Privacy notice
1 Introduction
LAST UPDATED September 2024
Nokia Federal Solutions (from now on “Nokia” or “we”) want you to be familiar with how we collect, use and disclose personal data.
This Privacy Notice describes how we process personal data from individuals who are not employed by us but who we engage with through our customers, subcontractors, contractors, service providers, suppliers, professional and business partners (including universities and research institutions), investors, resellers, governmental and lobbying relations, visitors to our website and other relevant stakeholders.
“Personal data” is information that identifies an individual or relates to an identifiable individual.
For more information regarding personal data collected and processed by Nokia licensed products and/or services please see our Licensed Products notice.
You are not required to provide personal data to Nokia. If you choose not to provide your personal data to Nokia, we may not be able to provide you with either our products or services or all of their functionalities and/or to respond to queries you may have.
We may provide supplements to this notice with additional and/or updated privacy information regarding our privacy practices that are specific to a product or service or jurisdiction, namely our Supplement for California residents.
2 Personal data we collect
We collect the following categories of personal data as further described in this notice:
Category of Data |
Examples |
|---|---|
Identity data |
First name, last name, title. |
Contact data |
Home address, email address and phone number. |
Role Based data |
Job title, business name, business address, business phone, business email, length of employment. |
Professional history |
CV, employment history, educational details and qualifications, background checks and assessments. |
Access data |
User credentials for access to online services and platforms, IDs and passwords, log traffic and location data, and other technical information. |
Marketing and communications data |
Your choices regarding our marketing and promotional communications, language, interests, participation in promotions or surveys, responses to promotional communications displayed or provided to you, and preferred methods of receiving such promotional communications, recordings of telephone calls with customer service and other representatives, and other feedback/preferences that you might express during the course of the business relationship . |
Usage data |
Details of access to online services and platforms, network sessions, and data about your use of our equipment, electronic communications systems, and property, such as computers, mobile devices, email, internet, telephone and voicemail. |
Relationship history |
Details of transactions, sales, purchases, uses, your communications with us, your account with us, details of any gifts, travel and hospitality, details of your claims, complaints and queries in general. |
User generated content |
Electronic content produced by your use of our systems, including training records, online interactive and voice communications, such as blog, chat, webcam use and network sessions, reviews about our products and services, and other content you may create or share, including posts on our social media pages, blogs, and comment sections. |
Device data |
When you access our services online, our web servers automatically create records of your visit. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language, and other such information. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile subscription number, may be transmitted to Nokia by the telecommunications operator as a standard part of that communication. This includes data obtained through cookies and similar technologies as described in Cookies and beyond | Nokia. |
2.1 Sensitive Data
In limited circumstances we may process sensitive personal data, such as criminal records data, to enable Nokia to carry out background checks on individuals, either with your consent or where necessary to comply with a legal obligation, such as ensuring the health and safety of individuals through the provision of a safe working environment.
Unless we request it, we ask that you do not provide or disclose any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership).
3 How we use personal data
We use your personal data for legitimate business purposes as described in the overview below. Please select the section that best reflects the nature of your interaction with us.
- Examples of processing activities: Deliver our products and services to customers; manage communications regarding products, projects and services; provide and improve our customer service; respond to queries, handle complaints and grievances; request your feedback, for example, by completing a survey, about our products, services or events; review and act on that feedback; and facilitate communications generally in the context of our business activities.
- Personal data categories: Identity Data and Contact Data; Role Based Data; Access Data; Marketing and Communications Data; Usage Data; Relationship History; User Generated Content; Visitor and Event Data.
- Legal basis: Legitimate interests, such as responding to inquiries, complaints and concerns and the performance of our contractual relationship with your employer
- Third-party sources: The Nokia end customer relevant to a specific issue.
Third parties that we work with to obtain customer feedback on our behalf.
- Examples of processing activities: Respond to your enquiries, requests for information and expressions of interest whether in person, for example at an event, or via our website, email or social media; contact you about products and services we feel may be of interest to you; follow up on leads from our third party selling partners, event partners or other lead generation service providers; manage relationships with prospective customers. To do this we may share your contact details with outsourced calling providers;
- Personal data categories: Identity Data and Contact Data; Role Based Data; Marketing and Communications Data; Relationship History; User Generated Content; Visitor and Event Data.
- Legal basis: Legitimate interests when responding to your requests or expressions of interest, where you are an existing customer, or where the law permits in the business to business context.
We rely on consent where required by law, for example, to send electronic marketing, such as emails, SMS or push notifications, or when following up on leads from event partners.
You can manage your receipt of marketing and other non-transactional communications by following the instructions on how to opt out contained in each communication or by contacting us as described below. - Third-party sources: Lead generation service providers. Our selling partners; Our event partners.
- Examples of processing activities: Conduct data analysis, for example, monitor and analyze usage of the website and use data analytics to improve the efficiency; develop our websites; consider ways for enhancing, improving, repairing, maintaining, or modifying our current websites; identify usage trends, for example, understanding which parts of our website are of most interest to users.
- Personal data categories: Usage Data; User Generated Content; Device Data.
- Legal basis: Legitimate interests, such as developing our website and ensuring its functionality.
- Examples of processing activities: Respond to enquiries, requests, comments and complaints about any of our websites; handle any requests to exercise your privacy rights; and keep records of these interactions.
- Personal data categories: Identity Data and Contact Data; Access Data; Usage Data; User Generated Content; Device Data.
- Legal basis: Legitimate interests such as responding to complaints.
- Legal obligations*, such as when you submit a request to access your personal data.
- Examples of processing activities: Aggregate and/or anonymize personal data so that it will no longer be considered personal data for research and statistical purposes.
- Personal data categories: Personal data relevant to the specific business purpose.
- Legal basis: Legitimate interests, such as to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
4 Cookies and similar technologies
We may collect personal data through the use of cookies and similar technologies. Please see our Cookies and similar technologies policy for more information on how we use cookies and how you can manage your choices.
5 Your choices and rights over your data
5.1 Your choices regarding our use and disclosure of your personal data for direct marketing purposes
We give you choices regarding our use and disclosure of your personal data for marketing purposes. You may opt out from:
- Receiving marketing-related emails, mobile messages or direct message via social media from us. If you no longer want to receive marketing related messages from us on a going-forward basis, you may opt out by using the links provided to you in the relevant direct marketing messages you have received, or by contacting us in accordance with the “Contacting Us” section below. Please note that important administrative messages may still be sent to you even if you opt-out from marketing and other communications from Nokia.
- Our sharing of your personal data with affiliates for their direct marketing purposes. If you would prefer that we discontinue sharing your personal data on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing by contacting us in accordance with the “Contacting Us” section below.
- Our sharing of your personal data with unaffiliated third parties for their direct marketing purposes. We obtain your prior consent to sharing your personal data in this way. If you would prefer that we discontinue sharing your personal data on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing by contacting us in accordance with the “Contacting Us” section below. You should contact the relevant third party directly to exercise your rights to opt out from their marketing messages.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.
5.2 Your additional rights over your data and how to exercise them
If you would like to request to access, correct, update, suppress, restrict, or delete personal data, object to or opt out of the processing of personal data, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your personal data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contacting Us” section below. We will respond to your request consistent with applicable law.
In your request, please make clear what personal data you would like to have changed or whether you would like to have your personal data suppressed from our database. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be capable of removal.
For information on how to manage your rights in respect of cookies and similar technologies please follow the instructions in How do I manage Cookies and Similar Technologies (section 3)
You may lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs, or with the UK Information Commissioner's Office (where you are based or where an alleged infringement of applicable data protection law took place in the United Kingdom). A list of EU/ EEA data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. Details for the UK Information Commissioner's Office are available online at https://ico.org.uk/make-a-complaint/.
6 How we keep data secure
We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
7 How long we keep your data
We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
The criteria used to determine our retention periods are set out in our retention policy and will vary depending on such factors as (i) the length of time we have an ongoing relationship with you and provide goods or services to you (for example, for as long as you have an account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to enforcement of our contractual terms, applicable statutes of limitations, litigation or regulatory investigations).
8 Anonymization of data
In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. By way of example, anonymization techniques may include removing direct identifiers from a dataset or replacing point coordinates in geo-referenced data with non-disclosing features or variables, or other recognized techniques appropriate to the data in question
9 Third-party services
This Privacy notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third-party operating any website or service to which our products or services link. The inclusion of a link via any of our services does not imply endorsement of the linked site or service by us or by our affiliates.
10 Updates to this notice
The “LAST UPDATED” legend at the top of this Privacy notice indicates when this Privacy notice was last revised. Any changes will become effective when we post the revised Privacy notice.
11 Contact us
If you have any questions about this Privacy Notice, please contact us via our Nokia Privacy request form.
You may also contact our Group Data Protection Officer at:
Nokia Corporation c/o Privacy
Karakaari 7
P.O. Box 226
FI-00045 Nokia Group
Finland
group.dpo@nokia.com