General
The protection of personal data and other data important for our operations is based on a proactive risk management model used by the S Group. It defines a high level of requirements for the planning and implementation of our various data security activities, which include the protection of data communications, secure hardware facilities as well as digital and physical access control related to various materials and facilities.
Cooperation is power when taking care of data security. We work in close cooperation with, for example, data security service providers as well as national and international data security forums and authorities. Based on our own monitoring data and information on threats obtained from elsewhere, we constantly update our data security practices, instructions and requirements. We also require compliance with the data security requirements from all of our partners and third-party operators who process our customers’ data, for instance.
The competence and know-how of our own personnel is one of the cornerstones of our data security activities. We continuously monitor and develop the data security awareness of all S Group employees. We train those of our employees who participate in the processing of personal data, and work to ensure that our partners’ personnel also understand the importance of secure processing of personal data. Access to the personal data we store is restricted and the employees processing the personal data are subject to a non-disclosure obligation.
Hard copies containing personal data are stored in locked, fire-safe storage facilities.
Scams in S Group’s name
Unfortunately, the S Group is also an attractive target for criminals: from time to time, our well-known chains and services are used for scams directed at our customers. For example, scam messages, such as notices of alleged won raffles, have been sent in the name of S-Bank and Prisma.
Such scams are typically sent via email or SMS. The messages often request the recipient’s online banking identifiers or a payment to redeem the “prize”. You should never reply to such messages or any other suspicious messages, or click any links in them. Criminals use the messages to try to collect confidential information, distribute malware and commit the respondent to unreasonable contractual terms.
What should I do?
When contacting you, the S Group never asks for your credit card details, your online banking credentials, your passwords or any other confidential information. All our pages on social media are verified by the service in question. We use clearly recognisable characters and links in all our communications.