What data do we process and why?
 

You can contact us by phone, email, Instagram message or Facebook message. In these cases, in addition to your name and contact information, we collect information about the legal issue that you need help with. The personal data you provide (your contact details and any other information) will be used to contact you about your request and evaluate how we can best help you. Please do not disclose unnecessary information about your private life when contacting us in this way.

We only use cookies that are necessary for the operation of our website.

Where do we get information from?

We collect the information from you when you contact us by phone, email, Instagram message or Facebook message.

How long do we store personal data?

If you become our customer, the processing of your personal data is described in the section "I am a Notio customer or customer's contact person"

What data do we process and why?
 

We collect basic and contact information about our potential customers, such as name, email address, phone number and possible position in the company.
 
The purpose of collecting this information is to:

• delivering and developing our products and services to better meet your needs
• marketing our services to companies
• marketing our services to private individuals
• targeting advertising in our online services.
   

The processing is based on our legitimate interest to ensure the continuity of our business operations and customer acquisition.

Where do we get information from?

We receive information from professional social media networks, contact information providers and yourself when you communicate with us, for example by email, phone or message via Facebook and Instagram.

To whom do we disclose data? Do we transfer data outside the EU or EEA?

We may disclose information to third parties who carry out marketing or organise campaigns and events with us and on our behalf, and who consider themselves data controllers and not processors of personal data acting on our behalf (such entities as various social media operators and advertising networks). Otherwise, we will not disclose your data to third parties, unless we are obliged to do so by law or an official order.

We use international cloud services in the processing of personal data, in connection with which data may be transferred outside the EU/EEA. We ensure that data transfers are subject to safeguards in accordance with the EU General Data Protection Regulation.

How long do we keep your personal data?

We target marketing to companies and private individuals. The data of both company contact persons and private persons is stored for as long as it is relevant for marketing directed at the company or private person in question. We delete the data when we no longer need it for marketing purposes. You have the right to request the deletion of your data if you no longer wish to receive marketing from us.

What data do we process and why?
 
We collect basic and contact information about our potential customers, such as name, email address, phone number and possible position in the company.
 
The purpose of collecting this information is to:

• delivering and developing our products and services to better meet your needs
• marketing our services to companies
• marketing our services to private individuals
• targeting advertising in our online services.
   

The processing is based on our legitimate interest to ensure the continuity of our business operations and customer acquisition.

What data do we process and why?
 
We collect and process name, email address, telephone number, home address and personal identity code for private individuals. In addition, we collect information on the content of the assignment and other information obtained in connection with the performance of the assignment, such as the client's marital status, family relationships, employment, income, assets, debts and health related information.
 
For the contact persons of our corporate customers, we collect their name, work email address and telephone number, as well as their position in the company.
 
We collect information

• to manage the customer relationship
• to investigate disqualification
• for the execution of assignments
• for customer surveys
• for billing purposes.

 
The processing is based on our legitimate interest to ensure the continuity of our business, execution of assignments and customer management. In addition, we process data for accounting purposes on the basis of a legal obligation. In addition, with regard to special categories of personal data (Article 9(1) GDPR), the processing is based on the data subject's explicit consent or on the necessity to process such personal data for reasons of substantial public interest on the basis of European Union or Member State law.
 
Where do we get information from?
 
The information is collected from you, our client company, authorities and credit information companies.
 
How long do we keep your data?
 
We store personal data for as long as is necessary for the purpose of processing the personal data. Personal data concerning customers will be erased when the claim and complaint period related to a specific customer relationship or service has expired. This period is typically ten (10) years.

What data do we process and why?
 
We collect the name, work email address and telephone number of our suppliers' contact persons as well as their position in the company for the purpose of managing the supplier relationship and paying invoices. The processing is based on our legitimate interest to ensure the continuity of our business operations and to fulfil our obligations under the supplier relationship. In addition, we process data for accounting purposes on the basis of a legal obligation.

Where do we get information from?
 
The data is collected from the data subject and the supplier company.

How long do we keep your data?

We store personal data for as long as is necessary for the purpose of processing the personal data. Personal data concerning suppliers will be deleted when the supplier relationship ends.

What data do we process and why?

We process the following information about our job applicants in order to proceed with the recruitment process:

• basic information such as name, date of birth, communication language
• contact information such as email address, phone number, home address
• information related to the position you are applying for, such as information on the form and quality of the employment relationship, salary request and information related to starting
• information you provide to us that is important for suitability and other information about yourself, your background, etc. such as photograph, information related to studies and training, work history (such as employers, start times and durations of employment, nature of duties), language skills, other special skills, description of personal characteristics, various certificates and assessments, references to portfolios, profiles or other sources available on the Internet, references, and the results of the personal assessment and aptitude assessment carried out with your consent and related information
• information about the recruitment process, such as information about a follow-up interview or interruption of the recruitment process
• any other information that you have voluntarily provided in connection with the job application process or otherwise explicitly published for professional purposes, such as your LinkedIn profile

The purpose of processing your data is to receive and process job applications and to administer our recruitment processes. This information allows us to contact applicants and make decisions when filling positions. When you submit an application to us, the processing is based on your consent. You can withdraw your consent by withdrawing from the recruitment process.

Where do we get information from?

As a rule, we use information that you have provided to us in connection with the recruitment process. By submitting a job application, you give permission to collect your data from your LinkedIn profile and potential references.

How long do we keep your data?

We will retain your data for two (2) years after the end of the recruitment process.

What data do we process and why?

In connection with registration, we collect personal data about the participants in order to organise and implement events, such as name, title, special diets, allergy information and information required for invoicing. We collect the data with your consent. You can cancel your registration at any time prior to the event by notifying us by email at info@notiolaki.fi and we will delete your data. After the transaction, we process the data for invoicing and accounting purposes. This processing is based on our legitimate interest to take care of accounting and invoicing.

Where do we get information from?

The information is collected from you from the participation form you have filled out.

How long do we keep your data?

We will retain the necessary participant data for as long as necessary for billing and accounting purposes and other data will be deleted after the event has ended.

What data do we process and why?
 

In order to handle assignments we receive from clients, we sometimes need to process the personal data of persons other than our clients related to the assignments. This information may concern the personnel, contractual partners or shareholders of the client company that gave the assignment, as well as other persons who are the counterparty or otherwise involved in the matter, such as shareholders in an estate. The information typically consists of names, contact details and, where necessary, personal identity code, as well as descriptions of events or circumstances relevant to the assignment. The data is processed only to the extent necessary for the performance of the assignment. The processing of data is based on our legitimate interest to ensure the continuity of our business operations and the execution of assignments.

Where do we get information from?

The data is mainly collected from our customer.

How long do we keep your data?

We store personal data for as long as is necessary for the purpose of processing the personal data. Personal data processed in connection with the execution of assignments will be erased when the claim and complaint period related to the assignment has expired. This period is typically ten (10) years.

What data do we process and why?

We collect due diligence data and other personal data about our potential and current client and their contact person(s) in connection with the "Know Your Customer" (KYC) process

• prevent, detect and investigate money laundering and terrorist financing

• for the purpose of investigating money laundering and terrorist financing and the offence by which property or proceeds of crime which are the subject of money laundering or terrorist financing have been obtained

• to fulfil obligations related to sanctions;
• to assess business risk

Where do we get information from?

Information collected from you or your company contact

Before starting cooperation, you must provide us with the name and business ID of the company and, for identification, the name and email address of the contact person. After this, we will send you an email with a link for identification. In some cases, we may also ask for additional information.

The information requested is:

• whether the entity has business/customers outside the EU/EEA
• whether the entity has business/customers in certain high-risk countries;
• whether there are beneficial owners and, if so, who they are;
• whether politically exposed persons are associated with the company
• any additional information and comments

If you are our customer as a private person, we will ask for your address and we may also check your credit history. If we are unable to identify you electronically, we may need to request a copy of your ID, such as your passport. We store the address, passport number, issuer, date of birth, personal identity code and citizenship from the passport copy.

Information collected from third parties

From the representative of the company, we collect the name, personal identity code and citizenship. For beneficial owners, we collect name, personal identity code, citizenship, email and information on why the person is the beneficial owner. From politically exposed persons in the company, we collect name, date of birth and nationality.

When we add clients to our database, we also collect an extract from the Trade Register, possible payment defaults and, in some cases, an extract from the register of beneficial owners. We may also seek background information from other public sources to verify the information
and backgrounds of entities and private customers.

The information is also updated and collected during the customer relationship as part of the continuous due diligence required by the Money Laundering Act, for example. when the contact person changes.

We always screen companies and contact persons based on EU, OFAC, OFCA and UN sanctions lists.

Legal basis

The processing of personal data is based on a legal obligation based on the following statutes:

• 444/2017
• EU sanctions regulations
• Act on the Fulfilment of Certain Obligations of Finland as a Member of the United Nations and the European Union
• other national sanction-related official decisions.

In addition, the processing is based on Notio's legitimate interest to comprehensively take care of business risks.

How long do we keep your data?

In accordance with the Money Laundering Act, we store due diligence data related to the KYC process for five (5) years from the collection of the data. Data used in the risk assessment on a one-off basis will be deleted at the end of the assessment.