Data Protection Policy
This DATA PROTECTION POLICY is a data protection policy on a client register (“Register“) pursuant to the Finnish Personal Data Act (523/1999, as amended).
Aleksandra Attorneys Ltd (business identity code 2782108-7 (Finnish Trade Register), “Aleksandra“)
Kasarmikatu 36, 00130 Helsinki
+ 358 (0)20 758 9665
2) REPRESENTATIVE OF THE CONTROLLER
Kasarmikatu 36, 00130 Helsinki
+358 (50) 300 7172
3) THE PURPOSE OF PERSONAL DATA PROCESSING
Personal data is processed by Aleksandra in accordance with Section 8 of the Finnish Personal Data Act and to keep the Register for the following purposes:
- to perform services requested by our clients;
- to improve and maintain the quality of the services offered by Aleksandra;
- to manage client relationships;
- for operative business purposes of Aleksandra;
- to develop business of Aleksandra; and
- to inform Aleksandra’s clients about services and news regarding Aleksandra.
4) CONTENTS OF THE REGISTER
The Register includes the following information:
- basic identification information of Aleksandra’s clients;
- information on the interest areas of Aleksandra’s clients;
- personal data of persons acting as points of contact of the clients of Aleksandra;
- information regarding agreements; and
- information regarding the use of Aleksandra’s services and the level of performance and management of such services.
In case of natural persons (e.g. point of contacts of the clients), the Register includes the following information:
- personal identification number;
- contact information; and
- point of contact at Aleksandra.
5) REGULAR SOURCES OF DATA
Information included in the Register is comprised of the data received from the data subjects and from public sources.
6) REGULAR DISCLOSURES
No data is disclosed to people outside of Aleksandra and personal data is not handed over for direct marketing purposes. Data may, however, be located on third-party servers and/or devices from which the data is processed by the means of technical user connection.
7) TRANSFERS OUTSIDE EU AND EEA AREA
No personal data is transferred outside of the European Union or the European Economic Area unless such transfer is required due to technical implementation of the data processing. However, the precondition for data transfer is that the parties receiving and processing data have entered into an agreement with Aleksandra, according to which, process of the data pursuant to the legislation is guaranteed.
8) PRINCIPLES TO PROTECT THE REGISTER AND THE CONTENTS THEREOF
No manual material is kept of the data.
Automatically Processed Data
The Register is available solely to personnel of Aleksandra bound by confidentiality agreements and no access to the Register is provided to people outside of Aleksandra. Appropriate technical protections (e.g. firewalls) are used to protect the Register.
9) RIGHT OF ACCESS
Data subjects are entitled to access the data regarding him or her. A signed or correspondingly authenticated request is required to be delivered or a personal request to be presented at the offices of Aleksandra in case the said right is wished to be exercised. The request shall be made to the contact person specified in this data protection policy.
The requested information shall be provided in writing, if requested by the data subject.
10) RECTIFICATION OF THE REGISTERED DATA
Data subjects are entitled to request correction of erroneous information in the Register. In case of such erroneous information, the request for correction shall: (i) be made in writing, (i) be appropriately founded and detailed, (iii) include, word to word, specification on information wished to be corrected or erased and (iv) include a corrected text from word to word. In case a representative is used by the data subject, a power of attorney is required to be presented in connection with the said request.
In case the controller does not approve the requested correction of the information, the data subject is entitled to refer the matter to the Data Protection Ombudsman.
11) OTHER RIGHTS
The data subject is entitled to forbid the controller from processing data concerning him/her. The said right includes the right to process data for, inter alia, the purposes specified in this data protection policy, direct advertising and other direct marketing and both market research and surveys. The data subject is required to notify Aleksandra in writing in case the said right is wished to be used.