We care about your privacy

We, HMD Global Oy, including our affiliates (herein after referred to as “HMD”), are committed to respect your privacy and to comply with applicable data protection and privacy laws. This Privacy Notice (“Notice”) applies to personal data that is processed in the context of HMD’s business to business (B2B) activities. In this context, HMD processes personal data concerning its corporate clients, potential corporate clients, vendors, subcontractors and other stakeholders.

“Personal data” refers to any information relating to an identified or identifiable natural person.

“Processing” refers to any operation or set of operations which is performed on personal data.

“Controller” refers to the body which alone or jointly with others determines the purposes and means of processing of personal data, i.e. decides about the processing activities.

What information do we collect?

We collect personal data directly from you when you contact us, meet us personally or otherwise interact with us. The collected personal data includes, for example:

• name
• email address
• phone number
• your contact preferences
• your stance towards our offering
• background information

Why do we process personal data?

We process your personal data to enter into and execute agreements, to provide and market our services and products, to communicate with you and to develop our business.

We process personal data when it is necessary for the preparation and execution of agreements. Please note that without your personal data we may not be able to enter into an agreement or provide you with our products and services.

We also process personal data in connection with other commonly agreed testing and supply arrangements relating to our products and services based on our legitimate interest to market our products and services and grow our professional network. In addition, we process personal data to develop our business operations and offering. When a legitimate interest is regarded as the basis for the processing, we have conducted a balancing test to ensure that your rights are taken into account. You can object to such processing and request more information about the balancing test by using the contact details below.

Processing of your personal data can be based on your consent, for example, if you order our newsletter. In these situations, we ask your consent before your personal data is processed. Giving a consent is always voluntary and you have the possibility to withdraw your consent at any time. A withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal. You can withdraw your consent by clicking unsubscribe link at the bottom of the newsletter or by contacting us by using the contact details provided below.

Where necessary, we also process personal data to comply with the legal requirements to which HMD is subject to. HMD can have, for example, a legal obligation to disclose your personal data to the authorities when requested.

Do we share personal data?

Your personal data is processed within HMD entities. We do not disclose or otherwise transfer your personal data unless otherwise stated below.

• Service providers. We obtain assistance and use service providers, such as CRM tool providers, in processing personal data for the purposes described in this Notice. Service providers are required to process personal data only in accordance with the applicable laws and HMD’s instructions.
• International transfers of personal data. Running our business involves using resources and servers located in various countries around the world. Therefore, your personal data can be transferred across international borders, including to countries outside the EU or EEA that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases, adequate protection for your personal data is provided as required by applicable law, for example, by using standard data protection clauses and by requiring the use of other appropriate technical and organisational information security measures. You may request information on the details of transfers to third countries and safeguards by using the contact details below.
• Mandatory disclosures and legal proceedings. We can be obligated by mandatory law to disclose your personal data to certain authorities or other third parties to comply with our legal obligations. We may also need to disclose and otherwise process your personal data in accordance with applicable law to defend our legitimate interests, for example, in civil or criminal legal proceedings.
• Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganise our businesses in certain countries, this can involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.

How long is the data retained?

We review personal data held in our systems on a periodic basis to ensure that it is not retained longer than it is necessary. Contact details and other information will be deleted within six (6) months after they are no longer needed for the purposes they were collected for (for example, when the role of the person changes in a way that s(he) is no longer representing the organization of which contact person s(he) was).

What steps are taken to safeguard personal data?

We are committed to ensure that your personal data is secure. To prevent unauthorised access or disclosure we implement technical, physical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss or alteration, and unauthorized disclosure, or access.

We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our data bases containing personal data to authorised persons having a justified need to access such information. We have implemented appropriate access control measures to ensure that personal data can only be accessed by those who need to process it by virtue of their tasks.

What are your rights?

• Right of access. You have a right to know what personal data we hold about you or to receive a confirmation that we do not process data concerning you.
• Right to rectification. You have a right to have incomplete or incorrect personal data rectified. This means that if there are errors in the data concerning you, or if it is inaccurate or deficient, you have the right to ask HMD to rectify or complete that data.
• Right to erasure (‘Right to be forgotten’). You have the right to have your personal data erased in certain situations, for example, when the processing of your data is no longer necessary for the purposes for which it was collected. Please note that the data can be necessary to perform the contract between you and HMD, or HMD can have compelling legitimate grounds to retain certain data.
• Right to object. When the processing of your personal data is based on legitimate interest, you have a right to object to such processing on grounds relating to your particular situation. You have always a right to object to direct marketing.
• Right to restriction of processing. In certain situations you might have a right to restrict the processing of your personal data. When the processing has been restricted, your data will only be stored and not processed further. For example, if you contest the accuracy of your data, you have the right to have the contested data under a restriction of processing during the time when it is ensured that the data is accurate.
• Right to data portability. When the processing of your personal data is based on a contract or consent and carried out by automated means, you have a right to obtain the data you have provided to HMD in a machine-readable format so that you can transfer it to another controller.

You can exercise your rights by contacting us via the contact details provided below.

If you believe that HMD, regardless of the principles set out in this Notice, infringed upon your rights according to applicable data protection law, you have a right to lodge a complaint with the data protection authority.

Who is the controller of your personal data?

The controller of your personal data is HMD Global Oy, Bertel Jungin aukio 9, 02600 Espoo, Finland. Our Data Protection Officer is Jari Koljonen.

In case you want to use your data protection rights or you have any questions concerning the processing of your personal data, please contact us via

• Customer support: www.hmd.com/support
• Mail: HMD Global Oy, c/o Privacy, Bertel Jungin aukio 9, 02600 Espoo, Finland

Changes to this Notice

We update and modify this Notice from time to time, should it become necessary to do so. Changes to this document can be seen behind the link in the heading: “Look what has been changed”. For data processing that is specific to products or services of HMD, see our Privacy Policy.