Skip to main content

General privacy notice

1 Introduction

LAST UPDATED December 2023

Nokia Corporation and its affiliates Affiliates | Nokia (collectively, “Nokia,” “we,” or “us”) want you to be familiar with how we collect, use and disclose personal data.

This Privacy Notice describes how we process personal data from individuals who are not employed by us but who we engage with through our customers, subcontractors, contractors, service providers, suppliers, professional and business partners (including universities and research institutions), investors, resellers, governmental and lobbying relations, visitors to our website and other relevant stakeholders.

Personal data” is information that identifies an individual or relates to an identifiable individual. 

For more information regarding personal data that we collect in our recruitment activities, please see our Jobs and Recruitment Notice.

For more information regarding personal data collected and processed by Nokia licensed products and/or services please see Licensed Products Notice.

You are not required to provide personal data to Nokia. If you choose not to provide your personal data to Nokia, we may not be able to provide you with either our products or services or all of their functionalities and/or to respond to queries you may have.

We may provide supplements to this notice with additional and/or updated privacy information regarding our privacy practices that are specific to a product or service or jurisdiction, details of which can be accessed via the relevant product or service or via our Supplemental Notices section.

To view this notice in a language other than English, or to download an English language PDF, please follow the relevant link below: 

General Privacy Notice (Finnish/Suomi) General Privacy Notice (German/Deutsch)
General Privacy Notice (Chinese/官话) General Privacy Notice (Japanese/日本語)
General Privacy Notice (English PDF) General Privacy Notice (Spanish/Español)
General Privacy Notice (French/Français)   

2 Personal data we collect

We collect the following categories of personal data as further described in this notice:

Category of Data

Examples

Identity data

First name, last name, title, written or electronic signature, date and place of birth, passport or other official identity document numbers, nationality and/or residency information, photographs, images, gender.

Contact data

Home address, email address, social media identities and phone number.

Role Based data

Job title, business name, business address, business phone, business email, length of employment.

Professional history

CV, employment history, educational details and qualifications, background checks and assessments.

Operational data

Field of operation, projects you worked on for Nokia, information about job offers from Nokia, photographs, accident reports, training records, time and attendance records, dates engaged in working for Nokia.

Access data

Nokia ID, IDs used for security purposes, user credentials for access to online services and platforms, IDs and passwords, log traffic and location data, and other technical information.

Financial data

Bank account and payment card details.

Marketing and communications data

Your choices regarding our marketing and promotional communications, language, interests, participation in promotions or surveys, responses to promotional communications displayed or provided to you, and preferred methods of receiving such promotional communications, recordings of telephone calls with customer service and other representatives, and other feedback/preferences that you might express during the course of the business relationship.

Usage data

Details of access to online services and platforms, network sessions, and data about your use of our equipment, electronic communications systems, and property, such as computers, mobile devices, email, internet, telephone and voicemail.

Relationship history

Details of transactions, sales, purchases, uses, your communications with us, your account with us, details of any gifts, travel and hospitality, details of your claims, complaints and queries in general.

User generated content

Electronic content produced by your use of our systems, including training records, online interactive and voice communications, such as blog, chat, webcam use and network sessions, reviews about our products and services, and other content you may create or share, including posts on our social media pages, blogs, and comment sections.

Visitor and event data

Dietary restrictions, travel and accommodation details, issued identification pass to access the premises, photos and videos taken at one of our events or webinars, images or footage captured or recorded by CCTV and other security measures on our premises, interactions with our systems, and other details specific to a particular event, webinar or conference that you attend.

Device data

When you access our services online, our web servers automatically create records of your visit. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language, and other such information. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile subscription number, may be transmitted to Nokia by the telecommunications operator as a standard part of that communication. This includes data obtained through cookies and similar technologies as described in Cookies and beyond | Nokia.

2.1 Sensitive Data

In limited circumstances we may process sensitive personal data, such as criminal records data, to enable Nokia to carry out background checks on individuals, either with your consent or where necessary to comply with a legal obligation, such as ensuring the health and safety of individuals through the provision of a safe working environment. 

Unless we request it, we ask that you do not provide or disclose any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership).

3 How we use personal data

We use your personal data for legitimate business purposes as described in the overview below. Please select the section that best reflects the nature of your interaction with us.

3.1 To manage our business relationships with customers, selling partners and suppliers

To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals.

Purpose: To conduct due diligence checks on potential and existing customers, selling partners and suppliers and background and suitability checks on individuals.

Examples of processing activities: Conduct credit checks, due diligence and “know your customer (KYC)” checks; identify potential conflicts of interest; carry out checks if required by us, and/or a government or customer (e.g., if you have access to national or sensitive infrastructure data)review your Professional History in order for Nokia to assess  suitability for specific projects)

Personal data categories: Identity Data and Contact Data; Role Based Data; Financial Data; Relationship History; in addition, for background checks:  Professional History; Operational Data; Access Data; Relationship History; criminal records data in limited circumstances.

Legal basis: Legitimate interests, for example, to comply with internal compliance policies or to assess an individual’s qualifications for a specific project.
Legal obligations* for example relating to anti-money laundering measures, prevention of fraud, anti-bribery, sanctions and trade restrictions or access to national infrastructure. 
Consent for carrying out background checks where requested by end customers.

Third-party sources: Third-party organizations, for example, those who maintain databases which assist with due diligence and KYC checks, those who assist with enhanced screening where required or from publicly available sources.
Your employer, where you are employed by one of our Customers or Suppliers.
Third party screening providers, such as those conducting criminal records checks.

3.2 To improve and develop our products and services and ways of working

Collaborate with you in your professional capacity for the purposes of product development, research programs and industry wide initiatives

Purpose: Collaborate with you in your professional capacity for the purposes of product development, research programs and industry wide initiatives. 

Examples of processing activities: To reach out to you for your professional expertise, for example, in the context of developments to our products or services or those of our affiliates or business partners collaborate with you on events, publications, advisory meetings and panels and research projects or programs; invite you to participate in special programs, activities, events, promotions, marketing activities (such as our Thought Leadership Program or Customer Success story), or policy initiatives. Some of these may have additional rules containing information about how we will use and disclose your personal data.

Personal data categories: Identity Data and Contact Data; Role Based Data; Professional History; Access Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.

Legal basis: Legitimate interests, such as inviting you to participate in our Thought Leadership Program. 
Consent, for example to include your name in publications.

3.3 To carry out engagement and marketing activities and to organize events

To contact you about Nokia products, services, and initiatives and manage those communications

Purpose: To contact you about Nokia products, services, and initiatives and manage those communications.

Examples of processing activities: Respond to your enquiries, requests for information and expressions of interest whether in person, for example at an event, or via our website, email or social media; contact you about products and services we feel may be of interest to you; follow up on leads from our third party selling partners, event partners or other lead generation service providers; manage relationships with prospective customers. To do this we may share your contact details with outsourced calling providers;

Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.

Legal basis: Legitimate interests when responding to your requests or expressions of interest, where you are an existing customer, or where the law permits in the business to business context.   
We rely on consent where required by law, for example, to send electronic marketing, such as emails, SMS or push notifications, or when following up on leads from event partners.   
You can manage your receipt of marketing and other non-transactional communications by following the instructions on how to opt out contained in each communication or by contacting us as described below.

Third-party sources: Lead generation service providers.  
Our selling partners  
Our event partners.

3.4 To provide and maintain our website and other online platforms, apps and systems

Individual platforms, apps and systems may have additional requirements about how we will use and disclose personal data that will be disclosed to you at the time of use.

To improve and develop current and new websites

Purpose: To improve and develop current and new websites.

Examples of processing activities: Conduct data analysis, for example, monitor and analyze usage of the website and use data analytics to improve the efficiency; develop our websites; consider ways for enhancing, improving, repairing, maintaining, or modifying our current websites; identify usage trends, for example, understanding which parts of our website are of most interest to users.

Personal data categories: Usage Data; User Generated Content; Device Data.

Legal basis: Legitimate interests, such as developing our website and ensuring its functionality.

3.5 To carry out corporate activities

Such as manage our legal and compliance obligations, manage media and investor relations, administer our corporate structure and engage with shareholders.

Ensure and monitor compliance with our policies and procedures and with applicable laws in the countries in which we operate

Purpose: Ensure and monitor compliance with our policies and procedures and with applicable laws in the countries in which we operate.

Examples of processing activities: Comply with, monitor and assess the effectiveness of internal policies and procedures; detect, prevent and investigate fraud; meet our regulatory monitoring, recordkeeping and reporting obligations; conduct internal investigations, including employee reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns; manage complaints or other potential claims from third parties; manage internal disciplinary actions, grievances, and terminations. 
Where necessary we may issue a supplemental notice in respect of some of the above activities giving further information on how your data is processed.

Personal data categories: Personal data as relevant for the specific legal action, regulatory investigation, and/or legal processes in question

Legal basis: Legitimate interests, such as responding to customer and employee concerns.
Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records and relating to our obligations to conduct investigations.

*For more information on our legal obligations and ** on disclosure of personal data in connection with a sale or business transaction, please see section 4.2 ‘Other Disclosures for legal reasons or on restructuring’ below.

4 How we share your personal data

Your personal data will be processed only by authorized Nokia employees who have been trained to carry out this task. For distributing our products, managing our supply chains and carrying out other business activities, we also work with certain third parties who may also process your personal data. Those third parties and the purposes for which we share personal data with them are set out below:

4.1 Disclosures to third parties

Our affiliates Affiliates | Nokia

All purposes described in this Privacy Notice.

4.2 Disclosures for legal reasons or on restructuring

We also disclose your personal data as necessary or appropriate, in particular, when we have a legal obligation or legitimate interest to do so, as set out in further detail below.

To comply with applicable law and regulations

This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your personal data, including:

Civil and commercial matters: for example, where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
Criminal matters: for example, to comply with requests and orders from EU and EU Member State law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.

Consumer matters: for example, to comply with requests from competent authorities under EU or EU Member State consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States.

Corporate and taxation matters: for example, to comply with our obligations under applicable EU Member State corporate and tax legislation, such as where a national tax law of an EU Member State requires collection of specific transactional personal data for tax purposes.

Regulatory matters: for example, to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our company.  These can include authorities outside of your country of residence.

Compliance and internal investigations: for example, to comply with whistleblowing requirements under EU Whistleblower Directive  2019/1937 and its implementing laws in EU Member States.

Health and safety regulations: for example, to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.

5 Cookies and similar technologies

We may collect personal data through the use of cookies and similar technologies. Please see our Cookies and Similar Technologies Policy for more information on how we use cookies and how you can manage your choices.

6 Your choices and rights over your data

6.1 Your choices regarding our use and disclosure of your personal data for direct marketing purposes

We give you choices regarding our use and disclosure of your personal data for marketing purposes. You may opt out from: 

  • Receiving marketing-related emails, mobile messages or direct message via social media from us. If you no longer want to receive marketing related messages from us on a going-forward basis, you may opt out by using the links provided to you in the relevant direct marketing messages you have received, or by contacting us in accordance with the “Contacting Us” section below. Please note that important administrative messages may still be sent to you even if you opt-out from marketing and other communications from Nokia.  
  • Our sharing of your personal data with affiliates for their direct marketing purposes. If you would prefer that we discontinue sharing your personal data on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing by contacting us in accordance with the “Contacting Us” section below.  
  • Our sharing of your personal data with unaffiliated third parties for their direct marketing purposes. We obtain your prior consent to sharing your personal data in this way. If you would prefer that we discontinue sharing your personal data on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by contacting us in accordance with the “Contacting Us” section below. You should contact the relevant third party directly to exercise your rights to opt out from their marketing messages.

We will try to comply with your request(s) as soon as reasonably practicable.  Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.    

6.2 Your additional rights over your data and how to exercise them

If you would like to request to access, correct, update, suppress, restrict, or delete personal data, object to or opt out of the processing of personal data, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your personal data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contacting Us” section below.  We will respond to your request consistent with applicable law.  

In your request, please make clear what personal data you would like to have changed or whether you would like to have your personal data suppressed from our database.  For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.  We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be capable of removal. 

For information on how to manage your rights in respect of cookies and similar technologies please follow the instructions in How do I manage Cookies and Similar Technologies (section 3)

You may lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs, or with the UK Information Commissioner's Office (where you are based or where an alleged infringement of applicable data protection law took place in the United Kingdom). A list of EU/ EEA data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. Details for the UK Information Commissioner's Office are available online at https://ico.org.uk/make-a-complaint/.

7 How we keep data secure

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

8 How long we keep your data

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. 

The criteria used to determine our retention periods are set out in our retention policy and will vary depending on such factors as (i) the length of time we have an ongoing relationship with you and provide goods or services to you (for example, for as long as you have an account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to enforcement of our contractual terms, applicable statutes of limitations, litigation or regulatory investigations).

Retention Periods based on legal obligations

Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain personal data, even after your account has been deleted and/or we no longer provide goods or services to you. Some examples are described below.

  • To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your account, we will preserve personal data subject to such order or warrant after you delete your account.
  • To comply with legal provisions on tax and accounting: We may retain your personal data, such as Financial Data and Relationship History after you delete your account, as required by local tax law and to comply with bookkeeping requirements. 
  • To pursue or defend a legal action: We may retain relevant personal data in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your personal data, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for the amount of time appropriate to local limitation periods after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.
     

Anonymization of data

In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. By way of example, anonymization techniques may include removing direct identifiers from a dataset or replacing point coordinates in geo-referenced data with non-disclosing features or variables, or other recognized techniques appropriate to the data in question.

9 Third-party services

This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third-party operating any website or service to which our products or services link.  The inclusion of a link via any of our services does not imply endorsement of the linked site or service by us or by our affiliates.

10 Children

Where Nokia organizes events or initiatives specifically for children, for example, educational events, we will inform you how we will use the child’s personal data in a supplemental notice. Otherwise, we do not knowingly collect personal data from individuals under 16 for the purposes outlined in this Privacy Notice.

11 International data transfers

Nokia is a global company that has affiliates ( Affiliates | Nokia ), business processes, management structures and technical systems that cross national borders. This means your personal data may be stored and processed in countries where we operate, where we have customers, or in which we engage service providers or other authorized parties , and by engaging with us you understand that your personal data will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data. 

Nokia takes steps to make transfers with appropriate safeguards recognized by applicable laws. Generally international transfers will be safeguarded in accordance with relevant international laws. Where this will involve transferring your personal data outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Adequacy Decisions: Some non-EEA countries are recognized under the UK GDPR and/or by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here  European Commission Adequacy list of countries and here UK ICO List Adequacy List of Countries

Standard Contractual Clauses: For transfers of personal data from the UK and/or EEA to countries outside the UK/and or EEA which are not considered adequate under the UK GDPR and/or by the European Commission, we have put in place appropriate measures to protect your personal data. For example, we use standard contractual clauses adopted under the UK GDPR and/or by the European Commission. You may obtain a copy of these measures by contacting us in accordance with the “Contacting Us” section below. 

Derogations for specific situations. Transfers may occasionally be made based on a specific derogation, for example, where you have given consent, for reasons of public interest, in connection with the establishment or defense of legal claims, or to protect the vital interests of an individual.

12 Updates to this Notice

The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised.  Any changes will become effective when we post the revised Privacy Notice.

13 Contact Us

If you are using a Nokia product or service, Nokia Corporation of Karakaari 7, 02610 Espoo, Finland is the controller of your personal data.

In addition, the Nokia affiliate providing the product or service may be a controller of your personal data. You may find the identity of the controller and contact details by reviewing the terms and conditions of such a product or service or by using contact information provided in the applicable Nokia websites where such products or services are offered.

If you have any questions about this Privacy Notice, please contact us via our Nokia Privacy Request Form.

You may also contact our Group Data Protection Officer at:

Nokia Corporation c/o Privacy
Karakaari 7
P.O. Box 226
FI-00045 Nokia Group
Finland
group.dpo@nokia.com