This policy refers to our processing of your personal data as a representative of our current or future client, vendor or business partner.
For information about how we process personal data you have provided us with to execute the services we provide, please see here.
Why have we access to and process your data?
To enter into and fulfill the agreement we have with you or the company you are representing, processing of your personal data is necessary. We may also process personal data about visitors to our website(s) or physical locations, depending on how you choose to interact with us.
We will only process your personal data if we have a legal ground to do so. We may process your data in order to form and manage client and business relationships or to guarantee the safety of our employees and assets. Your data is also processed to fulfill our legal obligations under e.g. anti-money laundering legislation. This means that the processing is necessary for the performance of a contract to which you or the company you represent is party or in order to take steps at the request of you prior to entering into a contract. In accordance with our legitimate interests, we may also use your data to provide you with information about our services, prospects, analyses, events, trainings which is likely to be in your best interest or to execute necessary or desired tasks expected by the business relationship you represent.
Your data will be held securely in compliance with data protection legislation.
What personal data are we processing about you and why?
We hold only necessary information for the management of the contractual or business relationship. To be able to communicate with you and to ensure safe and true identification we hold information including but not limited to your name, job title and contact details address, telephone number and email.
To be able to comply with our legal obligations related to e.g. anti-money laundering we also may need passport or similar identification and related information.
For our employees’ security and to keep the personal data we process safeguarded we may request you to provide your name and contact details to enter into our location. Unless we have legal obligations to keep the records we will delete them after a short period of time.
We have a legal obligation to provide your personal data when we are audited by the authorities and to prevent, monitor and evidence fraud, anti-money laundering and other criminal activities.
Depending on the nature of the assignment and the relevant country, we may ask a anti-monely laundering screening expert to determine whether there are any circumstances which would disqualify you or the company you represent from that assignment.
Are you processing any sensitive data regarding me?
Unless otherwise agreed with you or is necessary for the establishment, exercise or defense of legal claims, we will not process special categories of personal information often known as ‘sensitive personal data’ such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and data concerning health or sex life.
Will you share my personal data with others?
We share your personal data with our suppliers that facilitate and/or provide parts of our services, e.g. printer and mail services, telephone and messaging services and legal representatives. We may also share your personal data with our Clients if you are representing a vendor which is part of the services we provide to them. We may also be obliged to disclose information to governmental authorities.
Our employees will have access to the personal data. In such a case, access will be granted only if necessary for the purposes described and only if the employee is bound by an obligation of confidentiality.
Will my personal data be transferred to another country?
As we are part of the Intrum group, we may transfer your data to another country. If we do, we will ensure there are suitable safeguards in place to comply with EU General Data Protection Regulation (GDPR). Generally, your personal data will not be transferred outside of the European Economic Area (EEA). However, we also use third-party service providers for storage or similar services. These service providers, which may be located outside of the EEA, including, but not limited to the United States, may access your data. We will never transfer your personal data outside of the EEA without ensuring the safety and protection of your personal data. Therefore we make sure that any recipients have signed the EU Standard Model Clauses, to justify the transfer, or that the European Commission has deemed the country to guarantee adequate level of data protection. We may disclose information outside of these groups to help prevent fraud, or if required to do so by law.
How long do you store my personal data?
We will retain your personal data as long as required for the lawful purpose for which it was obtained, as long as we have legitimate interest to keep it e.g. based on Accounting Act or until termination of our agreement and/or the statue barring period is due to be able to defend ourselves against legal claims. We are also legally obliged to keep your personal data for a period of time to prevent and detect fraud, detect and evidence anti-money laundering and for financial audits.
As far as our backups are concerned, we will also delete your data in our backups, when the back-up tape comes up for restore according to our backup policy. If a backup comes up for return of the data, we will at the same time fully delete all outdated data according to our retention periods.
Will I be subject to automated decision-making?
We will not use your personal data for automated decision-making.
What rights do I have?
It is important for us that you understand that we process your data safely and confidentially. Even if we do not need your permission to process your personal data, you have many rights in relation to the processing of your personal data.
Your rights - What does it mean?
Right to access:
You may request information on how we process your personal data, including information on:
- Why we process your personal data
- What categories of personal data we process
- Who we share your personal data with
- How long we store your personal data or the criteria for determining this period
- What rights you have
- From where we have received your personal data (if we have not received it from you)
- If the processing includes automatic decision making
- If your personal data has been transferred to a country outside of the EEA, how we ensure the protection of your personal data.
You may also request a copy of the personal data we process about you. However, additional copies will be combined with a fee.
Right to correction:
It is important that we have the right information about you and urge you to let us know if any of your personal data is incorrect, e.g. if you have changed your name or moved.
Right to be forgotten:
If you consider that we process your personal data in an unlawful way, for example if we process your personal data longer than necessary, you may ask us to delete this information.
Right to restriction:
From the time you have requested us correct your personal data or if you have objected to the processing and until we have been able to investigate the issue or confirm the accuracy of your personal data or changed it in accordance with your instructions, you are entitled to restricted processing. This means that we may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else's rights or if there is an important public interest in the processing.
You may also request that we restrict the processing of your personal data if you consider the processing is unlawful but you do not want us to delete the personal data.
Right to objection:
On grounds relating to your particular situation, you may object to the processing we carry out and the processing we carry out on the basis of our legitimate interest. In such cases, we may continue processing only if we can show compelling justifying reasons that out-weigh your interests, rights and freedoms. However, we may always process your personal data if it is required for exercise or defense of legal claims. You also the right to at any time object to direct marketing.
Right to data portability:
You may request to have your personal data that you have provided to us for processing based on consent or to fulfil a contract, provided to you in a structured, widely used and machine-readable format. You also have the right to request us to transfer that information to another data controller.
Right to lodge a complaint:
If you consider that we do not follow the applicable data protection legislation, you are entitled to lodge a complaint with the competent data protection authority. You can find further information about the Data Protection Ombudsman and their complaints procedure at www.tietosuoja.fi.
Withdrawal of consent:
In situations where our processing activities should be based on your consent, you have the right to withdraw it and we will consequently stop the processing activities based on this legal ground.
We will also notify others we may have shared your personal data with of your requests.
How to complain about the use of your data or exercise my rights?
If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact our Data Protection Officer and we will investigate your concerns.
Data Protection Officer: firstname.lastname@example.org
If you have any further questions on how we process your personal data you may contact us through our Data Protection Officer.