Data Controller
| Data controller | Solidium Oy (hereinafter ”Solidium” or ”we”) |
| Business ID | 2245475-9 |
| Address | Unioninkatu 32 B, 00101 Helsinki |
| Phone number | +358 10 830 8900 |
Contact information in matters relating to data protection
| Name | Inka Virtanen |
| Address | PO Box 1148, Unioninkatu 32 B, 00101 Helsinki |
| tietosuoja@solidium.fi | |
| Phone number | +358 10 830 8900 |
Purpose of and legal Basis for Processing Personal Data
We process your personal data to fulfil our legal obligation to maintain an insider register of persons with access to inside information.
Personal data is not used for automated decision-making that would have legal or similar effects concerning the data subject.
Personal data that we collect
We process the following personal data about you:
- basic information, such as your name, date of birth, personal identification number, phone number and address;
- grounds, such as your duty, on which basis you have been added to the insider register; and
- the time when you got access to inside information and the time when access to inside information ended.
Storage Period of Personal Data
We store your personal data that are part of the insider register for at least five years from creating or updating the insider register.
Regular Sources of Data
We receive personal data that are part of the insider register primarily from you.
Regular Disclosures of Data and Categories of Recipients
We have outsourced processing to external service providers in accordance with and within the limits of data protection legislation. We transfer personal data to an external service provider for the maintenance of our insider register.
We also disclose the information in the insider register to the Financial Supervisory Authority at its request.
Transfer of personal Data Outside the EU or the EEA
Personal data are not transferred outside the European Union or the European Economic Area.
Rights of the Data Subjects
As a data subject, you have certain rights under the EU General Data Protection Regulation 2016/679 (GDPR). Short descriptions of these rights below.
Right of Access to Personal Data: The data subject has the right of access to their personal data in the register. Exercising the right of access is generally free of charge.
Right to Rectification: The data subject has the right to request that the data controller rectifies inaccurate or incomplete personal data concerning them.
Right to Erasure: The data subject has in certain situations laid down in more detail in article 17 of the GDPR the right to request that the data controller erase personal data concerning the data subject. If the data subject believes, for example, that the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, they may ask us to erase the information.
Right to Restriction of Processing: The data subject has in certain situations laid down in more detail in article 18 of the GDPR the right to request that the data controller restrict processing of personal data concerning the data subject. The data subject may request restriction of processing, for example, when the data subject has objected to the processing of their personal data pending the verification whether the legitimate grounds of the data controller override those of the data subject. If processing is restricted, the data controller may store the data but, as a general rule, not process them in any other way.
Right to Object: In relation to their particular situation, the data subject is entitled to object to profiling and other processing that the data controller carries out on the data subject’s personal data particularly to the extent the processing is based on the data controller’s legitimate interest. If the data subject objects to processing, the data controller is no longer allowed to process the personal data, unless the data controller can prove that the processing is legitimate.
Right to Data Portability: To the extent that the data subject has themself provided data to the register that is processed based on the data subject’s consent, the data subject is primarily entitled to obtain such data in a machine readable format and is entitled to transfer such data to another data controller.
Right to Withdraw Consent: If personal data are processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying the data controller of this. The withdrawal of the consent does not affect the legality of the processing carried out based on the consent before the withdrawal.
Right to Lodge a Complaint with the Supervisory Authority: The data subject is entitled to lodge a complaint with the competent supervisory authority (www.tietosuoja.fi), for example, if the data subject is of the opinion that the data controller has not complied with the data protection laws applicable to its operations.
Contacts and Exercising of the Data Subject’s Rights
In case of questions relating to the processing of personal data and exercising of your rights, please contact the data controller using the contact information in this privacy policy.
Changes to the Privacy Policy
We can make changes to this privacy policy if the methods or purposes of the processing of personal data change.
