Privacy Notice

Privacy Notice of Muurman Attorneys Ltd, August 2024

This privacy notice describes what data we collect and process about our clients, other parties involved in our assignments, business partners, and other individuals related to our operations. The privacy policy also provides information about the rights of data subjects concerning their personal data.

We process personal data in accordance with applicable laws, including the EU General Data Protection Regulation (regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as "GDPR"). We also adhere to the guidelines of the Finnish Bar Association.

1. Data controller

Muurman Attorneys Ltd
Business ID: 3444230-9
Aleksanterinkatu 17
00100 Helsinki, Finland
markus.muurman@muurman.fi

2. Contact person responsible for this privacy notice

Markus Muurman
Muurman Attorneys Ltd
Aleksanterinkatu 17
00100 Helsinki, Finland
markus.muurman@muurman.fi

3. Purpose and legal basis of data processing

We collect and process personal data to handle assignments and maintain client relationships and our relationships with service providers or other business partners. In such cases, the legal basis for processing personal data is the legitimate interest under Article 6(f) of the GDPR.

We also process personal data to comply with legal obligations, such as taking measures required by the Act on Preventing Money Laundering and Terrorist Financing (444/2017, hereinafter referred to as the "Anti-Money Laundering Act"). In such cases, the legal basis for data processing is the fulfillment of legal obligations under Article 6(c) of the GDPR.

Additionally, we may use personal data for marketing purposes. In such cases, the legal basis for processing is the legitimate interest under Article 6(f) of the GDPR.

4. Collection and processing of personal data

We primarily collect personal data from the data subject themselves or from our clients if the personal data concerns another person related to the client's assignment (e.g., the counterparty in an assignment). We may also obtain personal data from authorities, public registers, or other public sources and opposing parties during the handling of assignments.

Personal data is collected, for example, when we investigate potential conflicts of interest, identify our clients, perform actions required for handling assignments, and establish or manage our relationships with service providers or other business partners.

We collect and process, among others, the following types of data:

  • Basic information, such as name, postal address, email address, phone number, employer, occupation, job title, date of birth, and personal identification number;

  • Client relationship information, such as billing information, insurance information, details about assignments and related contracts or other documents, and client communication details;

  • Information related to our business partners, such as contract details, information about representatives of our partners, and communication between us and the partner;

  • Information required by the Anti-Money Laundering Act, such as a copy of the document used to verify identity, nationality, and details about the person's business activities, financial status, and political influence.

5. Retention period of personal data

We retain personal data for as long as it is necessary to fulfil the purpose of the processing or to comply with our obligations under the law or the instructions of the Finnish Bar Association.

In accordance with the Finnish Bar Association's guidelines, we retain information on assignments, including clients' personal data, for ten years after the end of the assignment.

For assignments subject to the Anti-Money Laundering Act, we retain the client's identification details and information about the client's business activities for five years after the client relationship ends.

However, we may retain personal data for a longer period if there is a legal basis for doing so, such as the need to defend against claims made against us.

6. Disclosure of personal data

We only disclose personal data to third parties to the extent necessary for our operations. We may disclose personal data, for example, to authorities for handling assignments and to our service providers or business partners if necessary for the implementation of our operations and services. We may also disclose personal data if required to protect our rights or comply with legal obligations.

As a rule, we do not transfer personal data outside the European Union or the European Economic Area. However, if it is necessary to transfer personal data outside the European Union or the European Economic Area, this will be done in accordance with applicable data protection legislation and, where appropriate, using the European Commission's standard contractual clauses.

7. Data security

We treat all personal data confidentially, in accordance with attorneys’ secrecy and confidentiality obligations, and following the data security guidelines of the Finnish Bar Association. Access to personal data is limited to our staff and certain service providers to the extent necessary for the provision of services. Our service providers are required by separate confidentiality agreements to keep all personal data confidential and to use it only for purposes necessary to perform tasks related to the service.

8. Information about the rights of data subjects

As a data subject, you have the following rights: 

  • Right to access personal data: You have the right to know whether we process your personal data and to access the personal data we have collected about you. However, we may deny the request on legal grounds.

  • Right to request rectification of personal data: You may request the correction of your personal data if the data we hold is incorrect or incomplete.

  • Right to request the erasure of personal data: In certain situations, you have the right to request that we erase your personal data.

  • Right to restrict the processing of personal data: You may request the restriction of the processing of your personal data under certain legal conditions.

  • Right to object the processing personal data: In certain situations, you have the right to object to the processing of your personal data, for example, if the data is processed for direct marketing purposes.

  • Right to data portability: You have the right, under certain conditions, to receive the personal data you have provided to us and which is processed based on your consent, and to transfer this data to another data controller.

If the processing of your personal data is based on consent, you can withdraw your consent at any time. In this situation, you have the right to request the erasure of your personal data unless there is some other legal basis for processing the data after the withdrawal of consent.

If you wish to exercise the above rights, a request to this effect must be sent to the contact person responsible for the privacy policy mentioned in section 2.

You also have the right to file a complaint with the data protection authority if you believe that we have not complied with data protection laws. In Finland, the competent data protection authority is the Data Protection Ombudsman (www.tietosuoja.fi).

9. Amendments

We may amend this privacy policy if we change the ways or purposes of processing personal data. Therefore, we encourage you to review the privacy policy regularly.