Privacy Notice

Privacy Notice

Updated 24 November 2023

As a responsible company, we want to make sure that your personal data is handled appropriately in a manner that respects your privacy. On this page you will find all the general information about our processing. You can find more specific information regarding each purpose of processing via the links below taking you to separate privacy notices.

1. To whom do we disclose your data and is it transferred to third countries?

As a general rule, we do not disclose your personal data to third parties.

  • If applicable law or an obligation placed on us by the authorities requires that we disclose information, we evaluate each request on a case-by-case basis to assess whether disclosure would be lawful.
  • We may disclose your information to a third party if we have separately agreed with you on doing so.
  • We have also entered into agreements with certain service providers that may process your personal data on our behalf as part of their service. In these circumstances, we have entered into appropriate agreements to ensure proper processing in accordance with applicable laws and the privacy notice in these situations.

We do not use your personal data for automated decision-making that would have legal or similar effects on you.

Your personal data may be transferred outside the European Union or the European Economic Area in accordance with data protection legislation.

  • We have ensured an adequate level of data protection in accordance with the conditions of the EU General Data Protection Regulation, also in situations where data is transferred outside the EU or the EEA, by complying with the adequacy decisions issued by the European Commission.
  • Where appropriate, we also use standard contractual clauses adopted by the European Commission and supplementary safeguards.

2. How do we protect your data and where do we store it?

Confidentiality is the cornerstone of our business, and we ensure that confidentiality is maintained in all circumstances. We seek to ensure sufficient data security by using various technical and organisational methods and safeguards. We also limit the personnel’s access to data using role-based access rights.

  • Manual material
      • Manual material is stored in a locked room to which only specifically authorised persons have access.
  • Electronically processed data
      • We store your personal data on appropriately secured servers the technical data security of which is managed by several different means.
      • Access to the data is managed using job role-based management of access rights.

The purpose of these activities is to secure the confidentiality of the personal data stored, the availability and integrity of the data and the realisation of your rights.

3. How long do we store your data?

We store your data for as long as necessary for our operations and as required by applicable laws and the Finnish Bar Association’s guidelines.

Storage times and methods vary between different purposes of processing. Be sure to check the rules that concern you from the separate privacy notice.

4. What are your rights?

As a data subject, you have rights that you can exercise, e.g., by contacting us at privacy@castren.fi. You have for example following rights:

Right to access data

  • You have the right of access to your personal data processed by us. We can refuse access on the grounds set out in law. Exercising this right is generally free of charge.

Right to request rectification, erasure or restriction of processing of personal data

  • You have the right to request that we rectify any erroneous data concerning you. You can also request that we erase data concerning you or request that we restrict processing on the grounds set out in law.

Right to object

  • You have the right to object to processing of your personal data on grounds relating to your particular situation if our processing of your personal data is based on our legitimate interest. We process your personal data based on our legitimate interest, for example, when we send out a newsletter or an invitation to an event that we assume would interest you due to your company’s field of operation.
  • You can send your objection to privacy@castren.fi. You must specify the particular situation based on which you are objecting to processing.

Consent to direct marketing

  • You can consent to direct marketing in various channels and profiling for direct marketing or opt out of direct marketing and profiling.

Right of data portability

  • If you have provided us with data yourself and such data is processed based on your consent, you generally have the right to receive the data in a machine-readable format and to transmit it to another data controller.

Right to lodge a complaint with the supervisory authority

  • You have the right to lodge a complaint with the competent supervisory authority if you deem that we have not complied with the data protection regulations applicable to our operations.

5. Changes and questions

We can make changes to this privacy notice if the methods or purposes of the processing of your personal data change. We recommend that you regularly review the contents of this privacy notice.

If you have any questions about our data protection policies, please contact us at privacy@castren.fi.

Separate privacy notices regarding each purpose of processing