Tietoevry Tech Services
As of 2 September 2025, Tietoevry Tech Services, earlier part of Tietoevry Group, will operate as a standalone company. We'll soon be operating under a new name: Vivicta. You will discover more about our new brand by the end of the year.

On this new website, you may find some content or links that still refer to Tietoevry Group. We are actively working on updating these pages.

Thank you for your understanding.

Read more
noun_Email_707352 noun_917542_cc Map point Play Untitled Retweet Group 3

Privacy notice

General notice Website Visitor notice Business Relations and External stakeholders Privacy notice
Recruitment notice Facility Visitor Notice -

 

General notice

Scope of this notice

Data protection principles

Personal data categories

Collection of personal data

Purpose of processing

Data sharing

Transferring information outside the EU/EEA

Data retention

Rights of access, rectification, erasure, and restriction

Right to withdraw consent

Automated decision-making

Data security

Contact Details

Changes and third party links

Scope of this notice 

This General notice is issued on behalf of Tietoevry Tech Services so when "Tietoevry Tech Services", "Tech Services", "we", "us" or "our" is mentioned in this notice, we are referring to the relevant company within Tietoevry Tech Services responsible for processing your data.

The purpose of this General notice is to provide you with information regarding the collection and processing of your personal data by us. It also informs you about your privacy rights and the legal protection in place. It is crucial that you carefully review this General notice alongside any additional privacy notices we may provide for specific instances where your personal data is being collected and/or processed. These privacy notices can be accessed by clicking on the relevant links above. It is important to note that this General notice complements the other notices and does not take precedence over them. Please be aware that our website is not intended for use by children, and we do not knowingly collect data related to children. This notice is not considered a contractual component for service provision.

Data Controller of your personal data

The party responsible for making decisions regarding the use of your personal data is referred to as the "data controller". The data controller is also accountable for determining how your personal information is stored and maintained. As Tietoevry Tech Services is composed of multiple legal entities, the specific entity serving as the data controller for your data depends on the situation in which your personal data is collected.

The following entities will act as data controllers in relation to you:

  • Tietoevry Tech Services, and
  • The Tietoevry Tech Services affiliate with which you are interacting in a particular situation, such as the affiliate organizing an event you are participating in or the affiliate acting as your employer in a recruitment process in which you are involved.

Data protection principles

We are fully committed to safeguarding the privacy and security of your personal information, in strict compliance with the relevant privacy laws. This entails that the personal information we process must adhere to the following principles:

  1. It must be used in a lawful, fair, and transparent manner.
  2. It should only be collected for legitimate purposes, which we have clearly communicated to you, and must not be utilized in any way that is incompatible with those stated purposes.
  3. The information must be relevant to the purposes we have disclosed to you and limited to those specific purposes.
  4. It must be accurate and kept up to date.
  5. It will be retained only for as long as necessary for the purposes we have disclosed to you.
  6. It will be stored securely to ensure its protection.

Personal data categories

Personal data, also referred to as personal information, means any information that can identify an individual. This definition excludes anonymous data, where the identity has been removed. Depending on the circumstances, we collect, use, store, and transfer various types of personal data related to you. For more specific details regarding the processed data, please consult the specific privacy notices accessible on this website.

Additionally, we collect, utilize, and share Aggregated Data, such as statistical or demographic information, for various purposes. Although Aggregated Data may be derived from personal data, it is not considered personal data under the law as it does not directly or indirectly disclose your identity.

As a general practice, we do not typically collect any special categories of personal data concerning you, which includes details about your racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, or genetic and biometric data. Furthermore, we do not process any information pertaining to criminal convictions and offenses. In the rare cases when we do process such data, we ensure compliance with the applicable legislation.

Collection of personal data

We employ various approaches to collect data from you or about you, which encompass direct engagements, automated technologies, or publicly accessible sources.

In situations where we are legally obligated or contractually bound to collect personal data from you, and you fail to provide such data upon request, it may impede our ability to fulfill the contract we have established or are attempting to establish with you. For instance, this could result in the cancellation of a product or service that you have with us. However, we will notify you if such a circumstance arises.

Purpose of processing

We will only utilize your personal information in accordance with applicable laws. We will process your personal information for the following reasons:

  • If you have provided consent for the processing of your personal information for specific purposes.
  • If the processing of your personal data is necessary to fulfill a contract you are involved in or to take steps at your request prior to entering such a contract.
  • If we are required to comply with a legal or regulatory obligation. This means we process your personal data when it is necessary to comply with a legal or regulatory obligation imposed on us.
  • If it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not outweigh these interests. We ensure that we carefully consider and balance any potential impacts (positive or negative) on you and your rights before processing your personal data for our legitimate interests. We do not use your personal data for activities where our interests are outweighed by their impact on you (unless we have your consent or are otherwise required or permitted by law). For more information on how we assess our legitimate interests against their potential impact on you for specific activities, please contact us.
  • Occasionally, we may also use your personal information in rare situations, such as when we need to protect your interests or those of someone else, or when it is necessary for a public interest or official purposes. We will only utilize your personal data for the purposes for which it was collected, unless we reasonably determine that we need to use it for another purpose that is compatible with the original purpose. If you would like an explanation of how the processing for the new purpose is compatible with the original purpose, please reach out to us at privacy.techservices@tietoevry.com If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis that allows us to do so. Please note that, in compliance with the aforementioned rules and as required or permitted by law, we may process your personal data without your knowledge or consent.

Data sharing

Sharing within Tietoevry Tech Services group

As part of our routine reporting activities concerning company performance, business reorganization, group restructuring initiatives, and system maintenance support, we will share your personal information with other entities affiliated with us.

The group entities serving as data controllers with respect to your personal data are Tietoevry Tech Services and the Tietoevry Tech Services affiliate specified within the "Scope of the General notice / Data Controller of your personal data" section of this General notice. In situations where applicable, additional group entities will function as data processors, processing your personal data on behalf of the data controllers.

Third parties acting as data processors

We collaborate with third-party service providers, which may include contractors and designated agents, for the purpose of transferring your data. It is important to note that all of these third-party service providers and other entities within our group are obligated to implement adequate security measures to safeguard your personal information. They are strictly prohibited from processing your personal information for their own purposes.

Third parties acting as data controllers

In certain circumstances, we may choose to disclose your personal information to third parties who also act as data controllers. These situations may arise when it is required by law, necessary to administer our relationship with you, or when we have a legitimate interest in doing so. Examples of such situations include:

  • Explicit request made by you.
  • Disclosure for a legitimate purpose, such as when we are facilitating a joint event or conference with a third party and have informed you beforehand that your data would be shared with them.
  • In the event of a merger, acquisition, or another corporate transaction.
  • Compliance with legal obligations or the need to enforce and protect the rights, property, or safety of Tietoevry Tech Services, our clients, or others.

Transferring information outside the EU/EEA

Within the Tietoevry Tech Services Group, we do share your personal data. As a result, your data may be transferred outside of the European Economic Area (EEA). Additionally, our external third-party

entities are situated outside of the EEA, which means that their processing of your personal data will involve transferring the data outside of the EEA.

When we transfer your personal data outside of the EEA, we take measures to ensure that a similar level of protection is provided. This is achieved by implementing at least one of the following safeguards:

  • We only transfer your personal data to countries that have been deemed by the European Commission to offer an adequate level of protection for personal data. For further information, you can refer to the European Commission's evaluation of the adequacy of personal data protection in non-EU countries.
  • In certain cases, when we utilize specific service providers, we may employ contracts that are specifically approved by the European Commission. These contracts grant your personal data the same level of protection it receives within Europe. For more details, you can consult the European Commission's model contracts for the transfer of personal data to third countries.

If you would like further information on the specific mechanisms we employ when transferring your personal data outside of the EEA, please reach out to us at privacy.techservices@tietoevry.com.

Data retention

We will only retain your personal information for the duration required to fulfill the purposes for which it was collected. This includes meeting any legal, accounting, or reporting obligations that may arise.

When determining the appropriate retention period for personal data, we consider various factors. These factors include the quantity, type, and sensitivity of the personal data, the potential risks associated with unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, the availability of alternative methods to achieve those purposes, and the applicable legal requirements.

In certain circumstances, we may anonymize your personal information, rendering it incapable of being linked back to you. In such cases, we may utilize this anonymized information without providing you with further notice.

Rights of access, rectification, erasure, and restriction

In specific circumstances, you have the legal right to:

  • Make a request to access your personal data (commonly known as a "data subject access request"). This allows you to obtain information on how we process your personal data and receive a copy of the personal data we hold concerning you.

  • Request the correction of any inaccurate or incomplete personal data we hold about you. This enables you to ensure that any incorrect or incomplete information is rectified, although we may need to verify the accuracy of the updated data you provide.

  • Request the deletion or removal of your personal data. You can ask us to delete or remove personal data when there is no valid reason for us to continue processing it. You also have the right to request the deletion or removal of your personal data if you have successfully exercised your right to object to processing, if we have processed your data unlawfully, or if we are required to erase your personal data in compliance with local laws. Please note that specific legal reasons may prevent us from fulfilling your request for deletion, and these reasons will be communicated to you, if applicable, when you make the request.

  • Object to the processing of your personal data when we rely on legitimate interests (either our own or those of a third party), and you have specific circumstances that make you want to object based on the impact on your fundamental rights and freedoms. You also have the right to object when we process your personal data for direct marketing purposes. However, we may demonstrate that we have compelling legitimate grounds to process your data that override your rights and freedoms.

  • Request a restriction on the processing of your personal data. This enables you to ask us to temporarily suspend the processing of your personal data in certain scenarios: (a) if you want us to verify the accuracy of the data; (b) where the use of the data is unlawful, but you prefer it to be suspended rather than deleted; (c) where you need us to retain the data, even if we no longer require it, as you need it to establish, exercise, or defend legal claims; or (d) if you have objected to our use of your data and we need to verify whether we have legitimate grounds to continue using it that outweigh your objections.

  • Make a request to transfer your personal data to yourself or a third party. We will provide you, or the designated third party, with your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information that you initially provided consent for us to use, or where we used the data to perform a contract with you.

If you wish to review, verify, correct, or request the erasure of your personal information, object to the processing of your personal data, or request the transfer of your personal information to another party, please contact us at privacy.techservices@tietoevry.com.

There is no fee required for accessing your personal information or exercising any of your other rights. However, in situations where your request for access is evidently unfounded or excessive, we reserve the right to charge a reasonable fee. Alternatively, we may choose not to fulfill the request in such circumstances.

In order to verify your identity and uphold your rights to access information (or exercise any other rights), we may require some specific details from you. This measure is implemented to ensure the security and confidentiality of personal information, preventing any unauthorized disclosure to individuals who are not entitled to receive it.

Right to withdraw consent

In situations where you have given your consent for the collection, processing, and transfer of your personal information for a particular purpose, you have the right to withdraw that consent at any time. To do so, please reach out to us at at privacy.techservices@tietoevry.com. Upon receiving your withdrawal request, we will cease processing your information for the specific purpose(s) you initially agreed to, unless we have another legal basis for continuing the processing.

Automated decision-making

Automated decision-making refers to the process in which an electronic system utilizes personal information to make decisions without human involvement. Rest assured that we will not subject you to decisions solely based on automated decision-making, if such decisions would have a substantial impact on you, unless we possess a lawful basis for doing so and have notified you accordingly. In the event that we make an automated decision based on highly sensitive personal information, we must obtain either your explicit written consent or justify it based on the public interest. Additionally, we are obligated to implement suitable measures to safeguard your rights in such cases.

Data security

Third parties are only allowed to process your personal information if it is done under our explicit instructions and if they have agreed to treat the information securely and in a confidential manner. We have implemented appropriate security measures to prevent any accidental loss, unauthorized access, misuse, alteration, or disclosure of your personal information. Furthermore, we restrict access to your personal information to only those employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal information on our behalf and are bound by a duty of confidentiality. To address any suspected breaches of data security, we have established procedures and will promptly notify you and relevant regulatory authorities if such a breach occurs, as required by law.

Contact Details

Contact Details

The contact details of Tietoevry Tech Services:

Full name of legal entity:

Postal address:

Telephone number:

The contact details of other data controllers responsible for your personal data can be found here.

Data Protection Officer

We have designated a Data Protection Officer (DPO) to address any inquiries or concerns related to this privacy notice. If you have any questions regarding this notice or if you wish to exercise your legal rights, please reach out to us at dpo.techservices@tietoevry.com.

You are entitled to lodge a complaint with the relevant supervisory authority responsible for data protection matters at any time. However, we kindly request that you first allow us the opportunity to address your concerns directly before contacting the authority. We would appreciate the chance to resolve any issues you may have in the initial stage.

Changes and third party links

Tietoevry Tech Services retains the right to modify this General Privacy notice and any specific privacy notices at its discretion, without prior notice to you, except for the posting of the revised notices on this website. It is important for you to periodically review this Privacy Notice to stay informed about any changes or amendments.

On this website, you may come across links to third-party websites, plug-ins, and applications. By clicking on these links or enabling the connections, you may grant third parties the ability to collect or share data about you. It is important to note that we have no control over these third-party websites and their respective privacy statements. We do not assume any responsibility for them. Therefore, we strongly advise that you acquaint yourself with the privacy notice of each website you visit when you leave our site.

 

Share on LinkedIn Share on Threads Share on Facebook