BOWA Legal Oy PRIVACY POLICY

This privacy policy is drafted in accordance with the Data Protection Act and the General Data Protection Regulation (2016/679/EU). This document is an information document and a record of processing activities in accordance with General Data Protection Regulation. This document was published 15.6.2019 and updated 13.7.2023

DATA CONTROLLER
BOWA Legal Oy (Y: 3005519-2)
Pieni Roobertinkatu 11, 00130 Helsinki
https://bowa.fi/

Contact person in privacy policy matters:

Matti Vansén
matti[at]bowa.fi
+358 10 341 4402

REGISTER NAME AND CONTENT

BOWA Legal Oy’s register of customer and marketing data (”Customer Register”)

LEGITIMATE GROUNDS FOR COLLECTING PERSONAL DATA / WHY DOES BOWA LEGAL COLLECT YOUR DATA?

On data collecting in general

Personal data is information which can be related to a specific person. This privacy policy describes how BOWA Legal Oy collects, processes, and stores personal data. This policy includes information of customers’ rights regarding the collected data. BOWA Legal Oy complies with the Data Protection Act and all other effective regulation, including laws, statutes, provisions, or other orders given by authorities relating to collecting and handling of personal data.

Purpose of collecting personal data

a) In order to form a contractual relationship, customer relationship or other similar relationship between the customer and BOWA Legal Oy.

• The purpose of the Customer Register is to maintain data of customers who are in a contractual or customer relationship with the data controller.
• In addition, the register is used for BOWA Legal Oy’s marketing and communication purposes

Persons mentioned in section a) will be referred to as a ”Customer” in this privacy policy.

b) Collecting personal data based on explicit consent

In case there is no legitimate ground to collect and process personal data, explicit consent to collect, process and store data will be requested. The information of the client engagement agreement may be used in contractual relationships related to expert and assessment services.

Consequences for not receiving the necessary information

If the data controller does not receive information mentioned in sections a) and b) the customer relationship cannot be established or other actions or agreements with BOWA Legal Oy cannot be made.

How personal data is used

Personal data in the Customer register may be used for following purposes:

• Maintaining and developing the customer relationship
• Producing, offering, improving, and securing the services of BOWA Legal Oy
• Billing, collection, and securing customer transactions
• Targeted marketing actions
• Analysing and collecting statistics of services
• Customer communication, marketing, and advertising
• Protecting the rights & ownership of the data controller and other parties related to services or assignments
• Observing all applicable rules and regulations
• Other necessary purposes

CONTENTS OF THE CUSTOMER REGISTER

BOWA Legal Oy processes information to carry out assignments.

BOWA Legal Oy processes or may process data included in the following groups:

• Basic customer information such as full name, address, and language
• The social security number of a person representing a company or acting on their own behalf for reliable identification
• information related to billing and debt collection
• information related to the customer relationship and contractual agreement such as offered services to the Customer, their date of use, buying offer, its approval, signature date and information of the rental or commercial agreement, commission, seller details of the service and other similar information 
• information of consent and prohibitions, for example consent or prohibition to direct marketing.
• information and other details given by customers.
• other necessary information of the actions occurred with the service.

STORAGE PERIOD

Personal data collected from registration process of the customer will be stored for ten (10) years starting from the day of registration.

Other personal data will be deleted after there is no mandatory purpose to store the data. If collecting and processing the data was based customer consent, the data will only be removed if the customer requests so.

REGULAR DATA SOURCES

Personal data is collected from the Customer based on the assignment agreement, other events related to the assignment, through fulfilling the clearing obligation and by drafting the documents or otherwise using the services of the data controller and in other ways directly from the Customer, through the online forms on the data controller website and through customer satisfaction forms and raffles.

Data given based on consent is collected directly from the Customer. Alternatively, it may be collected from authorities or third-party registers.

TRANSFERRING THE DATA / WHERE CAN WE TRANSFER YOUR PERSONAL DATA?

The data controller may transfer data within the range of applicable regulation and to complete agreements made between parties.

Data can be transferred to subcontractors of BOWA Legal whom the company has a subcontractor agreement with.

Data may be transferred to (or accessed in), jurisdictions outside the European Economic Area or the User’s domicile. The transfer is done with cloud services, such as OneDrive, iCloud, Google Drive or Dropbox.

Data is transferred to authorities in situations required by the relevant legislation.

Data controller may share data with third parties if customer gives explicit written consent.

In case BOWA Legal Oy’s IT administration becomes outsourced, the data may be shared with a subcontractor but only on behalf of the data controller. Such subcontractors are the customer registry system CSI Lakimies, you will find the Privacy policy of CSI Helsinki Oy here: https://www.csihelsinki.fi/csi-helsinki/tietosuojaseloste/

We also use Microsoft’s cloud service OneDrive. You will find Microsoft’s Privacy policy here: https://privacy.microsoft.com/en-us/privacystatement

BOWA Legal also uses the project management system monday.com. You will find its privacy policy here: https://monday.com/terms/privacy

We also use the signature service DocueSign. You will find the privacy policy of Docue here: https://docue.com/en-gb/privacy-policy

We use Serviceform to produce the chat service on our site. You will find Serviceform’s privacy policy at https://www.serviceform.com/privacy

BOWA Legal also uses the Dropbox service with certain Customers, if the Customer has created a folder on Dropbox and has shared it with BOWA Legal. In this case the Customer is responsible for the data protection of the service and BOWA Legal cannot grant its safety.

PROTECTION OF THE REGISTER

Only those employees and subcontractors who must process personal data to carry out their duties have access to the register. Data is collected to database which is secured using firewalls, passwords, and other necessary technical measures. Databases are in locked and guarded facilities. Only persons who have been given access to the database may use the data. The customer data is logged electronically.

When data is processed by third parties on behalf of the data controller, appropriate contractual and organisational measures have been taken to ensure that data is processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.

CUSTOMER RIGHTS

The Customer has the right to check the data collected by the data controller. The Customer must send the request in written and signed form or in corresponding electronical form.

The Data controller will provide the data within 30 days from the request. The customer is entitled to assign the personal data to a third party in a digital and commonly used format. The Data controller will store the transferred data in accordance with this Privacy Policy.

The Customer has the right to have incorrect or incomplete personal data corrected or completed. The Customer has the right to prohibit the data controller from using personal data for direct marketing purposes, distance selling, marketing research or development purposes of the data controller’s business activities. The Customer has the right to prohibit the processing of personal data and have the data removed from the register.

If the data was collected based on explicit consent it may be withdrawn at any time by notifying the data controller. If the request for withdrawal is presented, the data controller will remove all data which is not required to be stored with legitimate grounds.

The request to correct, complete or to otherwise change the data can be sent in written form or by contacting the data controller using the contact details mentioned in this privacy policy. The customer may bring the case to the data protection ombudsman if the data controller does not comply with the request to correct, complete, or remove data.

PROFILING AND AUTOMATED DECISION-MAKING

The data controller will not use personal data in profiling or automated decision-making.

COOKIES

We use cookies on our website. By using our website, you agree to the use of cookies. Cookies are small text files sent and saved to computer, mobile phone, tablet, or another similar device. Cookies will not be used if the user has not given consent according to the notification on the website. Cookies are a common practice on most websites.

We use cookies to:

• improve the user experience on our website
• save your personal settings and preferences
• offer relevant content and information
• secure the safety of our website
• collect statistics of the website use and to measure the effectiveness of marketing actions

You can delete the cookies in your browser’s settings after which the identifier which is used to collect data of you will be renewed. You can also turn the cookies entirely off by changing your browser settings. Turning off cookies may affect the functionality of our services. If you decide to turn off cookies you may not be able to fully utilise our online services.

User monitoring

Our website uses the Google Analytics monitoring program which enables us to see information on your activity on our website. Google Analytics uses cookies for this purpose that transfer the data created by the cookies to Google, which is then stored. We use IP encryption in Google Analytics. In accordance with the Google Analytics’ terms of use Google will not connect registered IP addresses to any other information stored by Google. For more information on Analytics, see http://www.google.com/analytics/

Our website also uses the Hotjar tracking program which enables us to gain information about your activity on our website. Hotjar uses cookies for this purpose, and the data created by cookies is transferred and saved to the www.hotjar.com webpage. You can see the Hotjar Ltd. privacy policy here: https://www.hotjar.com/legal/policies/privacy/

We also use Facebook Inc’s Facebook Pixel that allows us to target our advertising towards people who have visited our website, optimise and build an audience for our Facebook campaigns and follow marketing results. Facebook Pixel describes how users navigate the website on various devices which helps to target advertising. We cannot individualise the users visiting our website. For more information on Facebook Pixel please see: https://www.facebook.com/business/a/facebook-pixel

In addition to these, we use ActiveCampaign which enables us to automate our client acquisition and marketing processes. ActiveCampaign uses cookies for this purpose, and the data created by the cookies is transferred and saved on the www.activecampaign.com webpage. You can read the ActiveCampaign privacy policy here:
https://www.activecampaign.com/legal/privacy-policy

CHANGING OF PRIVACY POLICIES

The data controller improves its business constantly and therefore it may make updates to privacy policies. Updates can also be done due to changes in legislation.

The data controller will notify customers and users and request their consent, if necessary, in case the updates include new purposes for collecting and processing personal data or other material changes.