This is a statement on the processing of your personal data pursuant to the EU’s General Data Protection Regulation (679/2016).
Business ID: 3192450-5
address: Spaces Postitalo, Mannerheiminaukio 1, 00100 HELSINKI
tel. +358 9 6150 0200
email address: info (a) lexellaw.fi
Communication regarding privacy matters
Data protection officer
tel. +358 40 130 4200
email address: sami (a) lexellaw.fi
We request that data subjects contact the data protection officer for all questions related to the processing of personal data and situations related to the exercising of your rights.
Basis and purpose of processing personal data
The legal basis for the processing of personal data is:
- The consent to the processing of personal data provided by the data subject
- The contractual relationship between the data subject and controller
- Fulfilment of the controller’s statutory obligations
Personal data being processed
The controller only collects personal data concerning the data subjects that is essential and relevant for the purposes explained in this privacy statement.
The following data concerning the data subjects is processed:
We gather all data relevant for completing our assignments either directly from the client or by collecting the data with the client’s consent.
Comments and Forms
When users leave comments or contact requests, we collect the information on the forms as well as the user’s IP address and the browser version in order to identify spam.
If you upload media to this site, you should avoid uploading e.g. photos which include geographic information (EXIF GPS). The visitors of the site may download and see geographic information on the photos which include such information.
When you leave a comment to the site, you can choose to store your name, email address and url to the cookie. This option increases user friendliness as the information does not have to be filled in every time again when commenting. Cookie information is deleted from the browser after one year.
If you have a user account to the site, we use a temporary cookie which determines whether your browser supports cookies. This cookie does not contain personal information and it is deleted when the browser window is closed.
When you login to the site, we use multiple cookies which set your login and display settings. Login cookies are deleted within two days and the display setting cookies within one year. If you select “Remember me” at login, your login cookies are stored for two weeks. If you log out, your login cookies are deleted simultaneously.
If you create an article or edit an existing one, we store a cookie which includes the ID of that article. This cookie expires in one day.
Embedded content from other sites
The articles on this site may contain embedded content (e.g. videos, photos, articles, etc.) from third party sites. Opening such content is comparable with the visitor visiting the site of the third party.
If you ask for a new password, your IP address is added to that email.
Disclosure of personal data
Personal data is generally not disclosed to third parties. The visitors’ comments may be checked with an automatised spam service.
Data may also be disclosed to the authorities due to legal requirements.
Retention period for personal data
If you leave a comment, the comment with its metadata is stored for the time being. This is done so that we can identify and accept the next comments automatically instead of keeping them in the moderation queue.
If you leave a contact request, its content and metadata are sent to an internal email address of the company, which can only be accessed by the office staff.
We store the information of the users’ user profiles. All users can view, edit and delete their own information at any time. Only the user name cannot be edited. The site administrators can view and edit the user profile information.
The controller will process the personal data for one year from the date when the last assignment was completed. At the end of this period, the controller will delete or anonymise the data in accordance with the deletion processes it follows.
The controller may have an obligation to process some personal data belonging to the filing system for longer than stated above in order to comply with the legislation or authority requirements.
Rights of the data subject
Right to request access to personal data
The data subject has the right to receive confirmation regarding whether personal data concerning them is being processed and, if it is, the right to receive a copy of their personal data.
Right to rectification
The data subject has the right to request that inaccurate and erroneous personal data concerning them be rectified. The data subject also has the right to supplement incomplete personal data by submitting the required additional information.
Right to erasure
The data subject has the right to request erasure of personal data concerning them if
- the personal data is no longer required for the purposes for which they were collected;
- the data subject withdraws their consent which the processing of personal data was based on, and no other legal basis exists for the processing; or
- the personal data has been unlawfully processed.
Right to restriction of processing
The data subject has the right to restrict the processing of personal data concerning them if
- the data subject contests the accuracy of their personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead; or
- the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
Right to withdraw consent
The data subject has the right to withdraw the consent they have provided for the processing, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to a controller, and have the right to transmit this data to another controller.
Right to lodge a complaint with a supervisory authority
The office of the Data Protection Ombudsman, operating under the Ministry of Justice, is the national supervisory authority for personal data matters. You have the right to bring your case to the supervisory authority if you consider that the processing of personal data concerning you is in violation of applicable law.