© 2022 Summa Capital OY



1. Data Controller
Summa Capital Oy (”Summa Capital”)
Unioninkatu 18
00130 Helsinki
Business identity code 2078965-1

2. Contact

information in register-related matters
Summa Capital Oy
Unioninkatu 18
00130 Helsinki

3. Name of the register
Customer and marketing register
The register includes Summa Capital’s customers, potential customers and other parties that
receive marketing material.

4. Purpose of the processing of personal data
The purpose of storing and processing of personal data included the customer and marketing
register is the administration of business relationships related to the operations of Summa
Capital, carrying out business transactions, offering services and communicating about them.
In addition, personal data may be processed to comply with the obligations that are based on
applicable laws and orders from the authorities. Such obligations include among others
obligations related to reporting and inquiries.
Summa Capital complies with applicable laws such as General Data Protection Regulation
(2016/679) and Personal Data Act (523/1999) in processing personal data.


5. Categories of personal data
The register contains basic information about the data subject. Customer and marketing
register does not contain sensitive information.
In connection with the register, the following data related to a customer or other data subject
may be processed:
Identification data of a person or a company:
- name, postal address, phone number, email address, domicile, position in the community
- social security number or date of birth, business identity code for companies
In addition, data that is relevant in terms of administrating business relationships may be
collected to the register and may include data such as:
- beginning date of the business engagement
- data concerning assignments, contracts and meetings
- other potential information collected with the data subject’s consent

6. Regular sources of personal data
The primary source of data is the information provided voluntarily by data subjects. In
addition, data may be collected from registers maintained by public authorities and may be
updated with information that is received in connection with customer contacts in the manner
required by Finnish law and General Data Protection Regulation. Information may be received
from other parties named by the customer with the consent of the data subject.

7. Regular destinations of disclosed data
Personal data is not shared with any third party without the data subject’s consent. However,
personal data may be shared with public authorities to comply with the right to receive
information based on relevant laws.

8. Transferring data to outside the EU or EEA
The data in the register is not transferred to outside the EU or EEA.

9. Protection of the register
Controller complies with the relevant laws as well as the guidelines and orders from the
authorities in processing and securing personal data.
a) Physical material
Physical material is treated as confidential. The information is stored in locked facilities with
limited access.
b) Electronic material
Personal data that is saved to the register electronically is protected with several technical
and organizational means. In addition to up to date antivirus software and firewalls, the
users of the register are identified and the register is subject to limited rights of access.

10. Risks related to processing personal data
Considering the overall quality of the personal data and the limited rights to access the data
files with personal data, there does not seem to be any major risks related to the processing of
personal data.

11. Rights of the data subject
Under the new law the data subject has the right to request a copy of the personal data that is
saved to the register and relates to the data subject. The request should be addressed in
writing to the email address of the controller communicated in section (2) above by using for
example the template available from the Office of the Data Protection Ombudsman.

12. Right to request the correction of data
The data subject has the right to request the correction or erasure of incorrect data. However,
it is not possible to erase information that has to be maintained under Finnish law. The request
of the correction of data should be addressed in writing to the email address of the controller
communicated in section (2) above by using for example the template available from the
Office of the Data Protection Ombudsman.

13. Updates

This privacy notice may be amended if necessary, for example due to changes in legislation. To
inform about the changes to this privacy notice, we update the last updated date of this
document. The new amended or corrected privacy notice comes into force starting from the
last updated date.