CUSTOMER REGISTER PRIVACY STATEMENT

Controller
Rödl & Partner Attorneys-at-law Ltd.
Kalevankatu 6, 00100 Helsinki
Business ID 2080068-9

Contact Information for Register Matters
Pekka Pulli
pekka.pulli@roedl.com
Puh. +358 (0)50 336 9343

Name of the Register
Customer register of Rödl & Partner Attorneys-at-law Ltd. (Rödl & Partner)

Legal Basis for Customer Register
The basis for processing the personal data is the customer relationship based on an agreement or other relevant connection or data subject’s consent. The consent may be withdrawn at any time.

Purpose of Processing Personal Data and the Customer Register
The purpose of processing information under this register is to manage and maintain the relations between Rödl & Partner and the customer; to design and develop Rödl & Partner’s business and services; to perform statistical and market research. The customer information in the register may be used in direct marketing by the controller or in other direct marketing or in other addressed mail services and targeting the network marketing.

The Description of Groups of the Data Subjects
The person has or has had a customer relationship or an application or an offer has been made to establish the relationship.

The Content of the Register
The customer register holds and processes the following personal data of customers or other registered persons:
basic information, such as: name, personal identification number, postal address, e-mail address, telephone number and occupation;
contact person’s name, postal address, e-mail address, telephone number and occupation;
employer’s name and business ID;
information related to a customer relationship based on an agreement or other relevant connection and information about using the services;
information about direct marketing permissions and prohibitions;
information regarding billing and collecting;
additional information concerning customer service situations.

The Regular Information Sources
The personal data will be collected during registration, using our services or directly from the data subject. The personal data may be collected or updated also from a population information organisation or system, trade register, credit card register or some other such public or private register.

Regular Disclosure
The personal data is not disclosed to third parties and it is used only for purposes specified in this statement. Agreements on processing personal data according to the GDPR have been made with co-operating partners we have selected to maintain the customer information.

Transfer of Data Outside the EU or the EEA
Personal data in the register will not be disclosed or transferred outside the European Union or the European Economic Area.

Data Preservation Time and Criteria
Data will be preserved as long as the purpose of managing demands it. Deletion times and practices will be defined and old and unnecessary personal data will be deleted. Preservation obligation may also be determined by the law.

The Rights of the Data Subjects
The data subject has a right to review the information about him/her. The written request with signature is to be submitted to a contact person. The request may also be presented in the premises of the controller in the address mentioned above.

The data subject has the right to require the controller to rectify erroneous data contained in a personal data file.

In certain situations, the data subject has the right to remove the personal data concerning him/her or ask to move the information to another data controller.

The data subject has a right to prohibit registrar from using the data for direct mailing, distance selling or other direct marketing and opinion polls and marketing research.

Digital direct marketing may be directed to the registered with permission. The registered may withdraw his/her consent to this kind of marketing any time.

The primary method of settling disputes is through negotiations between the controller and the data subject. The data subject has the right to take the case to the data protection authority.

Principles for the protection of the data
When processing the personal data, we will follow the good data management practice and the carefulness and protection obligations according to the data protection legislation.

We put all the necessary technical and organisational measures into practice to protect the data from outsiders accessing it or intentionally or unintentionally losing, damaging, harming or changing it or from any other illegal handling.

The access to personal data is limited to such persons who are entitled to access them on the basis of their work assignments or role and who are subject to confidentiality obligations regarding the personal data.

Digitally stored and managed data is in database secured with firewalls, passwords and other technical measures. Manual data is stored inside the controller’s premises in locked facilities.