Privacy Policy
Data Controller
Alfa Attorneys Ltd. (Business ID: 2778207-3)
Hatanpään valtatie 2a, 6th floor, 33100 Tampere
Peter Rasmussen, CEO
Phone: +358 (03) 3142 9000
Email: toimisto@alfalaw.com
Purposes and Legal Grounds for Personal Data Processing
Alfa Law Firm Ltd. complies with the applicable data protection legislation and good legal practices when processing personal data. The data is processed confidentially.
The purpose of personal data processing is to manage client relationships and legal assignments, as well as to perform conflict-of-interest checks. For non-client individuals, the purpose is marketing, customer acquisition, and responding to contact requests. The processing of personal data aims to prevent conflicts of interest and potential misuse.
The legal basis for processing personal data is the data controller’s statutory obligations, contracts, and legitimate interest in business operations and service development. Additionally, consent given by the data subject may serve as a legal basis for processing.
Collected Data
The data controller processes necessary identification and contact information depending on the specific use case. Such information includes, for example, name, email address, phone number, the company represented by the data subject, and their position within the company.
Personal data is primarily collected from the data subjects themselves during contact requests, marketing interactions, or via the website.
Cookies
We use cookies on our website to track visitor traffic and improve the website.
Our site uses Google Analytics cookies. The data collected by these cookies is transferred to and stored on Google’s servers, some of which may be located outside the EU or European Economic Area (EEA).
Data Retention
Personal data is stored on the servers of our IT service providers and on employees’ workstations. Paper documents are stored in our office and in the office archive.
Personal data is retained and processed only as long as necessary for the purpose of its use. The retention period varies depending on the purpose. Consents and objections are stored for the duration of their validity.
Personal data is deleted within a reasonable time once it is no longer needed, unless required by law to be kept for a longer period.
The data controller does not disclose personal data to third parties, except when required by authorities or mandatory legislation. However, the data controller may outsource personal data processing to trusted service providers or subcontractors, such as IT service providers. The data controller ensures through contractual obligations that the service provider processes personal data in accordance with data protection laws.
Our company does not transfer data outside the EU or the EEA, but some third-party service providers’ servers may be located outside the EEA.
Data Protection and Processing
Personal data is stored confidentially. The network, server, and hardware on which the register is stored are protected by firewalls and other technical measures. Employees and subcontractors are bound by confidentiality obligations regarding the data in the register.
Rights of the Data Subject
The data subject has the right to access their personal data and to request corrections or deletions of their data, or to restrict its processing. The data subject also has the right to object to the processing of their data and to request the transfer of data to another system. However, attorney-client privilege may restrict the data subject’s rights on a case-by-case basis.
When personal data processing is based on the data subject’s consent, the data subject has the right to withdraw consent for processing their personal data at any time.
The right to deletion, restriction, or objection does not apply to data processing that is necessary for compliance with statutory obligations of the data controller or for the preparation, presentation, or defense of legal claims.
The data subject has the right to lodge a complaint with the supervisory authority (the Data Protection Ombudsman, www.tietosuoja.fi) if they believe the data controller is violating data protection laws.
Exercising Your Rights
To exercise your rights, you can contact our office.