In the Credit Information Act, personal credit data on private individuals refer to data which concerns the payment ability or willingness to pay of a natural person or company. Credit data also comprises the data which in some other way describe the person's or company's ability to meet their engagements and which are used when granting or controlling credits.

According to the Credit Ihformation Act, private individual's credit data can only be disclosed for credit granting or credit controlling, and for other corresponding purposes mentioned in the Act. Legal purposes of use are listed in Section 19 of the Credit Information Act.

Credit granting also refers to an agreement comparable to xredit trade, meaning that data can be used in this case. Credit controlling means that the person has unpaid credit or an open account with credit, in which case the credit grantor uses the data in their own credit controlling. In addition, credit data can be used, for example, in debt collection.

Employment
Credit data can be legally used also for employment or other similar purpose. Data can be used for employment when the employer hires a person to a duty, in which the employee has direct financial responsibility over the employer's property or when the employment otherwise requires special trust.

Reporting the purpose of use
The user of personal credit data is always obligated, when making a credit data query, to inform the purpose for which the data will be used. A trace of the query made and the inquirer will stay in Asiakastieto's files.

The significance of personal credit data in working life has increased. Data is especially used in employment for assessing employees' reliability.

The employer's right to use a work applicant's credit data is limited to the following:
- tasks including rights of decision or independent discretionary power to make considerable financial commitments;
- tasks in which the duty comprises the granting and controlling of financially significant credits;
- tasks for the management of which the employer grants access to protected business or professional secrets of the employer or its customer;
- tasks the management of which requires such rights to use data systems, with which employer's or its customer's assets can be transferred or data relating to these can be altered;
- tasks an essential part of which is to handle without direct supervision large amounts of money, securities, or valuables.,
- tasks which comprise the guarding of the employer's or its customer's property; or
- tasks the nature of which principally includes working in a private home without supervision.

If the employer acquires credit data, it has to inform the employee from which file the data has been obtained. When viewing personal credit data in Asiakastieto's web services the user has to choose the purpose of use according to the law, in which also the assessment of an employee is included. Other specified purposes of use are e.g. the planning of debt collection, renting an apartment, and granting a guaranty or pledge.

The employer has the right to use only the personal credit data of an employee already chosen for the task when the work requires special reliability and there is a possibility to pursue illegal financial gain in the work. The employer has the corresponding right also if the employee's tasks change during the working relationship so that they meet the above-mentioned criteria.

According to the Credit Information Act credit data can be used for credit granting and credit controlling. It must be noted that credit granting is not limited to the granting of money credits only, but also other granting of payment time (e.g. selling goods on credit) is considered credit granting.

In addition to this, personal credit data may be used
1) if this is separately regulated by law, or if the giving of data is based on the right to obtain data, prescribed for authorities in the law.

2) for granting contributions given by the authorities for business operations, if the data subject is a person in charge of the company applying for contribution.
3) for the planning of debt collection
4) for approving or giving a guaranty or a third-party pledge
5) for making a tenancy agreement
6) for defining terms of contract, if this concerns such a contract that, according to law, one cannot refuse to make.
7) for preparing a certificate or recommendation on the ability of the data subject to see to their obligations on their request to be given to a credit institution or insurance company, and for realising the obligations concerning the prevention or clarification of money laundering.
8) for assessing a work applicant and employee in the manner prescribed elsewhere in the law.
9) for assessing the ability of a company and its person in charge to meet their obligations as contractual parties and when choosing a person as person in charge in the company.
10) for scientific research, compilation of statistics, and authority's planning and investigation assignment taking into account what has been prescribed in the Personal Data Act.

Credit data on a person with business involvement can be used when assessing the company's and its person in charge's ability to meet their commitments as contractual parties and when choosing a person as person in charge in the company.

Nevertheless, it has to be taken into account that this does not refer to the assessment of a person in charge for credit granting only, and this does not even have to be linked to credit granting. The assessment of a company can be made, for example, when the company searches for co-operation partners or assesses a company to be purchased. Also in this case it is allowed to ask for the personal credit data of company's persons in charge. Personal credit data on a person with business involvement can also be requested for the granting of contributions by the authorities for business operations, if the data subject is a person in charge in the company applying for contribution.

The disclosure and use of data on the participation in companies (data on the companies in which the person is a person in charge) is allowed without any specific reason or grounds. The data can be requested without restrictions.

A person cannot forbid the disclosure of their credit data. Requesting the data is always allowed for the legal purposes mentioned in the law.

The scope of application of the Credit Information Act is general and wide. The Act concerns all processing of data, also their request. It has to be taken into account that credit data does not refer to data obtained from the credit data file only. It refers to all data that is used in credit granting or controlling. Even data in companies' own customer files are credit data, if they are used for this purpose.

Compared with the Personal Data Act, the Credit Information Act emphasizes the responsibility of those processing the data. This can be seen e.g. in the regulation concerning the disclosure of personal credit data. According to the Credit Information Act, personal credit data can be used and disclosed to be used for the purposes stated in the Act.

The keeper of a credit data file is entitled to trust the notification on the grounds of disclosure. The party disclosing the data (controller) has no explicit obligation to check the correctness of the notification.

Regulations in Chapter 2 of the Act concern as such all parties engaging in the processing of credit data. As a general regulation it is stated in Section 5 of the Act that the parties processing the data have to comply with good credit data practice. The section states the legislator's impression on what is understood with this practice.

Section 6 of the Act gives general regulations as to what kind of data can in general be considered to be processed as credit data. Section 7 of the Act states regulations on data security and documentation of the processing.

For the part of consumer credit defaults the company reporting data to the credit data file is obligated to inform the credit data file of a payment relating to such a debt.

The data user's obligation to inform of the use of data will change. The information can be given unofficially, for example, verbally, in terms of contract, or on printed material.

The obligation to inform does not concern all purposes of use.

According to Ssection 29 of the Act the party who acquires credit data for credit granting, credit controlling, guaranty or pledge, tenancy agreement, or for defining terms of contract for the acquisition of necessities, has to inform the other party of the use of data.

Information on the use of the service can be given either beforehand or afterwards. Nevertheless, the credit applicant need not be given specific information that the credit has been refused due to an entry.

According to Section 20 of the Act the right to use personal credit data can only be given to a named person. Joint user identifiers are not permitted. The requests and use of data have to be monitored.

According to the Personal Data Act, the data subjects inquiring their own data have to be told to whom their personal credit data has been disclosed during the past six months.

The Credit Information Act prolongs this period relating to the inspection right. According to Section 30 a natural person has the right to know to whom their personal credit data has been disclosed during the past 12 months.

This also means that Asiakastieto's client must be able to provide Asiakastieto with an account concerning the grounds for the personal credit data inquiry for 12 months from the making of the inquiry. Thus the client has to file data on the grounds of the inquiry for approximately 13 months instead of the previous approximately 7 months. This way persons inspecting their own data can be given an account on the grounds of the inquiry during the period stated in the Act.

According to Section 31 of the Act the party to whom erroneous data has been disclosed, has to be informed of the rectification of an error in the credit data file. It is considered to be good credit data practice that the user of data also processes the error notification and corrects the decision made on the basis of possible erroneous data.

The obligation to observe secrecy according to the Credit Information Act concerns all parties processing the data. In this way also credit data in companies' customer files fall within the scope of the legitimate obligation to observe secrecy.

The Act extends the penalty threat to all parties who process data to be recorded into the credit data file contrary to law.

The user of data can give the information unofficially, for example, verbally, in the terms of contract, or on printed mateial. The obligation to inform does not concern all purposes of use.

According to Section 29 of the Act the party who acquires credit data for credit granting, credit controlling, guaranty or pledge, tenancy agreement, or for defining terms of contract for the acquisition of necessities, has to inform the other party of the use of data. br>
Information on the use of data can be given either beforehand or afterwards. Nevertheless, the credit applicant need not be given specific information that the credit has been refused due to an entry.

In Section 27 of the Credit Information Act it is prescribed what data can be used when recording a creditworthiness class into the credit data file or when forming the creditworthiness class obtained with it. This paragraph in the law is directed only to parties engaging in credit data activities and its significance is limited to situations in which this party (external credit rating company or controller) prepares credit classifications or other assessments of companies.

The paragraph in question does not in any way restrict how a company itself uses different data when assessing another company. When assessing another company, the company can, for example, inquire and use personal payment defaults of the other company's persons in charge without the restrictions stated in Section 27.

Read more »

Entry in the credit data file	Recording time (years)	Change in the recording time	Section in the Credit Information Act
Payment default entry (data concerning lack of means or judgment by default on demand for payment)	3		Credit Information Act, Section 18, Paragraph 6
A claim causing a 3-year payment default entry is paid (no other payment defaults in the file) and data on the settlement of payment is delivered to Asiakastieto.	2	The recording time is shortened by one year. If the claim is paid after 2 years, the entry will be erased as data on the settlement of payment is delivered to Asiakastieto.	Credit Information Act, Section 18
A new payment default entry is obtained during the time of validity of the payment default entry	of the former 4 of the new 3	The recording time of the payment default entry obtained earlier is prolonged to four years.	Credit Information Act, Section 18

The person can thus influence the recording time for the payment default. A proof of the debt having been paid has to be delivered to Asiakastieto.

The reform of the Credit Information Act changed the recording and presentation practices for payment default entries caused by enforcement actions. The reforms entered into force on 1.4.2010, and Suomen Asiakastieto Oy has taken them into account in its files.

In the future a debt becomming statute-barred also erases the payment default entry caused by it. A normal debt becomes statute-barred after 15 years from the rendering of the judgment for payment. Concerning new entries recorded after the entry into force of the Act, Asiakastieto erases the entries automatically. Asiakastieto gets data on the debt fbecoming statute-barred from the enforcement authorities in connection with the lack-of-means entry.

For the part of entries currently in the file, Asiakastieto will erase the entry based on an expired debt on the basis of the distraint officers request. Distraint officers are obligated to inform Asiakastieto of such lack-of-means entries in which all debts have expired.

The data subject (debtor) can also request the erasure or alteration of an entry based on a statute-barred debt by presenting Asiakastieto with material on the basis of which it can be stated that the debt behind the entry has expired.

On the basis of the regulation, entries will be erased only if the debt becoming statute-barred has occurred according to the so-called 15-year rule. The regulation does not concern e.g. statute-barred taxes.