Skip navigation
posti logo
PrivateBusinessesWe careChristmas
SearchService points

Privacy statement for Customer service

Processing of personal data at Posti Customer Service is the joint responsibility of Posti Ltd and Posti Distribution Ltd (hereinafter Posti)

The respective responsibilities of joint controllers are based on the company offering the service. The company offering the service is defined in product terms, on Posti's website or in connection of the service.

Posti Customer Service processes personal data in order to handle and investigate contacts, customer feedback, claims for damages or inquiries for lost items in connection with consultations, orders and deployment of Posti Group’s products or services. Customers may contact Posti through several customer service channels (telephone, e-mail, chat or web service). Posti records telephone calls related to business or service transactions to verify the call content, if necessary. The recordings are used to ensure the rights and legal protection of the customer and Posti.

Data can also be processed for training, quality control, security and preventing abuse, maintenance and development of the service and systems, as well as for statistical purposes.

In that case, the processing of data is based on the fulfillment of Posti’s statutory obligations (for example, the Postal Act and Accounting Act), compliance with the contract with the customer or Posti’s legitimate interest (for example, customer surveys, product development and statistics).

Posti may admin fan pages or corporate pages on Facebook. Posti and Meta Platforms Ireland Limited (Facebook and Instagram) are joint controllers for these pages. Meta processes personal data in accordance with its Data Policy: https://www.facebook.com/privacy/explanation. Meta assumes the main responsibility for compliance with the applicable obligations under the general data protection regulation, including the exercise of the data subject's rights, in its service. More information on the processing of personal data and on the division of responsibilities between Meta and the page admins: https://www.facebook.com/legal/terms/page_controller_addendum.

Data processed in the customer service system and its retention

The customer service register includes the following information about persons who have claimed for damages, given customer feedback, made a lost item inquiry or contacted the customer service for product and service information.

  • Given name and surname

  • Personal identity code (when dealing with consignments subject to customs)

  • Contact details

  • ChatBot discussions and phone recordings

  • Identification information of social media profile and messages

  • Item information (for example, sender, addressee, mailing type, item ID)

  • Payment information (for example, bank account number)

  • Compensation claimed and postage fee

  • Compensation decision (justification and payment details)

In addition to the basic customer information, personal data may also include information on agreements, use of services and areas of service use disclosed in claims for compensation, customer feedback, product and service information and inquiries for lost items, as well as data required to produce and control services.

The event data in the customer service register will be retained for 3 years and 3 months. Data relating to compensation decisions will be retained for a maximum of 7 years. Information requests by authorities are retained for 5 years.

Data processed for recorded phone calls

The following data is stored on incoming calls to the customer service or telesales unit, and on outgoing calls to customers made by the customer service or telesales unit:

  • Start and end time of the call

  • Duration of the call

  • Telephone number of Posti customer service unit

  • Customer’s telephone number (last three digits hidden)

  • Name of Posti employee who answered or made the call

  • The telephone conversation in a voice recording

The recordings are retained for six months, after which they are automatically erased.

Regular sources of data

The data in the register is disclosed by the customer, for example, in a claim for damages, customer feedback, lost item inquiry or request for information either from customer calls to the Posti Group’s customer service numbers or from calls made by the customer service and telesales units to customers. Recording starts when the call is answered and ends when the call is terminated. In addition, the register may also contain relevant information that has emerged as a result of an investigation (obtained, for example, from Posti’s production units or Retail Network).

Safe disclosure of data

Customer data will not be disclosed for direct marketing purposes. Otherwise, data will be disclosed to third parties within the limits set forth in applicable legislation.

Data in the customer service register can also be processed by Posti’s subcontractors, such as debt collection companies. Due to the technical implementation of the processing of data, some of the data are physically situated on external subcontractors’ servers or hardware, where they are processed through a technical interface. Personal data may in such cases be transferred to countries outside the European Union or the European Economic Area. In all cases, the precondition for disclosing and transferring data is that the parties receiving and processing the data have signed an agreement with Posti that includes the standard clauses approved by the EU Commission and ensures that the processing of data is carried out in compliance with the law.

Data protection principles

The customer service register is part of a system holding the data of the customers of Posti Group and the data of the customers’ contact persons. The system is protected through the use of personal usernames and passwords. Anyone to be given a username and password for the system must, before receiving these, attend training pertaining to the use of the system. The training also covers Posti Group’s instructions on handling business secrets and customer data.

Data in the register for recorded customer calls can only be accessed by designated persons who maintain the customer call management system, as well as customer call operators and telemarketers together with their supervisors. Posti’s customer service operators and telemarketers can listen to their own recorded calls, and supervisors can listen to the recorded calls of all their subordinates. The recordings show the customer’s telephone number with the last three digits hidden.

System administrators and customer service operators, as well as their supervisors, must attend training pertaining to the use of the system.

All data is processed confidentially and may only be disclosed to persons who need it to perform their duties and who are bound by a non-disclosure obligation.

Rights of the data subject

The data subject has the right to obtain information about the processing of his or her personal data and to know whether his or her personal data is being processed. In addition, the data subject has the right to access and receive a copy of his or her personal data undergoing processing, and to demand rectification of inaccurate or incorrect data and completion of the data. The data subject may request erasure or transfer of personal data or, in certain situations, request restriction of processing or object to the processing of personal data on grounds relating to his or her particular personal situation. When the processing is based on consent, the consent may be withdrawn at any time.

If you are a customer of the OmaPosti service, you can check and correct your own information in the Your information section. When logged into the service, you can also change your marketing concents.

You can make a request for information about your personal data stored in Posti's personal registers and exercise your other rights by doing the following. We recommend that you make an information request with identification , as this will allow your request to be processed faster. Identification is possible both with Posti's username and with online banking codes or a mobile certificate (Strong authentication takes place on the "Notification of change of address" page). If you do not use our electronic services or you make a request, e.g. on behalf of your dependent or ward, we recommend using the printable form . Send the completed form in a stamped envelope to the address indicated on the form. You can also make a request by, for example, visiting Posti's head office in person at Postintaival 7A, Helsinki. You can also contact Posti's customer service .

We will process your request without undue delay and respond to it within one month of receiving your request. As a rule, you have the right to receive your personal data free of charge. If you request multiple copies of the information or make repeated requests, the reasonable costs of providing the information may be charged

If the data subject considers that the processing of personal data concerning him or her infringes data protection legislation, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State where the data subject has his or her habitual residence or place of work or where the alleged breach of the GDPR has occurred (in Finland, the Data Protection Ombudsman). Further information is available on the website of the Data Protection Ombudsman: tietosuoja.fi

Changes

1.1.2023

Due to changes of Posti Group corporate structure, also the the Controller has changed.

A separate privacy statement for phone recordings has now been included in Customer service privacy statement.

Joint Controllers

Posti Ltd (Business ID: 2344200-4) and Posti Distribution Ltd (Business ID: 0109357-9) PO Box 1, FI-00011 POSTI

Street address: Postintaival 7 A, Helsinki Tel. +358 (0)100 5577 (mpc/lnc, also while queueing)

Customer service