Privacy Notice

Privacy Notice for Fondia’s Customer, Supplier and Marketing Register

Privacy Notice

Note that this privacy notice concerns processing of personal data primarily in Finland. There might be slight differences to some parts due to national legislation in other countries.


Fondia Oyj PL 4 00101 Helsinki Finland +358 20 7205 400 fondia[at]fondia.com

and our group companies: Fondia Legal Services AB, Fondia Baltic OÜ ja Fondia Lietuva UAB (hereafter ”us” or ”Fondia”)

Contact Details in Data Protection Matters: privacy[at]fondia.com

What Data Do We Process? What Are the Purposes of and Legal Bases for Processing Personal Data?

Fondian tietosuojaseloste_englanti_taulukko-1.jpg

* In case we need to process personal data for a possible legal claim, other categories of personal data may be processed as well depending on the nature of the claim.

From Where Do We Receive Data?

We receive information primarily from yourself, the authorities, credit information companies, contact information service providers and other similar reliable sources.

We may also collect and update personal data for the purposes described in this privacy notice from publicly available sources such as newspapers and other news sources, professional social media networks and company websites, as well as based on information received from the authorities or other third parties within the limits of the applicable legislation.

To Whom Do We Disclose Data and Do We Transfer Data Outside the EU or EEA?

We may disclose data from this customer, supplier and marketing register to our co-operation partners who do marketing and arrange campaigns and events with and on behalf of us, and who consider themselves as controllers instead of processors working on our behalf (these parties are i.a. social media operators and advertisement networks). Otherwise we do not disclose data from the register to external parties unless required by the legislation or an order by the authorities.

We utilize subcontractors that process personal data on behalf of and for us. We have outsourced our IT management and the maintenance of our customer and marketing systems to outside service providers on whose administrated and protected servers the personal data is stored.

We transfer personal data outside the EU/EEA as a part of our operations. When we transfer personal data, we make sure that the personal data in question is appropriately protected and as required by the privacy legislation in force at the time by using the European Commission standard contractual clauses.

How Do We Use Cookies on Our Website?

Our websites and social media channels use cookies and other similar technologies for managing and developing the website, improving and analyzing user experience and targeting advertisement in our and our partners’ services. Cookies allow us to collect information such as from which website users arrive to the pages, which pages are browsed and when, which browser is used and the IP address of the device.

For more information on how we use cookies, please see our 

How Do We Protect the Data and for How Long Do We Store the Data?

The data is collected into databases protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons. Each user has a personal username and password to the systems where personal data are stored.

We store the data as long as it is necessary for the purpose of processing the data. Personal data in the customer, supplier and marketing register is erased after the claim period related to a specific customer, supplier or service relationship has elapsed. This period is typically ten (10) years.

We regularly review the need for data storage taking into account the applicable legislation. In addition, we take all reasonable actions to ensure that no incompatible, outdated or inaccurate personal data are stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

What Are Your Rights as a Data Subject?

You have the right to access the personal data stored in this register concerning yourself, and the right to demand rectification or erasure of that data. You also have the right to withdraw your consent where we process your data based on your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.

You have the right to object to processing or to request restriction of the processing of your personal data at any time and free of charge, and to lodge a complaint with the supervisory authority.

For specific personal reasons, you also have the right to object profiling and other processing concerning yourself, when processing the data is based on our legitimate interest. In connection with your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request based only on grounds provided by law.

All requests and requirements concerning this section should be submitted in writing to the address privacy@fondia.com.

Changes to this Privacy Notice

Should we make amendments to this privacy notice, we will place the amended notice on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review this privacy notice from time to time to ensure you are aware of any amendments made.

Processing of personal data in Fondia’s services


Fondia Sága is Fondia’s document generator and a way to draft tailor-made agreements for the customer for a fixed monthly price. The customers have access to Fondia Sága Document Generator with a possibility to generate documents by themselves. The customer can download generated documents after filling in the required information. This information may contain data related to Fondia’s customers’ employees and the contact persons of the customers of Fondia’s customers. Fondia Sága is a product based tool created by Thomson-Reuters.

Categories of data subjects:

  • Fondia’s customers’ employees

  • Contact persons of the customers of Fondia’s customers

Types of processed personal data:

  • Identification information and contact information such as name, title, phone number, email address, postal address, national identification number

Sub-processors and data transfers:

Sub-processor - Thomson-Reuters

Function - Provides SaaS platform

Location of data storage - EU (Netherlands)

Thomson-Reuters uses sub-contractors to provide its service, more information here:

Duration of processing:

As long as service is being provided. Fondia’s customer can erase data according their own data management policies.