Privacy policy

Our business is mainly based on the processing of personal and company data. Taking into account and having respect for data protection and privacy are an essential part of our business activities. Legislation and public authorities impose higher than average demands on our operations. By the good management of data protection we want to make sure that we are able to offer our clients high quality services also in the future

In the privacy policy approved by the management, we have defined the principles and procedures by which we aim to grant high quality services and high standard of data protection.

 

Acquisition and processing of data

We acquire our data from reliable sources only. Our data sources comprise the data subjects, the authorities, and reliable partners. The registration of data is based on law or on agreements made with the suppliers. The high standard of data is secured by agreements. The acquisition and recording processes of data are continuously developed in order to maintain the quality standard of data also in the future.

Our data systems and the services provided by us have been designed and built taking into account data security and protection. The data processing processes are controlled and improved on a continuous basis. In the data systems, the need of the personnel to process data in their own duties has been taken into account by generating rights of use of different levels.

The services provided by us are produced professionally and confidentially. The professionalism of the personnel is seen to by continuous training. The training also includes training in data protection. The personnel has undertaken to keep secret all confidential data obtained in the work.

Our company has a team handling matters concerning data protection and privacy. The team consists of experts of different sections. Together with the personnel, the team follows and develops the data protection in our company

 

Data groups formed of data subjects

Personal credit data

Personal credit data are credit data on a private natural person. The processing of personal credit data is strictly regulated in the Credit Information Act. The Act defines the permitted personal credit data and their recording times. Personal credit data mainly comprise payment default data confirmed by the authorities.

The Act also includes exact provisions for the permitted purposes of use of the data. Personal data shall be processed in compliance with good processing practices formed. These practices are followed and developed on a continuous basis. We have negotiated with the data protection authorities on several practical matters relating to the processing of personal credit data.

The use of our services providing personal credit data always requires a client contract. On the basis of the client contract, the users of data are given personal user IDs, with which it is possible to make a credit data inquiry on a consumer. In connection of a consumer credit data inquiry, we always register the purpose of use for the personal credit data, supplied by the client. In this way, we try to make sure that the personal credit data are used in accordance with the law.

The Credit Infocmation Act obligates Suomen Asiakastieto Oy to also provide service for individual consumer customers. The identity of these customers is identified by using the Tupas service of the banks.

Personal data of persons with business involvement

A person with business involvement is a natural person, who has or has been a person in charge in a company (Credit Information Act, Section 3) or operated in some other position of responsibility in the company. Such persons are, among others, persons in the company's management . The personal data of persons with business involvement may be processed more comprehensively than the personal data of consumers.

The Credit Information Act contains regulations on the processing of data on persons in charge.

The personal data of persons with business involvement have mainly been obtained from the Trade Register and other official registers. Data on persons with business involvement are also obtained from companies themselves.

Company data

In Finland, several pieces of data on companies engaging in business activities are public and easily available to all. It has not been the wish to restrict the use of company data. Because of this, for example, the company data at the Trade Register are public and accessible to all.

At present, company data are used for several purposes. For companies it is important that enough reliable, up-to-date data are available on companies. For us it is very important that our clients using the data are given the right picture of the company's financial standing. To ensure this, we process company data competently, according to good processing practice, and taking into account the interest of companies in the databases. Data on companies are principally gathered from the Trade Register and other public registers. We also collect a lot of data from companies themselves.

 

Disclosure of data to clients

The most important value of our company is the satisfied client. To ensure this, we produce and provide our clients with high-quality data and services. The high-quality services also include taking the data protection into consideration. Taking the data protection into account for its part makes sure that, in the future, Suomen Asiakastieto Oy has the possibility to offer services of still higher quality to satisfied clients.

Another important value of our company is reliability. The co-operation with clients is based on mutual trust. We want to be a reliable partner also in the future. Thus, it is important for us also to see that the confidential data obtained from the clients and concerning the clients stay confidential.

We require from our clients that privacy and data protection be taken into account in the use of our data. In the client contracts, our clients undertake to follow data protection. We train and guide our clients in the use of our data. We inform our clients of changes and reforms related with data protection. We have endeavoured to make sure that the data are used according to good data processing practice by technical solutions in our systems, by instructions directed to the users, and by other respective ways. We actively follow the processing of our data. If we discover use in contrary to the contract, we shall immediately intervene.

The Credit Infocmation Act obligates Suomen Asiakastieto Oy to also provide service for individual consumer customers. The identity of these customers is identified by using the Tupas service of the banks.

 

Openness towards data subjects

For the reliability of our company and the social acceptability of our operations it is important that we are open towards the data subjects. Openness is put into practice, for example, by the following means:

As controller, we have drawn up descriptions of file of our personal data files The descriptions of file can also be viewed at our consumer information desk. The principles of the processing of personal data and the rights of the registered are disclosed in the descriptions of file.

A registered person or company can control their own data, when they so wish. A person can him-/herself come to control the data, or he/she can send a control request by fax or by mail. If the person has payment defaults, he/she gets to know, to whom the payment default data has been disclosed during the past 12 months. A person can control the data without charge once a year. For companies the control is mainly subject to a charge.

Persons have been given the possibility to buy their own credit data (extract, Credit Information Act, Section 10, Paragraph 3) through the Internet service.

We pursue the controller's information duty concerning the processing of personal data according to Section 24 of the Personal Data Act in several different ways. We inform of the processing of personal data of private individuals together with the Trade Register. We inform persons of the ways of data processing on our home pages and by client letters.

Persons and companies are always sent a notification of the first payment default. Thus we want to make sure that the possible payment default entry is known to the person or company. In unclear cases the person or company can then immediately react to the matter.

The Credit Information Act requires that the user of data shall inform the persons of the use of personal credit data. We inform our clients of this duty. This way persons can make sure that their data is used in a legitimate manner. We inform our clients of this duty.

If our database contains an error, it is corrected as soon as possible. We have generated appropriate practices for the error correction.

 

Co-operation with different interest groups and authorities

Suomen Asiakastieto Oy co-operates with different interest groups and authorities. Because the operation of Suomen Asiakastieto Oy is socially significant, we co-operate with different administrative sectors. We are in co-operation with interest groups of the commercial and economic life and with those representing the data subjects.

 

Internationality

Suomen Asiakastieto Oy participates in international activities. We have undertaken to comply with the rules of good data processing practice of the federations of international credit information agencies FEBIS (Federation of Business Information Services) and ACCIS (Association of Consumer Credit Information Suppliers) .

Data protection has an important status in commercial co-operation. The different data protection legislation in different countries and the way of processing data are part of the international activities. In Suomen Asiakastieto Oy, it is important to know international legislation and data protection. We use the international co-operation network as support. Thus, we make sure that the data produced by us and provided by our foreign co-operation partners are processed according to the law also in international matters.

 

The authority controlling data protection

The Data Protection Ombudsman is an authority, who guides, advises and controls the processing of personal data in accordance with the Personal Data Act. The Data Protection Ombudsman exerts power in issues related to the implementation of the right of verification and the correction of personal data and provides solutions related to the compliance with the legislation concerning the keeping of registers and for the realisation of the rights of the data subjects.

 

Updating the data protection principles

The data protection principles are in accordance with our present practice. We update the principles on a regular basis, and inform our co-operation partners of the changes.