The controller of your personal data, as described herein, is Lakitoimisto Koskikare Oy (Business ID: 3399303-7).

Various types of personal data is received and processed in connection with our business operations, for example, while onboarding new clients or when performing and managing assignments from our clients.

We process personal data that we either obtain from:

i) you directly, for example when you send emails to us or communicate with us through other channels,

ii) publicly available sources, such as various company registries, government agencies etc;

and/or

iii) third parties such as opposing parties during engagements.

We use only one (1) cookie (Crumb) on our website, which is mandatory for your safety while browsing our site. Crumb is meant to prevent cross-site request forgery (CSRF) and it will expire after your session.

As a law firm, we process information:

i) based on contractual obligation to successfully fulfill tasks and complete engagements given to us by you as our client,

ii) based on legitimate interest to comply with various requirements imposed to legal practitioners such as avoiding and mitigating conflicts of interest,

iii) to comply with legal obligations such as book keeping and anti-money laundering;

and/or

iv) based on legitimate interest to establish, exercise and defend legal claims.

Special categories of personal data are only processed to the extent necessary.

Personal data will not be sold, rented, distributed, or otherwise made available to any third party for marketing purposes.

However, personal data may be shared to our suppliers when they perform services on our behalf, such as book-keeping purposes (for example, invoicing clients) or in order to retain a certificate or expert testimony relating to the ongoing assignment given to us by you – our client.

Such suppliers are obligated to process the data on our behalf and for the aforementioned purposes only.

We may also need to transfer personal data to third parties, such as other legal counsels, advisors, and third parties involved in client matters, including third parties based outside the European Union (the “EU”) and the European Economic Area (the “EEA”).

Personal data is not regularly transferred outside the EU or the EEA.

In situations where personal data is transferred outside the EU or the EEA, such transfer will be performed only when necessary for the services we provide based on engagement and are subjected to appropriate safeguards required by applicable data protection laws and regulations.

Appropriate technical and organizational measures are taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to the personal data in accordance with our internal security procedures covering the storage and destruction of personal data as well as access to personal data.

We regularly check and update our security procedures to ensure our systems are secure and protected. Only the personnel who need to process to personal data for the purposes mentioned above have access to the personal data in question.

Your personal data will be stored for as long:

i) as there is an ongoing engagement, a meaningful business contact or other contact;

and/or

ii) as may otherwise be required by law, for example, the Anti-Money Laundering Act.

When the processing of your personal data is no longer necessary for the purposes they were collected for, they will be securely destroyed in accordance with applicable laws and regulations.

The length of which personal data is stored varies based on the type of data and the reason for processing. However, data subjects should understand that some personal data will be stored for years, for example personal data processed for book-keeping purposes must also be retained for at least ten years.

Data subject has - in relation to the processing of their personal data - a right to:

i) request confirmation whether their personal data is being processed;

and if it is:

a) have access to their personal data and additional information regarding the operation, such as the purposes of the processing.

b) receive a copy of their personal data undergoing processing.

ii) object to the processing of their personal data based on a legitimate interest for reasons which concern their particular situation.

In this situation, the processing of personal data will be stopped when the processing is based on a legitimate interest. However, if the interest overrides individuals privacy interest or that the use of their personal data is necessary to manage or defend legal claims, the processing will continue.

iii) obtain a rectification of inaccuracies in their personal data.

iv) have their personal data erased when the personal data is no longer needed for the purposes which it was collected for.

v) at any time withdraw their consent to the processing of their personal data to the extent the processing is based on their consent.

vi) receive their personal data which they have provided to us, in a structured, commonly used, and machine-readable format and ask for their information to be transferred to another data controller (if possible).

Click here to read more about the rights in relation to the processing of personal data.

Please note that the restrictions to the processing of personal data may result in an immediate termination of any ongoing engagement. We might also be obliged to prevent you from exercising your rights if the personal data relates to our client work or when confidentiality and other obligations under applicable law – such as Anti-Money Laundering Act – apply.

If you consider that your rights under the applicable data protection laws have been infringed, you may lodge a complaint with the competent supervisory authority (Tietosuojavaltuutetun toimisto).

Nothing in life is permanent and this pricacy notice can - and most likely will - be subjected to updates.

If you have any questions regarding to the processing of your personal data, or if you wish to exercise your rights as a data subject, please contact us at karri@koskikare.fi.