posti logo

Privacy statement for Customer service

Processing of personal data at Posti Customer Service is the joint responsibility of Posti Ltd and Posti Distribution Ltd (hereinafter Posti)

The respective responsibilities of joint controllers are based on the company offering the service. The company offering the service is defined in product terms, on Posti's website or in connection of the service.

Posti Customer Service processes personal data in order to handle and investigate contacts, customer feedback, claims for damages or inquiries for lost items in connection with consultations, orders and deployment of Posti Group’s products or services. Customers may contact Posti through several customer service channels (telephone, e-mail, chat or web service). Posti records telephone calls related to business or service transactions to verify the call content, if necessary. The recordings are used to ensure the rights and legal protection of the customer and Posti.

Data can also be processed for training, quality control, security and preventing abuse, maintenance and development of the service and systems, as well as for statistical purposes.

In that case, the processing of data is based on the fulfillment of Posti’s statutory obligations (for example, the Postal Act and Accounting Act), compliance with the contract with the customer or Posti’s legitimate interest (for example, customer surveys, product development and statistics).

Posti may admin fan pages or corporate pages on Facebook. Posti and Meta Platforms Ireland Limited (Facebook and Instagram) are joint controllers for these pages. Meta processes personal data in accordance with its Data Policy: https://www.facebook.com/privacy/explanation. Meta assumes the main responsibility for compliance with the applicable obligations under the general data protection regulation, including the exercise of the data subject's rights, in its service. More information on the processing of personal data and on the division of responsibilities between Meta and the page admins: https://www.facebook.com/legal/terms/page_controller_addendum.

Data processed in the customer service system and its retention

The customer service register includes the following information about persons who have claimed for damages, given customer feedback, made a lost item inquiry or contacted the customer service for product and service information.

  • Given name and surname

  • Personal identity code (when dealing with consignments subject to customs)

  • Contact details

  • ChatBot discussions and phone recordings

  • Identification information of social media profile and messages

  • Item information (for example, sender, addressee, mailing type, item ID)

  • Payment information (for example, bank account number)

  • Compensation claimed and postage fee

  • Compensation decision (justification and payment details)

In addition to the basic customer information, personal data may also include information on agreements, use of services and areas of service use disclosed in claims for compensation, customer feedback, product and service information and inquiries for lost items, as well as data required to produce and control services.

The event data in the customer service register will be retained for 3 years and 3 months. Data relating to compensation decisions will be retained for a maximum of 7 years. Information requests by authorities are retained for 5 years.

Data processed for recorded phone calls

The following data is stored on incoming calls to the customer service or telesales unit, and on outgoing calls to customers made by the customer service or telesales unit:

  • Start and end time of the call

  • Duration of the call

  • Telephone number of Posti customer service unit

  • Customer’s telephone number (last three digits hidden)

  • Name of Posti employee who answered or made the call

  • The telephone conversation in a voice recording

The recordings are retained for six months, after which they are automatically erased.

Regular sources of data

The data in the register is disclosed by the customer, for example, in a claim for damages, customer feedback, lost item inquiry or request for information either from customer calls to the Posti Group’s customer service numbers or from calls made by the customer service and telesales units to customers. Recording starts when the call is answered and ends when the call is terminated. In addition, the register may also contain relevant information that has emerged as a result of an investigation (obtained, for example, from Posti’s production units or Retail Network).

Safe disclosure of data

Customer data will not be disclosed for direct marketing purposes. Otherwise, data will be disclosed to third parties within the limits set forth in applicable legislation.

Data in the customer service register can also be processed by Posti’s subcontractors, such as debt collection companies. Due to the technical implementation of the processing of data, some of the data are physically situated on external subcontractors’ servers or hardware, where they are processed through a technical interface. Personal data may in such cases be transferred to countries outside the European Union or the European Economic Area. In all cases, the precondition for disclosing and transferring data is that the parties receiving and processing the data have signed an agreement with Posti that includes the standard clauses approved by the EU Commission and ensures that the processing of data is carried out in compliance with the law.

Data protection principles

The customer service register is part of a system holding the data of the customers of Posti Group and the data of the customers’ contact persons. The system is protected through the use of personal usernames and passwords. Anyone to be given a username and password for the system must, before receiving these, attend training pertaining to the use of the system. The training also covers Posti Group’s instructions on handling business secrets and customer data.

Data in the register for recorded customer calls can only be accessed by designated persons who maintain the customer call management system, as well as customer call operators and telemarketers together with their supervisors. Posti’s customer service operators and telemarketers can listen to their own recorded calls, and supervisors can listen to the recorded calls of all their subordinates. The recordings show the customer’s telephone number with the last three digits hidden.

System administrators and customer service operators, as well as their supervisors, must attend training pertaining to the use of the system.

All data is processed confidentially and may only be disclosed to persons who need it to perform their duties and who are bound by a non-disclosure obligation.

Rights of the data subject

The data subject has the right to obtain information about the processing of his or her personal data and to know whether his or her personal data is being processed. In addition, the data subject has the right to access and receive a copy of his or her personal data undergoing processing, and to demand rectification of inaccurate or incorrect data and completion of the data. The data subject may request erasure or transfer of personal data or, in certain situations, request restriction of processing or object to the processing of personal data on grounds relating to his or her particular personal situation. When the processing is based on consent, the consent may be withdrawn at any time.

If you are a customer of the OmaPosti service, you can check and correct your own information in the Your information section. When logged into the service, you can also change your marketing concents.

Make a data request  

You can submit a data request regarding the information stored about you in Posti’s data registers. You can make the request as an authenticated user, as this allows us to process your request faster. Authentication can be done with your Posti user credentials or through bank credentials or a mobile certificate.  

Make a data request Authenticate first with your Posti user credentials or through bank credentials or a mobile certificate. 

If you do not use our digital services or are making a request on behalf of, for example, your dependent or ward, we recommend using the printable form below. Send the completed form and any required authorizations in an envelope with a postage stamp to the address indicated on the form. You can also make the request in person at Posti’s headquarters, located at Postintaival 7A, Helsinki.  

Print data request Form (PDF)  

Processing the data request 

We process your data request without undue delay and will respond within one month of receiving the request. Responses to requests submitted by post will be delivered as a registered letter to the address listed in Posti’s address register. You are entitled to receive your personal data free of charge. If your inquiry is about something other than a formal data request, you can receive faster assistance through our customer service.  

If the data subject considers that the processing of personal data concerning him or her infringes data protection legislation, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State where the data subject has his or her habitual residence or place of work or where the alleged breach of the GDPR has occurred (in Finland, the Data Protection Ombudsman). Further information is available on the website of the Data Protection Ombudsman: tietosuoja.fi

Changes

1.1.2023

Due to changes of Posti Group corporate structure, also the the Controller has changed.

A separate privacy statement for phone recordings has now been included in Customer service privacy statement.

Joint Controllers

Posti Ltd (Business ID: 2344200-4) and Posti Distribution Ltd (Business ID: 0109357-9) PO Box 1, FI-00011 POSTI

Street address: Postintaival 7 A, Helsinki Tel. +358 (0)100 5577 (mpc/lnc, also while queueing)

Customer service