Kela is responsible for producing and maintaining the Kanta Services.
Kela is committed to protecting the privacy of the users of its web service and its clients.
The behavioural data collected in the kanta.fi website is not connected to the login data of Kanta Extranet or to the login data of My Kanta Pages or any other data that identifies the individual user and that Kela may process in other contexts.
The My Kanta Pages service gathers data about the number of logins and logouts. The personal identification data of the person logging in to the service is not gathered. Information about the movements or browsing behaviour of the person in My Kanta Pages is not gathered, either.
- What are Kela’s contact details?
- What are cookies and what kind of information do they gather?
- What kind of information does the Kanta Services gather on social media websites?
- For what purpose are cookies and the related information used?
- For how long is the information retained?
- What options do I have with regard to cookies?
- What other kinds of options do the users have?
- Who is the data shared with or where is it transferred to?
- How is the data protected?
1. Contact details
Social Insurance Institution of Finland (Kela)
P.O. Box 450, 00101 Helsinki or Nordenskiöldinkatu 12, 0250 Helsinki
telephone 020 634 11
Pipsa Lotta Marjamäki, Director of Communications, tel. 020 634 1419
2. What are cookies and what kind of information do they gather?
Logging in to the Extranet in the Kanta Services takes place with the Katso ID. The user data is based on an SAML message, which is as secure as possible from the user's point of view. Identification is based on SSL encryption. The identification service only records the session data, not user data. The behavioural data and cookie data for identification gathered with the cookies of the kanta.fi web service cannot be connected. The application server also collects cookies to enable the user's session functionality. Kela does not utilise or gather this data in other ways.
Cookies are used in the kanta.fi web service for collecting information, for example,
- how many users there are on the website
- which devices are used for accessing the kanta.fi website
- from which web address the users of the online service have entered the website
- which individual pages the users have visited.
Cookies and the servers in the kanta.fi web service automatically save the page requests made by visitors to the website. The information usually contains the network request by the user, the date and time of the request, the IP address of the user’s device, and the type and language of the browser.
Due to the principal format of the cookie and log data, it cannot be connected to an individual user without further information. Cookies and server logs are not used for saving, for example, the user’s name, email address, telephone number or home address. Kela cannot connect information gathered with cookies to an individual person and is aiming to further improve the anonymity of data. For example, as part of the use of web analytics, numbers are removed from the user’s IP address to prevent anyone from identifying the individual user.
3. What kind of information does the Kanta Services gather on social media websites?
The Kanta Services has a Facebook page for Kanta. With respect to the visitor data of the Facebook site, Facebook and Kela are joint controllers. Further information about the processing of personal data is available in the Facebook privacy notice.
The Kanta Services processes only statistical data regarding the likes and visits to the Facebook site and the visibility of publications, and no individual user can be identified from the data. The Facebook visitor data helps the Kanta Services to understand what kind of contents would be interesting to the public. The statistical data is used for developing the contents to serve the target audience even better.
The kanta.fi web service may also include links to other external websites, and Kela is not responsible for their privacy practices.
4. For what purpose are cookies and the related information used?
Cookies are used for ensuring the technical functionality and data security of the online service and for analysing and developing the service.
Ensuring technical functioning and data security of the online service
Cookies enable us to ensure that the kanta.fi web service is functioning as it should and that its data security is in order.
Analysis and development of the web service
Further information about the partners of the kanta.fi web service and the purposes of using cookies is presented in the following:
- Purpose of using cookies: Gathering and analysis of statistical data concerning the web service in order to develop the service.
- Purpose of using cookies: gathering and analysis of statistical data concerning the web service in order to develop the service.
5. For how long is the information retained?
Cookies are valid for the duration of each session until the user closes the browser, or they are so-called persistent cookies that are valid from a few months to a number of years. The user can disable or delete the cookies at any time in the browser settings as described in further detail in section 6.
Data gathered in Google Analytics will not expire automatically. Data accumulated in Piwik Pro is normally retained for 3 years. It is not possible to identify individual users on the basis of the data: for example, in Piwik Pro, every visit is unique, i.e. different visits by the same user cannot be connected to one another.
6. What options do I have with regard to cookies?
You can prevent and have an impact on the processing of cookies by visiting our partner websites.
The user can prevent gathering of data by switching on the Do not track function in the browser settings. See browser-specific instructions: Internet Explorer (microsoft.com), Firefox (mozilla.org) and Google Chrome (google.com).
You can also disable or remove cookies in the web browser settings. Please note that the disabling or removing of cookies may have an impact on the selections you have previously made on the above-mentioned partners’ websites, for example, delete cookies installed on the partner website in order to opt out of targeted advertising. Also note that your selections are browser-specific, i.e. you need to make separate selections in each browser you are using.
How to delete cookies in Google Chrome, Internet Explorer and Mozilla Firefox
Google Chrome 66
- Open Google Chrome.
- Click the icon on the upper right-hand corner and select Settings.
- Select Show advanced settings.
- Select the Content settings button under the Privacy heading.
- Under Cookies, uncheck “Allow sites to save and read cookie data (recommended).”
Internet Explorer 11
- Open Internet Explorer.
- Click the Cogwheel icon (Tools) and then select Internet settings.
- Select the Security tab and go to Additional information.
- Check “First party cookies” and “Third party cookies” under option E. Also uncheck “Always allow session cookies”.
- Then select OK.
Mozilla Firefox 52
- Open Firefox.
- Click the icon on the upper right-hand corner and select Settings.
- Select Privacy & Security.
- Under History, select the drop-down menu “Firefox will”.
- Select “Never remember history” in the drop-down menu.
- Close the Settings page.
Cookies can be enabled again at any time.
Deleting of cookies will not hamper the use of the kanta.fi web service.
However, cookies must be enabled to log in to the Extranet service. The related cookies are necessary in terms of the technical functioning of the service.
7. What other options do users have?
In addition to having the right to obtain information about the processing of personal data, by virtue of the data protection legislation, users have a right to:
- inspect the personal data recorded of them
- rectify data
- erase data and have the right to be forgotten
- restrict the processing of data
- request the transmission of data from one system to another in the case of automated processing based on consent or contract
- object to processing.
As a rule, in order to implement the above-mentioned rights, Kela needs to be able to identify the individual user. Unless the user provides further information to identify the user and the data related to them, Kela is unable to exercise the above-mentioned rights.
Primarily, the user can have an influence on the processing of data as described above by disabling cookies in the browser settings or by visiting the websites of the partners used. Kela can be contacted by telephone, by submitting a written request to Kela’s registry or by visiting a Kela service point in person. The contact details are presented in section 1. The user can also lodge a complaint with the supervisory authority (tietosuoja.fi).
8. Who is the data shared with or where is it transferred to?
Kela uses reliable partners. The service providers used by Kela (such as media agencies) may have access to the data collected in connection with the use of the web service. The service providers may use this data only for Kela’s benefit. In this context, Kela may transfer the personal data processed by it outside the EU or EEA area in compliance with existing legislation.
Kela aims by contract to ensure that the partners and service providers process the data in accordance with the legislation in force at the time.
9. How is the data protected?
At Kela, data security and the protection of personal data are taken into account methodically in all use and processing of data. The data security and availability of personal data are ensured with appropriate technical and administrative measures. Kela processes all personal data in a secure way and in compliance with the legislation.
All members of Kela’s personnel who process personal data are under an obligation of confidentiality. Personal data is only used by persons who need the data in question in their duties in accordance with their access rights.
Data gathered by cookies is also processed by Kela’s external partners in accordance with separate agreements. Kela aims to contractually ensure that data security is ensured in the way required by data protection legislation.