top of page


Note: This document is an unofficial translation of the Finnish language version of Legal Folks' privacy policy (in Finnish: Tietosuojalauseke). In case of any discrepancy between the original version and the translation, the original Finnish language version shall prevail.


Legal Folks Ltd is s a business law firm. We process personal data of our customers and potential customers responsibly to fulfil the assignments or to provide information on how we provide legal services. Data protection is one our core competence areas and therefore the protection of your privacy is a matter of honour to us.   

This privacy policy provides you with information on:

  • The types of personal data and sources of data

  • Purposes and legal basis for processing

  • Data retention

  • Cookies

  • Data subject’s rights

  • Data transfers

  • Data disclosures

  • Information security measures

  • Updates to the privacy policy


All of employees take responsibility for protecting our customers’ personal data and privacy. Please call us or send us a message if you have any questions about our data protection practices. Our contact details can be found on “Contact” section of our website.


Please note that website may contain links to third party sites. We do not control these sites. We ask you to familiarise yourself with the privacy policies of these third parties when accessing their sites.


What kind of personal data do we process and where do we obtain data?


We process the kind of personal data of our customers and the representatives of our business partners that is necessary for the contractual relationship or for our legal obligations. We receive the data mainly from customers and partners during the duration of the customer or other relationship as well as from public registers such as the Finnish Trade Register.

We process the following categories of data: 

  • basic information about the customer, such as full name, address, language 

  • personal identity code and possibly business ID of a person acting on their own behalf or on behalf of a company for reliable identification 

  • information related to invoicing and debt collection 

  • information related to the customer relationship and contractual relationship, such as the services provided to the customer, their performance and use, and other similar information 

  • permission information and prohibitions, such as direct marketing permissions and prohibitions 

  • interests and other information provided by the customer himself/herself

  • other transaction data in the Services 

  • complaints and their processing data 


In the register data concerning the supervision of the Finnish Anti-Money Laundering Act, we process the following data related to the customer: 

  • name, date of birth and personal identity code 

  • name, date of birth and personal identity code of the representative 

  • full name, registration number, date of registration and registration authority of the legal entity 

  • full names, dates of birth and nationalities of the members of the board of directors or equivalent decision-making body of the legal person 

  • field of activity of the legal person 

  • name, date of birth and personal identification number of beneficial owners 

  • the name of the document used for the verification of identity, the document number or other identifying data and the issuer or a copy of the document or, if the customer has been remotely identified, information on the procedure or sources used for the verification 

  • information  on the activities of the customer, the nature and extent of the business, his financial position, the reasons for the use of the transaction or service and information on the source of funds and other statutory information necessary for the purpose of knowing the customer

  • information relating to the origin of the risks and information necessary for the fulfilment of enhanced due diligence in relation to politically exposed persons 

  • in the case of a foreign citizen who does not have a Finnish personal identity code, information on the nationality of the resident and information on the travel document


We obtain personal data of potential customers, such as name, position, phone number and email address, from publicly available sources, such as websites of companies, LinkedIn or through our personal contacts or the contact form of our website.


For what purposes do we process the date and what is the legal basis for processing?


We process personal data of our customers and the representatives of our business partners to fulfil the assignments/cotractual relationship, to interact with our customers and to invoice our services. This processing is based on contract between us and the data subject or our legitimate interest to fulfill the contract between us and the company which the data subject represents. We retain invoicing details and information required to identify our customers, such as passport copies, to fulfil our legal obligations.

As a legal services company, we must collect the personal data necessary to identify the customer and fulfil legal obligations. In addition, we collect personal data that we need to comply with our conflict of interest procedures. In accordance with the Finnish Anti-Money Laundering Act, customer due diligence data and other personal data in accordance with the law are stored, retained and may be used for the prevention, detection and investigation of money laundering and terrorist financing, as well as for the purpose of investigating money laundering and terrorist financing and the crime by which the property or proceeds of crime subject to money laundering or terrorist financing have been obtained. Customer due diligence data or other personal data obtained solely for the purpose of preventing and detecting money laundering and terrorist financing will not be used for purposes incompatible with these purposes.

Where necessary, we process biometric data for the purpose of uniquely identifying a person (such as the processing of a facial image and passport or identity card of an identifiable person). The legal basis for processing is an important reason for public interest under legislation, i.e. processing as described in this privacy policy for purposes referred to in the Finnish Anti-Money Laundering Act.


We process personal data of our potential customers to provide information on our services. This processing is based on our legitimate interest to do direct marketing. We truly believe that our way of working leads to cost efficient and business driven solutions which we provide for the benefit of our customers. In our opinion this processing helps you to make decisions on how you want to procure legal services and we have determined that this does not contravene with your interests or your fundamental rights and freedoms. Please note that you can object processing at any time.

We do not carry out profiling of customers based on personal data or use automated decision-making.


How long do we retain personal data?


We retain customer and business partner data during the customer or other contractual relationship and as long as necessary to fulfil our legal obligations, such as those stemming from the Accounting Act or the Act on Preventing Money Laundering and Terrorist Financing. After fulfilling the assignment, we may contact you to gather information on how we succeeded and whether we can assist you in another assignment.


Potential customers often become our customers, but if for some reason this is not the case, we remove personal data of potential customers within a reasonable time from the date we contacted them (no later than within the end of the calendar year).


Do we use cookies?


We may use cookies on the website and collect information regarding user’s terminal equipment and the use of our services. A cookie is a small text file which is saved on user’s browser. Cookies contain anonymous, numerical ID which enables us to calculate visitors and recognise returning visitors. Cookies do not enable us to process any information which could be used to directly identify a user, such as name or email address.


We use cookies to analyse the use of our website and to develop our services. We use Matomo web analytics. You may give your consent or refuse to give consent via the cookie choices made available to you.




What kind of rights do you have as a data subject?


We process your personal data in accordance with legislation and your wishes. You can find below information on your rights ensured by the data protection legislation, but if you have any questions or wishes, please do not hesitate to contact us. Our contact details are found on “Contact” section of our website.


  • Right of access: If you would like to retain a copy of the personal data processed by us, please contact us in writing and attach the necessary information for us to identify you in reliable manner. You may also visit us personally and access your personal data while enjoying a cup of coffee. Please note that you do not have the right to access data obtained in order to fulfil the reporting or information obligation laid down in the Finnish Anti-Money Laundering Act. However, the Data Protection Officer may, at your request, verify the lawfulness of the processing of this data.


  • Right to rectification: Upon your request we rectify any inaccuracies in your personal data. 


  • Data portability: Upon your request, we provide you with a csv-copy of your personal data.


  • Right to object: You may object direct marketing and processing of personal data of potential customers which is based on our legitimate interest by contacting us.


  • Right to be forgotten: We remove personal data which is no longer needed for the purposes described above. You may also request deletion of your personal data.


  • Right to restrict processing: We restrict processing if, for example, we do not need your personal data for the purposes described above, but instead of deletion of data you request us to store the data.


  • Right to revoke consent: You may revoke the possible consent given by you at any time.

  • Right to lodge complaint: If you feel that we have processed your personal data in breach of the applicable data protection legislation or this privacy policy, you may lodge a complaint with the supervisory authority (


Where do we transfer data?


We use partners to process personal data. For example, the provider of our customer and invoicing system, our accountant and the provider of our email and hosting services may access personal data. They are data processors who process personal data on our behalf and may not use the data for their own purposes. We have entered into data processing agreements with our partners to ensure that your personal data is processed in accordance with applicable data protection legislation.


Some of our partners may be located outside EU or the EEA. If data processing requires that personal data is transferred or accessed outside EU or the EEA, we make sure that the transfer takes place in accordance with the applicable data protection legislation, for example by using the EU Commission's standard contractual clauses or utilizing the EU-US Data Privacy Framework.


Do we disclose personal data to third parties?


If we would sell our business, we could disclose personal data of our customers to the buyer. Before the disclosure we would seek your opinion whether you would like to use the services offered by the buyer. Upon your request we may disclose your personal data to our partners, if we consider that our partners could offer you services instead of us or side by side with us. Otherwise, we do not disclose your personal data to third parties, unless law, regulation, court order or other legal requirement compels disclosure.


What kind of security measures do we use?


We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel and partners participating in the processing of personal data.


This privacy policy has been updated on the following occasions:

  • February 22, 2024 when we updated the Privacy Notice to correspond to the amendments made to the Finnish Anti-Money Laundering Act.

  • June 10, 2021 when we added information on the processing of the personal data of our business partners' representatives.

  • October 19, 2020 when we took Matomo analytics into use.

  • June 4, 2019 when we updated the business name of our firm. No modifications to content.

  • February 26, 2019 when we took Google Analytics into use and added information on “Do we use cookies” section of this privacy policy. We also added information on joint controllership with Facebook.

  • May 24, 2018 we published changes based on EU General Data Protection Regulation (GDPR) becoming applicable.

bottom of page