1. Data Controller
Attorneys-at-Law Sotka Legal
Business ID: 1885403-9
Erottajankatu 15–17 A, 4th floor, 00130 Helsinki, Finland
2. Contact for matters concerning the registers
Attorney Jari Sotka
Tel. +358 40 544 0610
Email: toimisto@sotkalegal.fi
In its privacy assessment, Sotka Legal has concluded that it is not required to appoint a separate Data Protection Officer.
3 Name of the register
Sotka Legal customer and marketing register.
4 Purpose and legal basis for processing personal data
The primary legal bases for processing are the customer relationship between Sotka Legal and the client, the client’s consent, the client’s engagement/assignment, or other legitimate connection.
The customer register may also contain other personal data that are necessary for handling assignments, including data relating to a client’s counterparties, partners, and their agents or advisers.
Personal data may be processed for the following purposes: management of customer relationships and assignments, and the communications required for and related to them. Processing tasks for the customer register are not outsourced.
Personal data stored in the marketing register are processed either on the basis of our legitimate interests (e.g. direct marketing to our clients and development of our services) or your consent. Data in the marketing register are used for the marketing and sale of our services. We may use an external partner for tasks related to the marketing register.
5. Data content of the register
The following types of data may be stored about a data subject: name, education, employer, job title, personal identity code, customer number, language, address, telephone number, email address and other necessary contact details.
For debt collection purposes, we may also store personal credit information, such as records of payment defaults, payment behaviour and enforcement information. Where relevant, information concerning the data subject’s insurance and similar matters may be stored. We may also store information related to purchases of services and payments, notes, and details related to data processing, such as the date of entry and the source of the data.
5.1 Personal data required under the Anti-Money Laundering Act
To the extent that the Finnish Act on Preventing Money Laundering and Terrorist Financing (444/2017, the “AML Act”) applies to Sotka Legal’s assignments and clients, we collect the following data about clients:
1) name, date of birth and personal identity code;
2) for a legal person or a person acting as its representative: name, date of birth and personal identity code;
3) full names, dates of birth and nationalities of the members of a legal person’s board or other corresponding decision-making body;
4) the name, date of birth and personal identity code of the beneficial owner;
5) the name, number or other identifier and issuer of the document used for identity verification, and a copy of the document; or, if the client has been remotely identified, information on the procedure or sources used;
6) information necessary for Know Your Customer purposes, such as details of the client’s operations, the nature and scope of the business, financial position, reasons for the use of a transaction, service or product, and the origin of funds; and
7) information necessary to fulfil enhanced due diligence for politically exposed persons (PEPs).
For a foreign client without a Finnish personal identity code, we must additionally collect and retain information on the person’s nationality and travel document.
6. Retention period for personal data
Personal data are stored in the customer register until the customer relationship between the data subject and Sotka Legal can be considered to have ended. The end date is determined from the data subject’s most recent service contact or enquiry, plus ten (10) years.
Data collected to meet the requirements of the AML Act are retained for at least the statutory period required by that Act. Some data may need to be retained for longer due to other legal obligations.
7 Regular sources of data
Data are obtained primarily from the following sources: the data subject; events related to the data subject’s customer relationship, use of services, communications and transactions; identity, verification, address, update, credit information or similar services; and Sotka Legal’s or the data subject’s partners, such as insurance companies or credit information agencies.
Data are also collected directly from the user, for example when a contact form is submitted.
8. Regular disclosures and transfers of data outside the EU/EEA
Customer data are not disclosed outside Sotka Legal except as required by a contract, the data subject’s separate consent and/or specific legal provisions. Customer data are not transferred outside the European Economic Area.
9. Description of data security principles
Paper documents are stored in locked premises accessible only to specifically authorised employees. The firm’s IT systems are hosted in storage space procured as a service from Microsoft, where all client and other data are saved. Remote connections for employees are configured per workstation using encrypted VPN connections and individual usernames and passwords.
All office network connections and storage facilities are monitored and protected with up-to-date firewalls and necessary anti-virus, anti-malware and anti-spyware tools. Maintenance of the data network, workstations, storage devices and other data media is outsourced to a Finnish service provider specialised in IT systems. Access to digital data is restricted to authorised employees via personal credentials.
Our website uses TLS-encrypted HTTPS, ensuring that all personal data are protected in electronic transmission.
10. Profiling
Sotka Legal does not carry out any profiling related to customer data.
11. Right of the data subject to object to processing and direct marketing
The data subject has the right, on grounds relating to their particular situation, to object to processing activities that Sotka Legal carries out on their personal data where the basis for processing is the customer relationship between Sotka Legal and the data subject. A request to object to processing may be submitted in accordance with Section 13 of this Privacy Notice. The request must specify the particular situation on which the objection is based.
Sotka Legal may refuse to act on an objection on statutory grounds.
12. Other rights of the data subject in relation to personal data processing
12.1 Right of access
The data subject has the right to know what information about them is stored in Sotka Legal’s customer register. A request for access must be made as set out in Section 13. The right of access may be refused on statutory grounds. Exercising the right of access is, as a rule, free of charge.
12.2 Right to rectification, erasure or restriction
The data subject may request the rectification, erasure or restriction of processing of data that are incorrect, unnecessary, incomplete or outdated. A request for rectification must be made as set out in Section 13.
The data subject also has the right to request that the controller restrict the processing of their personal data, for example while Sotka Legal is verifying or responding to a request for rectification or erasure.
12.3 Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with the competent supervisory authority if the controller has not complied with applicable data protection legislation in its operations.
12.4 Other rights
Where personal data are processed on the basis of the data subject’s consent, the data subject has the right to withdraw consent by notifying Sotka Legal as set out in Section 13.
13. Contact
For all questions related to the processing of personal data and the exercise of your rights, please contact Sotka Legal.
By e-mail
toimisto@sotkalegal.fi
By mail:
Sotka Legal
C/o Boffice
Erottajankatu 15-17 A
00130 Helsinki, Finland
Sotka Legal may, where necessary, ask the data subject to clarify their request in writing, and the data subject’s identity may be verified before taking further action.
14. Cookies We Use
Cookies are small text files that are automatically stored on a computer or device when visiting websites. We use cookies to provide our services in the most user-friendly way possible. If you do not want the online service to collect information via cookies, please accept only the strictly necessary cookies.
Our online service uses cookies to improve usability and quality and to target our marketing. The cookies we use relate, among other things, to our marketing automation system (ActiveCampaign), Google Analytics, and our social media channels — LinkedIn, YouTube, X (Twitter) and services of the Meta group.
These tools store information such as which pages you visit, how long you stay on the site, how you arrived there and which links you click. We may also use cookies to develop our services and website, analyse site usage, and for the targeting and optimisation of marketing. By monitoring website traffic, we develop our site to make it better and to provide users with an improved visit experience.
Strictly necessary cookies help make the website usable by enabling basic functions such as page navigation and access to secure areas of the site. The website cannot function properly without these cookies.