Fondia operates in four countries, each of which is a controller on their behalf.
All inquiries and requests shall be emailed to privacy(at)fondia.com.
Privacy at Fondia
It is important for us at Fondia to respect your privacy and protect your personal data carefully. Our aim is that all processing of personal data is transparent and that is why we have collected all information related to the processing of your personal data to this section.
Fondia Finland
Aleksanterinkatu 11
(Entrance at Kluuvikatu 6 A)
FI-00100 Helsinki
Finland
Fondia Lithuania
Gedimino pr. 20
LT-01103 Vilnius
Lithuania
How do we process personal data?
We have divided the processing of personal data to sections depending on the role in which you want information on the processing of your data. We do not carry out profiling or automatic decision-making.
What data do we process and why?
You may contact us by using the chatbot provided by Leadoo, the forms on our website or book a meeting from our calendar. In these situations, we collect the name, contact details and information on the legal question you need help with. The personal data (contact details and other possible data) you provide is used to contact you at your request and to evaluate how we can best help you. Please do not reveal unnecessary information about your private life when contacting us by these means.
You can also use the form on our website to subscribe to Fondia's company releases, press releases and managers’ transactions. For this purpose, we collect your name and e-mail address, which of the above mentioned releases you would like to receive and in which language you would like to receive them.
If you have consented use of cookies for this website, we use an analytics script provided by Leadoo. This data enriches the information collected from the chatbots and forms and allows for a better understanding of our site users and their behavior.
If you have consented use of cookies for this website, we also use the statistics service LinkedIn Insights for the purpose of the needs-oriented design and continuous optimization of our pages. The LinkedIn Insight Tag enables the collection of data regarding LinkedIn members’ visits to our website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching LinkedIn members across devices), and LinkedIn members’ direct identifiers are removed within seven days in order to make the data pseudonymous. this remaining pseudonymized data is then deleted within 180 days.
Fondia doesn't receive the personal data of LinkedIn members; we only receive reports and alerts (which do not identify LinkedIn members) about Fondia’s website audience and ad performance. LinkedIn Insights also provide Fondia retargeting for website visitors, enabling Fondia to show personalized ads off our website by using this data, but without identifying the member. LinkedIn insight also use data that doesn’t identify LinkedIn members to improve ad relevance and reach members across devices.
The processing is based on your consent. With regard to cookies, you may at any time withdraw your consent on the cookie settings by clicking the cookie on the bottom left of our website.
From where do we receive data?
We collect the data from you when you visit our website.
For how long do we store your personal data?
We store the personal data you have provided us through the chatbot, contact form or calendar booking for as long as they are necessary to contact you and to initiate a possible commission. If you become our customer, the processing of your personal data is described on the section “I am Fondia’s customer or the contact person of the customer”. The information you provide on the subscription form for company newsletters, press releases and executive transactions will be stored for as long as you wish to receive these communications from us. You can unsubscribe from the releases at any time free of charge
The retention periods of cookies are described on the section “Cookies”.
What data do we process and why?
We collect basic and contact details such as name, work email, work phone number and positions in the company of our potential customers.
The purpose of collecting this data is
delivering and developing our products and services to better match your needs
marketing our services to companies
targeting marketing in our web services.
The processing is based on our legitimate interest to ensure the continuity of our business operations and customer acquisition.
From where do we receive data?
We receive data of professional social media networks, contact information service providers and you yourself, when you contact us e.g., via the chatbot on our website, qr code, email, phone or using MyFondia.
To whom do we disclose data? Do we transfer data outside the EU/EEA?
We may disclose data to our co-operation partners that perform marketing or arrange campaigns and events with and for us, and who see themselves as controllers and not processors working on behalf of us (such entities include e.g., various social media players and marketing networks). Other than that, we do not disclose your data to outsiders unless the legislation or authorities require us to do so.
We use international cloud services in the processing of personal data and data may be transferred outside the EU/EEA in connection with those services. We ensure that appropriate safeguards in accordance with the GDPR are used in data transfers.
For how long do we store your personal data?
We direct marketing at companies. The data of the contact persons of these companies is stored for as long as they are relevant for the marketing directed at such company. We delete the data, when we no longer need it for marketing purposes. You have the right to request the deletion of your personal data if you no longer wish to receive marketing from us.
You have the right to request the deletion of your data if you no longer wish to receive marketing from us.
What personal data do we process and why?
We collect the name, work email and phone number and the position in the company of the contact person of our customers.
We collect the data
to manage customer relationships
to execute commissions
for customer surveys
for possible charity donations on your behalf
for invoicing.
The processing is based on our legitimate interest to ensure the continuity of our business, to execute commissions and customer management. In addition, we process data for bookkeeping based on a legal obligation.
From where do we receive the data?
The data is collected from you yourself, our customer company, authorities or credit companies.
For how long do we store your data?
We store your personal data as long as necessary for the purpose of use. The personal data concerning customers is deleted when the limitation or reclamation period regarding a specific customer or service has passed. This period is typically then (10) years.
What personal data do we process and why?
We collect the name, work email and phone number and the position in the company of the vendors to take care of the vendor relationship and for invoicing. The processing is based on our legitimate interest to ensure the continuity of our business. In addition we process data for bookkeeping based on a legal obligation.
From where do we receive the data?
We collect the data from you yourself and the vendor company.
For how long do we store your data?
We store your personal data as long as necessary for the purpose of use. The data concerning suppliers is deleted, when the supplier relationship ends.
What data do we process and why?
We process the following data of our job applicants in order to proceed with the recruitment process:
Basic information such as name, birth date, mother tongue
Contact details such as email address, phone number, home address
Information regarding the position applied for such as information of the type and nature of the employment and information of the contact persons designated for the application process, salary request and information related to starting the job
Other information important in relation to suitability and other information of yourself and you background that you have provided such as photo, study and other educational information, work history (such as employers, start dates and durations of employment and the nature of work tasks), language skills, other special skills, description of personal features, degrees, certificates and evaluations, and references to portfolios, profiles and other sources found on the Internet, referees and the results and details of the personal assessment and suitability assessment carried out with your consent
Information regarding the recruitment process such as information of further interviews or of the interruption of the recruitment process
Other possible information that you have provided voluntarily in connection with the recruitment process or otherwise specifically published in professional purposes such as LinkedIn-profile
The purpose of processing your personal data is to receive and process job applications and to manage our recruitment processes. With the data we can contact the applicants and make decisions when filling the positions
The processing is based on your consent during the recruitment process. You may reverse your consent by withdrawing from the recruitment process.
From where do we receive the data?
We primarily use the data that you have provided us in connection with the recruitment process. By sending us a job application, you give your permission to collect data from your LinkedIn-profile and possible referees. We also use external recruitment consultants that seek for potential employees on behalf of us.
For how long do we store your data?
We store your data for two (2) years after the recruitment process has ended.
Who may you contact, if you want more information on the recruitment process?
For more information on the recruitment process, you may contact Wilma Laukkanen by phone,+358 20 720 5674, or email, wilma.laukkanen(at)fondia.com.
What data do we process and why?
We collect personal data, such as name, title, special diets, allergies and details needed for invoicing, of the participants when they enroll in order to organize and carry out events. We collect the data with your consent. You may cancel your participation at any time before the event by notifying us and we will delete your data.
After the event we process data for invoicing and bookkeeping. Such processing is based on our legitimate interest to take care of invoicing and bookkeeping.
From where do we receive the data?
The data is collected from the participation form that you fill in yourself.
For how long do we store your data?
We store the necessary data of the participants for as long as necessary for invoicing and bookkeeping and other data is deletedafter the event has ended.
What personal data do we process and why?
To manage the commissions given by customers we sometimes have to process the personal data of the people related to the commission. This data may concern the personnel, agreement partners or shareholders of the customer that has given the commission and in dispute resolution also other persons that are on the opposing party or otherwise involved in the matter.
The data typically consists of names and contact details and the descriptions of the events and circumstances relevant to the commission. The data is processed only to the extent necessary to carry out the commission.
The processing is based on our legitimate interest to ensure the continuity of our business and to carry out commissions.
From where do we receive the data?
The data is collected primarily from our customer companies.
For how long do we store your data?
We store your personal data as long as necessary for the purpose of use. The data processed in connection with the commission is deleted when the limitation or reclamation period has passed. This period is typically then (10) years.
Fondia Sága
Fondia Sága is a document generator and a way of drafting customized agreements for the customer with a fixed monthly fee. On Fondia Sága, the customer may form documents themselves and download the documents, when the required information has been filled in. The documents may contain data related to the customer’s employees and contact persons.
The customer is the controller for the personal data processed in Fondia Sága and Fondia processes the data on the customers behalf. The customer and Fondia have signed an agreement on the processing of personal data.
Thomson-Reuters is our sub processor that provides the technical platform for the Fondia Sága service. The data is stored in the EU (Netherlands). Thomson-Reuters uses sub processors for providing the service, on which you can find additional information here.
In principle the data is stored for as long as the service is offered to a customer. The customer may define the retention periods anddelete the data according to their own information management practices.
What data do we process and why?
We collect identifiers and other personal data from our potential and current clients and their contact person/s in connection with the” Know Your Customer” (the KYC) process, for the purpose to
prevent, detect and investigate money laundering and financing terrorism,
bring money laundering, terrorist financing and the crime by which the property or criminal benefit that is the subject of money laundering or terrorist financing has been obtained, under investigation,
execute the obligations related to sanctions, and
evaluate business risks.
From where do we receive data?
Information collected from you or the contact person of the organization.
You need to provide us with the organization's name and business ID, as well as the contact person's name and email address for identification, before we start our cooperation. After this, we will send a link by e-mail for identification. In some cases, we might also request additional information.
The information requested would be:
if the organization have business/clients outside the EU/EEA
if the organization have business/clients in certain high-risk countries
if there are any beneficial owners, and if so, who they are.
if there are any politically exposed persons connected to the company
possible additional information and comments.
If you are client as a private person, we will ask for your address and may also check credit information. If we can’t identify you electronically, we may have to ask for a copy of an identification document such as passport. We save the address, passport number, issuer, date of birth, social security number and nationality of the passport copy.
Information collected from third party
We collect the name, social security number and nationality of the contact person of the organization. Of the beneficial owners, we collect the name, social security number, nationality, email and information on why the person is a beneficial owner. Regarding politically exposed persons we also collect name, date of birth and nationality.
When we add clints to our database, , we also collect a trade register extract, possible payment default records and in some cases a beneficiary register extract of the organization. We might also search for background information from other public sources to confirm the data and backgrounds of organisations and private clients.
The data is updated and collected also during the client relationship as a part of continuous knowing of the client required by the Act on Preventing Money Laundering and Terrorist Financing, for example, when the contact person is changed.
We always screen companies and contact persons against EU, OFAC, OFCA and UN sanction lists.
OFAC - Office of Foreign Assets Control ("OFAC") of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.
Legal ground
The processing is based on a legal obligation, based on the following:
In Finland:
Act on Preventing Money Laundering and Terrorist Financing (444/2017)
EU sanctions
Act on the Fulfilment of Certain Obligations of Finland as a Member of the United Nations and of the European Union
other national decisions of the authorities on sanctions.
In Sweden:
Act (2017:630) on measures against money laundering and financing of terrorism
Act (1996:95) regarding certain International Sanctions
In Estonia:
Money Laundering and Terrorist Financing Prevention Act
International Sanctions Act
In Lithuania:
Law on the Prevention of Money Laundering and Terrorist Financing
Law on the Implementation of Economic and other International Sanctions
Processing is also based on Fondia’s legitimate interest to take care of business risks comprehensively.
For how long do we store data?
We store the identifiers related to the KYC process for five (5) years of the collection of the data in accordance with the Act on Preventing Money Laundering and Terrorist Financing. The data used one-off in the risk assessments is deleted when the assessment has ended.
What data do we process and why?
We collect first name, last name, company, title, phone number and email when you register onto MyFondia.
The processing of personal data is based on our legitimate interest to manage and take care of our customer relationship, to ensure the continuity of our business and customer acquisition.
The purpose of processing the data is to
deliver and develop our products and services to better meet our customers’ needs
take care of the customer relationship
perform direct marketing.
From where do we receive data?
We receive the data primarily from you yourself when you register onto the service or from your company representative.
For how long do we store your data?
The data you provide us when you register is stored for as long as your registration is in effect.
What data do we process and why?
You may contact us by using our chatbot provided by Leadoo, the forms on MyFondia or book a meeting from our calendar. In these situations, we collect the name, contact details and information on the legal question you need help with. The personal data (contact details and other possible data) you provide is used to contact you at your request and to evaluate how we can best help you. Please do not reveal unnecessary information about your private life.If you have consented use of cookies for MyFondia, we use an analytics script provided by Leadoo. This data enriches the information collected from the chatbots and forms and allows for a better understanding of our site users and their behavior.
If you have consented use of cookies for MyFondia, we use the statistics service LinkedIn Insights for the purpose of the needs-oriented design and continuous optimization of our pages. The LinkedIn Insight Tag enables the collection of data regarding LinkedIn members’ visits to our website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or hashed (when used for reaching LinkedIn members across devices), and LinkedIn members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.
Fondia don't receive the personal data of LinkedIn members; we only receive reports and alerts (which do not identify LinkedIn members) about Fondia’s website audience and ad performance. LinkedIn Insights also provide Fondia retargeting for website visitors, enabling Fondia to show personalized ads off our website by using this data, but without identifying the member. LinkedIn insight also use data that doesn't identify LinkedIn members to improve ad relevance and reach members across devices.
The processing is based on your consent. With regard to cookies, you may at any time withdraw your consent on the cookie settings by clicking the cookie on the bottom left of MyFondia.
From where do we receive data?
We collect the data from you when you visit MyFondia.
For how long do we store your personal data?
We store the personal data you have provided us through the chatbot for as long as they are necessary to contact you and to initiate a possible commission. If you become our customer, the processing of your personal data is described on the section “I am Fondia’s customer or the contact person of the customer”. The retention periods of cookies are described on the section “Cookies”.
To whom do we disclose data? Do we transfer data outside the EU/EEA?
Otherwise, than to our processors and to the independent controllers that we are sharing data with as stated in the content of each headline above, we do not disclose data to outsiders unless the legislation or authorities require us to do so.
We use international cloud services in the processing of personal data and data may be transferred outside the EU/EEA in connection with those services. We ensure that appropriate safeguards in accordance with the GDPR are used in data transfers.
Risks and security measures
Fondia uses technical and organisational measures to protect your personal data against loss and unauthorized access. This includes for example secure and private connections (such as VPN), encryption and the fact that access to your personal data is always limited to the employees that need access to be able to perform their tasks and duties. We regularly evaluate our systems, routines, and policies to make sure that they are safe and protected.
For more information, please contact us by using the contact details above in this privacy notice.
What rights do you have?
You have several rights according to the GDPR. If you would like to exercise your rights or if you have any questions, please contact us using the contact details above in this privacy notice.
Right to information
You have the right to be given information on how we process your personal data, which we provide to you through this privacy notice.
Right to access
You can request information about whether we process personal data about you and receive a copy of the personal data we process. The right to access also includes more information about how we process your personal data.
Right to rectification
We have a responsibility to make sure that the personal data that we process are correct. However, you have the right to request that inaccurate information be rectified if you believe that certain information is inaccurate or incomplete.
Right to object
When we process personal data based on our legitimate interest, you have the right to, at any moment, object to the processing. If we cannot demonstrate compelling legitimate reasons for the data needing to be processed, we have to cease the processing.
Right to withdraw consent
If our processing of your personal data is based on your consent, you can at any time withdraw your consent by contacting us by the contact details above in this privacy notice. If you withdraw your consent, it does not affect the legality of the processing of your personal data before your withdrawal.
Right to limitation of processing
You have the right in certain cases to demand that the processing of personal data be limited. This is applicable for example if you have objected to the processing of your personal data. By demanding that the processing be limited, you have the possibility, during a certain time, to stop us from using your personal data for other purposes than for example defence of legal claims. You can also prevent us from deleting the personal data, for example if needed for claiming damages.
Right to erasure
You can in certain cases request that your personal data be erased. We cannot erase your personal data if your personal data is needed to fulfil the purposes for which they were collected, is required to fulfil a legal obligation or when we need to exercise or defend legal claims.
Right to transfer your personal data (data portability)
If we process your personal data to fulfill a contract, you have, in certain cases, the possibility to be given and use your personal data elsewhere, for example to transfer the personal data to another controller.
More information regarding your data protections rights are to be found at your national data protection authority’s website:
In Finland at the Data Protection Ombudsman’s website
In Sweden at IMY’s website.
In Estonia https://www.aki.ee/et
In Lithuania at State Data Protection Inspectorate’s website.
Any input on how we process personal data?
You are welcome to contact us if you have thoughts or input on how we process your personal data or would like more information about the weighing of interests. Please use the contact details above in this privacy notice.
You also have the possible to lodge a complaint to your national data protection authority.
For Finland that is the Data Protection Ombudsman. Instructions for lodging a complaint can be found on the Data Protection Ombudsman’s website.
For Sweden that is IMY. More information about how this process works can be found on IMY:s webpage file a compliant.
For Estonia that is Data Protection Inspectorate of the Republic of Estonia (Andmekaitse Inspektsioon). More information about how this process works can be found on here.
For Lithuania that is State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija). More information about how this process works can be found on the website.
Last updated: March 2024.