Iconics Oy is s a business law firm. We process personal data of our customers and potential customers responsibly to fulfil the assignments or to provide information on how we provide legal services. Data protection is one our core competence areas and therefore the protection of your privacy is a matter of honour to us.
The types of personal data and sources of data
Purposes and legal basis for processing
Data subject’s rights
Information security measures
All of employees take responsibility for protecting our customers’ personal data and privacy. Please call us or send us a message if you have any questions about our data protection practices. Our contact details can be found on “Contact” section of our website.
Please note that iconics.fi website may contain links to third party sites. We do not control these sites. We ask you to familiarise yourself with the privacy policies of these third parties when accessing their sites.
What kind of personal data we process and where do we obtain data?
We process personal data of our customers, such as, name of the contact person, position, phone number, email address, messages and information on company, such as business ID, address and invoicing details. We also process information that may be required pursuant to Finnish laws to identify our customers and to verify the identity of our customer’s contact persons, such as passport copies. We primarily obtain this information from the customer during the customer relationship.
We obtain personal data of potential customers, such as name, position, phone number and email address, from publicly available sources, such as websites of companies, LinkedIn or through our personal contacts or the contact form of our website.
For what purposes we process the date and what is the legal basis for processing?
We process personal data of our customers to fulfil the assignments, to interact with our customers and to invoice our services. This processing is based on contract between us and the data subject or our legitimate interest to fulfill the contract between us and the company which the data subject represents. We retain invoicing details and information required to identify our customers, such as passport copies, to fulfil our legal obligations.
We process personal data of our potential customers to provide information on our services. This processing is based on our legitimate interest to do direct marketing. We truly believe that our way of working leads to cost efficient and business driven solutions which we provide for the benefit of our customers. In our opinion this processing helps you to make decisions on how you want to procure legal services and we have determined that this does not contravene with your interests or your fundamental rights and freedoms. Please note that you can object processing at any time.
How long do we retain personal data?
We retain customer data during the customer relationship and as long as necessary to fulfil our legal obligations, such as those stemming from the Accounting Act or the Act on Preventing Money Laundering and Terrorist Financing. After fulfilling the assignment, we may contact you to gather information on how we succeeded and whether we can assist you in another assignment.
Potential customers often become our customers, but if for some reason this is not the case, we remove personal data of potential customers within a reasonable time from the date we contacted them (no later than within the end of the calendar year).
What kind of rights do you have as a data subject?
We process your personal data in accordance with legislation and your wishes. You can find below information on your rights ensured by the data protection legislation, but if you have any questions or wishes, please do not hesitate to contact us. Our contact details are found on “Contact” section of our website.
Right of access: If you would like to retain a copy of the personal data processed by us, please contact us in writing and attach the necessary information for us to identify you in reliable manner. You may also visit us personally and access your personal data while enjoying a cup of coffee.
Right to rectification: Upon your request we rectify any inaccuracies in your personal data.
Data portability: Upon your request, we provide you with a csv-copy of your personal data.
Right to object: You may object direct marketing and processing of personal data of potential customers which is based on our legitimate interest by contacting us.
Right to be forgotten: We remove personal data which is no longer needed for the purposes described above. You may also request deletion of your personal data.
Right to restrict processing: We restrict processing if, for example, we do not need your personal data for the purposes described above, but instead of deletion of data you request us to store the data.
Right to revoke consent: You may revoke the possible consent given by you at any time.
Where do we transfer data?
We use partners to process personal data. For example, the provider of our customer and invoicing system, our accountant and the provider of our email and hosting services may access personal data. They are data processors which may use personal data of our customers solely to fulfil the agreement with us. We have executed data processing agreements which aim to ensure that your personal data is processed in accordance with applicable data protection legislation.
Some of our partners may be located outside EU or the EEA. If data processing requires that personal data is transferred or accessed outside EU or the EEA, we make sure that the transfer takes place in accordance with the applicable data protection legislation, for example by executing Standard Contractual Clauses by the European Commission.
Do we disclose personal data to third parties?
If we would sell our business, we could disclose personal data of our customers to the buyer. Before the disclosure we would seek your opinion whether you would like to use the services offered by the buyer. Upon your request we may disclose your personal data to our partners, if we consider that our partners could offer you services instead of us or side by side with us. Otherwise, we do not disclose your personal data to third parties, unless law, regulation, court order or other legal requirement compels disclosure.
What kind of security measures do we use?
We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel and partners participating in the processing of personal data.
October 19, 2020 when we took Matomo analytics into use.
June 4, 2019 when we updated the business name of our firm. No modifications to content.
May 24, 2018 we published changes based on EU General Data Protection Regulation (GDPR) becoming applicable.