Attorneys-at-Law Magnusson Ltd (”Magnusson”, ”law firm”)
Business ID: 2797052-5
Jaakonkatu 3 A, 00100 Helsinki
Tel.: +358 207 419 500
Jaakonkatu 3 A, 00100 Helsinki
M: +358 40 560 6101
(2) Personal data is primarily collected directly from the Data Subject or it is obtained when using Magnusson’s services. In addition, personal data may sometimes be collected from third parties, such as the Data Subject’s employer or public sources. Magnusson occasionally needs additional information to keep the obtained information up to date and to validate the accuracy of the information.
(3) Personal data which may be obtained from third parties consist of publicly available information and information obtained from other sources, such as registers maintained by authorities, sanction lists, credit information registers and other commercial means of communication that provide information of, for example, beneficial owners and politically exposed individuals.
Data Subject as a client
If the Data Subject has appointed Magnusson as a legal representative, Magnusson will process personal data received in connection with the assignment or otherwise during completion of the assignment. The Data Subject is not obliged to provide Magnusson with any personal data, but without sufficient and necessary information Magnusson cannot be the legal representative of the Data Subject. Magnusson is obliged to clear, i.a., conflicts of interest and issues related to prevention of money laundering, before it may commence actions regarding the assignment.
Processing personal data
(4) Magnusson processes personal data of the Data Subject for i.a. clearing conflicts of interest, completion and administration of assignments, protection of the Data Subjects rights and communication, marketing, accounting and invoicing purposes. In addition, Magnusson is obliged by law to examine issues related to prevention of money laundering. Personal data is processed to fulfill the agreement between Magnusson and the Data Subject and based on the consent given by the Data Subject, if applicable.
(5) Legal grounds for processing are the guidelines of the Finnish Bar Association and Magnusson’s responsibilities towards the Data Subject to complete the assignment. Therefore, the personal data of the Data Subject is processed on following grounds:
(i) fulfilling obligations based on law or an agreement or other legal obligation;
(ii) fulfilling purposes based on the interests of Magnusson; and
(iii) completing an agreement of which the Data Subject is a party.
(6) Purchase, payment and user records and other information being processed, such as information of an IP or a location, may also be used in profiling and targeting of marketing measures and client communications to the Data Subject. Personal Data may also be processed when sending Magnusson’s newsletter and when taking part in Magnusson’s events and other marketing measures.
(7) Personal data may also be processed in connection with client analysis, where also profiling may be involved. Marketing measures, developing processes, business and systems, through which Magnusson can improve and optimize its services for the client, are based on processing personal data. Magnusson has the right to use profiling in client analysis performed in marketing purposes.
(8) If the Data Subject does not provide requested information when signing up for a specific marketing event, training event or other event, Magnusson cannot accept the sign-up notification or commit to a possible agreement related to the event.
(9) Magnusson has no obligation to provide personal data nor information in a situation, where the personal data obtained by Magnusson is legally privileged to Magnusson. In such events the obligation to provide information shall be assessed case-by-case.
Recording personal data and period of storage
(1) Personal data will be stored for a minimum of 10 years after completion of an assignment or for as long as otherwise is required due to the assignment, as stated in the guidelines of the Finnish Bar Association. In so far as the personal data is necessary to clear conflicts of interest, Magnusson will store the personal data as long as necessary.
(2) Personal data that is processed to develop Magnusson’s business and to improve analysis, shall be stored for one (1) year after the last contact. If the Data Subject forbids Magnusson to send newsletters or other similar information and marketing material all personal data stored for this purpose will be deleted immediately.
(3) Personal data related to a specific Magnusson event will be stored as long as is required to organize the event or as long as is required by mandatory legislation.
Categories of individuals, their contents and special categories of personal data
(1) Personal data recorded by Magnusson may be first and last names, contact details, title/duty and/or other work-related information, age-range, gender and the company represented by the Data Subject.
(2) Categories of individuals related to marketing whose personal data is processed are participants of Magnusson events or individuals who have given their consent to marketing.
General sources of information
Mainly the recorded information is related to the Data Subject or the company the Data Subject represents. Personal data may also be collected from third parties. The sources of information in marketing events are the information provided by the Data Subject together with, i.a., the client information database and invoicing database.
Regular data transfer and transferring data outside of EU or EEA countries
(1) Personal data may be transferred to other Magnusson offices to clear conflicts of interest and issues related to prevention of money laundering, to exchange information and target resources. Magnusson does not transfer personal data to third parties,
(i) Unless the transfer is specifically agreed between Magnusson and the Data Subject;
(ii) unless necessary to protect the rights of the Data Subject within an assignment;
(iii) unless necessary for Magnusson to fulfill its legal obligations or to comply with government or court decisions; or
(iv) unless Magnusson obtains services from third party service providers, who will perform tasks on behalf of Magnusson.
(2) Personal data may be disclosed to courts, authorities, the representative of the opponent, if necessary, to protect the rights of the Data Subject.
(3) In some situations, personal data may be transferred to Magnusson cooperation offices located outside of EU and EEA. This will be done only to the extent it is necessary to perform a certain task and the Data Subject will always be informed of the transfer. When transferring data outside of EU and EEA countries, EU approved Standard Contractual Clauses regarding the transfer of personal data or other equivalent measures will always be used to ensure the transfer complies with the General Data Protection Regulation. Magnusson cooperation offices outside of EU/EEA are located in Belarus, Ukraine and Russia.
(4) Personal data related to marketing may be disclosed within the organization and interest groups of an event. Personal data related to marketing will not be transferred outside of EU or EEA.
Security principles of the register
(1) Information is stored in a way that is technically secured and Magnusson ensures the security of the collected information by using sufficient technical and organizational measures. Physical access to information has been prevented by access control and other security measures. Access to information requires adequate rights and multiphase identification. Unauthorized access is prevented also by firewalls and technical security measures.
(2) Only Magnusson employees completing or assisting with the specific assignment and employees whose tasks include processing of information together with technical persons specifically appointed by Magnusson have a right to process information from the register. Only appointed persons have the right to process and maintain information in the register. Users are bound by confidentiality and secrecy obligations.
(3) A backup of the registered information is undertaken safely and the information can be restored if necessary. The level of security on information will be audited periodically either by external or internal auditing in accordance with the General Data Protection Regulation.
The Data Subject as a third party
Magnusson may send general newsletters and in other means of marketing contact individuals who are former clients, professional or private contacts of a Magnusson employee or other individuals who have shown interest towards Magnusson’s business or in other ways indicated their interest to receive marketing materials and other messages, to the email address which has been registered into Magnusson’s database. Instructions on how an individual may refuse to receive marketing-related communications in the future are provided in relation with each marketing message.
Rights of the Data Subject
The Data Subject has the right, i.a., to
(i) request access to the personal data concerning the Data Subject and to request correction or erasure of personal data, restriction of processing or to object to processing as well as the right to data portability;
(ii) verify and correct, if necessary, information in register. The request shall be made to Magnusson in writing. The Data Subject has a right to make changes to the information that have been incorrectly recorded to the register;
(iii) withdraw the consent whenever, to the extent the processing is based on the consent of the Data Subject, but this will not affect the lawfulness of the processing based on the consent before its withdrawal;
(iv) object such processing of personal data that is based on Magnusson’s interest. If Magnusson, however, has compelling legitimate interests, which are more important than the benefits, rights or freedom of the Data Subject, Magnusson may continue processing the data;
(v) object processing personal data in marketing purposes; and
(vi) lodge a complaint of processing personal data to the competent supervisory authority.