Kanta.fi website privacy policy

Kanta.fi website privacy policy

This privacy policy applies to the public kanta.fi website. This privacy policy describes how Kela, as controller, processes data about users of the kanta.fi website.

Summary

Kela is responsible for providing and maintaining Kanta Services. Kela is committed to protecting the privacy of website users and its clients. This privacy policy describes how the data collected using cookies on the kanta.fi website are processed, used and stored.

This cookie policy applies to the public kanta.fi website, to the Kanta Ekstranet service for Kanta Services clients, and to the Kanta Services Facebook page.

Cookies are used to collect information about how and when the kanta.fi website is used. The data are used to monitor visitor numbers and visitor behaviour on the website, to gauge how interesting the content is, and to further develop the website according to clients’ needs.

Users of the kanta.fi website cannot be individually identified on the basis of the data collected by Kela, because users’ names, contact information and personal identity number are not collected.

This privacy policy provides answers to the following questions:

  1. How can I contact Kela?
  2. What are cookies and what data are they used to collect?
  3. For what purposes are cookies and the related data used?
  4. For how long are data stored?
  5. How can I change my cookie settings?
  6. What data do Kanta Services collect on social media websites?
  7. How are data on forms processed?
  8. How else can users exercise their rights?
  9. How are data disclosed or transferred?
  10. How are data protected?
  11. What is the process for amending this privacy policy?

1.    Contact information

Kela (Kansaneläkelaitos) - Social Insurance Institution of Finland
PO Box 450, FI-00101 Helsinki or Nordenskiöldinkatu 12, FI-02500 Helsinki
Tel. 020 634 11
www.kela.fi/organizational-structure

In matters concerning the data file, please contact asiakaspalvelu@kanta.fi. In matters concerning the rights of a data subject, please email enquiries to the Kanta Services’ Data Protection Officer at tietosuoja@kanta.fi.

2.    What are cookies and what data are they used to collect?

Like many other online services, the kanta.fi website uses cookies and similar tracking and targeting technologies. Cookies are text files that save information about your visit to the kanta.fi website. Your browser stores the cookies on your device.

On the kanta.fi website, cookies are used to collect information about things such as:

  • how many users visit the website,
  • which terminal devices are used to access the website,
  • the web address from which a user arrives at the website,
  • the individual pages users have accessed.

Cookies and the kanta.fi website servers automatically log page access requests made by users. These requests generally contain the requested page address, the date and time of the request, the IP address of the user’s terminal device and the type and language of the browser used.

These data are in such a format that they cannot be linked to an individual user without additional information. Cookies are not used to collect data such as the user’s name, e-mail address, phone number or home address. Kela cannot identify any individual on the basis of the data collected using cookies. As an example, the visitor monitoring tools delete numbers from users’ IP addresses so that no one can individually identify the users.

Please note, however, that the kanta.fi website may contain links to third-party online services, and Kela is not responsible for their privacy policies.

Kanta.fi cookies and other Kanta Services

Monitoring data collected on the kanta.fi website will not be combined with Kanta Ekstranet login data, MyKanta Pages login data, or any other data processed by Kela in any other context that may individually identify a user.

Users log in to the Kanta Ekstranet using Suomi.fi identifiers. User data are conveyed in an SAML message, which provides maximum security for the user. Identification is SSL-encrypted. The identification service only stores session data, not user data. It is not possible to combine the website cookie data with the identification cookie data. The application server also stores cookies in order to maintain the user’s session. This is a feature of the application server. Kela neither collects nor uses these data in any way.

The MyKanta service collects data on the number of login and logout actions. No personal identification data are collected, nor are any data concerning the user’s actions or pages accessed in MyKanta.

3.    For what purposes are cookies and the related data used?

The following cookies are used on the kanta.fi website:

  • Essential cookies: These cookies are used to ensure that the kanta.fi website functions as it is supposed to.
  • Visitor tracking cookies: Kela uses the Piwik Pro tool for visitor monitoring; this tool uses cookies to compile visitor statistics.

The cookies used on the kanta.fi website are described in detail on the ‘Cookies’ page.

Kela protects the privacy of visitors in many ways within the Piwik Pro tool; for instance, only anonymised data are stored in the service. Since the collected user data are anonymised, they cannot be used as personal data and also cannot be linked to a specific individual, even if linked to data from other sources. Identification is thus irrevocably prevented. For more information, see section 10 of the privacy policy.

Some of the pages of the kanta.fi online service use a chatbot to help the user to find information on the Kanta Services they need more easily. Users interact with the chatbot anonymously. The chatbot does not store any data about the user. The chatbot uses essential cookies only, so no user consent is required.

Kela never uses data collected on the kanta.fi website for automated decision-making, for instance. In other words, the data collected here have no legal impact on users.

Cookies on the kanta.fi website are not used for personal customisation or targeted advertising.

4.    For how long are data stored?

The kanta.fi website uses both session cookies and permanent cookies. Session cookies are automatically deleted when the session is terminated. Permanent cookies remain on your terminal device unless specifically deleted or until they expire.

The retention periods for the data collected on the kanta.fi website using cookies are listed on the ‘Cookies’ page.

Typically, the retention periods for data collected using cookies are:

  • Essential cookies: The essential cookies needed to log in to the Kanta Ekstranet are session cookies, and these are deleted when you close your browser.
  • Visitor tracking cookies: Data collected in the Piwik Pro tool are typically stored for 36 months.

5.    How can I change my cookie settings?

Kanta.fi has a cookie notification through which you can accept or reject all cookies except those that are essential for the service to function. You cannot change cookies that are essential for providing the service that you are requesting.

The cookie notification is displayed in kanta.fi when you have not yet saved your cookie settings. You can change your cookie settings at any time on the ‘Cookies’ page of the kanta.fi website.

6.    What data do Kanta Services collect on social media websites?

There is a Facebook page for Kanta Services. Facebook and Kela are joint controllers of the visitor data for the Facebook page. For further information on personal data processing, please see the Facebook privacy policy.

Kanta Services only processes statistical data on likes and visits to the Facebook page and on the exposure of posts; it is not possible to identify individual users on the basis of this data. Facebook page user data help Kanta Services to understand what kind of content interests visitors. Statistical data can be used to further develop content so as to better serve the target audience.

7.    How are data on forms processed?

There are forms on the Kanta.fi website that may require you to fill in personal data.

Below are explanations of the purpose of each form and of how the responses submitted using these forms are stored.

Contact form

Private individuals can send feedback or ask questions about the Kanta Services using the contact form.
Messages sent using this form are processed by the Kanta Services’ customer service. These messages are not forwarded to health care services, and customer service does not deal with matters regarding personal care or treatment.
Name and address details entered on the contact form are only used for responding to a question or feedback submitted by a customer. The data are collected for one-off use. The data are not used for any other purpose. If the contact leads to a request for action, the stored data will be stored for a maximum of 6 years. The data are retained for the purpose of investigating disruption, for confirming any changes made, and for making entries in the change and disruption logs specified in the Kela information management plan.

Accessibility feedback or request form

The accessibility feedback or request form is for submitting feedback on the accessibility of the kanta.fi website or for submitting an accessibility request. Messages sent using this form are processed by IT customer support. Name and address details entered on the form are only used for responding to a question or feedback submitted by a customer. The data are collected for one-off use. The data are not used for any other purpose. If the contact leads to a change request, the stored data will be stored for a maximum of 6 years. The purpose of data storage is to verify and record changes in accordance with Kela's information management plan.

Ordering brochures, form

Pharmacies, healthcare units and social services units can order the ‘OmaKanta tutuksi’ (Introducing MyKanta) brochure directly from the printers.
Data submitted using this form are forwarded to an external partner. Contact details on this form will only be used for processing and shipping deliveries. The order register entry will automatically be deleted 90 days after the order was received.

8.    How else can users exercise their rights?

In addition to having the right to receive information on how your personal data are processed, under privacy protection legislation you also have the right:

  • to inspect your personal data stored in the service,
  • to correct any errors in your data,
  • to delete your personal data and to be forgotten,
  • to restrict processing of your data,
  • to request the transfer of your data, which is being processed automatically by your consent or by agreement, from one system to another.

Basically, you may only exercise the aforementioned rights if Kela is able to individually identify your data. If you do not submit the required further information for identifying you and data related to you, Kela cannot respond to your request.
You may contact Kela by phone, send a request in writing to the Kela registry or visit a Kela office in person. The contact details can be found in section 1.

If a client finds that their personal data have been processed in breach of the applicable data protection regulations, the client is entitled under Article 77 of the EU’s General Data Protection Regulation and section 21 of the Data Protection Act to lodge a complaint with the competent supervisory authority. In Finland, the supervisory authority is the Data Protection Ombudsman.

9.    How are data disclosed or transferred?

Service providers used by Kela (e.g. a media agency) may have agreement-based restricted access to data collected on the use of the kanta.fi website. Service providers are only allowed to use these data to meet Kela’s needs.

Some partners process website visitor details as controllers, and the processing involved is described in section 3 of this privacy policy.

Kela seeks to ensure through contractual provisions that all its partners and service providers comply with current legislation in processing data.

10.    How are data protected?

Privacy protection and data protection are incorporated into all planning and processing of data at Kela from the ground up. The security and usability of personal data is ensured using appropriate technological and administrative means. Kela processes all personal data in a secure manner and in compliance with the relevant legislation.

Everyone at Kela who processes personal data is bound by a non-disclosure agreement. Personal data may only be accessed on a need-to-know basis and according to the user rights of each employee.

Data collected using cookies are also processed by third-party partners of Kela according to separate agreements. Kela seeks to ensure through contractual provisions that data security is maintained as required in data security legislation.

Visitors’ privacy protection is ensure in the Piwik Pro visitor monitoring tool as follows:

  • Only anonymised data are stored in the service. Since the collected user data are anonymised, they cannot be used as personal data and also cannot be linked to a specific individual, even if linked to data from other sources. Identification is thus irrevocably prevented.
  • Users cannot be identified on the basis of their IP address or their location. What is known as ‘browser and device fingerprinting’ identification is also disabled.
  • The final two segments of the user’s IP address are deleted, and location data are thus only analysed on a general level.
  • Cookies generated by Piwik Pro are stored in the Kela domain and on a Kela server. The data are stored in a system maintained by Kela partner Fujitsu.

11.    What is the process for amending this privacy policy?

Kela may make amendments to this cookie policy from time to time if warranted because of changes in the purpose for which the data are processed, or because of changes in authorities’ recommendations or legislation. Any such amendments will be announced on the kanta.fi website.

This privacy policy was updated on 24 March 2023 with the introduction of a cookie notification on the kanta.fi website, allowing users to specify cookie settings.

Last updated 20.12.2023