Introduction

This Privacy Policy describes how we collect, use, disclose, and retain personal data when you interact with our website or communicate with us.

We act as a data controller for the personal data described below.

Controller Information

Helsing Business Group Oy (Business ID: 3413983-6; postal address: Äestäjänkatu 5, 65370 Vaasa, Finland) is the controller responsible for the processing of personal data described in this Privacy Policy.

Contact for privacy matters: contact@helsingbg.fi.

This Policy applies when you visit our website, communicate with us, or engage us for professional services.

What we collect

Contact and communication data you share with us (for example, forms, email, calls), such as your name, contact details, and the content of your message.

Professional and engagement information required to assess, prepare, and deliver the legal or advisory services you request.

Billing and transactional data necessary for invoicing and statutory accounting obligations.

Technical and security-related data generated by your visit (e.g., IP address, browser metadata) required for site operation and security.

Limited usage analytics (only when you consent) to understand how visitors use the site.

Information from public sources or authorities when necessary for legal work or regulatory obligations.

Why we process your data

To evaluate and manage client assignments, communicate with you, and fulfill contractual or pre-contractual obligations.

To comply with legal and regulatory requirements applicable to law firms, including accounting, anti-money-laundering rules, and professional conduct obligations.

To ensure the security, stability, and technical functionality of our website.

To conduct analytics for service and website improvement, but only when you have provided explicit consent.

We do not sell your personal data.

Legal bases for processing

Contractual necessity: When processing is required to prepare or deliver professional services.

Legitimate interests: For communication, client relationship management, security, fraud prevention, and necessary business operations.

Legal obligation: To comply with statutory requirements, such as bookkeeping regulations and regulatory reporting.

Consent: For analytics or any processing that requires voluntary opt-in.

Third-party disclosures

We use trusted service providers acting as processors for hosting, IT infrastructure, secure communications, and consent-based analytics. These providers process data only under our documented instructions and subject to confidentiality obligations.

Data may be disclosed to courts, authorities, counterparties, or other professionals when required for a legal mandate or compliance with law.

We do not disclose personal data to advertisers or unrelated commercial entities.

International transfers

Personal data is primarily processed within the EU/EEA.

If transfers outside the EU/EEA occur, we apply appropriate safeguards required by GDPR, such as Standard Contractual Clauses and supplementary protection measures.

Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or to meet statutory or professional obligations.

Client and matter-related data is retained in accordance with legal-industry practice and applicable limitation periods.

Billing and accounting data is retained in accordance with Finnish accounting legislation.

Analytics data (when consented) is stored only for the minimal period needed for aggregated reporting.

Security

We apply technical, administrative, and physical safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction.

Access to personal data is limited to individuals whose duties require it and who are bound by confidentiality obligations.

Your Rights

Access: You may request confirmation of whether we process your personal data and obtain a copy.

Rectification: You may request correction of inaccurate or incomplete data.

Erasure: You may request deletion of your personal data where no legal basis for continued processing exists.

Restriction: You may request that processing be limited in certain circumstances.

Objection: You may object to processing based on legitimate interests.

Withdrawal of Consent: You may withdraw consent for analytics at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

We may need to verify your identity before fulfilling your request.

To exercise any right, contact us at contact@helsingbg.fi.

Updates to this policy

We may update this Privacy Policy to reflect legal changes or modifications to our data processing practices.

The effective date at the top of this document will be updated accordingly.

Contact

For questions about this policy or your personal data, email contact@helsingbg.fi.