GF Money Privacy Statement
At GF Money (“GF”), we are committed to protecting your rights and keeping your personal information secure. In this privacy statement, we describe how we collect, use and store personal information and how we disclose that information to third parties. We also describe our cookie policies.
Please read the privacy statement carefully. By using our site, you consent to the processing of your personal information as described in this privacy statement.
We reserve the right to change and update this privacy statement as necessary. We will disclose any material changes to the Privacy Statement in a prominent manner, such as by posting them in the news section on our website.
1 Registrant and contact details
GF Money Oy
Business ID: 2382033-5
Address: Pitkämäenkatu 11, 20250 Turku
Telephone number: 09 427 05044 (pvm/mpm)
2 Name of the registry
gfmoney.com customer register
3 Group of registrants
- The person has had a contractual relationship with the controller or has sought a contractual relationship with the controller, for example by submitting his or her contact information to the online service; or
- the person has participated in the registrar’s marketing campaign or subscribed to the newsletter.
4 What personal information is collected
Personal information is most often collected directly from you or from the use of our products or services. We sometimes need additional information to keep the information up to date or to ensure the accuracy of the information we receive.
Personal information we collect directly from you:
- Basic information such as name, contact information, personal identification number, home address, phone number, email address, and bank account information.
- Company information, such as business ID and company contact information.
- Customer-related information such as time of enrollment, investments made and status, and the income accumulated on investments.
- Information is required to comply with legal obligations, such as information about the client’s potential political influence and the origin of the funds.
- Information related to communication, such as messages sent via our digital channels and e-mails.
Personal information we collect from third parties:
- Credentials through banks’ Tupa -identification service.
- Publicly available information from government registers, such as the Population Register and the Tax Administration Register.
Lisäksi yhteystietoja voidIn addition, contact information can be updated through contact service providers.
5 Criteria for the processing of personal data
We use personal information to fulfill our legal and contractual obligations and to provide our customers with advice and services.
Implementation of contractual obligations or pre-contactual measures:
The main purpose of processing personal data is to collect, process, and verify personal information before concluding the contract and to document, manage and perform the tasks stated in the contract.
Examples of tasks related to the implementation of the agreement:
- offering investment services
- approval of investments
- customer service during the contract period
In addition to the implementation of the agreement, compliance with the obligations under the law, regulations, and decisions of the authorities require us to process personal data.
Examples of legal obligations:
- identity verification
- maintaining a list of shareholders
- measures to prevent money laundering and financing of terrorism
- accounting regulations
- regulatory reporting
Legitimate interest relates to conducting and managing our business so that we can provide our customers with the best possible service and the most secure user experience on our websites and our services. This may also involve profiling (see section 6).
For example, the legitimate interest may allow us to send you direct marketing on similar products and services. In addition, we may have a legitimate interest in transferring personal information within the company in case of internal administrative reasons.
6 Automatic decision-making and profiling
The service does not involve automatic decision-making.
7 Disclosure of personal information
We may disclose personal information to third parties and companies belonging to GF Group.
Offering our services and complying with the agreements require us to process your personal information. For example, paying for investment through an online service requires you to provide your personal information to the service provider.
We also disclose personal information to the authorities to the extent required by law. These authorities include, for example, tax, police, and supervisory authorities.
In addition, we may have a legitimate interest in transferring personal information within the company due to internal administrative reasons.
Data transfer to third countries
In some cases, we may also transfer personal data to organizations outside the European Economic Area, the so-called third countries. Such data transfer is only possible if one of the following conditions is met:
- the EU Commission has decided that the level of data protection in that country is adequate;
- the transfer of data uses standard contract clauses approved by the EU Commission; or
- the recipient has agreed to comply with the EU-US Privacy Shield.
We use a tool with servers located outside the EU to send emails. This U.S. supplier is committed to complying with the Privacy Shield.
8 How long we store personal information
We will retain your information for as long as it is needed for the purpose for which it was collected and processed, or for as long as required by law and regulations.
The retention of data is regulated, inter alia, as follows:
- Data in accordance with the Money Laundering Act must be kept for at least five years after the termination of the business relationship or the performance of an individual transaction.
- Accounting records must be kept for at least ten years.
9 How we protect personal information
The protection of personal information is at the heart of our operations. We have appropriate technical, organizational, and administrative security procedures in place to protect all information in our possession from loss, misuse, unauthorized use, alteration, and destruction.
We protect personal data register by measures such as:
- the registry and its backups are located in secure and controlled device space,
- the equipment is protected by a firewall,
- websites use an SSL-secured connection,
- the systems are protected by a username and password; and
- the personal data register shall be accessible only to those employees who are entitled to it in the course of their work and shall also be bound by the obligation of professional secrecy with regard to the data in the register.
10 Your rights as a registered user
When registered, you have multiple rights to influence and obtain information about the processing of your personal information.
- You have the right to verify the personal information we hold about you. A request for verification of the data must be made to the controller at the address given in section 1.
Please note that the right to inspect may be restricted by law, the protection of the privacy of others, or the trade secrets of the GF Group.
- You have the right to request the correction of incomplete, outdated, or incorrect information. Some of the information can be corrected directly on the registrar’s online service, or you can request a correction to the registrar at the address given in section 1.
- You have the right to object to the processing of your personal data for direct marketing purposes in accordance with our legitimate interests. You can also unsubscribe from email marketing in the future by clicking the “unsubscribe” link at the end of each message.
In many cases, the law requires us to retain your personal information during and even after the customer relationship in case the processing of the information is necessary to comply with legal obligations or to process legal claims.
- to improve the user experience of the website,
- to remember your personal settings
- to provide relevant content and information,
- to ensure the security of websites, and
- to collect statistics about our website usage and to measure the effectiveness of our advertising.
12 Dispute Settlement
We strive to resolve disputes regarding the processing of personal data directly with the individual. However, if you are dissatisfied with the processing of your personal data, you have the right to forward it to be solved by the Data Protection Authority.