NORDIC LAW OY’S PRIVACY POLICY AS A CONTROLLER

(updated on 2.1.2019)

This Nordic Law Oy’s (hereinafter also “we”, “us” or “our”) privacy policy describes our personal data processing activities as the controller (hereinafter “Privacy Policy”) for the categories of data subjects described in Section 3 below (hereinafter also “you”).

This Privacy Policy contains our records of processing activities as the controller and is also a privacy notice from us to you of the ways we process your personal data. Thus, this Privacy Policy covers at least the information required in Articles 13, 14 and 30 of the EU’s General Data Protection Regulation (679/2016) (hereinafter “GDPR”).

1) CONTROLLER

Name: Nordic Law Oy
Business ID: 0947087-7
Address: Erottajankatu 5 A 6, 00130 Helsinki 

2) CONTACT PERSON

Name: Max Atallah, Associate Lawyer, CIPP/E
Contact details: +358 40 527 46 76, max.atallah@nordiclaw.fi 

3) DATA SUBJECTS AND PERSONAL DATA

4) PURPOSE FOR PROCESSING

5) LEGAL BASIS FOR PROCESSING

Clients and potential clients

  • contact details
  • data relating to client relationships
  • data we are required to process due to our legal obligations

Management and development of client relationships

Contract

to perform the contracts to which we are a party to

Direct to marketing our clients and potential corporate clients:

  • Emails
  • Phone calls

Our legitimate interest

to manage and develop our client relationships and further develop our business operations 

NB! You have a right to opt-out of direct marketing each time we provide marketing to you.

Compliance with legal obligations

Legal obligations

to comply with several legal obligations as a law office

Affiliates and potential affiliates

  • contact details
  • data relating to affiliate relationships
  • data we are required to process due to our legal obligations

Management and development of affiliate relationships

Contract

⇒ to perform the contracts to which we are a party to

Compliance with legal obligations

Legal obligations

to comply with several legal obligations as a law office

Jobseekers

  • contact details
  • CV data
  • possible registration data
  • possible other data the data subject chooses to disclose to us

Management of job applications and jobseeker relationships

Our legitimate interest

to manage our jobseekers and possibly employ them 

NB! You have a right forbid us from processing your personal data.

Compliance with legal obligations

Legal obligations

to comply with several legal obligations as an employer

Persons who contact us, including contacts made through our social networks (e.g. when a data subject follows our LinkedIn page)

  • contact details
  • possible other data the data subject chooses to disclose to us 

Management of contacts

Our legitimate interest

to manage contacts made to us 

NB! You have a right forbid us from processing your personal data.

Compliance with legal obligations

Legal obligations 

⇒ to comply with several legal obligations as a law office

Persons who subscribe to our newsletter

  • emails

Management of newsletters

Our legitimate interest

to manage subscriptions to our newsletter 

NB! You have a right forbid us from processing your personal data.

6) REGULAR SOURCES OF INFORMATION

Data regarding the data subject are regularly gathered from:

  • data subjects themselves
  • our social networks, if a data subject so chooses (e.g by following our LinkedIn page)
  • courts and other such instances
  • our affiliates
  • the Population Register Center/Population Information System, Posti’s address database, phone companies’ databases and other similar private and public registries.

7) PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

Data subjects

Retention period

7.1) Clients and potential clients

Necessary data shall be retained for as long as it necessary for us to handle our client relationships and comply with any legal obligations.

7.2) Affiliates and potential affiliates

Necessary data shall be retained for as long as it necessary, taking into consideration our field of business.

7.3) Jobseekers

 

Necessary data shall be retained for a period of twelve (12) months following the first contact made, if the jobseeker has not turned into our employee.
7.4) Persons who contact us (not including social media)

Necessary data shall be retained for a period of three (3) years following the contact.

7.5) Social media contacts

Necessary data shall be retained for as long as the data subject deletes his/her data.

7.6) Persons wanting direct marketing or our newslettersNecessary data shall be retained for as long as the data subject wants to receive direct marketing or our newsletter.

7.7) However, we may retain only the necessary data of the data subjects for longer than is described above, where we are required to do so by law, it is necessary due to legal proceedings and it is necessary for any similar reason. We shall be careful not to apply this Section in vain.

7.8) We inspect the necessity of the personal data stored regularly and keep records of the inspections.

8) CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The recipients of personal data may consist of the following categories:

  • our affiliates
  • parties who offer data storage services
  • courts and other such instances
  • parties who offer accounting and auditing services

9) INFORMATION TRANSFER OUTSIDE OF EU OR THE EUROPEAN ECONOMIC AREA

We can transfer data outside the EU /EEA. When doing so, we ensure adequate safeguards for the data.

10) DATA SUBJECTS’ RIGHTS

The data subject may have a right to use all of the below mentioned rights.

The contacts concerning the rights shall be submitted to the contact person stated in Section 2. The rights of the data subject can be put into action only when the data subject has been satisfactorily identified.

Right

Description

10.1) Right to inspect

The data subject has the right to inspect what, if any, data the controller has stored of her/him.

10.2) Right to rectify and erasure

The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.

10.3) Right to restriction of processing

The data subject can request the controller to restrict the processing of the personal data concerning the data subject on the grounds provided by law.

10.4) Right to data portability

The data subject shall have the right to receive the personal data concerning her/him, which he/she has provided to the controller, in a structured, commonly used and machine-readable format where the processing is based on consent or a contract.

10.5) Right to object

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning her/him for such marketing.

Where personal data are processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning her/him for such purposes in accordance with the law.

10.6) Automated decisions

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

10.7) Right to withdraw consent

Where the legal basis for the processing of personal data is the consent of the data subject, the data subject shall have the right to withdraw her/his consent.

11) RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be lodged in the Member State of her/his habitual residence, place of work or place of the alleged infringement.

12) COOKIES

Cookies are small text files that a website stores on your device when you browse that website. Cookies store data of your website use.

Our website uses e.g. Google’s and Hubspot’s cookies to improve our website. Cookies used to improve websites are a common part of all modern websites.

You can control and/or remove cookies freely at the individual browser level. Instructions can be found for example in here: aboutcookies.org.

13) SECURITY OF PROCESSING

Nordic Law Oy organizes the data security of its registers in a generally accepted manner to a law firm and seeks the most appropriate technical solutions to prevent unauthorized access to its electronic data systems as well as to manually maintained and stored data.

Only Nordic Law Oy personnel have access to the information contained in our registers. We restrict our personnel’s access to certain data files by providing our personnel with different user rights. Access to our electronic registers requires the issuance of a personal username and a password.

To the extent that the information contained in the register is subject to special secrecy and confidentiality obligations of a law firm, Nordic Law Oy treats such information in a lawful manner.

14) CHANGES

We have a unilateral right to change this Privacy Policy. The changes take effect immediately when we post the up to date version of our Privacy Policy to our website.