Cookie Notice
By accepting all cookies, you ensure the best possible user experience. Read more about cookies and their use or change your cookie settings.
PreferencesRejectAccept
Truster Terms of Service

Conditions

Last updated
6/2/2025

Privacy policy

The original text is in Finnish and is therefore an automatic translation. In case of discrepancies between the language versions, the Finnish version is authentic.

General

This Privacy Notice provides information on the processing of personal data required by the EU General Data Protection Regulation to data subjects, such as customers or staff of the controller, and to the supervisory authority.

Controller and contact details of the controller

Truster Limited liability company

Postal address: P.O. Box 313, 00101, Helsinki, Finland

Visiting address: Malminkatu 20, 00100, Helsinki, Finland

Contact person of the controller: data protection officer

Phone number: 050 1856

E-mail address:truster

Contact details of the Data Protection Officer

Truster Oy's Data Protection Officer

Truster Limited liability company

Postal address: P.O. Box 313, 00101, Helsinki, Finland

E-mail address:truster

Registered at

This is the customer register of Truster Oy. The data subjects of the register are the users of the services of Truster Oy and its subsidiaries.

Purposes of the processing of personal data

The purposes for which personal data are processed are

  • customer relationship management and development and customer service
  • customer communication 
  • provision and development of services
  • business development 
  • monitoring the use of products and services and ensuring their quality
  • direct marketing and direct mail
  • targeting of marketing and advertising
  • risk management
  • preventing and detecting irregularities
  • fulfilment of legal and regulatory obligations

Knowing your customer and preventing money laundering and terrorist financing

The data subject's identifying information and personal data may be used for the prevention, detection and investigation of money laundering and terrorist financing and for other purposes required by money laundering legislation. The aim is to know the customer and to prevent money laundering, terrorist financing and abuse. 

The personal data of the data subject may also be used to determine whether the data subject is subject to international sanctions imposed by the controller.

Legal grounds for processing personal data

Truster processes personal data in order to fulfil its legal and contractual obligations. The processing of personal data may be based on a contractual relationship or pre-contractual measures, a legal obligation of the controller, the consent of the data subject or a legitimate interest of the controller. 

Personal data groups

Basic information

  • Name, personal identification number and account number of the data subject
  • Contact details of the data subject, such as address, email address, telephone number

Contact details

  • Customer identification information, such as a copy of your ID card, the method and date of identification, IP address, video recording or photograph and the date of the video recording or photograph.
  • Whether the customer is a politically influential person, i.e. a PEP, or whether PEPs are part of his or her immediate family.

Consents

  • Consents and prohibitions to the processing of personal data given by the data subject

Contact details

  • Data relating to the contracts and services of the data subject
  • Information relating to communications between the customer and the controller

Monitoring data

  • The data subject's online behaviour and use of services is monitored, for example, by means of cookies. The information collected may include the page the user browses, device model, unique device and/or cookie identifier, channel such as an app, mobile browser or internet browser, browser version, IP address, session ID, session time and duration, screen resolution and operating system.

Sources and updating of personal data

The controller collects data primarily from the data subject. Personal data may also be collected when the data subject uses services provided by the controller, such as online services.

To the extent permitted by law, personal data may also be collected and updated from third party registers, such as:

  • from registers maintained by public authorities, such as the National Board of Digital and Population Information, the Tax Administration and the registers maintained by the PRH.
  • information necessary to investigate political influence or international financial sanctions from the operators of such databases.

Disclosure of personal data

To the extent permitted by law, the data subject's data may be disclosed to Truster's subsidiaries for purposes such as customer service, customer relationship management and marketing. 

Within the limits permitted by law, the data of the data subject may be disclosed to other data controllers, for example.

  • authorities such as the Tax Administration, the PRH and the Enforcement, Enforcement and Supervision Authority
  • to another controller where it is part of a service or product being provided 

The controller uses subcontractors and partners to produce and provide services. For example, your personal data may be transferred to partners, service providers and IT system providers for processing on behalf of the controller. The controller will ensure through contractual and other arrangements that subcontractors and service providers protect the personal data processed in an appropriate manner and in accordance with the requirements set by the controller, in compliance with good data processing practices.

Transfer of personal data and international data transfers

The controller processes personal data mainly in Finland and the EEA. Where the controller transfers or discloses personal data outside the EEA, such as to the United States, it will ensure an adequate level of protection of personal data as required by law and will use data transfer mechanisms approved by the European Commission. 

Rights of the data subject

Right to be informed about the processing of personal data

Data subjects have the right to be informed about the collection and processing of their personal data. 

Right of access to data

The data subject has the right to obtain confirmation from the controller as to whether the controller is processing personal data concerning him or her. If the data subject's data are processed, the controller shall, upon request, provide the data subject with a copy of the personal data processed. If the data subject makes a request by electronic means, the data shall be provided in a commonly used electronic format, unless the data subject requests otherwise. The controller may charge the data subject a reasonable fee, corresponding to the administrative costs of responding to the request, if the data subject requests more than one copy of the data.

Right to rectify information

The data subject has the right to request that the controller rectify inaccurate or erroneous personal data concerning him or her. The data subject also has the right to have incomplete personal data completed.

Right to request deletion of data

In certain circumstances, the data subject has the right to obtain the erasure of data relating to him or her by the controller. However, the controller is not obliged to erase personal data if the processing is still necessary, for example, to comply with the controller's legal obligations or to process legal claims. The data subject may also, in certain circumstances, request the controller to restrict the processing of personal data concerning him or her.

Data retention period or criteria for determining the retention period

The controller processes personal data for the duration of the contractual and customer relationship. Personal data will be stored for a maximum of 5 years from the last customer transaction. At the end of the retention period, the data will be deleted or made anonymous in accordance with the erasure process followed by the controller.

Protecting your data

The controller has appropriate technical, organisational and administrative security procedures in place to protect all data in its possession against loss, misuse, unauthorised access, disclosure, alteration and destruction.

The controller has put in place appropriate technical and organisational measures to protect the data. The means used to protect the register include:

  •  hardware and file protection
  • identification of users
  • access rights
  • registration of use events
  • guidance and supervision of processing


Last updated 5/2/2025

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Change your privacy preferences →