Cookies are used for collecting information about how and when Kela’s website is used. This information helps to improve the usability of the website while offering targeted information to various client groups concerning Kela’s services and benefits elsewhere on the internet.
Kela cannot identify individual users of the kanta.fi web service on the basis of the data it has gathered as it does not collect the name, contact details or personal identity code of the user on the website. In the Ekstranet, users log in to the service with their Suomi.fi user ID. Kela cannot identify an individual client on the basis of their online behavioural tracking.
The behavioural data collected in the kanta.fi web service is not connected to the login data of Kanta Ekstranet or that of My Kanta Pages or to any other data that identifies the individual user and that Kela may process in other contexts.
The My Kanta Pages service gathers data about the number of logins and logouts. The personal identification data of the person logging in to the service is not gathered. Information about a person’s behaviour or browsing history in My Kanta Pages is not gathered, either.
- What are Kela’s contact details?
- What are cookies and what kind of information is collected with them?
- What data does the Kanta Services collect on its social media pages?
- For what purposes are cookies and the related information used?
- How long is data stored?
- What options do users have with regard to cookies?
- What other options do users have?
- Where is data disclosed or transferred to?
- How is data protected?
1. Contact details
Social Insurance Institution of Finland (Kela)
P.O. Box 450, 00101 Helsinki or Nordenskiöldinkatu 12, 0250 Helsinki
telephone 020 634 11
Pipsa Lotta Marjamäki, Director of Communications, tel. 020 634 1419
2. What are cookies and what kind of information is collected with them?
The kanta.fi web service uses so-called session cookies and persistent cookies. Session cookies are deleted automatically when the browser is closed. Persistent cookies are saved on the computer until they are deleted separately or when they expire.
Suomi.fi user ID is used for logging in to the Kanta Services Ekstranet. The user data is based on an SAML message, which is as secure as possible from the user's point of view. Identification is based on SSL encryption. The identification service only stores the session data, not user data. Cookie data and identification cookie data cannot be linked. The application server also collects cookies to enable the user's session functionality. This is a feature of the application server. Kela does not utilise or collect this data in any way.
On the kanta.fi website, cookies are used for collecting information about, e.g.
- the number of users of the web service
- the devices used for accessing the kanta.fi web service
- the web address from which the users of the web service access the service
- the individual pages visited.
Cookies and the servers in the kanta.fi web service automatically store the page requests made by visitors to the web service. Such information usually contains the network request by the user, the date and time of the request, the IP address of the user’s device, and the type and language of the browser.
The information is in a format that prevents it from being matched to individual users without additional information. Cookies are not used for storing, for example, the user’s name, email address, telephone number or home address. Kela is unable to match cookie data with specific individuals and is taking steps to further minimise the potential to identify specific users. For example, when using web analytics tools, digits are deleted from the user’s IP address in order to prevent anyone from identifying specific users.
3. What information does the Kanta Services collect in its social media services?
The Kanta Services has a Facebook page for Kanta. Facebook and Kela are joint controllers of the visitor data of the Facebook pages. Further information about the processing of personal data is available in the Facebook privacy notice.
The Kanta Services processes only statistical data regarding the likes and visits to the Facebook site and the visibility of content posted on the website, and no individual user can be identified from the data. The visitor data of the Facebook page helps the Kanta Services to find out what kind of content is of interest to the users. The statistical data can help to make the content more useful to the target audience.
The kanta.fi web service may also include links to other external web services, and Kela is not responsible for their privacy policies.
For what purposes are cookies and the related information used?
The kanta.fi web service uses the following types of cookies:
- Essential cookies: These cookies are used for ensuring that the kela.fi web service is functioning as intended, for example, they enable user logins to the online service. These cookies are essential in order to provide the service requested by the user. The user’s consent is not requested for using these cookies.
In addition, Kela never utilises data gathered from the kanta.fi web service, for example, for purposes of automating the review of applications. The information collected therefore does not affect the protections that users enjoy under the law. With the data, Kela simply aims to reach user groups that are likely to be interested in the Kanta Services. Kela will never match the data with personal data obtained through some other channels.
Not all of the advertising deployed by Kela is targeted to users who previously visited the kela.fi web service with the aim of delivering marketing elsewhere online based on the cookie created in that prior visit. Kela may request a social media site or other web service to display advertising about Kela’s services to a specific target group, for example, users who are thought to be in a younger age group. Therefore, users may see an advertisement targeted at young people even if they have never visited the kanta.fi web service.
5. How long is data stored?
The cookies either expire after the session ends, until the user closes the browser, or they are persistent cookies with a lifetime of a few months or a few years. Users can affect the length of time for which the data collected with cookies is stored by clearing the cookies in their browser settings, which will reset their cookie profile.
Typical storage periods of data collected with cookies are as follows:
Essential cookies: Essential cookies needed to log in to Kanta Ekstranet are session specific and are not stored after the browser is closed.
Audience measurement and analytics cookies: Data collected by Piwik Pro is typically stored for 36 months.
6. What options do users have with regard to cookies?
Cookie preferences do not affect cookies < They also do not affect Piwik Pro cookies. The data protection of visitors has been ensured in many different ways, and the identification of visitors is prevented irrevocably. By monitoring user behaviour, Kela is able to develop the website to meet the clients’ service needs.
Users can also block or delete cookies in the browser settings. Blocking or deleting cookies may have an impact on previous selections made on the website, for example, remove the opt-out cookie for targeted marketing communications set on a partner website. The selections are browser-specific, i.e. the user needs to make separate selections in each different browser.
Cookies are cleared, e.g. in Google Chrome, Internet Explorer and Mozilla Firefox, as follows:
Google Chrome 66
- Open Google Chrome.
- Click the menu in the upper right-hand corner and select Options.
- Click Show advanced settings.
- Select the Content settings button under the Privacy heading.
- Under Cookies, uncheck “Allow sites to save and read cookie data (recommended).”
Internet Explorer 11
- Open Internet Explorer.
- Click the Cogwheel icon (Tools) and then select Internet options.
- Select the Privacy tab and click Advanced.
- Under “First-party cookies”, select Block. Also uncheck “Always allow session cookies”.
- Select OK when done.
Mozilla Firefox 52
- Open Firefox.
- Click the menu in the upper right-hand corner and select Options.
- Select Privacy & Security.
- Under History, select the drop-down menu “Firefox will”.
- Select “Never remember history” in the drop-down menu.
- Close the Options page.
Cookies can be enabled again at any time.
Deleting of cookies will not hamper the use of the kanta.fi web service. However, cookies must be enabled to log in to the Ekstranet service. The related cookies are necessary in terms of the technical functioning of the service. Login-related cookies are not used in marketing communications.
7. What other options do users have?
In addition to the right to obtain information about the processing of personal data, by virtue of data protection legislation, users have the right to
- inspect the personal data stored about them
- rectify data
- delete data and have the right to be forgotten
- restrict the processing of data
- request the transmission of data from one system to another in the case of automated processing based on consent or contract.
As a rule, in order to exercise the above-mentioned rights, Kela needs to be able to identify the individual user. Unless the user provides further information to identify the user and the data related to them, Kela is unable to exercise the above-mentioned rights.
Primarily, the user can have an impact on the processing as described above by changing their cookie settings. If they so wish, the user can contact Kela by telephone, by submitting a written request to Kela’s registry or by visiting a Kela service point in person. The contact details can be found in section 1.
Users can also file a complaint with the supervisory authority at www.tietosuoja.fi.
8. To whom is data disclosed or transferred to?
The service providers used by Kela (such as media agencies) may have access to the data collected in connection with the use of the web service. The service providers may use this data only as appropriate to Kela’s requirements. In this context, Kela may transfer the personal data processed by it outside the EU or EEA area in compliance with prevailing legislation.
Kela seeks to ensure by contractual means that the partners and service providers handle the information in accordance with the prevailing legislation.
How is data protected?
At Kela, information security and the protection of personal data are systematically taken into account in all use and handling of data. The privacy and usability of personal data are ensured with appropriate technical and administrative measures. Kela processes all personal data in a secure way and in compliance with the legislation.
All members of Kela’s personnel who process personal data sign a confidentiality agreement. Personal data is only used by persons who need the data in question in their duties in accordance with their access rights.
Data gathered by cookies is also processed by Kela’s external partners in accordance with separate agreements. Kela seeks to ensure by contractual means that the necessary steps are taken to guarantee data security as required by legislation.
The following privacy measures apply to the Piwik Pro analytics tool:
- Only anonymised data is stored in the service. As the user data is anonymised, it cannot be used as personal data and it also cannot be connected to a specific individual even by combining it with data from other sources. That way, identification is prevented irrevocably.
- Users cannot be identified on the basis of their IP address or location. Fingerprint authentication is also disabled.
- Data is anonymised in accordance with the requirements of the GDPR: the last two segments in IP addresses are deleted, and location data is reviewed at a general level only
- Cookies generated by Piwik Pro are stored in Kela’s own domain and server. The data is stored in a system operated by Kela’s contractual partner Fujitsu.