Privacy Notice – Advice, InvestMENT and Asset Management operations (“Operations”)
This is a Privacy Notice, which aims to provide information regarding the processing of personal data by Finreim in connection with Finreim’s Operations.
In this Privacy Notice, the data subjects, which are hereinafter jointly referred to as “Data Subjects”, may be:
This Privacy Notice answers the following questions:
Information related to communication
In case personal data is processed due to mandatory legislative requirements, the register may also contain other personal data that Finreim is obliged to collect under mandatory legislation.
Basic contact information of all Data Subjects such as name, position, title, company address, email address, telephone number, employer information, and contact history data, such as correspondence and communication notes, and given consents and prohibitions for purposes of processing personal data.
Information related to investors
Information on previous and current investments and investment strategies and policies.
Information related to identification and legal requirements
This information includes, but is not limited to, the following: date of birth, social security number, passport copy, citizenship, residence, tax residence, source of funds, financial status, and status as a politically exposed person and/or connections to countries subject to sanctions or asset freezing measures (if any).
2. Why does Finreim collect and process the personal data?
Communication & marketing
Finreim processes personal data to contact, maintain, develop and update Finreim's business relationships as well as by marketing its new services and products. Processing for this purpose is based on the Data Subject’s consent, Finreim’s legitimate interest, or a contract between the Data Subject and Finreim, as applicable.
Investment operations
Personal data is also processed for the purpose of investment/asset management operations of Finreim including legal due diligence, fund administration, reporting, and decision-making. Processing for this purpose is based either on fulfilling the contractual obligations or legal requirements.
Development of business operations
Personal data may be used for the development of business operations. Personal data may be processed to analyse the business relationship or to enhance the quality of Finreim’s products and services. General visitor information of Finreim’s website may be tracked, and this information may be generalized and used to analyse the use of the website and to further develop the website. The basis for the processing is Finreim’s legitimate interest to develop its operations and enhance the quality of its products and services provided to Data Subjects.
No other purposes
Finreim does not process the collected personal data for any other purposes without informing the Data Subject in advance of that other purpose. The collected data is not processed for automated decision-making (including profiling).
3. What are Finreim’s information sources?
Personal data is mainly collected from the Data Subject himself/herself or from their employer entity.
Personal data can be also collected from publicly available or other sources such as official registers maintained by the Finnish Patent and Registration Offices and the Finnish Business Information System (YTJ). Finreim may also collect personal data from the registers of credit rating bureaus such as Suomen Asiakastieto Oy.
The information sources may vary depending on the domicile and/or the citizenship of the Data Subject.
4. How and with whom may the personal data be shared?
Finreim may share personal data with others (e.g., third parties) such as the public authorities, suppliers and business partners who may, depending on the circumstances, act either as a data processor on Finreim’s behalf or as an independent controller.
Finreim may carry out the above-mentioned transfer of personal data only where it is required by contract or by law, or where the transfer is otherwise necessary for a relevant processing purpose, such as protecting Finreim’s and/or the Data Subjects’ safety or the safety of others, investigating fraud, or responding to a government request.
Personal data may also be shared with:
5. What is the retention period?
The basic rules for retention are that personal data is retained only for as long as necessary to fulfil the purpose of processing or if it is required by law.
Basic personal data will be retained only as long as necessary to manage the business relationship or other interaction with the Data Subject. The data will be deleted after a reasonable period has lapsed from the last contact between the Data Subject and Finreim.
Personal data collected under mandatory legislation purposes will be retained as long as required by law.
6. What are the rights of the Data Subject?
A Data Subject is entitled to have access to personal data concerning him or her processed by Finreim, and to request Finreim to rectify inaccurate personal data and, where applicable under data protection law, to erase personal data. To the extent required by applicable data protection law, a Data Subject has a right to object or restrict data processing and request data portability, i.e. the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another controller.
Data Subjects should acknowledge that certain information is strictly necessary for the performance of a contract or for compliance with a legal obligation of Finreim, which may restrict the Data Subject’s rights listed above.
In case the data processing is based on the consent given by the Data Subject, the Data Subject may at any time contact Finreim and cancel the consent for processing personal data, e.g., opt-out of receiving marketing messages.
7. Contact details?
Controller and Controller’s representative
If the Data Subject considers that his or her legal rights have been violated, he or she has the right to lodge a complaint with the national Data Protection Authority or another Data Protection Authority within the EU or the EEA. he or she has the right to file a complaint with the national Data Protection Authority or another Data Protection Authority within the EU or the EEA. The Office of the Data Protection Ombudsman acts as the supervising authority in Finland.
Please send any requests concerning the above-mentioned rights to Finreim using the contact details set out above.
In this Privacy Notice, the data subjects, which are hereinafter jointly referred to as “Data Subjects”, may be:
- Investors, their ultimate beneficial owners, legal representatives or contact persons;
- Members of the Investment Committees and Advisory Boards of each fund, joint venture or other vehicle Finreim is dealing with;
- Contact persons, representatives, management team members or board members of companies from which portfolio companies or properties are acquired or to which they are sold;
- Tenants of the properties under management;
- Contact persons of external advisors, co-operation partners, service providers and public officials.
This Privacy Notice answers the following questions:
- What kind of personal data does Finreim collect and process?
- Why does Finreim collect and process personal data?
- What are Finreim’s sources of personal data?
- How and with whom may the personal data be shared?
- How long is the retention period?
- What are the rights of the Data Subject?
- Who to contact?
- How does Finreim secure personal data?
Information related to communication
In case personal data is processed due to mandatory legislative requirements, the register may also contain other personal data that Finreim is obliged to collect under mandatory legislation.
Basic contact information of all Data Subjects such as name, position, title, company address, email address, telephone number, employer information, and contact history data, such as correspondence and communication notes, and given consents and prohibitions for purposes of processing personal data.
Information related to investors
Information on previous and current investments and investment strategies and policies.
Information related to identification and legal requirements
This information includes, but is not limited to, the following: date of birth, social security number, passport copy, citizenship, residence, tax residence, source of funds, financial status, and status as a politically exposed person and/or connections to countries subject to sanctions or asset freezing measures (if any).
2. Why does Finreim collect and process the personal data?
Communication & marketing
Finreim processes personal data to contact, maintain, develop and update Finreim's business relationships as well as by marketing its new services and products. Processing for this purpose is based on the Data Subject’s consent, Finreim’s legitimate interest, or a contract between the Data Subject and Finreim, as applicable.
Investment operations
Personal data is also processed for the purpose of investment/asset management operations of Finreim including legal due diligence, fund administration, reporting, and decision-making. Processing for this purpose is based either on fulfilling the contractual obligations or legal requirements.
Development of business operations
Personal data may be used for the development of business operations. Personal data may be processed to analyse the business relationship or to enhance the quality of Finreim’s products and services. General visitor information of Finreim’s website may be tracked, and this information may be generalized and used to analyse the use of the website and to further develop the website. The basis for the processing is Finreim’s legitimate interest to develop its operations and enhance the quality of its products and services provided to Data Subjects.
No other purposes
Finreim does not process the collected personal data for any other purposes without informing the Data Subject in advance of that other purpose. The collected data is not processed for automated decision-making (including profiling).
3. What are Finreim’s information sources?
Personal data is mainly collected from the Data Subject himself/herself or from their employer entity.
Personal data can be also collected from publicly available or other sources such as official registers maintained by the Finnish Patent and Registration Offices and the Finnish Business Information System (YTJ). Finreim may also collect personal data from the registers of credit rating bureaus such as Suomen Asiakastieto Oy.
The information sources may vary depending on the domicile and/or the citizenship of the Data Subject.
4. How and with whom may the personal data be shared?
Finreim may share personal data with others (e.g., third parties) such as the public authorities, suppliers and business partners who may, depending on the circumstances, act either as a data processor on Finreim’s behalf or as an independent controller.
Finreim may carry out the above-mentioned transfer of personal data only where it is required by contract or by law, or where the transfer is otherwise necessary for a relevant processing purpose, such as protecting Finreim’s and/or the Data Subjects’ safety or the safety of others, investigating fraud, or responding to a government request.
Personal data may also be shared with:
- business partners and third-party service providers, such as administrators, depositaries and legal advisors for the purpose of co-operation in the context of investment management, administration, anti-money laundering and know your client and legal due diligence. Finreim only shares the information which is necessary to share to fulfil its legal obligations;
- trusted IT service providers, for the purposes of systematic and organised handling of personal data. However, these trusted service providers act on always Finreim's behalf and Finreim is responsible for the processing of personal data;
- competent public authorities when permitted or required in order to comply with applicable mandatory laws or rules of a stock exchange, by order of a court or a request, which is made by a competent authority with legal rights to access such information. E.g., tax reporting information is annually transferred to tax authorities and the information relating to anti-money laundering may be disclosed to the FIN-FSA upon request.
- Personal data may also be transferred to countries outside of the EU or EEA (“third countries”), but only during exceptional circumstances. Such transfer is conditional to the EU Commission assessing that the level of data protection is adequate in the target country, there are necessary standard contractual clauses in place to safeguard the transfer and/or the transfer is specifically agreed upon with the Data Subject.
5. What is the retention period?
The basic rules for retention are that personal data is retained only for as long as necessary to fulfil the purpose of processing or if it is required by law.
Basic personal data will be retained only as long as necessary to manage the business relationship or other interaction with the Data Subject. The data will be deleted after a reasonable period has lapsed from the last contact between the Data Subject and Finreim.
Personal data collected under mandatory legislation purposes will be retained as long as required by law.
6. What are the rights of the Data Subject?
A Data Subject is entitled to have access to personal data concerning him or her processed by Finreim, and to request Finreim to rectify inaccurate personal data and, where applicable under data protection law, to erase personal data. To the extent required by applicable data protection law, a Data Subject has a right to object or restrict data processing and request data portability, i.e. the right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another controller.
Data Subjects should acknowledge that certain information is strictly necessary for the performance of a contract or for compliance with a legal obligation of Finreim, which may restrict the Data Subject’s rights listed above.
In case the data processing is based on the consent given by the Data Subject, the Data Subject may at any time contact Finreim and cancel the consent for processing personal data, e.g., opt-out of receiving marketing messages.
7. Contact details?
Controller and Controller’s representative
- Name: Finreim Oy
- Business ID: 3085714-4
- Address: Suolakivenkatu 18 B 41, 00810 Helsinki, Finland
- Name: Mr. Petri Suutarinen
- Title: CEO
- Email: petri.suutarinen@finreim.fi
- Phone: +358 400 330 322
If the Data Subject considers that his or her legal rights have been violated, he or she has the right to lodge a complaint with the national Data Protection Authority or another Data Protection Authority within the EU or the EEA. he or she has the right to file a complaint with the national Data Protection Authority or another Data Protection Authority within the EU or the EEA. The Office of the Data Protection Ombudsman acts as the supervising authority in Finland.
Please send any requests concerning the above-mentioned rights to Finreim using the contact details set out above.