Privacy at Fondia

What data do we process and why?

We have a chatbot on our website that requires the acceptation of analytical cookies. The chatbot works automatically and it utilizes machine learning to optimize the usefulness of the answers to you. The personal data (contact details and other possible data) you provide in the chat is used to contact you at your request and to evaluate how we can best help you. Please do not reveal unnecessary information about your private life on the chat.

You may also contact us on the form on our website or book a meeting from our calendar. In both situations we collect the name, contact details and information on the legal question you need help with. The data is used to contact you and to evaluate how we can best help you.

We do not target direct marketing at you by email or phone. However, if you have consented use of cookies for this website, we use the statistics service LinkedIn Insights for the purpose of the needs-oriented design and continuous optimization of our pages. The LinkedIn Insight Tag enables the collection of data regarding LinkedIn members’ visits to our website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching LinkedIn members across devices), and LinkedIn members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.

Fondia don't receive the personal data of LinkedIn members; we only receive reports and alerts (which do not identify LinkedIn members) about Fondia’s website audience and ad performance. LinkedIn Insights  also provide Fondia retargeting for website visitors, enabling Fondia to show personalized ads off our website by using this data, but without identifying the member. LinkedIn insight also use data that doesn't identify LinkedIn members to improve ad relevance and reach members across devices. 

The processing is based on your consent. With regard to cookies, you may at any time withdraw your consent on the cookie settings by clicking the cookie on the bottom left of our website.

From where do we receive data?

We collect the data from you when you visit our website.

For how long do we store your personal data?

We store the personal data you have provided us through the chatbot for as long as they are necessary to contact you and to initiate a possible commission. If you become our customer, the processing of your personal data is described on the section “I am Fondia’s customer or the contact person of the customer”. The retention periods of cookies are described on the section “Cookies”.

What data do we process and why?

We have a chatbot on our website that requires the acceptation of analytical cookies. The chatbot works automatically and it utilizes machine learning to optimize the usefulness of the answers to you. The personal data (contact details and other possible data) you provide in the chat is used to contact you at your request and to evaluate how we can best help you. Please do not reveal unnecessary information about your private life on the chat.

You may also contact us on the form on our website or book a meeting from our calendar. In both situations we collect the name, contact details and information on the legal question you need help with. The data is used to contact you and to evaluate how we can best help you.

We do not target direct marketing at you by email or phone. However, if you have consented use of cookies for this website, we use the statistics service LinkedIn Insights for the purpose of the needs-oriented design and continuous optimization of our pages. The LinkedIn Insight Tag enables the collection of data regarding LinkedIn members’ visits to our website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching LinkedIn members across devices), and LinkedIn members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.

Fondia don't receive the personal data of LinkedIn members; we only receive reports and alerts (which do not identify LinkedIn members) about Fondia’s website audience and ad performance. LinkedIn Insights  also provide Fondia retargeting for website visitors, enabling Fondia to show personalized ads off our website by using this data, but without identifying the member. LinkedIn insight also use data that doesn't identify LinkedIn members to improve ad relevance and reach members across devices. 

The processing is based on your consent. With regard to cookies, you may at any time withdraw your consent on the cookie settings by clicking the cookie on the bottom left of our website.

From where do we receive data?

We collect the data from you when you visit our website.

For how long do we store your personal data?

We store the personal data you have provided us through the chatbot for as long as they are necessary to contact you and to initiate a possible commission. If you become our customer, the processing of your personal data is described on the section “I am Fondia’s customer or the contact person of the customer”. The retention periods of cookies are described on the section “Cookies”.

What data do we process and why?

We collect basic and contact details such as name, work email, work phone number and positions in the company of our potential customers.

The purpose of collecting this data is

• delivering and developing our products and services to better match your needs

• marketing our services to companies

• targeting marketing in our web services.

The processing is based on our legitimate interest to ensure the continuity of our business operations and customer acquisition.

From where do we receive data?

We receive data of professional social media networks, contact information service providers and you yourself, when you contact us e.g., via the chatbot on our website, email, phone or using VirtualLawyer.

To whom do we disclose data? Do we transfer data outside the EU/EEA?

We may disclose data to our co-operation partners that perform marketing or arrange campaigns and events with and for us, and who see themselves as controllers and not processors working on behalf of us (such entities include e.g., various social media players and marketing networks). Other than that, we do not disclose your data to outsiders unless the legislation or authorities require us to do so.

We use international cloud services in the processing of personal data and data may be transferred outside the EU/EEA in connection with those services. We ensure that appropriate safeguards in accordance with the GDPR are used in data transfers.

For how long do we store your personal data?

We direct marketing at companies. The data of the contact persons of these companies is stored for as long as they are relevant for the marketing directed at such company. We delete the data, when we no longer need it for marketing purposes. You have the right to request the deletion of your personal data if you no longer wish to receive marketing from us.

You have the right to request the deletion of your data if you no longer wish to receive marketing from us.

What data do we process and why?

We collect basic and contact details such as name, work email, work phone number and positions in the company of our potential customers.

The purpose of collecting this data is

• delivering and developing our products and services to better match your needs

• marketing our services to companies

• targeting marketing in our web services.

The processing is based on our legitimate interest to ensure the continuity of our business operations and customer acquisition.

From where do we receive data?

We receive data of professional social media networks, contact information service providers and you yourself, when you contact us e.g., via the chatbot on our website, email, phone or using VirtualLawyer.

To whom do we disclose data? Do we transfer data outside the EU/EEA?

We may disclose data to our co-operation partners that perform marketing or arrange campaigns and events with and for us, and who see themselves as controllers and not processors working on behalf of us (such entities include e.g., various social media players and marketing networks). Other than that, we do not disclose your data to outsiders unless the legislation or authorities require us to do so.

We use international cloud services in the processing of personal data and data may be transferred outside the EU/EEA in connection with those services. We ensure that appropriate safeguards in accordance with the GDPR are used in data transfers.

For how long do we store your personal data?

We direct marketing at companies. The data of the contact persons of these companies is stored for as long as they are relevant for the marketing directed at such company. We delete the data, when we no longer need it for marketing purposes. You have the right to request the deletion of your personal data if you no longer wish to receive marketing from us.

You have the right to request the deletion of your data if you no longer wish to receive marketing from us.

What personal data do we process and why?

We collect the name, work email and phone number and the position in the company of the contact person of our customers.

We collect the data

• to manage customer relationships

• to execute commissions

• for customer surveys

• for possible charity donations on your behalf

• for invoicing.

The processing is based on our legitimate interest to ensure the continuity of our business, to execute commissions and customer management. In addition, we process data for bookkeeping based on a legal obligation.

From where do we receive the data?

The data is collected from you yourself, our customer company, authorities or credit companies.

For how long do we store your data?

We store your personal data as long as necessary for the purpose of use. The personal data concerning customers is deleted when the limitation or reclamation period regarding a specific customer or service has passed. This period is typically then (10) years.

What personal data do we process and why?

We collect the name, work email and phone number and the position in the company of the contact person of our customers.

We collect the data

• to manage customer relationships

• to execute commissions

• for customer surveys

• for possible charity donations on your behalf

• for invoicing.

The processing is based on our legitimate interest to ensure the continuity of our business, to execute commissions and customer management. In addition, we process data for bookkeeping based on a legal obligation.

From where do we receive the data?

The data is collected from you yourself, our customer company, authorities or credit companies.

For how long do we store your data?

We store your personal data as long as necessary for the purpose of use. The personal data concerning customers is deleted when the limitation or reclamation period regarding a specific customer or service has passed. This period is typically then (10) years.

What personal data do we process and why?

We collect the name, work email and phone number and the position in the company of the vendors to take care of the vendor relationship and for invoicing. The processing is based on our legitimate interest to ensure the continuity of our business. In addition we process data for bookkeeping based on a legal obligation.

From where do we receive the data?

We collect the data from you yourself and the vendor company.

For how long do we store your data?

We store your personal data as long as necessary for the purpose of use. The data concerning suppliers is deleted, when the supplier relationship ends.

What personal data do we process and why?

We collect the name, work email and phone number and the position in the company of the vendors to take care of the vendor relationship and for invoicing. The processing is based on our legitimate interest to ensure the continuity of our business. In addition we process data for bookkeeping based on a legal obligation.

From where do we receive the data?

We collect the data from you yourself and the vendor company.

For how long do we store your data?

We store your personal data as long as necessary for the purpose of use. The data concerning suppliers is deleted, when the supplier relationship ends.

What data do we process and why?

We process the following data of our job applicants in order to proceed with the recruitment process:

• Basic information such as name, birth date, mother tongue

• Contact details such as email address, phone number, home address

• Information regarding the position applied for such as information of the type and nature of the employment and information of the contact persons designated for the application process, salary request and information related to starting the job

• Other information important in relation to suitability and other information of yourself and you background that you have provided such as photo, study and other educational information, work history (such as employers, start dates and durations of employment and the nature of work tasks), language skills, other special skills, description of personal features, degrees, certificates and evaluations, and references to portfolios, profiles and other sources found on the Internet, referees and the results and details of the personal assessment and suitability assessment carried out with your consent

• Information regarding the recruitment process such as information of further interviews or of the interruption of the recruitment process

• Other possible information that you have provided voluntarily in connection with the recruitment process or otherwise specifically published in professional purposes such as LinkedIn-profile

The purpose of processing your personal data is to receive and process job applications and to manage our recruitment processes. With the data we can contact the applicants and make decisions when filling the positions

The processing is based on your consent during the recruitment process. You may reverse your consent by withdrawing from the recruitment process.

From where do we receive the data?

We primarily use the data that you have provided us in connection with the recruitment process. By sending us a job application, you give your permission to collect data from your LinkedIn-profile and possible referees. We also use external recruitment consultants that seek for potential employees on behalf of us.

For how long do we store your data?

We store your data for two (2) years after the recruitment process has ended.

Who may you contact, if you want more information on the recruitment process?

For more information on the recruitment process, you may contact Wilma Laukkanen by phone,+358 20 720 5674, or email, wilma.laukkanen(at)fondia.com.

What data do we process and why?

We process the following data of our job applicants in order to proceed with the recruitment process:

• Basic information such as name, birth date, mother tongue

• Contact details such as email address, phone number, home address

• Information regarding the position applied for such as information of the type and nature of the employment and information of the contact persons designated for the application process, salary request and information related to starting the job

• Other information important in relation to suitability and other information of yourself and you background that you have provided such as photo, study and other educational information, work history (such as employers, start dates and durations of employment and the nature of work tasks), language skills, other special skills, description of personal features, degrees, certificates and evaluations, and references to portfolios, profiles and other sources found on the Internet, referees and the results and details of the personal assessment and suitability assessment carried out with your consent

• Information regarding the recruitment process such as information of further interviews or of the interruption of the recruitment process

• Other possible information that you have provided voluntarily in connection with the recruitment process or otherwise specifically published in professional purposes such as LinkedIn-profile

The purpose of processing your personal data is to receive and process job applications and to manage our recruitment processes. With the data we can contact the applicants and make decisions when filling the positions

The processing is based on your consent during the recruitment process. You may reverse your consent by withdrawing from the recruitment process.

From where do we receive the data?

We primarily use the data that you have provided us in connection with the recruitment process. By sending us a job application, you give your permission to collect data from your LinkedIn-profile and possible referees. We also use external recruitment consultants that seek for potential employees on behalf of us.

For how long do we store your data?

We store your data for two (2) years after the recruitment process has ended.

Who may you contact, if you want more information on the recruitment process?

For more information on the recruitment process, you may contact Wilma Laukkanen by phone,+358 20 720 5674, or email, wilma.laukkanen(at)fondia.com.

What data do we process and why?

We collect personal data, such as name, title, special diets, allergies and details needed for invoicing, of the participants when they enroll in order to organize and carry out events. We collect the data with your consent. You may cancel your participation at any time before the event by notifying us and we will delete your data.

After the event we process data for invoicing and bookkeeping. Such processing is based on our legitimate interest to take care of invoicing and bookkeeping.

From where do we receive the data?

The data is collected from the participation form that you fill in yourself.

For how long do we store your data?

We store the necessary data of the participants for as long as necessary for invoicing and bookkeeping and other data is deletedafter the event has ended.

What data do we process and why?

We collect personal data, such as name, title, special diets, allergies and details needed for invoicing, of the participants when they enroll in order to organize and carry out events. We collect the data with your consent. You may cancel your participation at any time before the event by notifying us and we will delete your data.

After the event we process data for invoicing and bookkeeping. Such processing is based on our legitimate interest to take care of invoicing and bookkeeping.

From where do we receive the data?

The data is collected from the participation form that you fill in yourself.

For how long do we store your data?

We store the necessary data of the participants for as long as necessary for invoicing and bookkeeping and other data is deletedafter the event has ended.

What data do we process and why?

We collect first name, last name, company, title, phone number, email and password when you register onto VirtualLawyer.

The processing of personal data is based on our legitimate interest to manage and take care of our customer relationship and to ensure the continuity of our business.

The purpose of processing the data is to

• deliver and develop our products and services to better meet our customers’ needs

• take care of the customer relationship

• perform direct marketing.

From where do we receive data?

We receive the data primarily from you yourself when you register onto the service.

For how long do we store your data?

The data you provide us when you register is stored for as long as your registration is in effect.

How is data processed in the contract generator?

As you use the contract generator, the data you enter is saved in the service for creating the document. The data is not used for other purposes. The data in the documents created with the contract generator is stored for 30 days from the drafting of the document.

What data do we process and why?

We collect first name, last name, company, title, phone number, email and password when you register onto VirtualLawyer.

The processing of personal data is based on our legitimate interest to manage and take care of our customer relationship and to ensure the continuity of our business.

The purpose of processing the data is to

• deliver and develop our products and services to better meet our customers’ needs

• take care of the customer relationship

• perform direct marketing.

From where do we receive data?

We receive the data primarily from you yourself when you register onto the service.

For how long do we store your data?

The data you provide us when you register is stored for as long as your registration is in effect.

How is data processed in the contract generator?

As you use the contract generator, the data you enter is saved in the service for creating the document. The data is not used for other purposes. The data in the documents created with the contract generator is stored for 30 days from the drafting of the document.

What personal data do we process and why?

To manage the commissions given by customers we sometimes have to process the personal data of the people related to the commission. This data may concern the personnel, agreement partners or shareholders of the customer that has given the commission and in dispute resolution also other persons that are on the opposing party or otherwise involved in the matter.

The data typically consists of names and contact details and the descriptions of the events and circumstances relevant to the commission. The data is processed only to the extent necessary to carry out the commission.

The processing is based on our legitimate interest to ensure the continuity of our business and to carry out commissions.

From where do we receive the data?

The data is collected primarily from our customer companies.

For how long do we store your data?

We store your personal data as long as necessary for the purpose of use. The data processed in connection with the commission is deleted when the limitation or reclamation period has passed. This period is typically then (10) years.

What personal data do we process and why?

To manage the commissions given by customers we sometimes have to process the personal data of the people related to the commission. This data may concern the personnel, agreement partners or shareholders of the customer that has given the commission and in dispute resolution also other persons that are on the opposing party or otherwise involved in the matter.

The data typically consists of names and contact details and the descriptions of the events and circumstances relevant to the commission. The data is processed only to the extent necessary to carry out the commission.

The processing is based on our legitimate interest to ensure the continuity of our business and to carry out commissions.

From where do we receive the data?

The data is collected primarily from our customer companies.

For how long do we store your data?

We store your personal data as long as necessary for the purpose of use. The data processed in connection with the commission is deleted when the limitation or reclamation period has passed. This period is typically then (10) years.

Fondia Sága

Fondia Sága is a document generator and a way of drafting customized agreements for the customer with a fixed monthly fee. On Fondia Sága, the customer may form documents themselves and download the documents, when the required information has been filled in. The documents may contain data related to the customer’s employees and contact persons.

The customer is the controller for the personal data processed in Fondia Sága and Fondia processes the data on the customers behalf. The customer and Fondia have signed an agreement on the processing of personal data.

Thomson-Reuters is our sub processor that provides the technical platform for the Fondia Sága service. The data is stored in the EU (Netherlands). Thomson-Reuters uses sub processors for providing the service, on which you can find additional information here.

In principle the data is stored for as long as the service is offered to a customer. The customer may define the retention periods anddelete the data according to their own information management practices.

Fondia Sága

Fondia Sága is a document generator and a way of drafting customized agreements for the customer with a fixed monthly fee. On Fondia Sága, the customer may form documents themselves and download the documents, when the required information has been filled in. The documents may contain data related to the customer’s employees and contact persons.

The customer is the controller for the personal data processed in Fondia Sága and Fondia processes the data on the customers behalf. The customer and Fondia have signed an agreement on the processing of personal data.

Thomson-Reuters is our sub processor that provides the technical platform for the Fondia Sága service. The data is stored in the EU (Netherlands). Thomson-Reuters uses sub processors for providing the service, on which you can find additional information here.

In principle the data is stored for as long as the service is offered to a customer. The customer may define the retention periods anddelete the data according to their own information management practices.

What data do we process and why?

We collect identifiers and other personal data from our potential clients in connection with the ”Know Your Customer” known as the KYC process

• to prevent, detect and investigate money laundering and financing terrorism

• to bring money laundering, terrorist financing and the crime by which the property or criminal benefit that is the subject of money laundering or terrorist financing has been obtained, under investigation

• to execute the obligations related to sanctions

• to evaluate business risks.

Before we start cooperation, we need the organization's name and business ID, as well as the contact person's name, email address and phone number for identification. After this, we will send a link to a form by e-mail and the contact person must identify themself when filling it out. In order to proceed with the form, the contact person must enter a code sent by text message, into the form.

Data of the organization and personal data of the representative, beneficial owners and politically exposed persons is collected with the form.

Data collected of the communities is:

• name

• business ID

• industry

• does the organization have business/clients outside the EU/EEA

• does the organization have business/clients in certain high risk countries

• have all the beneficial owners been registered with the trade register

• whether one or more persons have more than 25 % ownership or voting rights in the organization and if not, what role do the beneficial owners have

• has the representative / beneficial owner of the organization or a family member or associate of such person worked in a significant public position during the last year

• possible additional information and comments.

We collect the name, social security number and nationality of the contact person of the organization. Of the beneficial owners, we collect the name, social security number, nationality, email, phone number and information on why the person is a beneficial owner. Of the politically exposed persons we collect the name, date of birth and nationality.

If the client is a private person, we may also check credit information. Also, if we can’t identify the client electronically, we may have to ask for a copy of an identification document such as passport. We save the passport number, issuer, date of birth, social security number and nationality of the passport copy.

After we receive the filled form, we also collect a trade register extract, risk level, possible payment default records and a beneficiary register extract of the organization. The data is updated and collected also during the client relationship as a part of continuous knowing of the client required by the Act on Preventing Money Laundering and Terrorist Financing, for example, when the contact person is changed.

The processing is based on a legal obligation, based on the following:

• Act on Preventing Money Laundering and Terrorist Financing (444/2017)

• EU sanctions

• Act on the Fulfilment of Certain Obligations of Finland as a Member of the United Nations and of the European Union

• other national decisions of the authorities on sanctions.

Processing is also based on Fondia’s legitimate interest to take care of business risks comprehensively.

From where do we receive data?

The data collected through the from is received from the contact person of the organization or private client.

We request a trade register extract and check the information concerning the beneficial owners from the trade register. We also check possible payment default records from the credit register. If necessary, we also check the sanction lists and search for background information from other public sources to confirm the data and backgrounds of communities and private clients.

For how long do we store data?

We store the identifiers related to the KYC process for five (5) years of the collection of the data in accordance with the Act on Preventing Money Laundering and Terrorist Financing. The data used one-off in the risk assessments is deleted when the assessment has ended.

What data do we process and why?

We collect identifiers and other personal data from our potential clients in connection with the ”Know Your Customer” known as the KYC process

• to prevent, detect and investigate money laundering and financing terrorism

• to bring money laundering, terrorist financing and the crime by which the property or criminal benefit that is the subject of money laundering or terrorist financing has been obtained, under investigation

• to execute the obligations related to sanctions

• to evaluate business risks.

Before we start cooperation, we need the organization's name and business ID, as well as the contact person's name, email address and phone number for identification. After this, we will send a link to a form by e-mail and the contact person must identify themself when filling it out. In order to proceed with the form, the contact person must enter a code sent by text message, into the form.

Data of the organization and personal data of the representative, beneficial owners and politically exposed persons is collected with the form.

Data collected of the communities is:

• name

• business ID

• industry

• does the organization have business/clients outside the EU/EEA

• does the organization have business/clients in certain high risk countries

• have all the beneficial owners been registered with the trade register

• whether one or more persons have more than 25 % ownership or voting rights in the organization and if not, what role do the beneficial owners have

• has the representative / beneficial owner of the organization or a family member or associate of such person worked in a significant public position during the last year

• possible additional information and comments.

We collect the name, social security number and nationality of the contact person of the organization. Of the beneficial owners, we collect the name, social security number, nationality, email, phone number and information on why the person is a beneficial owner. Of the politically exposed persons we collect the name, date of birth and nationality.

If the client is a private person, we may also check credit information. Also, if we can’t identify the client electronically, we may have to ask for a copy of an identification document such as passport. We save the passport number, issuer, date of birth, social security number and nationality of the passport copy.

After we receive the filled form, we also collect a trade register extract, risk level, possible payment default records and a beneficiary register extract of the organization. The data is updated and collected also during the client relationship as a part of continuous knowing of the client required by the Act on Preventing Money Laundering and Terrorist Financing, for example, when the contact person is changed.

The processing is based on a legal obligation, based on the following:

• Act on Preventing Money Laundering and Terrorist Financing (444/2017)

• EU sanctions

• Act on the Fulfilment of Certain Obligations of Finland as a Member of the United Nations and of the European Union

• other national decisions of the authorities on sanctions.

Processing is also based on Fondia’s legitimate interest to take care of business risks comprehensively.

From where do we receive data?

The data collected through the from is received from the contact person of the organization or private client.

We request a trade register extract and check the information concerning the beneficial owners from the trade register. We also check possible payment default records from the credit register. If necessary, we also check the sanction lists and search for background information from other public sources to confirm the data and backgrounds of communities and private clients.

For how long do we store data?

We store the identifiers related to the KYC process for five (5) years of the collection of the data in accordance with the Act on Preventing Money Laundering and Terrorist Financing. The data used one-off in the risk assessments is deleted when the assessment has ended.

What data do we process and why?

We collect first name, last name, company, title, phone number and email when you register onto MyFondia.

The processing of personal data is based on our legitimate interest to manage and take care of our customer relationship, to ensure the continuity of our business and customer acquisition.

The purpose of processing the data is to

• deliver and develop our products and services to better meet our customers’ needs

• take care of the customer relationship

• perform direct marketing.

From where do we receive data?

We receive the data primarily from you yourself when you register onto the service or from representative at the company you are employed.

For how long do we store your data?

The data you provide us when you register is stored for as long as your registration is in effect.

What data do we process and why?

We collect first name, last name, company, title, phone number and email when you register onto MyFondia.

The processing of personal data is based on our legitimate interest to manage and take care of our customer relationship, to ensure the continuity of our business and customer acquisition.

The purpose of processing the data is to

• deliver and develop our products and services to better meet our customers’ needs

• take care of the customer relationship

• perform direct marketing.

From where do we receive data?

We receive the data primarily from you yourself when you register onto the service or from representative at the company you are employed.

For how long do we store your data?

The data you provide us when you register is stored for as long as your registration is in effect.