Combined Data Protection Description and Information Document in accordance with the Data Protection Act and the General Data Protection Regulation of the European Union (2016/679/EU).

1. Controller

Tili Sydwest Oy Ab (Firmally)
Business ID: 0723719-0
Rantatie 16 A
21600 Parainen

Finland

2. Contact Person for the Controller

Ove Arén 
info@firmally.fi
Phone. +358 245 81425
Rantatie 16 A
21600 Parainen

Finland

3. Register Name

Tili Sydwest Customer Register

4. Basis and Purpose of Personal Data Processing

To provide and deliver services, we process personal data of our customers. The purpose of processing personal data is to maintain contact with customers and uphold the customer relationship. The processing of personal data is based on the agreement between the data subject and the controller. Data is also processed to fulfill statutory and regulatory obligations. Additionally, anti-money laundering and terrorism financing laws require the accounting industry to prevent money laundering and terrorism financing, as well as promote the detection and investigation of these activities. To fulfill this, there is an obligation to identify customers and investigate information about their business activities and ownership. The information collected may be used, according to the law, to prevent, detect, and investigate money laundering and terrorism financing.

5. Data Subjects

The customer register contains information about customers, their contact persons, and any other individuals related to the customer relationship if the storage of their personal data is necessary to manage the customer relationship or fulfill other statutory obligations of the controller.

6. Personal Data Stored in the Register

The customer register contains the following personal data about our customers, decision-makers, and contact persons:

• Name
• Date of Birth
• Personal
• Identification
• Number (for reliable identification)
• Nationality
• Mailing Address
• Email
• Phone Number
• Position
• Relationship to the represented company
• Information about politically influential positions

The customer register also includes the following customer information:

• Other information related to the customer relationship and ordered services

7. Data Processors

The controller and the controller’s employees process personal data.

8. Rights of the Data Subject

Inquiries about the use of data subject’s information should be made to the above-mentioned address for the controller. The data subject has the following rights:

• Right to access: The data subject has the right to inspect the personal data we have stored.
• Right to rectification: The data subject can request correction of inaccurate or incomplete information.
• Right to object: The data subject can object to the processing of personal data if they believe the data has been processed unlawfully.
• Right to erasure: The data subject has the right to request the deletion of information if the processing is no longer necessary.
• If data processing is based solely on consent, the data subject can withdraw their consent.
• The data subject has the right to appeal the decision to the Data Protection Ombudsman.
• The data subject has the right to request that we restrict the processing of controversial information until the matter is resolved.
• The data subject has the right to file complaints with the Data Protection Ombudsman if they believe that we are violating applicable data protection laws in the processing of personal data. Contact information for the Data Protection Ombudsman: www.tietosuoja.fi/fi/index/yhteystiedot.html

9. Regular Sources of Information

Information stored in the register is regularly obtained from:

1. Public business registers and similar registers
2. The customer, e.g., at the establishment of a customer relationship, through messages sent via web forms, email, phone, agreements, customer meetings, and other situations where the customer provides their information.

10. Regular Transfers of Information

The controller does not normally transfer information from the register to third parties. However, information may be transferred in accordance with Finnish law. Software used by the controller and their suppliers, as well as other subcontractors, are also data processors. The controller may use subcontractors and service providers for technical support, customer service, management and analysis of user data, and communication with customers. Your personal data may be transferred to the controller’s subcontractors and service providers only to the extent necessary for them to participate in the performance of the controller’s services and fulfill the purposes described in this information document. The controller ensures that the transfers are carried out correctly and in accordance with applicable laws on the processing of personal data. Your personal data may be handed over to a competent authority as required and under the conditions of the law.

11. Storage Period for Information

Personal data is normally stored for the duration of the customer relationship. Legislation establishes a minimum storage period for certain data (salary and accounting materials, as well as data under the Anti-Money Laundering Act). The controller is obliged to retain accounting material according to the Accounting Act (10 years). Therefore, material related to accounting cannot be deleted before the end of the specified deadline. According to the Anti-Money Laundering Act, information must be preserved reliably for five (5) years from the termination of a regular customer relationship.

12. Contact

If you have questions about the processing of your personal data or if you want to correct inaccurate information, you can contact the specified contact person for the controller. You have the right to request information about your processed personal data free of charge once per calendar year. These requests should be made in writing and sent to the Controllers above-mentioned address.