Registrar

Weesas Oy
Business ID: 3109564-7
Address: Westendintie 99 F 29, 02160 ESPOO

Contacts regarding data protection matters

Jani Aaltonen
tel. +358407520785
email: jani@accountmatch.ai

In all questions related to the processing of personal data and in situations related to the exercise of their rights, the data subject is advised to contact the above-mentioned contact person.

Name of the personal register

Basis and purpose of processing personal data

The legal basis for processing personal data is:

• Consent given by the data subject to the processing of personal data
• Contractual relationship between the data subject and the controller
• Fulfillment of the controller's legal obligations
• The legitimate interest of the controller, which is based on the customer relationship or potential customer relationship between the data subject and the controller
• Public interest or exercise of official authority vested in the controller
• Protection of vital interests

The purposes of processing personal data include:

Service provision and development

• Connecting accountants and clients on a matchmaking platform

• Providing service functionalities to users

• Service development and optimization

Managing the contractual relationship

• User account management

• Necessary communication related to the use of the service

• Handling payment transactions

Marketing and communications

• Targeted marketing communications to users

• Newsletters (with user consent)

• Information about the service

Regular data sources

The personal data processed is regularly obtained from the data subject.

Personal data processed

The controller only collects personal data from data subjects that is relevant and necessary for the purposes described in this privacy policy.

The following information is processed in the AccountMatch.AI register:

Basic

- Name

- Phone number

- Email address

- Company information

Information related to the use of the service

- User profile information

- Supply or demand information for accounting services

- Areas of specialization and expertise

- Service usage history

Matchmaking information

- Compatibility criteria

- Customer relationship status

- Scope of services

- Pricing information

Payment transaction information

- Billing information

- Payment transactions

- Contract history

All information is collected and processed in accordance with data protection principles only to the extent necessary to provide the service.

Disclosure of personal data

Personal data will not be disclosed to third parties unless required to do so by law. Data may therefore be exceptionally disclosed, for example to authorities, if required by law.

Transfers of personal data to third countries

Personal data may be transferred outside the EU and the European Economic Area.

Personal data protection

The controller processes personal data in a manner that aims to ensure appropriate security of personal data, including protection against unauthorized processing and accidental loss, destruction or damage.

The controller uses appropriate technical and organizational safeguards to ensure this goal, including the use of firewalls, encryption technologies and secure hardware environments, appropriate access control, careful management of user IDs for information systems, and instruction of personnel involved in the processing of personal data.

All employees who process personal data are subject to a duty of confidentiality regarding matters related to the processing of registered personal data, based on the Employment Contracts Act (55/2001) and the supplementary confidentiality agreements.

Data retention period

The controller will process personal data for as long as necessary. However, no more than 36 months have passed since the last registered activity on the part of the customer. After this period, the controller will delete or anonymize the data within 2 weeks in accordance with its deletion processes.

The controller may be obliged to process some of the personal data in the register for a longer period than stated above in order to comply with legislation or official requirements.

Profiling

Personal data is used for profiling and other automated decision-making.

Data subject rights

Right to access personal data

The data subject has the right to obtain confirmation as to whether personal data concerning him or her are being processed, and if so, the right to obtain a copy of his or her personal data.

Right to rectification of data

The data subject has the right to request that inaccurate and incorrect personal data concerning him or her be corrected. The data subject also has the right to have incomplete personal data completed by providing the necessary additional information.

Right to erasure of data

The data subject has the right to request the deletion of personal data concerning him/her if:

a. the personal data are no longer needed for the purposes for which they were collected;

b. the data subject withdraws the consent on which the processing of the personal data was based and there is no other legal basis for the processing; or

c. personal data has been processed unlawfully.

Right to restriction of processing

The data subject has the right to restrict the processing of personal data concerning him or her if:

a. the data subject disputes the accuracy of his or her personal data;

b. the processing is unlawful and the data subject opposes the erasure of his or her personal data and instead requests the restriction of their use; or

c. the controller no longer needs the personal data for the original purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims.

Right to object

The data subject has the right, on grounds relating to his or her particular personal situation, to object at any time to the processing of personal data concerning him or her.

The controller may no longer process the personal data of the data subject unless the controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or if it is necessary for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling when it is related to such direct marketing.

Right to withdraw consent

The data subject has the right to withdraw their consent to processing at any time without affecting the lawfulness of processing carried out based on consent before this.

The right to transfer data from one system to another

The data subject has the right to receive the personal data concerning him or her, which he or she has provided, in a structured, commonly used and machine-readable format and the right to transfer that data to another controller.

Right to lodge a complaint with a supervisory authority

The national supervisory authority for personal data is the Office of the Data Protection Ombudsman, which operates under the Ministry of Justice. You have the right to refer your matter to the supervisory authority if you believe that the processing of your personal data violates the relevant legislation.

Changing privacy policies

The controller is constantly developing its operations and may therefore need to change and update its data protection practices as necessary. Changes may also be based on changes in data protection legislation.

If the changes include new purposes for processing personal data or otherwise change significantly, the controller will notify you in advance and, if necessary, request consent.