Merilampi Attorneys Ltd. (”Merilampi”)
+358 9 686 481
2. Purpose of processing
Merilampi processes personal data for the following purposes:
- Client assignments. Merilampi processes personal data in order to open and perform client assignments. Such processing includes correspondence and other communication with the client, performance of conflict of interest checkups and invoicing. When Merilampi represents a client, it may be necessary to process sensitive personal data (such as information related to criminal sanctions) in connection with the assignment in situations where it is necessary in order to draft, present or defend a legal claim.
- Identification clients. Personal data will be used in order to identify the clients of Merilampi as required in the applicable anti-money laundering legislation.
- Maintenance and development of client relationships. Merilampi processed personal data in order to send, for example, newsletters, event invitations and other marketing materials.
- Website development. Merilampi processes personal data related to website traffic, such as cookies.
The legal basis with respect to all processing of personal data related to client assignments is the legal obligation of the data controller as defined in Article 6(1)(c) of the GDPR. The processing is based on the legislation and guidelines defining the obligations of attorneys and pursuant to the aforementioned, Merilampi is obliged to supervise the interests and rights of its clients. Further, pursuant to the applicable legislation and guidelines, Merilampi is obliged to keep confidential all personal data which Merilampi acquires in connection with a client assignment.
With respect to processing of personal data for marketing and website development purposes, the legal basis for processing is the legitimate interest of the data controller as defined in Article 6(1)(f) of the GDPR to develop the existing client relationships as well as to acquire new clients. In the event that the data subject has provided their personal data via a separate signup link located on the Merilampi website or at the bottom of an event invitation in order to receive newsletters and event invitations and we do not rely on any other legal basis in order to process the personal data of the data subject, the legal basis for processing is consent as defined in Article 6(1)(a) of the GDPR and the data subject may withdraw their consent any time pursuant to the instructions described below in section 7.
3. Personal data collected and retention
Merilampi processes the information of its clients and business partners to the extent that such information is reasonably necessary to effectively perform the client assignment and to manage the client relationship. The personal data processed by Merilampi for each purpose is as follows:
- Client assignment: name, position, phone number and email address of the client’s or business partner’s representative. If the data subject is a natural person, the register includes also his/her home address and social security number.
- Customer identification: personal data required by the anti-money laundering legislation, such as passport copy and social security number.
- Marketing: name, position, phone number and email address of the client’s or business partner’s representative.
Merilampi will only store personal data for as long as it relevant and will remove the collected personal data when it is no longer needed for the above-mentioned purposes. The Finnish Bar Association has given non-binding instructions concerning retention of data related to client assignments and pursuant to the instructions data shall be stored for at least 10 years from the closing of the assignment. The aforementioned instructions shall be noted when determining the time period for data retention but due to the nature of certain information, client or business partner relationships or assignments some data may be stored for a longer or a shorter period of time.
4. Source of personal data
Personal data is usually collected directly from the data subjects or from the client’s or business partner’s representative. Personal data is also received from other parties than the data subject him/herself as part of assignment work or business relationship management. Moreover, data subjects may give their contact information in events or direct sales contacts and information can be received from other business partners.
5. Disclosure of personal personal data
As a general principle, Merilampi does not disclose personal data to third parties, unless required by applicable legislation, authorities or the performance of the client assignment. However, personal data may be disclosed to third parties in the event that Merilampi wishes to appoint external processors or sub-processors. In that case, Merilampi will enter into a data protection agreement with the service provider in order to secure a safe and appropriate processing of personal data.
In case Merilampi enters into a joint venture with or is sold to or merged with another business entity, personal data may be disclosed to the new business partner or owner.
Personal data will not be transferred outside the EU/EEA region.
6. Data security
With respect to electronic data:
Most data are stored electronically on servers provided by third parties. Merilampi has appropriate data security measures in place in order to protect all electronic personal data. Merilampi will ensure that the registers will not be subject to access by unauthorized persons or unlawful processing or other damage.
With respect to personal data on paper:
Merilampi ensures that all papers containing personal data are protected in an appropriate manner and Merilampi has sufficient measures in place to monitor any unauthorized access.
In case Merilampi is subject to damage, destruction or other similar event that Merilampi could not possibly have prevented, Merilampi will notify the data subject immediately in accordance with the obligations of the applicable laws. Merilampi is not, however, liable for such unpredictable events.
7. Individual rights
According to the GDPR, data subjects have the following rights regarding their personal data:
- Right of access to their personal data;
- Right to request the controller to rectify incomplete or incorrect personal data;
- Right to object to or restrict the processing of personal data and to object to automated decision-making, when the processing is based on the legitimate interest of the data controller or consent;
- Right to request the controller to erase personal data, when the processing is based on the legitimate interest of the data controller or consent; and
- Right to transfer personal data to another controller when the personal data is based on consent or agreement and the processing is automated.
In addition, according to article 77 of the GDPR, the data subject is entitled to lodge a complaint with the supervisory authority concerning the processing activities carried out by Merilampi. Such complaint may be lodged in particular, in the member state of his or her habitual residence or place of work or the alleged infringement took place.
If the data subject wishes to exercise his or her rights, he or she should contact Merilampi via email to email@example.com. Merilampi will use all reasonably available resources to respond to any such request without undue delay.
8.1 Cookies on our Website
Cookies are small text files that are stored in your computer’s memory and hard drive when you visit certain web pages. They are used to enable websites to function or to provide information to the owners of a website. Web beacons (also called “pixel tags”) are electronic images placed on a website that typically help us access certain cookies on the website, enable us to count visitors on our websites and improve our services. Web beacons also collect information about visits from your IP-address.
Analytical purposes: Analytical cookies allow us to recognize, measure and track visitors to our Websites. This helps us to develop the way our Websites function, by determining whether site visitors can find information easily, or by identifying the aspects of websites that are of the most interest to them, for example.
Usage preferences: Some cookies on our Websites are activated when visitors to our sites make a choice about their usage of the Website. Our Websites then use the settings preferences of the user in relation to future visits. This allows us to tailor the experience on our Websites to the individual user.
Functional purposes: Functional purpose cookies store information that is needed by our applications to process and operate. For example, where transactions or requests within an application involve multiple workflow stages, cookies are used to store the information from each stage temporarily, in order to facilitate completion of the overall transaction or request.
To make full use of our Websites, your device will need to accept cookies. Our Websites will not function properly without them. In addition, cookies are required in order to provide you with personalised features on our Websites.
On certain of our Websites, we include content designed for display using Adobe Flash Player, such as animations, videos and tools. Local flash storage (often referred to as “Flash cookies”) can be used to help improve your experience as a user. Flash storage is retained on your device in much the same way as standard cookies, but is managed directly by your Flash software.
If you wish to disable or delete information stored locally in Flash, please see the documentation for your Flash software, located at www.adobe.com. Please note that, if you disable Flash cookies, some site functionality may not work.
8.2 Third party cookies
8.3 Amending cookie preferences
The site www.allaboutcookies.org includes instructions for managing cookies on many commonly used browses, or you may consult the vendor documentation for your specific software.
Further information about cookies
If you would like to find out more about cookies in general and how to manage them, please visit www.allaboutcookies.org.