GDPR
PRIVACY NOTICE
1. General information
This Privacy Notice describes how Fondita Fund Management Company Ltd. (business ID: 0899688-5) (“Fondita”) processes personal data, what personal data Fondita collects, for what purposes the data is used and to whom the data can be disclosed. This Privacy Policy also provides information on the obligations that Fondita has in relation to the processing of personal data.
We are dedicated to processing personal data in compliance with the European Union’s General Data Protection Regulation (2016/679) and other applicable privacy laws (together as “data protection legislation”). Taking care of data protection is a part of Fondita’s business activities.
This Privacy Notice is applicable to all funds offered by Fondita, to our websites, social media services and events. The Privacy Notice applies to processing of personal data of our customers and potential customers, their family members, representatives and beneficiaries as well as business partners and service providers and also to processing of personal data of our shareholders, job applicants and other people involved in recruitment processes. In case of discrepancies, the Finnish language version (available here) of this Privacy Notice shall prevail.
“Personal data” refers to any information about natural person (“data subject”), which allows a person to be directly or indirectly identified as an individual person, as defined in the General Data Protection Regulation. Information about the data subject that may not be identified, directly or indirectly, is not considered as personal data.
2. Controller and Data Protection Officer
Controller:
Controller Fondita Fund Management Company Ltd
Aleksanterinkatu 48 A, 00100 Helsinki
Contact details: info@fondita.fi
Data Protection Officer:
Data Protection Officer of Fondita Fund Management Company Ltd: Fredrik von Knorring
Contact details: 09-6689 8933
3. Legal basis for the processing of personal data and the purpose of processing
The legal basis for the processing of the data subjects’ personal data is primarily the contract between Fondita and the data subject which is based on the order of the fund product or fund service. The processing of personal data is also based on statutory obligations such as accounting obligations and obligations arising from the Investment Funds Act and the Limited Liability Companies Act. In addition, the processing of personal data for customer relationship management and direct marketing purposes is based on Fondita’s legitimate interest. Direct electronic marketing may be based on data subject’s consent Also, the legal basis for the process concerning recruitment procedure is primarily the legitimate interests pursued by Fondita and data subject.
We are processing personal data for example for the following purposes:
- Subscribing the fund units of the Fondita’s funds
- Ordering Fondita’s other services and participating in the events organized by Fondita
- Producing, maintaining, developing and assuring quality of the services
- Ensuring the security of services and preventing frauds
- Carrying out statutory obligations
- Business planning and product development
- Entering into contracts with partners and service providers and communication with them
- Communication, information and marketing
- Risk management and preventing abuses
- Recruitment
4. Categories of personal data, what data we process and data sources
We only collect the data subjects’ personal data which is relevant and necessary for the purposes outlined in this Privacy Notice.
The following information relating to data subjects is being processed:
| Categories of personal data | Examples of data content |
| Contact information | Data subject’s name, address, phone number and email. |
| Identity information | Personal identity code or equivalent foreign identity identifier and date of birth. |
| Information concerning the (potential) customer relationship and customer transactions information, business partners and service providers | Account number, billing and payment information, and other information identifying the (customer) relationship, as well as contacts and complaints between the data subject and Fondita. |
| Know Your Customer (KYC) information | The name, date of birth and personal identity code of the data subject (including family members, representatives or beneficiaries); full names, birth dates and nationalities of the legal entity’s board members or the corresponding decision-making body; the name of the document used to authenticate the identity, the document number or other identifying information and the issuer, or a copy of the document or, if the customer has not been physically present for the identification, information about the procedure or sources used for authentication; information about the customer’s business, the quality and scope of the business, the financial position, the basis for the use of the transaction or service, and information on the origin of the assets. |
| Information relating to shareholders’ or outsourced share register’s fund units | The same information as in the share register. The information is in the possession of the fund manager and will be handed over to Fondita if necessary. |
| The fund unit register and the list of shareholders and shares | Information on the number of shares held by the data subject and historical data related to ownership. The name and postal address of the fund unit holder, the number of fund units owned, the specification of the different types of shares and series of shares, the date of registration of the fund unit and the serial number of the share certificate or fund unit share. |
| Recruitment information | Information relating to data subject’s job application, curriculum vitae and other recruiting material and data collected during the recruitment process. In addition, information about other people involved in recruitment processes. |
| Information relating to the use of the webpage | The cookie data relating to the data subject, IP address, date, time and duration of the visit (see separate cookie notice here) |
The provision of the above-mentioned information is necessary to fulfil the contractual and legal obligations between Fondita and the data subject, Fondita’s statutory obligations as well as providing Fondita’s services and the management of the recruitment processes.
The personal data is mainly collected from the data subjects themselves, for example, in connection with marketing, when entering into a customer agreement, during the use of the Fondita’s Online service and otherwise during the course of the customer relationship, through Fondita’s website and cookies, and if required by the law also from other sources.
5. Retention of the personal data
Fondita will retain the personal data for as long as is necessary to fulfil the purposes outlined in the Privacy Notice unless a longer retention period is required by law (for example regarding obligations and responsibilities related to special legislation, accountancy or reporting) or unless the data is needed for drafting or presenting a claim or for a legal defence or for resolving a dispute of a similar nature.
The personal data will be processed for the duration of the customer and contractual relationship and for a necessary time after the end of the customer and contractual relationship. As a main rule, the personal data of customers will be deleted after ten (10) years after the end of the customer relationship.
Regarding entities, the retention of the data subject’s personal data is linked to the length of time the data subject is acting as a representative towards Fondita. The personal data will be deleted within a reasonable time after the concerned role ends unless it is required by law to retain the data for a longer period of time.
The personal data necessary for marketing purposes will be retained for as long as the data subject is a customer of Fondita and for 24 months thereafter, provided that the data subject has not objected to the use of the personal data for the marketing purposes. Any consent to electronic marketing will be valid for 24 months after which it will be deleted unless the data subject gives new consent.
Know Your Customer (KYC) information will be retained in compliance with the Act on Detecting and Preventing Money Laundering and Terrorist Financing (28.6.2017/444) for at least five (5) years after the end of the permanent customer relationship. In addition, the subscription and redemption orders shall be retained for at least five (5) years.
Fondita will retain the accounting materials for as long as is required by law.
The list of shares and shareholders shall be constantly updated and the data shall be retained permanently.
Job applications and the relevant recruiting material shall be retained for the period of one (1) year from the final recruitment decision. Open job applications and the relevant recruiting material shall be retained for one (1) year from the receipt of the application. After that the data may be retained on the basis of a separately given consent by the data subject.
When the personal data is no longer needed as defined above, data is deleted within a reasonable time.
6. Processors of the personal data and other recipients
Fondita may, in accordance with this Privacy Notice, outsource the processing of personal data to service providers or subcontractors. For example, IT system and financial management service providers as well as providers of debt collection and law services, supply service providers and service providers producing other services may need to process personal data. In addition, service providers maintaining fund unit register and insider register may participate in the processing. Fondita ensures with adequate contractual obligations that personal data is processed properly.
The personal data may also be disclosed to authorities such as tax and execution authorities to fulfil statutory and contractual obligations. Personal data is not disclosed for the purposes of direct marketing.
Fondita may also have to disclose personal data in case of emergencies or in other unexpected situations to protect human life, health and property. Additionally, Fondita may have to disclose personal data if Fondita is part of legal proceedings or other dispute resolution proceedings.
If Fondita is involved in a merger, business acquisition or other transaction, it may be required to disclose personal data to third parties.
Further information on recipients of personal data can be obtained on request.
7. Transfer of personal data outside EU/EEA
Personal data will not be transferred outside the European Union or the European Economic Area.
8. Principles of protection of personal data and security of processing
Fondita processes the personal data in a manner that seeks to ensure in every situation the proper security and privacy of personal data, including the protection against unauthorized processing and accidental loss, destruction or damage.
Fondita uses appropriate technical and organizational safeguards to protect this, including the use of firewalls, encryption techniques and safe device facilities, proper access control and guidance for personnel and subcontractors involved in processing of personal data. Documents retained as original copies shall be kept in locked premises.
All persons processing the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in relation to issues concerning personal data.
More detailed information on the recipients is available on request.
9. Rights of data subjects
The data subjects have the rights set out in the data protection legislation.
Right of access
The data subject has the right to obtain a confirmation if his or her personal data is processed.
The data subject has the right to access the personal data about himself/herself and to request to receive the data in a paper copy or in an electronic form.
Right to correct and erase data
The data subject has the right to demand any incorrect or incomplete personal data to be corrected. The data subject has also the right to request to remove his/her data under the conditions set forth in the data protection legislation.
The controller also removes, corrects and completes incorrect, unnecessary, incomplete or outdated data on its own initiative when controller notices such data.
Right to data portability and right to restrict and to object processing
The data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller if Fondita processes the personal data of a data subject automatically based on a consent or contract between the data subject and Fondita.The data subject has the right to request to restrict processing of personal data in accordance with the conditions set out in the data protection legislation. Additionally, in case where the personal data is suspected to be incorrect and cannot be corrected or removed or there is confusion about the removal request, Fondita will restrict access to the data.
The data subject has the right to object to the processing of his/her personal data for certain purposes, if we process the personal data based on our legitimate interest, such as direct marketing.
Right to withdraw consent
If the processing of personal data is based on data subject’s consent, the data subject has the right to withdraw his/her consent at any time. The withdrawal does not affect the processing, based on consent, before the withdrawal.
Execution of the rights of the data subjects
Requests concerning data subjects’ rights shall be made in the course of a personal visit or in writing or in electronic form and shall be addressed to the controller (contact information in section 2 of this Privacy Notice).
The identity shall be confirmed prior providing the data and we may, therefore, ask a data subject to provide us with additional information. The request shall be answered within a reasonable time, and if possible, within one (1) month from presenting the request and confirming the identity.
If the data subject’s request is denied, the data subject shall be informed about the refusal in writing. Fondita may refuse the request (such as deleting the data) because of a statutory obligation or a statutory right that Fondita may have, such as an obligation or a claim related to our services.
10. Right to lodge a complaint to the supervising authority
The data subject shall have the right to lodge a complaint to the office of the data protection ombudsman if the data subject considers that his/her personal data has been processed against the current applicable data protection legislation.
You can find the contact information of the supervising authority here. PL 800, 00531 Helsinki, tietosuoja(at)om.fi, 029 566 6700
11. Changes to the Privacy Notice
We develop our services continuously and due to that might be forced to change and update this Privacy Notice. The changes might also be based on the amendments of the legislation. We recommend reviewing the content of the Privacy Notice regularly. If the changes contain new purposes for the processing of personal data, we will notify in advance and will ask for consent if necessary.
The Privacy Notice is published 25.5.2018 and updated yearly.
Fondita