Privacy statement – Accounting Office Mandaatti
Updated on 25 February 2021
Mandaatti processes personal data responsibly, in confidence and in accordance with the data protection regulations in force. Mandaatti protects your rights and keeps your personal data safe. This privacy statement describes how the Accounting Office Mandaatti Group (hereinafter “Mandaatti”) collects, uses, stores and protects personal data.
Mandaatti Group consists of the following companies:
Mandaatti Group Oy (3139369-5)
Tilitoimisto Mandaatti Espoo Oy (2599304-5)
Tilitoimisto Mandaatti Helsinki Oy
Tilitoimisto Mandaatti Tampere Oy (2850000-7)
Tilitoimisto Mandaatti Jyväskylä Oy (3185327-6)
Tilitoimisto Mandaatti Oulu Oy (1793510-1)
Tilitoimisto Avisan Oy (2287907-9)
Mandaatti processes personal data in a number of contexts. In this statement, we use “you/your” to refer to our customers, our potential customers, our customers’ employees or other relevant parties, such as authorised representatives and persons in positions of responsibility.
1. Contact details
Accounting Office Mandaatti
Ratakatu 9 A
+358 400 569 417
2. Personal data that we collect
We collect and process personal data that we have primarily received from you through your communications, messages, visits to our offices or website or, subsequently, when you use our services. We also receive personal data from public sources.
The personal data we process include:
- basic information such as the contact person’s name, title, personal identity number, email address, telephone number; the company’s contact details, business ID, VAT number, company type; country, language
- details of the company’s representatives, their positions, powers and holdings in the client company and other companies; the company’s auditor
- details of the business relationship, payment and billing information, information about services ordered
- information required by the Anti-Money Laundering Act (Act on Preventing Money Laundering and Terrorist Financing, 444/2017) for the identification of customers
- we check your credit rating when we set up a customer relationship with you.
We also collect data through our website using Google Analytics so that we can analyse and improve our website and target relevant marketing to visitors to our website.
3. Purpose of processing personal data
We only collect, store and process your personal data for predetermined
Main uses of the data:
- fulfilment of our contractual obligations
- compliance with legal obligations and requirements
- customer communications and responding to contact requests
- developing our business
- targeting our services to you
4. Legal grounds for the processing of personal data
We ensure that we always have a legal ground for processing your personal data.
We process personal data:
- to implement an agreement in the context of a mandate
- to meet legal obligations
- on the grounds of our legitimate interests in order to provide our services and conduct and develop our business operations
- for consent and cookies
5. Recipients of personal data
Your personal data are mainly processed by persons employed by our company when performing their duties. We transfer personal data between the companies in the Mandaatti Group to the extent necessary to provide high-quality services to our customers.
We may also outsource some of the processing-related tasks, such as the systems used to store and process personal data. When we do so, we ensure that our service providers maintain the confidentiality and that the data are also processed lawfully in other respects. We use service providers that may be located outside the European Union or the European Economic Area. When transferring personal data, we ensure an adequate level of data protection through measures that comply with data protection legislation.
We may also disclose your personal data to fulfil our contractual obligations or as required by law or a competent authority, or if we are involved in a business or asset acquisition.
6. Retention and protection of personal data
We will not retain your personal data for longer than is necessary or required by an agreement or law. Retention periods for personal data may vary depending on the purpose and context.
Your personal data will be retained on our service provider’s servers, which are protected according to the standard practices of the industry. The personal data that we collect and process are considered confidential, and we only disclose personal data to those who need the data in performing their duties and to our customers, in confidence and on a limited basis, in accordance with our service agreements. Access to your personal data is protected by user-specific usernames, passwords and access rights.
7. Disclosing personal data to Mandaatti
If you do not provide Mandaatti with your personal data or authorise the processing of your personal data by Mandaatti, we may not be able to serve you.
8. Rights of data subjects
Data subjects have the following rights:
- Right to erasure (at the end of the data life cycle or if the processing is unlawful)
- Right to withdraw consent (cookies)
- Right to access
- Right to rectification
- Right to object to the processing of their personal data
- Right to restrict processing (if the processing is unlawful)
- Right to data portability
You can exercise your rights mentioned above by contacting the data controller.
If you consider that the processing of your personal data is unlawful, you can also lodge a complaint with the competent supervisory authority.
9. Updating the privacy statement
We update this privacy statement when our operations or privacy policies change. It may also be updated if there are changes to the relevant legislation. Any changes will take effect once we have published an updated privacy statement.