Data protection is fundamental to our business. We process personal and communication data daily while providing mobile services, and we want to earn your trust through transparent data handling. We comply with Finnish data protection laws and regulatory guidelines.
This privacy policy applies to all current and potential customers, service users, invoice payers, competition participants, customer service contacts, business contacts, corporate customer employees, and authorized signatories.
What This Policy Covers
This policy explains how we protect your privacy and communications, what personal data we collect, how and why we process it, our data retention periods, who we share data with, and your rights as a data subject.
It is important to note that this data protection policy does not apply to services or websites provided by other companies, even if you can access these external services through Giga Mobiili's platforms or services. Those external services have their own privacy policies that govern how they handle your information
We collect personal data for specific legitimate purposes that benefit you while enabling us to provide quality mobile services.
To Provide and Maintain Our Services
We use your personal information primarily to fulfill our contractual obligations and provide the mobile services you have requested. This includes setting up and managing your mobile subscription account from the initial sign-up process through ongoing account maintenance. We need your information to facilitate the transmission of your communications, including voice calls, text messages, and data services that connect you to the internet and other networks.
Your personal data enables us to create accurate billing statements that reflect your actual service usage and ensure that payments are processed correctly. When you contact our customer support team, we use your information to verify your identity and provide personalized assistance with your account or technical issues. We also use your data to identify, diagnose, and resolve technical problems that may affect your service quality.
Maintaining
the security of our network and services requires us to monitor certain usage
patterns and detect potential security threats or unauthorized access attempts.
We use your information to implement security measures that protect both your
account and our overall network infrastructure. Additionally, we analyze usage
data to improve your overall user experience by identifying areas where our
services can be enhanced or optimized.
Marketing and Personalization With Your Permission
When you consent, we use your information to provide you with marketing communications that we believe will be relevant and valuable to you. This includes sending you information about new services, special promotions, and upgrades that might enhance your mobile experience. We analyze your service usage patterns and preferences to recommend additional services or features that align with your needs.
We may
conduct market research and customer satisfaction surveys to better understand
how our customers use our services and what improvements they would like to
see. This research helps us develop new services and improve existing ones
based on real customer feedback and needs. We also use your information to
personalize your experience when you interact with our website, mobile
application, or customer service representatives.
Legal and Regulatory Requirements
There are certain situations where we are legally required to process your personal data, regardless of whether you have given us specific permission to do so. These legal obligations include maintaining accurate accounting records as required by Finnish accounting laws, which means we must keep detailed records of all financial transactions related to your account.
We are required to cooperate with law enforcement agencies and regulatory authorities when they make legitimate requests for information as part of criminal investigations or regulatory enforcement actions. We must also comply with anti-money laundering regulations, which require us to verify customer identities and monitor certain types of transactions for suspicious activity.
Copyright
law requires us to respond to valid copyright infringement claims by providing
information about users who may have violated copyright protections. We also
have obligations to provide certain customer information to emergency services
when they need to locate individuals during emergency situations.
Benefits for You
The data we collect and process provides numerous direct benefits that enhance your experience as a Giga Mobiili customer. We use your information to continuously improve the reliability, speed, and coverage of our mobile network services. This means you can expect better call quality, faster data speeds, and more consistent service availability.
Your account security is enhanced through our data processing activities, as we can quickly identify and respond to suspicious activity or unauthorized access attempts. We use your billing and usage data to ensure that your invoices are accurate and that you are only charged for services you have actually used.
Our analysis of customer data helps us develop new features and services that address common customer needs and preferences. This means you benefit from innovations and improvements that are directly based on feedback and usage patterns from customers like yourself. We can also provide you with personalized recommendations for services or features that are most likely to be useful for your specific usage patterns.
When
you contact customer service, we can provide faster and more effective
assistance because our representatives have access to your account history and
can quickly understand your previous interactions with us. This reduces the
time you need to spend explaining your situation and allows us to resolve
issues more efficiently.
Artificial Intelligence and Automated Processing
We use AI to improve customer service, develop better products and services, optimize internal processes, and train personnel. All AI we use comply with Giga Mobiili’s and Elkjøp Group ethical principles for the use of artificial intelligence. We use automated credit checks when you apply for services. You can request manual review if you disagree with automated decisions.
We
collect various personal information through multiple channels to provide
comprehensive mobile services.
Basic Customer Information
During
signup, we collect your name, personal identity number, address, contact
details, email, language preference, and payment information. For business
customers, we collect company contact information and authorized representative
details.
Service Usage and Technical Information
Our
systems automatically collect call and message details (numbers, times,
duration etc), data usage information, location data from network connections,
device information (model, IMEI, operating system), SIM card numbers, and
service dates. This technical data enables service provision and billing.
Website and Digital Platform Usage
When
you use our website or services, we collect page visits, session duration,
feature usage, device and browser information, IP addresses, search terms, and
preferences. We use cookies and similar technologies for personalization.
Mobile Application Data
Our app
collects login information, usage patterns, preferences, biometric data (if
enabled), push notification tokens, performance data, and crash reports. Some
data is stored locally on your device using encryption for faster access, while
sensitive information remains on secure servers.
When You Contact Our Customer Service Center
You can
reach our customer service through several channels. If you already have a
customer profile with us, we will use the information linked to your profile to
assist you as efficiently as possible. If your inquiry requires further
follow-up—such as service or a complaint—we will create a customer profile if
you don’t already have one. We will link your inquiries to your customer
profile so we can follow up with you if needed.
When You Call Us:
When you contact us by phone, we will look up your phone number so that our agent has relevant information about your customer relationship available during the call. Our agents will record information important for further follow-up in our system. We will also retain a log of your call linked to your customer profile.
Before
the call begins, you will be asked to consent to the call being recorded. The
recording is used solely for training purposes.
When You Chat With Us:
Our website features a chatbot designed to handle common customer questions. If the chatbot cannot assist you, your conversation will be seamlessly transferred to a customer service agent during our opening hours. To provide faster assistance, the entire conversation will be transferred from the chatbot to our agents.
When starting a chat with the chatbot, you can choose to log in with your Elkjøp profile. The chatbot and any agent involved will then have access to your profile and orders to assist you more easily. If you are already logged in when you start the chat, this will happen automatically.
You also have the option to remain anonymous by not logging in. However, when chatting with an agent, you must provide your email address to receive personalized assistance. If you provide it, our system will check for any existing cases linked to your email address.
After
the conversation ends, you can download the chat transcript through the chat
settings.
When You Email Us:
When you send us an email, we will store it in connection with your customer profile. We retain your emails to better follow up with you over time—whether you need service, have filed a complaint, or if the correspondence is part of a dispute with us.
Legal
Basis, Storage, and Deletion:
We believe we have a legitimate interest in recording information about your correspondence with us to follow up on your customer relationship. Additionally, we may have a legal obligation to record and store information about your customer relationship – for example, if you file a complaint about a product. If we record phone calls with you, the legal basis is your consent.
The Call recordings from when you call our customer care center, are deleted no later than 45 days after the call. Chats are anonymized no later than 30 days after the conversation. Emails are stored for one year to ensure we can follow up on complaints and claims over time.
External Data Sources
In addition to information you provide directly to us, we obtain certain personal data from external sources to maintain accurate records and provide comprehensive services. We collect information from publicly available sources such as business registries, population registers maintained by government agencies, and other official public records that contain contact and identification information.
We may obtain updated contact information from postal services and professional directory companies to ensure that our records remain current and that we can reach you with important communications about your services. We also access credit information from authorized credit reporting agencies when evaluating applications for new services or assessing creditworthiness for certain service offerings.
When you use services provided by other telecommunications companies, such as when you travel abroad and use roaming services, those companies share necessary usage and billing information with us so that we can provide you with accurate billing and seamless service. Similarly, we share information with other telecom companies when their customers use our network services.
We may receive marketing-related information from third-party marketing databases, but only when you have given explicit permission for your information to be used for marketing purposes. We also access ban registers maintained by marketing industry associations to ensure that we do not send marketing communications to individuals who have opted out of receiving such materials.
You
have comprehensive rights under data protection law that give you control over
your personal information.
Right to Access Your Personal Data
You can request complete copies of all personal data we hold about you, including collection sources, processing purposes, and sharing details. Most information is available in your online account, but you can request a comprehensive report for complete records.
Right
to Correct Information
If our information about you is incorrect or incomplete, you can request immediate corrections. We investigate accuracy concerns and update records accordingly, notifying other organizations if they received the incorrect information.
Right to Delete Your Personal Data
You can request deletion when data is no longer necessary, you withdraw consent, or we're processing unlawfully. However, we must retain information required by law (like accounting records) or necessary for contract performance (like billing records). Deletion is permanent and irreversible.
Right to Restrict Processing
You can request temporary processing restrictions while we verify data accuracy or resolve lawfulness concerns. During restrictions, we maintain but don't actively use the affected data except in limited circumstances with your consent.
Right to Object to Processing
You can object to marketing communications and advertising targeting. We'll immediately stop promotional communications and add you to our suppression list. You can also object to other legitimate interest processing unless we demonstrate compelling grounds to continue.
Right to Data Portability
You can receive certain personal data in machine-readable format for transferring to other service providers. This applies to automatically processed data based on consent or contract performance. We provide data in CSV format.
We only
share personal data in specific necessary circumstances with appropriate
protections.
Within Our Company and Corporate Group
Only authorized employees needing information for job duties can access your data. All personnel are bound by professional secrecy. As part of Elkjøp Group, we may share data with group companies for operational and reporting purposes under equivalent protection standards. When we share data within our corporate group, we ensure that the receiving company has appropriate technical and organizational measures in place to protect your information and that they will only use the data for the specific purposes for which it was shared.
Service Partners and Subcontractors
We work with carefully selected third-party companies to help us provide various aspects of our mobile services, and some of these partnerships require us to share certain customer information. These service partners and subcontractors include companies that help us with billing and payment processing, technical infrastructure management, customer support services, and network maintenance.
Before sharing any customer data with service partners, we establish comprehensive contractual agreements that strictly limit how they can use your information and require them to maintain appropriate security measures to protect your data. These contracts specify that partners can only process your data for the specific services they are providing to us and cannot use your information for their own business purposes or share it with other parties.
We regularly audit our service partners to ensure they are complying with their contractual obligations and maintaining appropriate data protection standards. If a partner fails to meet our requirements, we will terminate the relationship and ensure that any shared data is returned or securely destroyed
Legal and Regulatory Requirements
There are certain circumstances where we are legally required to disclose your personal information to government authorities, law enforcement agencies, or other official organizations. These requirements are established by Finnish and European law and are designed to support important public interests such as criminal investigations, national security, emergency response, and regulatory oversight.
We may be required to provide customer information to police and other law enforcement agencies when they are conducting criminal investigations and have obtained proper legal authorization for accessing the information. Similarly, regulatory authorities such as the Finnish Transport and Communications Agency may request customer data as part of their oversight responsibilities for the telecommunications industry.
We must also share information with law enforcement (with proper authorization), regulatory authorities, emergency services, tax authorities, and copyright holders (with court orders).
When we receive requests for customer information from authorities, we carefully review each request to ensure it is legally valid and properly authorized. We only provide the specific information that is legally required and do not voluntarily share additional data beyond what is mandated by law.
Directory and Information Services
Unless you opt out, we share basic contact information with directory services and phone book publishers. You have the complete right to control whether your information appears in these directories and services. You can request that your information be kept completely private, which means your phone number becomes a "secret number" that will not appear in any public directories or be available through directory assistance services.
If you choose to have a secret number, you must make this request specifically with us, and we will ensure that your information is not shared with any directory services. You can also choose to have only partial information published, such as just your name and phone number but not your address.
Other Telecommunications Companies
We share technical and billing information with other carriers for call completion, roaming services, and fraud prevention. This sharing enables seamless service across networks and international locations.
When you make calls or send messages to customers of other phone companies, we must share technical routing information and usage data with those companies so they can complete the connection and bill for their portion of the service. Similarly, when customers of other companies contact you, their providers share necessary information with us.
This data sharing is particularly important when you travel abroad and use roaming services provided by foreign telecommunications companies. These companies need access to your basic account information and service details to provide you with mobile services while you are in their coverage area, and they share your usage information with us so we can include roaming charges on your bill.
We also participate in industry-wide systems for preventing fraud and abuse, which requires sharing certain information about suspicious activities or security threats with other telecommunications companies so that the entire industry can better protect customers from scams and security breaches.
Marketing
and Advertising Partners
With your permission, we share demographic information and usage patterns with advertising networks and market research companies. Partners can only use information for specified purposes and cannot use it for their own marketing.
Protection of Rights and Interests
We may disclose information to defend legal claims, investigate fraud, protect network security, collect debts through authorized agencies, or address public safety threats. All disclosures are carefully evaluated for legal justification and proportionality.
Retention periods depend on data type, purpose, legal requirements, and ongoing customer relationships.
Standard
Business Retention
Customer account and service data is retained for 3 years after relationship termination for consumer protection, warranty claims, and billing adjustments. Website usage data is kept for XX months for service improvement analysis.
Marketing and Communication Preferences
Marketing preferences and opt-out requests are retained for 3 years to ensure consistent respect for your communication choices.
Legal and Regulatory Requirements
Accounting records must be kept for up to 10 years per Finnish law. Anti-money laundering data is retained for five years after relationship termination.
Credit Vetting information
Signed proof documents are retained for 5 years in accordance with Finnish legal requirements (Luottotietolaki and Väestötietojärjestelmä, DVV). Data is automatically deleted after 5 years.
Communication and Service Records
Customer service call recordings are deleted no later than 45 days after the call. Chats are anonymized no later than 30 days after the conversation. Emails are stored for one year to ensure we can follow up on complaints and claims over time.
Service Usage and Technical Information (CDR, EDR etc)
Service Usage, Traffic data and Technical Information for law enforcement, fraud prevention and revenue assurance is stored for 24 months
Anonymized Data
We may retain anonymized data longer for trend analysis, network planning, and service development since it cannot identify individuals.
We implement comprehensive technical and organizational security measures to protect your personal data.
Technical Security Measures
All databases are protected by advanced firewalls and encryption both in storage and transmission. Secure facilities with 24/7 monitoring, biometric access controls, and background-checked personnel house our servers. Encrypted connections protect administrative access and data transfers.
Continuous monitoring systems use analytics and machine learning to detect suspicious activities and security threats, enabling quick response to potential incidents.
Network and Communication Security
Communications are protected using industry-standard encryption during transmission. Redundant security systems ensure continuous protection. Automated systems can block threats and implement additional controls when needed.
We scan communications for viruses and malware using automated systems that focus on threat detection while minimizing privacy impact.
Access Controls and Employee Security
Strict access management ensures only authorized employees can view customer data when needed for legitimate duties. All staff receive extensive data protection training and are bound by professional secrecy obligations that continue after employment ends.
Detailed access logs track all customer information viewing and are regularly reviewed for unusual patterns.
Your Security Responsibilities
Use strong, unique passwords and keep them confidential. Keep devices updated with latest security patches and use reputable antivirus software. Monitor your account for unusual activity and report suspicious behavior immediately. Never share authentication credentials in response to unsolicited contacts.
We prioritize your security and privacy by implementing multiple layers of protection while ensuring a seamless user experience.
How We Keep Your Data Safe
We take your security seriously. Here’s what we do to protect you:
·
Secure
Connections – All communication between the
app and our servers is encrypted (using HTTPS).
·
No
Personal Data Stored on Your Phone – We don’t keep your personal information
in the app. Only temporary session data is stored and removed when you log out
or uninstall the app.
·
Biometric
Security – If you use fingerprint or face recognition, this data stays on your device and is never sent to our servers.
· Automatic Logouts – If you’re inactive for a while, the app will log you out to prevent unauthorized access.
Permissions We Ask For
The app only asks for permissions it needs to work properly:
·
Internet – To connect securely to our
servers.
·
Storage – To temporarily save files
during your session.
·
Camera – For scanning QR codes.
·
Biometric
Access – For fingerprint or face
login.
You can change these permissions anytime in your phone’s settings.
Privacy Controls
Currently, privacy preferences and data rights requests are managed through assisted support. We are working on adding in-app privacy controls for greater transparency and convenience.
We do not transfer personal data outside the EU or EEA, unless it is part of your communication outside EU, either to someone internationally, or when you yourself is abroad.
Transfers Within Elkjøp Group
Data may be shared with other Elkjøp companies for reporting, shared infrastructure, product development, and customer service. All group companies maintain equivalent data protection standards and follow comprehensive group-wide policies.
Service Provider Transfers
Some international service providers require data transfers for cloud computing, software applications, and technical infrastructure. We conduct thorough due diligence and establish comprehensive agreements requiring European data protection standards.
Legal Safeguards
We use European Commission-approved mechanisms like Standard Contractual Clauses for transfers to countries without adequate protection. These provide binding obligations for data importers and direct legal rights for you.
We're committed to accessibility and responsiveness for privacy-related questions and requests.
Primary Contact Information
Data
Controller:
Giga Mobiili Oy
Address: Osoite: Firdonkatu 2 T63, Postinumero: 00520, Postitoimipaikka:
Helsinki
Email: infosec@gigamobiili.fi
Data Protection Officer: Available at above address
Making Requests
When exercising data protection rights, provide sufficient detail and allow us to verify your identity for security. Specify exactly what you're requesting to help us respond efficiently.
Response Times
We respond to most requests within one month. Complex requests may require additional time, and we'll notify you if extensions are needed. Contact us immediately for urgent privacy concerns.
Complaints
If
unsatisfied with our response, contact our Data Protection Officer or file
complaints with the Finnish Data Protection Authority at http://www.tietosuoja.fi.
You retain all legal remedies regardless of complaint filing.