Privacy Statement

Drafted on March 22nd 2018

This Privacy Statement (hereinafter "Statement") informs you how Accountor Group´s outsourcing business operations in Finland collects, processes and  discloses personal data in connection with the Service provided ("Service") and in use of website www.accountor.fi.Please read this Statement carefully before you start using the Service or browsing the website.

1. Data controller

The data controller in accordance with the applicable data protection law is Accountor Holding Oy and its subsidiaries (hereinafter "Accountor", "we", "us" or "our"). Accountor is responsible for ensuring that your personal data is processed in compliance with this Statement and applicable data protection laws.

Contact details of the data controller:
Accountor Holding Oy
Business ID: 2480336-9
Address: Siltasaarenkatu 18-20 A 00530 Helsinki

Name of the person responsible for data protection:
Jessica Brander, Legal Counsel
Address: Siltasaarenkatu 18-20 A, 00530 Helsinki
Email: jessica.brander@accountor.fi

We are part of Accountor Group. Contact details of Group Data Protection Officer:
Päivi Konttila-Lokio, Data Protection Officer
Address: Siltasaarenkatu 18-20A, 00530 Helsinki, Finland
Email: paivi.konttila-lokio@accountor.fi

2. Collection of personal data

Your personal data can be collected through different means. Primarily, we collect and process personal data, which

  • is provided by you when you contact us or do business with us, e.g. when you buy our Service or register to our Service, subscribe to our newsletter or contact us requesting an offer or information;
  • is generated when using the Service or visiting our website, e.g. when you log into the Service; and
  • is obtained from other sources, where permitted by applicable law, e.g. Trade Register, Population Information System, The Business Information System or Post’s address information system.

You are not required to provide any personal data to us, but if you decide to do so, it is possible that we will not be able to provide our Service to you.

The personal data we collect and process includes e.g. the following categories of data:

  • basic information, such as name, title and your relation to a company you represent and contact details (email, address and phone) as well as language preference;
  • information relating to customer relationship, such as Service and order details, payment details, billing information, marketing permissions and prohibitions;
  • customer interaction and related correspondence and entries on the use of individuals’ rights;
  • personal data generated in connection with the use of our Service or collected data while browsing our website e.g. user IDs, passwords, authentication detailsand log data on the usage of Service, data collected by means of cookies and similar technologies through websites (device ID and type, operating system and application settings); and
  • other data, which is based on your consent and defined in detail on a case by case basis.

3. Purpose and legal basis for processing personal data

We only collect and process personal data, which is needed for operational purposes, customer care and relevant commercial purposes.

Your personal data is processed for the following purposes:

1. Service provision and managing customer relationship

The primary purpose of processing personal data is to provide and deliver the Service to you or to the company you represent. In order to do so we manage and maintain the customer relationship between us and you or the company you represent. In this case, our processing of personal data is based on the contract between you or the company you represent and us.

2. Marketing

We may contact you to inform you about new features of the Service or to promote and sell other services. We may use your personal data also for market research and customer surveys. Processing of personal data is based on our legitimate interest to provide information as part of the Service and to promote our other services to you. You may object to processing of your personal data for direct marketing at any time (please see section 8 of this Statement).

3. Service development, information security and internal reporting

We also process personal data to take care of the information security of the Service and the website, to improve the quality of the Service and the website as well as to develop the Service. We may also generate internal reports based on personal data in order to provide relevant information to our management to operate our business appropriately. In these cases, the processing of personal data is based on our legitimate interest to ensure that our Service and our website have an adequate level of information security and that we have sufficient and appropriate information at hand to develop our Service and to manage our business.

4. Compliance with the law

We may process your personal data in order to meet our statutory obligations e.g. in relation to accounting or to fulfil authorities’ (e.g. tax authority) requests based on the law. 

5. Other purposes you have consented to

We process your personal data also for other purposes, if you have consented to such processing.

4. Transfers and disclosures of personal data

We may disclose personal data to other Accountor Group companies within the limits of applicable law and for the purposes indicated in this Statement, including the abovementioned companies marketing their products and services. Personal data may also be transferred within Accountor Group companies for internal administrative purposes, such as for the purposes of reporting and for operating our business effectively, such as for the purposes of using centralized ICT systems. Disclosures of personal data within Accountor Group are based on our legitimate interest to operate our business and manage customer relationships efficiently as well as to inform our customers of services of other Accountor Group companies.

We may also disclose personal data to third parties:

  • when permitted or required by law, e.g. to comply with request by competent authority or related to legal proceedings;
  • when our trusted service providers process personal data on behalf of us and under our instructions. We secure the appropriate use of your personal data at all times;
  • if we are involved in a merger, acquisition, or sale of all or a portion of our assets;
  • when we assess that disclosure is necessary to protect our rights, protect your safety or safety of others, investigate fraud, or respond to a request of the authority; and
  • with your consent to parties the consent relates to.

5. Transfers of personal data outside the EU or EEA

We may transfer personal data outside the EU or the European Economic Area when our trusted service provider working for us is established outside these areas.      

For example, our marketing service provider may transfer personal data to the United States during the course of providing services. In such case, the service provider has ensured appropriate safeguards for personal data by self-certifying to the Privacy Shield Framework between the EU and the United States or by using standard contractual clauses that are approved by the European Commission. To learn more about the Privacy Shield Framework, please see https://www.privacyshield.gov/welcome.

6. Cookies

We also use cookies and other similar techniques on our website at www.accountor.fi.  Cookies are small text files placed on your device to collect and remember useful information, to increase the functionality of our website and to make it easier to use. We may also use cookies and other similar techniques for statistical purposes, such as to compile statistics thereof concerning the use of the website in order to allow us to understand how users use the website and improve user experience.

You can set your web browser not to accept cookies, limit the use of cookies or remove cookies from the browser. However, as cookies are an important part of how our website works, limiting the use of cookies may affect the functionality of the website.

To learn more about cookies, please see www.accountor.fi/en/cookie-notice.

7. Retention of personal data

Personal data is retained only for as long as necessary to fulfill the purposes defined in this Statement.

Personal data is retained during the course of customer relationship. Personal data may also be retained to the extent necessary after the end of the customer relationship, if allowed or required by applicable laws. For example, after the end of the customer relationship we typically store personal data that are necessary to response on requests or claims under applicable provisions concerning statute of limitations, or we may store your personal data, to the extent necessary, in order to respect your request not to receive direct marketing from us.

When retention of personal data is no longer required by law or rights or obligations by either party, personal data will be deleted.

8. Your rights

You have a right to access your personal data. You may ask to correct, update or remove your personal data at any time. However, please note that certain information which is strictly necessary for fulfilling the purposes defined in this Statement or which is required by law, cannot be removed. You have a right to object or restrict processing of your personal data to the extent required by applicable data protection law.

In some cases you have a right to data portability, i.e. right to receive your personal data delivered to us in a structured, commonly used machine-readable format and transmit your personal data to another data controller, to the extent required by applicable law.

If our processing of your personal data is based on a consent, you have a right to withdraw the consent at any time. We will no longer process your personal data on the purposes consented, unless there is another legal ground available for processing.

You can execute your rights by sending the above-mentioned requests to us at gdpr.osfinland@accountor.fi. If you think that the processing of your personal data is not appropriate, you have a right to contact Data Protection Supervisor. You can find contact details of Data Protection Supervisor here: https://tietosuoja.fi/en/contact-information.

9. Information Security

We maintain security measures (including physical, electronic and administrative measures) that are appropriate to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to only such individuals, who need the information in the course of their work tasks.

Please be aware that even the most appropriate security measures cannot prevent all potential security breaches. If a security breach occurs, we will inform you in accordance with applicable laws.

10. Changes to this Statement

We have the right to change this Statement. If we make any changes to this Statement, we will let you know it on our website at www.accountor.fi, where you can also find the latest version of this Statement.

11. Contact us

If you have any questions regarding this Statement or the personal data we process about you, please contact us at gdpr.osfinland@accountor.fi.