Skip navigation

Privacy statement for address information system

1.1.2023

Posti’s address information system is the responsibility of Posti Distribution Ltd

Posti Distribution Ltd (hereinafter Posti) collects, discloses and otherwise processes personal data in the address information system in accordance with the Postal Act, the data protection regulations and other applicable laws, and on the basis of the consent of the data subject, or by his or her assignment, or based on the customer relationship.

The purpose of the address information system is to provide communications services and other related services. Data is processed for postal operations under the Postal Act and for the production of services to the senders and recipients of mail and other messages in connection with sending, controlling, forwarding and receiving parcels, goods deliveries, publications and other physical deliveries as well as e-mail messages, text messages, telephone calls and other electronic communications.

In Posti's address information system, regarding forwarding, mail delivery interruption and corresponding Posti services, the customer relationship is created between Posti and the subscriber and all persons of age to whom the subscriber has subscribed the service at the same time. No customer relationship is created if the person only informs Posti of a change of address for physical deliveries without ordering supplementary services.

Customer data is processed in accordance with data protection regulations to manage, analyze and develop Posti’s customer relationships, and for invoicing, reporting, informing and marketing of products and services of companies in Posti Group and Posti’s partners, as well as for market research. For example, for customers receiving the summer address service, Posti can offer delivery to the summer dwelling instead of a mailbox, and the summer locality or village shop acting as Posti’s partner can send advertisements and announcements.

Data in the address information system is also processed in order to identify the parties of mail communication services, take care of the information security of the services, detect, prevent and deal with cases of misuse, detect and repair technical faults and defects, give customer support to senders and recipients and to maintain and develop mail communication services and systems.

In the above-mentioned cases, the legal grounds for processing are the fulfillment of Posti’s statutory obligations (for example, the Postal Act and Accounting Act), compliance with the contract with the customer or Posti’s legitimate interests (for example, in connection with marketing).

Only information necessary for mail communication services is maintained in the address information system

The address information system contains the name, address and other contact details of persons belonging to the groups described below, information necessary for sending, controlling and forwarding messages, delivering messages to the recipient, receiving messages and information necessary for managing the customer relationship:

  • person’s basic information (names, personal identity number, language)

  • address information

    • physical address and location information

    • building information

    • other address information

      • telephone numbers

      • e-mail addresses

  • message control information and technical specification and auxiliary information needed for maintaining contact details and implementing mail communication services

  • permits and bans issued by the person for the processing of information in the address information system

  • customer information (e.g. agreement, order, service provision and invoicing information)

The personal identity number required to distinguish between people with the same name. The number is also used to ensure the reliability and controllability of the system as well as the accuracy of Posti’s mail delivery and address services.

Reliable sources of data

  • Posti obtains the basic information from the population register based on Section 38 of the Postal Act, the Population Data Act and decision of the Population Register Centre.

  • Posti collects address information from the persons themselves based on Section 38 of the Postal Act and in accordance with data protection legislation.

  • Physical addresses are also maintained based on information received from delivery operations and from housing and real property companies. Posti obtains building information from the building and apartment register based on Section 38 of the Postal Act, the Population Data Act and decision of the Population Register Centre. Posti obtains information on new addresses generated as a result of land use planning, and map and location data, from the Population Register Centre, municipalities, the Finnish Transport Agency, the National Land Survey of Finland and other corresponding entities.

  • Posti obtains control information from the senders and recipients of messages and from the mail communication process.

  • Posti registers bans and consents based on the notification issued by the person. In addition, advertising ban information is also maintained by delivery operations.

  • Customer information is generated in connection with agreements, orders and the use of ordered services.

Safe disclosure of information

Posti forwards people’s contact information from the address information system for mail communication as follows:

  • contact information corrections only to companies, authorities and organizations that already have the person’s contact information e.g. for managing customer and member relationships or based on other legal grounds: - the person’s name and address information based on the Postal Act; - the person’s consent or assignment; - based on a legitimate interest, advertising ban information; and - based on the Postal Act, name and address information and information on assignments related to changes to delivery for another postal company for the implementation of postal operations

  • otherwise only based on the consent or assignment separately issued by the person

The data subject may refuse the disclosure of his personal information in connection with the address checking and correction services.

An updated list of organizations using the contact details service can be found at www.posti.fi .

The Finnish Transport and Communications Agency (Traficom) maintains a register of postal operations, listing postal companies that have the right to receive address information.

Posti does not disclose personal identity numbers.

Target groups are not selected from the address information system for direct marketing campaigns. Direct marketing by different companies can be prohibited by notifying the prohibition directly to the companies in question. In addition, a direct marketing ban can be made with the Finnish Direct Marketing Association concerning its member companies.

Posti can disclose customer data in the address information system within the limits permitted and required by applicable legislation (e.g. name and address information of the summer address service and for advertisements and announcements of a summer locality or village shop that is a partner of Posti). In connection with the processing of items, address information may also be viewed by delivery companies subcontracting for Posti or partners that operate Posti’s outlets.

Due to the technical processing of data, some of the data are physically situated on external subcontractor servers or hardware, through which they are processed via a technical remote connection. Personal data may in such cases be transferred to countries outside the European Union or the European Economic Area. In all situations, the precondition for disclosing and transferring data is that the companies, authorities and organizations receiving and processing the data have signed an agreement with Posti to ensure the lawful processing of the data. When transferring data outside the EU or EEA countries and, based on the EU Commission’s assessment, the country in question does not have a sufficient level of data protection, personal data protection is obtained through the use of model agreements approved by the EU Commission.

Personal data protection principles and retention

Posti stores the data in databases protected with firewalls, passwords, and other technological means. The databases and their backups are located in locked and guarded premises, and the data can be accessed only by pre-appointed persons. Internet use in the address information system is protected and secured in accordance with the principles of the Personal Data Act. Persons processing data are bound by a non-disclosure obligation.

Data in the address information system will be erased in accordance with the Postal Act no later than 20 years after Posti received information about a change in the data (the retention period was 10 years until September 15, 2017). In compliance with the Accounting Act, customer data will be retained for a maximum period of 6 years after termination of the customer relationship.

Rights of the data subject

The data subject has the right to obtain information about the processing of his or her personal data and to know whether his or her personal data is being processed. In addition, the data subject has the right to access and receive a copy of his or her personal data undergoing processing, and to demand rectification of inaccurate or incorrect data and completion of the data. The data subject may request erasure or transfer of personal data or, in certain situations, request restriction of processing or object to the processing of personal data on grounds relating to his or her particular personal situation. When the processing is based on consent, the consent may be withdrawn at any time.

If you are a customer of the OmaPosti service, you can check and correct your own information in the Your information section. When logged into the service, you can also change your marketing concents.

You can make a request for information about your personal data stored in Posti's personal registers and exercise your other rights by doing the following. We recommend that you make an information request with identification , as this will allow your request to be processed faster. Identification is possible both with Posti's username and with online banking codes or a mobile certificate (Strong authentication takes place on the "Notification of change of address" page). If you do not use our electronic services or you make a request, e.g. on behalf of your dependent or ward, we recommend using the printable form . Send the completed form in a stamped envelope to the address indicated on the form. You can also make a request by, for example, visiting Posti's head office in person at Postintaival 7A, Helsinki. You can also contact Posti's customer service .

We will process your request without undue delay and respond to it within one month of receiving your request. As a rule, you have the right to receive your personal data free of charge. If you request multiple copies of the information or make repeated requests, the reasonable costs of providing the information may be charged

If the data subject considers that the processing of personal data concerning him or her infringes data protection legislation, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State where the data subject has his or her habitual residence or place of work or where the alleged breach of the GDPR has occurred (in Finland, the Data Protection Ombudsman). Further information is available on the website of the Data Protection Ombudsman: tietosuoja.fi

Changes

1.1.2023

Due to changes of Posti Group corporate structure, also the name of the Controller has changed.

Controller

Posti Distribution Ltd (Business ID: 0109357-9) PO Box 1, FI-00011 POSTI

Street address: Postintaival 7 A, Helsinki Tel. +358 (0)100 5577 (mpc/lnc, also while queueing)

Customer service

Data Protection Officer: tietosuoja@posti.com