PRIVACY NOTICE

Your privacy and keeping you informed on processing your personal data is important to us. This Privacy Notice provides you information on how we collect and process personal data of our clients, potential future clients and our business contacts.

Data controller: Berggren Oy
Address: Eteläinen Rautatiekatu 10 A, PL 16, 00100 Helsinki
Phone: +358 10 227 2000
Email: tietosuoja@berggren.fi


1. Data controller and processors

Berggren Oy is the data controller for the data collected and processed as described in this privacy notice.

Berggren Oy uses the following processors, subject to appropriate safeguards in agreement with said processors, in processing the personal data collected hereunder:

  • Server infrastructure provider (currently Equinix)
  • Email, office application provider (currently Microsoft)
  • CRM provider (currently Hubspot Inc)
  • Foreign attorneys for the purpose of carrying out assignments outside Finland (various)
  • Financial application provider (currently Visma)
  • Document management system provider (currently M-Files)

Personal data is only transferred outside the EU/EEC to countries without an adequate level of data protection subject to standard contractual clauses (SCC) or other appropriate safeguards as foreseen under Article 46 of the General Data Protection Regulation (”GDPR”).

2. Categories of personal data and legal basis for processing

Category of personal data and primary data sources

Purpose of use

Legal basis for processing

Removal of personal data

Client contact person information, such as name, email, address, phone number(s), employer, title or position as provided by you as registered person or the company represented by you

Providing services for the client, managing client relationship, providing information to client relating to client relationship

Processing is necessary for performance of contract between Berggren and client (GDPR Article 6(1)(b))

Upon ending of client relationship unless a legal obligation or the need to defend Berggren’s interests requires that the personal data is stored for a longer period

Carrying out conflict checks, anti-fraud/money laundering checks or other obligatory clearances required under applicable ethical standards or legislation

Processing is necessary for the purposes of the legitimate interests pursued by the controller, (GDPR Article 6(1)(f))

Potential new client contact person information, such as name, email, address, phone number(s), employer, title or position as provided by you or as available public sources such as company website

Marketing and sales efforts with regards to potential new clients, i.e. soliciting a business relationship with the client

Processing is necessary for the purposes of the legitimate interests pursued by the controller, (GDPR Article 6(1)(f))

At the latest one year after the data has been collected, if the new potential client does not become a new client

Participants (contact information) of our webinars and events as provided in the webinar or event registration

Marketing and sales efforts with regards to potential new clients, i.e. soliciting a business relationship with the client

Processing is necessary for the purposes of the legitimate interests pursued by the controller, (GDPR Article 6(1)(f))

At the latest one year after the data has been collected, if the new potential client does not become a new client

IP address of persons visiting the website

Preventing malicious misuse of website

Processing is necessary for the purposes of the legitimate interests pursued by the controller, (GDPR Article 6(1)(f))

At the latest one year after visit to website unless a legal obligation or the need to defend Berggren’s interests requires that the personal data is stored for a longer period

Information concerning inventors, e.g. name, address as provided by the inventor or inventor's employer during patent prosecution work

Prosecuting and managing patent applications and patents

Processing is necessary for performance of contract between Berggren and inventor/inventor’s employer (GDPR Article 6(1)(b))

Upon ending of client relationship unless a legal obligation or the need to defend Berggren’s interests requires that the personal data is stored for a longer period



3. Data security

Berggren Oy protects the personal data described in this privacy notice with appropriate technical and organisational measures, and obligates its processors to do the same. The company maintains a high level of data security to protect the confidentiality of the personal data (and other client data) collected and processed in its operations, including safeguards against data breaches, unlawful processing of personal data, accidental or unlawful alteration, destruction, or disclosure of said data. The measures undertaken by the company, such as encryption of data and limiting access to personal data have been implemented based on a risk analysis regarding the likelihood of and potential impact of data breaches, the sensitivity of the personal data processed hereunder, the way that the personal data is stored/kept, and advancements in data security technology. Processing of your personal data is limited to personnel who needs to access data for the purposes above while we provide our services. We provide training to our personnel regarding privacy, data protection and security.


4. Rights of data subjects

Under the GDPR, data subjects have the following rights (as more closely provided under Article 15-21 of the GDPR:

  1. Right of access: data subjects have the right to request whether their personal data is being processed, as well as access to said personal data
  2. Right to rectify: data subjects have the right to request the data controller to rectify any errors or omissions in their personal data
  3. Right of removal: data subjects have the right to request the data controller to remove any of their personal data that is no longer needed for the purpose for which it was collected or processed, regarding which the data subject objects to processing and there is no legitimate basis for the processing, which is being processed unlawfully or must be removed to satisfy a legal obligation
  4. Right to restrict processing: the data subject has the right to restrict the processing of his or her personal data in the event the accuracy or veracity of the personal data is disputed, if the personal data is being unlawfully processed, if the data controller no longer needs the personal data but the data subject legitimately objects to the removal of the personal data, or if the data subject objects to the processing but it has not yet been determined whether there is a legitimate basis for said processing
  5. Right to object: the data subject has the right to object to the processing of his or her personal data to the extent said personal data is being processed subject to Article 6(1)(f) of the GDPR, in which case the data controller must in order to continue processing show that there is a legitimate basis for the processing of said personal data
  6. Right to data portability: data subjects have the right to receive a copy of the personal data relating to them and to have said personal data transferred to another data controller in so far the legal basis for the processing of said personal data is Article 6(1)(b) of the GDPR
  7. Right to notify data protection authority: data subjects have the right to complain about the processing of their personal data to the appropriate data protection authority, which with regards to Finland is the Data Protection Ombudsman (https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman)

 

5. Contact details

The person responsible for data protection at Berggren Oy is LLM Suvi Julin (suvi.julin@berggren.fi).

In general, the contact information for data protection at Berggren Oy is tietosuoja@berggren.fi. Data subjects can contact this adddress if they wish to exercise their rights as data subjects or require more information about the personal data practices and policies of Berggren Oy.

 

6. Amendments to this privacy notice

Berggren Oy updates its privacy practices and policies from time to time. Berggren Oy may amend this privacy notice by posting a new, updated version of the notice on its website. In the event substantial changes are made, Berggren Oy endeavours to notify data subjects either with a notice on its website or by sending a separate notification via, e.g., email.