Accountor General Privacy Statement
This General Privacy Statement (“General Privacy Statement”, “General Statement” or “Statement”) is issued on behalf of Accountor Group, that consists of different legal entities operating in several countries. The entity who will control for your data is dependent on the situation where your personal data is processed. The following entities make decisions about your personal data (act as data controllers in relation to you):
- Accountor Holding Oy and
- Accountor Affiliate that you are interacting with in the specific situation, for example Accountor Affiliate that has a contractual relationship with you, or with a company you represent, or Accountor Affiliate you are visiting with or from who you are seeking a job.
When Statement talks about "Accountor", "we", "us" or "our", it refers to the relevant company in Accountor responsible for the processing of your personal data.
This General Statement aims to give you information on how we collect and process your personal data, with whom data is shared, how long it is stored and what are your rights as regards personal data.
This Statement applies to the processing of personal data. Personal data means information that can be associated with you either directly or indirectly. Also data referring to an individual representing or acting on behalf of a company, e.g. a managing director, is personal data. A company information that does not relate to any natural person is not personal data.
As Accountor processes personal data in different situations and related to several stakeholders, we have prepared some accessory statements that supplement this General Statement and provide more detailed information in the given situation. These specific statements can be found by clicking on the applicable headings provided here. However, if there are any discrepancies between the General Statement and an accessory statement, the latter will primarily be determinative.
Collection of personal data
We may collect your personal data through different means. You may yourself provide information through direct interactions with us or data may be generated when you use our services. In addition, we may create data based on information we have about you. Your personal data may be obtained also from other companies belonging into Accountor Group or external third parties, including publicly available sources.
We may combine the data collected about you from publicly available sources, and from our different interactions with you in connection with e.g. service provision and marketing communication.
You are not required to provide any personal data to us, but the consequences of your choice may vary depending on the circumstances. For example, it is possible that we will not be able to provide our service to you or act in accordance with your request.
Personal data categories
We process different kinds of personal data about you depending on the situation. The categories and scope of data is always limited to what is necessary for the purposes it is processed for. Categories of personal data in a given processing situation are detailed in a respective accessory statement.
We may also process personal data for statistical purposes, meaning that information is aggregated to the level where no natural person may be identified from the result. Such data is not considered personal data as this data cannot be associated with you.
As a rule, we do not process special categories of personal data like information about your health. However, in limited cases such data may be processed provided, that the processing is conducted in accordance with the applicable laws and you have been informed thereon.
Purpose and legal basis for processing personal data
We collect, process and use only personal data, which is needed for operational purposes, efficient customer care and relevant commercial activities, including the processing of personal data for anonymising it.
We only use your personal data for the legitimate and explicitly defined purposes and do not process data in a manner that is incompatible with those purposes. Purposes of the processing in a given situation are detailed in a respective accessory statement.
We always have a legitimate basis for the processing of your personal data that is communicated to you.
We usually process your personal data for the performance of an agreement or contractual relation we have with you, or a company you represent, and us, or in order to enter into such relation.
We may process personal data in order to meet our statutory obligations e.g. in relation to accounting or to fulfil authorities’ (e.g. tax authority) requests as required by law.
Further, you may have consented to the processing of your personal data for one or more specific purposes.
Personal data may also be processed based on our legitimate interest (or those of a third party) provided, that your fundamental rights do not override such interest. For example, we combine the data collected about you from different sources or process personal data to develop our operations and services or in order to generate internal reports for management purposes. In these cases, the processing of personal data is based on our legitimate interest to ensure that our operations are effective and our offering is competitive, and that we have relevant information at hand to better understand our customers as well as to manage our operations.
Data sharing and disclosures of personal data
We may share your personal data with other Accountor Group companies within the limits of applicable laws and for the purposes indicated in this Statement, including development of services, and marketing their products and services to you. Personal data may be shared between companies belonging to Accountor Group for internal administrational purposes, for example, as part of our reporting activities on company performance and for the purposes of using centralized solutions e.g. in the use and maintenance of information and communication systems and hosting of data. Sharing of personal data is based on our legitimate interests to enable and develop efficient business operations and customer relationship management as well as to inform our customers of relevant services of other Accountor Group companies.
We may also disclose your personal data to third parties, when:
- permitted or required by law, e.g. to comply with requests by competent authorities or related to legal proceedings;
- our trusted service providers process personal data on behalf of us and under our instructions. We control and are responsible for such processing of your personal data;
- we are involved in a merger, acquisition, or sale of all or a portion of our assets;
- we assess that disclosure is necessary to enforce or protect our rights, such as to respond to legal claims, to protect your safety or the safety of others, investigate fraud, or respond to a government request;
- there is a legitimate interest for the disclosure, such as we are organising a joint conference or event with a third party, provided, that we have informed you on such sharing; and
- you have consented into such disclosure, but only to parties the consent relates to.
Note that from time to time our service providers may use personal data processed on our behalf and in connection with service provision further for their own purposes independently such as for their service development, statistics or to fulfill their legal obligations. Accountor strives to ensure that this further processing is not incompatible with the original purposes personal data is processed for. In such case the service provider in question is responsible for the lawfulness of the processing.
Transfers of personal data outside the EU or EEA
Some of our trusted partners or service providers working for us are established or may have access to personal data outside the European Union or the European Economic Area (together “EEA”), so their processing of your personal data will involve a transfer of data outside the EEA. In these cases, we will take necessary steps to provide appropriate safeguards for international data transfers and to the extent necessary implement supplementary measures for protection of personal data as required by applicable laws.
This means that
- personal data is transferred only to countries that have been deemed to provide an adequate level of protection of personal data by the European Commission (“countries with adequate protection”). For further details, see Adequacy decisions | European Commission (europa.eu)
- with a service provider that is based outside countries with adequate protection, we will use specific contract clauses approved by the European Commission and implement necessary technical, organisational, or contractual supplementary measures to ensure that personal data has the same protection as in EEA. For further details, see Standard Contractual Clauses (SCC) | European Commission (europa.eu)
Please contact us at firstname.lastname@example.org, if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.
Retention of personal data
Your personal data is retained only for as long as necessary to fulfil the purposes it is processed for, including for the purposes of satisfying any legal, accounting, or reporting requirements and as defined in this Statement.
We have defined retention periods to all personal data we have on you. When defining such periods, we have considered various factors such as the nature and sensitivity of personal data and the purposes the data is processed for.
Your personal data processed based on a contractual relationship with you, or a company you represent, are stored, as a rule, for the duration of the contractual relationship or as long as the provision of the services requires. After our relationship or service provision has ended, we typically store personal data that are necessary to protect our legitimate interests e.g., enabling response on requests or claims under applicable provisions concerning statute of limitations, or we may store your personal data, to the extent necessary, in order to respect your request not to receive direct marketing from us.
Personal data processed based on legitimate interests are processed as long as there are grounds for their processing. If you object such processing, data will be erased after your request has been validated. An example of this kind of processing falling within the scope of legitimate interest is direct marketing.
If personal data is processed based on legal obligations, it is retained as long as required by law. Obligations to the storage of personal data are set, for example, by the Accounting and Money Laundering laws.
The storage time of personal data processed with your consent is determined according to the purposes of processing.
Your rights and options as regard personal data depend on the purposes of the processing and on the situation.
The right to access – You have the right to receive confirmation of whether your personal data is processed, and if it is, to access the data. This enables you to receive information on how we process your data and a copy of the personal data we hold about you.
The right to rectify data – You are entitled to have your personal data rectified or, in certain cases, to have defective personal data supplemented.
The right to object to the processing – You are entitled to object to the processing of your personal data that is based on Accountor’s legitimate interest (or those of a third party), if your particular situation overrides such interest. We may reject your request, if the processing is necessary in order to implement mandatory and legitimate interests. You are always entitled to oppose to the processing of your personal data for direct marketing purposes and for related profiling.
The right to data portability – You have the right to receive your personal data you have submitted to us for the processing based on your consent or the implementation of an agreement. In such cases, we will provide you, or a third party you have chosen, your personal data in a structured, commonly used and machine-readable format.
The right to be forgotten – You may ask us to erase your personal data where there is no valid reason for us continuing to process it. For example, if you consider personal data unnecessary for the purposes described above or you cancel the consent you have given.
The right to restriction of the processing – You have the right under certain circumstances to require Accountor to restrict the processing of your personal data. For example, for the period needed for verifying the accuracy of your personal data.
The right to give and withdraw your consent – If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
We may need to request specific information from you to help us confirm your identity and ensure that you are entitled to exercise your rights.
You can execute your rights by sending the above-mentioned requests to us at email@example.com. If you think that the processing of your personal data is not appropriate, you have a right to contact Data Protection Supervisor in your country.
We maintain security measures (including physical, technical, electronic, and administrative measures) that are appropriate to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to those authorized employees and service providers who need to know the information in the course of their work tasks. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Please be aware that, although we endeavour to provide appropriate security measures for personal data, no security system can prevent all potential security breaches. If a security breach occurs, we will inform you in accordance with applicable laws.
Changes to this Statement
We may update this Statement at any time, if required in order to reflect the changes in our data processing practices. You can find the latest version at www.accountor.com.
The last update of this Statement was on May 11th, 2022.
The contact details of the parent company of Accountor Group:
Accountor Holding Oy, business ID: 2480336-9, Keilaniementie 1, 02150 Espoo, Finland.
If you have any questions regarding this Statement, the personal data we process about you or you wish to reach Accountor Data Protection Officer, please contact us at firstname.lastname@example.org