Cookies are used for collecting information about how and when Kela’s website is used. This information helps to improve the usability of the website while offering targeted information to various client groups concerning Kela’s services and benefits elsewhere on the internet.
Kela cannot identify individual users of the kanta.fi web service on the basis of the data it has gathered as it does not collect the name, contact details or personal identity code of the user on the website. In the Ekstranet, users log in to the service with their Suomi.fi user ID. Kela cannot identify an individual client on the basis of their online behavioural tracking.
The behavioural data collected in the kanta.fi web service is not connected to the login data of Kanta Ekstranet or that of My Kanta Pages or to any other data that identifies the individual user and that Kela may process in other contexts.
The My Kanta Pages service gathers data about the number of logins and logouts. The personal identification data of the person logging in to the service is not gathered. Information about a person’s behaviour or browsing history in My Kanta Pages is not gathered, either.
Cookies are used for collecting information about how and when Kela’s web service is used. This information is used for improving the usability of the web services while offering targeted information about the Kanta Services to various client groups.
- What are Kela’s contact details?
- What are cookies and what kind of information is collected with them?
- For what purposes are cookies and the related information used?
- How long is data stored?
- What data does the Kanta Services collect on its social media pages?
- What options do users have with regard to cookies?
- How data on the forms are processed?
- What other options do users have?
- Where is data disclosed or transferred to?
- How is data protected?
1. Contact details
Social Insurance Institution of Finland (Kela)
P.O. Box 450, 00101 Helsinki or Nordenskiöldinkatu 12, 0250 Helsinki
telephone 020 634 11
In matters related to the register, customers can contact firstname.lastname@example.org. In matters related to the rights of a data subject, the data subject may send inquiries by email to the Kanta Services’ Data Protection Officer at email@example.com.
2. What are cookies and what kind of information is collected with them?
The kanta.fi web service uses so-called session cookies and persistent cookies. Session cookies are deleted automatically when the browser is closed. Persistent cookies are saved on the computer until they are deleted separately or when they expire.
Suomi.fi user ID is used for logging in to the Kanta Services Ekstranet. The user data is based on an SAML message, which is as secure as possible from the user's point of view. Identification is based on SSL encryption. The identification service only stores the session data, not user data. Cookie data and identification cookie data cannot be linked. The application server also collects cookies to enable the user's session functionality. This is a feature of the application server. Kela does not utilise or collect this data in any way.
On the kanta.fi website, cookies are used for collecting information about, e.g.
- the number of users of the web service
- the devices used for accessing the kanta.fi web service
- the web address from which the users of the web service access the service
- the individual pages visited.
Cookies and the servers in the kanta.fi web service automatically store the page requests made by visitors to the web service. Such information usually contains the network request by the user, the date and time of the request, the IP address of the user’s device, and the type and language of the browser.
The information is in a format that prevents it from being matched to individual users without additional information. Cookies are not used for storing, for example, the user’s name, email address, telephone number or home address. Kela is unable to match cookie data with specific individuals and is taking steps to further minimise the potential to identify specific users. For example, when using web analytics tools, digits are deleted from the user’s IP address in order to prevent anyone from identifying specific users.
3. For what purposes are cookies and the related information used?
The kanta.fi web service uses the following types of cookies:
- Essential cookies: These cookies are used for ensuring that the kela.fi web service is functioning as intended, for example, they enable user logins to the online service. These cookies are essential in order to provide the service requested by the user. The user’s consent is not requested for using these cookies.
Some of the pages of the kanta.fi online service use a chatbot to help the user to find information on the Kanta Services they need more easily. Users interact with the chatbot anonymously. The chatbot does not store any data about the user.
The chatbot uses essential cookies only, so no user consent is required.
In addition, Kela never utilises data gathered from the kanta.fi web service, for example, for purposes of automating the review of applications. The information collected therefore does not affect the protections that users enjoy under the law. With the data, Kela simply aims to reach user groups that are likely to be interested in the Kanta Services. Kela will never match the data with personal data obtained through some other channels.
Not all of the advertising deployed by Kela is targeted to users who previously visited the kela.fi web service with the aim of delivering marketing elsewhere online based on the cookie created in that prior visit. Kela may request a social media site or other web service to display advertising about Kela’s services to a specific target group, for example, users who are thought to be in a younger age group. Therefore, users may see an advertisement targeted at young people even if they have never visited the kanta.fi web service.
4. How long is data stored?
The cookies either expire after the session ends, until the user closes the browser, or they are persistent cookies with a lifetime of a few months or a few years. Users can affect the length of time for which the data collected with cookies is stored by clearing the cookies in their browser settings, which will reset their cookie profile.
Typical storage periods of data collected with cookies are as follows:
Essential cookies: Essential cookies needed to log in to Kanta Ekstranet are session specific and are not stored after the browser is closed.
Audience measurement and analytics cookies: Data collected by Piwik Pro is typically stored for 36 months.
5. What options do users have with regard to cookies?
Cookie preferences do not affect cookies. They also do not affect Piwik Pro cookies. The data protection of visitors has been ensured in many different ways, and the identification of visitors is prevented irrevocably. By monitoring user behaviour, Kela is able to develop the website to meet the clients’ service needs.
Users can also block or delete cookies in the browser settings. Blocking or deleting cookies may have an impact on previous selections made on the website, for example, remove the opt-out cookie for targeted marketing communications set on a partner website. The selections are browser-specific, i.e. the user needs to make separate selections in each different browser.
Cookies are cleared, e.g. in Google Chrome, Microsoft Edge and Mozilla Firefox, as follows:
- Open Google Chrome
- Click the menu in the upper right-hand corner and select Options
- Select ”Cookies and other site data” settings under the ”Security and Privacy” heading
- Check ”Block all cookies (not recommended)”
- Open Microsoft Edge
- Click the menu in the upper right-hand corner and select Options
- Select “Cookies and site permissions”
- Click “Manage and delete cookies and site data”
- Uncheck “Allow sites to save and read cookie data (recommended).”
- Open Firefox
- Click the menu in the upper right-hand corner and select Options
- Select Privacy & Security
- Under History, select the drop-down menu “Firefox will”
- Select “Never remember history” in the drop-down menu
- Close the Options page
Cookies can be enabled again at any time.
Deleting of cookies will not hamper the use of the kanta.fi web service. However, cookies must be enabled to log in to the Ekstranet service. The related cookies are necessary in terms of the technical functioning of the service. Login-related cookies are not used in marketing communications.
6. What information does the Kanta Services collect in its social media services?
The Kanta Services has a Facebook page for Kanta. Facebook and Kela are joint controllers of the visitor data of the Facebook pages. Further information about the processing of personal data is available in the Facebook privacy notice.
The Kanta Services processes only statistical data regarding the likes and visits to the Facebook site and the visibility of content posted on the website, and no individual user can be identified from the data. The visitor data of the Facebook page helps the Kanta Services to find out what kind of content is of interest to the users. The statistical data can help to make the content more useful to the target audience.
The kanta.fi web service may also include links to other external web services, and Kela is not responsible for their privacy policies.
7. How data on the forms are processed?
There are forms on the Kanta.fi website that may require you to fill in personal data.
Below are explanations of the purpose of each form and of how the responses submitted using these forms are stored.
Private individuals can send feedback or ask questions about the Kanta Services using the contact form.
Messages sent using this form are processed by the Kanta Services’ customer service. These messages are not forwarded to health care services, and customer service does not deal with matters regarding personal care or treatment.
Name and address details entered on the contact form are only used for responding to a question or feedback submitted by a customer. The data is collected for one-off use. The data is not used for any other purpose. If the contact leads to a request for action, the stored data will be stored for a maximum of 6 years. The data are retained for the purpose of clearing up disruptions, for confirming any changes made, and for making entries in the change and disruption logs specified in the Kela information management plan.
Accessibility feedback or request
The accessibility feedback or request form is for submitting feedback on the accessibility of the Kanta.fi online service or for submitting an accessibility request. Messages sent using this form are processed by IT customer support. Name and address details entered on the form are only used for responding to a question or feedback submitted by a customer. The data is collected for one-off use. The data is not used for any other purpose. If the contact leads to a change request, the stored data will be stored for a maximum of 6 years. The purpose of data storage is to verify changes and to record changes in accordance with Kela's information management plan.
Pharmacies, health care units and social services units can order the ‘Omakanta tutuksi’ (Introducing MyKanta) brochure directly from the printers.
Data submitted using this form are forwarded to an external partner. Contact details on this form will only be used for processing and shipping deliveries. The order register entry will be deleted automatically 90 days after the order was received.
8. What other options do users have?
In addition to the right to obtain information about the processing of personal data, by virtue of data protection legislation, users have the right to
- inspect the personal data stored about them
- rectify data
- delete data and have the right to be forgotten
- restrict the processing of data
- request the transmission of data from one system to another in the case of automated processing based on consent or contract.
As a rule, in order to exercise the above-mentioned rights, Kela needs to be able to identify the individual user. Unless the user provides further information to identify the user and the data related to them, Kela is unable to exercise the above-mentioned rights.
Primarily, the user can have an impact on the processing as described above by changing their cookie settings. If they so wish, the user can contact Kela by telephone, by submitting a written request to Kela’s registry or by visiting a Kela service point in person. The contact details can be found in section 1.
Users can also file a complaint with the supervisory authority at www.tietosuoja.fi.
9. To whom is data disclosed or transferred to?
The service providers used by Kela (such as media agencies) may have access to the data collected in connection with the use of the web service. The service providers may use this data only as appropriate to Kela’s requirements.
Kela seeks to ensure by contractual means that the partners and service providers handle the information in accordance with the prevailing legislation.
10. How is data protected?
At Kela, information security and the protection of personal data are systematically taken into account in all use and handling of data. The privacy and usability of personal data are ensured with appropriate technical and administrative measures. Kela processes all personal data in a secure way and in compliance with the legislation.
All members of Kela’s personnel who process personal data sign a confidentiality agreement. Personal data is only used by persons who need the data in question in their duties in accordance with their access rights.
Data gathered by cookies is also processed by Kela’s external partners in accordance with separate agreements. Kela seeks to ensure by contractual means that the necessary steps are taken to guarantee data security as required by legislation.
The following privacy measures apply to the Piwik Pro analytics tool:
- Only anonymised data is stored in the service. As the user data is anonymised, it cannot be used as personal data and it also cannot be connected to a specific individual even by combining it with data from other sources. That way, identification is prevented irrevocably.
- Users cannot be identified on the basis of their IP address or location. Fingerprint authentication is also disabled.
- Data is anonymised in accordance with the requirements of the GDPR: the last two segments in IP addresses are deleted, and location data is reviewed at a general level only
- Cookies generated by Piwik Pro are stored in Kela’s own domain and server. The data is stored in a system operated by Kela’s contractual partner Fujitsu.