Privacy policy of the web service

Privacy policy of the web service

This privacy policy applies to the web service that is available to everyone, the Kanta Extranet website aimed at the clients of the Kanta Services, and the Facebook page of the Kanta Services. This privacy policy describes how Kela in its capacity as controller processes the data concerning the users of the web service.


Kela is responsible for producing and maintaining the Kanta Services. 

Kela is committed to protecting the privacy of the users of its web service and its clients. 

Kela cannot identify an individual user of the web service on the basis of the data it has gathered as it does not collect the name, contact details or personal identity code of the user of its website. In the Extranet, the user logs in to the service with the Katso ID. The Extranet user log is subject to the privacy policy of Extranet.

The behavioural data collected in the website is not connected to the login data of Kanta Extranet or to the login data of My Kanta Pages or any other data that identifies the individual user and that Kela may process in other contexts.

The My Kanta Pages service gathers data about the number of logins and logouts. The personal identification data of the person logging in to the service is not gathered. Information about the movements or browsing behaviour of the person in My Kanta Pages is not gathered, either. 

Kela and its partners use cookies and corresponding technologies (hereinafter cookies in general) in the web service open to everyone. Cookies are used for collecting information about how and when the online service is used. This information helps to improve the availability of the online service. 

The user can control the use of cookies with browser settings or by visiting the websites of Kela’s partners. The user’s options are discussed in further detail in sections 6 and 7 of this privacy policy.

This privacy policy gives answers to the following questions:

  1. What are Kela’s contact details?
  2. What are cookies and what kind of information do they gather?
  3. What kind of information does the Kanta Services gather on social media websites?
  4. For what purpose are cookies and the related information used?
  5. For how long is the information retained?
  6. What options do I have with regard to cookies?
  7. What other kinds of options do the users have?
  8. Who is the data shared with or where is it transferred to?
  9. How is the data protected?
  10. What is the procedure of making changes to the privacy policy? 

Contact details

Social Insurance Institution of Finland (Kela)
P.O. Box 450, 00101 Helsinki or Nordenskiöldinkatu 12, 0250 Helsinki
telephone 020 634 11 

Contact person: 
Pipsa Lotta Marjamäki, Director of Communications, tel. 020 634 1419

What are cookies and what kind of information do they gather?

As is the case with many other web services, the web service uses cookies and other similar technologies. A cookie is a small text file that is stored on the user’s device, saving information about the visit to the web service. 

If the user continues to browse the web service after being offered information and options with regard the use of the service, the user accepts the installation of cookies. The user’s options are discussed in further detail in sections 6 and 7 of this privacy policy.

Logging in to the Extranet in the Kanta Services takes place with the Katso ID. The user data is based on an SAML message, which is as secure as possible from the user's point of view. Identification is based on SSL encryption. The identification service only records the session data, not user data. The behavioural data and cookie data for identification gathered with the cookies of the web service cannot be connected.  The application server also collects cookies to enable the user's session functionality. Kela does not utilise or gather this data in other ways.

Cookies are used in the web service for collecting information, for example,

  • how many users there are on the website
  • which devices are used for accessing the website
  • from which web address the users of the online service have entered the website
  • which individual pages the users have visited.

Cookies and the servers in the web service automatically save the page requests made by visitors to the website. The information usually contains the network request by the user, the date and time of the request, the IP address of the user’s device, and the type and language of the browser.

Due to the principal format of the cookie and log data, it cannot be connected to an individual user without further information. Cookies and server logs are not used for saving, for example, the user’s name, email address, telephone number or home address. Kela cannot connect information gathered with cookies to an individual person and is aiming to further improve the anonymity of data. For example, as part of the use of web analytics, numbers are removed from the user’s IP address to prevent anyone from identifying the individual user. 

What kind of information does the Kanta Services gather on social media websites?

The Kanta Services has a Facebook page for Kanta.  With respect to the visitor data of the Facebook site, Facebook and Kela are joint controllers. Further information about the processing of personal data is available in the Facebook privacy notice.

The Kanta Services processes only statistical data regarding the likes and visits to the Facebook site and the visibility of publications, and no individual user can be identified from the data. The Facebook visitor data helps the Kanta Services to understand what kind of contents would be interesting to the public. The statistical data is used for developing the contents to serve the target audience even better.

The web service may also include links to other external websites, and Kela is not responsible for their privacy practices. 

For what purpose are cookies and the related information used?

Ensuring technical functioning and data security of the online service 

Cookies enable us to ensure that the web service is functioning as it should and that its data security is in order. 

Analysis and development of the web service

Web analytics tool  Piwik Pro ( use cookies to gather statistical data. Data is gathered in order to analyse visitor numbers, the degree of interest in the contents and the ways of using the service, and to develop the web service.

Further information about the partners of the web service and the purposes of using cookies is presented in the following: 

Piwik Pro

For how long is the information retained?

Cookies are valid for the duration of each session until the user closes the browser, or they are so-called persistent cookies that are valid from a few months to a number of years. The user can disable or delete the cookies at any time in the browser settings as described in further detail in section 6.

Data gathered in Google Analytics will not expire automatically. Data accumulated in Piwik Pro is normally retained for 3 years. It is not possible to identify individual users on the basis of the data: for example, in Piwik Pro, every visit is unique, i.e. different visits by the same user cannot be connected to one another.

What options do I have with regard to cookies?

You can prevent and have an impact on the processing of cookies by visiting our partner websites.

Piwik Pro

The user can prevent gathering of data by switching on the Do not track function in the browser settings. See browser-specific instructions: Internet Explorer (, Firefox ( and Google Chrome (

You can also disable or remove cookies in the web browser settings. Please note that the disabling or removing of cookies may have an impact on the selections you have previously made on the above-mentioned partners’ websites, for example, delete cookies installed on the partner website in order to opt out of targeted advertising. Also note that your selections are browser-specific, i.e. you need to make separate selections in each browser you are using.

How to delete cookies in Google Chrome, Internet Explorer and Mozilla Firefox 

Google Chrome 66

  1. Open Google Chrome.
  2. Click the icon on the upper right-hand corner and select Settings.
  3. Select Show advanced settings.
  4. Select the Content settings button under the Privacy heading.
  5. Under Cookies, uncheck “Allow sites to save and read cookie data (recommended).”

Internet Explorer 11

  1. Open Internet Explorer.
  2. Click the Cogwheel icon (Tools) and then select Internet settings.
  3. Select the Security tab and go to Additional information.
  4. Check “First party cookies” under option E. Also uncheck “Always allow session cookies”.
  5. Then select OK.

Mozilla Firefox 52

  1. Open Firefox.
  2. Click the icon on the upper right-hand corner and select Settings.
  3. Select Privacy & Security.
  4. Under History, select the drop-down menu “Firefox will”.
  5. Select “Never remember history” in the drop-down menu.
  6. Close the Settings page.

Cookies can be enabled again at any time.

Deleting of cookies will not hamper the use of the web service.

However, cookies must be enabled to log in to the Extranet service. The related cookies are necessary in terms of the technical functioning of the service. 

What other options do users have?

In addition to having the right to obtain information about the processing of personal data, by virtue of the data protection legislation, users have a right to:

  • inspect the personal data recorded of them
  • rectify data
  • erase data and have the right to be forgotten
  • restrict the processing of data
  • request the transmission of data from one system to another in the case of automated processing based on consent or contract
  • object to processing.

As a rule, in order to implement the above-mentioned rights, Kela needs to be able to identify the individual user. Unless the user provides further information to identify the user and the data related to them, Kela is unable to exercise the above-mentioned rights.

Primarily, the user can have an influence on the processing of data as described above by disabling cookies in the browser settings or by visiting the websites of the partners used. Kela can be contacted by telephone, by submitting a written request to Kela’s registry or by visiting a Kela service point in person. The contact details are presented in section 1. The user can also lodge a complaint with the supervisory authority (

Who is the data shared with or where is it transferred to?

Kela uses reliable partners. The service providers used by Kela (such as media agencies) may have access to the data collected in connection with the use of the web service. The service providers may use this data only for Kela’s benefit. In this context, Kela may transfer the personal data processed by it outside the EU or EEA area in compliance with existing legislation.

Kela aims by contract to ensure that the partners and service providers process the data in accordance with the legislation in force at the time.

How is the data protected?

At Kela, data security and the protection of personal data are taken into account methodically in all use and processing of data. The data security and availability of personal data are ensured with appropriate technical and administrative measures. Kela processes all personal data in a secure way and in compliance with the legislation. 

All members of Kela’s personnel who process personal data are under an obligation of confidentiality. Personal data is only used by persons who need the data in question in their duties in accordance with their access rights.

Data gathered by cookies is also processed by Kela’s external partners in accordance with separate agreements. Kela aims to contractually ensure that data security is ensured in the way required by data protection legislation. 

Is it possible to make changes to the privacy policy?

From time to time, Kela can make changes to this privacy policy if it is justified, for example, when the purposes of processing change or when changes are made in the recommendations by the authorities or in legislation. Information about the changes will be available in the web service.

The privacy policy of the web service based on the EU General Data Protection Regulation was published on 26 August 2019. 

Last updated 29.05.2020