Merilampi Attorneys Ltd. (”Merilampi”)
+358 9 686 481
2. CONTACT PERSON
+358 9 686 481
3. NAME OF THE REGISTER
Client and business partner register
4. PURPOSE OF PROCESSING
Most data in the Client and business partner register is enterprise data, but the register contains personal data as well. Merilampi processes personal data pursuant to the General Data Protection Regulation (EU 2016/679 “GDPR”) article 6(1)f. The legal basis for processing is the legitimate interest of Merilampi to manage and maintain records of its clients and business partners. Such processing includes, for example processing for invoicing and communications purposes. In addition, the personal data can be used in sales and marketing campaigns.
5. PERSONAL DATA COLLECTED AND RETENTION
The Client and business partner register contains information about the clients and business partners of Merilampi to the extent that such information is reasonably necessary to effectively manage the client relationship. Such personal data included in the register are name, position, phone number and email address of the client’s or business partner’s representative. If the data subject is a natural person, the register includes also his/her home address and social security number.
Merilampi will only store personal data for as long as it relevant and will remove the collected personal data when it is no longer needed for the abovementioned purposes. The Finnish Bar Association has given non-binding instructions concerning data retention as to client assignments and pursuant to the instructions data shall be stored up to 10 years from the closing of the assignment. The aforementioned instruction shall be noted when determining the time period for data retention but due to the nature of certain information, client or business partner relationships or assignments some data may be stored for a longer or a shorter period of time.
6. SOURCE OF PERSONAL DATA
Personal data is collected directly from the data subjects – usually from the client’s or business partner’s representative him/herself, who will be the client’s or business partner’s primary contact person or from another representative of the client or business partner. Moreover, data subjects may give their contact information in events or direct sales contacts and information can be received from other business partners. Processing personal data is always in full compliance with the limitations of the applicable data protection law.
7. DISCLOSURE OF PERSONAL DATA
Personal data may also be disclosed to third parties if Merilampi wishes to appoint external processors or sub-processors.
Personal data may also be disclosed to authorities pursuant to applicable laws.
In case Merilampi enters into a joint venture with or is sold to or merged with another business entity, personal data may be disclosed to the new business partner or owner.
8. TRANSFERS OUTSIDE EU/EAA REGION
Personal data will not be transferred outside the EU/EEA region.
9. DATA SECURITY
With respect to electronic data:
Most data are stored electronically on servers provided by third parties. Merilampi has appropriate data security measures in place in order to protect all electronic personal data. Merilampi will ensure that the registers will not be subject to access by unauthorized persons or unlawful processing or other damage.
With respect to personal data on paper:
Merilampi ensures that all papers containing personal data are protected in an appropriate manner and Merilampi has sufficient measures in place to monitor any unauthorized access.
In case Merilampi is subject to damage, destruction or other similar event that Merilampi could not possibly have prevented, Merilampi will notify the data subject immediately in accordance with the obligations of the applicable laws. Merilampi is not, however, liable for such unpredictable events.
10. INDIVIDUAL RIGHTS
According to the General Data Protection Regulation, data subjects have the following rights regarding their personal data:
- Right of access to their personal data;
- Right to request the controller to rectify incomplete or incorrect personal data;
- Right to object to or restrict the processing of personal data and to object to automated decision-making;
- Right to request the controller to erase personal data; and
- Right to transfer personal data to another controller.
According to GDPR article 77, the data subject is entitled to lodge a complaint with the supervisory authority concerning the processing activities carried out by Merilampi. Such complaint may be lodged in particular, in the member state of his or her habitual residence or place of work or the alleged infringement took place.
If the data subject wishes to exercise his or her rights, he or she should contact the Controller via email to firstname.lastname@example.org. Merilampi will use all reasonably available resources to respond to any such request without undue delay.
11.1 Cookies on our Website
Cookies are small text files that are stored in your computer’s memory and hard drive when you visit certain web pages. They are used to enable websites to function or to provide information to the owners of a website. Web beacons (also called “pixel tags”) are electronic images placed on a website that typically help us access certain cookies on the website, enable us to count visitors on our websites and improve our services. Web beacons also collect information about visits from your IP-address.
Analytical purposes: Analytical cookies allow us to recognize, measure and track visitors to our Websites. This helps us to develop the way our Websites function, by determining whether site visitors can find information easily, or by identifying the aspects of websites that are of the most interest to them, for example.
Usage preferences: Some cookies on our Websites are activated when visitors to our sites make a choice about their usage of the Website. Our Websites then use the settings preferences of the user in relation to future visits. This allows us to tailor the experience on our Websites to the individual user.
Functional purposes: Functional purpose cookies store information that is needed by our applications to process and operate. For example, where transactions or requests within an application involve multiple workflow stages, cookies are used to store the information from each stage temporarily, in order to facilitate completion of the overall transaction or request.
To make full use of our Websites, your device will need to accept cookies. Our Websites will not function properly without them. In addition, cookies are required in order to provide you with personalised features on our Websites.
On certain of our Websites, we include content designed for display using Adobe Flash Player, such as animations, videos and tools. Local flash storage (often referred to as “Flash cookies”) can be used to help improve your experience as a user. Flash storage is retained on your device in much the same way as standard cookies, but is managed directly by your Flash software.
If you wish to disable or delete information stored locally in Flash, please see the documentation for your Flash software, located at www.adobe.com. Please note that, if you disable Flash cookies, some site functionality may not work.
11.2 Third party cookies
11.3 Amending cookie preferences
The site www.allaboutcookies.org includes instructions for managing cookies on many commonly used browses, or you may consult the vendor documentation for your specific software.
Further information about cookies
If you would like to find out more about cookies in general and how to manage them, please visit www.allaboutcookies.org.