Joint register - S-kanava

S Group and S-Bank Data Privacy Policy Update

23.1.2023

The common mission of S Group and S-Bank is to produce benefits and services that generate well-being for their customers. From March 2023 onwards, we will use a joint customer register to process strictly limited data for the purposes of providing these benefits and services. The joint register enables the services of S Group and S-Bank to be developed more smoothly than before.

The most well-known benefit for co-op members is the Bonus, which you receive in cash in your bank account every month. The account number information for the deposit account for benefits payable in cash is one example of the information to be processed in the joint register. The digital footprint accumulated from the use of S-mobiili, which we use to develop S-mobiili, is also included in the joint register.

The joint register does not process S-Bank's account and loan balance data or S Group's purchase data.

WHO BELONGS TO THE JOINT REGISTER?

The joint register includes S Group’s and S-Bank’s joint customers, meaning people who are S-Bank’s customers and are co-op members or belong to a co-op member household.

Our joint customers also include all S-mobiili users and customers who become co-op members through the “Liity asiakasomistajaksi” (“Become a co-op member”) online service, regardless of whether they are also S-Bank’s customers, as these services are provided jointly by S Group and S-Bank.

WHAT WILL CHANGE WHEN THE JOINT REGISTER IS IMPLEMENTED?

The change to the joint register is not visible directly to customers, as S Group and S-Bank have also previously cooperated in the management of joint customers’ data. Previously, S Group and S-Bank have provided each other information regarding matters such as the contact information of joint customers so that the customer would not have to provide the information twice.

In future, the contact information will be updated directly in the jointly maintained joint register of SOK and S-Bank. Data maintenance will be easier, and the development of our common services, such as S-mobiili, will become even smoother than before.

WHY HAS THE JOINT REGISTER BEEN CREATED?

The joint register is based on the EU’s General Data Protection Regulation (GDPR). The authorities have clarified their interpretation of the General Data Protection Regulation, whereby SOK, which is responsible for S Group’s co-op member and customer register, and S-Bank, which is responsible for S-Bank’s customer register, are considered joint controllers for certain common customer data.

The information in the joint register is also included in S Group’s co-op member and customer register and in S-Bank’s customer register, where it is used in accordance with the purposes of data use of these registers.

You do not need to take any action to be included in the joint register. We will only store and use your personal data in the joint register for as long as it is necessary to provide the services, with the exception of customer feedback, which we store for two years.

In March, we will also update the privacy statements of S Group’s co-op member and customer register and S-Bank’s customer register. More information on data protection can be found on S Group and S-Bank’s data protection pages:

JOINT REGISTER DETAILS

EXAMPLES OF INFORMATION CONTAINED IN THE JOINT REGISTER:

Information on co-op membership, co-op member/service number and the cooperative, so that S-Bank is able to provide the customer with free daily banking services.
Information about the S-Bank account defined as the customer’s deposit account for benefits payable in cash, so that we can pay the customer their Bonus and other benefits paid in cash.
Information about the customer’s activation of S-mobiili so that both S Group and S-Bank can produce the necessary information for the application. The joint register also collects S-mobiili usage data so that we can jointly identify different S-mobiili user types and further develop and improve S-mobiili.

GET THE MOST OUT OF YOUR CO-OP MEMBERSHIP

Would you like to be among the first to hear about S Group’s and S-Bank’s new services and latest customer benefits? Check that you have an up-to-date email address and marketing permissions granted in your customer information to get the most out of your co-op membership.

You can update your email address and marketing permission in S-mobiili, in the “Minä” (“Me”) section, where they are listed in “Omat tiedot” (“My information”) under your name. If you do not have S-mobiili yet, you can download it on your phone at s-mobiili.fi.

You can also update your contact information and marketing permissions through your S User Account, which you can log in to at s-kayttajatili.fi/en.

MORE INFORMATION

FREQUENTLY ASKED QUESTIONS

What does a joint register mean?
A joint register is any structured set of personal data used for common purposes by several, in this case two, data controllers. In the case of a joint register, the data controllers jointly determine the purposes and means of the processing, so they also act as joint data controllers.
Why have S Group and S-Bank created a joint register?
The change is based on the authorities’ more detailed interpretations of the EU’s General Data Protection Regulation (GDPR). As a result of these interpretations, SOK and S-Bank will be considered joint controllers for some of their common customer data.

Establishing a joint register enables SOK and S-Bank to produce services and benefits for the benefit of their joint customers. For example:

When S-Bank provides information about the customer’s deposit account for benefits payable in cash to the joint register, the cooperative is able to pay the cash benefits to the member’s benefit deposit account in S-Bank.

Similarly, when SOK provides the customer’s co-op member/service number to the joint register, S-Bank is able to produce a payment feature card for the customer as an S-Etukortti card and with the correct co-op member/service number to enable Bonus accumulation.
Who is covered by the joint register?
The scope of the joint register includes all co-op members or persons belonging to a co-op member household, who also have a customer relationship with S-Bank. The joint register also includes all S-mobiili users and customers who become co-op members through the “Liity Asiakasomistajaksi” (“Become a co-op member”) online service, regardless of whether they are also S-Bank’s customers, as these services are provided jointly by SOK and S-Bank.
What personal data does the joint register cover?
The joint register is used to process a strictly limited set of data of SOK’s and S-Bank’s joint customers.

The following data are processed in the joint register:
- customer’s name, personal identity code and date of birth,
- customer’s language, gender information (if provided by the customer),
- contact information (e.g. address and phone number),
- information of permissions and prohibitions set by the customer (direct marketing prohibition, email and mobile phone marketing permissions, research survey prohibition and telephone marketing prohibition),
- information on the customer belonging to a co-op member household and the customer’s co-op member/service number,
- co-op member’s deposit account for benefits payable in cash and S-Etukortti cards with payment features.
- The S-mobiili usage data processed in the joint register includes, for example, information on the activation of S-mobiili and the devices on which the application is used, the digital footprint of the use of the service, and feedback on S-mobiili provided in the service.
- The information in the joint register is also included in S Group’s co-op member and customer register and in S-Bank’s customer register, where it is used in accordance with the purposes of data use of these registers.
- In addition to the information in the joint register, S Group’s co-op member and customer register and S-Bank’s customer register contain a lot of other information that is not disclosed to the joint register. For example, the joint register is not used to process S-Bank’s transaction data or S Group’s purchase data.
More information on the personal data included in the joint register can be found in the privacy statements of SOK and S-Bank as of March 2023.
What will change in the processing of personal data?
The change to the joint register is not visible directly to customers, as S Group and S-Bank have also previously cooperated in the management of joint customers’ data. Previously, S Group and S-Bank have provided each other information regarding matters such as the contact information of joint customers so that the customer would not have to provide the information twice. In future, the contact information will be updated directly in the jointly maintained joint register of SOK and S-Bank. Data maintenance will be easier, and the development of our common services, such as S-mobiili, will become even smoother than before.

The data collected from the use of S-mobiili in the joint register enables better and more customer-oriented development of the service. Together, we can analyse the way different customer groups using S-mobiili utilise the service. Previously, the data collected on the use of S-mobiili’s retail services has been analysed by SOK, and the use of S-mobiili’s banking features has been analysed by S-Bank.
How is the joint register communicated to customers?
Customers will be informed of the establishment of the joint register mainly through SOK’s and S-Bank’s website. All customers in the joint register who have access to S-mobiili will also be informed of the change by a notice displayed in S-mobiili. In addition, we send information by email to those customers whose confirmed email address is known to us. No action is required from customers to be included in the joint register.

In March, we will also update the privacy statements of S Group’s co-op member and customer register and S-Bank’s customer register.
How is the protection of personal data ensured?
Careful and lawful data processing is a matter of pride for us and of the utmost importance – we want to be worthy of the trust of our customers.

We diligently protect personal data throughout its lifecycle by employing the appropriate information security and data protection mechanisms. Information security management in S Group and thus the protection of personal data is based on proactive risk management, on the basis of which we define adequate and lawful mechanisms to ensure information security and data protection.

We regularly provide training for our personnel who process personal data and ensure that our partners’ personnel also understand the confidential nature of personal data and the importance of secure processing.

We monitor and supervise our systems continuously and systematically. In the event of a possible information security incident, we will act in accordance with the requirements of the law and the defined process and, if necessary, notify the relevant authorities as well as the data subjects.
Where can I get more information?
More information is provided both in the data protection information of S Group’s co-op member register S-Etukortti customers – S Group’s data protection website (s-ryhma.fi) and in the data protection information of S-Bank’s customer register at Data protection secures your personal data (s-pankki.fi).

If necessary, you can also contact the Data Protection Officer by email: tietosuojavastaava@sok.fi .

What are the legal grounds and storage periods for the processing of personal data in the joint register?

Below is a list of common information that S-Bank and SOK process for joint purposes.

Data	Purpose of use	*Storage period in the joint register )**	Legal grounds
Basic personal data (name, social security number, date of birth, language, gender, date of death)	Maintaining and updating data for the provision of co-op member and employee benefits.	For as long as the customer is included in the joint register.	Contract, legitimate interest in relation to gender data
Contact information (permanent and temporary postal address, mobile phone number, other phone number, email address)	Maintaining and updating data for the provision of co-op member and employee benefits.	For as long as the customer is included in the joint register.	Agreement
Employee information (information on belonging to the personnel, information of right to employee discounts)	Maintaining and updating data for the provision of employee benefits.	For as long as the customer is included in the joint register.	Legitimate interest
Co-op member’s household (information about a person belonging to a co-op member’s household, validity period, member/customer number)	Maintaining and updating data for the provision of co-op member and employee benefits.	For as long as the customer is included in the joint register.	Agreement
Payment account for benefits (valid account number for the payment of benefits)	Maintaining and updating data for the provision of co-op member and employee benefits.	For as long as the customer is included in the joint register.	Agreement
S-Etukortti Visa (card type, card validity, information on which cooperative’s membership was used to order the card)	Creation of an S-Etukortti Visa card with the customer’s details. Managing settlements on matters related to the production of co-op member benefits.	For as long as the customer is included in the joint register.	Agreement
Consent and prohibitions (direct marketing prohibition, email marketing permission, mobile marketing permission, telemarketing prohibition, survey prohibition and prohibition information of the Robinson prohibition service offered by Suomen Asiakkuusmarkkinointiliitto ry)	Maintaining and updating data.	For as long as the customer is included in the joint register.	Legitimate interest
Information about the deployment of S-mobiili and the guardian’s consent if the user is under 13 years of age	Production of the S-mobiili service.	For the validity period of the S-mobiili agreement.	Agreement
Advertising identifier obtained from the mobile device in S-mobiili to identify it	Maintaining and updating information.	For as long as the consent is valid. However, no longer than the validity period of the S-mobiili agreement.	Consent
Consents concerning S-mobiili (use of location data, reception of notifications)	Maintaining and updating information. Targeting marketing, content and announcements. Improving the customer experience and business.	For as long as the consent is valid. However, no longer than the validity period of the S-mobiili agreement.	Legitimate interest
Customer feedback on S-mobiili given in S-mobiili	Development of the S-mobiili mobile app and replying to feedback.	Two years.	Legitimate interest
S-mobiili’s digital footprint (processing in the joint register and disclosure to the customer registers of S-Bank and SOK)	Improving the customer experience, profiling for targeting marketing communications, and development of S-mobiili.	Two years. However, no longer than the validity period of the S-mobiili agreement.	Consent
Customer’s choice of user interface for S-mobiili	Making the S-mobiili user interface more personal.	For the validity of the chosen option. However, no longer than the validity period of the S-mobiili agreement.	Agreement
Information on which benefits the customer has marked as favourite and if they have removed a benefit from favourites	Making the S-mobiili user interface more personal. Improving the customer experience, targeting content and developing S-mobiili.	For the validity of the chosen option. However, no longer than the validity period of the S-mobiili agreement.	Agreement
Allocating customers into groups based on their use of S-mobiili	Recommending and personalising benefits and services. Making the S-mobiili user interface more personal. Improving the customer experience, targeting content and developing S-mobiili.	Five years. However, no longer than the validity period of the S-mobiili agreement.	Legitimate interest

* Personal data will also be processed as part of SOK’s co-op member and customer register and S-Bank’s customer register independently for their own purposes.

FOR FURTHER INFORMATION

You can contact S Group’s customer service at +358 10 76 5858 (mobile call charge/local network charge) or via the feedback form. S-Bank’s customer service is available at +358 10 76 5800 (Mon–Fri 9 am–4 pm, mobile call charge/local network charge). When you call S-Bank’s customer service, you will always need online banking credentials or S-mobiili authentication.

Glossary

Co-op member
A co-op member is an individual member of the S Group’s co-op membership system.
Co-op member household
A co-op member household consists of people who accumulate shared Bonus from purchases. A co-op member household is formed around a person who has joined the cooperative as a co-op member. This person is called the main member. The main member may invite people into their co-op member household or remove people from it by informing the cooperative.
Person belonging to a co-op member household
A person who has been invited to accumulate Bonus and other benefits as part of a co-op member household formed around a person who has joined as a co-op member. Every member of a co-op member household signs an agreement on joining the co-op member household and S Group’s co-op membership system and accepts the related processing of their personal data within S Group’s co-op member and customer register. For underage children, the agreement is signed by the child’s guardian.
Personal data
Personal data includes your first and last name, social security number, phone number and information on how you use a service, for example. Any information that can be linked to an identified or identifiable person is considered personal data.
Processing of personal data
The processing of personal data includes all activities concerning personal data, such as collection, storage, modification, disclosure, correction and deletion.
Grounds for the processing of personal data
The processing of personal data always requires legal grounds for processing. The grounds must be determined before starting the processing. Examples of grounds for processing personal data include a contract, consent or the legitimate interest of the controller.
Purpose of use of personal data
The purpose of the processing of personal data must be clearly determined before the start of the processing. Personal data may only be collected for specific, explicit and legitimate purposes. The purposes of the processing of personal data must be identified, documented and disclosed to the data subjects. Examples of purposes of personal data use include the maintenance of the customer’s basic information and the implementation of services in accordance with a contract.
Disclosure of personal data
The disclosure of personal data refers to the provision of personal data by the data controller to a third party for its own purposes on legal grounds. The disclosure of personal data must be described in the privacy policy.
Processor
A personal data processor is a party acting on behalf of the data controller and assisting the data controller with the data processing on a contractual basis and according to the data controller’s instructions. The processor may have access to personal data to perform support or maintenance tasks, for example.
Data controller
A data controller is a party that is responsible for the processing of personal data, i.e. who determines, among other things, which personal data is collected, for which purposes the data is used and how the data is protected. The data controller is also obligated to ensure the data subject’s rights and other legal requirements on the data controller.
Rights of the data subject
When the data controller processes personal data, it must take appropriate measures to ensure the implementation of the data subjects’ data protection rights. It must also facilitate the exercise of the rights of the data subject. According to the General Data Protection Regulation, the data subject has the right, for example, to receive information about the processing of their personal data, to access their data, to correct their data, to object to the processing in certain situations and to request the deletion of their data. However, the data subject cannot exercise all rights in all situations. For example, the grounds for the processing of personal data have an effect on the matter.
Data subject
A data subject is a person whose personal data the data controller uses for predetermined purposes. Data subjects can be our customers who use our services or S Group employees, for example.
Privacy policy
- Privacy policy is the term we use for information on the processing of personal data.
General Data Protection Regulation, GDPR
GDPR stands for General Data Protection Regulation. It is a regulation governing the processing of personal data, which entered into force in all EU countries in spring 2018. The General Data Protection Regulation provides protection for your personal data and provides the means to control the processing of your data.