Privacy policy

The purpose of this Privacy Notice is to inform how and why Intera Partners Oy (later the “Controller” or “we”) collect, store and process personal data of the representatives of clients, prospects and business partners of the Controller, as well as the representatives of investors investing or contemplating in investing in funds managed by the Controller (such representatives being the data subjects) as well as website visitors of Intera Partners Oy website. Personal data refers to any information relating to a natural person (“data subject”), which allows a person to be directly or indirectly identified, as defined in the General Data Protection Regulation (EU 2016/679).

We are dedicated to processing the personal data in compliance with the General Data Protection Regulation and other applicable data protection and privacy laws (together the “data protection legislation”). This privacy policy describes in detail the procedures for the collection, processing and disclosure of personal data, as well as the rights of the data subject.

1. Data controller and contact information

Intera Partners Oy

Keskuskatu 1A, 00100 Helsinki, Finland

E-mail: info@interapartners.fi, with a copy to krista.koskinen@interapartners.fi

2. Legal basis and purposes of processing

 The processing of personal data is based on the following legal basis:

  • (i) legitimate interest of the Controller or a third party (such as current or future clients or business partners of the Controller); the legitimate interest being e.g. the performance of an agreement between the entity represented by the data subject and the Controller (or any of its subsidiaries), or another relevant connection between the data subject and the Controller, as well as other legitimate interests of the Controller as further specified below;
  • (ii) compliance with statutory obligations, to which the Controller is subject, such as accounting and tax related obligations, and including obligations arising from the Act on Detecting and Preventing Money Laundering and Terrorist Financing (444/2017, as amended) and from the Finnish Act on Alternative Investment Funds Managers (162/2014, as amended);
  • (iii) consent of the data subject.

We process the personal data for the following purposes:

  1. managing and developing business relations and other relevant connections with the client, the business partner or the investor, including business communications and marketing;
  2. the provision of the services ordered by or from the entity represented by the data subject, and the execution of obligations related to the provision of the services;
  3. invoicing, keeping track of the accuracy of invoicing and the execution of administrative payments and costs;
  4. as applicable, preventing, revealing and investigating money-laundering and terrorist financing as well as for the purposes of bringing under the relevant authorities’ investigation money laundering, terrorist financing and/or criminal acts (by which the assets or benefit of crime have been received) and complying with other applicable laws and regulations (including obligations to report to tax authorities);
  5. in case of representatives of investors, processing subscriptions of interests, drawdown notices and payments of distributions to the holders of interests and more generally fulfilling the obligations under the fund agreements and providing services in relation to the investor’s investment;
  6. ensuring the security of our services, risk management, as well as preventing and solving abuses and frauds;
  7. making tax filings and reports;
  8. business planning and development.

The provision of personal data and the processing thereof for the purposes set out above is in most cases necessary for both statutory and contractual reasons. Should the representative(s) of the clients, the business partner or the investors fail to provide the required personal data, we may not be able to fulfil our statutory or contractual obligations and thus we may not be able to enter into or continue the business relation between us and the relevant client, business partner or investor.

3. Categories of personal data and sources of data

We only collect personal data relevant and necessary for the purposes outlined in this Privacy Notice. Such personal data may include in particular the following data, as applicable:

  • name and contact information (such as business address, telephone number and email address);
  • preferred language where applicable;
  • information concerning the data subject’s employer, title and position or assigned tasks within the entity represented by the data subject;
  • information on the business relationship and information related to the relevant agreement and the data subject’s association to the agreement;
  • invoicing and payment details;
  • details on communications and other interaction between the data subject and us, such as information on phone calls and other conversations including emails as well as information concerning executed marketing acts;
  • email distribution list memberships;
  • information required to be collected pursuant to anti-money laundering regulations or other regulations (including to those relating to reporting to tax authorities), such as “know your customer” (KYC) information, including social security numbers / dates of birth / personal identity codes / tax identification numbers, nationalities / tax residences and photos (in passports or identity documents), status as a politically exposed person (or a family member or an affiliate thereof) as applicable, source(s) of funds and information of financial standing and assets, investment experience and occupational background;
  • data collected automatically from Intera Partners’ website.

The personal data is mainly collected from the data subjects themselves or, in case of representatives of investors, from the relevant investor, for example, in connection with entering into agreements and completing forms and questionnaires in connection therewith and in connection with any later updates or amendments to such information, in connection to business communications and marketing as well as otherwise during the contractual relationship. Where required or permitted by the law, we may collect data also from other sources. Website data is collected automatically when visiting the website. More information on data collected from the website can be found from the cookie banner included on the Intera Partners’ website.

4. Retention of personal data

The retention time of the collected personal data is subject to the legal basis and purpose of processing. In general, all collected personal data will be retained at least for the term of the relevant agreement, unless a longer retention period is required by law (for example regarding obligations and responsibilities related to accountancy or reporting) or unless the data is needed for drafting or presenting a claim or for a legal defence or for resolving any disputes.

Where the personal data is collected on the basis of an obligation based on applicable law, the retention of the personal data may also be subject to explicit statutory requirement. For example, KYC information will be retained in compliance with the Act on Detecting and Preventing Money Laundering and Terrorist Financing for at least five (5) years after the end of the customer relationship, unless the further retention of such data is necessary to safeguard criminal investigation, pending litigation or the rights of the controller or its employed party. The necessity of further storage of data and documents will then be examined no later than three (3) years after the previous verification of the necessity of storage (Money Laundering Act, Section 4).

When the personal data is no longer needed as defined above, data is deleted within a reasonable time. If the collection and storage of personal data has been based solely on the data subject ‘s consent, personal data will be deleted at the request of the data subject.

5. Protection of data

The controller is responsible for ensuring that the data stored in the service is processed in accordance with good data security practices and the instructions given by the controller.

We are responsible for the technical protection of the data stored in the register, which includes, for example; internal security, access control, software security updates and backups. In addition to internal tests, the service’s information security is also tested with third-party security checks.

The communication between the service and the user’s browser is always protected by strong encryption.

 

6. Transfers and disclosures of personal data

We may utilise service providers and third parties to carry out our business and delegate some of our operations to our service providers, and we may transfer personal data to such service providers for processing. For example, we use IT service providers e.g. to deliver office and communications software and equipment, and providers of administration services. We also use legal, accounting, and other service providers, to which we may transfer or disclose personal data.

We may disclose personal data within the limits permitted or required by applicable legislation from time to time, for example to competent authorities when required to do so under applicable laws (for example to tax authorities in Finland and other countries in which we are required to fulfil statutory obligations), or to prepare for legal proceedings or to defend a claim. In addition, we may disclose personal data to financial service providers, such as banks and custodians, or to a debt collection agency for purposes of debt collection, depositary service provider, or to other service providers, but only to the extent that the fulfilment of their tasks requires the disclosure of personal data. To a limited extent, and within the limits permitted or required by applicable legislation from time to time, we may disclose some information also to the portfolio companies of managed funds (or providers of debt financing or purchasers of such companies).

In case of representatives of investors, personal data may also be disclosed to other limited partners (and as applicable, their general partners and/or managers). List of the applicable recipients of personal data will be provided upon request.

If personal data would be transferred outside the European Union or the European Economic Area, we shall ensure by contractual or other applicable measures that the transfers are subject to appropriate safeguards. More information on cross border transfers of the personal data and on the appropriate safeguards applied thereto from time to time is available upon request.

7. Rights of the data subject

The data subject has the rights set out in the General Data Protection Regulation.

  • Right of access: The data subject has the right to obtain a confirmation whether his or her personal data is processed, and to access the personal data about himself/herself and to request to receive the data in a paper copy or in an electronic form.
  • Right to rectification and erasure: The data subject has the right to demand the Controller to correct any incorrect or incomplete personal data and under certain conditions, the right to request the erasure of his/her personal data.
  • Right to restriction of processing: The Controller may be obliged to restrict the processing of personal data in accordance with the conditions set out in the General Data Protection Regulation.
  • Right to object to processing: In certain cases, the data subject may have the right to object to processing of personal data concerning him or her. The data subject always has the right to object the use of his/her personal data for purposes of direct marketing.

The data subject can use these rights by submitting a request to us by using the contact information mentioned in the beginning of this Privacy Notice.

After receiving all the required information to complete the request, including confirmation of identity, we will start the processing of the request. We will contact the data subject at the latest within a period of one month. If the request is denied, the data subject will be informed about the refusal in writing. We may refuse the request (such as erasure of the data) due to a statutory obligation or right.

In case the data subject considers our processing activities of personal data to be inconsistent with the applicable data protection legislation, the data subject has the right to lodge a complaint with the competent data protection supervisory authority. This can be done on the Data Protection Ombudsman’s website: https://tietosuoja.fi/ilmoitus-epakohdasta-henkilotietojen-kasittelyssa.

8. Profiling and automated decision-making

We do not perform profiling on the data subject on the basis of personal data or use automated decision-making.

9. Changes to this privacy notice

We may change this Privacy Notice from time to time, whenever necessary. The changes might also be based on the amendments of the legislation. All changes will be made available on our website.