports, training records, time and attendance records, dates engaged in working for Nokia. |
Access data |
Nokia ID, IDs used for security purposes, user credentials for access to online services and platforms, IDs and passwords, log traffic and location data, and other technical information. |
Financial data |
Bank account and payment card details. |
Marketing and communications data |
Your choices regarding our marketing and promotional communications, language, interests, participation in promotions or surveys, responses to promotional communications displayed or provided to you, and preferred methods of receiving such promotional communications, recordings of telephone calls with customer service and other representatives, and other feedback/preferences that you might express during the course of the business relationship. |
Usage data |
Details of access to online services and platforms, network sessions, and data about your use of our equipment, electronic communications systems, and property, such as computers, mobile devices, email, internet, telephone and voicemail. |
Relationship history |
Details of transactions, sales, purchases, uses, your communications with us, your account with us, details of any gifts, travel and hospitality, details of your claims, complaints and queries in general. |
User generated content |
Electronic content produced by your use of our systems, including training records, online interactive and voice communications, such as blog, chat, webcam use and network sessions, reviews about our products and services, and other content you may create or share, including posts on our social media pages, blogs, and comment sections. |
Visitor and event data |
Dietary restrictions, travel and accommodation details, issued identification pass to access the premises, photos and videos taken at one of our events or webinars, images or footage captured or recorded by CCTV and other security measures on our premises, interactions with our systems, and other details specific to a particular event, webinar or conference that you attend. |
Device data |
When you access our services online, our web servers automatically create records of your visit. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language, and other such information. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile subscription number, may be transmitted to Nokia by the telecommunications operator as a standard part of that communication. This includes data obtained through cookies and similar technologies as described in Cookies and beyond | Nokia. |
2.1 Sensitive Data
In limited circumstances we may process sensitive personal data, such as criminal records data, to enable Nokia to carry out background checks on individuals, either with your consent or where necessary to comply with a legal obligation, such as ensuring the health and safety of individuals through the provision of a safe working environment.
Unless we request it, we ask that you do not provide or disclose any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership).
3 How we use personal data
We use your personal data for legitimate business purposes as described in the overview below. Please select the section that best reflects the nature of your interaction with us.
3.1 To manage our business relationships with customers, selling partners and suppliers
- To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals.
- To onboard new customers and suppliers, set up accounts and ongoing account administration.
- To deliver products and services to customers, provide customer service and communicate with customers and suppliers for those purposes
- To manage our business operations and improve the functionality of our products and services
To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals.
Purpose: To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals.
Examples of processing activities: Conduct credit checks, due diligence and “know your customer (KYC)” checks; identify potential conflicts of interest; carry out checks if required by us, and/or a government or customer (e.g., if you have access to national or sensitive infrastructure data)review your Professional History in order for Nokia to assess suitability for specific projects)
Personal data categories: Identity Data and Contact Data; Role Based Data; Financial Data; Relationship History; in addition, for background checks: Professional History; Operational Data; Access Data; Relationship History; criminal records data in limited circumstances.
Legal basis: Legitimate interests, for example, to comply with internal compliance policies or to assess an individual’s qualifications for a specific project.
Legal obligations* for example relating to anti-money laundering measures, prevention of fraud, anti-bribery, sanctions and trade restrictions or access to national infrastructure.
Consent for carrying out background checks where requested by end customers.
Third-party sources: Third-party organizations, for example, those who maintain databases which assist with due diligence and KYC checks, those who assist with enhanced screening where required or from publicly available sources.
Your employer, where you are employed by one of our Customers or Suppliers.
Third party screening providers, such as those conducting criminal records checks.
Purpose: To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals.
Examples of processing activities: Conduct credit checks, due diligence and “know your customer (KYC)” checks; identify potential conflicts of interest; carry out checks if required by us, and/or a government or customer (e.g., if you have access to national or sensitive infrastructure data)review your Professional History in order for Nokia to assess suitability for specific projects)
Personal data categories: Identity Data and Contact Data; Role Based Data; Financial Data; Relationship History; in addition, for background checks: Professional History; Operational Data; Access Data; Relationship History; criminal records data in limited circumstances.
Legal basis: Legitimate interests, for example, to comply with internal compliance policies or to assess an individual’s qualifications for a specific project.
Legal obligations* for example relating to anti-money laundering measures, prevention of fraud, anti-bribery, sanctions and trade restrictions or access to national infrastructure.
Consent for carrying out background checks where requested by end customers.
Third-party sources: Third-party organizations, for example, those who maintain databases which assist with due diligence and KYC checks, those who assist with enhanced screening where required or from publicly available sources.
Your employer, where you are employed by one of our Customers or Suppliers.
Third party screening providers, such as those conducting criminal records checks.
Purpose: To onboard new customers and suppliers, set up accounts and ongoing account administration.
Examples of processing activities: Manage requests for quotations and responses; confirm a person’s authority as a representative or agent of a Company; set up and administer your account with us; manage payment for any goods or services that we provide to you; manage accounts receivable; enforce the contractual terms and conditions that govern our business relationship with you; and provide administrative information to you, such as changes to relevant terms, conditions, policies and procedures; and record our interactions in our relationship management platforms.
Personal data categories: Identity Data and Contact Data; Role Based Data; Access Data; Financial Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests, such as following internal processes and the performance of our contractual relationship with your employer.
Purpose: To deliver products and services to customers, provide customer service and communicate with customers and suppliers for those purposes.
Examples of processing activities: Deliver our products and services to customers; manage communications regarding products, projects and services; provide and improve our customer service; respond to queries, handle complaints and grievances; request your feedback, for example, by completing a survey, about our products, services or events; review and act on that feedback; and facilitate communications generally in the context of our business activities.
Personal data categories: Identity Data and Contact Data; Role Based Data; Access Data; Financial Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests, such as responding to inquiries, complaints and concerns and the performance of our contractual relationship with your employer
Third-party sources: The Nokia end customer relevant to a specific issue.
Third parties that we work with to obtain customer feedback on our behalf.
Purpose: To manage our business operations and improve the functionality of our products and services.
Examples of processing activities: Manage and allocate company assets and resources including the deployment of individuals to projects and scheduling work; carry out strategic and organizational planning and project management and development; compile audit trails and other reporting tools; manage internal directories, financial management, budgeting and reporting; manage our disaster recovery and business continuity plans and procedures; maintain our records relating to manufacturing and other business activities; carry out data analysis audits, identifying usage trends; manage product and service development and maintain an issues log; and maintain training records.
Personal data categories: Identity Data and Contact Data; Role Based Data; Access Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests, such as responding to enquiries or complaints, ensuring the efficient scheduling of work and the performance of our contractual relationship with your employer.
Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records.
Third-party sources: Your employer, as a customer of Nokia.
3.2 To improve and develop our products and services and ways of working
- Collaborate with you in your professional capacity for the purposes of product development, research programs and industry wide initiatives
- Administer participation of individuals in research to develop Nokia products and services
- To aggregate and/or anonymize Personal Data for the purposes of analyzing our products, services, governance and ways of working
Collaborate with you in your professional capacity for the purposes of product development, research programs and industry wide initiatives
Purpose: Collaborate with you in your professional capacity for the purposes of product development, research programs and industry wide initiatives.
Examples of processing activities: To reach out to you for your professional expertise, for example, in the context of developments to our products or services or those of our affiliates or business partners collaborate with you on events, publications, advisory meetings and panels and research projects or programs; invite you to participate in special programs, activities, events, promotions, marketing activities (such as our Thought Leadership Program or Customer Success story), or policy initiatives. Some of these may have additional rules containing information about how we will use and disclose your personal data.
Personal data categories: Identity Data and Contact Data; Role Based Data; Professional History; Access Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests, such as inviting you to participate in our Thought Leadership Program.
Consent, for example to include your name in publications.
Purpose: Collaborate with you in your professional capacity for the purposes of product development, research programs and industry wide initiatives.
Examples of processing activities: To reach out to you for your professional expertise, for example, in the context of developments to our products or services or those of our affiliates or business partners collaborate with you on events, publications, advisory meetings and panels and research projects or programs; invite you to participate in special programs, activities, events, promotions, marketing activities (such as our Thought Leadership Program or Customer Success story), or policy initiatives. Some of these may have additional rules containing information about how we will use and disclose your personal data.
Personal data categories: Identity Data and Contact Data; Role Based Data; Professional History; Access Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests, such as inviting you to participate in our Thought Leadership Program.
Consent, for example to include your name in publications.
Purpose: Administer participation of individuals in research to develop Nokia products and services.
Examples of processing activities: Seek your views on and test the use of products, projects and services developed by Nokia (and our affiliates or business partners) for development and improvement purposes; invite you to participate in special programs, activities, events, studies or promotions.
Some of these may have additional rules containing information about how we will use and disclose your personal data.
Personal data categories: Identity Data and Contact Data; Role Based Data; Access Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Device Data; Visitor and Event Data.
Legal basis: Consent specific to the activity.
Purpose: To aggregate and/or anonymize Personal Data for the purposes of analyzing our products, services, governance and ways of working.
Examples of processing activities: Aggregate and/or anonymize personal data so that it will no longer be considered personal data for research and statistical purposes.
Personal data categories: Personal data relevant to the specific business purpose.
Legal basis: Legitimate interests, such as to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
3.3 To carry out engagement and marketing activities and to organize events
- To contact you about Nokia products, services, and initiatives and manage those communications
- To manage communication preferences
- To share your details with third parties for sales and marketing purposes
- To understand our customers’ and potential customers’ interests and preferences in order to provide information tailored to their business needs
- To display relevant advertising via websites, apps and social media and to monitor its effectiveness
- To provide gifts, hospitality, travel and entertainment
- To conduct prize draws, contests and other promotional offers
- To invite you to events, conferences, webinars and seminars that may be of interest
- To manage your booking of and attendance at physical events
- To manage your registration for and participation in virtual events
- To record webinars or events to enable virtual attendance or for delegates to watch afterwards
- To administer the participation of guest speakers
- To obtain feedback and follow up actions
- To share your details with event partners
To contact you about Nokia products, services, and initiatives and manage those communications
Purpose: To contact you about Nokia products, services, and initiatives and manage those communications.
Examples of processing activities: Respond to your enquiries, requests for information and expressions of interest whether in person, for example at an event, or via our website, email or social media; contact you about products and services we feel may be of interest to you; follow up on leads from our third party selling partners, event partners or other lead generation service providers; manage relationships with prospective customers. To do this we may share your contact details with outsourced calling providers;
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests when responding to your requests or expressions of interest, where you are an existing customer, or where the law permits in the business to business context.
We rely on consent where required by law, for example, to send electronic marketing, such as emails, SMS or push notifications, or when following up on leads from event partners.
You can manage your receipt of marketing and other non-transactional communications by following the instructions on how to opt out contained in each communication or by contacting us as described below.
Third-party sources: Lead generation service providers.
Our selling partners
Our event partners.
Purpose: To contact you about Nokia products, services, and initiatives and manage those communications.
Examples of processing activities: Respond to your enquiries, requests for information and expressions of interest whether in person, for example at an event, or via our website, email or social media; contact you about products and services we feel may be of interest to you; follow up on leads from our third party selling partners, event partners or other lead generation service providers; manage relationships with prospective customers. To do this we may share your contact details with outsourced calling providers;
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests when responding to your requests or expressions of interest, where you are an existing customer, or where the law permits in the business to business context.
We rely on consent where required by law, for example, to send electronic marketing, such as emails, SMS or push notifications, or when following up on leads from event partners.
You can manage your receipt of marketing and other non-transactional communications by following the instructions on how to opt out contained in each communication or by contacting us as described below.
Third-party sources: Lead generation service providers.
Our selling partners
Our event partners.
Purpose: To manage communication preferences.
Examples of processing activities: Record, update and respect your communication preferences on our databases and in any third party relationship management tools.
Personal data categories: Identity Data and Contact Data; Marketing and Communications Data; Relationship History; Visitor and Event Data.
Legal basis: Legal obligations* such as to manage communication preferences in accordance with local data protection and marketing laws.
Purpose: To share your details with third parties for sales and marketing purposes.
Examples of processing activities: Share your details with third parties, such as selling partners, co-sponsors or presenters at marketing events for the purposes of contacting you about Nokia products and services, or related products and services as specified at the time.
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; Visitor and Event Data.
Legal basis: Consent to share your data for the specified purpose.
Purpose: To understand our customers’ and potential customers’ interests and preferences in order to provide information tailored to their business needs.
Examples of processing activities: Record your interests, requests, preferences and business needs as part of our account and lead management processes based on information provided to us by you or, with your consent, from one of our event or selling partners; create insights using publicly available information from data brokers; make inferences from digital activity such as interactions with online content on our and third party websites and platforms after you fill out a web form.
Personal data categories: Identity Data and Contact Data; Role Based Data; Access Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Consent where information comes directly from you or from our selling or event partners.
Legitimate interests for the use of information you or our carefully selected data brokers provide to understand your interests and business needs;
Consent to the placing of cookies for the purposes explained at the time you fill out a web form.
Third-party sources: Data brokers
Our selling and event partners
Data analytics partners
Purpose: To display relevant advertising via websites, apps and social media and to monitor its effectiveness.
Examples of processing activities: Place advertising and content on third party websites and platforms based on our understanding of you as a customer or potential customer, to deliver content that is relevant to you and give you the best customer experience.; use tracking technologies to collect usage data and metrics of your interactions with our website and our advertising which we use to analyze and enhance user experience; analyze aggregated data to assess the impact of advertising campaigns and user engagement.
Personal data categories: Identity Data and Contact Data; Device Data; User Generated Content.
Legal basis: We rely on consents provided by you when managed by us or by the third parties to whom you have given your consent to share that data with us including third parties we buy advertising from for the use of advertising, marketing and analytics cookies.
Third-party sources: Marketing and advertising service providers.
Purpose: To provide gifts, hospitality, travel and entertainment.
Examples of processing activities: Make any necessary bookings or facilitate deliveries; note your preferences such as dietary requirements; share information with the relevant service providers; and keep records to comply with internal policies and processes.
Personal data categories: Identity Data and Contact Data; Role Based Data; Financial Data; Marketing and Communications Data; Relationship History; Visitor and Event Data.
Legal basis: Consent to collect special category data related to your dietary requirements. Legitimate interests to build and maintain customer relations and to comply with internal procedures
Legal obligations* such as to comply with local anti-bribery laws.
Purpose: To conduct prize draws, contests and other promotional offers.
Examples of processing activities: Administer your participation in such offers including the delivery of any prizes; keep records to comply with internal policies.
Some of these promotions have additional rules containing information about how we will use and disclose your personal data, which we will communicate to you separately.
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Performance of contract, such as fulfilling obligations associated with a contest.
Legal obligations* such as to comply with local anti-bribery laws
Purpose: To invite you to events, conferences, webinars and seminars that may be of interest.
Examples of processing activities: Identify events of interest and invite you to events.
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Consent to receive invitations to events which may be of interest.
Purpose: To manage your booking of and attendance at physical events.
Examples of processing activities: Administer registrations; process travel, accommodation, dietary needs and preferences; administer venue access requirements including parking and verification of identity for security purposes (including any venue specific requirements); create and distribute delegate badges; and maintain attendance records for health and safety reasons on the day of the event and for ongoing relationship management.
Personal data categories: Identity Data and Contact Data; Role Specific Data; Access Data; Financial Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Fulfilment of a contract, for example to provide you with food and drink.
Consent to respect your dietary requirements.
Legitimate interests such as ensuring the security of the venue.
Purpose: To manage your registration for and participation in virtual events.
Examples of processing activities: Administer registrations; provide access to the relevant platforms, including sharing details with any relevant external providers; maintain an attendance record and record of interactions including any consents collected; respond to comments during the event; and troubleshoot technical issues.
Personal data categories: Identity Data and Contact Data; Role Based Data; Financial Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Necessary for the fulfilment of a contract, for example to deliver the event.
Legitimate Interests in troubleshooting technical issues and maintaining an attendance record.
Third-party sources: Third party platform providers.
Event co-hosts, where applicable.
Purpose: To record webinars or events to enable virtual attendance or for delegates to watch afterwards.
Examples of processing activities: Record sessions including presenter and delegate participation to make these available to a wider audience, as specified in the event invitation and at the time of recording; use presentations and contributions to the event, including comments and images for promotional activities as specified for that event.
Personal data categories: Identity Data and Contact Data; Role Based Data; User Generated Content; Visitor and Event Data.
Legal basis: Consent of participants.
Third-party sources: Third party platform providers, when applicable.
Purpose: To administer the participation of guest speakers.
Examples of processing activities: Research, select and engage appropriate guest speakers at physical and virtual events and administer attendance, payment and follow up.
Personal data categories: Identity Data and Contact Data; Role Specific Data; Financial Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests in conducting our initial research and making contact.
Necessary for the performance of a contract.
Purpose: To obtain feedback and follow up actions.
Examples of processing activities: Obtain and record your feedback; note your participation; and follow up with further information that we believe may be of interest to you.
Personal data categories: Identity Data and Contact Data; Role Based Data; Access Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legitimate interests such as evaluating the success of the event and ensuring we communicate appropriately with attendees.
Consent to receive further communications.
Third-party sources: Third party platform providers, when applicable.
Purpose: To share your details with event partners.
Examples of processing activities: Share your contact and attendance details with event partners for their marketing purposes.
Personal data categories: Identity Data and Contact Data; Role Based Data; Visitor and Event Data.
Legal basis: Consent for the purposes specified.
3.4 To provide and maintain our website and other online platforms, apps and systems
Individual platforms, apps and systems may have additional requirements about how we will use and disclose personal data that will be disclosed to you at the time of use.
- To improve and develop current and new websites
- To provide support and respond to queries from website users including requests to manage privacy rights
- To provide the Nokia Learning and Development Hub to customer, channel and sales partner employees
- To provide access to our Selling Partner Portal
- IT Management of our systems and portals, such as our learning hub, partner portal, inventor portal and other Nokia platforms
- Protection of Nokia’s systems, networks and information
To improve and develop current and new websites
Purpose: To improve and develop current and new websites.
Examples of processing activities: Conduct data analysis, for example, monitor and analyze usage of the website and use data analytics to improve the efficiency; develop our websites; consider ways for enhancing, improving, repairing, maintaining, or modifying our current websites; identify usage trends, for example, understanding which parts of our website are of most interest to users.
Personal data categories: Usage Data; User Generated Content; Device Data.
Legal basis: Legitimate interests, such as developing our website and ensuring its functionality.
Purpose: To improve and develop current and new websites.
Examples of processing activities: Conduct data analysis, for example, monitor and analyze usage of the website and use data analytics to improve the efficiency; develop our websites; consider ways for enhancing, improving, repairing, maintaining, or modifying our current websites; identify usage trends, for example, understanding which parts of our website are of most interest to users.
Personal data categories: Usage Data; User Generated Content; Device Data.
Legal basis: Legitimate interests, such as developing our website and ensuring its functionality.
Purpose: To provide support and respond to queries from website users including requests to manage privacy rights.
Examples of processing activities: Respond to enquiries, requests, comments and complaints about any of our websites; handle any requests to exercise your privacy rights; and keep records of these interactions.
Personal data categories: Identity Data and Contact Data; Access Data; Usage Data; User Generated Content; Device Data.
Legal basis: Legitimate interests such as responding to complaints.
Legal obligations*, such as when you submit a request to access your personal data.
Purpose: To provide the Nokia Learning and Development Hub to customer, channel and sales partner employees.
Examples of processing activities: Create your user profile; provide you with access to the learning and development portal; maintain training records including details of courses undertaken; record certifications where necessary for compliance checks; compile reports; administer our online learning communities; share training records with your employer where you have given your consent; link your certifications to your profile on our selling partner portal, where relevant; in the context of mandatory training for health, safety and security we may share training records with the relevant end customer.
Personal data categories: Identity Data and Contact Data; Professional Data; Access Data; Usage Data; User Generated Content where learner participates in online learning communities.
Legal basis: Legitimate interests, for example to effectively operate our learning and development hub and to maintain project specific training records.
When necessary, to comply with legal obligations relating to health, safety or national security or to protect the vital interests of you or another individual, we may share your data with your employer or our end customer. Otherwise we rely on your consent.
Third-party sources: The learner’s employer.
Purpose: To provide access to our Selling Partner Portal.
Examples of processing activities: Administer your access to the portal; provide you with information about our products and services; record your Nokia selling certifications and make those available in the manner described in the Nokia Learning and Development Hub; and other purposes as specified when you access the portal.
Personal data categories: Identity Data and Contact Data; Role Base Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Performance of our contractual relationship with you in providing access to the portal.
Consent to use of personal data for specific purposes.
Purpose: IT Management of our systems and portals, such as our learning hub, partner portal, inventor portal and other Nokia platforms.
Examples of processing activities: Provide, administer and maintaining IT and communication services; technical troubleshooting and diagnostic testing, conduct performance analyses of our IT and communication services; technical development including testing new features to evaluate their impact; statistical analysis; system and log maintenance; technical support; and system debugging; record and maintain activity logs to identify administration activity.
Personal data categories: Identity Data; Contact Data; Role Based Data; Access Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Performance of our contractual relationship with you, such as ensuring that our systems are functioning to enable the provision of services.
Legitimate interests, such as responding to technical enquiries and ensuring the security and integrity of our systems.
Purpose: Protection of Nokia’s systems, networks and information.
Examples of processing activities: Record and review access to our networks, systems, and applications; identify and authenticate individuals / applications / systems; manage access to company physical sites; identify and investigate the unauthorized use of our systems/information or use in violation of Nokia's policies or applicable law.
Personal data categories: Identity Data; Contact Data; Role Based Data; Operational Data; Access Data; Financial Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
Legal basis: Legal obligations*, such as to detect and prevent cyberattacks.
Legitimate interests, such as complying with our contractual requirements to protect customer infrastructure and information and the protection of our own assets.
3.5 To carry out corporate activities
Such as manage our legal and compliance obligations, manage media and investor relations, administer our corporate structure and engage with shareholders.
- Ensure and monitor compliance with our policies and procedures and with applicable laws in the countries in which we operate
- Pursue legal rights and remedies and defend claims
- To fulfill our legal and compliance obligations, such as respond to requests and legal demands from regulators or other authorities in jurisdictions in which we operate
- Fraud prevention
- Engage with the media and with industry analysts
- Engage with local and regional law and policy makers, advocacy groups and policy advisors
- Engage with industry and business associations and other similar stakeholder groups
- Conduct shareholder meetings
- Manage Institutional Investor Relations
- Facilitate mergers, acquisitions and corporate restructuring
Ensure and monitor compliance with our policies and procedures and with applicable laws in the countries in which we operate
Purpose: Ensure and monitor compliance with our policies and procedures and with applicable laws in the countries in which we operate.
Examples of processing activities: Comply with, monitor and assess the effectiveness of internal policies and procedures; detect, prevent and investigate fraud; meet our regulatory monitoring, recordkeeping and reporting obligations; conduct internal investigations, including employee reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns; manage complaints or other potential claims from third parties; manage internal disciplinary actions, grievances, and terminations.
Where necessary we may issue a supplemental notice in respect of some of the above activities giving further information on how your data is processed.
Personal data categories: Personal data as relevant for the specific legal action, regulatory investigation, and/or legal processes in question
Legal basis: Legitimate interests, such as responding to customer and employee concerns.
Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records and relating to our obligations to conduct investigations.
Purpose: Ensure and monitor compliance with our policies and procedures and with applicable laws in the countries in which we operate.
Examples of processing activities: Comply with, monitor and assess the effectiveness of internal policies and procedures; detect, prevent and investigate fraud; meet our regulatory monitoring, recordkeeping and reporting obligations; conduct internal investigations, including employee reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns; manage complaints or other potential claims from third parties; manage internal disciplinary actions, grievances, and terminations.
Where necessary we may issue a supplemental notice in respect of some of the above activities giving further information on how your data is processed.
Personal data categories: Personal data as relevant for the specific legal action, regulatory investigation, and/or legal processes in question
Legal basis: Legitimate interests, such as responding to customer and employee concerns.
Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records and relating to our obligations to conduct investigations.
Purpose: Pursue legal rights and remedies and defend claims.
Examples of processing activities: Participate in and respond to legal processes, including domestic and cross-border litigation, discovery procedures, subpoenas; pursue legal rights and remedies; defend litigation.
Personal data categories: Personal data as relevant for the specific legal action, regulatory investigation, and/or legal processes in question
Legal basis: Legal obligations*, such as complying with legal processes.
Legitimate interests, such as enforcing terms and conditions to protect intellectual property rights and bringing or defending legal claims.
Third-party sources: Public and/or government and/or regulatory authorities, including courts, tribunals, regulators and government authorities.
Third persons (legal or natural), as relevant for the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms etc.).
Purpose: To fulfill our legal and compliance obligations, such as respond to requests and legal demands from regulators or other authorities in jurisdictions in which we operate.
Examples of processing activities: Comply with legal processes including inspections and other requests from regulators or other authorities in your home country or other jurisdictions; comply with sanction rules and anti-corruption, anti-bribery, and transparency obligations.
Personal data categories: Personal data as relevant for the specific legal action, regulatory investigation, and/or legal processes in question
Legal basis: Legal obligations*, such as complying with demands from regulators.
Legitimate interests, such as enforcing terms and conditions to protect intellectual property rights and bringing or defending legal claims.
Third-party sources: Public and/or government and/or regulatory authorities, including courts, tribunals, regulators and government authorities.
Third persons (legal or natural), as relevant for the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms etc.)
Purpose: Fraud prevention.
Examples of processing activities: Conduct audits; verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements; monitor for and prevent fraud.
Personal data categories: Identity Data; Contact Data; Role Based Data; Operational Data; Access Data; Financial Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data;
Legal basis: Legal obligations*, such as those relating to company reporting and accounts.
Legitimate interests, such as identifying and/or preventing fraudulent transactions.
Third-party sources: Third-party organizations, for example, assisting us with background and due diligence checks
Purpose: Engage with the media and with industry analysts.
Examples of processing activities: Respond to enquiries; communicate with you; keep records of interactions; invite you to relevant events; record your areas of interest; provide access to our analysts’ extranet
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; Visitor and Event Information; Usage Data in relation to our analysts´ extranet.
Legal basis: Legitimate interests such as ensuring our business is represented in the media
Purpose: Engage with local and regional law and policy makers, advocacy groups and policy advisors.
Examples of processing activities: Communicate with you and keep records of our interactions; note your expertise and policy areas; comply with applicable local laws and our own internal policies and procedures.
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; Visitor and Event Information;
Legal basis: Legitimate interests such as interacting with policy makers and compliance with internal policies.
Third-party sources: Public directories of government contacts
Purpose: Engage with industry and business associations and other similar stakeholder groups.
Examples of processing activities: Communicate with you; keep records of interactions; collaborate on advocacy and policy proposals
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; Visitor and Event Information;
Legal basis: Legitimate interests to effectively manage relationships
Purpose: Conduct shareholder meetings.
Examples of processing activities: Receive an up to date list of shareholders to ensure the orderly conduct of meetings and enable shareholders to exercise shareholder rights such as voting or appointing a proxy, more details of which are provided in a supplemental notice issued to shareholders at the time of the Annual General Meeting.
Personal data categories: Identity and Contact Data of shareholders and any proxy; Shareholder specific details such as number of shares and voting information
Legal basis: Legal Obligations to organize the Annual General Meeting in accordance with Finnish Company law.
Third-party sources: Euroclear Finland Oy
Purpose: Manage Institutional Investor Relations.
Examples of processing activities: Manage our relationship and respond to enquiries; arrange meetings; provide you with information; keep records of our interactions
Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; Visitor and Event Information;
Legal basis: Legitimate interests such as effective relationship management
Purpose: Facilitate mergers, acquisitions and corporate restructuring.
Examples of processing activities: To facilitate mergers, acquisitions and other reorganizations and restructurings of our business (including prospective transactions or any bankruptcy or similar proceedings). **
Personal data categories: Personal data as relevant for the specific business operation.
Legal basis: Legitimate interests
Third-party sources: Third-party organizations, when they share personal data with us to, for example, facilitate mergers, acquisitions and other reorganization and restructurings of our business.
*For more information on our legal obligations and ** on disclosure of personal data in connection with a sale or business transaction, please see section 4.2 ‘Other Disclosures for legal reasons or on restructuring’ below.
4 How we share your personal data
Your personal data will be processed only by authorized Nokia employees who have been trained to carry out this task. For distributing our products, managing our supply chains and carrying out other business activities, we also work with certain third parties who may also process your personal data. Those third parties and the purposes for which we share personal data with them are set out below:
4.1 Disclosures to third parties
- Our affiliates Affiliates | Nokia
- Professional advisors, consultants and other authorized personnel
- Service providers
- Website hosting service providers
- Information technology and related infrastructure service providers
- Email delivery service providers
- Advertising networks
- Brand Licensees
- Analytics providers
- Other companies & partners
- Regulators, law enforcement, public, regulatory & government authorities, courts or tribunals
Our affiliates Affiliates | Nokia
All purposes described in this Privacy Notice.
All purposes described in this Privacy Notice.
Communicating with you.
Managing and operating our business, including management of contracts and providing the functionality of our goods and services.
Monitoring and ensuring compliance with our policies and procedures and with applicable laws.
Legal and compliance, including responding to requests and legal demands from regulators or other authorities, the pursuit of legal rights and remedies and defending claims.
Information technology management.
Fraud prevention and security, including ensuring the security and safety of Nokia’s premises.
Providing event management, gifts, travel, hospitality and entertainment services.
Carrying out sales and marketing calls on our behalf.
Communicating with you.
Managing and operating our business, including management of contracts and providing the functionality of our goods and services.
Providing personalized services and information of interest to you.
Engaging with you as a customer.
Monitoring and ensuring compliance with our policies and procedures and with applicable laws.
Legal and compliance, including responding to requests and legal demands from regulators or other authorities pursuing legal rights and remedies and defending claims.
Information technology management.
Fraud prevention and security, including ensuring the security and safety of Nokia’s premises.
Aggregating and/or anonymizing personal data.
Improving and developing current and new websites.
Providing the functionality of our websites.
Fraud prevention and security.
Improving and developing current and new websites.
Operations and general business.
Providing the functionality of our websites.
Communicating important changes.
Customer service.
Promotions and contests.
Providing the functionality of our websites.
Relationship building and engagement including marketing.
Personalizing our websites.
Relationship building and engagement including marketing.
Providing the functionality of our websites.
Passing on consumer product enquiries.
Aggregating and/or anonymizing personal data.
Fraud prevention and security.
Improving and developing current and new websites.
Operations and general business.
Personalizing our websites.
Relationship building and engagement, including marketing.
Communicating with you.
Managing and operating our business, including management of contracts, and providing the functionality of our goods and services.
Providing personalized services and information of interest to you.
Engaging with you as a customer.
Collaborating with research partners.
Complying with government requirements regarding access to national infrastructure.
Monitoring and ensuring compliance with our policies and procedures and with applicable laws.
Legal and compliance, including responding to requests and legal demands from regulators or other authorities, pursuing legal rights and remedies and defending claims.
Fraud prevention and security, including ensuring the security and safety of Nokia’s premises.
4.2 Disclosures for legal reasons or on restructuring
We also disclose your personal data as necessary or appropriate, in particular, when we have a legal obligation or legitimate interest to do so, as set out in further detail below.
To comply with applicable law and regulations
This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your personal data, including:
Civil and commercial matters: for example, where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
Criminal matters: for example, to comply with requests and orders from EU and EU Member State law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.
Consumer matters: for example, to comply with requests from competent authorities under EU or EU Member State consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States.
Corporate and taxation matters: for example, to comply with our obligations under applicable EU Member State corporate and tax legislation, such as where a national tax law of an EU Member State requires collection of specific transactional personal data for tax purposes.
Regulatory matters: for example, to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our company. These can include authorities outside of your country of residence.
Compliance and internal investigations: for example, to comply with whistleblowing requirements under EU Whistleblower Directive 2019/1937 and its implementing laws in EU Member States.
Health and safety regulations: for example, to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.
This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your personal data, including:
Civil and commercial matters: for example, where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
Criminal matters: for example, to comply with requests and orders from EU and EU Member State law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.
Consumer matters: for example, to comply with requests from competent authorities under EU or EU Member State consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States.
Corporate and taxation matters: for example, to comply with our obligations under applicable EU Member State corporate and tax legislation, such as where a national tax law of an EU Member State requires collection of specific transactional personal data for tax purposes.
Regulatory matters: for example, to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our company. These can include authorities outside of your country of residence.
Compliance and internal investigations: for example, to comply with whistleblowing requirements under EU Whistleblower Directive 2019/1937 and its implementing laws in EU Member States.
Health and safety regulations: for example, to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.
For dispute resolution purposes;
To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
We have a legitimate interest in disclosing or transferring your personal data to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your personal data in accordance with applicable law and the ‘Updates To This Privacy Notice’ section.
5 Cookies and similar technologies
We may collect personal data through the use of cookies and similar technologies. Please see our Cookies and Similar Technologies Policy for more information on how we use cookies and how you can manage your choices.
6 Your choices and rights over your data
6.1 Your choices regarding our use and disclosure of your personal data for direct marketing purposes
We give you choices regarding our use and disclosure of your personal data for marketing purposes. You may opt out from:
- Receiving marketing-related emails, mobile messages or direct message via social media from us. If you no longer want to receive marketing related messages from us on a going-forward basis, you may opt out by using the links provided to you in the relevant direct marketing messages you have received, or by contacting us in accordance with the “Contacting Us” section below. Please note that important administrative messages may still be sent to you even if you opt-out from marketing and other communications from Nokia.
- Our sharing of your personal data with affiliates for their direct marketing purposes. If you would prefer that we discontinue sharing your personal data on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing by contacting us in accordance with the “Contacting Us” section below.
- Our sharing of your personal data with unaffiliated third parties for their direct marketing purposes. We obtain your prior consent to sharing your personal data in this way. If you would prefer that we discontinue sharing your personal data on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by contacting us in accordance with the “Contacting Us” section below. You should contact the relevant third party directly to exercise your rights to opt out from their marketing messages.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.
6.2 Your additional rights over your data and how to exercise them
If you would like to request to access, correct, update, suppress, restrict, or delete personal data, object to or opt out of the processing of personal data, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your personal data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contacting Us” section below. We will respond to your request consistent with applicable law.
In your request, please make clear what personal data you would like to have changed or whether you would like to have your personal data suppressed from our database. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be capable of removal.
For information on how to manage your rights in respect of cookies and similar technologies please follow the instructions in How do I manage Cookies and Similar Technologies (section 3)
You may lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs, or with the UK Information Commissioner's Office (where you are based or where an alleged infringement of applicable data protection law took place in the United Kingdom). A list of EU/ EEA data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. Details for the UK Information Commissioner's Office are available online at https://ico.org.uk/make-a-complaint/.
7 How we keep data secure
We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
8 How long we keep your data
We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
The criteria used to determine our retention periods are set out in our retention policy and will vary depending on such factors as (i) the length of time we have an ongoing relationship with you and provide goods or services to you (for example, for as long as you have an account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to enforcement of our contractual terms, applicable statutes of limitations, litigation or regulatory investigations).
Retention Periods based on legal obligations
Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain personal data, even after your account has been deleted and/or we no longer provide goods or services to you. Some examples are described below.
- To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your account, we will preserve personal data subject to such order or warrant after you delete your account.
- To comply with legal provisions on tax and accounting: We may retain your personal data, such as Financial Data and Relationship History after you delete your account, as required by local tax law and to comply with bookkeeping requirements.
- To pursue or defend a legal action: We may retain relevant personal data in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your personal data, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for the amount of time appropriate to local limitation periods after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.
Anonymization of data
In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. By way of example, anonymization techniques may include removing direct identifiers from a dataset or replacing point coordinates in geo-referenced data with non-disclosing features or variables, or other recognized techniques appropriate to the data in question.
9 Third-party services
This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third-party operating any website or service to which our products or services link. The inclusion of a link via any of our services does not imply endorsement of the linked site or service by us or by our affiliates.
10 Children
Where Nokia organizes events or initiatives specifically for children, for example, educational events, we will inform you how we will use the child’s personal data in a supplemental notice. Otherwise, we do not knowingly collect personal data from individuals under 16 for the purposes outlined in this Privacy Notice.
11 International data transfers
Nokia is a global company that has affiliates ( Affiliates | Nokia ), business processes, management structures and technical systems that cross national borders. This means your personal data may be stored and processed in countries where we operate, where we have customers, or in which we engage service providers or other authorized parties , and by engaging with us you understand that your personal data will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.
Nokia takes steps to make transfers with appropriate safeguards recognized by applicable laws. Generally international transfers will be safeguarded in accordance with relevant international laws. Where this will involve transferring your personal data outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Adequacy Decisions: Some non-EEA countries are recognized under the UK GDPR and/or by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here European Commission Adequacy list of countries and here UK ICO List Adequacy List of Countries
Standard Contractual Clauses: For transfers of personal data from the UK and/or EEA to countries outside the UK/and or EEA which are not considered adequate under the UK GDPR and/or by the European Commission, we have put in place appropriate measures to protect your personal data. For example, we use standard contractual clauses adopted under the UK GDPR and/or by the European Commission. You may obtain a copy of these measures by contacting us in accordance with the “Contacting Us” section below.
Derogations for specific situations. Transfers may occasionally be made based on a specific derogation, for example, where you have given consent, for reasons of public interest, in connection with the establishment or defense of legal claims, or to protect the vital interests of an individual.
12 Updates to this Notice
The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice.
13 Contact Us
If you are using a Nokia product or service, Nokia Corporation of Karakaari 7, 02610 Espoo, Finland is the controller of your personal data.
In addition, the Nokia affiliate providing the product or service may be a controller of your personal data. You may find the identity of the controller and contact details by reviewing the terms and conditions of such a product or service or by using contact information provided in the applicable Nokia websites where such products or services are offered.
If you have any questions about this Privacy Notice, please contact us via our Nokia Privacy Request Form.
You may also contact our Group Data Protection Officer at:
Nokia Corporation c/o Privacy
Karakaari 7
P.O. Box 226
FI-00045 Nokia Group
Finland
group.dpo@nokia.com