ACQUISITION AND PROCESSING OF DATA

We acquire our data from reliable sources only. Our data sources comprise the data subjects, the authorities, and reliable partners. The registration of data is based on law or on agreements made with the suppliers. The high standard of data is secured by the agreements. The acquisition and recording processes of data are continuously developed in order to maintain the quality standard of data also in the future. Our data systems and the services provided by us have been designed and built taking into account data security and protection. The data processing processes are controlled and improved on a continuous basis. In the data systems, the need of the personnel to process data in their own duties has been taken into account by generating rights of use of different levels. The services provided by us are produced professionally and confidentially. The professionalism of the personnel is seen to by continuous training. The training also includes training in data protection. The personnel has undertaken to keep secret all confidential data obtained in the work. Our company has a team handling matters concerning data protection and privacy. The team consists of experts of different sections. Together with the personnel, the team follows and develops the data protection in our company.

DATA GROUPS FORMED OF THE DATA SUBJECTS

Personal credit data Personal credit data are credit data on a private natural person. The processing of personal credit data is strictly regulated in the Personal Data Act. The Act defines the permitted personal credit data and their recording times. Personal credit data mainly comprise payment default data confirmed by the authorities. The Act also includes exact provisions for the permitted purposes of use of the data. Personal data shall be processed in compliance with good processing practices formed. These practices are followed and developed on a continuous basis. We have negotiated with the data protection authorities on several practical matters related with the processing of personal credit data. The use of our services providing personal credit data always requires a client contract. On the basis of the client contract, the users of data are given personal user IDs, with which it is possible to make a credit data inquiry on a consumer. In connection of a consumer credit inquiry, we always register the purpose of use of the personal credit data, supplied by the client. In this way, we try to make sure that the personal credit data are used in accordanve with the law. Personal data of persons with business involvement A person with business involvement is a natural person, who operates or has operated in business life, and whose data may be of significance when assessing a company, corporation, or foundation. Such persons are, among others, persons in the company's management or among the largest owners. The personal data of persons with business involvement may be processed more comprehensively than the personal data of consumers. Concerning persons with business involvement, we have drawn up codes of conduct according to Section 24 of the Personal Data Act, which have been approved by the organisations of the business life and representatives of entrepreneurs. The codes of conduct based on the Personal Data Act guide the controllers engaging in credit data activities and the users of data to the processing of personal data in compliance with the law and good register practice. We follow the codes of conduct in our own activities. The personal data of persons with business involvement have mainly been obtained from the Trade Register and other official registers. Data on persons with business involvement are also obtained from companies themselves. Company data In Finland, several pieces of data on companies engaging in business activities are public and easily available to all. It has not been the wish to restrict the use of company data. Because of this, for example, the company data at the Trade Register are public and accessible to all. At present, company data are used for several purposes. For companies it is important that enough reliable, up-to-date data are available on the company. For us it is very important that our clients using the data are given the right picture of the company's financial standing. To ensure this, we process company data competently, according to good processing practice, and taking into account the interest of companies in the databases. Data on companies are principally gathered from the Trade Register and other public registers. We also collect a lot of data from companies themselves.

DISCLOSURE OF DATA TO CLIENTS

The most important value of our company is the satisfied client. To ensure this, we produce and provide our clients with high-quality data and services. The high-quality services also include taking the data protection into consideration. Taking the data protection into account for its part makes sure that, in the future, Suomen Asiakastieto Oy has the possibility to offer services of still higher quality to satisfied clients. Another important value of our company is reliability. The cooperation with clients is based on mutual trust. We want to be a reliable partner also in the future. Thus, it is important for us also to see that the confidential data obtained from the clients and concerning the clients stay confidential. We require from our clients that privacy and data protection be taken into account in the use of our data. In the client contracts, our clients undertake to follow the data protection. We train and guide our clients in the use of our data. We inform our clients of changes and reforms related with the data protection. We have endeavoured to make sure that the data are used according to good data processing practice by technical solutions in our systems, by instructions directed to the users, and by other respective ways. We actively follow the processing of our data. If we discover use in contrary to the contract, we shall immediately intervene.

OPENNESS TOWARDS THE DATA SUBJECTS

For the reliability of our company and the social acceptability of our operations it is important that we are open towards the data subjects. Openness is put into practice, for example, by the following means: As controller, we have drawn up descriptions of file of our personal data registers. The descriptions of file can also be viewed at our consumer information desk. The principles of the processing of personal data and the rights of the registered are disclosed in the descriptions of file. A registered person or company can control their own data, when they so wish. A person can him-/herself come to control the data, or he/she can send a control request by fax or by mail. If the person has payment defaults, he/she gets to know, to whom the payment default data has been disclosed during the past 6 months. A person can control the data without charge once a year. For a company, the control is mainly subject to a charge. We carry out the controller's information duty concerning the processing of personal data according to Section 24 of the Personal Data Act in several different ways. We inform of the processing of personal data of private individuals together with the Trade Register. We inform persons of the ways of data processing on our home pages and by client letters. Persons and companies are always sent a notification of the first payment default. Thus we want to make sure that the possible payment default entry is known to the person or company. In unclear cases the person or company can then immediately react to the matter. If a negative decision has been caused by personal credit data, the user of the data, i.e. our client has the obligation to inform the person of this. Thus, the person can make sure of the legal use of the data. We inform our clients of this duty. If our database contains an error, it is corrected as soon as possible. We have generated appropriate practices for the error correction.

COOPERATION WITH DIFFERENT INTEREST GROUPS AND AUTHORITIES

Suomen Asiakastieto Oy cooperates with different interest groups and authorities. Because the operation of Suomen Asiakastieto Oy is socially significant, we cooperate with different administrative sectors. We are in cooperation with interest groups of the commercial and economic life and with those representing the data subjects.

THE AUTHORITY CONTROLLING THE DATA PROTECTION

The Data Protection Ombudsman is an authority, who guides, advises and controls the processing of personal data in accordance with the Data Protection Act. The Data Protection Ombudsman exerts power in issues related to the implementation of the right of verification and the correction of personal data and provides solutions related to the compliance with the legislation concerning the keeping of registers and for the realisation of the rights of the data subjects.

INTERNATIONALITY

Suomen Asiakastieto Oy participates in international activities. We have undertaken to comply with the rules of good data processing practice of the international credit information agencies FEBIS (Federation of Business Information Services) and ACCIS (Association of Consumer Credit Information Suppliers) . Data protection has an important status in commercial cooperation. The different data protection legislation in different countries and the way of processing the data are part of the international activities. In Suomen Asiakastieto Oy, it is important to know international legislation and data protection. We use the international cooperation network as support. Thus, we make sure that the data produced by us and provided by our foreign cooperation partners are processed according to the law also in international matters.

UPDATING THE DATA PROTECTION PRINCIPLES

The data protection principles are in accordance with our present practice. We update the principles on a regular basis, and inform our cooperation partners of the changes.

Additional information

Additional information on the privacy policy is available from our Consumer Information, tel. 09 -1488 6256 or kuluttajaneuvonta@asiakastieto.fi