Controller
Asianajotoimisto Salonen Oy LSL legal
Business ID 2591357-8
Temppelikatu 4 A
00100 Helsinki, Finland
+358 9454 2880
(register-related requests for information)
Contact person in register-related matters
Petra Lehtinen
Temppelikatu 4 A
00100 Helsinki
+358 9454 2880
Name of register
Advocacy customer register
_____________________________________________________________________________
Intended purpose for the register
The intended purpose for the register is to manage, plan, and execute commissions, to allocate activities for each commission, and to determine possible lack of impartiality when receiving commissions.
Only relevant customer data is collected in the register in accordance with the exclusivity of purpose principle. No identifying data is collected.
Only data for the declared purpose required in the handling of the customer’s commission is collected in the register. The register also manages the customer-specific marketing authorisations. This data, required by default, is used for the operations related to managing the customership.
Register lawfulness, fairness and transparency
In maintaining the customer register, controller shall adhere to the legitimate purposes of processing personal data. Controller shall emphasise the obligation to inform regarding the content of the register in their operations.
The register’s maintainer and processor shall undertake to comply with the obligations stated in the GDPR regulation of the European Union.
Data content of the register
- The law office’s current and past customers
- Customer name and contact information
- SSN or DOB if required
- Corporate customer’s contact person
- Actions taken
- Invoicing information
- Factual content of the commission according to legal classification
- Customers’ counterparties
Regular sources of information
The source of information for the register includes the natural person who provided the data and the data provided by this person. Controller is not responsible for any false information purposefully submitted to the register.
Grounds for data processing
Processing personal data is based on the customer relationship, commission provided to the controller by customer, or carrying out the rights and obligations related to agreements between controller and customer and to legislation.
In rare cases, processing may be based on a controller’s justified benefit, such as debt collection.
Customer’s personal data is transferred to the customer identification register maintained by controller in compliance with the Act on Detecting and Preventing Money Laundering and Terrorist Financing.
Regular destinations of disclosed register data
Register data is not regularly nor occasionally disclosed to anyone or for any purpose unless explicitly required by law.
Data transfer to outside the EU or ETA areas
Data warehousing and processing shall take place in the EU area. No data is transferred to outside the EU or ETA areas.
Data protection principles for the register data
Customer register data is classified as confidential. It will not be disclosed to outside parties without customer’s consent or explicit legal requirement. Customer data is only used by those who participate in commission execution. Controller’s executive-level persons make organisational decisions and allocate access rights to employees regarding customer register data to the extent that performing their work duties requires.
Customer register data is processed by using automatic data processing. Data residing on a computer is accessed by using user names or passwords.
Data security for the controller’s customer register, as well as the confidentiality, integrity, and usability of the personal data, are ensured by using appropriate technical and administrative measures. The data and the service are protected by, among others, a firewall, protected physical environment for the equipment, access control monitoring, access rights, encryption methods, and active monitoring. Personal data is protected from unauthorised access and from illegal or accidental access to or processing of data.
Customer folders are organised in line with the register and they are under constant supervision by the staff. The folders are stored in an appropriately locked space outside office hours.
Storing register data
Register data is only stored for as long as is required to carry out the purpose of processing, and for 10 years after the commission is closed. Exclusion register data remains in the register for a company’s operational period.
Data deletion and removal
Controller shall oversee that the register data for a natural person can be, if required, deleted, anonymised, and archived.
Data subject’s rights
- Right to request access to data subject’s own data
Data subject has the right to verify what personal data has been stored in the register. Request for verification must be signed and sent in writing to the following address: Asianajotoimisto Salonen Oy LSL legal, Temppelikatu 4 A, 00100 Helsinki, Finland. The request must provide a name, SSN, postal address, and telephone number. The reply to this request is delivered to the customer’s address verified via the Population Register Centre. To the extent necessary, controller has the right to identify the customer prior to sending the information. The
request for verification can also be provided in person at the above-mentioned address.
- Right to request data rectification or removal
Data subject has the right to request rectifying inaccurate personal data by notifying the controller in writing at the postal address mentioned in item 1.
- Right to restrict processing of personal data
Data subject has the right to request rectifying inaccurate personal data by notifying the controller in writing at the postal address mentioned in item 1.
- Right to object to processing of personal data
Data subject has the right to object to processing of personal data by notifying the controller in writing at the postal address mentioned in item 1.
- Right to data portability
Data subject has the right to request that the controller transfer personal data concerning him or her to another system in a structured, commonly used and machine-readable format. This right only applies to data provided by the data subject personally. Requests for data transfers must be made by notifying the controller in writing at the postal address mentioned in item 1.
- Right to withdraw consent
Data subject has the right to restrict the controller from processing personal data concerning him or her for the purposes of direct advertising, distance selling and other forms of direct marketing, market surveys and opinion polls, vital records, and genealogy.
Restriction requests must be submitted by notifying the controller in writing at the postal address mentioned in item 1.
- Right to make a complaint to a supervisory authority
Data subject always has the right to make a complaint to a supervisory authority regarding the way in which personal data concerning him or her is processed. The complaint is filed according to official instructions directly to a competent authority, which is the Data Protection Ombudsman in Finland.