Purpose of personal data processing and the register
The processing of personal data is based on investment services legislation, the Act on Preventing Money Laundering and Terrorist Financing, and for fulfilling the obligations specified in the agreement, i.e. the client’s order to Sifter Capital for the purchase of the financial instrument and for the implementation of the measures required to carry out the order.
Sifter Capital processes personal data to ensure the implementation of the client’s business and service transactions, the prevention of money laundering and terrorist financing as mandated by anti-money laundering legislation, and for fulfilling the “know your customer” obligation of investment service providers, as well as for conducting appropriateness tests.
In addition to the aforementioned purposes, Sifter Capital uses personal data to handle and manage its customer relations and implement its customer services. In addition to these, the data may be utilized in the analysis and reporting of Sifter Capital’s activities.
The data may also be used for marketing purposes. Based on the client’s consent, the client’s personal data may be used in direct online marketing.
The provision of personal data is a prerequisite for the establishment of a client relationship.
Data contents of the register
The client register may contain the following data concerning the client (and/or possible beneficial owner):
Identification data, such as:
- the client’s basic and contact information (name, address, home municipality, phone number, email address, nationality, country of residence, country of taxation)
- personal identification number or date of birth
- business ID and Trade Register number, LEI code
- title, profession, education, position in an entity
Other data, such as:
- bank and securities account number
- data based on the Act on Preventing Money Laundering and Terrorist Financing and the related risk classifications
Data related to the implementation of the client relationship and the client’s investment activities, such as:
- client ID
- client classification
- data concerning the client’s investment-related experience and knowledge for conducting an appropriateness test
- data on the services used by the client, their provision, and invoicing
- start date of the client relationship
- data concerning client identification events and the use of the investment services
- Calls may be recorded, and they are stored digitally
Information sources / regular information sources used by the register
The data on a client is collected directly from the client with digital and/or paper client information forms as well as with agreements in connection with the client relationship, customer service, or otherwise directly from the client.
Sifter Capital may also collect client data whenever necessary from public registers, such as from the Population Register Centre, the Trade Register, Suomen Asiakastieto Oy, or other reliable parties. Sifter Capital may collected client data from registers maintained by public authorities to the extent permitted by law.
Storage period of register data
Client data is stored in accordance with the Act on Investment Services and the Act on Preventing Money Laundering and Terrorist Financing for the duration of the client relationship as well as for five (5) years after the end of the client relationship.
Disclosure of personal data
Data is disclosed to the authorities whenever required by law. Data may be disclosed to the companies belonging to the same group as Sifter Capital in Finland or abroad, within the limits permitted by the Personal Data Act and Act on Investment Services.
No data is disclosed to any third parties without the consent of the data subject. No data is disclosed or transferred from the register to a country located outside the EU or EEA without the client’s consent, unless otherwise required by agreements concerning the exchange of tax information between Finland and a country located outside the EU or EEA.
Register protection principles
Sifter Capital complies with the law and the orders and instructions issued by public authorities in the processing and protection of its personal data. Personal data is processed only by those persons separately appointed by Sifter Capital who require access to the data in the register to manage their client or service relationships or for ensuring internal risk management.
Sifter Capital has provided instructions on the use of the register. All register users are identified, and access to the register and the provision of access rights are monitored closely.
- the data is stored in a locked storage or fire safety cabinet at Sifter Capital’s offices, and access to this location is limited to Sifter Capital’s staff
- the processing of personal data requires a personal user ID and password, both of which are issued only to specific individuals. This allows us to monitor who processes our data and how. If any data is modified, it will leave a digital trail, which specifies the date and time of the modification and the person responsible for the modification. Digital materials are stored in duplicate and protected by firewalls and with an antivirus suite
The rights of the client
The right to inspect
Clients have the right to inspect the data in the register that concerns them. If a client wishes to inspect any data that applies to them, they must submit a written and personally signed request to the data controller or present their request in person to the data controller.
As a rule, the data inspection process is free of charge. The data controller will submit the requested data to the client or provide them with the opportunity to inspect the data without undue delay.
If some data in the register is e.g. out of date, inadequate, erroneous or unnecessary, the client has the right to request the rectification of the data concerning them. This request for rectification must be submitted in writing to the specified address and it must contain enough specific details.
Sifter Capital will, on its own initiative, correct any detected erroneous, unnecessary, inadequate or out-of-date personal data without undue delay.
The client also has the right to demand that the data controller limit the processing of their personal data in e.g. situations where the client is waiting for the data controller’s response to their request for the rectification or removal of their data.
The client’s right to transfer their data from one system to another
Insofar as the client has personally provided data that is processed on the basis of the client’s consent to the register, the client has the right to be provided with this type of data in a primarily machine-readable form, and they also have the right to transfer this data to another data controller.
The client’s right to file a complaint with a supervisory authority
The client has the right to file a complaint with the competent supervisory authority, for example if the client feels that the data controller’s activities have not been compliant with the applicable data protection legislation.
The client always has the right to revoke their previous consent to the processing of their personal data. However, the revocation of this consent will not affect the processing of personal data necessary for Sifter Capital’s compliance with its statutory obligations.
The client has the right to forbid the data controller from using their personal data for the purposes of direct marketing, distance sales and other forms of direct marketing, as well as for the purposes of market and consumer opinion research or for personal register and genealogical purposes.
The client has the right, on the basis of special personal circumstances, to object to any profiling activities concerning them and other processing activities that the data controller applies to the client’s data, insofar as the basis for the processing of the data is based on the legitimate interest of the data controller.
In connection with their demand, the client must specify the special circumstances on the basis of which they object to the processing. The data controller may refuse to implement the objection request on the basis of a reason that is based on law.
Exercise of rights
These rights may be exercised by submitting a written and personally signed request to the following address.
Sifter Capital Ltd
Business ID: 2699119-9
Address: Kasarmikatu 14A, 00130 Helsinki, Finland
Santeri Korpinen, CEO Puhelin: +358 50 368 9129 Email: firstname.lastname@example.org
Name of register
Sifter Capital Ltd client register