top of page


Note: This document is an unofficial translation of the Finnish language version of Legal Folks' privacy policy (in Finnish: Tietosuojalauseke). In case of any discrepancy between the original version and the translation, the original Finnish language version shall prevail.


Legal Folks Ltd is s a business law firm. We process personal data of our customers and potential customers responsibly to fulfil the assignments or to provide information on how we provide legal services. Data protection is one our core competence areas and therefore the protection of your privacy is a matter of honour to us.   

This privacy policy provides you with information on:

  • The types of personal data and sources of data

  • Purposes and legal basis for processing

  • Data retention

  • Cookies

  • Data subject’s rights

  • Data transfers

  • Data disclosures

  • Information security measures

  • Updates to the privacy policy


All of employees take responsibility for protecting our customers’ personal data and privacy. Please call us or send us a message if you have any questions about our data protection practices. Our contact details can be found on “Contact” section of our website.


Please note that website may contain links to third party sites. We do not control these sites. We ask you to familiarise yourself with the privacy policies of these third parties when accessing their sites.


We have a fan page on Facebook and we act as joint controllers with Facebook. We collect statistical information on likes, visits and reach of our Facebook page and visitors’ demographic profiles. We cannot identify individual users or combine statistical data with customer data described in this privacy policy. For more information, please visit Facebook privacy practices.


What kind of personal data we process and where do we obtain data?


We process personal data of our customers and the representatives of our business partners, such as, name of the contact person, position, phone number, email address, messages and information on company, such as business ID, address and invoicing details. We also process information that may be required pursuant to Finnish laws to identify our customers and to verify the identity of our customer’s contact persons, such as passport copies. We primarily obtain this information from the customer during the customer relationship.


We obtain personal data of potential customers, such as name, position, phone number and email address, from publicly available sources, such as websites of companies, LinkedIn or through our personal contacts or the contact form of our website.


For what purposes we process the date and what is the legal basis for processing?


We process personal data of our customers and the representatives of our business partners to fulfil the assignments/cotractual relationship, to interact with our customers and to invoice our services. This processing is based on contract between us and the data subject or our legitimate interest to fulfill the contract between us and the company which the data subject represents. We retain invoicing details and information required to identify our customers, such as passport copies, to fulfil our legal obligations.


We process personal data of our potential customers to provide information on our services. This processing is based on our legitimate interest to do direct marketing. We truly believe that our way of working leads to cost efficient and business driven solutions which we provide for the benefit of our customers. In our opinion this processing helps you to make decisions on how you want to procure legal services and we have determined that this does not contravene with your interests or your fundamental rights and freedoms. Please note that you can object processing at any time.


How long do we retain personal data?


We retain customer and business partner data during the customer/contractual relationship and as long as necessary to fulfil our legal obligations, such as those stemming from the Accounting Act or the Act on Preventing Money Laundering and Terrorist Financing. After fulfilling the assignment, we may contact you to gather information on how we succeeded and whether we can assist you in another assignment.


Potential customers often become our customers, but if for some reason this is not the case, we remove personal data of potential customers within a reasonable time from the date we contacted them (no later than within the end of the calendar year).


Do we use cookies?


We may use cookies on the website and collect information regarding user’s terminal equipment and the use of our services. A cookie is a small text file which is saved on user’s browser. Cookies contain anonymous, numerical ID which enables us to calculate visitors and recognise returning visitors. Cookies do not enable us to process any information which could be used to directly identify a user, such as name or email address.


We use cookies to analyse the use of our website and to develop our services. We use Matomo web analytics. You may give your consent or refuse to give consent via the cookie choices made available to you.




What kind of rights do you have as a data subject?


We process your personal data in accordance with legislation and your wishes. You can find below information on your rights ensured by the data protection legislation, but if you have any questions or wishes, please do not hesitate to contact us. Our contact details are found on “Contact” section of our website.


  • Right of access: If you would like to retain a copy of the personal data processed by us, please contact us in writing and attach the necessary information for us to identify you in reliable manner. You may also visit us personally and access your personal data while enjoying a cup of coffee.


  • Right to rectification: Upon your request we rectify any inaccuracies in your personal data. 


  • Data portability: Upon your request, we provide you with a csv-copy of your personal data.


  • Right to object: You may object direct marketing and processing of personal data of potential customers which is based on our legitimate interest by contacting us.


  • Right to be forgotten: We remove personal data which is no longer needed for the purposes described above. You may also request deletion of your personal data.


  • Right to restrict processing: We restrict processing if, for example, we do not need your personal data for the purposes described above, but instead of deletion of data you request us to store the data.


  • Right to revoke consent: You may revoke the possible consent given by you at any time.

  • Right to lodge complaint: If you feel that we have processed your personal data in breach of the applicable data protection legislation or this privacy policy, you may lodge a complaint with the supervisory authority (


Where do we transfer data?


We use partners to process personal data. For example, the provider of our customer and invoicing system, our accountant and the provider of our email and hosting services may access personal data. They are data processors which may use personal data of our customers solely to fulfil the agreement with us. We have executed data processing agreements which aim to ensure that your personal data is processed in accordance with applicable data protection legislation.


Some of our partners may be located outside EU or the EEA. If data processing requires that personal data is transferred or accessed outside EU or the EEA, we make sure that the transfer takes place in accordance with the applicable data protection legislation, for example by executing Standard Contractual Clauses by the European Commission.


Do we disclose personal data to third parties?


If we would sell our business, we could disclose personal data of our customers to the buyer. Before the disclosure we would seek your opinion whether you would like to use the services offered by the buyer. Upon your request we may disclose your personal data to our partners, if we consider that our partners could offer you services instead of us or side by side with us. Otherwise, we do not disclose your personal data to third parties, unless law, regulation, court order or other legal requirement compels disclosure.


What kind of security measures do we use?


We have employed necessary technical and organisational security measures to protect your personal data against unlawful or unauthorised access, disclosure, loss and other unauthorised processing. These measures include, for example, use of firewalls, encryption technologies and secure facilities, appropriate access control, controlled grant of access rights and supervision of use of systems and properly instructing our personnel and partners participating in the processing of personal data.


This privacy policy has been updated on the following occasions:

  • June 10, 2021 when we added information on the processing of the personal data of our business partners' representatives.

  • October 19, 2020 when we took Matomo analytics into use.

  • June 4, 2019 when we updated the business name of our firm. No modifications to content.

  • February 26, 2019 when we took Google Analytics into use and added information on “Do we use cookies” section of this privacy policy. We also added information on joint controllership with Facebook.

  • May 24, 2018 we published changes based on EU General Data Protection Regulation (GDPR) becoming applicable.

bottom of page