Merilampi Attorneys Ltd. collects and processes personal data that is necessary in order to open and perform a client assignment. Merilampi Attorneys Ltd complies with and acts in accordance with the applicable data protection legislation, including amongst other the General Data Protection Regulation (EU 2016/679 “GDPR”) every time it processes personal data. The purpose of this privacy policy is to describe how and for what purpose the personal data is processed by Merilampi Attorneys Ltd and what rights the data subjects have with respect their personal data.

1. Controller

Merilampi Attorneys Ltd. (”Merilampi”)
Keskuskatu 7
00100 Helsinki
+358 9 686 481

2. Purpose of processing

Merilampi processes personal data for the following purposes:

  • Client assignments. Merilampi processes personal data in order to open and perform client assignments. Such processing includes correspondence and other communication with the client, performance of conflict of interest checkups and invoicing. When Merilampi represents a client, it may be necessary to process sensitive personal data (such as information related to criminal sanctions) in connection with the assignment in situations where it is necessary in order to draft, present or defend a legal claim.
  • Identification clients. Personal data will be used in order to identify the clients of Merilampi as required in the applicable anti-money laundering legislation.
  • Maintenance and development of client relationships. Merilampi processed personal data in order to send, for example, newsletters, event invitations and other marketing materials.
  • Website development. Merilampi processes personal data related to website traffic, such as cookies.

The legal basis with respect to all processing of personal data related to client assignments is the legal obligation of the data controller as defined in Article 6(1)(c) of the GDPR. The processing is based on the legislation and guidelines defining the obligations of attorneys and pursuant to the aforementioned, Merilampi is obliged to supervise the interests and rights of its clients. Further, pursuant to the applicable legislation and guidelines, Merilampi is obliged to keep confidential all personal data which Merilampi acquires in connection with a client assignment.

With respect to processing of personal data for marketing and website development purposes, the legal basis for processing is the legitimate interest of the data controller as defined in Article 6(1)(f) of the GDPR to develop the existing client relationships as well as to acquire new clients. In the event that the data subject has provided their personal data via a separate signup link located on the Merilampi website or at the bottom of an event invitation in order to receive newsletters and event invitations and we do not rely on any other legal basis in order to process the personal data of the data subject, the legal basis for processing is consent as defined in Article 6(1)(a) of the GDPR and the data subject may withdraw their consent any time pursuant to the instructions described below in section 7.

3. Personal data collected and retention

Merilampi processes the information of its clients and business partners to the extent that such information is reasonably necessary to effectively perform the client assignment and to manage the client relationship. The personal data processed by Merilampi for each purpose is as follows:

  • Client assignment: name, position, phone number and email address of the client’s or business partner’s representative. If the data subject is a natural person, the register includes also his/her home address and social security number.
  • Customer identification: personal data required by the anti-money laundering legislation, such as passport copy and social security number.
  • Marketing: name, position, phone number and email address of the client’s or business partner’s representative.

Merilampi will only store personal data for as long as it relevant and will remove the collected personal data when it is no longer needed for the above-mentioned purposes. The Finnish Bar Association has given non-binding instructions concerning retention of data related to client assignments and pursuant to the instructions data shall be stored for at least 10 years from the closing of the assignment. The aforementioned instructions shall be noted when determining the time period for data retention but due to the nature of certain information, client or business partner relationships or assignments some data may be stored for a longer or a shorter period of time.

4. Source of personal data

Personal data is usually collected directly from the data subjects or from the client’s or business partner’s representative. Personal data is also received from other parties than the data subject him/herself as part of assignment work or business relationship management. Moreover, data subjects may give their contact information in events or direct sales contacts and information can be received from other business partners.

5. Disclosure of personal personal data

As a general principle, Merilampi does not disclose personal data to third parties, unless required by applicable legislation, authorities or the performance of the client assignment. However, personal data may be disclosed to third parties in the event that Merilampi wishes to appoint external processors or sub-processors. In that case, Merilampi will enter into a data protection agreement with the service provider in order to secure a safe and appropriate processing of personal data.

In case Merilampi enters into a joint venture with or is sold to or merged with another business entity, personal data may be disclosed to the new business partner or owner.

Personal data will not be transferred outside the EU/EEA region.

6. Data security

With respect to electronic data:

Most data are stored electronically on servers provided by third parties. Merilampi has appropriate data security measures in place in order to protect all electronic personal data. Merilampi will ensure that the registers will not be subject to access by unauthorized persons or unlawful processing or other damage.

With respect to personal data on paper:

Merilampi ensures that all papers containing personal data are protected in an appropriate manner and Merilampi has sufficient measures in place to monitor any unauthorized access.

In case Merilampi is subject to damage, destruction or other similar event that Merilampi could not possibly have prevented, Merilampi will notify the data subject immediately in accordance with the obligations of the applicable laws. Merilampi is not, however, liable for such unpredictable events.

7. Individual rights

According to the GDPR, data subjects have the following rights regarding their personal data:

  • Right of access to their personal data;
  • Right to request the controller to rectify incomplete or incorrect personal data;
  • Right to object to or restrict the processing of personal data and to object to automated decision-making, when the processing is based on the legitimate interest of the data controller or consent;
  • Right to request the controller to erase personal data, when the processing is based on the legitimate interest of the data controller or consent; and
  • Right to transfer personal data to another controller when the personal data is based on consent or agreement and the processing is automated.

In addition, according to article 77 of the GDPR, the data subject is entitled to lodge a complaint with the supervisory authority concerning the processing activities carried out by Merilampi. Such complaint may be lodged in particular, in the member state of his or her habitual residence or place of work or the alleged infringement took place.

If the data subject wishes to exercise his or her rights, he or she should contact Merilampi via email to Merilampi will use all reasonably available resources to respond to any such request without undue delay.

8. Cookies

8.1 Cookies on our Website

Cookies are small text files that are stored in your computer’s memory and hard drive when you visit certain web pages. They are used to enable websites to function or to provide information to the owners of a website. Web beacons (also called “pixel tags”) are electronic images placed on a website that typically help us access certain cookies on the website, enable us to count visitors on our websites and improve our services. Web beacons also collect information about visits from your IP-address.

This Cookie policy informs you how Merilampi uses cookies, web beacons and other similar technologies (jointly referred to as “Cookies”) in its websites (“Websites”) and how you can manage and control the use of cookies on your computer or device.

Cookies that are used on our Websites help Merilampi to provide customized services and information. Merilampi uses cookies on all our Websites to gather information how and when pages in our Websites are visited, what our users’ technology preferences are and whether our Websites are functioning properly.

In general terms, we use cookies on our Websites for the following purposes:

Analytical purposes: Analytical cookies allow us to recognize, measure and track visitors to our Websites. This helps us to develop the way our Websites function, by determining whether site visitors can find information easily, or by identifying the aspects of websites that are of the most interest to them, for example.

Usage preferences: Some cookies on our Websites are activated when visitors to our sites make a choice about their usage of the Website. Our Websites then use the settings preferences of the user in relation to future visits. This allows us to tailor the experience on our Websites to the individual user.

Policy Administration:  We use cookies to record when a site visitor has seen a policy, such as this one, or provided consent, such as consent to the terms and conditions on our Websites. This avoids repeated questions to a user regarding the same terms.

Session management: The software that runs our websites uses cookies for technical purposes needed by the internal workings of our servers. For instance, we use cookies to distribute requests among multiple servers, authenticate users and determine what features of the site they can access, verify the origin of requests, keep track of information about a user’ s session and determine which options or pages to display in order for the site to function.

Functional purposes: Functional purpose cookies store information that is needed by our applications to process and operate. For example, where transactions or requests within an application involve multiple workflow stages, cookies are used to store the information from each stage temporarily, in order to facilitate completion of the overall transaction or request.

To make full use of our Websites, your device will need to accept cookies. Our Websites will not function properly without them. In addition, cookies are required in order to provide you with personalised features on our Websites.

On certain of our Websites, we include content designed for display using Adobe Flash Player, such as animations, videos and tools. Local flash storage (often referred to as “Flash cookies”) can be used to help improve your experience as a user. Flash storage is retained on your device in much the same way as standard cookies, but is managed directly by your Flash software.

If you wish to disable or delete information stored locally in Flash, please see the documentation for your Flash software, located at Please note that, if you disable Flash cookies, some site functionality may not work.

8.2 Third party cookies

When you visit our Websites, you may receive cookies that are set by third parties. These may include cookies set by Google. These cookies are used for the purposes described in the “Cookies on our Website” section of this policy. We do not control the setting of these third-party cookies, so we recommend you to check the third-party websites for more information about their use of cookies and how to manage them.

8.3 Amending cookie preferences

We will only use cookies to the degree that you have authorized their use in our cookie banner when entering our website, with the exception of necessary cookies. By selecting the "Cookie Settings" icon on our Websites, you may easily adjust your cookie preferences or revoke your consent.

You can control, disable and remove any previously saved cookies from your browser’s settings. The instructions for controlling cookies from your computer or mobile device depend on the operating system and web browser you use. Please note, however, that withdrawing your consent to the use of cookies on our Websites will mean that some components of our website might not work properly.

The site includes instructions for managing cookies on many commonly used browses, or you may consult the vendor documentation for your specific software.

Further information about cookies

If you would like to find out more about cookies in general and how to manage them, please visit