Privacy policy

 Hill Audit Oy privacy policy

     

1. Controller

Contact information:
Hill Audit Oy

Authorised Public Accountants
Yrjönkatu 23 B 22, 00100 Helsinki

Contact person of the register:

Minna Partti

Yrjönkatu 23 B 22, 00100 Helsinki

+358 40 640 2757

minna.partti@hillaudit.fi

Register:

Hill Audit´s customer and stakeholder register

2. Registered persons

Customers contact persons, potential customers contact persons, stakeholders contact persons

3. Description of the categories of data subjects and of the categories of personal data

  • Contact information

  • Invoicing details

4. The purposes of the keeping records

  • Data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

  • Data is based on legitimate interest (Auditing Act)

  • Data is necessary for the marketing and contacting potential customers

  • Data is necessary for compliance with a legal obligation to which the controller is subject

5. Data processing

  • When the data subject is party to a contract, the consent of the data subject, registrations for events, contacting, marketing, reporting and other customer relationship management

6. Registered information

Hill Audit´s register contains following information:

Contact person´s:

  • Name

  • Tittle

  • Address

  • Email

  • Phone number

We are collecting following information:

  • customer relationship information, commission information, invoicing information, marketing authorisation/ban;

  • Customer correspondents and data subjects’ rights;

  • Websites may collect data about visitors, use cookies, embed additional third-party tracking, and monitor interaction with that embedded content, including tracking interaction;

  • Other subjects which the data subject has consented to processing of his or her personal data.

Regular source of information

Information given by a customer, Tax office, Patent- and registration office, Customer- and invoicing systems.

7. Regular data transformations

Data is not regularly disclosed outside Hill Audit. 

Data can be disclosed inside the Hill Audit organisation. Data can be disclosed to the third parties if necessary for the purposes of the legitimate interests pursued by the controller or by a third party, necessary in order to protect the vital interests of the data subject or of another natural person, necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or consent of the contracting parties. Or if necessary, for the security and reliability of a service provided by the controller, or necessary for the entering or performance of a contract between the data subject and a controller, or when the data subject has given his or her explicit consent.

Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

8. The storage time of personal data

  • Data is stored through the commission

  • According to Law (Auditing Act, Accounting Act, Value Added Tax Act).

9. Data processors

Data is processed by the Controller and the personnel of Hill Audit. Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

10. Transfering data to the non-EU countries

Hill Audit´s customer data system provider or it´s distributors do not transfer data to the third countries. Hill Audit´s accounting system provider or it´s distributors might transfer data to the third countries during data processing if it is necessary for the security and reliability of a service provided by the controller.

Data can be hosted and processed in non-EU countries if the data is stored to Hill Audit´s computing services provided over the internet. Service provider has certified compliant with the most widely-accepted security and privacy standards for the data storage. Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

11. Principals of the securing the data

The data is stored safely. Access to the Hill Audit´s office has been controlled. Access to the data requires the proper authorization. Access to the data is secured by the firewall. Access to the data is granted only for the controller and the Hill Audit personnel. Controller ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The data has a backup and can be restored if necessary.

Hill Audit does not use data for automatic profiling.

12. Rights of the data subject

Questions about the registered data can be addressed to minna.partti@hillaudit.fi.

According to the General Data Protection Regulation (GDPR), data subjects have the right

  • to obtain information on the processing of their personal data

  • of access to their data

  • to rectification of their data

  • to the erasure of their data and to be forgotten

  • to restrict the processing of their data

  • to data portability

  • to object to the processing of their data

  • not to be subject to a decision based solely on automated processing.

Not all of these rights can be exercised in all situations, depending on factors such as the basis for the processing of personal data.

 

The Office of the Data Protection Ombudsman:  https://tietosuoja.fi/en/office-of-the-data-protection-ombudsman