Data Protection Policy

Data Protection Policy

This DATA PROTECTION POLICY is a data protection policy on a client register (“Register“) pursuant to the Finnish Personal Data Act (523/1999, as amended).

 

1)    CONTROLLER

Aleksandra Attorneys Ltd (business identity code 2782108-7 (Finnish Trade Register), “Aleksandra“)
Pieni Roobertinkatu 9, 00130 Helsinki
+ 358 (0)20 758 9665
info@aleksandralaw.fi

 

2)     REPRESENTATIVE OF THE CONTROLLER

Rami Laatsalo
Pieni Roobertinkatu 9, 00130 Helsinki
+358 (50) 300 7172
rami.laatsalo@aleksandralaw.fi

 

3)     THE PURPOSE OF PERSONAL DATA PROCESSING

Personal data is processed by Aleksandra in accordance with Section 8 of the Finnish Personal Data Act and to keep the Register for the following purposes:

  •  to perform services requested by our clients;
  • to improve and maintain the quality of the services offered by Aleksandra;
  • to manage client relationships;
  • for operative business purposes of Aleksandra;
  • to develop business of Aleksandra; and
  • to inform Aleksandra’s clients about services and news regarding Aleksandra.

 

4)     CONTENTS OF THE REGISTER

The Register includes the following information:

  • basic identification information of Aleksandra’s clients;
  • information on the interest areas of Aleksandra’s clients;
  • personal data of persons acting as points of contact of the clients of Aleksandra;
  • information regarding agreements; and
  • information regarding the use of Aleksandra’s services and the level of performance and management of such services.

In case of natural persons (e.g. point of contacts of the clients), the Register includes the following information:

  • name;
  • personal identification number;
  • contact information; and
  • point of contact at Aleksandra.

 

5)     REGULAR SOURCES OF DATA

Information included in the Register is comprised of the data received from the data subjects and from public sources.

 

6)     REGULAR DISCLOSURES

No data is disclosed to people outside of Aleksandra and personal data is not handed over for direct marketing purposes. Data may, however, be located on third-party servers and/or devices from which the data is processed by the means of technical user connection.

 

7)     TRANSFERS OUTSIDE EU AND EEA AREA

No personal data is transferred outside of the European Union or the European Economic Area unless such transfer is required due to technical implementation of the data processing. However, the precondition for data transfer is that the parties receiving and processing data have entered into an agreement with Aleksandra, according to which, process of the data pursuant to the legislation is guaranteed.

 

8)     PRINCIPLES TO PROTECT THE REGISTER AND THE CONTENTS THEREOF

Manual Material

No manual material is kept of the data.

Automatically Processed Data

The Register is available solely to personnel of Aleksandra bound by confidentiality agreements and no access to the Register is provided to people outside of Aleksandra. Appropriate technical protections (e.g. firewalls) are used to protect the Register.

 

9)     RIGHT OF ACCESS

Data subjects are entitled to access the data regarding him or her. A signed or correspondingly authenticated request is required to be delivered or a personal request to be presented at the offices of Aleksandra in case the said right is wished to be exercised. The request shall be made to the contact person specified in this data protection policy.

The requested information shall be provided in writing, if requested by the data subject.

 

10)  RECTIFICATION OF THE REGISTERED DATA

Data subjects are entitled to request correction of erroneous information in the Register. In case of such erroneous information, the request for correction shall: (i) be made in writing, (i) be appropriately founded and detailed, (iii) include, word to word, specification on information wished to be corrected or erased and (iv) include a corrected text from word to word. In case a representative is used by the data subject, a power of attorney is required to be presented in connection with the said request.

In case the controller does not approve the requested correction of the information, the data subject is entitled to refer the matter to the Data Protection Ombudsman.

 

11)  OTHER RIGHTS

The data subject is entitled to forbid the controller from processing data concerning him/her. The said right includes the right to process data for, inter alia, the purposes specified in this data protection policy, direct advertising and other direct marketing and both market research and surveys. The data subject is required to notify Aleksandra in writing in case the said right is wished to be used.