We process personal data in compliance with data protection legislation and good data management and processing practices. When it comes to client data, we operate according to the obligation of confidentiality laid down in Section 5 of the Act on the State-Owned Specialised Financing Company (443/1998). Our web pages may contain links to the web pages or services of other companies that have their own data protection practices, unconnected to those of Finnvera. In such cases, we recommend that you familiarise yourself with the data protection practices of the third parties in question.
Further information about data protection may be presented in connection with individual services, products, websites and applications. In such cases, the further information provided takes precedence over this text.
Our data protection practices may change when we develop our services or when legislation changes. Up-to-date information about our practices can be found on this website.
Finnvera processes personal data for various reasons. In this privacy statement, “you” refers to clients, potential clients or other parties concerned, such as actual beneficiaries, authorised representatives and persons in charge in the enterprise.
This privacy statement covers the following topics:
- What kinds of personal data does Finnvera collect?
- How and on what legal bases may Finnvera use your personal data?
- To whom may Finnvera disclose personal data?
- Transfer of data outside the EU or the EEA
- How does Finnvera protect personal data?
- Your rights related to protection of privacy
- For how long does Finnvera store your personal data?
- How are changes to this privacy statement made?
- Contacting Finnvera or the data protection authority
What kinds of personal data does Finnvera collect?
Personal data that we may collect from you
We typically collect personal data about you when you become our client, use our products and services, participate in our marketing campaign or surveys or otherwise interact with us. We only collect data about you that is necessary for the purpose in question.
Personal data collected includes, among other things:
- personal data related to pinpointing and identifying the person, such as the person’s name and personal identity code;
- contact details, such as the person’s address, e-mail address and telephone number;
- various information related to the client relationship and its management, such as the party’s number and category and information related to client interaction;
- information required directly by legislation, such as information required by know-your-client (KYC) requirements;
- information related to products and services, such as information about the use of our online services; and
- messages sent via our digital channels, such as chat discussions.
Personal data that we may collect from third parties
- information available in public data files of authorities (e.g. the Population Register, the Tax Administration’s registers, business registers, supervisory authorities’ registers, the credit data register, international sanctions lists, such as the EU’s and US’s (OFAC) lists) and information that is obtained from the data files of other commercial information providers and that is related to, for instance, the actual beneficiaries of the enterprises and politically influential persons; and
- information we receive from other Team Finland actors that we cooperate with.
How and on what legal bases may Finnvera use your personal data?
Conclusion and management of service and product contracts (the performance of a contract)
The main purpose for processing personal data is to collect, process and verify personal data before making an offer and concluding a contract and to document, manage and execute contractual duties.
Examples of tasks related to the performance of a contract:
- processes required for granting credit or a guarantee;
- customer service during the contract period; and
- the potential establishment, exercise or defence of legal claims and a debt collection procedure.
Fulfilment of requirements and obligations defined in law, regulations or decisions by supervisory or other authorities (legal obligation)
In addition to the performance of a contract, the fulfilment of obligations defined in law, regulations and decisions by authorities also requires us to process personal data.
Examples of legal obligations that require the processing of personal data:
- the know-your-client (KYC) obligation resulting from the regulations to prevent money laundering and the financing of terrorism;
- sanctions-related checks;
- accounting regulations;
- reporting to police, debt recovery and supervisory authorities; and
- obligations related to risk management (credit and insurance risks) and capital adequacy requirements.
Marketing, product and client analyses (legitimate interest)
Personal data is also processed in connection with marketing, product and client analyses. Marketing activities as well as process, business and system development, including testing, are based on the processing of personal data. In this manner, we can improve our product selection and optimise the services we offer to our clients.
To whom may Finnvera disclose personal data?
- disclosure is necessary when processing grant applications as referred to in the Act on Government Grants for Business Development (9/2014)
- disclosure is necessary for the reconciliation of public funding or the handling of business subsidy matters by authorities
- disclosure is necessary for executing enterprise services regulated by the Act on the Customer Data System for Enterprise Services (293/2017).
Finnvera may use subcontractors in service production and disclose personal data to authorities, among others, to fulfil the legal obligations. We process data inside the EU and the EEA.
We may also disclose your personal data to authorities (to police or debt recovery authorities, for instance) to fulfil the legal obligations.
The voluntary and judicial collection of Finnvera's receivables is handled by a collection agency. Data is transferred once a day as line transfer to an external service provider. Data to be disclosed include:
- Party data – basic information
- Basic financial information
- Payment schedule
Transfer of data outside the EU or the EEA
Personal data is not transferred outside the European Union or the European Economic Area.
How does Finnvera protect personal data?
The protection of personal data is at the core of our business operations. We use appropriate technical, organisational and administrative security measures, with which we protect all data in our possession from loss, misuse, unauthorised use, disclosure, alteration and destruction.
Your rights related to protection of privacy
You have the following rights:
A) Right of access to your personal data
You have the right to access your personal data in our possession. More detailed instructions on submitting the request can be found under Item 10.
B) Right to rectification of inaccurate or incomplete data
If the data is inaccurate or incomplete, you have the right to request the rectification of such data, unless this right is restricted by law.
C) Right to erasure
As the result of legislation, Finnvera is in many cases under an obligation to store your personal data for the duration of the client relationship and even after that if the processing of the data is necessary for fulfilling legal obligations or processing legal claims, for instance.
You have the right to request the erasure of your data in the following circumstances:
- You withdraw your consent to the processing of data and there are no other justified grounds for the processing.
- You object to the processing of the data and there are no acceptable grounds for continuing the processing.
- You object to the processing of the data for direct marketing purposes.
- The processing of data is contrary to law.
D) Right to restriction of processing of personal data
If you contest the accuracy of the data recorded by us or the lawfulness of the processing of the data or if you have objected to the processing of the data in line with your rights, you can request us to restrict the processing of your personal data to data storage only. In this case, the processing of the data will be restricted to storage only until the accuracy of the data is verified or until it has been possible to verify whether our legitimate interests take precedence over your interests.
If you do not have the right to request the erasure of data from our data files, you can request instead that we restrict the processing of this data to data storage only. If the processing of data recorded about you is necessary solely for exercising a legal claim, you can also request that the other processing of the data is restricted to data storage only. We may use your data for other purposes if the exercise of a legal claim so requires or if you have given your consent to that.
E) Right to object to the processing of data on the basis of our legitimate interest
You always have the right to object to the processing of personal data for direct marketing purposes or for profiling related to direct marketing.
If you want to exercise your above-mentioned rights, requests will be assessed separately for each case and circumstances. Please note that we may also store and use your data if that is necessary for the fulfilment of legal obligations, the resolution of disputes or the performance of a contract.
For user monitoring, we use Google Analytics by Google, Inc. With the aid of its cookies, our website recognises your computer when you return to the website or browse its content. The service monitors, for instance, the number of website visitors and from which websites the users come to our website and which pages of our website they visit. The data is not used for identifying individual users. More information about Google Analytics can be found at http://www.google.com/analytics/.
Visitor data is collected in the online service as part of the monitoring of the implementation of the regulation establishing a single digital gateway (EU) 2018/1724. In addition to the page URL, the pages connected to the digital gateway collect the number of visitors, their country, and the terminal device used. The data are collected anonymously and cannot be used to identify the user. The data will only be available to Finnvera, the European Commission, and national coordinators mentioned in the regulation. The data collected are stored in the EU Commission's repository for a maximum period of three years, after which they are automatically deleted.
With Facebook Inc.’s Facebook Pixel cookie, we can target Facebook advertising to users who have visited our website and follow the results of the advertising. However, Finnvera itself cannot identify the users who have visited the website. More information about Facebook Pixel can be found at https://www.facebook.com/business/a/facebook-pixel.
Newsletters contain so-called tracking pixels. They are thumbnails in HTML format attached to e-mail messages that allow you to save and analyse log data. They help track the success of online marketing campaigns. The embedded tracking pixel provides information about if the newsletter was opened, when it was opened, and whether the user opened links in the newsletter.
The controller stores and analyses data from newsletters’ tracking pixels in order to optimise the delivery of the newsletter and improve the content of future newsletters to better suit the recipients. This information is not disclosed to third parties. The data subjects are at any time entitled to revoke the separate notification of consent issued during the subscription procedure. After cancellation, the controller deletes this personal data.
For how long does Finnvera store your personal data?
If we store your data for purposes other than the performance of a contract, the data will be stored only if that is necessary for the purpose in question and/or stipulated by law and regulations.
- Prevention, detection and investigation of money laundering, the financing of terrorism and fraud: at least five years after the end of the business relationship or the performance of a single transaction
- Accounting regulations: for up to ten years
- Data about the performance of a contract: for up to ten years after the end of the client relationship, for defence against legal claims
The examples above are provided for clarification purposes only.
How are changes to this privacy statement made?
Finnvera does not restrict your rights described in the privacy statement or defined in the applicable data protection legislation in the jurisdictions where Finnvera operates. If significant changes are made to the privacy statement, we provide a clear notification about this whenever required by applicable law. Read the privacy statement from time to time to keep up to date about changes, if any.