Skip to main content
We need a better phone for our mental health. Learn more about The Better Phone Project and join our discussion "Attention and finding balance"

Online Stores, Websites and Newsletter Supplement

Effective April 17, 2023

This statement supplements HMD Global Privacy Policy for products and services.

When you purchase our products or services or engage in other transactions with us, we process your purchase and transaction data to provide you with our products and services. When you access our services online, our web servers automatically create records of your visit. We also use cookies on our websites, which is described in our Cookie Policy. We use the collected online identifiers as well as your purchase and transaction data for personalizing, marketing, and developing our products and services.

You can subscribe to our marketing newsletter from our website. In case you subscribe to our newsletter, we will process your data to provide you with the latest news concerning our products and services. Additionally, some of our applications and services allow you to subscribe to push notifications which promote HMD and third-party content.

When you make orders on our electronic commerce platforms, we process your data for fraud detection purposes. If we cannot verify the authenticity of your transaction, we are not able to enter into a contract with you to provide you with our products and services. Your personal data is disclosed to fraud detection service provider which confirms us the authenticity of the transaction and that you are not subject to sanctions.

Online stores and websites

Why are we processing your data?

1. Providing our products and services

To provide you with our products and services we need to process your personal data, for example, for the payment and delivery of your purchase and to send you transactional emails.

What data are we processing?

  • Purchase and transaction data: name, contact details, records of purchases and downloads, your requests, the services and products provided to you, payment and delivery details, and your other interactions with us.
    • What is the basis for processing data? Contract between us.

2. Marketing and targeted advertising

Collected data allows us to customize our offering and to have more relevant and meaningful content and ads on our websites.

What data are we processing?

  • Purchase and transaction data: name, contact details, and records of purchases.
    • What is the basis for processing data? Your consent. Please see our Cookie Policy for further details.
  • Cookies: Please see our Cookie Policy.
    • What is the basis for processing data? Your consent. Please see our Cookie Policy for further details.

3. Development of our products and services

We analyze data to understand our customers better and to improve our products and services.

What data are we processing?

  • Purchase and transaction data: name, contact details, and records of purchases.
    • What is the basis for processing data? Our legitimate interest of developing our products and services.
  • Online identifiers: e.g., IP address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser and application type, and language.
    • What is the basis for processing data? Our legitimate interest of developing our products and services.

Newsletter and push notifications

Why are we processing your data?

1. Personalization and marketing

We customize our newsletter and push notifications to provide more relevant and meaningful communication with you. We inform you about the latest news concerning our products and services.

What data are we processing?

  • Marketing data: name, email address, device details, locale, dates added and modified, and reporting on email deliveries.
    • What is the basis for processing data? Your consent. You can withdraw your consent for marketing by using the unsubscribe link at the bottom of the newsletter or from the application’s and device’s settings.

Fraud detection and sanctions screening

Why are we processing your data?

1. Preventing fraud

When you purchase devices from us, we verify the authenticity of the transaction to prevent frauds.

What data are we processing?

  • Basic information: Name, and address.
    • What is the basis for processing? Contract between us.
  • Order details: Purchased products, billing address, delivery address, and credit card holder name.
    • What is the basis for processing? Contract between us.

2. Sanctions screening

Before you enter into an agreement with us, we need to verify that you are not subject to sanctions.

What data are we processing?

  • Basic information: Name, and address.
    • What is the basis for processing? Legal requirement to comply with sanctions.

How long is the data retained?

Purchase and transaction data are retained for 6 years after the purchase or subscription start date or 1 year after the end of the subscription, whichever is the latest.

For cookies, please see Cookie retention times in our Cookie Policy.

Email addresses are deleted within 30 days after the mailing list has been unsubscribed.

Online identifiers are retained for 1 month.

Basic information and order details for fraud detection and sanctions screening are retained for the duration of entering into an agreement with HMD to purchase a device or for the duration of rejecting the purchase.

Do we transfer personal data?

What personal data is transferred?

1. Purchase and transaction data

Who are the recipients of the personal data and where are they located?

  • Transactional data system provider in the EU/EEA.
    • What are the transfer safeguards? Data in the EU/EEA, Standard Contractual Clauses for their non-EU/EEA subcontractors.
  • Cloud platform in the EU/EEA.
    • What are the transfer safeguards? Data in the EU/EEA.
  • Electronic commerce platform providers in the EU/EEA and the United States.
    • What are the transfer safeguards? Standard Contractual Clauses of European Commission for non-EU/EEA service providers.
  • Payment service providers in the EU/EEA, the United States and India.
    • What are the transfer safeguards? Standard Contractual Clauses of European Commission for non-EU/EEA service providers.
  • IT & consultancy service providers in the EU/EEA and India.
    • What are the transfer safeguards? Standard Contractual Clauses of European Commission for non-EU/EEA service providers.
  • Transactional messaging services in the United States.
    • What are the transfer safeguards? Standard Contractual Clauses of European Commission

2. Marketing data

Who are the recipients of the personal data and where are they located?

  • Push notification service providers in the United States.
    • What are the transfer safeguards? Standard Contractual Clauses of European Commission.
  • Mailing service providers in the United States.
    • What are the transfer safeguards? Standard Contractual Clauses of European Commission.

3. Cookies

Who are the recipients of the personal data and where are they located?

  • For 3rd party cookie providers, please see our Cookie Policy.
    • What are the transfer safeguards? Standard Contractual Clauses of European Commission for non-EU/EEA service providers when cookies contain personal data. Anonymisation when cookies do not contain personal data.

4. Basic information and order details

Who are the recipients of the personal data and where are they located?

  • Fraud detection and sanctions screening service providers in the EU/EEA and in the United States.
    • What are the transfer safeguards? Data in the EU/EEA for European service providers. Data remains in the country in question for non-EU/EEA service providers.

You can find previous versions of this document here: