This privacy policy is drafted in accordance with the Data Protection Act and the General Data Protection Regulation (2016/679/EU). This document is an information document and a record of processing activities in accordance with General Data Protection Regulation. This document was drafted on 15.6.2019 and updated on 21.2.2022

BOWA Legal Oy (Y: 3005519-2)
Pieni Roobertinkatu 11, 00130 Helsinki

Contact person in privacy policy matters:

Matti Vansén
045 236 8209


BOWA Legal Oy’s register of customer and marketing data (”Customer Register”)


On data collecting in general

Personal data is information which can be related to a specific person. This privacy policy describes how BOWA Legal Oy collects, processes, and stores personal data. This policy includes information of customers’ rights regarding the collected data. BOWA Legal Oy complies with the Data Protection Act and all other effective regulation, including laws, statutes, provisions, or other orders given by authorities relating to collecting and handling of personal data.

Purpose of collecting personal data

a) In order to form a contractual relationship, customer relationship or other similar relationship between the customer and BOWA Legal Oy.

  • The purpose of the Customer Register is to maintain data of customers who are in a contractual or customer relationship with the data controller.
  • In addition, the register is used for BOWA Legal Oy’s marketing and communication purposes

Persons mentioned in section a) will be referred to as a ”Customer” in this privacy policy.

b) Collecting personal data based on explicit consent

In case there is no legitimate ground to collect and process personal data, explicit consent to collect, process and store data will be requested. The information of the client engagement agreement may be used in contractual relationships related to expert and assessment services.

Consequences for not receiving the necessary information

If the data controller does not receive information mentioned in sections a) and b) the customer relationship cannot be established or other actions or agreements with BOWA Legal Oy cannot be made.

How personal data is used

Personal data in the Customer register may be used for following purposes:

  • Maintaining and developing the customer relationship
  • Producing, offering, improving, and securing the services of BOWA Legal Oy
  • Billing, collection, and securing customer transactions
  • Targeted marketing actions
  • Analysing and collecting statistics of services
  • Customer communication, marketing, and advertising
  • Protecting the rights & ownership of the data controller and other parties related to services or assignments
  • Observing all applicable rules and regulations
  • Other necessary purposes


BOWA Legal Oy processes information to carry out assignments.

BOWA Legal Oy processes or may process data included in the following groups:

  • Basic customer information such as full name, address, and language
  • The social security number of a person representing a company or acting on their own behalf for reliable identification
  • information related to billing and debt collection
  • information related to the customer relationship and contractual agreement such as offered services to the Customer, their date of use, buying offer, its approval, signature date and information of the rental or commercial agreement, commission, seller details of the service and other similar information 
  • information of consent and prohibitions, for example consent or prohibition to direct marketing.
  • information and other details given by customers.
  • other necessary information of the actions occurred with the service.


Personal data collected from registration process of the customer will be stored for ten (10) years starting from the day of registration.

Other personal data will be deleted after there is no mandatory purpose to store the data. If collecting and processing the data was based customer consent, the data will only be removed if the customer requests so.


Personal data is collected from the Customer based on the assignment agreement, other events related to the assignment, through fulfilling the clearing obligation and by drafting the documents or otherwise using the services of the data controller and in other ways directly from the Customer, through the online forms on the data controller website and through customer satisfaction forms and raffles.

Data given based on consent is collected directly from the Customer. Alternatively, it may be collected from authorities or third-party registers.


The data controller may transfer data within the range of applicable regulation and to complete agreements made between parties.

Data can be transferred to subcontractors of BOWA Legal whom the company has a subcontractor agreement with.

Data may be transferred to (or accessed in), jurisdictions outside the European Economic Area or the User’s domicile. The transfer is done with cloud services, such as OneDrive, iCloud, Google Drive or Dropbox.

Data is transferred to authorities in situations required by the relevant legislation.

Data controller may share data with third parties if customer gives explicit written consent.

In case BOWA Legal Oy’s IT administration becomes outsourced, the data may be shared with a subcontractor but only on behalf of the data controller. Such subcontractors are the customer registry system CSI Lakimies, you will find the Privacy policy of CSI Helsinki Oy here: https://www.csihelsinki.fi/csi-helsinki/tietosuojaseloste/

Another subcontractor is the financial administration system Holvi, and you will find its Privacy policy here: https://support.holvi.com/hc/fi/articles/202260402-Tietosuojaseloste

We also use the cloud service OneDrive. You will find Microsoft’s Privacy policy here: https://privacy.microsoft.com/en-us/privacystatement

BOWA Legal also uses the project management system monday.com. You will find its privacy policy here: https://monday.com/terms/privacy

We also use the signature service SopimusSign. You will find the privacy policy of Docue (Docue Technologies Oy) here: https://sopimustieto.fi/tietosuojaseloste

We use Hubspot to produce the chat service on our site. You will find Hubspot’s privacy policy at 

BOWA Legal also uses the Dropbox service with certain Customers, if the Customer has created a folder on Dropbox and has shared it with BOWA Legal. In this case the Customer is responsible for the data protection of the service and BOWA Legal cannot grant its safety.


Only those employees and subcontractors who must process personal data to carry out their duties have access to the register. Data is collected to database which is secured using firewalls, passwords, and other necessary technical measures. Databases are in locked and guarded facilities. Only persons who have been given access to the database may use the data. The customer data is logged electronically.

When data is processed by third parties on behalf of the data controller, appropriate contractual and organisational measures have been taken to ensure that data is processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.


The Customer has the right to check the data collected by the data controller. The Customer must send the request in written and signed form or in corresponding electronical form.

The Data controller will provide the data within 30 days from the request. The customer is entitled to assign the personal data to a third party in a digital and commonly used format. The Data controller will store the transferred data in accordance with this Privacy Policy.

The Customer has the right to have incorrect or incomplete personal data corrected or completed. The Customer has the right to prohibit the data controller from using personal data for direct marketing purposes, distance selling, marketing research or development purposes of the data controller’s business activities. The Customer has the right to prohibit the processing of personal data and have the data removed from the register.

If the data was collected based on explicit consent it may be withdrawn at any time by notifying the data controller. If the request for withdrawal is presented, the data controller will remove all data which is not required to be stored with legitimate grounds.

The request to correct, complete or to otherwise change the data can be sent in written form or by contacting the data controller using the contact details mentioned in this privacy policy. The customer may bring the case to the data protection ombudsman if the data controller does not comply with the request to correct, complete, or remove data.


The data controller will not use personal data in profiling or automated decision-making.


We use cookies on our website. By using our website, you agree to the use of cookies. Cookies are small text files sent and saved to computer, mobile phone, tablet, or another similar device. Cookies will not be used if the user has not given consent according to the notification on the website. Cookies are a common practice on most websites.

We use cookies to:

  • improve the user experience on our website
  • save your personal settings and preferences
  • offer relevant content and information
  • secure the safety of our website
  • collect statistics of the website use and to measure the effectiveness of marketing actions

You can delete the cookies in your browser’s settings after which the identifier which is used to collect data of you will be renewed. You can also turn the cookies entirely off by changing your browser settings. Turning off cookies may affect the functionality of our services. If you decide to turn off cookies you may not be able to fully utilise our online services.

User monitoring

Our website uses the Google Analytics monitoring program which enables us to see information on your activity on our website. Google Analytics uses cookies for this purpose that transfer the data created by the cookies to Google, which is then stored. We use IP encryption in Google Analytics. In accordance with the Google Analytics’ terms of use Google will not connect registered IP addresses to any other information stored by Google. For more information on Analytics, see http://www.google.com/analytics/

Our website also uses the Hotjar tracking program which enables us to gain information about your activity on our website. Hotjar uses cookies for this purpose, and the data created by cookies is transferred and saved to the www.hotjar.com webpage. You can see the Hotjar Ltd. privacy policy here: https://www.hotjar.com/legal/policies/privacy/

We also use Facebook Inc’s Facebook Pixel that allows us to target our advertising towards people who have visited our website, optimise and build an audience for our Facebook campaigns and follow marketing results. Facebook Pixel describes how users navigate the website on various devices which helps to target advertising. We cannot individualise the users visiting our website. For more information on Facebook Pixel please see: https://www.facebook.com/business/a/facebook-pixel


The data controller improves its business constantly and therefore it may make updates to privacy policies. Updates can also be done due to changes in legislation.

The data controller will notify customers and users and request their consent, if necessary, in case the updates include new purposes for collecting and processing personal data or other material changes.

Jäikö kysyttävää lakiasioista? Jätä yhteystietosi niin asiantuntijamme ottaa sinuun yhteyttä mahdollisimman pian. 

BOWA logo valkoinen

Contact us!

Leave us your contact details and we will call you!

BOWA Legal Oy

Pieni Roobertinkatu 11
00130 Helsinki

Email: [email protected]

Yhteystietojen jättäminen ei sido sinua mihinkään, mutta jättämällä tietosi annat suostumuksesi siihen, että BOWA säilyttää tietosi. Tutustuthan tietosuojaselosteeseemme, josta ilmenee miten tietojasi säilytämme.