At Waselius & Wist, we value and respect your privacy and the security of your personal data. This notice describes what personal data we collect from you, how we collect and store that data and what we do with your personal data. All personal data is processed in accordance with the General Data Protection Regulation (EU 216/679, “GDPR”) and other applicable Finnish data protection laws.
This privacy notice applies to personal data that we collect about our clients, webpage visitors or other persons that contact us, external third parties (such as suppliers) and for recruitment purposes.
Law offices Waselius & Wist Oy
Eteläesplanadi 24 A
Telephone (switchboard during office hours): +358-9-6689520
What personal data do we collect about you?
Personal data collected when engaging us and during engagement
When you contact us, for example via e-mail, telephone or letter, meet with one of us or engage our legal or other services, you may choose to give us certain personal data (such as your name, address, telephone number, e-mail address, the name of your employer and other information that you believe could be relevant). The above personal data is collected about you as a representative of the client.
Personal data collected by us during your engagement may include information on the assignment, meetings, email and other messages relating to the engagement.
We may have received your personal data also because of your relationship with one or more of our clients.
Personal data collected when visiting our webpage
Personal data collected in connection with marketing
We process your personal data when signing up for our newsletters, marketing events (for example webinars) and trainings. Personal data that we may collect include your name, address, telephone number and title and event participation information.
Personal data collected for recruitment purposes
When you choose to apply for a position with us, either through our website or by sending your application directly to us, we ask for your contact details (name, address, telephone number and e-mail address) as well as for any other information (such as work history and education) that we believe could be relevant in the recruitment process. With your permission we may also collect personal information about you from people you have named as referees. Your personal data will only be used to process your application.
Personal data relating to external parties
We process personal data relating to external parties such as our suppliers or their representatives based on our legitimate interest in administering the relationship and performing our contractual obligations.
How do we collect your personal data?
All personal data is primarily collected from you directly when you communicate with us, engage our services, visit our homepage, choose to apply for a position or sign up for events or marketing letters. We collect your business contact details also when you exchange business cards or otherwise share your contact details with us at meetings or events. We may also collect and process your personal data from publicly available sources such as websites and official registers.
How we use your personal data and legal basis for such use
We use your personal data to carry out the following tasks:
- to provide products and services requested by you or your employer;
- to identify products and services you may be interested in;
- to communicate with you about our products and services;
- to carry out payment, billing and other related support services;
- to monitor and analyze our business;
- to identify, develop or improve our services and/or products that may be of interest to you and to carry out market research;
- if you agree, to invite you to events, to send you legal updates, our newsletter and to send you other direct electronic marketing material and information about appointments, surveys and articles; and
- to consider you for an (open) position with us.
When providing legal services the use of your personal data is based on our legitimate interest in providing services to our corporate clients and keeping in touch with various stakeholders. If our client is a private individual the legal basis for the processing of the personal data is the execution of an agreement to which the individual is a party.
We will further use the personal data received from you or through our corporate clients for the purposes of fulfilling our statutory duties in relation to anti-money laundering and knowing our clients procedures. In addition, we collect personal data that is needed to fulfill our obligations under the Rules of the Finnish Bar Association in relation to conflicts of interest procedures. This use of personal data is based on our statutory duties as well as our legitimate interest in providing services to our clients.
For marketing, the use of your personal data is based on our legitimate interest in marketing our services to you or keeping in touch with various stakeholders as well as on your consent for data collected through non-necessary cookies and electronic direct marketing. Our goal is to only send current and useful information and to keep the amount of messages reasonable.
Personal data relating to external third parties (such as suppliers) is processed by us for the purposes of our legitimate interest to execute agreements to which we are a party.
Please note when we provide legal services we do generally need to process personal data relating to you. Any failure by you to provide personal data may lead to us not being able to carry out our services.
Will we disclose and transfer your personal data?
We will generally not disclose your personal data to any third parties unless we are legally compelled to do so or it is necessary in order to provide the requested services and information to you. For example, in certain cases we may need to share your personal data to advisors and other third parties for the purposes of being able to carry out the assignment in question or in order to assert or defend against legal claims.
Further, we may use third party service providers to whom we may outsource the processing of your personal data. In these cases we enter into a data processing agreement with the third party service provider (processor) as required under the GDPR.
We primarily process your personal data within the EU/EEA. However, it may be that in some cases the parties who we use to process personal data on our behalf are based outside the EEA. Whenever we, or our third-party service providers, transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that your personal data is only transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or the transfer takes place under standard contractual clauses approved by the European Commission. Where applicable, appropriate risk assessments will be carried out by us.
For how long do we retain your personal data?
Any personal data received from you for networking and marketing and contact purposes will be retained for a period of 24 months from the last contact.
As regards personal data relating to an engagement, we are legally obliged to retain any such personal data being a part of a case file for at least 10 years after our relationship with you (client) has expired.
Personal data relating to suppliers and other external parties are saved for as long as this is necessary for us and the involved parties to be able to perform and administer the contractual or business relationship and exercise our rights.
Any personal data received from you for recruitment purposes will be stored until the recruitment process has been completed. In case you were not selected for the position, your information may be stored with your permission for six months after the process and taken into consideration in future recruiting processes.
Sometimes mandatory laws (such as accounting and anti-money laundering laws) may, however, require us to retain certain data for other time periods than those indicated above. Therefore, different data retention periods may apply to different data categories processed.
How we protect your personal data
We take the necessary administrative, technical and organizational measures to ensure the security and confidentiality of your personal data and we protect your personal data against accidental loss, misuse, unauthorized access, disclosure, alteration and accidental or unauthorised destruction. Only certain of our employees are given access to personal data and are, together with third parties we engage to process your personal data, obliged to respect the confidentiality of your personal data.
Your rights as a data subject
As a data subject you have the following rights as further specified in the GDPR:
To access your personal data
You have the right to request a copy of the personal data that we hold about you. Please e-mail us at email@example.com or write to us at the address indicated below in this notice.
To request that we rectify inaccurate or incomplete personal data or erase your personal data
We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove personal data relating to you and that you think is inaccurate. You may also request that your personal data is erased if e.g. the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to enable us to comply with a legal requirement.
To request the processing of your personal data be restricted
You have the right to request the processing of your personal data be restricted, for example, during the period we verify the accuracy of your personal data and where you have contested the accuracy of your personal data or when we no longer your personal data but they are required by you for the establishment, exercise or defence of legal claims.
To object processing of your personal data
You are entitled to object to certain processing of personal data, including for example processing of your personal data for marketing purposes or when we otherwise base our processing of your personal data on our legitimate interest.
To data portability
You may have the right to request us that the data about you is provided in a structured, commonly used and machine-readable format. You may also have the right to request that the personal data is transmitted to another controller, if we process your data automatically based on your consent or on a contract between you and our office.
To withdraw your consent
In cases where we are processing your personal data based on your consent, you have the right to withdraw your consent to such processing at any time. For example direct electronic marketing is based on your consent and if you no longer wish to receive such marketing or promotional e-mails (newsletters, publications, invitations to our seminars, etc.) from us, you can unsubscribe at any moment, free of charge, by sending an e-mail to firstname.lastname@example.org or by clicking the “unsubscribe” button in any of our send outs.
To lodge a complaint
If you are not satisfied with our response or if you believe that we are not processing your personal data in accordance with applicable law, you can lodge a complaint to the Finnish supervisory authority i.e. the Office of the Data Protection Ombudsman (email@example.com).
How you may execute your above rights & contact details for privacy related matters
Please contact us by email or mail if you have any privacy related inquiries or wish to use any of your above rights.
Asianajotoimisto Waselius & Wist
Eteläesplanadi 24 A
Please attach a copy of your identity card or passport, so we can check that requests are properly authorized.
If your personal data relates to our client work there may be situations where our confidentiality and other obligations under applicable legislation and the respective Bar Rules may prohibit us from disclosing or deleting your personal data or otherwise prevent you from exercising your rights.
Updates to this privacy notice
This privacy notice has been updated in April 2022. We may update this notice from time to time, the latest updated version of our privacy notice is made available on our website.