1. What personal data we collect
Personal data are in most cases collected directly from you or obtained from your use of our services. At times we require additional information in order to ensure that the information is up-to-date and correct.
The personal data we collect may be categorised as follows:
- Identification information: social security number and name (we are obligated to collect and archive identification information, such as a copy of your passport, driver’s licence or similar document).
- Contact details: address, telephone number and email address.
- Information related to statutory requirements: information related to the know-your-client obligation and prevention of money laundering.
- Financial information: financial information included in service agreements.
- Personal data we may collect from you:
- From new clients we collect their name, social security number, address, email address, telephone number, as well as the information required under our obligation to request information, in order to be able to provide you with services and products.
- We collect information from you also from messages you send us digitally.
- We record telephone calls and electronic messages that may result in business transactions.
- For security reasons we may have surveillance cameras at our offices.
Personal data we may collect from third parties:
- Information available from public sources: registers maintained by the authorities (e.g. Trade Register) and sanctions lists (e.g. lists maintained by the EU or the UN) as well as
- Information available from other external sources: intermediaries of information providing details, for instance, concerning beneficial owners and politically influential persons, as well as banks from which we receive payment information.
2. On what legal basis may we collect, use and retain your personal data
We use your personal data to be able to meet our statutory and contractual obligations and in order to provide services and to make you offers.
- Compliance with obligations required by the law, regulations and the authorities. Such statutory obligations include, for instance, client identification; sanctions checks, prevention, detection and investigation of money laundering, terrorist financing and fraud; other obligations pertaining to the service or product-specific legislation and accounting regulations.
- Execution, administration and enforcement of our agreements. For the purposes of our agreements, we require, for instance, information for the purposes of the provision and carrying out of investment services, for client service during the validity of the agreement and for the purposes of devising, presenting or defending a legal claim.
- Legitimate interest for marketing and business development purposes
- Consent to the processing of information for marketing purposes, e.g. sending a newsletter. The consent request describes the processing of the information in question and your right to retract your consent.
3. To whom may we disclose your personal data
Providing services and complying with agreements requires the disclosure of your personal data. We may disclose your personal data to other parties, such as the authorities, service providers and business partners. We ensure always prior to disclosing information that the relevant confidentiality obligations are abided by.
- We disclose information required for the enforcement of the agreement to companies with which we co-operate (e.g. to an issuer).
- We disclose your personal data to the authorities to the extent required by law (for instance the Finnish Financial Supervisory Authority, tax and police authorities).
- We disclose your personal data to contractual partners carrying out personal data processing on our behalf (e.g. suppliers providing software development, maintenance, server and IT support services).
Transfer of information to third countries
We may disclose and transfer your personal data to organisations operating in countries outside of the European Economic Area, i.e. in so-called third countries only provided one of the following conditions is met:
- The data protection level of the country in question is adequate according to a decision of the EU Commission.
- Other necessary security measures have been implemented, for instance, by means of following the model contractual clauses approved by the EU Commission.
- An exemption is applicable to special circumstances (e.g. required by the enforcement of an agreement or you have granted your consent to the transfer of data.)
4. How we protect your personal data
We consider the technical, administrative and physical protection of information to be crucial. We implement the appropriate technical, organisational and administrative security procedures in order to protect information against loss, unlawful use, disclosure, alteration and destruction.
- Information contained in the register processed electronically is protected through technical means generally accepted within the field of data security (e.g. firewalls, passwords).
- Only persons (e.g. our employees, agents and employees of our contractual partners) who need the register information to carry out their tasks have access to the information contained in the register based on separately granted user rights.
- The personnel is under a contractual confidentiality obligation in relation to all of our client and personal data.
5. Your rights pertaining to privacy protection
As a data subject, you have certain rights over the personal data in our possession. If you wish to exercise such rights, the requests shall be assessed on the basis of the situation and the case. You have the following rights:
- The right to request access to your personal data. You have the right to review the personal data we hold about you. The right of access may, however, be restricted under the legislation and other practices pertaining to the protection of the privacy of individuals.
- The right to request the rectification of erroneous or deficient information. If the information is erroneous or deficient, you have the right to request the rectification of the information, unless restricted by the legislation.
- The right to request the erasure of information. You have the right to request the erasure of your information, inter alia in the following cases:
- You retract your consent to data processing and there is no other legitimate cause for the processing.
- You object to the data processing and there is no acceptable cause for the continuation of the processing.
- You object to data processing for direct marketing purposes.
- Data processing is unlawful.
Please note, however, that we are obligated to retain your personal data when these are necessary for compliance with statutory obligations or for the processing of legal claims.
- The right to restrict personal data processing. In case you dispute the correctness of the information recorded by us or the lawfulness of the processing, or in case you have objected to the processing of information in accordance with your rights, you may request that the processing of your personal data is restricted solely to the retention of data. In such situations, the data processing shall be restricted to the mere retention of the data, until the correctness of the data has been ascertained or until it has been possible to verify, whether our legitimate interests take priority over your interests. If you do not have the right to request the erasure of information from our registers, you may instead request us to restrict the processing of such data to the retention of the data only. If the processing of your registered information is only necessary for the purposes of making a legal claim, you may also require for the processing of data to be restricted only to the retention of data. We may process your data for other purposes, if necessary for the purposes of making a legal claim or if you have granted your consent to same.
- The right to object to data processing on the basis of our legitimate interests. You are always entitled to object to the processing of your personal data for direct marketing purposes.
- The right to data portability. You have the right to obtain the personal data you have provided to us in machine-readable form, when the personal data was only processed automatically and on the basis of consent or enforcement of an agreement. The information may also be transferred to another data controller, provided it is safe and technically feasible.
7. For how long do we retain your personal data
We shall retain your data for as long as they are required for the purpose for which they were collected and processed, or for as long as required under the laws and regulations.
- We shall retain your data for as long as they are required to enforce the agreement and required under statutory and regulatory requirements pertaining to the retention of data.
- When retaining your data for purposes other than the enforcement of the agreement, such as, for instance, prevention of money laundering, we shall only retain the information if it is necessary for the purpose in question and/or stipulated for under the law or regulations.
We are continuously developing our services, products and websites, which entails that amendments may be made to the privacy policies from time to time. We shall notify of any significant amendments when so required by law.
9. Data controller
Springvest Oy (data controller)
Address: Aleksanterinkatu 48 B, 00100 Helsinki, Finland
Telephone: +358 20 335 500
Business ID 2492165-6