Privacy Policy

Drafted on 27 June 2018
Updated on 9 January 2024

1. Data controller

Business Finland Oy (Business ID: 2725690-3)
Visiting address: Porkkalankatu 1, 00180 Helsinki, Finland 
Switchboard: +358 2950 55000

2. Point of contact

Please e-mail to: dataprotection@businessfinland.fi  

3. Name of register

Team Finland Market Opportunities, registered external users.

4. Purpose of personal data processing and basis for processing 

Category of data subjects Data utilised for Basis for processing
Individuals registered as external users of Team Finland Market Opportunities service  The information is collected to:
  • allow the registered person to use one or more of features of the Services that require identification of the users
  • send newsletters
  • send the registered person renewal notifications and/or service notifications
  • conduct customer satisfaction surveys
  contract, legitimate interest

       
Processing tasks may be outsourced to third party service providers in accordance with the data protection legislation and the boundaries imposed by same.

5. Data content of register

The following type of information regarding the data subject may be stored: 

Identification and user data for enabling the use of the online service such as:

  • first name and last name
  • telephone number
  • User ID (e-mail address) and password
  • Organization to which the registered person relates to


When the person creates BF-identifier, he/she is required to identify through Suomi.fi -service. Suomi.fi -service forwards the identification data, including the person’s social security number to the controller.  Social security number is not used for any other purpose than for identification.

In addition, we follow the use of the Service and thus collect technical information on the use of the site.

6. Personal data retention period

We may erase the personal data from the register latest if the user profiles have not been updated or used for a period of five years.

The erasing shall take place by means of deleting the information in its entirety, by rendering the data passive so that the data are no longer processed and access to the data is restricted, by means of encrypting or overwriting.  

7. Regular sources of information

Information is submitted by the registered person himself/herself and by suomi.fi (for identification).

8. Regular disclosures of information and transfer of data outside of the EU or EEA 

Person’s name, e-mail address, telephone number and name of the organization to which the person relates to, as well as data on used services may be transferred to Business Finland’s general client, stakeholder and marketing register

The data is stored within EU.

As we utilize cloud-based service providers, some of the Personal data may be transferred outside of the European Union or the European Economic Area in accordance with the data protection legislation and within the boundaries imposed by same. If no decision regarding an adequate level of data protection has been issued in relation to the target country, the transfer shall occur by means of employing the standard clauses approved by the European Commission. 

9. Principles for protecting the register

Access to management of personal data is provided only to the nominated persons and secured by username and password. 

10. Automated decision-making

The information in the register shall not be utilised for decision-making entailing legal effects for the person and that is based on automated data processing, such as profiling.

11. Data subject’s right to object to the processing of personal data 

The data subject shall have the right, in connection with their personal specific circumstances, to object to profiling pertaining to themselves and to other processing measures directed by the data controller at the data subject’s personal data to the extent the data processing is based upon the data processor’s legitimate interests or public interest.

The data subject may present their claim regarding the objection in accordance with section 14 of this privacy policy. In conjunction with the claim, the data subject must specify the specific circumstances based on which they are objecting to the processing. The data controller may refuse to carry out the request pertaining to the objection on the grounds stipulated for under the legislation.

12. Data subject’s right to object to direct marketing 

The data subject may issue the data controller consents or prohibitions pertaining to direct marketing on a channel-specific basis, including profiling taking place for direct marketing purposes.

13. Other data subject’s rights pertaining to the processing of personal data 

Data subject’s right to obtain access to the information (Right of Access) 

The data subject shall have the right to inspect which data concerning them has been stored in the register. The inspection request must be submitted in accordance with the instructions set forth in this privacy statement. The right of access may be denied upon grounds stipulated in the law. As a point of departure, exercising one’s right of access in an ordinary manner is free of charge.

Data subject’s right to require the rectification or erasure of data or restriction of processing

As a registered user of the Services, the data subject is provided with tools and account settings to access, correct or modify the personal data he/she provided to the data controller and is associated with his/her account.

To the extent the data subject is able to act for themselves, the data subject shall, without any undue delay, after becoming aware of the error, or, having detected the error themselves, rectify, erase or supplement any piece of information found in the register being contrary to the purpose of the register, erroneous, unnecessary, deficient or outdated.

To the extent, the data subject is not able to rectify the information themselves, the correction request shall be submitted in accordance with section 14 of this privacy notice.

The data subject shall also have the right to require the data controller to restrict the processing of their personal data, for instance in circumstances where the data subject is awaiting the data controller’s response to their request regarding the correction or erasure of their personal data.

Data subject’s right to lodge a complaint with the supervisory authority 

The data subject shall have the right to lodge a complaint with the competent supervisory authority, if the data controller has not complied with the applicable data protection regulation in its operations. 

14. Contacts

In all questions concerning the processing of personal data and situations related to the exercise of the data subject’s rights the data subject should contact the data controller. The data subject may exercise their rights by contacting dataprotection@businessfinland.fi.  

For the purpose of checking your personal data, you can also make a request using an electronic form (requires strong identification).

15. Versions

This privacy policy is updated on January 9th, 2024. 

The data controller follows the developments in legislation and will develop its operations constantly, and consequently, retains the right to update this privacy policy.