Privacy Notice for HPP Attorneys Ltd’s Money Laundering Data Filing System
HPP Attorneys Ltd (”HPP”) is committed to ensure the confidentiality and data protection of personal data at its possession. This privacy notice is applied to personal data that HPP collects in relation to HPP’s money laundering data filing system (”Data Filing System”). The personal data and related processing in the Data Filing System are described in this privacy notice.
HPP may update this privacy notice from time to time, for example due to changes in applicable legislation. HPP endeavors to carry out reasonable means to inform the data subject beforehand of any potential amendments and those effects. HPP advises the data subject to review this privacy notice every time you receive information of such amendments. This privacy notice was last updated on 23 May 2018.
2. Data Controller
Name: HPP Attorneys Ltd
Address: Bulevardi 1 A, 00100 Helsinki
Telephone: +358 9 474 21
Business ID: 0224138-5
3. Whose Personal Data Do We Collect?
HPP processes HPP’s current and potential new client’s, its potential contact person’s, actual beneficiary’s, Board of Directors’ or corresponding decision-making body’s member’s, managing director’s and client’s and/or its actual beneficiary’s family member’s and/or business partner’s (“Data Subject”) personal data in the Data Filing System to the extent required by the money laundering regulations.
4. What Categories of Personal Data Are Processed?
HPP processes the following categories of Data Subject’s personal data in the Data Filing System:
- Name, date of birth and social security number;
- Contact details (address, email address and telephone number);
- Political background (including working history);
- the relationship to a political person
- the name, number and other identification feature of the document used for verifying the identity (accepted verification documents: passport, identity card, driver’s license, KELA photo card and, and in respect with the foreign clients: national passport or identity card granted by authority located in the European Economic Area).
What personal data HPP processes of each Data Subject depends on the mandatory legislation.
5. Which Sources Are Used to Collect Personal Data?
HPP collects personal data primarily from publicly available sources such as Trade Register and other similar registers and Internet. In addition, personal data is collected from the client/ from the client’s contact person.
6. Basis, Purposes and Effects of Processing Personal Data
The processing of Data Subject’s personal data is based on the fulfilment of HPP’s legal obligations (Act on Detecting and Preventing Money Laundering and Terrorist Financing and regulations adopted from time to time based on the Act as well as regulatory provisions and the Finnish Bar Association’s guidelines).
The purpose for processing of personal data is to identify and verify the client’s identity and prevent the money laundering and terrorist financing, detection and investigation and investigation of such crimes that were committed to gain the property or proceeds of crime subject to money laundering or terrorist financing.
Data Subject’s personal data or other data collected in order to detect and investigate money laundering and terrorist financing shall not be used for other purposes that do not correspond to the purposes mentioned in this privacy notice. HPP does not further process Data Subject’s personal data to any other purposes than mentioned in this privacy notice.
7. Regular Disclosures and Transfers of Personal Data to Third Parties
HPP transfers Data Subject’s personal data to the business partners and subcontractors of HPP. An up-to-date list of HPP’s business partners and subcontractors:
- Config Oy
- CSI Helsinki Oy
- Clento Oy
HPP’s business partners and subcontractors process Data Subject’s personal data in respect with the purposes set out in this privacy notice only on behalf of HPP. HPP always ensures that its business partners and subcontractors do not process the personal data transferred to them for any other purposes.
HPP discloses, when necessary, Data Subject’s personal data to Financial Intelligent Unit in accordance with the mandatory legislation.
8. Transfers of Personal Data outside the European Union or the European Economic Area
HPP does not transfer Data Subject’s personal data outside the European Union or the European Economic Area.
9. Principles for the Storage of Personal Data
Data Subject’s personal data shall be stored in the Data Filing System for as long as the client and assignment relationship exists. After the termination of the client and assignment relationship, the documentation containing Data Subject’s personal data shall be stored for a maximum period of five years after the termination of the client and assignment relationship in accordance with the Finnish Bar Association’s guidelines on preventing the money laundering and terrorist financing.
HPP shall erase the data and related documentation after five years of the termination of the client and assignment relationship or after executing a suspicious transaction unless longer storage period is necessary for criminal investigations, pending court proceedings or securing the rights of HPP or a person employed by HPP. The need to store the data shall be reviewed no later than three years after the previous occasion on which it was reviewed. An entry of the review and time of the review shall be made accordingly.
10. Rights of Data Subject in relation to Processing of Personal Data
Data Subject has the right to, in accordance with the applicable data protection legislation, at any time, unless otherwise stated in the mandatory legislation:
- be informed about the processing of his or her personal data;
- obtain access to his or her personal data and review his or her personal data processed by HPP;
- require rectification and completion of inaccurate and incorrect personal data;
- require erasure of personal data; and
- require restriction of processing of his or her personal data.
Data Subject should present his or her request for exercising any of the above-mentioned rights in the manner described in the ’Contacts’ section of this privacy notice. HPP may ask Data Subject to specify his or her request in writing and verify Data Subject’s identity before processing the request. HPP may refuse to fulfil Data Subject’s request on grounds set out in applicable legislation.
Data Subject also has to right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of Data Subject’s residence or place of work if Data Subject considers that HPP has not processed his or her personal data in accordance with the applicable data protection legislation.
11. Principles of Data Security
HPP respects the confidentiality of Data Subject’s personal data. Manual material containing personal data shall be restored in HPP’s locked premises. Personal data processed digitally are protected and stored in HPP’s information system accessible to HPP’s partners and designated employees and to the designated employees of CSI Helsinki Oy and Config Oy with their personal user credentials and passwords. HPP takes regular back-up copies of the data processed in HPP’s data systems.
All requests concerning the use of the above-mentioned rights, questions about this privacy notice and other contacts should be made by e-mail to firstname.lastname@example.org.