How we process personal data

Personal data is in most cases collected directly from you or obtained from the use of Finnvera products or services. At times, we need additional information to keep the data up to date or ensure the accuracy of information we have received.

We typically collect personal data about you when you become our client, use our products and services, participate in our marketing campaign or surveys or otherwise interact with us. We only collect data about you that is necessary for the purpose in question.

Personal data collected includes, among other things:

• personal data related to pinpointing and identifying the person, such as the person’s name and personal identity code;
• contact details, such as the person’s address, e-mail address and telephone number;
• various information related to the client relationship and its management, such as the party’s number and category and information related to client interaction;
• information required directly by legislation, such as information required by know-your-client (KYC) requirements;
• information related to products and services, such as information about the use of our online services; and
• messages sent via our digital channels, such as chat discussions.

Personal data that we may collect from third parties

• information available in public data files of authorities (e.g. the Population Register, the Tax Administration’s registers, business registers, supervisory authorities’ registers, the credit data register, international sanctions lists, such as the EU’s and US’s (OFAC) lists) and information that is obtained from the data files of other commercial information providers and that is related to, for instance, the actual beneficiaries of the enterprises and politically influential persons; and
• information we receive from other Team Finland actors that we cooperate with.

We use your personal data to fulfil our legal and contractual obligations, to be able to make offers to you and to provide you with advice and services.

Conclusion and management of service and product contracts (the performance of a contract)

The main purpose for processing personal data is to collect, process and verify personal data before making an offer and concluding a contract and to document, manage and execute contractual duties. 

Examples of tasks related to the performance of a contract:

• processes required for granting credit or a guarantee;
• customer service during the contract period; and
• the potential establishment, exercise or defence of legal claims and a debt collection procedure.

Fulfilment of requirements and obligations defined in law, regulations or decisions by supervisory or other authorities (legal obligation)

In addition to the performance of a contract, the fulfilment of obligations defined in law, regulations and decisions by authorities also requires us to process personal data.

Examples of legal obligations that require the processing of personal data:

• the know-your-client (KYC) obligation resulting from the regulations to prevent money laundering and the financing of terrorism;
• sanctions-related checks;
• accounting regulations;
• reporting to police, debt recovery and supervisory authorities; and 
• obligations related to risk management (credit and insurance risks) and capital adequacy requirements.

Marketing, product and client analyses (legitimate interest)

Personal data is also processed in connection with marketing, product and client analyses. Marketing activities as well as process, business and system development, including testing, are based on the processing of personal data. In this manner, we can improve our product selection and optimise the services we offer to our clients.

We only disclose your data when there are justified grounds for disclosure and whenever disclosure is required by law:

• disclosure is necessary when processing grant applications as referred to in the Act on Government Grants for Business Development (9/2014)
• disclosure is necessary for the reconciliation of public funding or the handling of business subsidy matters by authorities
• disclosure is necessary for executing enterprise services regulated by the Act on the Customer Data System for Enterprise Services (293/2017).

Finnvera may use subcontractors in service production and disclose personal data to authorities, among others, to fulfil the legal obligations. We process data inside the EU and the EEA. We may also disclose your personal data to authorities (to police or debt recovery authorities, for instance) to fulfil the legal obligations.

The voluntary and judicial collection of Finnvera's receivables is handled by a collection agency. Data is transferred once a day as line transfer to an external service provider. Data to be disclosed include:

• Party data – basic information
• Basic financial information
• Invoice
• Payment schedule

We use subcontractors and partners to produce and provide services, which is why your personal data may be transferred to such parties for processing on our behalf. These parties will only be able to process your data in accordance with our instructions and they will not have access to your data for their own purposes, such as direct marketing.

We will ensure through contractual and other arrangements that our subcontractors and partners always process your data carefully and in accordance with good data processing practices.

As a rule, we process your data within the EEA. The EEA includes the EU Member States as well as Iceland, Liechtenstein and Norway. If we transfer data outside the EEA to a country whose national regulations do not guarantee EU-level data protection, we will ensure an adequate level of protection of personal data as required by law and use the data transfer mechanisms approved by the European Commission, primarily the standard contractual clauses of the European Commission.

The standard contractual clauses are available on the website of the European Commission:
Standard contractual clauses for international transfers | European Commission (europa.eu)