Privacy Policy

1. Controller

ArvoLex Ltd (ArvoLex Oy in Finnish, hereafter “ArvoLex”)
Revontulentie 8 A
02100 ESPOO

Business ID: 0114259-6

Contact Person Responsible for Data Protection

Managing director

Revontulentie 8 A

02100 ESPOO

tel. +358 20 7411 050

2. Grounds for and Purpose of Processing Personal Data

The processing of personal data is based on the client relationship between ArvoLex and its client, the client’s consent, the assignment provided by the client or other appropriate connection.

ArvoLex processes personal data stored in the data file for the following purposes:

–       To carry out assignments

–       To manage, implement, develop and monitor the client relationship, customer service and the related communication and marketing

–       To fulfil storage, reporting and inquiry obligations based on the law or compliant with official regulations and instructions.

3. Personal Data Saved in the Data File

ArvoLex only collects personal data that are necessary for the purposes listed above in section 2.

Personal data collected in the client register:

Contact Information

–       First names and surname

–       Home address

–       Phone number

–       E-mail address

Client Information

–       Personal identity code / Business ID

–       Copy of a document of identity

–       Nature of the assignment

–       Data and documents that are essential and necessary for carrying out the assignment

–       Data related to invoicing and debt collection

–       Other data that are essential and necessary for managing the client relationship

4.  Regular Sources of Data

Data are collected during the assignment from the private client or his or her representative or from the contact person of a business him/herself. Data may also be collected, with the client’s consent and within the limits prescribed by law, from other reliable parties, such as the tax administration, banks, the authorities, parishes or private businesses.

5.  Disclosure of Personal Data

Data shall not, as a rule, be disclosed to third parties. However, data may be disclosed in a manner required by the demands presented by competent authorities or other parties under the legislation in force from time to time.

6. Rights of the Data Subject

Client’s Right to Access the Data (Right of Access) 

The client has the right to obtain confirmation as to whether personal data concerning him or her are processed and, if so, the right to obtain a copy of his or her personal data. The right of access may be denied under the grounds set out in the law. Exercising the right of access is, in principle, free of charge.

Client’s Right to the Correction or Deletion of Data or the Right to Restrict Processing

The client has the right to request the correction of inaccurate or incorrect personal data concerning him or her and to request that insufficient personal data are supplemented using the necessary additional data that are submitted.

The client has the right to request the deletion of personal data concerning him or her, if the personal data is no longer needed for the purposes for which they have been collected or the personal data has been processed unlawfully.

The client also has the right to restrict the processing of personal data concerning him or her in e.g. a situation where he or she is waiting for a reply to a request to correct or delete his or her data.

Client’s Right to Transmit Data from One System to Another

The data subject has the right to obtain the personal data concerning him or her, which he or she has provided, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller.

Personal data is not transferred outside the European Union or the European Economic Area.

Client’s Right to Lodge a Complaint with a Supervisory Authority

The client has the right to bring his or her case before a competent supervisory authority, if he or she holds that the processing of personal data violates data protection regulation.

The competent national supervisory authority in matters related to the processing of the client’s personal data is the Data Protection Ombudsman operating under the Ministry of Justice.

Other Rights

In the event that personal data are processed on the basis of the client’s consent, the client has the right to withdraw his or her consent by notifying ArvoLex of this.

7. Changing the Privacy Statement

ArvoLex reserves the right to change this privacy statement by announcing such changes in its services. The changes may be based on e.g. amendments to legislation. ArvoLex recommends that data subjects regularly familiarize themselves with the contents of the privacy statement.

8. Contacts

The data subject must contact the controller in all questions related to the processing of personal data and in situations concerning the exercising of individual rights.