PRIVACY NOTICE | SEPTEMBER 2022
Welling Lagerstedt & Honkanen Attorneys Ltd (“WLH”) values your privacy and we are committed to protecting your privacy and personal data. In this Privacy Notice we explain how we collect and process personal data of our clients and other individuals relating to our client assignments, our potential clients, service providers and other business contacts as a data controller.
We process personal data in accordance with all laws that apply to the protection of personal data, including the GDPR (the European Union’s General Data Protection Regulation (EU 2016/679 “Data Protection Laws”). We process personal data for the purposes of e.g., identifying our client, checking for conflicts, handling assignments, managing client relationships and marketing efforts.
We have a legal obligation to ensure that your information is kept accurate and up to date and do our best to ensure that your personal data is processed lawfully and in a transparent manner. You may help us to comply with this obligation by reviewing and updating your contact details as well as your marketing preferences by contacting us at email@example.com.
Legal Basis and Purpose of Processing Data
Our main duty as a law firm is to provide legal services to our clients, and this is the main purpose for which we process personal data. We also use personal data to develop our services and to manage our business relationship with our clients.
This processing of personal data is based on our legitimate interest as a law firm and a data controller when providing professional legal services.
We also process personal data to ensure that we comply with our legal obligations under applicable laws or guidelines issued by the Finnish Bar Association (e.g.in relation to anti-money laundering obligations and knowing our clients’ procedures as well as conducting conflict of interest checks).
We may also process your personal data based on your consent for one or more specific purposes. If we process your personal data based on your consent, you have the right, at any time, to withdraw your consent to that processing. Please note, that if you withdraw your consent to processing of necessary personal data, we may not be able to continue our business relationship or continue providing services to you.
Your personal data will not be subject to automated decision making.
How We Collect Personal Data
We collect personal data primarily from the data subject him/herself directly through emails and other communication and documentation in connection with our business operations e.g., when performing and managing assignments from our clients.
We obtain personal data e.g., through the know-your-client process and by conducting conflict of interest checks or when we communicate with or meet the data subjects. We collect personal data that relates to e.g., identification, which includes personal data such as basic identifying information, contact details and matter-related background information provided to us directly by our clients (either natural persons or companies), their representatives or their counterparties.
We may also process personal data obtained from counterparties or their counsels, government agencies, credit information service providers and publicly available records and sources and commercial databases as well as personal data that accumulates from your use of our website. We also collect personal data when we manage our marketing activities and communicate with the data subjects for the purposes of marketing such as sending invitations to our seminars and events or sending out our newsletters or other news relating to our services and firm.
We may process personal data of the following categories:
Disclosures of Your Data
We will not disclose your personal data to any third parties unless we are required to do so either by applicable law, in order to assert or defend against legal claims, or for providing services to our clients. The only employees with access to your personal data will be those employees who need to process your personal data.
We may need to allow certain access to your personal data to our external service providers who process data on our behalf (data processors) to enable these third-party providers to perform services to WLH. All such service providers must comply with our instructions and applicable written data processor agreements and any other agreements that are in place between WLH and its third-party providers and must implement appropriate technical and organizational measures for the protection of your personal data.
Transfers of Your Data
We primarily process personal data on servers located within the EU/EEA.
However, we may need to transfer your personal data from a location within the EU/EEA to a third country.
Regarding transfers of personal data to countries where the local data protection legislation does not provide an adequate level of data protection, we will implement appropriate measures under the GDPR to ensure that your personal data remains protected and secure. Such international transfers of personal data will be based on the standard contractual clauses approved by the European Commission.
We have implemented and maintain appropriate technical and organizational security measures to protect your personal data against accidental, unlawful or unauthorized access, use, disclosure, alteration, destruction or loss. We have, for example, put in place internal security policies and procedures for the protection of personal data and our systems comply with the applicable industry standards. Your personal data will be processed only by such personnel who have a need to access it for the purpose for which it was collected. Upon expiry of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations.
How long we retain specific personal data depends on the personal data concerned and the purposes for its processing. We will only retain your personal data for as long as necessary for the purpose we collected it for, in order to perform our contractual obligations or for complying with the rules of the Finnish Bar Association or other legal requirements applicable to us, or in order to manage the business relationship between us and the data subject or the entity represented by the data subject. In order to assert or defend against legal claims, we may retain certain data until the end of the relevant statutory limitation period or until the claim has been settled. Retained data will be stored separately and will not be processed for any other purpose.
The retention periods are determined in accordance with the following criteria:
When your personal data is no longer needed, your personal data will be destroyed in a secure way or irrevocably anonymized. Please contact us at firstname.lastname@example.org if you would like further information about specific retention periods for your personal data.
Pursuant to the GDPR, data subjects have the following rights regarding their personal data:
If you wish to exercise your rights, you can contact us at email@example.com. We will use all reasonably available resources to respond to any such request without undue delay.
Please note, that due to the statutory obligation of confidentiality and other obligations applicable to us either by law or by the rules of the Finnish Bar Association, we may be prohibited from disclosing or deleting your personal data and may prevent you from exercising certain data subject rights in respect of personal data relating to our client assignments, and the data subject must provide identification in order to exercise the said rights.
Where we have reasonable doubts concerning the identity of the natural person making the request referred to below, we may request you to provide additional information that we require to confirm your identity.
If you consider the way in which we process your personal data to be in breach of the applicable legislation, you may lodge a complaint with the national supervisory authority regarding our processing of your personal data. If you are located in Finland, your local data protection authority is the Data Protection Ombudsman (Tietosuojavaltuutettu) (www.tietosuoja.fi).
Cookies are text files that are placed on your computer that allow your computer to be recognized by our website. The cookies on our website may be used by and delivered to you by us or by third-party web analytics services, such as Google Analytics, Hotjar and Vuture.
The cookies collect information in an anonymous form, and we do not use this data to identify our website visitors even if the technologies used would make such identification possible. You can choose whether you wish to accept cookies when entering our website and may delete existing cookies by selecting the appropriate settings on your browser. If you wish to do so, please refer to your browser’s user guide to find out how to adjust your browser’s preferences to control cookies.
If you have any questions concerning the processing of your personal data, or if you would like to exercise any of your data subject rights, please contact us at firstname.lastname@example.org.
This Privacy Notice was updated in September 2022, and we may, from time to time, update and amend this Privacy Notice reflecting any changes in our processing procedures or changing legal requirements. We kindly ask you to review this Privacy Notice from time to time for possible changes as unless otherwise provided in mandatory applicable legislation, we may not personally notify the data subjects of any such changes.