1 Introduction
Your privacy is very important to Suomen Vero- ja Lakipalvelut Oy (“SVL”), and we want to keep our clients, whether current or prospective, up to date on how we collect and process our clientele’s personal data.
SVL obtains and processes your personal data whilst we provide our services. Such services include, inter alia, the maintenance of our website (www.verolakipalvelut.fi) and all directories and databases related thereto, SVL’s engagements and assignments and the execution thereof (hereinafter referred to as the “Services”).
The purpose of this privacy notice is to make you aware of how we obtain and process your personal data as a data controller. Furthermore, we want to show our commitment to protecting the personal data of all clients using our Services in accordance with the applicable legislation.
2 Controller
Suomen Vero- ja Lakipalvelut Oy
Aurakatu 3 C, 2100 Turku
[email protected]
3 Contact person
Our contact person regarding all issues related to SVL’s privacy policy or customer register is:
Valpuri Kulovaara
Suomen Vero- ja Lakipalvelut Oy
Aurakatu 3 C, 2100 Turku
[email protected]
4 Use of personal data
We obtain, process and maintain personal data included in the customer register in order to adequately provide, develop and inform of our Services. Most commonly required personal data include the contact details of the client or the client’s representative, the purpose of which is to contact the registered person in order to execute an engagement, assignment, communication or invoicing. SVL maintains and updates the customer register and the personal data included therein. The customer register contains only active customerships at the given time.
In practice, we use your personal data in order to manage and develop our relationship with you. Moreover, we use personal data in order to maintain active communication with all our current and potential future clients. We also process personal data in order to plan and execute single transactions and to maintain and develop our business operations to a reasonable extent.
SVL has, in principle, a legal basis to process your personal data for the aforementioned reasons. These grounds relate primarily to your customer relationship with us. This relationship is especially based on your role in a company or your possible role in public office. We want to emphasize the fact that our means of obtaining, processing and retaining personal data relevant for our business operations are regulated by extensive regulation. Because of the obligations arising thereof or in connection therewith, we are required to obtain personal data and maintain customer register in order to comply with our statutory obligations.
5 Legal basis for processing personal data
Our legal basis for processing personal data are ultimately:
- our legitimate interest related to the effective execution of Services and SVL’s business operations, when these do not collide with your rights;
- various statutory obligations that we are obliged to comply with;
- comply with all our obligations arising out of or in connection with the general terms and conditions of SVL;
- your consent to data processing, in case no other legal grounds apply.
6 Personal data obtained by SVL
We obtain personal data only when it is deemed necessary in relation to the aforementioned purposes. Therefore, the nature and extent of the personal data obtained by us varies depending on, inter alia, the client and the nature of our relationship with regards to an individual client. Specific types of personal data that we utilize in our operations are listed below.
We process personal data related to the identification of individuals and communication with individuals. This personal data typically concerns the entity employing you or otherwise represented by you. It may include, inter alia, the following information:
- Information necessary for identification (e.g. name);
- The contact details of a client entity (e.g. the name of the company, postal address, telephone number); and
- Other necessary information (e.g. URL-address of a website, name of an employee/representative, position of an employee/representative in the company, email addresses).
In addition, we may retain certain personal data that is deemed essential for the managing the relationship with a client. This information includes, inter alia, the following:
- the birth date of the client’s contact person; and
- certain legally relevant information and other necessary information intended for limited purposes only.
We also process information that is related to the customer relationship per se or potential future customer relationship. This information is required in order to provide you with our Services and may include, inter alia, the following:
- services ordered by the client;
- information related to the execution and invoicing of a service;
- information related to meetings and negotiations; and
- other material information or communication-related information arising out of or in connection with a current customer relationship or potential future customer relationship.
All other information deemed unnecessary may be erased and will not be obtained or processed. Furthermore, we do not obtain or collect personal data related to special categories of personal data. This includes, inter alia, information on racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership.
7 Sources of personal data
The personal data we obtain originates, in principle, from you and is based on customer relationship. We may also obtain personal data when executing our business operations. We may also obtain public information from public domains, such as websites. We may also obtain other information related to your function or role in an entity or public office.
A part of the personal data we utilize may originate from information previously retained by us. We may e.g. combine, structure, complement or analyse information already possessed by us and generate new information by engaging in aforementioned measures. Information may be obtained from, inter alia, trade register, a website of a company or other equivalent public sources.
We obtain personal data deemed relevant for the customer relationship. In principle, we update personal data only at your request or in connection with a new engagement.
8 Transferring and sharing personal data
In principle, we do not share or transfer personal data to third parties without your explicit consent. However, in certain cases we are obliged to share personal data with third parties. We may be obliged to share your personal data e.g. under an obligation arising out of or in connection with applicable legislation or in order to prepare legal actions or to our Service to our clients.
We may use external service provides, which may require processing personal data and therefore transferring personal data to third parties, who also process information in order to provide SVL with their respective services. As a principle, only such personal data is transferred that is deemed indispensable for the proper use of such services. In these cases, we ensure that adequate information security measures and, when applicable, necessary contractual measures are taken in order to preserve adequate protection and processing of your personal data in accordance with the requirements arising out of the applicable legislation, our data protection practice and our privacy policy.
Some of our subcontractors, distributors and business partners are situated outside the European Economic Area (“EEA”). Information obtained by us may be subject to transnational transfers when we use the services provided by aforementioned operators. Such transfers of information may include transferring personal data outside of the European union and EEA to such countries, where the applicable legislation regarding the protection of personal data may differ from the requirement arising out of the Finnish or European regulation. In these cases, we ensure that adequate data protection is applied by e.g. applying standard contractual clauses and other measures in accordance with the data protection regulation.
9 Protection of personal data
In order to adequately protect your personal data, we are committed to comply with best practices on procedures for data protection, act in accordance with duty of care and maintain high standards regarding the level of data protection. In practice, this means that we use physical, administrative and technical protection measures in order to minimize and mitigate the risk of discarding personal data and to prevent the abuse, unauthorized use, publication or amendment of personal data.
We and all our external service providers who participate in processing personal data are committed to taking sufficient technical and administrative measures in order to protect your personal data against unauthorized use, intentional or negligent amendment, deletion, sending, transmission and all other unlawful data processing methods.
All our employees have been adequately instructed and practices have been designed to maintain high-quality data protection and to facilitate the administration of our registers. All our processing of personal data is always executed by trained employee, who is aware of best practices on procedures for data protection and is able to identify risky processing methods. Access to your personal data is restricted to persons, who are required to process your personal data in order to comply with their obligations. We store all data transferred by you to a protected server so that only personnel explicitly authorized by SVL may examine and use such data. We may also protect personal data by utilizing cryptographic protocols, such as the Secure Sockets Layer (“SSL”), or other similar encryption software.
10 Retention of personal data
How long we retain specific personal data depends on the personal data concerned and the purposes for its processing. We will retain personal data at least for as longs as required in order to carry out the purposes of processing mentioned in this privacy policy, such as in order to perform our contractual or statutory obligations.
When your personal data is no longer needed, it will be destroyed in a secure way. Alternatively, we may irrevocably anonymize such data that it may no longer be associated with you or other person(s). Depending on the nature of the personal data, SVL may be obliged to retain your personal data for certain duration under applicable legislation. Therefore, exact retention times depend on the nature and type of personal data.
11 Your rights regarding your personal data
As a data subject you have the right to examine the contents of your personal data and the extent thereof. Furthermore, you have the right to request an amendment of any erroneous or outdated information.
In certain situations, you have the right to request the destruction of your personal data or transfer to another data controller. However, we kindly ask you to take into account that your personal data is essential for us in order to provide and execute our services for you. For the aforementioned reasons we are often required to retain information related to a customer relationship and we cannot execute engagements or other services for you without such information.
As a data subject, you have the right to:
- Request a copy of the personal data we process relating to you;
- Request a rectification of incorrect personal data relating to you;
- Request an erasure of personal data relating to you or a restriction of the processing thereof;
- Object to certain processing of personal data relating to you;
- Withdraw your consent to processing personal data relating to you (only to an extent that the data processing is based on your consent).
You may use your rights by sending us a message via courier or mail containing your name, address, phone number and a copy of a valid document of identification. If your request concerns personal data included in a cookie, we kindly ask you to disclose a copy of such cookie with your request. Furthermore, we kindly ask you to take into account that we may be required to request additional information when you use the aforementioned rights, if we have a reasonable suspicion regarding the identity of the natural person requesting the use of the aforementioned rights. In these situations, we request additional information solely for the purposes of verifying your identity.
We are keen to answer any questions you may have regarding your personal data or our privacy policy. In case you want more information or to use your rights, please contact SVL’s contact person.
In the event that you consider the way in which we process your personal data to be in breach of the applicable legislation. If you are located in Finland, the local data protection supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu, www.tietosuoja.fi/en/home).
12 Third party websites
This privacy policy applies only to the Services provided by SVL and we are not responsible for the data protection measures of other websites or service providers. We advise the user to always examine the privacy policies/notices and/or terms regarding personal data and/or transfers thereof.
13 Updates
This Privacy Notice was updated in February 2020.
We reserve the right to update and amend this Privacy Notice due to amendments or changes in our data processing practices or applicable legislation.
Most recent version of this Privacy Notice is available on our website.