Updated 21 May 2021
This data protection statement applies to personal data collected in connection with the assignment work and other services provided by TRUST and to personal data collected in connection with your other interaction with us. When we collect the above data in connection with, for example, TRUST services, websites, or other types of services, usually provided online, we will include a link or another appropriate reference to this data protection statement. This also applies to the collection of personal data in connection with other TRUST services, such as customer services, customer events, offers and promotional campaigns.
Any other terms related to data protection are communicated in connection with individual TRUST services. In the event of any conflict, such terms specific to service supersede this data protection statement.
Our services may also contain links to other companies’ websites and other third-party services that have their own data protection policies. We recommend that you read the data protection policies of such services carefully. TRUST is not responsible for third-party data protection practices or their content.
2 CONTROLLER AND CONTACT DETAILS
The controller is Attorneys-at-law Trust Oy (“TRUST”).
Attorneys-at-law Trust Oy (2547071-1)
Fredrikinkatu 39B 15
2.1 Contact details of the data protection officer
With respect to data protection matters, you can contact:
Message subject: “Tietosuojavastaava”
3 PURPOSES OF THE PROCESSING OF THE PERSONAL DATA AND LEGAL BASIS FOR THE PROCESSING
We process and collect the personal data mentioned in this data protection statement for the following purposes:
- Provision and maintenance, development and securing of TRUST services;
- Arranging of educational events, customer events and other events;
- Customer communication and customer relationship management as well as problem solving and message processing;
- Direct marketing purposes and other targeted advertising;
- For analytical purposes, we also collect analytics data about visitors to our websites;
- Compliance with legal obligations, for example obligations related to tax law and advocacy practice;
- We may also collect location information with your consent.
The legal bases applicable to the processing are: agreement, legal obligation, legitimate interest of the controller and consent.
Agreement as a basis for processing consists of TRUST’s general terms and conditions and data protection policy, as well as any special terms or other agreement applicable to the individual case in question. These are pursuant to TRUST’s legitimate interest and/or the user’s consent.
Legal obligation as a basis for processing is based on European Union law and applicable national law. A legal obligation may be related to, for example, advocacy practice or accounting.
Where the legitimate interest of the controller is the basis for processing, legitimate interests include customer relationship management, customer communications and marketing, events, business planning, reporting, analytics and risk management, and recruitment as well as other uses that are in TRUST’s legitimate interest under applicable law. You may at any time prohibit the processing of your personal data for direct marketing and profiling purposes.
Consent as a basis for the processing of personal data described in this data protection statement is obtained using an appropriate method, such as ticking a box indicating your consent, making a choice in the technical settings of the service or website or another clear statement or action indicating your consent, depending on the website or service you use. In principle, such consent is always as easily revocable as it has been given.
4 WHAT DATA WE PROCESS AND WHERE THE DATA ARE ACQUIRED FROM
We process personal data that we mainly receive directly from the user. Below you will find the categories, descriptions and source of personal data collected by TRUST.
|Category of personal data||Description||Source|
|Identification and contact information*||Name / name of company representative, address, telephone number, email address, nationality, position, or area of employment in the company, business ID, photo, name of person’s representative and date of birth / personal identity number.||directly from the user|
|Due diligence*||Due diligence required by the Act on the Prevention of Money Laundering and Terrorist Financing /444/2017), including persona identification number and statement on the origin of funds related to the transaction, copy of identity card.||directly from the user|
|Information and communication related to the customer relationship and the execution of the assignment*||Information and other assignment material and communication of the persons performing the assignments and related to them.||directly from the user|
|Payment and invoicing information||Account number, invoicing and payment information, collection information, credit check information, and customer ID or other customer identification information.||directly from the user|
|Consents and prohibitions given by the data subject||Information on the data subject’s consent to electronic direct marketing or the processing of personal data, as well as information on the withdrawal of the above consents and prohibitions granted by the data subject.||directly from the user|
|Information related to training and other events as well as customer communication and marketing||Participant information for trainings and other events*, customer satisfaction surveys and other customer communication and marketing.||directly from the user|
|Recruitment information*||Job application, resume, information on training and employment history, suitability assessments and other information related to the recruitment process.||directly from the user|
|Other voluntary information provided by the data subject||Information provided by the data subject in connection with, for example, contact requests, feedback or other communications.||directly from the user|
|Information about cookies||IP address, identification of electronic communications, search and browsing information of our website, browser, and operating system information.||directly from the user|
* Mandatory personal data, the provision of which is necessary, for example, for the performance of contractual or legal obligations and for the performance of assignments and the provision of other services or the organization of events and recruitment.
In addition, we collect personal information in the following situations:
- Our clients may also provide TRUST with the information of other persons related to the assignments in connection with the assignments
- In addition, personal data may be collected from the community on whose behalf the data subject acts
- Personal data may also be collected, where permitted by the law, from registers maintained by third parties, such as the trade register.
4.1 Where else personal data have been acquired
In addition to the personal data we receive from you, we may, in accordance with applicable law, obtain certain personal data from companies renting mailing lists and other publicly available sources. These may include personal data, such as credit information and address data updates.
4.2 Recipients or categories of recipients of personal data
Other processors as recipients
When TRUST processes personal data, they are sometimes shared with other parties. In this case, these other parties are processors of personal data, which refers to companies with which TRUST has a binding legal agreement. They may only process the data for the specific purposes permitted by TRUST and may only rely on third parties authorised by TRUST for said processing. TRUST may use external service providers, for example, to obtain technical solutions and services to process the stored data, as well as to use a special technical interface to open the stored data. Personal data may be shared with such service providers and third parties to the extent necessary for maintaining, developing, and providing TRUST services. TRUST may also use services provided by third parties, such as software services, system services and payment service providers. TRUST has the right to share your personal data with the above parties to the extent necessary for providing these services.
Other controllers as recipients
Other parties may also be other data controllers, which refers to companies that have full responsibility toward the user for the use of the user’s personal data. They also have full responsibility for any third parties that may be involved in the processing of the user’s personal data. TRUST will only share these data when necessary, for providing you with a service (for example, by providing information to providers of software, system or payment services) or, for example, if social media extensions, such as buttons or video content, are embedded on our sites. If you authorise TRUST to allow a third party or application to use your account data, we will share said data with a third party. We will not do this without your express permission, which you provide in the website. When you direct us to share information with a third party, such third party is responsible for the processing of personal data from that point on. Thus, it is your responsibility to carefully review the data protection policy of the third party.
More detailed descriptions of recipient groups
TRUST has the right to transfer personal data to a subsidiary or to a third party in the event of the reorganisation, merger, sale, transfer or other assignment of TRUST’s business or part thereof, assets or shares, or in the event of a joint venture, provided that the party to whom we transfer the personal data is not, without specific notice and, if required by applicable law, without the customer’s permission, authorised to process your personal data for purposes other than those specified in this data protection statement. TRUST may share user data (including personal data) in connection with a potential acquisition or sale of business if TRUST or its business or part thereof is sold to the recipient of the data.
By using TRUST’s services, you may also share your data with other users: any such information may be publicly available to other users, and there is no presumption of privacy regarding data disclosed in this way. TRUST is not responsible for the data protection of any data that the customer chooses to disclose within the services provided by TRUST.
TRUST may share non-personal data (such as anonymous data about users; addresses of sites that refer to the services and addresses used to exit the service; use of service products; clicks etc.) with third parties interested in these data in order to help them understand certain content uses, services, promotions and/or service usability.
Data pertaining to a user or anonymous data may be shared with advertisers, publishers, affiliates and other third parties.
5 DATA TRANSFER TO THIRD COUNTRIES
Personal data may be transferred outside the European Union and the European Economic Area if the European Commission has adopted a decision on the adequacy of the protection of personal data in the countries where personal data is transferred to (so-called “Equivalence Decision”, Article 45 of the Data Protection Regulation). The transfer of personal data outside the EU and the EEA can also be done using standard contractual clauses (SCC, “Standard Contractual Clauses”) approved by the Commission.
Our services can be provided using resources and servers located in different countries. Therefore, your personal data may also be disclosed outside the country where the services you use are located. However, in all transfers to third countries, TRUST always complies with either an Equivalence Decision or Standard Contractual Clauses.
Should you require more information about the transfer of your personal data abroad, you can contact us.
6 RETENTION PERIOD OF PERSONAL DATA
We will only retain your personal data for as long as necessary for the processing purpose in question or for as long as required by applicable law and the instructions of Finnish Bar Association.
7 RIGHTS OF THE DATA SUBJECT
You have the following rights regarding your personal data:
- Right of access to personal data
- You have the right to request and receive the personal data we collect about you in a common and machine-readable format form by contacting us.
- We may deny this right on the grounds laid down by law.
- Right to rectification
- You have the right to request us to rectify incorrect or inaccurate data concerning you.
- Right to data erasure
- You have the right to ask us to delete your personal data. However, we will not be able to delete personal data that are necessary for complying with binding legal obligations or that must be retained under applicable law.
- Right to restriction of processing and right of objection
- You have the right to object to the use of your personal data for direct marketing purposes, for sending promotional materials, for profiling or for conducting market research.
- You can also contact TRUST to request a restriction on data processing or to object to any other form of processing.
- Right to data portability
- You have the right to request and receive the personal data we collect about you in a common and machine-readable format form. If TRUST considers the request unreasonable, TRUST may charge the reasonable costs incurred from the transfer.
- If the processing is based on consent (or explicit consent), you have the right to withdraw the consent at any time.
- Right not to be subject to automated decision-making
- TRUST does not make automated decisions about its users that would have legal or similar effects.
If you wish to exercise your above rights, you may, to the extent permitted by applicable law, contact us using the contact information provided in this data protection statement. However, this may mean that we can no longer provide you with those services, especially if you have requested us to delete or stop processing your personal data.
Please note that TRUST may need to identify you and request additional details in order to fulfil your above requests. Please also note that applicable laws may contain restrictions and other provisions related to your above rights.
8 RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If you are not satisfied with our data protection services or the processing of your personal data, you can address your question to the relevant authority (the Finnish Data Protection Ombudsman or, in processing related to cookies, Traficom).
Our services use web analysis tools to collect analytics data and reports about visitors’ use of our website.
10 INFORMATION SECURITY
Personal data may only be processed by persons whose duties justify this. The use of personal data is protected by appropriate personal credentials and access rights. TRUST has put in place appropriate technical and administrative safeguards to avoid and minimise the risks associated with the disclosure and processing of personal data. Such security measures include, where applicable, the use of firewalls, secure server facilities and encryption, the establishment of appropriate access control systems and processes, the careful selection of processors, adequate training of TRUST staff involved in the processing, and other measures necessary for protecting personal data from unauthorised access or disclosure.
11 UPDATES OF THE DATA PROTECTION STATEMENT
In order to improve our services, and as legislation changes, we may also update our data protection statement. We always recommend that you re-read the statement at regular intervals. We will notify you of material changes by e-mail or on our website.