Kuntarahoitus > MuniFin > Privacy statement for customer and counterparty data

Privacy statement for customer and counterparty data

Updated 18 September, 2023

1. Controller

Municipality Finance Group (Municipalitys Finance Plc and Financial Advisory Services Inspira Oy) (“MuniFin”)
Business ID 1701683-4
Jaakonkatu 3 A
P.O. Box 744
00101 Helsinki, Finland
Tel. +358 9 6803 5666
www.munifin.fi

Sinikka Huitu
Municipality Finance Plc
Jaakonkatu 3 A
P.O. Box 744
00101 Helsinki, Finland
sinikka.huitu@munifin.fi
Tel. +358 9 6803 5666

3. Name of register

MuniFin’s customer and counterparty register

4. How will personal data be used?

The personal data in the register will be used in

  • sales and marketing efforts (including direct marketing)
  • giving information and organising events related to current affairs in public sector finances
  • the management and maintenance of customer and partner relationships (execution and verification of business transactions) and managing contractual obligations
  • the management of obligations based on legislation and official regulations (for example related to AML regulation)

5. What personal data may be collected?

The register contains data on the following:

  1. Contact persons of municipalities, joint municipal authorities, wellbeing services counties, joint county authorities, corporate entities under their control that are lending and leasing customers of MuniFin, and of state-guaranteed housing production companies (including entities that are subscribers to MuniFin’s newsletter), and of members of municipal councils 
  2. Investors that have subscribed to municipal bonds, and the subscriptions made
  3. Contact persons of banks and investment services companies that are counterparties in funding and investment activities
  4. Contact persons of other parties that are partners of MuniFin.

The following data may be saved in the register:

  • Personal and contact details (name, personal ID, address, telephone number, email address, position, organisation represented, PEP classification)
  • Division into customer or partner target groups defined by MuniFin
  • Personal data (e.g. related to hobbies or diet) provided by persons and saved with their consent
  • Additional data saved by MuniFin (such as business gifts given, connections to other target groups, responsible person named by MuniFin, regular mailing data, e.g., newsletter, customer magazine)
  • Interest in certain MuniFin’s products or product groups
  • Concerning municipal bonds: personal ID, municipal bonds subscribed to, total amount of subscription, securities account number of the investor or person representing the investor
  • MuniFin’s service details

In addition to the above-mentioned data, the filing system contains data on the persons who visit MuniFin’s office. The following data may be saved on these persons:

  • Name
  • Organisation represented
  • Email address
  • Telephone number

6. What are the sources of personal data?

The sources of personal data are:

  • The data subject’s own submittal (by email, on the internet, by phone or other similar method)
  • Data collected by MuniFin (invitations to tender, agreements, customer/partner websites)
  • Filing systems maintained by authorities (e.g. trade register)
  • Suomen Asiakastieto

7. How long will personal data be stored?

MuniFin will store data essential to the creation and maintenance of the customer or partner relationship in the filing system until the storage is no longer justifiable.

8. Where can personal data be disclosed?

Data is regularly disclosed

  • to authorities in accordance with current legislation
  • to companies in the MuniFin group, within the limits of the law.

9. Can data be transferred outside the EU or the European Economic Area?

Personal data in the register will not be disclosed or transferred outside the European Union or the European Economic Area unless it is ensured that the data is subject to appropriate safeguards in accordance with the regulation related to data protection.

10. How will personal data be stored and protected, and communication to data subjects related to a personal data breach?

Manual materials:

Manual materials will only be printed as needed and stored in locked facilities. The data is available only to authorised persons. Printouts are destroyed after use.

Digitally saved data:

Personal data contained in the register will be kept confidential. Use of the register is instructed in the controller’s organisation, and access to the personal data register is restricted so that the data contained in the filing system and stored in systems is accessible to and entitled for use only by those employees of the controller who are authorised to do so for their professional duties. The controller requires confidentiality and appropriate information security from all its IT service providers, as well as commitment to the principles of the regulation related to personal data.

Notifications of personal data breaches:

Data subjects are notified of personal data breaches in accordance with the General Data Protection Regulation’s article 34 without undue delay, if they are likely to cause a high risk to their rights and freedoms. The controller shall then communicate the personal data breach to the data subject without undue delay.

11. Right of access and right to object as well as data rectification

The data subject has the right to check the personal data submitted by him/her, the right to request the rectification of inaccurate data, as well as otherwise rely on the rights granted to him/her in the regulation related to personal data. The requests must be submitted in writing and signed to the filing system’s contact person. If the data subject sees theat. The data subject has the right to notify the Finnish Data Protection Ombudsman if the subject suspects that the processing of personal data is in violation of data protection regulations.

12. The right to object the processing of personal data

If MuniFin processes data related to a data subject on the basis of the subject’s consent, the subject has the right to withdraw the consent. The withdrawal has no effect on the legality of the processing of the subject’s personal data during the time before the withdrawal. The withdrawal can affect for example to the usability of MuniFin’s services.