Who is the data controller?

The administrator of this registry is BillMan Oy (Y-ID: 3300225-6).

Jauhajankuja 1, 00990 Helsinki ("Data Controller")



Whose information is in the registry?

The registrars mentioned in this statement are users who have registered with the self-employed service managed by BillMan Oy and previous users of the service ("registered").

What information is collected about data subjects?

• Basic personal data of the data subject: name, home address, e-mail address, phone number, date and place of birth, social security number and nationality;

• administrative information related to work: username, account number, credit information, information on prohibitions on activities and deprivation of the right of redemption;

• personal data that may have appeared in communication with the client or been provided voluntarily;

• IP address of the user's contact.

Confidential information is processed only if it is necessary to manage contractual or legal rights, or obligations to the extent permitted or required by law.

What is my personal data collected for and what is it used for?

The purpose of personal data processing is to provide self-employment services to a registered person. Processing is based on an agreement between BillMan Oy and the user.

Personal data is processed for the purpose of customer service, as well as for the management and development of the services offered, including:

• Administrative issues: customer registration, creation of a brand name, customer service responsibilities;

• access control: information about the operating system user and login (except password);

• tax management: tax withholding;

• determination of customer satisfaction: feedback surveys, user testing;

• Fulfil the duties established by law and in accordance with the regulations and instructions of the authorities.

The Registrar does not process personal data of data subjects for purposes other than those specified in this data protection statement without the explicit consent of the data subject or if it is necessary to fulfil the contract or fulfil a legal obligation.

From what sources and how is personal data collected?

As a rule, we collect personal data from the registrar himself. In addition, we collect information from various information systems (information systems), as well as from authorities and publicly available sources of information (suomi.fi-palvelu, Oikeusrekisterikeskus, tax administration and trade register).


The user can also enter personal data of his clients into the system managed by the data controller in connection with billing information. For this data, each user acts as a data controller, and "BillMan Oy" only acts as a system administrator and/or data processor.

To whom can the information be disclosed?

We may disclose personal data to third parties in the following cases:

• To the extent permitted and required by law, organisations that need them, for example, tax authorities and other similar authorities;

• partners and manufacturers of IT systems who process personal data on behalf of the controller and in accordance with instructions (e.g. information systems, bank, insurance company);

• with the consent of the data subject to the parties to which consent applies.

When personal data is transferred to authorities, partners or service providers, the controller always tries to ensure the processing of personal data in accordance with the confidentiality obligation and contractual data protection obligations.

How personal data are processed and stored?

Personal data contained in the registry is carefully processed and stored on a secure server, accessed only by the registrar and technical administrators authorised by the registrar. Hand material is stored in closed warehouses. Video surveillance is installed in the registry office.

Only persons who need it to fulfil their duties have access to personal data stored by the registry holder, and all persons using registry information are obliged to observe confidentiality.

How is the data protected?

The Controller shall endeavour to take appropriate measures to protect personal data from loss, destruction, misuse and unauthorised access or disclosure. Please note that even appropriate measures cannot prevent all possible data security breaches. In case of personal data security breach, we will notify you in accordance with applicable law.

How long is the collected personal data stored?

As a rule, the personal data of registered users in the user register is stored for the entire period of customer service. The personal data of the registrar will be deleted ten (10) years after the client's last transaction, unless further storage of the data or part thereof is necessary to protect the rights of the data controller or its employees during criminal prosecution. investigation, upcoming trial or the rights of the data controller.

Personal data may be stored for a longer period of time if it is necessary to fulfil an obligation established by law or other official source, such as, for example, the Accounting Act.

If the data subject withdraws this consent earlier after the termination of the relationship with the client, data, the preservation of which is not necessary under laws, regulations or regulations of the authorities, will be removed from the registers.

What rights does the data subject have?

The registered person has the right to verify the personal data stored by the controller. The registered person may, upon request, verify his data in accordance with applicable law by submitting a written request to the contact person of the controller. Similarly, the data subject may at any time submit a request to correct, update or delete his personal data from the registry. A registered person has the right to object or restrict the processing of his personal data to the extent provided for by applicable law.

Personal data that are necessary for the purposes of use defined in this privacy statement, or the storage of which is required by law, cannot necessarily be deleted, or their use cannot be objected or restricted. When we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. After that, we will not process personal data unless there is another legal basis for processing.

In certain cases, the right to transfer personal data that you provide to us from one system to another, that is, the right to receive your personal data in a structured, widely used, machine-readable format and to transfer your personal data to another data controller.

Who can I turn to?

If you want to use your rights as a data subject or need more information about data security issues, you can contact your data controller or data protection contact person.

BillMan Oy
Jauhajankuja 1
00990 Helsinki

Info@BillMan.fi

+358 44 901 9790

The data subject has the right to lodge a complaint with the competent supervisory authority if you suspect that the data controller has not complied with applicable data protection legislation in its activities. Contact information of the authorised data protection authority can be found on the Internet.