Register and Privacy Policy in accordance with the Personal Data Act (articles 10 and 24) and the Eu General Data Protection Regulation (GDPR).

Updated 24.5.2018


1. Registry administrator


Ensolantie 2

80710 Lehmo


Business ID: 2726485-8


2. Contact information for register matters

President and CEO of Fineq Ville Hämäläinen

+358 50 556 3977


3. Name of the Register

FinEq International Oy's customer register


4. Legal basis and purpose of the processing of personal data

The processing of personal data is the legitimate interest of the company in the customer relationship and/or the implementation of the contract.

The purpose of the processing of personal data is:

  • Delivering and developing our products and services, such as surveys
  • Fulfilling our contractual and other promises and obligations
  • Caring for our customer relationship
  • Research and statistical purposes for the maintenance of the service
  • Targeting advertising on our company's own and other online services

We use automatic profiling to identify registered person profiles, online behavior and acquisition history. We use this information to target marketing and develop services.


5. What data do we process?

In connection with the customer register, we process the following personal data of customer or other data subject:

  • Data subject's basic information such as name *, customer number *, user name and/or other unique identifier *, password *
  • Contact details of the data subject such as e-mail address *, telephone number *, address information *
  • Information concerning the Company/association and the Company/Associations liaison officers, such as Business ID *, Association registration number * and contact names * and contact details *
  • Customer and contract information, such as information on past and current contracts and orders
  • Other information such as electronic invoicing information and electronic communications
  • Personal profile and online behavior

The provision of personal data marked with an asterisk (*) is a prerequisite to our contractual relationship and/or our customer relationship without the necessary personal data we cannot provide the product and/or service.


6. Where can we obtain information?

We receive information primarily from the data subject itself.

In addition, personal data may be collected and updated for the purposes described in this privacy statement, including from publicly available sources and authorities or from other third parties, within the limits of the applicable legislation. This type of data refresh is performed manually or by automated means.


7. To whom do we disclose and transfer data and transfer data outside the Eu or Eea?

We use our working subcontractors for the processing of personal data. We have outsourced IT management to third-party service providers who are storing and protecting personal data on the server. We have ensured your data protection with our subcontractors by establishing processing contracts for the processing of personal data. In some cases, personal data may be disclosed outside the Eu/Eea, such as the United States and Russia. The disclosure of the information will depend on the customer's purchase of the service in which the contract refers more specifically to what kind of donation it is and where they are disclosed. We have ensured appropriate safeguards in relation to the transfer. We use standard contractual clauses approved by the EU or other transfer procedures approved by the Eu Commission.


8. How do we protect data and how long do we keep them?

The use of a system of personal data is only eligible for employees who have the right to process customer data on their behalf. Each user has their own user name and password in the system. The data is collected in databases that are protected by firewalls, passwords and other technical means. Databases and their backups are located in locked spaces and can only be accessed by certain pre-named individuals.

We retain personal data for 3 months after termination of the contract, and in accordance with accounting law, invoice information 6 years after the date of posting of the invoice.

We assess the necessity of data retention, taking into account regularly applicable legislation. In addition, we will take care of reasonable measures to ensure that data subjects are not kept in the register for the purposes of processing incompatible, outdated or inaccurate personal data. We will rectify or discard such information without delay.


9. What are your rights as a registered company?

As registered, you have the right to inspect the data stored in your personal register and to request rectification or erasure of inaccurate information. You also have the right to withdraw or amend your consent.

As registered, you have the right, in accordance with the GDPR (25.5.2018), to object to or request the restriction of your data and to complain about the processing of personal data to the supervisory authority.

For specific personal reasons, you also have the right to oppose profiling and other processing operations against yourself where the basis for processing data is a customer relationship between us. In the context of your claim, you should identify the specific situation on which you oppose the processing. We can refuse to accept a request for objection only on the basis of the law.

You also have the right, at any time and free of charge, to object to the processing, including profiling, insofar as it relates to direct marketing.


10. Whom can you communicate with?

All contacts and requests for this leaflet should be presented in writing or in person in the Section two (2) designated contact persons.


11. Amendments to the Register leaflet

FinEq International Ltd reserves the right to change the contents of the register leaflet without notice to the data subject.

The data subject's responsibility is to consult the contents of the register regularly.