Privacy Policy

This privacy policy describes how and what kind of personal information we process in our operations. The privacy policy also contains information about the cookies used by our website. We collect and process personal data in accordance with the applicable laws and regulations in force, including the Regulation (EU) (2016/679) of the European Parliament and the Council. This privacy policy is effective as of 1 September 2020. Any updates to this policy will be made available on our website

Data controller

Pekkinen, Attorney Ltd. (Business ID: 3153886-6)
Fredrikinkatu 63 A 10, 00100 Helsinki, Finland

Contact person for the data controller

Sampsa Pekkinen

The personal data to be processed/the purpose and grounds thereto

We collect and process personal data relating to client assignments, recruitment purposes and in relation to agreements with our business partners.
a) Personal data regarding our clients and their representatives is collected and gathered e.g. for the purpose of maintaining our client relationships, enabling communication with our clients, taking actions required by the assignment and performing conflict of interest checks. Further, the applicable laws preventing money laundering and funding of terrorism as well as so-called knowing your client (“KYC”) procedures, as applicable, may require that we collect and process the personal data regarding our clients and their representatives.
The personal data regarding our clients may include, for example, the following data:
  • Basic information, such as the name of the client/the client’s representative, contact information (postal addresses, telephone numbers, e-mail addresses) and, if necessary, a personal identification number.
  • Information regarding the client assignment (e.g. necessary documents and information on the scope of the assignment) and communication with the client, invoicing information, information relating to potential receivables, information required by applicable laws concerning e.g. KYC-procedures and information on any amendments to the aforementioned information.
  • Taking into account the nature and scope of the assignment as well as the required actions by us, we may also need to collect and process personal data regarding the opposing party of our client or its representative, witnesses or other persons connected to the assignment, to the extent necessary.
b) As regards potential personnel recruitments and job applications, we collect and process personal data regarding the job applicants. Such information includes, as a rule, the name, education, previous working experience, contact information and other information included in the resume provided by the concerned individual.
c)  We collect and process personal data regarding the representatives of our business partners for the purpose of maintaining our contractual relationships and communication with them. Such personal data includes e.g. the name and contact information (e-mail and telephone number).
Processing and collecting of the personal data is based, as applicable, on the informed consent given by the data subject, on our duties deriving from applicable legislation and/or on our legitimate interests deriving from the nature of our operations as a law firm.
*Please note* To the extent the processing and collecting of the personal data is based on the data subject’s consent, the data subject is entitled to withdraw such consent by informing us.
We process personal data only to the extent justified and required by its purpose and we will store such data only as long as the applicable laws, the rules and guidelines applicable to our operations and the justified purpose for collecting the data enable or require. We adhere to the rules given by the Finnish Bar Association, as in force from time to time, as regards the length of time for storing of data.


When visiting our website, a cookie i.e. a small text file is stored on your computer or mobile device. Using other than necessary cookies, required to ensure and develop the proper functioning of our website, is subject to your consent. We use necessary cookies on our website to ensure and improve the operations of our website and thus, your browsing experience. In addition to such necessary cookies, we also use optional cookies for the purpose of improving and developing our business operations and in order to better connect with potential clients who could benefit from our services. Thus, the cookies we use, can be divided to necessary and optional cookies:
a)  Necessary cookies: These cookies are necessary for the functionality of our webpages. These cookies do not collect personal data. Without these cookies, you would not be able to use our webpages. The necessary cookies are, as a rule, more persistent in duration so that we can reliably verify the functionality of our pages. Even a persistent cookie will be stored for a limited period.
b) Optional cookies: The purpose of optional cookies is to help us understand how people have ended up visiting our website and what kind of services they are looking for. With the help of such cookies, we want to improve the content of our webpages as well as our operations so that we can better meet the service requirements set by our clients. The optional cookies cannot be associated with a specific person. Optional cookies are valid either for the duration of your visiting session on our website or for a longer, yet limited period.
We use Google Analytics to develop and market our operations. As regards data collected with Google Analytics, Google is the data processor. The data collected by Google Analytics cannot be linked to a specific person. Google Analytics is not necessary for the functionality of our site.
Google Analytics provides us with information about, among other, the sources of our website traffic; the timing of site visits; the subpages opened during site sessions and the duration of the session; the name, version and language of the browsers used, as well as the information on the visitor’s approximate location and telecommunications operator used.
For more information about Google Analytics, please refer to Google’s webpages.
We also take advantage of Google Ads that helps us to market our services more efficiently. You will find more information about Google Ads from here. Google Ads is not necessary for the proper functioning of our website and it does not enable identifying a specific person.

Regular sources for collecting the personal data

Regular source for collecting the personal data is the data subject him/herself. When appropriate and necessary, information may also be obtained from public sources and registers, accessible to everyone.

Transferring of personal data

As a rule, personal data collected and processed by us is not transferred to third parties in general or regularly.
We may transfer personal data to authorities, for example, for the purpose of the assignment and the client’s best interests.
Similarly, we may transfer personal data to our business partners to the extent necessary for the proper functioning of our operations and our services. Our business partners are subject to confidentiality undertakings and obliged to take necessary steps to ensure sufficient data protection.
If need be, we may transfer personal data to exercise and protect our legitimate rights or as required by applicable legislation.
In principle, personal data will not be transferred outside the European Union (“EU“) or the European Economic Area (“EEA“). The data protection outside of the EU/EEA may not be as high as within the EU/EEA. If the use of the standard services related to our operations require transfer of personal data outside the EU or the EEA, such transfer will be made to the extent necessary and always in accordance with applicable data protection laws and with due care to ensure data protection, as a rule, by using the standard contractual clauses approved by the EU Commission. You will find information about the standard contractual clauses here.

Principles applicable in protecting the personal data registers

The security and protection of registers containing personal data is organized in a manner generally approved within in the legal industry. The personnel processing personal data are obliged by law and/or separate confidentiality obligations to keep personal data confidential and not to use it for purposes other than those necessary or appropriate for the performance of their duties.

Manually processed data

Only the person responsible for the data register has access to the information contained in the register. Access to the data is subject to accessing locked private premises and either providing a personal username supported by a password or subject to biometric identification. The devices containing personal data are encrypted, thus preventing access to data by hardware disassembly if the hardware is possessed by unauthorized parties.

Personal data stored by automated data processing

The data processed with automated data processing measures, is stored in a secure cloud-based database maintained by an external service provider. The cloud is not accessible to third parties. As a rule, the personal data in the cloud is not disclosed to third parties. Access to the register is subject to a personal username, supported by a password.

Rights of the data subject

It is our responsibility to process the personal data as required by applicable legislation. As part of this obligation, we must ensure that the personal information we process and collect is up-to-date and accurate.
As the data subject, you always have the following rights:
a)  Right to be informed
This privacy policy serves, in part, your right to receive information regarding the processing of your personal data. You can always discuss about the processing of your personal data with us in more detail.
b)  Right to access your information
You have the right to request access to the personal data relating to you. This includes e.g. the right to be informed whether (or not) personal data about you is being processed and the right to have a copy of your personal data subject to processing.
c)  Right to have personal data rectified
Should you consider that your personal data is inaccurate or even faulty to some extent, you are entitled to have your personal data rectified.
d)  Right to erasure of personal data (i.e. the right to be forgotten)
Under certain circumstances you are entitled to request your personal data to be erased and “to be forgotten”.
e)  Right to restrict data processing
Under certain conditions, you may request us to restrict the processing of your personal data. For example, in a situation where you consider that your personal data has been recorded incorrectly, you may request that the processing of such data be restricted until we have verified the content of the information.
f)  Right to data portability
As regards data subject to automated processing, under certain conditions, you have the right to have your personal data, provided by you and processed with your consent or on the basis of an agreement between you and us, transferred to another data controller.
g)  Right to object processing of your personal data
In case your personal data would be used for e.g. marketing purposes, you are entitled to object to processing of your personal data without providing specific grounds for your request.
h)  The right to object being subject to solely automated data processing
With certain exceptions, you are entitled to request that any decisions based on your personal data are made by a human.
*To the extent the processing and collecting of the personal data is based on the data subject’s consent, the data subject is entitled to withdraw such consent.*
Kindly acknowledge that the guidelines of the Finnish Bar Association or the applicable legislation governing our activities may affect the scope and execution of your rights. In some cases, for example, we may not be able to erase your personal data from our registers or disclose it to the extent you wish.
You, as the data subject, have always the right to file a complaint to the supervisory authority regarding the processing of your personal data. At the time of drafting this privacy policy, the Finnish supervisory authority is the Data Protection Ombudsman. You can find the contact details for the supervisory authority on the website of the Office of the Data Protection Ombudsman: