Privacy Policy

I&O Partners Attorneys Ltd is committed to protecting your privacy and personal data and we process all your personal data in accordance with the applicable data protection legislation. In this Privacy Notice we inform you how we collect and process personal data of our clients and other individuals relating to our client assignments, our prospective clients, service providers and other business contacts, and what your data protection rights are.

By personal data we refer to any data that allows the identification of a natural person. Processing means any operation performed on that personal data, such as collection, recording, organisation, storage, use, combination, disclosure, transfer, deletion or erasure.

Personal Data We Collect

In connection with our business activities and the services we provide, we collect and process the
following types of personal data:

  • name, date of birth, address, e-mail address, telephone number, fax number, title or position in the company or organisation you represent;
  • information that we are required to collect due to our statutory obligations relating to know-your client and anti-money laundering procedures, and by the rules of the Finnish Bar Association relating to the performance of conflict of interest checking processes, such as id or passport information, political exposure and beneficial ownership;
  • other information relevant for the handling of our client assignments, which depending on the nature of the assignment, may include personal data relating to the client, the client’s family members or other beneficiaries, employees, business partners and/or counterparties, and special categories of data to the extent necessary for the handling of the assignment.

How Do We Collect Data?

We collect personal data when contacted by a client seeking legal representation for itself or on behalf of an organisation, when contacted by or when we contact you or your organisation concerning the provision of services to us, and for maintaining other relevant business contacts.

The personal data we process is mainly obtained from our client or other business partner directly, through emails and other communication and documentation you provide to us. We may also process personal data obtained from counterparties or their counsels, government agencies, credit information service providers and publicly available records and sources as well as data generated by us internally in the course of handling our client assignments.

How Do We Use Your Data?

We will process your personal data for the purposes of:

  • client identification and anti-money laundering procedures and performance of conflict checks;
  • management and administration of client assignments and providing legal services to our clients;
  • processing of payment, billing, collection, accounting, auditing and related support services;
  • management and administration of business relationships; and
  • business development and marketing and maintenance of contact lists.

Your personal data will not be subject to automated decision making.

What are the Legal Grounds for Processing Your Data?

Your personal data may be processed on one or more of the following legal grounds:

  • to comply with our legal obligations;
  • for the purposes of performance of our obligations under an agreement with you;
  • our legitimate interest, or that of a third party, to the extent not overridden by your interests or fundamental rights or freedoms; or
  • your expressly given consent.

If we process your personal data based on your consent, you have the right, at any time, to withdraw your consent to that processing. Please note, that if you withdraw your consent to processing of necessary personal data, we may not be able to continue our business relationship or continue providing services to you.

Disclosures of Your Data

We will not disclose your personal data to any third parties unless we are required to do so either by law, in order to assert or defend against legal claims, or for the handling of our client’s assignment, which may involve disclosure of personal data to counsels, advisors and other third parties involved in the assignment, including parties based outside the EEA.

We may need to allow certain access to your personal data to our external service providers who process data on our behalf, mainly for the purposes of maintaining our IT systems. All our service providers are obliged by their service agreement to process data only on our behalf and for the agreed purpose and have entered into appropriate data protection agreements with us.

Transfers of Your Data

We do not regularly transfer personal data outside the EEA, with the exception of certain processing that due to the technical environments of our external IT service providers may be necessary for the maintenance of our IT systems. Any transfers of personal data outside the EEA will be made only subject to appropriate safeguards as required by the applicable data protection legislation.

How Do We Protect Your Data?

We have implemented, and maintain appropriate technical and organizational security measures to protect your personal data against accidental, unlawful or unauthorized access, use, disclosure, alteration, destruction or loss. We have put in place internal security policies and procedures for the protection of personal data and our systems comply with the applicable industry standards. Your personal data will be processed only by such personnel who have a need to access it for the purpose for which it was collected. Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.

How Long Do We Keep Your Data?

We will only process your personal data for as long as necessary for the purpose we collected it for, or for complying with the rules of the Finnish Bar Association or other legal requirements applicable to us. In order to assert or defend against legal claims, we may retain certain data until the end of the relevant statutory limitation period or until the claim has been settled. Retained data will be stored separately and will not be processed for any other purpose. Please contact us if you would like further information about specific retention periods for your personal data.

What are Your Rights?

The applicable data protection legislation provides you with certain rights regarding the processing of
your personal data. These rights include:

  • Access: You have the right to request access to your personal data that we process and, with certain exceptions, to obtain copies of that data;
  • Rectification: You have the right to request that any inaccurate, incomplete or obsolete data be rectified;
  • Objection: You have the right to object to the processing of your personal data in certain circumstances, including for marketing purposes;
  • Restriction: You have the right to request us to restrict the processing of your personal information in certain circumstances, including when your request for erasure cannot be fulfilled;
  • Data Portability: You have the right to request that personal data which has been provided by yourself and is processed by us for the fulfilment of a contract or with your consent, is provided to you, or to another data controller, in a commonly used machine-readable format;
  • Erasure (right to be forgotten): You have the right to request us to erase your personal data for example when the data is no longer necessary for the purposes for which it was collected or if your personal data have been unlawfully processed;
  • Opt out: You have the right to opt out of future marketing at any time by contacting us and will be offered the possibility to opt out each time we send you marketing material.
  • Complaints: If you feel that any of your rights under applicable data protection laws have been violated, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.

Please note, that due to the statutory obligation of confidentiality and other obligations applicable to us either by law or by the rules of the Finnish Bar Association, we may be prohibited from disclosing or deleting your personal data and may prevent you from exercising certain data subject rights in respect of personal data relating to our client assignments.

Updates to this Privacy Notice

We may, from time to time, make changes to this Privacy Notice reflecting any changes in our processing procedures or changing legal requirements. Any changes we make will be posted on this page.

Have a project in mind? Contact us.