Supplemental Privacy Notice

Before using any of our services, you are required to read, understand, and agree to these terms. You can also download this document below.

Last updated May 23, 2024

illustration

Introduction

Nokia Solutions and Networks Oy and its Affiliates | Nokia (collectively, "Nokia," "we," or "us") want you to be familiar with how we collect, use and disclose personal data.

This Privacy Notice describes how we process personal data in connection with Nokia's Network-as-Code ("NaC") Platform and Services.

"personal data" is information that identifies you as an individual or relates to an identifiable individual.

You are not required to provide personal data to Nokia. If you choose not to provide your personal data to Nokia, we may not be able to provide you with either our products or services or all of their functionalities or to respond to queries you may have.

For more information regarding personal data we collect in our Business Relations generally and in our recruitment activities, please see our notices on our privacy hub We care about your privacy | Nokia.

What Personal data do we collect

We collect the following categories of personal data:

CategoryElements
Identity DataIncluding first name, last name.
Contact DataIncluding billing address, email address, and phone number
Access DataSuch as Nokia ID, IDs used for security purposes, user credentials for access to online services and platforms, IDs and passwords, log traffic and location data, and other technical information.
Financial DataSuch as any bank account and payment card details you provide to us in connection with your purchase of NaC Services.
Usage DataDetails of access to online services and platforms, network sessions, and data about your use of our equipment, electronic communications systems, and property, such as computers, mobile devices, email, internet, telephone and voicemail.
Location DataSuch as third party GeoIP location data, combined with your IP address, GPS data, or other data that reveals your location
Device DataSuch as information about your devices and your use of our services through your use of our website or from other sources. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language, and other such information. When you use our services or otherwise interact with us over telecommunications networks, certain additional information, such as your mobile subscription number, may be transmitted to Nokia by the telecommunications operator as a standard part of that communication This includes data obtained through cookies and similar technologies as described here.

Sensitive personal data

Unless we request it, we ask that you do not send, and you do not disclose, any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) to us.

How do we use personal data

We use your personal data for legitimate business purposes as described in the overview below.

PurposeExamples of Processing ActivitiesPersonal Data CategoriesLegal BasisThird-party Sources
To create an account for You on the NaC PortalAdding your name and information our database and processing paymentsIdentity Data, Contact Data, Financial DataRelying on our legitimate interests in ensuring the functionality of our productsn/a
Providing the functionality of the NaC Portal and Services and fulfilling your requests as well as securing, enhancing, repairing, and maintaining our NaC Portal and ServicesTo identify you in order to provide access to the NaC Portal and deliver Services and investigate misuseIdentity Data, Access Data, Location DataRelying on our legitimate interests in ensuring the functionality of our productsn/a
Communicating with youSending you emails or other notifications regarding your Account for the NaC ServicesIdentity Data, Access DataRelying on our legitimate interests in ensuring the functionality of our productsn/a

*where we rely on legal obligations please see the 'Other disclosures'

Disclosure of personal data

We also disclose your personal data as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.

Disclosures

RecipientsPurpose
Cloud Service Providers (Amazon Web Services, Inc., and R Software, Inc.)To make the NaC Portal, APIs, and Services available to you: R Software, Inc. receives user registration data and subscriber data to provide API management services; Amazon Web Services, Inc. is used to store and process data as cloud service provider.
Our affiliates- All purposes described in this Privacy Notice.

Other Disclosures

PurposeFurther Detail
To comply with applicable law and regulationsThis may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your personal data, including: Civil and commercial matters: for example, where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters. Criminal matters: for example, to comply with requests and orders from EU and EU Member State law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws. Consumer matters: for example, to comply with requests from competent authorities under EU or EU Member State consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States. Corporate and taxation matters: for example, to comply with our obligations under applicable EU Member State corporate and tax legislation, such as where a national tax law of an EU Member State requires collection of specific transactional personal data for tax purposes. Regulatory matters: for example, to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our company. These can include authorities outside of your country of residence. Compliance and internal investigations: for example, to comply with whistleblowing requirements under Directive (EU) 2019/1937 and its implementing laws in EU Member States. Health and safety regulations: for example, to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.
For other legal reasonsFor dispute resolution purposes; To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
In connection with a sale or business transactionWe have a legitimate interest in disclosing or transferring your personal data to a third-party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your personal data in accordance with applicable law and the 'Updates To This Privacy Notice' section.

Cookies and similar technologies

We may collect personal data through the use of cookies and similar technologies. Please see our Cookies and Similar Technologies Policy for more information.

Your choices and rights over your data

Your choices regarding our use and disclosure of your personal data for direct marketing purposes

We give you choices regarding our use and disclosure of your personal data for marketing purposes. You may opt out from:

  1. Receiving marketing-related emails, mobile messages or direct message via social media from us. If you no longer want to receive marketing related messages from us on a going-forward basis, you may opt out by using the links provided to you in the relevant direct marketing messages you have received by contacting us in accordance with the 'Contacting us' section below. Please note that important administrative messages may still be sent to you even if you opt-out from marketing and other communications from Nokia

  2. Our sharing of your personal data with affiliates for their direct marketing purposes. If you would prefer that we discontinue sharing your personal data on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing contacting us in accordance with the 'Contacting us' section below.

  3. Our sharing of your personal data with unaffiliated third parties for their direct marketing purposes. We obtain your prior consent to sharing your personal data in this way. If you would prefer that we discontinue sharing your personal data on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt out of this sharing contacting us in accordance with the 'Contacting us' section below. You should contact the relevant third party directly to exercise your rights to opt out from their marketing messages.

We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.

Your additional rights over your data and how to exercise them

If you would like to request to access, correct, update, suppress, restrict, or delete personal data, object to or opt out of the processing of personal data, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your personal data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the "Contacting Us" section below. We will respond to your request consistent with applicable law.

In your request, please make clear what personal data you would like to have changed or whether you would like to have your personal data suppressed from our database. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be capable of removal.

For information on how to manage your rights in respect of cookies and similar technologies please follow the instructions in  How do I manage Cookies and Similar Technologies (section 3)

You may lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of EU data protection authorities is available here. Details for the UK Information Commissioner's Office are available here.

How we keep data secure

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the "Contacting Us" section below.

How long we keep data for

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to enforcement of our contractual terms, applicable statutes of limitations, litigation or regulatory investigations).

Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain personal data, even after your account has been deleted and/or we no longer provide services to you.

  • To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your account, we will preserve personal data subject to such order or warrant after you delete your account.

  • To comply with legal provisions on tax and accounting: We may retain your personal data, such as Financial Data and Relationship History after you delete your account, for the amount of time appropriate to local limitation periods, as required by tax law and to comply with bookkeeping requirements.

  • To pursue or defend a legal action: We may retain relevant personal data in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your personal data, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for the amount of time appropriate to local limitation periods, after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.

Anonymization of data In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Third Party Services

This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third-party operating any website or service to which our products or services link. The inclusion of a link via any of our services does not imply endorsement of the linked site or service by us or by our affiliates.

Children

We do not knowingly collect personal data from individuals under 16 for the purposes outlined in this Privacy Notice.

International Data Transfers

Nokia is a global company that has affiliate (Affiliates | Nokia), business processes, management structures and technical systems that cross national borders. This means your personal data may be stored and processed in countries where we operate, where we have customers, or in which we engage service providers or other authorized parties, and by engaging with us you understand that your personal data will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.

Nokia takes steps to make transfers with appropriate safeguards recognized by applicable laws. Generally international transfers will be safeguarded in accordance with relevant international laws. Where this will involve transferring your personal data outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Adequacy Decisions: Some non-EEA countries are recognized under the UK GDPR and/or by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here European Commission Adequacy countries and here, for the UK UK ICO List Adequacy List of Countries)

  • Standard Contractual Clauses and Binding Corporate Rules: For transfers of personal data from the UK and/or EEA to countries outside the UK/and or EEA which are not considered adequate under the UK GDPR and/or by the European Commission, we have put in place appropriate measures to protect your personal data. For example, we use standard contractual clauses adopted under the UK GDPR and/or by the European Commission. You may obtain a copy of these measures by contacting us in accordance with the "Contacting Us" section below.

  • Derogations for specific situations. Transfers may occasionally be made based on a specific derogation, for example, where you have given consent, for reasons of public interest, in connection with the establishment or defense of legal claims, or to protect the vital interests of an individual.

Updates to this Notice

The "LAST UPDATED" legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice.

Contact Us

The Nokia entity identified above determines alone, or occasionally jointly with other Nokia entities, the purposes and means of processing your personal data. Nokia Corporation is the controller of your personal data processed in connection with our global databases and systems.

If you have any questions about this Privacy Notice, please contact us via our Nokia Privacy Request Form.

Because email communications are not always secure, please do not include sensitive information in your emails to us.

You may also contact our Group Data Protection Officer at:

Nokia Corporation c/o Privacy Karakaari 7 P.O. Box 226 FI-00045 Nokia Group Finland Email: group.dpo@nokia.com

Supplement for California residents

Pursuant to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act, we are providing the following additional details regarding the categories of personal information (as defined by the CCPA) that we collect, use and disclose about California residents.

Collection and disclosure of personal information

The following chart includes: (1) the categories of personal information, as listed in the CCPA, that we plan to collect and have collected and disclosed within the preceding 12 months; and (2) the categories of third parties to which we disclosed personal information for our operational business purposes within the preceding 12 months.

Categories of personal informationDisclosed to the following categories of third parties for operational business purposes
Identifiers, such as name, alias, contact information, unique personal identifiers, online identifiers, and government-issued identifiers (e.g., Social Security number)affiliates; service providers
Personal information as defined in the California customer records law, such as name, contact information, signature, financial account numberaffiliates; service providers
Commercial information, such as transaction information and purchase history, including purchases consideredaffiliates; service providers
Internet or network activity information, such as browsing history, search history and interactions with our online properties or adsaffiliates; service providers
Geolocation data, such as device location and approximate location derived from IP addressaffiliates; service providers

Sale of personal information

Under the CCPA, if a business sells personal information, it must allow California residents to opt out of the sale of their personal information. However, we do not sell and have not sold personal information for the purposes of the CCPA in the last 12 months. Furthermore, we do not sell the personal information of minors under 16 years of age.

Sources of personal information

As described above, we collect this personal information from you and from affiliates, third party service providers, ad networks, data analytics providers, social networks, publicly available databases and joint marketing partners, when they share the information with us.

Use of personal information

We may use this personal information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including, for example, to: develop, improve, repair, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.

CCPA rights and requests

If you are a California resident, you may make the following requests:

1. Request to know

You may request that we disclose to you the following information covering the 12 months preceding your request:

  1. The categories of personal information we collected about you and the categories of sources from which we collected such Personal Information

  2. The specific pieces of personal information we collected about you

  3. The business or commercial purpose for collecting (if applicable) Personal Information about you

  4. The categories of personal information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).

2. Request to delete

You may request that we delete personal information we collected from you, subject to certain exceptions.

3. Right to correct

You may request that we correct inaccurate personal information.

4. Request for copies of data

You may request to receive a copy of your personal information, including specific pieces of personal information, including a copy of the personal information you provided to us in a portable format.

To make a request to know or a request to delete, please contact us using the form available here - Nokia privacy request form.

We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information relevant to the request. We may need to request additional personal information from you to verify your identity and protect against fraudulent requests. If you maintain a password-protected account with us, we may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your personal information.

You may make a request on behalf of a child who is under 13 years old if you are the child's parent or legal guardian. If you make a request to delete, we may ask you to confirm your request before we delete your personal information.

If you want to make a request to know or a request to delete as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent, which also may include:

  1. Proof of your registration with the California Secretary of State to conduct business in California;

  2. Proof of a power of attorney from the resident pursuant to Probate Code sections 4121¬-4130.

If you are an authorized agent and have not provided us with a power of attorney from the resident pursuant to Probate Code sections 4121-4130, we may also require the resident to:

  1. Verify the resident's own identity directly with us, or

  2. Directly confirm with us that the resident provided you permission to make the request.

Your right to non-discrimination

You have the right to be free from unlawful discriminatory treatment for exercising your rights under the CCPA.

Your choices regarding our sharing personal information for direct marketing

You may opt out from our sharing of your personal information with affiliates or unaffiliated third parties for their direct marketing purposes on a going-forward basis by using the form at Contact us – and selecting "Privacy" under "General inquiries" as the relevant category for the question or feedback.

We will try to comply with your request(s) in a timely manner to the best of our ability. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages, from which you cannot opt out.

Do-not-track signals

We do not currently respond to browser do-not-track signals.