This General Privacy Statement (“General Statement” or “Statement”) is issued on behalf of Accountor Group, that consists of different legal entities operating in several countries. The entity who will control for your data is dependent on the situation where your personal data is processed. The following entities make decisions about your personal data (act as data controllers in relation to you):
- Accountor Holding Oy and
- Accountor Affiliate that you are interacting with in the specific situation, for example Accountor Affiliate that has a contractual relationship with you, or with a company you represent, or Accountor Affiliate you are visiting with or from who you are seeking a job.
When Statement talks about “Accountor”, “we”, “us” or “our”, it refers to the relevant company in Accountor responsible for the processing of your personal data.
This General Statement aims to give you information on how we collect and process your personal data, with whom data is shared, how long it is stored and what are your rights as regards personal data.
This Statement applies to the processing of personal data. Personal data means information that can be associated with you either directly or indirectly. Also data referring to an individual representing or acting on behalf of a company, e.g. a managing director, is personal data. A company information that does not relate to any natural person is not personal data.
As Accountor processes personal data in different situations and related to several stakeholders, we have prepared some accessory statements that supplement this General Statement and provide more detailed information in the given situation. A set of informational and instructional documents about GDPR, the GDPR file vault view, has been added to Procountor including descriptions on personal data processing activities and other documents related to the GDPR which you may download for your own use. The GDPR file vault is available from the Basics menu.
As for Tikon, the same data protection material are available in customer pages with the name ”GDPR – tiedostopankki”. However, if there are any discrepancies between the General Statement and an accessory statement, the latter will be determinative.
Collection of personal data
We may collect your personal data through different means. You may yourself provide information through direct interactions with us or data may be generated when you use our services. In addition, we may create data based on information we have about you. Your personal data may be obtained also from other companies belonging into Accountor Group or external third parties, including publicly available sources.
We may combine the data collected about you from publicly available sources, and from our different interactions with you in connection with e.g. service provision and marketing communication.
You are not required to provide any personal data to us, but the consequences of your choice may vary depending on the circumstances. For example, it is possible that we will not be able to provide our service to you or act in accordance with your request
Personal data categories
We process different kinds of personal data about you depending on the situation. The categories and scope of data is always limited to what is necessary for the purposes it is processed for. Categories of personal data in a given processing situation are detailed in a respective accessory statement.
We may also process for any purpose statistical data, meaning information that is aggregated to the level where no natural person may be identified. Such data is not considered personal data as this data cannot be associated with you.
As a rule, we do not process special categories of personal data like information about your health. However, in limited cases such data may be processed provided, that the processing is conducted in accordance with the applicable laws and you have been informed thereon.
Purpose and legal basis for processing personal data
We collect, process and use only personal data, which is needed for operational purposes, efficient customer care and relevant commercial activities, including the processing of personal data for anonymising it.
We will only use your personal data for the legitimate and explicitly defined purposes and do not process data in a manner that is incompatible with those purposes. Purposes of the processing in a given situation are detailed in a respective accessory statement.
We will always have a legitimate basis for the processing of your personal data that is communicated to you.
We will usually process your personal data based for the performance of an agreement or contractual relation we have with you, or a company you represent, and us, or in order to enter into such relation.
We may be obliged to process personal data in order to meet our statutory obligations e.g. in relation to accounting or to fulfil authorities’ (e.g. tax authority) requests as required by law.
Further, you may have consented to the processing of your personal data for one or more specific purposes.
Personal data may also be processed based on our legitimate interest (or those of a third party) provided, that your fundamental rights do not override such interest. For example, we combine the data collected about you from different sources or process personal data to ensure the security of our services or in order to generate internal reports for management purposes. In these cases, the processing of personal data is based on our legitimate interest to ensure that our services have an adequate level of data security, and that we have relevant information at hand to better understand our customers, develop our services and operations as well as to manage our business.
Data sharing and disclosures of personal data
We may share your personal data with other Accountor Group companies within the limits of applicable laws and for the purposes indicated in this Statement, including marketing their products and services to you. Personal data is shared as part of our reporting activities on company performance and for the purposes of using centralized solutions e.g. for system maintenance and hosting of data. Sharing of personal data are based on our legitimate interests to enable efficient business operations and customer relationship management as well as to inform our customers of relevant services of other Accountor Group companies.
We may also disclose your personal data to third parties, when:
- permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings;
- our trusted service providers process personal data on behalf of us and under our instructions. We control and be responsible for the processing of your personal data at all times;
- we are involved in a merger, acquisition, or sale of all or a portion of our assets;
- we assess that disclosure is necessary to enforce or protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- there is a legitimate interest for the disclosure, such as we are organising a joint conference with a third party, provided, that we have informed you on such sharing; and
- you have consented into such disclosure, but only to parties the consent relates to.
Transfers of personal data outside the EU or EEA
Some of our trusted service providers working for us are established outside the EU or the European Economic Area (together “EEA”), so their processing of your personal data will involve a transfer of data outside the EEA. In these cases, we will take necessary steps to provide appropriate safeguards mechanisms for international data transfers as required by applicable laws.
This means that
- personal data is transferred only to countries that have been deemed to provide an adequate level of protection of personal data by the European Commission (“countries with adequate protection”). For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
- with a service provider that is based outside countries with adequate protection, we will use specific contract clauses approved by the European Commission which give personal data the same protection it has in EEA. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
- we may also use US based service providers that are self-certified to the Privacy Shield Framework requiring them to provide appropriate protection to personal data shared between the Europe and the US. For further details see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
Please contact us at [email protected], if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.
Retention of personal data
Your personal data is retained only for as long as necessary to fulfil the purposes it is processed for, including for the purposes of satisfying any legal, accounting, or reporting requirements and as defined in this Statement.
We have defined retention periods to all personal data we have on you. When defining such periods we have considered various factors such as the nature and sensitivity of personal data and the purposes the data is processed for.
Your personal data processed on the basis of a contractual relationship with you, or a company you represent, are stored, as a rule, for the duration of the contractual relationship or as long as the provision of the services requires. After our relationship or service provision has ended, we typically store personal data that are necessary to response on requests or claims under applicable provisions concerning statute of limitations, or we may store your personal data, to the extent necessary, in order to respect your request not to receive direct marketing from us.
Personal data processed on the basis of legitimate interests are processed as long as there are grounds for their processing. If you object such processing, data will be erased after your request has been validated. An example of this kind of processing falling within the scope of legitimate interest is direct marketing.
If personal data is processed on the basis of legal obligations it is retained as long as required by law. Obligations to the storage of personal data are set, for example, by the Accounting and Money Laundering laws.
The storage time of personal data processed with your consent is determined according to the purposes of processing.
Your rights and options as regards personal data depend on the purposes of the processing and on the situation.
The right to access – You have the right to receive confirmation of whether your personal data is processed, and if it is, to access the data. This enables you to receive information on how we process your data and a copy of the personal data we hold about you.
The right to rectify data – You are entitled to have your personal data rectified or, in certain cases, to have defective personal data supplemented.
The right to object to the processing – You are entitled to object to the processing of your personal data that is based on Accountor’s legitimate interest (or those of a third party), if your particular situation overrides such interest. We may reject your request, if the processing is necessary in order to implement mandatory and legitimate interests. You are always entitled to oppose to the processing of your personal data for direct marketing purposes and for related profiling.
The right to data portability – You have the right to receive your personal data you have submitted to us for the processing based on your consent or the implementation of an agreement. In such cases, we will provide you, or a third party you have chosen, your personal data in a structured, commonly used and machine-readable format.
The right to be forgotten – You may ask us to erase your personal data where there is no valid reason for us continuing to process it. For example, if you consider personal data unnecessary for the purposes described above or you cancel the consent you have given.
The right to restriction of the processing – You have the right under certain circumstances to require Accountor to restrict the processing of your personal data. For example, for the period needed for verifying the accuracy of your personal data.
The right to give and withdraw your consent – If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
We may need to request specific information from you to help us confirm your identity and ensure that you are entitled to exercise your rights.
You can execute your rights by sending the above-mentioned requests to us at [email protected]. If you think that the processing of your personal data is not appropriate, you have a right to contact Data Protection Supervisor in your country.
We maintain security measures (including physical, electronic, and administrative measures) that are appropriate to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to those authorized employees and service providers who need to know the information in the course of their work tasks. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Please be aware that, although we endeavour to provide appropriate security measures for personal data, no security system can prevent all potential security breaches. If a security breach occurs, we will inform you in accordance with applicable laws.
Changes to this Statement
We may update this Statement at any time, if required in order to reflect the changes in our data processing practices. You can find the latest version at www.accountor.com.
The last update of this Statement was on July, 16th, 2019.
The contact details of Accountor Finago:
Accountor Finago Oy, Keilaniementie 1, 02150 Espoo, Finland.
If you have any questions regarding this Statement, the personal data we process about you or you wish to reach Accountor Finago’s Data Protection Manager, please contact us at [email protected].