Privacy Policy - Eskola Legal Attorneys Ltd

 

1.      General

This privacy policy describes what personal data Eskola Legal Attorneys Ltd (hereinafter also referred to as "the controller" or "we") collects, how it processes personal data, to whom it discloses personal data, and on what grounds. This privacy policy also describes the rights of the data subjects.  

We are committed to complying with data protection legislation in all personal data processing. Data protection legislation refers to the European Union's General Data Protection Regulation (2016/679, "GDPR") and the Data Protection Act (1050/2018), as well as all other legislation concerning the processing of personal data in force from time to time.

Personal data means any information relating to an identified or identifiable natural person ("data subject"), as further defined in the GDPR.

 

2.      Data Controller's Contact Information

Organization name

 Eskola Legal Attorneys Ltd (business ID: 3503627-3)

Address

Töölöntorinkatu 5A

00260, Helsinki  

Email

 eskola@eskolalegal.com

Phone number

 +358 509113718

 

3. Collected Personal Data

We collect and process at least the following personal data: 

  • basic information of the client or its representative, such as the person's name, personal identification number, and contact information (including email, address, and telephone number);

  • information pertaining to the client relationship and necessary for the execution of the assignment, information evident from the assignment material, and information disclosed to us during the execution of the assignment;

  • information pertaining to payments and invoicing, such as account number, debt collection information, and credit check information;

  • Know Your Client (KYC) information, such as country of residence, citizenship, position in the company, copy of identification document, data obtained during electronic identification, and all other information identifying the client relationship, to the extent required by law;

  • information that the data subject otherwise provides, for example, in connection with contact requests or other communications, as well as information provided with the data subject's consent on a case-by-case basis, including for direct marketing; and

  • data collected in connection with the use of our website (www.eskolalegal.com), including visitor tracking, and other data collected from the website through cookies or similar technologies.

Information is primarily collected directly from our clients in connection with opening or managing an assignment. We may also collect information from third parties, such as various websites or public registers.

 

4. Purpose and Legal Basis for Processing

We process personal data for the following purposes and on the following legal bases:

  • We process personal data to manage assignments, provide other services agreed with the client, and fulfill our contractual obligations to the client. In these instances, the legal basis for processing personal data is the contract between the controller and the data subject.

  • We process personal data for other client communications, customer relationship management, customer satisfaction surveys, client research, analytics, and risk management. In these instances, the legal basis for processing personal data is the legitimate interest of the data controller.

  • The processing of personal data is also based on compliance with our statutory obligations, such as the obligation to retain assignment related materials or the obligation to know the customer. In addition, certain accounting obligations may require the processing and storage of personal data.

  • We may also process personal data for other purposes, such as direct marketing, if the data subject has consented to such processing.

The processing of personal data may be justified by more than one of the legal grounds described above.

 

5. Retention Period for Personal Data

We retain personal data only for as long as necessary to fulfill the purposes set out in this privacy statement, unless legislation or, for example, guidelines and regulations concerning the practice of law, require the retention of personal data for a longer period.

Generally we retain assignment-related material for 10 years from the end of the assignment.

We store personal data collected for possible direct marketing (or other processing based on the data subject's consent) until further notice, unless the data subject has withdrawn their consent or objected to the processing for that purpose.

However, the retention periods for personal data vary depending on the purpose for which the data is used. When there is no longer a need to process personal data, it will be deleted within a reasonable time.

 

6. Data Transfers

We may disclose personal data to our service providers or partners, such as IT suppliers, accounting and financial administration experts, or debt collection companies. We always ensure that personal data is processed appropriately and in accordance with data protection legislation, also by these parties.

 Personal data may be disclosed to authorities in situations required and permitted by law.

Personal data is primarily processed within the EU or the European Economic Area (EEA). However, we may also transfer personal data outside the EU or EEA when our service provider or partner (such as a software supplier) operates outside these regions. When transferring personal data outside the EU or EEA, we ensure an adequate level of protection for personal data through contractual means, and that the rights and freedoms of data subjects are implemented in accordance with data protection legislation.

Upon request, we will provide further information on the processors of personal data and the transfers of personal data.

 

7. Processing and Protection of Personal Data

In all situations involving the processing of personal data, we strive to ensure appropriate security and data protection, including the protection of personal data against unauthorized processing, loss, destruction, or damage.

We employ appropriate technical and organisational safeguards in the processing of personal data, including firewalls, encryption, secure equipment facilities, access control, and appropriate staff training. All parties processing personal data in the service of the data controller are subject to a duty of confidentiality with respect to matters relating to the processing of personal data.

 

8. Rights of the Data Subject

Data subjects have at least the following rights under data protection legislation, the exercise of which in a specific situation may vary, depending on, inter alia, the purpose of processing personal data:  

  • The data subject has the right to request information regarding the processing of their personal data (including whether their personal data is being processed and for what purposes) and to request access to the data concerning them.

  • The data subject has the right under data protection legislation to request the restriction of the processing of their personal data, the deletion of their personal data, and the rectification of inaccurate or incorrect data.

  • The data subject has the right, in accordance with the requirements of data protection legislation, to object to the processing of their personal data based on the controller's legitimate interests.

  • If the processing of personal data is based on the data subject's consent, the data subject has the right to withdraw their consent, including any consent to direct marketing.

  • The data subject has the right under data protection legislation to request the transfer of their personal data to another controller.

The data subject can address the aforementioned requests to us in writing using the contact information provided in section 1 (Contact Information of the Controller) of this privacy statement. The controller undertakes to respond to requests within a reasonable time. If a request made by the data subject cannot be granted, the data subject will be informed of the refusal and the reasons for the refusal in writing.

If a data subject suspects that their personal data has been processed unlawfully, they have the right to lodge a complaint with the Data Protection Ombudsman. Information about the Data Protection Ombudsman and the Data Protection Ombudsman's contact information can be found on the Data Protection Ombudsman's website: www.tietosuoja.fi.

 

9. Changes to the Privacy Statement

We may update or change this privacy statement from time to time as we develop our services. Changes to the privacy statement may also be due to changes in legislation. The current version of the privacy statement is always available on our website at www.eskolalegal.com.

This privacy statement was last updated on February 10, 2025.