Tietosuojaseloste
Data Protection Policy
Marketing and Newsletters
This policy document lays out the data protection principles applied to the customer and marketing registries used by Confirma Finance for the sending of newsletters and other marketing material to customers and potential customers.
1. Data Controller
Confirma Finance, with its respective companies (specified below) acting on its behalf as Joint Data Controllers.
Confirma Finance is a part of the Confirma Software Group, headquartered in Solna, Sweden under Confirmasoft AB (Swedish Business ID 559203-6486). The main companies acting as joint Data Controllers, belonging to Confirma Finance, are:
- 1. PS Inkasso & Juridik Ab (Swedish Business ID 556784-1258)
- 2. Cash-In Consulting Oy Ab (Finnish Business ID 0646115-8)
The data protection policy does not cover cases where Confirma Finance processes data on behalf of a customer acting as a data controller and where Confirma Finance, as a result, acts as a data processor.
2. Data Protection Officer
Each Joint Data Controller has its own person responsible for data protection. Please consult each Joint Data Controller’s website for contact information.
| Controller | Website |
| PS Inkasso & Juridik Ab | https://psfinancegroup.com/integritet/ |
| Cash-In Consulting Oy Ab | https://www.cash-in.com/fi/tietosuoja/tietosuoja/ |
3. Purpose of Processing Personal Data
The purpose of the processing of marketing data is to provide Confirma Finance’s customers and other data subjects with up-to-date information on Confirma’s products and services, as well as other news that may be of interest to the data subject.
The purpose of marketing data, other than for newsletters and direct business to business marketing, may also be to provide already existing customers and potential customers with new services or products, and to make them aware of what Confirma Finance has to offer.
4. Categories of Personal Data
For marketing, here specifically newsletter purposes, the following categories of personal data may be processed; Name, email address, phone number, organization name
5. Legal Basis for Processing
Confirma regularly sends email messages about the company’s products and services, industry or company developments, and events and occasions organized by Confirma. The processing of the recipient’s data is based on consent given by the data subject during email list registration.
The data subject has an unrestricted right to withdraw their consent to processing, after which all processing based solely on consent will be terminated. Withdrawal of consent generally does not affect processing, as the basis is usually other than consent.
6. Data Retention Period
Confirma retains the contact person’s data as long as they are valid or as long as Confirma has a need for this information to document communication or to defend itself or third parties against asserted claims. If the contact person requests the deletion of data, Confirma will delete all contact person data that is not necessary for statutory requirements, contractual obligations, or legitimate interests.
The data subject has the right to withdraw consent, which in turn ends the retention period for personal data processed based on that consent alone.
7. Data Sources
The personal data processed in the register originate from the data subject themselves, the population information system, trade and business registers, postal registers and government authorities. Confirma Finance may also obtain data from private registers for marketing purposes.
In cases where the data subject is found to be very difficult to reach using the above-mentioned data sources, Confirma Finance may use other reliable sources, such as private address or telephone directories, or foreign authorities.
8. Transfer of Personal Data
Data in the customer register may be transferred to authorized parties, courts, authorities, credit information companies, and other cooperation partners that the customer uses according to the customer’s instructions.
Confirma Finance does not regularly transfer data to recipients outside the European Economic Area (EEA). However, if Confirma Finance exceptionally transfers data to such recipients, for example, when the data subject has moved outside the EEA, it will be ensured that the recipient complies with the requirements of applicable law.
9. Data Subject Rights to Access, Rectification, Restriction, and Objection
The data subject has the right to access the personal data processed about them. Data subjects also have the right to correct inaccurate data and the right to object to the processing to the extent that the processing is based on the public interest or Confirma’s or a third party’s legitimate interest. All data requests and other requests related to rights must be made in writing and in a way that Confirma can verify the identity of the requester.
10. Automated Decision-Making
Confirma Finance does not use automated decision-making in the processing of personal data for marketing purposes.
11. Supervisory Authority
The Finnish Data Protection Authority supervises the processing of personal data in Finland, and the Swedish Authority for Privacy Protection supervises the processing of personal data in Sweden. Data subjects have the right to file a complaint with the supervisory authority.1
12. Cookies