Fin | Eng | Swe

Privacy Policy for Insider Register

Data Controller

Data Controller      Solidium Oy (hereinafter “Solidium” or “we”)

Business ID            2245475-9

Address                   Unioninkatu 32 B, 00100 Helsinki

Phone number      +358 10 830 8900


Contact information in matters relating to data protection

Name                      Inka Virtanen

Address                   PO Box 1148, Unioninkatu 32 B, 00101 Helsinki

E-mail                      tietosuoja@solidium.fi

Phone number       +358 10 830 8900


Purpose of and legal Basis for Processing Personal Data

We process your personal data to fulfil our legal obligation to maintain an insider register of persons with access to inside information.

Personal data is not used for automated decision-making that would have legal or similar effects concerning the data subject.


Personal data that we collect

We process the following personal data about you:

  • basic information, such as your name, date of birth, personal identification number, phone number and address;
  • grounds, such as your duty, on which basis you have been added to the insider register; and
  • the time when you got access to inside information and the time when access to inside information ended.


Storage Period of Personal Data

We store your personal data that are part of the insider register for at least five years from creating or updating the insider register.


Regular Sources of Data

We receive personal data that are part of the insider register primarily from you.


Regular Disclosures of Data and Categories of Recipients

We have outsourced processing to external service providers in accordance with and within the limits of data protection legislation. We transfer personal data to an external service provider for the maintenance of our insider register.

We also disclose the information in the insider register to the Financial Supervisory Authority at its request.


Transfer of personal Data Outside the EU or the EEA

Personal data are not transferred outside the European Union or the European Economic Area.


Rights of the Data Subjects

As a data subject, you have certain rights under the EU General Data Protection Regulation 2016/679 (GDPR). Short descriptions of these rights below.

Right of Access to Personal Data: The data subject has the right of access to their personal data in the register. Exercising the right of access is generally free of charge.

Right to Rectification: The data subject has the right to request that the data controller rectifies inaccurate or incomplete personal data concerning them.

Right to Erasure: The data subject has in certain situations laid down in more detail in article 17 of the GDPR the right to request that the data controller erase personal data concerning the data subject. If the data subject believes, for example, that the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, they may ask us to erase the information.

Right to Restriction of Processing: The data subject has in certain situations laid down in more detail in article 18 of the GDPR the right to request that the data controller restrict processing of personal data concerning the data subject. The data subject may request restriction of processing, for example, when the data subject has objected to the processing of their personal data pending the verification whether the legitimate grounds of the data controller override those of the data subject. If processing is restricted, the data controller may store the data but, as a general rule, not process them in any other way.

Right to Object: In relation to their particular situation, the data subject is entitled to object to profiling and other processing that the data controller carries out on the data subject’s personal data particularly to the extent the processing is based on the data controller’s legitimate interest. If the data subject objects to processing, the data controller is no longer allowed to process the personal data, unless the data controller can prove that the processing is legitimate.

Right to Data Portability: To the extent that the data subject has themself provided data to the register that is processed based on the data subject’s consent, the data subject is primarily entitled to obtain such data in a machine readable format and is entitled to transfer such data to another data controller.

Right to Withdraw Consent: If personal data are processed based on the data subject’s consent, the data subject has the right to withdraw their consent by notifying the data controller of this. The withdrawal of the consent does not affect the legality of the processing carried out based on the consent before the withdrawal.

Right to Lodge a Complaint with the Supervisory Authority: The data subject is entitled to lodge a complaint with the competent supervisory authority (www.tietosuoja.fi), for example, if the data subject is of the opinion that the data controller has not complied with the data protection laws applicable to its operations.


Contacts and Exercising of the Data Subject’s Rights

In case of questions relating to the processing of personal data and exercising of your rights, please contact the data controller using the contact information in this privacy policy.


Changes to the Privacy Policy

We can make changes to this privacy policy if the methods or purposes of the processing of personal data change.