Data Protection and registry notice
EU:s general data protection regulation (679/2016, “GDPR”)
1. DATA CONTROLLER
Kaspian Law & Consulting Oy
Aleksanterinkatu 15 B, 00100 Helsinki
+358 044 704 9992
2. CONTACT PERSON OF THE REGISTER
Elle Friberg, Lawyer
3. NAME OF THE REGISTER
Kaspian Law & Consulting Oy client register
4. PURPOSES OF THE USE OF PERSONAL INFORMATION
The purpose of the register is
1. Handling, developing and managing client relations;
2. Handling commissions and invoicing;
3. Recruiting. For this part the register consists only of the information delivered by the job applicant and they are stored and processed only for recruiting
5. REGISTER CONTENTS
Kaspian Law & Consulting Oy’s clients are saved to the client register.
The following data is processed in the register:
- First and last name
- Contact information
- Social security number or business identity code
- Information regarding commissions and the material collected or composed for the handling of the commissions. These are for example documents from the client, the authorites and the counterparty, and the documents composed by the lawyers, communication with the client, sent invoices and the payments.
6. REGULAR SOURCES OF INFORMATION
The information in the register is primarily collected from the registered person.
While handling commissions information regarding other parties may be gathered from the clients of Kaspian Law & Consulting Oy. Additionally, personal data may be gathered from authorities and other reliable sources within the limits of the applicable law.
7. RIGHT OF INSPECTION AND RIGHT TO RECTIFICATION OR RIGHT TO ERASURE
The data subject shall have the right to obtain information of what data, how and for what purposes their data is being processed. Giving the information can be justifiably denied if the request includes information that falls under confidentiality.
The data subject has the right to request the rectification of incorrect or inaccurate data, limitation of data porcessing or the erasure of data. The data subject may exercise his or her right in writing via email or by mail. The request to erase data basically also leads to the ending of the commission as the gathered data is always necessary for the handling of the commission. The law office has an obligation to retain certain information after the commission or the client relationship has ended. The right to be forgotten is therefore limited in regards to the information collected during commissions.
8. DISCLOSURE OF PERSONAL DATA
The data in the register may be disclosed forward. Data is disclosed forward only to the extent that is necessary for the obligations arising from commissions, client relations and legislation.
9. TRANSFER OF PERSONAL DATA OUTSIDE OF EU OR EEA
The data in the register will not be transferred outside of the EU or EEA.
10. RETENTION OF PERSONAL DATA
Personal data is retained for the time that the client relationship is valid. After the client relationship ends the information is retained for as long as is necessary due to the obligations arising from law, as a rule for at least ten years. Personal data may be retained for a longer time if required by the existing legislation or for another justified cause. For example an in-house inspection on judicial disqualification may require the retention of some data for more than ten years.
11. PRINCIPLE OF REGISTRY PROTECTION
The data stored in the register is only for the usage of the persons needing them for handling commissions.
Paper documents including personal data are stored in a locked room.
For the inspection of personal data stored electronically a username and a password is required. Additionally, the internet access is secured. Data regarding commissions fall under confidentiality and they cannot be disclosed to outside parties without the consent of the client or without a distinct regulation.