Hill Audit Oy
Authorised Public Accountants
Yrjönkatu 23 B 22, 00100 Helsinki
Contact person of the register:
Yrjönkatu 23 B 22, 00100 Helsinki
+358 40 772 3738
Hill Audit´s customer and stakeholder register
2. Registered persons
Customers contact persons, potential customers contact persons, stakeholders contact persons
3. Description of the categories of data subjects and of the categories of personal data
4. The purposes of the keeping records
Data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Data is based on legitimate interest (Auditing Act)
Data is necessary for the marketing and contacting potential customers
Data is necessary for compliance with a legal obligation to which the controller is subject
5. Data processing
When the data subject is party to a contract, the consent of the data subject, registrations for events, contacting, marketing, reporting and other customer relationship management
6. Registered information
Hill Audit´s register contains following information:
We are collecting following information:
customer relationship information, commission information, invoicing information, marketing authorisation/ban;
Customer correspondents and data subjects’ rights;
Other subjects which the data subject has consented to processing of his or her personal data.
Regular source of information
Information given by a customer, Tax office, Patent- and registration office, Customer- and invoicing systems.
7. Regular data transformations
Data is not regularly disclosed outside Hill Audit.
Data can be disclosed inside the Hill Audit organisation. Data can be disclosed to the third parties if necessary for the purposes of the legitimate interests pursued by the controller or by a third party, necessary in order to protect the vital interests of the data subject or of another natural person, necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or consent of the contracting parties. Or if necessary, for the security and reliability of a service provided by the controller, or necessary for the entering or performance of a contract between the data subject and a controller, or when the data subject has given his or her explicit consent.
Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
8. The storage time of personal data
Data is stored through the commission
According to Law (Auditing Act, Accounting Act, Value Added Tax Act).
9. Data processors
Data is processed by the Controller and the personnel of Hill Audit. Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
10. Transfering data to the non-EU countries
Hill Audit´s customer data system provider or it´s distributors do not transfer data to the third countries. Hill Audit´s accounting system provider or it´s distributors might transfer data to the third countries during data processing if it is necessary for the security and reliability of a service provided by the controller.
Data can be hosted and processed in non-EU countries if the data is stored to Hill Audit´s computing services provided over the internet. Service provider has certified compliant with the most widely-accepted security and privacy standards for the data storage. Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
11. Principals of the securing the data
The data is stored safely. Access to the Hill Audit´s office has been controlled. Access to the data requires the proper authorization. Access to the data is secured by the firewall. Access to the data is granted only for the controller and the Hill Audit personnel. Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The data has a backup and can be restored if necessary.
Hill Audit does not use data for automatic profiling.
12. Rights of the data subject
Questions about the registered data can be addressed to
According to the General Data Protection Regulation (GDPR), data subjects have the right
to obtain information on the processing of their personal data
of access to their data
to rectification of their data
to the erasure of their data and to be forgotten
to restrict the processing of their data
to data portability
to object to the processing of their data
not to be subject to a decision based solely on automated processing.
Not all of these rights can be exercised in all situations, depending on factors such as the basis for the processing of personal data.
The Office of the Data Protection Ombudsman: