GlobalLegalCheck
FIENIT

Tietosuoja

Tietosuojaseloste

1. INTRODUCTION AND CONTACT DETAILS

We are committed to protecting your privacy and ensuring your personal data is handled in strict compliance with the GDPR and the Finnish Data Protection Act (Tietosuojalaki). Data Controller: GlobalLegalCheck Oy Address: TOIMISTO PL 20 00101 Helsinki Finland Contact Email for Privacy Inquiries: info@globallegalcheck.com

2. WHAT PERSONAL DATA WE COLLECT

When acting as a Data Controller, we collect the following categories of personal data:

  • Account Information: Name, email address, job title, company info, and password.
  • Professional Credentials: For Professional Users (Lakimies), verification details regarding professional standing, areas of expertise, and platform ratings.
  • Financial Data: Billing address, VAT number, and transaction history. (Note: Actual credit card numbers are securely processed by our third-party payment gateways, such as Stripe, and are not stored on our servers).
  • Usage and Technical Data: IP addresses, browser types, operating systems, and metadata detailing how you interact with the Service (e.g., feature usage, session duration).
  • Special Category Data (GDPR Art. 9): Legal documents uploaded to the AI Suite may inadvertently contain special category data (e.g., health information, union membership). We apply automated obfuscation protocols to this data upon upload to minimize exposure.
  • E-Signature Data: When utilizing the electronic signature feature, we collect signing metadata (IP addresses, timestamps, device information, and authentication tokens) to maintain legally binding audit trails.

We collect company and personal data from the following sources:

  • Publicly Available Sources and Business Directories: Information obtained from public or commercial B2B directories, explicitly including the Finnish Chamber of Commerce business network (Kauppakamariverkosto), official government registries (such as the PRH/YTJ), company websites, and professional networking platforms. We process this publicly available data based on our legitimate business interests to verify users and facilitate the Marketplace. Data subjects sourced from these directories have the right to object to this processing at any time per GDPR Art. 21 by contacting us.
  • Directly from the User: Data voluntarily provided by the User (or their authorized representatives) during account registration or platform use, in order to customize their profile and receive a higher quality of Service.

3. PURPOSES AND LEGAL BASIS FOR PROCESSING

We process your personal data based on the following legal grounds defined by the GDPR:

  • To register your account, provide marketplace matching services, grant access to the AI Suite, and process payments. Performance of a Contract (Article 6(1)(b)).
  • To analyze platform Usage Data to improve our Service, ensure network security, prevent fraud, and enforce our Terms and Conditions. Legitimate Interests (Article 6(1)(f)).
  • To maintain financial records as required by Finnish accounting and tax laws. Legal Obligation (Article 6(1)(c)).
  • To send you marketing communications, which you can opt out of at any time. Consent (Article 6(1)(a)).

4. DATA SHARING AND THIRD-PARTY SUB-PROCESSORS

We share data with trusted categories of third-party service providers required to operate and maintain the Service. To ensure full transparency, our core sub-processor categories include:

  • Servers & Data Hosting: Selected cloud hosting and infrastructure providers (e.g., Hetzner Finland Oy).
  • Payment Processing: Secure payment gateways (e.g., Stripe Inc.).
  • Language Processing & AI: Selected artificial intelligence and large language models (e.g., Anthropic PBC).
  • Electronic Signatures: Qualified Trust Service Providers and e-signature platforms (e.g., Signicat).

The complete and up-to-date master list of all our specific sub-processors is available to Users upon written request.

5. INTERNATIONAL DATA TRANSFERS

We prioritize hosting and processing all personal data within the European Union (EU) or the European Economic Area (EEA). If personal data is transferred outside the EU/EEA, we ensure it is protected by appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs). Furthermore, for transfers to the United States, data may be transferred in accordance with the EU-U.S. Data Privacy Framework (DPF), provided the receiving entity is certified under the framework, which the European Commission has deemed to provide an adequate level of data protection.

6. DATA RETENTION

  • Account Data: Retained for the duration of your active subscription. Users have a 90-day grace period post-cancellation to export stored contracts (provided in their original format alongside a metadata CSV, including e-signature audit trails where applicable). Upon expiration of this grace period, Customer Content is permanently deleted and written confirmation can be provided upon request.
  • Financial Data: Invoices are retained for up to six (6) years to comply with the Finnish Accounting Act (Kirjanpitolaki).
  • Usage Data: Aggregated or pseudonymized analytics data is retained per our internal schedules to improve the Service.
  • E-Signature Audit Trails: Retained for the duration of the contract plus ten (10) years to ensure long-term legal enforceability under eIDAS and national evidentiary laws.

7. YOUR DATA SUBJECT RIGHTS

Under the GDPR, you have the right to Access, Rectification, Erasure ("Right to be Forgotten"), Restriction, Data Portability, and the Right to Object. You also have the right to file a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). To exercise these rights, please contact us at the email provided above. We will respond to all requests within thirty (30) days. While our lead supervisory authority is the Finnish Data Protection Ombudsman, EU users may also lodge complaints with their local supervisory authority pursuant to GDPR Art. 77.