1. Controller

Seppo Laine Oy

Porkkalankatu 24, 00180 Helsinki

(09) 6859 560

(hereafter ”us” or ”Seppo Laine”)

2. Contact person for register matters

privacy@laineip.fi

3. Name of register

Seppo Laine Oy’s customer, supplier and marketing register

4. For what purposes do we process personal data?

We process personal data for the following purposes:

  • delivery and development of our IPR-services to meet our customers’ needs better
  • purchase and order of our services and products needed to maintain our business
  • fulfilment of contractual obligations and other undertakings of the company
  • management of customer relations
  • organizing events
  • sending newsletters and other email marketing
  • contacting potential clients
  • providing information of our services
  • electronic and direct marketing
  • analyzing and profiling the behaviour of a customer or other data subject.

5. What is the legal basis of processing personal data?

When we process personal data for the aforementioned purposes, our processing is often based on;

  • obligations consequent upon agreements or to carry out actions prior to making an agreement on the contracting party’s request
  • fulfilling statutory obligations related to our services
  • our legitimate interest as a controller such as the maintenance and administration of customer relationships and invoicing
  • consent given to us by the data subject.

6. What data do we process?

We process the following personal data in connection with the customer, supplier and marketing register:

  • basic information of our customers and suppliers such as name, customer number, number of the commission, information concerning the employer and professional position/title
  • contact information of our customers and suppliers such as email address, phone number, address
  • information regarding the customer relationship and contract such as information of past and existing contracts and orders, other transactions such as correspondence with the customer and other references and information regarding invoicing and tracking of costs
  • information we have received in connection with performing commissions and other services such as the name of the inventor and designer and the name of holder of the copyright and trademark, address, email, phone number and nationality, in some cases regarding foreign patent- and design applications, a copy of the passport or a passport number of the applicant and/or inventor or designer
  • event participation details and possible information regarding the event, such as food limitations
  • information provided by the data subject to us in connection with the events and meetings
  • information provided to us by our partners such as foreign IPR representatives and equivalent service providers and their customers
  • information regarding the telecommunications link and the terminal device used by the data subject such as IP address, device ID or other device specific identifier
  • information we have collected from public sources such as websites of companies and data available in public registers
  • other possible information collected based on the consent of the data subject such as the data regarding the subscribers of our newsletter

7. From where do we receive information?

We receive data primarily from the data subject, the employing companies of the data subjects, authorities, credit information agencies, contact information service providers and other similar reliable sources.

For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources such as newspapers and news, professional social media networks, websites of companies, trade register, register of patents and design databases. In addition, we collect data of the visitors of our webpages.

We may collect and update personal data for aforementioned purposes also from authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.

8. To whom do we disclose and transfer?

Our commissions may involve disclosing personal data to authorities such as authorities handling patent, design and trademark applications and to foreign IPR representatives, law offices or equivalent service providers on a case-by-case basis if the management of the commission requires it.

We use subcontractors that process personal data on behalf of and for us, especially when the use of our data systems requires technical support. In that case our subcontractor may have access to our data systems that contain personal data for limited time to enable technical support.

Other than that, our subcontractors’ access to the personal data we have collected is very limited since we save personal data only on our own server located in Finland and we take care of its administration and protection ourselves.

9. Do we transfer data outside of the EU or EEA?

In general, we do not disclose personal data outside of the EU or European Economic Area (“EEA”).

In case our commission requires applying for a patent, trademark or

design or managing such rights outside the EU or EEA, we need to disclose personal data to international or local registration authorities and/or IPR representatives, law offices or equivalent service providers outside the EU or EEA.

10. How do we protect the data?

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use a system containing personal data. Their access to the databases containing personal data is also restricted on case-by-case basis.

Each user has a personal username and password to the system. The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

11. For how long do we store the data?

We store personal data for as long as is necessary considering the purpose of the processing. The personal data in the customer and supplier register is typically removed after the period for filing a suit or reclamation regarding certain customer or supplier relationship has expired. We may, however, store personal data related to the IPR rights we have registered on behalf of our customer for a longer period for the renewal of these rights and to monitor them on the request of the customer.

We store the personal data collected for marketing purposes until the data subject requests us to quit processing their personal data for these purposes.

We regularly assess the need for data retention in light of the applicable legislation. In addition, we take reasonable measures to ensure that the personal data in the register is not incompatible, obsolete or inaccurate considering the purpose of the processing. We rectify or delete such information without delay.

12. What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of erroneous, outdated, unnecessary or illegal data. If the processing is based on your consent, you also have a right to withdraw your consent.

As a data subject, you have a right, according to EU’s General Data Protection Regulation to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

For specific personal reasons, you also have the right to object to profiling and other processing operations, when the processing of your data is based on our legitimate interest. In connection with your request, you will need to identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.

As a data subject you have the right to object to processing at any time free of charge, including profiling in so far as it relates to direct marketing.

13. Who can you be in contact with?

All contacts and requests concerning this privacy notice must be submitted in writing to the email address set out in section two (2).

14. Changes in the Privacy Notice

Should we make amendments to this privacy notice we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you kindly review these privacy protection principles from time to time to ensure you are aware of any amendments made.