Skip to content
PrivateCorporate customersService points
PassengersParcelsFrequently asked questionsCustomer serviceNews
Log in
Front page

Information Security Policy

The information security policy of Oy Matkahuolto Ab (hereinafter “Matkahuolto”) describes the principles, objectives, and implementation of information security. The information security policy defines the information security requirements that support Matkahuolto’s business operations, as well as the planning, development, and implementation of activities in accordance with the policy. In addition, supporting guidelines have been prepared for different areas of information security to complement the information security policy and to support the implementation of information security requirements and objectives.

At Matkahuolto, information security means the protection of all data processed by Matkahuolto to the extent necessary to ensure confidentiality, integrity and usability. It also includes the information security requirements required for the implementation of data protection.

The Information Security Policy obliges all Matkahuolto employees, partners and service providers that process Matkahuolto's data or systems.

Information security objectives

The primary objective of information security is to ensure the continuity of Matkahuolto's operations. Information security protects the confidentiality, integrity and availability of information. In addition to the operating environment and stakeholder expectations, Matkahuolto's information security goals are based on statutory obligations and business continuity requirements.

Matkahuolto's information security goals are:

  • Ensure business continuity.

  • To protect the personal data processed during operations.

  • Protect the data processed in the operation in accordance with the classification requirements.

  • Ensure compliance with legal obligations.

  • Ensure that customer expectations and requirements are met in terms of data security.

  • Integrate information security as part of the operating culture.

Processing of personal data

The processing of personal data is defined in Matkahuolto's data protection policy. Data protection is ensured in all forms of data throughout its life cycle. Personal data is processed in accordance with data protection requirements and is protected from unauthorised processing.

Information security requirements

The required level of information security is determined based on a risk assessment. The requirements apply to both Matkahuolto's own operations and partners processing Matkahuolto's data. If necessary, the compliant level of information security can be verified through assessments and audits.

Information security risk assessment

Information security risk assessments serve as a basis for determining the required level of information security. Risks are assessed when designing new services or systems and in connection with significant changes. Regarding information security-critical systems, risk assessments are carried out regularly.

Classification and protecting of information

Matkahuolto classifies information according to its confidentiality. The classification of information guides the risk assessment and the required information security measures.

Information security awareness and training

Matkahuolto uses various operating models to improve the information security awareness of its personnel: training, communications, intranet news and simulated exercises. In addition, tailored information security training can be organised for different employee groups.

Information security monitoring

The implementation of information security is regularly monitored and supervised by technical and organisational means. Observations, deviations and development needs are processed in a defined manner, and the state of information security is reported to the management as part of continuous improvement.

Handling information security incidents

Matkahuolto has operating models and services in place for identifying information security incidents, as well as operating models for processing and reporting potential data breaches.

Review and approval

The Information Security Policy is approved by Matkahuolto's Management Team.

The information security is part of Matkahuolto's management system. Information security is being developed to correspond to the target state of Matkahuolto's business, which is defined by the top management. The development goals, areas and tasks of information security are described in the information security strategy. The different areas of information security are defined in more detail with operating principles and guidelines. They are processed and approved by the Information Security Steering Group.

Matkahuolto's Management Team has approved the Information Security Policy on 30.3.2026.

PrivateCorporate customers

Passengers

TimetablesTravel ticketsMatkat appMost popular routesJourney PlannerKamppiTravelingInstructions and terms of use

Parcels

Send a parcel domesticallySend a parcel abroadPaketit appPackingReceive a parcelReturn a parcelParcel points and parcel lockersTerms of use for parcels

Useful tips

Customer serviceNewsFrequently asked questionsJob vacanciesData protection and information securityAccessibility statementsContact detailsInvoicing

Matkahuolto as a company

Matkahuolto as a companyStrategyOur storyPersonnelCompany managementCorporate responsibility Annual reports and reportingFor the media

Social media

Facebook
Instagram
LinkedIn