Suomeksi(FI)In English(EN)På Svenska(SV)
S-Etukortti - To the front pageS-ETUKORTTI
S-Etukortti - To the front pageS-ETUKORTTI

How can we help?

Data protection glossary

Updated 2 months ago

This glossary explains key data protection terms, such as personal data, data controller, data subject, legal basis for processing, and GDPR.

Co-op member

A co-op member is an individual member of a co-operative that belongs to S Group's membership system.

Household

A household consists of individuals who earn shared Bonus cashback together. It is formed around the person who joins as a co-op member. This person is called the main member. The main member can invite individuals to join the household or remove them by notifying the co-operative.

Household member

An individual invited to earn Bonus and other benefits in a household formed around the person who joined as a co-op member. Each person joining a household enters into an agreement to join the household and S Group's membership system. They also accept the related processing of their personal data in S Group's co-op member and customer register. For underage children, the agreement is entered into by the child's legal guardian.

Personal data

Personal data is any information that can be linked to an identified or identifiable person. For example:

  • First name, last name

  • Personal identity number

  • Phone number

  • Data generated from using a service

Processing of personal data

Processing of personal data refers to any action targeting personal data. For example:

  • Collection

  • Storage

  • Modification

  • Disclosure

  • Correction

  • Deletion

Legal basis for processing personal data

Processing personal data always requires a legal basis provided by law. The basis must be determined before processing begins. The legal basis for processing personal data can be, for example:

  • Contract

  • Consent

  • Legitimate interest of the data controller

Purpose of processing personal data

The purpose of processing personal data must be clearly defined before processing begins. You may only collect personal data for specific, explicit, and lawful purposes. The purposes of processing personal data must be specified, documented, and communicated to data subjects. The purpose of processing personal data can be, for example:

  • Maintaining customer basic information

  • Providing services according to a contract

Disclosure of personal data

Disclosure of personal data means when a data controller, on lawful grounds, provides personal data to a third party for use in their own purposes. Disclosure of personal data is described in the privacy notice.

Processor

A processor of personal data is an entity that acts on behalf of the data controller and assists the data controller in processing data based on a contract and the data controller's instructions. A processor may, for example, have access to personal data when performing support or maintenance tasks.

Data controller

The data controller is the entity responsible for processing personal data. It determines, among other things, how personal data is collected, used, and protected. The data controller is also responsible for implementing the rights of data subjects and other requirements the law places on data controllers.

Data subject

A data subject is an individual whose personal data the data controller uses for predefined purposes. You can be a data subject, for example, as:

  • An S Group customer who uses S Group services

  • An S Group employee

Privacy notice

Privacy notice is the term S Group uses for information about the processing of personal data.

General Data Protection Regulation, GDPR

GDPR stands for General Data Protection Regulation. It is a regulation governing the processing of personal data, which became applicable in all EU countries in spring 2018. The GDPR provides protection for your personal data and means to control the processing of your information.