Purpose of this Privacy Statement
This privacy statement describes how Relais Group Plc (“Relais” or “the data controller”) processes personal data of shareholders, subscribers to the company’s newsletters, visitors to the website and representatives of partners. We are committed to protecting your privacy and to processing your personal data only in accordance with applicable data protection and privacy legislation and good data processing practices. The privacy statement also provides information on the obligations we have to comply with when processing personal data.
We comply with data protection legislation when processing personal data. Data protection legislation refers to the data protection legislation in force at the time, such as the General Data Protection Regulation of the European Union (2016/679) (“GDPR”) and the National Data Protection Act (1050/2018).
Our website may contain links to websites and services of other organizations that we do not control. This privacy statement is not applicable to the use of such third-party websites, so it is recommended that you refer separately to the privacy statements of third parties.
Who processes your data?
Relais Group Plc: 2566730-3
Address: Mannerheimintie 105, 00280 Helsinki, Finland
Who can you contact with questions about data protection?
If you have any questions related about data protection or want to exercise your rights, you can contact: firstname.lastname@example.org
What personal data do we process?
Personal data means any information related to a natural person (“data subject”) which directly or indirectly identifies that person within the meaning of the GDPR. Personal data are any data that can be linked to a natural person. We only collect personal data necessary for the purposes described in this privacy statement.
If you are one of our shareholders, we process the following information about you, such as:
• the name of the shareholder or administrator of the administrative record
• personal identification number or other unique identifier
• contact details
• payment details
• tax information
• number of shares by class of shares
• the CSD party to which the shares are booked in the book-entry account held by the CSD
• information on joint holders
• any other information required by the book-entry system.
If you are a subscriber to our press releases, we process the following information about you:
If you are a representative of one of our partners, we process the following information about you:
• Phone number
• Employer company/organisation
• Position in the company or organisation/job function
• Communication with you
• Details of our meetings
For what purposes and on what basis do we process your personal data?
The processing of shareholder data is based on the Companies Act. The purpose of the data processing is to keep a list of shareholders and their holders of shares included in the book-entry system.
The sending of electronic information, such as stock exchange and press releases, is based on your subscription.
If you are a representative of one of our partners, we process your data for the purpose of implementing, analyzing and developing the cooperation on the basis of the legitimate interest of the company you represent and the contractual relationship.
Where do we get your personal data?
Personal data is collected primarily from you. If you are a shareholder, we also collect your data from the book-entry system. On the basis of the personal identification number provided, the system compares the information provided with the list of shareholders of the company maintained by Euroclear Finland Ltd, which determines the shareholder’s right to attend and vote at the meeting. We may also receive your data from the company you represent or from one of our partners. When giving a proxy, the person also enters the necessary personal data for the proxy.
Who do we share your personal data with?
The information in the register of shareholders is public under the Companies Act. The following information on shareholder notifications is available at the public terminal at the Euroclear Finland Oy customer service desk:
• name and address of the owner or municipality of residence
• date of birth
• ownership details
• waiting list numbers and reason for being on the waiting list
• details of any joint owners.
If the Local Register Office has imposed a restriction on the disclosure of shareholder information (a so-called security ban) and we or the account manager have been informed of the restriction, the residence, address and other contact details of the shareholder entered in the shareholder register will only be disclosed to the authority.
The names and shareholdings of the largest shareholders are also published on our website.
We may disclose ownership and payment information to the Tax Administration for tax purposes. Information may also be disclosed in other cases where required by law.
We use an external service provider Euroclear Finland Ltd for the technical implementation and maintenance of the shareholder register.
We also use the following service providers to process your personal data, which process your personal data on our behalf:
• IT system vendors and other IT service providers
• providers of communication services and press release and stock exchange release distribution services
• website maintenance service providers
• providers of information services
Will we transfer your personal data to a third country?
As a general rule, we will not transfer your data outside the EU/EEA. Euroclear Finland Ltd uses external service providers to maintain its systems, whose partners may operate outside the EU/EEA. In these cases, the security and adequacy of the processing of personal data is ensured by an agreement between Euroclear Finland Ltd and the processor, which takes into account the standard clauses of the European Commission’s General Data Protection Regulation, or by applying other appropriate safeguards.
Retention of personal data
We will keep your personal data for as long as necessary for the purposes for which the personal data are processed, unless we are required by law to keep your personal data for longer. When the personal data is no longer needed, there is no longer a reason to process it, the personal data will be deleted from our records within a reasonable period of time. We will regularly assess the need to retain the data.
What are your rights when processing your personal data?
You have rights under data protection law in relation to the processing of your personal data.
Right of access to and copying of personal data
You have the right to obtain confirmation as to whether we are processing personal data concerning you and to receive information on the processing of personal data as defined in data protection legislation. You also have the right to receive a copy of the personal data we process. If you wish to inspect the data concerning you, you must submit a request to the contact person of the controller email@example.com.
Right to rectification and erasure of personal data
You have the right to request the correction of inaccurate or incorrect personal data. You also have the right to request the erasure of your personal data, subject to the conditions set out in data protection legislation.
Right to restriction of processing of personal data
You have the right to request restriction of the processing of your personal data, subject to data protection legislation.
Right to transfer personal data
You have the right under data protection law to request the transfer of your personal data to another controller.
Right to object to the processing of personal data
You have the right to object to the processing of your personal data on the basis of legitimate interests, subject to the conditions set out in data protection legislation.
Right to withdraw consent to the processing of personal data
If the processing of your personal data is based on your consent, you have the right to withdraw your consent. Please note that the withdrawal of consent has no effect on the processing of personal data carried out before the withdrawal.
Exercise of rights
Requests concerning your rights are made by e-mail or by post. Contact details are at the beginning of this privacy statement.
Right to lodge a complaint with a supervisory authority
You always have the right to lodge a complaint with the competent data protection authority if you believe that your personal data has been processed in breach of the law. The data protection supervisory authority in Finland is the Data Protection Ombudsman
How do we ensure security in the processing of your personal data?
We store your personal data on systems protected by firewalls, personal user rights and passwords and other technical and organizational means generally accepted in the industry at the time.
Our manually maintained records are located in facilities that are inaccessible to unauthorised persons.
Changes to the Privacy Statement
As we develop our services, we may need to make changes and update this privacy statement. We recommend that you review the contents of this privacy statement regularly.