Privacy

Privacy statement

Privacy statement

All personal data processing related to the company’s operations is taken seriously. We process the personal data of our clients, customers, jobseekers, and staff members. Personal data is processed in connection to credit monitoring and management, and the provision of invoice lifecycle services. Personal data is provided by our clients, customers, and staff members. Personal data can also be received from various registers that are available to the general public and from public registers. Our customers have no personal obligation to convey their personal data for our use.

We will process your personal data principally in the role of a controller as specified in more detail in the data protection regulation. We only process personal data based on valid legislation. The grounds for the processing is the implementation of the contract, our legal obligation, or a legitimate interest. If you have given a separate consent for the processing of your personal data, you can always cancel your consent.

The processing of personal data has been protected so that the protection methods meet the requirements laid down in data protection legislation. Especially sensitive personal data is processed even more carefully than normal. The processing of such personal data may be necessary, for example, in order to make legal demands at court..

We operate in Finland and do not convey personal data outside the European Economic Area. Personal data is mainly conveyed to the authorities. The staff has access to the data, but only to the extent that they need the said information in their work tasks. All members of our staff are committed to keep confidential all information they have received in connection to their employment.

We will only store your personal data for the period that it is necessary. The duration of the storing time will depend on the grounds for the personal data processing. When the grounds for the processing of personal data have expired, the data will be deleted in full and will no longer be available in any of our databases. Your personal data will not be processed by means of automated decision-making systems, as referred to in the data protection regulation.

If you want to inspect your personal data contained in our registers, correct a defect in the said data, restrict the processing of your personal data to a certain extent, request that your personal data be deleted in full or in part, or otherwise oppose to the processing of your personal data, please contact us by using the form found on our website. In our view, our processing of your personal data will not cause you any abnormal adverse consequences.

If we are affected by a security breach, we will immediately take the actions required by the data protection regulation in order to minimise the threat to your personal data. The principal method is to notify the data protection officer of the said breach. You always have the right to contact the data protection officer if we have not, in your view, acted in an appropriate manner when processing your personal data.

The privacy statement that can be found on this website provides more detailed information on the personal data processing that is implemented as part of our operations.

We maintain our data protection site up-to-date and update any observed defects as soon as possible.

Inspect your personal data

Privacy statement

Prepared on: 24 May 2018  |  Updated on 13 October 2021

1. Controller

  • Name:
    • Uuva Oy (0859384–0)
  • Address:
    • PL 164, FI-00701 HELSINKI
  • Contact details:
    • tietosuoja@uuva.fi

2. Data protection officer

  • Name:
    • Herkko Havumäki
  • Address:
    • PL 164, FI-00701 HELSINKI
  • Contact details:
    • tietosuoja@uuva.fi

3. Name of the register

Customer register

4. Purpose of personal data processing

The customer register is used in invoice financing, in the processing of debt collection assignments, and when other invoice lifecycle services are being provided. Data saved in the customer register is needed in invoice financing, voluntary and legal debt collection, and other measures that support financing and debt collection activities. The customer register also contains data on court proceedings related to writs of summons and disputes, on various insolvency procedures, and other court and official matters.

Where required, the register is also used to fulfil obligations under the law or official regulations.

5. Data content of the register

Depending on the purpose of personal data processing, the following data will be registered with the customer register: names of the parties of the legal relationship, identification data (date of birth, contact details, address, and possible personal identity code and/or business or community ID), bank details, and any other information provided by the client/data subject that is necessary for managing the assignments.

The customer register also contains the grounds for the receivable with related specifications, information of any measures taken in the matter, and information received/acquired from the authorities.

Calls made to the customer service can be recorded in order to develop customer service activities.

6. Regular data sources

The Client will provide data on the assignment and the data subject. A credit reference company provides the public payment default information concerning the data subject. The Posti’s address service provides the latest address of the data subject.
The Population Register Centre provides the domicile and contact details of the data subject. Companies that specialise in contact details provide telephone numbers where needed.

The Digital and Population Data Services Agency provides guardianship data and any other data concerning the data subject as a person. Legal Register Centre provides information on bankruptcy, corporate restructuring, and personal adjustment of debts concerning the data subject. Traficom provides information on the ownership/possession of vehicles. Registers maintained by the Finnish Patent and Registration Offices provide information on companies, associations, and foundations. The Finnish Tax Administration provides public data on income taxation. Information is also acquired for the implementation of debt collection assignments from courts, enforcement authorities, and tax and employment authorities.

7. Regular conveyance of data

Data contained in the customer register is conveyed to the Client/data subject and to various authorities as required by valid legislation. Data can also be conveyed in other contexts where permitted by law. The vehicle ownership and possession data acquired from Traficom will not be conveyed to the Client. Data can also be disclosed to the person responsible for the IT support services.

8. Transfer of data outside the EU and the EEA

No personal data is conveyed outside the EU or the EEA, unless required by valid legislation.

9. Protection principles of the register

There is a surveillance and alarm system in the company’s premises. Written material is stored in separately locked premises. The said material is always stored for the period of time required by valid legislation. Only the staff involved in complaint processing have access to personal data.

Data contained in the register is confidential. The staff has committed to keeping confidential any data they receive in connection to their work tasks. Using the register requires a personal username and password. Access to the register ends when the employment relationship ends.

10. Inspection right

Each data subject has the right to inspect their personal data contained in the register. A request to view data contained in the register must be submitted through Uuva Oy’s website. The request must be sent to our data protection officer. In connection to the reply, the data subject will be informed of the source of the data, their purpose, and to whom the data may be conveyed. The Client must specify in the inspection request the identification data required to inspect the data.

Uuva Oy, PL 164, FI-00701 Helsinki

Requests that are submitted by post must include a copy of your valid ID and a filled in copy of our data protection form.

11. The right to request that incorrect data be corrected

Each data subject has the right to request that incorrect data concerning themselves that is contained in the customer register be corrected. The request to correct data contained in the register must be submitted through Uuva Oy’s website. The request must be sent to our data protection officer. The client must specify in the request concerning the correction the required identification data and the changes they request to be made.

If the erroneous, unnecessary, defective, or otherwise outdated information is observed by the staff or in the automated inspection of the register, the said information is corrected or deleted immediately.

12. Other rights related to the processing of personal data

Each data subject has the right to request, by all legal means, that personal data concerning him- or herself be removed from the customer register. The request to remove data contained in the register must be submitted through Uuva Oy’s website. Each data subject also has the right to receive information on the processing of their personal data (this information is provided in this privacy notice and on Uuva Oy’s data protection site), to restrict the processing of their personal data where required, to require that their personal data be transferred from one system to another (if alternative systems exist), to oppose the processing of their personal data, and to not be subjected to automated data processing. Claims and requests must be submitted to our data protection officer.

13. Cookie Policy

1. How do you ask users for cookie consent? How can I refuse the storage and use of cookies?

Our Cookiebot prompts anyone visiting our website to consent to cookies. Strictly necessary cookies are always active, but the user may accept or refuse the rest of the cookies.

The user may refuse the storage and use of cookies by selecting “Use necessary cookies only” or “Allow selection”.

2. How do you verify that the website users have consented to the use of cookies?

After a user has accepted/refused cookies, a unique, random, anonymous and encrypted identification mark is created for them, e.g. xyPi/aC3jWy9MmswGGZ7smddKKuODVk4t/qdKHL4kcP2Y+/iKAfCjw==. The date and time of approval is shown below the identification mark. The user may change their cookie preferences or revoke the approval of non-essential cookies at any point at uuva.fi/evasteet. After this, a new unique, random, anonymous and encrypted identification mark is created for them.

We can verify a user’s cookie consent via the Cookiebot admin panel against the identification mark and approval date.

We can generate a daily consent log and filter a specific user’s activity from the list using their identification mark and approval date. This allows us to verify that the identification mark we have created, e.g. xyPi/aC3jWy9MmswGGZ7smddKKuODVk4t/qdKHL4kcP2Y+/iKAfCjw==, has consented to the use of cookies.

This approach ensures that the data of our website users remains completely anonymous until a user or a competent authority compels the disclosure of the user’s identity. A unique, random, anonymous and encrypted identification mark also guarantees that a user’s existing consent state cannot be changed by the user themselves or a malicious third party without a trace. Cookiebot generates a new identification mark whenever a user changes their consent state and the previous consent state remains in the log.

3. How can I use the website if I do not accept cookies?

This does not concern our uuva.fi website, because strictly necessary cookies must always be accepted.

4. How can I use the website if I have blocked all cookies?

Even if a user has technically blocked all cookies, strictly necessary cookies will still remain active.

If a user tries to change their consent state by selecting “Manage consent preferences”, their browser will prompt them to unblock cookies.

5. How do you manage a user’s cookie consent? How and for how long is a user’s cookie consent stored?

How do you manage and store a user’s cookie consent? Cookiebot stores a user’s cookie consent in the consent log automatically. Only one person in our company has access to this log.

Cookiebot stores the following data:

  • a user’s anonymised IP address (three final numbers are replaced with zeros), e.g. 199.238.0.0
  • date and time of consent
  • browser data, e.g. Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
  • the URL where the user gave their consent, e.g. https://uuva.fi
  • the user’s unique, random, anonymous and encrypted identification mark
  • the user’s consent state which confirms that the user has given their consent.

If necessary, we can demonstrate our users’ cookie consent to the authorities. Our Cookiebot server is located in Ireland and it is subject to EU legislation.

Cookiebot saves a “CookieConsent” cookie to the website user’s browser. This cookie contains the user’s unique, random, anonymous and encrypted identification mark and consent state. This way our website respects the existing consent state of all our users automatically. The same information is transferred to the consent log on our Cookiebot server through an encrypted connection.

How long is a user’s cookie consent stored for? The “CookieConsent” cookie will remain in the browser automatically for 12 months, after which the user will be requested to accept cookies again, unless:

  • the user erases/removes cookies from their browser
  • we change our cookie policy or add/remove cookies. In such cases, we will force the user to update their consent state to make it comply with the new cookie policy. Only strictly necessary cookies remain active until the user has accepted/refused our cookies.

If you notice any deficiencies or illegalities in the processing, you are entitled to file a complaint with the Data Protection Ombudsman.

Inspect your personal data

To protect your personal data, we require that all fields of the following form be filled in. If not all fields of the form are filled in, we cannot match your data protection request with the data contained in our register.

A request to inspect your personal data can alternatively be submitted by mail to:

  • Uuva Oy, PL 164, FI-00701 Helsinki

Requests that are submitted by post must include a copy of your valid ID and a filled in copy of our data protection form. We will request you to confirm your request with a separate letter and in the same connection to provide an email address to which any requested data and the reply to your inquiry will be sent.

We will reply to all data protection inquiries and requests as soon as possible, however no later than one month after the request is sent.

  • Personal details

  • This field is for validation purposes and should be left unchanged.