Privacy Notice – Avara Ltd and Avara Rahastot Ltd Representatives of Partners
This privacy notice describes the means and purposes of processing your personal data when you are when you are a representative, beneficial owner or controlling person of a partner to Avara.
If you have any questions about the processing of your personal data or would like to exercise your rights under data protection law, you can contact us at the address below.
1. Contact details of the controller
Avara Rahastot Oy
2. Purposes and legal bases for the processing of personal data
We process your personal data mainly due to our statutory obligations or based on contractual or other stakeholder relationship. The personal data we process may come from a variety of public sources, such as the website of the organization you represent, or yourself. We obtain personal data from external sources, such as
- public registers
- from companies that provide information about businesses, decision-makers and liability
Processing of personal data based on our legal obligations:
- Accounting and taxation. We process and store your personal data to a limited extent for accounting and tax purposes.
- Sanctions monitoring. We use your personal information for regulatory PEP and sanction screenings
- Statutory reporting to the authorities. Some information is needed for us to fulfil our regulatory reporting obligations to relevant authorities such as the Finnish Tax Administration and Financial Supervisory Authority.
- Contract and other relationship management and communication. We process information about you so that we can handle matters for the company you represent and contact you again if necessary.
- Prevention and detection of abuse.
- Marketing. We target marketing to you on the basis of our legitimate interest in the freedom to conduct a business when the marketing has some connection with your duties or position in the corporation you represent. We ensure that the processing performed on this basis is proportionate to your benefits and meet your reasonable expectations.
Right to object. When your personal data is processed based on a legitimate interest, you have the right to object to the processing of personal data in certain situations. Read more in section 6.
3. What kind of personal data do we collect and process?
We process data from the following personal data groups, such as:
Basic information, such as name, social security number and contact information, such as work e-mail address, and the postal address of the organization
Job title and position in the company.
Sanction and warning list information, such as possible sanctions and warnings.
Consents and permissions, such as consents and prohibitions regarding the processing of personal data, such as marketing prohibition.
Identification and background information, such as the information necessary to identify a person and the information necessary to ascertain political exposure.
4. How long is personal data retained?
We store your personal data for as long as we need it for the purpose it has been gathered for, or for as long as applicable legislation, like accounting act, so requires.
5. Disclosures of personal data and data transfers out of the European Economic Area
Although we do a lot ourselves, we use third parties in our operations. Your personal data may be disclosed to the following groups of recipients:
- To various IT and datacenter service providers
- For law firms and other advisors in connection with a possible assignment
- To our billing and accounting service partners
- To our sales and marketing partners • To the Finnish Tax Administration and other relevant authorities
- For providers of financial and payment services, such as banks, to execute payment transactions .
In addition, we may disclose your personal information in connection with a merger, the sale of our assets or the financing or acquisition of all or part of our business, and in connection with other similar corporate arrangements. Please note that some of our partners and recipients of personal data are located outside the European Economic Area. In situations where your personal data is transferred outside the European Economic Area, we have taken various measures to maintain the high level of data protection required by European law even after the transfer. An example of such measures is the use of model contract clauses approved by the European Commission as part of the agreements we enter into with recipients of personal data in third countries. Please visit here for more information on standard contractual clauses.
6. Your rights as a data subject
The General Data Protection Regulation grants you several rights as a data subject related to processing of your personal data. However, we would like to point out that these rights ensured by the law are not absolute. For example, we cannot delete personal data in situations where we have a legal obligation to retain the information. You can ask us to exercise your rights mentioned below by sending your request to the address mentioned in section 1 of this privacy notice.
The right of access to personal data. You have the right to receive confirmation on whether we process personal data relating to you. You have the right to access and ask for a copy of any such personal data. We may ask you to specify your request, when necessary, for example regarding to the details of the provision of information.
Right to rectification. You have the right to request the rectification of incorrect, incomplete, or outdated personal data relating to you.
Right to data erasure. In some situations, you have the right to request erasure of your personal data from our data systems. We will comply with your request, if there is no legitimate reason to retain the data, such as a legal obligation to continue processing the personal data.
Right to object and right to restrict the processing of your personal data. Based on a specific personal reason, you have the right to object to the processing of personal data. However, this does not mean the general right to oppose all processing, but is limited, for example, to situations where the processing is based on legitimate interest of ours or a third party. We have the right to continue to process your personal data if we have a compelling reason to do so. Such a reason may be, for example, a suspicion or investigation of an abuse. In addition, you may at any time object to the processing of your personal data for direct marketing purposes. You also have the right to request a restriction on the processing of your personal data, for example in situations where you dispute the accuracy of your personal data.
Right to lodge a complaint. If the processing of your personal data is in breach of applicable legislation, you have the right to lodge a complaint with the national supervisory authority. The lawfulness of the processing of personal data in Finland is monitored by the Office of the Data Protection Commissioner, whose contact information can be found here: https://tietosuoja.fi/etusivu
7. How we keep your personal data safe?
Access management. The processing of personal data is only permitted to designated, authorized persons whose duties require it. Personal data can only be accessed with appropriate access rights.
Agreements. Persons processing personal data have signed appropriate confidentiality commitments or are otherwise subject to an obligation of confidentiality. Our data processing partners have committed to take appropriate measures to ensure the security of personal data.
Staff training and guidance. We have provided comprehensive data protection training and guidance for all our personnel. We have issued binding written instructions and regulations to our employees regarding the processing of personal data, data security and data protection, which the employees have committed to comply with.
Technical measures. Personal data and systems are protected e.g. with firewalls. In addition, we monitor the processing of personal data and automatically detect anomalies. The data is stored on a server located in a locked premises where passing is restricted by access control and monitored by recording camera surveillance. Necessary physical copies of personal information will be kept in a locked premises. We regularly review the processing of personal data and the systems and equipment used for processing activities, and assess the risks associated with the processing, for example, when introducing new technology.