Palaja Rintanen & Co Attorneys Ltd’S
PRIVACY POLICY

  1. Data controller and contact person

    Palaja Rintanen & Co Attorneys Ltd (Business ID: 3131433-6)
    Linnankatu 3 B, FI-20100 Turku, Finland
    Niina Palaja
    niina.palaja@prlaw.fi
    +358 40 706 1673

  2. Purposes of the personal data processing and the legal basis

    Palaja Rintanen & Co Attorneys Ltd  (hereinafter referred to as the “data controller”) complies in the personal data processing with the applicable General Data Protection Regulation (EC) (2016/679) and other data protection legislation as well as the guidelines set by the Finnish Bar Association.

    The purpose of the personal data processing is the processing of personal data relating to the practice of legal services

    (i)      in the management of client relationships and assignments, including statutory obligations, such as conflict of interest reviews and identification of a client

    (ii)    for recruitment purposes in respect of job applicants

    (iii)  in the communications between interest groups and other cooperation partners, such as in direct marketing or invitations to educational events

    (iv)  in the marketing, development and supply of the data controller’s services as well as in the development of the website functions

    (v)    in the management of employer obligations in respect of employees

    Legal grounds for the personal data processing are the data controller’s statutory obligations, management of contract-based client relationships, legitimate interest and other appropriate connection. In case regulation requires the data subject’s consent such consent is requested as a ground for processing. Provided consent is revocable.

  3. Data content of the register

    The register contains information on the following groups:

    (i)    Data controller’s clients, clients’ representatives and other contact persons

    (ii)   Potential clients and their contact persons

    (iii)  Persons (employees, job applicants, cooperation partners) belonging to the interest groups

    (iv)  Other persons relating to the assignments, client relationships or otherwise to the law firm’s operation (including the clients’ counterparties)

    (v)   Information obtained via the use of cookies on the website

    Such information on the data subject will be processed that is necessary for the purpose of use that includes for example:

    • Name, telephone number, e-mail address, address

    • Company name, business ID and contact person data

    • Additional information given by the data subject

    • Personal data delivered by the applicants through job and trainee applications

    • E-mails, files, invoicing and payment information needed in connection with the handling of the assignment as well as information required for other communication

    • Information and possible historical data obtained through the client relationship

    • Information on the identification of a person or a company required by the Finnish Act on Detection and Preventing Money Laundering and Terrorist Financing (444/2017)

    • IP addresses

    • Information obtained through cookies that the visitor on the website has accepted

  4. Data sources of the register

    Information is collected to the register from the persons concerned and in connection with the management of the assignments or when reviewing a possible assignment primarily from the clients, potential clients or other persons concerned, from public data sources (information services and authorities) and from other registers maintained by third parties as well as from other contact persons. The website also collects information through cookies.

     

  5. Recipients of the personal data

    As a rule, information is not disclosed to any third parties unless the legislation or the Finnish Bar Association’s stipulations require otherwise.

    In a client relationship, the disclosure of information, for example, to the authorities or the counterparty may be necessary upon the authorities’ request, as required by statutory legislation or it may be necessary to prepare, present or defend a legal claim or to otherwise ensure the interests of the client relationship. A client relationship may require the disclosure of the information, for example, to a collection or a credit agency.

    In addition, the data controller uses, among other things, technical service providers (IT suppliers and accountancy) in the provision of services who possibly process the personal data belonging to the data controller’s scope of responsibility in accordance with the data controller’s instructions or agreements.

    In principle, personal data is not transferred outside of the EU or the EEA, but should the management of the client relationship require that, the data controller sees to that the transfer is made as required by the data protection legislation.

  6. Period of retention

    Personal data is processed only as long as it is necessary, or the legislation or other guidelines require its retention. Personal data provided in connection with job applications is processed for two years as of the end of application period unless otherwise required by mandatory regulation. Unnecessary personal data is removed from time to time within a reasonable period of time as guided by the data protection practices. The retention periods differ among the personal data groups. In respect of the retention periods, the data controller takes into account the exceptions and obligations set by the statutory legislation as well as the rules of the Finnish Bar Association.

  7. Data subject’s rights

    A data subject’s rights are guaranteed case-specifically and as required by the data protection legislation.

    A data subject has the right to:

    (i) withdraw their consent if the use of the data subject’s personal data is based on a separately given consent. A withdrawal does not have a retrospective effect on the already performed personal data processing;

    (ii) access information and check the information, receive notice on a possible personal data processing and request the information in writing or electronically on a written request;

    (iii) request the incorrect information in the data controller’s possession to be corrected or removed if the requirements set by the data protection legislation are met or request the data processing be limited on the grounds set out in law. The data controller will, on its own initiate, correct or remove incorrect or defective information and limit the access to the information if there is a reason to doubt the correctness of the information;

    (iv) request the information to be transferred to another data controller;

    (v) object to the processing of their personal data in certain situations. A data subject is always entitled to prohibit the disclosure of personal data and its processing for direct marketing purposes; and

    (vi)  lodge a complaint before a competent supervisory authority if the data subject deems that the personal data processing breaches the applicable legislation.

    Exercising the rights

    Requests on the data subjects’ rights must be sufficiently detailed, in writing and addressed to niina.palaja@prlaw.fi. Requests will be responded within a reasonable time. The data controller may, were necessary, request further information in order to fulfil the request. In connection with the request, the requesting party’s identity will be verified in a sufficient manner.

    The legislation or the rules of the Finnish Bar Association may prevent the implementation of the request.

  8. Amendment of the privacy policy

The data controller has the right to amend the privacy policy.

Should you have any questions relating to the personal data processing performed by the data controller, we ask you to contact us by-email to niina.palaja@prlaw.fi or by telephone +358 40 706 1673.