GF Money Privacy Statement

At GF Money (“GF”), we are committed to protecting your rights and keeping your personal information secure. In this privacy statement, we describe how we collect, use and store personal information and how we disclose that information to third parties. We also describe our cookie policies.

Please read the privacy statement carefully. By using our site, you consent to the processing of your personal information as described in this privacy statement.

We reserve the right to change and update this privacy statement as necessary. We will disclose any material changes to the Privacy Statement in a prominent manner, such as by posting them in the news section on our website.

1  Registrant and contact details

GF Money Oy
Business ID: 2382033-5
Address: Pitkämäenkatu 11, 20250 Turku
Telephone number: 09 427 05044 (pvm/mpm)

2 Name of the registry customer register

3 Group of registrants

  1. The person has had a contractual relationship with the controller or has sought a contractual relationship with the controller, for example by submitting his or her contact information to the online service; or
  2. the person has participated in the registrar’s marketing campaign or subscribed to the newsletter.

4 What personal information is collected

Personal information is most often collected directly from you or from the use of our products or services. We sometimes need additional information to keep the information up to date or to ensure the accuracy of the information we receive.

Personal information we collect directly from you:

  • Basic information such as name, contact information, personal identification number, home address, phone number, email address, and bank account information.
  • Company information, such as business ID and company contact information.
  • Customer-related information such as time of enrollment, investments made and status, and the income accumulated on investments.
  • Information is required to comply with legal obligations, such as information about the client’s potential political influence and the origin of the funds.
  • Information related to communication, such as messages sent via our digital channels and e-mails.

Personal information we collect from third parties:

  • Credentials through banks’ Tupa -identification service.
  • Publicly available information from government registers, such as the Population Register and the Tax Administration Register.

Lisäksi yhteystietoja voidIn addition, contact information can be updated through contact service providers.

5 Criteria for the processing of personal data

We use personal information to fulfill our legal and contractual obligations and to provide our customers with advice and services.

Implementation of contractual obligations or pre-contactual measures:

The main purpose of processing personal data is to collect, process, and verify personal information before concluding the contract and to document, manage and perform the tasks stated in the contract.

Examples of tasks related to the implementation of the agreement:

  • offering investment services
  • approval of investments
  • customer service during the contract period

Statutory obligation

In addition to the implementation of the agreement, compliance with the obligations under the law, regulations, and decisions of the authorities require us to process personal data.

Examples of legal obligations:

  • identity verification
  • maintaining a list of shareholders
  • measures to prevent money laundering and financing of terrorism
  • accounting regulations
  • regulatory reporting

Legitimate interest

Legitimate interest relates to conducting and managing our business so that we can provide our customers with the best possible service and the most secure user experience on our websites and our services. This may also involve profiling (see section 6).

For example, the legitimate interest may allow us to send you direct marketing on similar products and services. In addition, we may have a legitimate interest in transferring personal information within the company in case of internal administrative reasons.

6 Automatic decision-making and profiling

The service does not involve automatic decision-making.

Our websites use the Google Analytics tracking program, which provides us with information about your business on our websites. For this purpose, Google Analytics uses cookies, whereby the information generated by the use of the website is transmitted to and stored by Google. We use IP address encryption in Google Analytics. According to Google Analytics Terms of Service, Google will not associate the IP addresses of registrants with any other data held by Google.

7 Disclosure of personal information

We may disclose personal information to third parties and companies belonging to GF Group.

Offering our services and complying with the agreements require us to process your personal information. For example, paying for investment through an online service requires you to provide your personal information to the service provider.

We have made agreements with selected service providers that involve the processing of personal information on our behalf. Such agreements have been made with, for example, suppliers of e-mail marketing and customer service tools, as well as maintenance and server services (“processors of personal data”). We only use processors who provide adequate safeguards and data protection measures to meet the requirements of the Privacy Policy.

We also disclose personal information to the authorities to the extent required by law. These authorities include, for example,  tax, police, and supervisory authorities.

In addition, we may have a legitimate interest in transferring personal information within the company due to internal administrative reasons.

Data transfer to third countries

In some cases, we may also transfer personal data to organizations outside the European Economic Area, the so-called third countries. Such data transfer is only possible if one of the following conditions is met:

  • the EU Commission has decided that the level of data protection in that country is adequate;
  • the transfer of data uses standard contract clauses approved by the EU Commission; or
  • the recipient has agreed to comply with the EU-US Privacy Shield.

We use a tool with servers located outside the EU to send emails. This U.S. supplier is committed to complying with the Privacy Shield.

8 How long we store personal information

We will retain your information for as long as it is needed for the purpose for which it was collected and processed, or for as long as required by law and regulations.

The retention of data is regulated, inter alia, as follows:

  • Data in accordance with the Money Laundering Act must be kept for at least five years after the termination of the business relationship or the performance of an individual transaction.
  • Accounting records must be kept for at least ten years.

9 How we protect personal information

The protection of personal information is at the heart of our operations. We have appropriate technical, organizational, and administrative security procedures in place to protect all information in our possession from loss, misuse, unauthorized use, alteration, and destruction.

We protect personal data register by measures such as:

  • the registry and its backups are located in secure and controlled device space,
  • the equipment is protected by a firewall,
  • websites use an SSL-secured connection,
  • the systems are protected by a username and password; and
  • the personal data register shall be accessible only to those employees who are entitled to it in the course of their work and shall also be bound by the obligation of professional secrecy with regard to the data in the register.

10 Your rights as a registered user

When registered, you have multiple rights to influence and obtain information about the processing of your personal information.

  1. You have the right to verify the personal information we hold about you. A request for verification of the data must be made to the controller at the address given in section 1.

Please note that the right to inspect may be restricted by law, the protection of the privacy of others, or the trade secrets of the GF Group.

  1. You have the right to request the correction of incomplete, outdated, or incorrect information. Some of the information can be corrected directly on the registrar’s online service, or you can request a correction to the registrar at the address given in section 1.
  2. You have the right to object to the processing of your personal data for direct marketing purposes in accordance with our legitimate interests. You can also unsubscribe from email marketing in the future by clicking the “unsubscribe” link at the end of each message.

In many cases, the law requires us to retain your personal information during and even after the customer relationship in case the processing of the information is necessary to comply with legal obligations or to process legal claims.

11 Cookies

We use cookies on our websites and by using our websites, you accept the use of cookies. A cookie is a small text file that is stored on your computer by your computer, phone, or tablet. The use of cookie information in accordance with the cookie message displayed on the service to a new user requires that the user has accepted the cookies while using our online service. The use of cookies is a common practice on most websites.

We use cookies:

  • to improve the user experience of the website,
  • to remember your personal settings
  • to provide relevant content and information,
  • to ensure the security of websites, and
  • to collect statistics about our website usage and to measure the effectiveness of our advertising.

You can clear cookies from the browser settings of the device you are using. In this case, the identifier used to collect information about you will change. You can also completely block the use of cookies by changing the browser settings of the device you are using. Blocking cookies may affect the functionality of our services. If you choose to block cookies, you may not be able to take full advantage of the online services we provide.

12   Dispute Settlement

We strive to resolve disputes regarding the processing of personal data directly with the individual. However, if you are dissatisfied with the processing of your personal data, you have the right to forward it to be solved by the Data Protection Authority.