We care about your privacy

HMD Global Oy ('HMD') is committed to respecting your privacy and to complying with applicable data protection and privacy laws. This privacy policy ('Policy') describes how we collect and use personal data where HMD is the data controller or where we refer to the applicability of this Policy. 'Personal data' means information relating to you or another identifiable individual.

We will give you additional privacy information that is specific to a product or service in the Supplements to this Policy and other notices you may see while using our products or services. If there is a difference between such Supplements or notices and this Policy, the Supplements and notices should be considered first.

Please take a moment to familiarise yourself with our Policy and let us know if you have any questions.

What information do we collect?

Information you provide us. When you make a purchase, use or register our products and services, create an account, take part in campaigns or programmes and otherwise interact with us, we collect information such as your name, email address, phone number, street address, age, language, user names and passwords, feedback, information relating to your devices and payments. This includes, for example, data concerning the activation of your device, positioning and location data, data collected in connection with user experience and developer programmes, data needed for account creation, information relating to your communications and interactions, purchase and other transaction data, credit data as well as online identifiers from our websites and online services. We also maintain records of your consents, preferences and settings relating to, for example, location data, marketing and sharing of personal data.

We process various technical details and identifiers such as IMEIs, MACs, S/Ns and UUIDs etc. which are not considered personal data unless a person can be identified by HMD based on the data by means reasonably likely to be used.

Information we receive from third-party sources. We receive certain information from third-party social network services, for example, when you log in to your account by using your social network account login details. See our My Account Supplement for more information.

Why do we process personal data?

We process your personal data for the following purposes. One or more purposes may apply simultaneously.

• Providing our products and services. We process your personal data to provide you with our products and services and to ensure their functionality and security. For example, we collect your name, address and payment information to process and deliver your purchases and use device activation data to measure your device warranty and to provide you with the related customer support services. For more information about device activation, see our Phones and Tablets Supplement.
• Providing customer service. We provide you with easy access to our online services and personal data associated with your profile and device via your My Account. To create the account, we collect personal data from you. We also use your personal data to provide customer service and support via our HMD Support. See our HMD Support Supplement for more information.
• Communicating with you. We use your personal data to communicate with you, for example, to notify you about software updates, service changes or to send you critical alerts and other such notices relating to our products and/or services and to contact you for customer support-related purposes. For more information about how we use your personal data to provide you with our customer support services, see our HMD Support Supplement.
• Developing products and services. We utilise personal data to develop our products, services, customer support, sales and marketing. For example, you can join our User Experience Programme and help us to improve the quality and performance of our products and services. For more information about how we use your personal data to develop our products and services, see, for example, our User Experience Programme Supplement. We also combine personal data collected in connection with your use of a particular HMD product and/or service with other personal data we have about you to develop our products and services.
• Personalising our services and products. We use your personal data to personalise our products and services that you are using and to provide you with more relevant services that match with your profile and interest, for example, to make recommendations and to display customised content in our services.
• Marketing and targeted advertising. We process your contact details, such as your name and email address, to inform you about our new products, services or promotions we may offer and to conduct market research. We use your personal data, such as your My Account data, to provide you with more relevant services that match with your profile and interests, for example, to make recommendations on accessories. This may include displaying HMD and third-party content.
• Automated decision-making concerning credit decisions. When you wish to subscribe to HMD’s products, your creditworthiness may be verified by an independent service provider to determine if the credit can be granted. The credit check process requires that your personal data is combined with the service provider’s data, and HMD uses the data to determine if a subscription may be accepted. HMD verifies that you are known at the given address, have a credit score which is accepted by HMD and that you are not on known sanction lists. Credit decisions are made automatically to ensure fast and accurate decisions without human error, and automated processing is less intrusive than processing with human intervention. The logic of automated decision-making, the sources of data and your right to contest the decision and to request human intervention have been described further in the Credit Score Check Supplement. Your credit score is determined based on your consent.
• Preventing fraud, misuse and legal claims. We process your device activation and location data also to prevent fraud, misuses and legal claims. See our Phones and Tablets Supplement for more information. We also verify transactions to prevent fraud as described in our Online Stores, Websites and Newsletter Supplement.
• Complying with legal obligations. Occasionally we may need to process your personal data to comply with legal obligations to which HMD is subject. We only process your personal data which is necessary for complying with such a requirement. HMD may have, for example, a legal obligation to disclose your personal data to the authorities when requested. We also screen sanctions lists prior to entering into an agreement with you to comply with legal requirements.

What are the bases for this processing?

We process your personal data only when it is lawful to do so. The processing is based on the following legal grounds:

Contract. Processing of your personal data is necessary for the performance of a contract between you and HMD. We use your personal data to provide you with our products and services and to ensure their functionality and security. If you do not provide us with the necessary information, it may mean that we are not able to provide the product or service to you. Contract is the basis for the processing, for example, when

• we collect necessary personal data to process the payment and deliver your purchases as well as to authenticate transactions;
• you activate your device electronically and your device and application type, as well as unique device, application, network and subscription identifiers are sent to HMD;
• we communicate with you, for example, to notify you about software updates, to send you critical alerts and other important notices relating to our products and/or services and to contact you for customer support-related purposes; and
• you sign up for a My Account to manage your profile.

Legitimate interest. We process personal data when it is necessary for the purposes of legitimate interests pursued by HMD. Legitimate interest refers to an interest which is lawful and important for HMD. In processing activities based on legitimate interest, your rights are taken into account and balanced with the interests of HMD. You may obtain more information on the balancing tests by contacting us. You have the right to object to processing based on legitimate interest. Read more about your rights and how to contact us in the section, 'What are your rights?'. Legitimate interest is the basis for the processing, for example, when

• we contact you to inform you of new similar products or services that you have previously obtained from us;
• we personalise our offering to provide you with more relevant services that match with your profile and interests, for example, to make recommendations and to display customised content in our services. This may include displaying third-party content;
• we analyse information on your interests, buying behaviour and feedback to develop our business operations, products and services; and
• we process personal data to prevent and investigate fraud, money-laundering, terrorist financing and other misuses and defend HMD's legitimate interests, for example, in civil or criminal legal proceedings.

Consent. Processing of your personal data can be based on your consent. In these situations, we ask for your consent before your personal data is processed. Giving consent is always voluntary and you have the possibility to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal. We maintain records of your consents, preferences and settings relating to, for example, marketing, location data and sharing of personal data. Consent is the basis for the processing in the following situations.

• You participate in the User Experience Programme and we collect details of how you use a particular HMD product and/or service to improve it. You can withdraw your consent in your device's settings. For more information, please see our User Experience Programme Supplement.
• You subscribe to our mailing list to hear about new products, services and promotions. You can withdraw your consent for marketing by using the unsubscribe link at the bottom of the newsletter.
• Use of HMD products and services may involve use of location data based on your consent. You can withdraw your consent for the processing of location data in your device's or application's settings.
• When you agree to it, we can process your personal data for marketing purposes and share data with our marketing partners. We also personalise our offering to provide you with more relevant services that match with your profile and interests, for example, to make recommendations and to display customised content in our newsletter. This may include displaying third-party content.
• In case you want to subscribe to our products, we determine your credit score based on your consent. For more information, please see our Credit Score Check Supplement.

Legal obligation. HMD may need to process your personal data to comply with legal requirements to which HMD is subject. HMD may have, for example, a legal obligation to disclose your personal data to the authorities when requested, and to screen sanctions.

Do we share personal data?

We do not sell, lease or rent your personal data to third parties. We share your information internally within our company, but only to those who need it to provide you with the products and services or to respond to your requests. Further, we share your personal data with service providers and third parties in the following situations, and only to the extent necessary for the purposes described in this Policy.

HMD service providers and authorised third parties. We share your personal data with our service providers which we have carefully selected to supply services for us or on our behalf, such as companies that help us with repairs, customer service and support, electronic commerce, data storing, managing and analysing customer data, and conducting research, advertising or billing through your network service provider or otherwise. These service providers are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.

We can also disclose your personal data with our business partners with whom we work to provide you with the products and services that you have purchased or requested. The partners we have partnered up with include payment service providers to allow electronic payment methods, online financial service providers to offer financing for your purchases, service providers to help us with credit check and fraud detection, logistics service providers to provide smooth delivery and return of your purchases and social network services for account login. These business partners process your personal data for their own purposes and according to their own terms and privacy policies, which we recommend you to check carefully. For example, in order to offer you Klarna’s payment methods, we pass your contact and order details to Klarna at checkout, in order for Klarna to assess whether you qualify for their payment methods, and to tailor those payment methods for you. In such case, your personal data is transferred and processed in line with Klarna’s own privacy notice.

Marketing. We may share your personal data with our marketing partners, for example to manage marketing campaigns. We may conduct joint marketing and other communications with our partners. Our marketing partners are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.

International transfers of personal data. The main location of the data is in the EU/EEA and the data is hosted on cloud platforms. Due to service performance and localisation requirements, providing our products and services requires also using resources and servers located in various countries and regions around the world, including the European Union, United States of America, Singapore and China. Therefore, your personal data may be transferred across international borders outside the country where you use our products and services, including to countries outside the European Economic Area (EEA) that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases, we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, especially by using the European Commission’s Standard Contractual Clauses of 2021, and by requiring the use of other appropriate technical and organisational information security measures. You may obtain more information on the transfer safeguards by checking the relevant Supplement or by contacting us.

Mandatory disclosures. We may be obligated by mandatory law to disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where we or third parties acting on our behalf operate. We may also disclose and otherwise process your personal data in accordance with applicable law to defend HMD’s legitimate interests, for example, in civil or criminal legal proceedings.

Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganise our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.

How do we address the privacy of children?

HMD products and services are typically intended for general audiences. We acknowledge that our customers may include children. We hope that guardians will discuss the processing of personal data with their children. In case you have any questions concerning the way children’s personal data is processed within HMD’s services or products, we are happy to provide additional information and answer any questions.

What steps are taken to safeguard personal data?

Privacy and security are key considerations in the creation and delivery of our products and services. We have assigned specific responsibilities to address privacy and security-related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. Also, we limit access to our databases containing personal data to authorised persons having a justified need to access such information.

How do we use cookies?

HMD uses cookies and other similar technologies to operate and improve our websites and offering. We also use cookies for personalisation and to display ads. Some HMD websites use third-party advertising technologies to serve ads.

Our domains may include third-party elements that set cookies on behalf of a third party, for example relating to a third-party social network. For more information on how we use cookies, see our Cookie Policy.

How long is the data retained?

We take reasonable steps to keep the personal data we possess accurate and to delete or de-identify unnecessary personal data.

Retention periods vary depending on the type of data and the service or product in question. The retention time of your personal data is determined in accordance with the following criteria:

Personal data may be retained for longer than indicated above in a singular case when it is actively processed for a compelling purpose, such as legal claims. In such cases, the personal data is disposed as soon as it is no longer needed for the specific purpose.

What are your rights?

You have a right to know what personal data we hold about you as specified below. You have a right to have incomplete, incorrect or outdated personal data completed or updated. In certain cases, you have a right to erasure, restriction or data portability, or to object to processing of your personal data. You also have a right to withdraw your consent at any time. You may exercise your rights by managing your account and choices through available profile management tools on your device and our services, or by contacting us. In some cases, especially if you wish us to delete or stop processing your personal data, this may also mean that we may not be able to continue to provide the services to you.

• Right of access. You have the right to know what personal data we hold about you or to receive a confirmation that we are not processing data concerning you. You can access your data through your account's settings. You can also request access to your data by using the contact details below.
• Right to rectification. You have the right to have incomplete or incorrect personal data rectified. You can correct and update your data through your account's settings and we encourage you to do this from time to time to ensure that your personal data is up to date. You can also request the rectification or completion of your data by using the contact details below.
• Right to withdraw consent. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal. You can withdraw your consent in your device’s or application’s settings and for marketing newsletters by using the unsubscribe link at the bottom of the newsletter.
• Right to be forgotten. You have the right to have your personal data erased in certain situations, for example, when the processing of your data is no longer necessary for the purposes for which it was collected, or if the processing is based on your consent and you want to withdraw your consent and there are no other bases for processing. Please note that the data can be necessary to perform the contract between you and HMD, or HMD can have compelling legitimate grounds to retain certain data. If you want to delete such information, it means that we may not be able to continue to provide the services to you. You can erase your data via your account's settings or by using the contact details below.
• Right to object. When the processing of your personal data is based on a legitimate interest, you have the right to object to such processing. You can request that we stop processing your personal data for direct marketing or profiling purposes. You can unsubscribe from our newsletter by clicking on the unsubscribe link at the bottom of our newsletters. Critical alerts and other important notices may still be sent to you. You can use your right to object via your account's settings or by using the contact details below.
• Right to restriction of processing. In certain situations, you may have the right to restrict the processing of your data. When the processing has been restricted, your data will only be stored and not processed further. For example, if you contest the accuracy of your data, you have the right to have the contested data under a restriction of processing while it is ensured that your data is accurate. You can use your right to restrict the processing by using the contact details below.
• Right to data portability. When processing is carried out by automated means and based on a contract or consent, you have the right to obtain the data you have provided to HMD in a machine-readable format so that you can transfer it to another controller. This can be executed through your account's settings or by using the contact details below.
• Rights related to automated decision-making. In case a decision concerning you is based solely on automated processing and potentially produces legal effects or similarly significant effects on you, you have always the right to obtain human intervention on the decision-making process, express your point of view and to contest the decision. You can execute these rights by contacting our customer support.

If you cannot use your rights directly through the HMD products and services you use, you can contact us via

• My Account portal: https://www.hmd.com/account
• Customer support: https://www.hmd.com/support
• Support application in your phone or tablet
• Mail: HMD Global Oy, c/o Privacy, Bertel Jungin aukio 9, 02600 Espoo, Finland

You may request information on the details of transfers to the third parties, third countries and safeguards mentioned above by contacting us. If you believe that HMD, regardless of the principles set out in the Privacy Policy and relevant Supplements, has infringed upon your rights according to applicable data protection law, you have the right to file a complaint with the data protection authority.

Who is the controller of your personal data?

HMD Global Oy is the controller of your personal data when the personal data is processed in connection with our products and services. Our Data Protection Officer is Jari Koljonen.

In matters pertaining to HMD’s privacy practices, you may also contact us at:

HMD Global Oy, c/o Privacy, Bertel Jungin aukio 9, 02600 Espoo, Finland

Our products or services may contain links to other companies’ websites and services that have privacy policies of their own. All links to such websites and services are provided for your convenience only. Before submitting your personal data to third parties, HMD recommends taking a moment to familiarise yourself with these third-party privacy policies.

Changes to this Privacy Policy

HMD may from time to time update this Policy to reflect changes in our personal data processing practices with respect to our products and services, or applicable law. We will also indicate when this Policy was last updated at the top of this Policy. We seek to inform you personally of all significant changes to this policy by email or by other notification mechanisms.