Last updated: 7th of July, 2022.
PlusID Oy takes your data protection seriously and undertakes to comply with the general EU data protection regulation and related national legislation when processing your personal data.
Contact details of the controller
Purpose and legal basis of the processing of personal data
Personal data is stored in the registrar’s register to enable the use of the PlusID service.
The processing of personal data is based on the data subject’s consent, which the data subject gives when registering with the service by accepting this data protection policy.
The processing of personal data is also necessary in connection with the legal obligations of the controller (such as the provisions of the Money Laundering and Payment Institutions Act and related regulations).
Retention periods of personal data and criteria for their determination
We will only retain your personal information for as long and to the extent necessary to provide the Service. If the service is terminated, the data will be retained for the period required by law.
The Money Laundering and Terrorist Financing Prevention Act requires information to be retained for five (5) years from the termination of a regular customer relationship or the execution of an occasional transaction.
Information content of the register
The following information can be stored in the register:
The registered user influences the choice of information to be stored in the service itself, except for the information that is required by the service as mandatory. Mandatory information related to the use of the PlusID service is marked in the above list with an *. Please note that requests for information from PlusID community transaction services vary by service.
In addition, the Service may collect and store other general statistical information related to the development of the Service and user behaviour using Google Analytics. This information is collected anonymously. The service also collects and stores information related to service problems and error situations for the purpose of developing the service. Error report data is anonymised.
Regular sources of personal data
Personal data is obtained from the data subject himself and through third parties through interfaces for retrieving and / or verifying and verifying user data enabled by the PlusID service. Only data for which the data subject has given his or her express consent is stored in the service.
In the case of strong authentication, in connection with the implementation of the service, the PlusID service receives a personal identity number and a user name from the user registered in the service, which is stored and verified in the user’s data.
Through strong authentication via a passport or ID card, the PlusID service receives the ID card or passport number, validity period and other possible identifying information from the user registered in the service. This information is stored and verified in the user information.
With regard to the obsolescence of verified data, the user must ensure the correctness and accuracy of the data as required by the service, so that the validity of the data can be verified in a manner sufficient for the usability of the service.
The data may be disclosed to the registrar’s transaction services belonging to the PlusID community, if the data subject gives permission in the PlusID service. Only information for which the data subject has given his or her prior consent to the disclosure shall be disclosed to the transaction services. The data subject can see each handover transaction from the PlusID interface, from which the information request can also be accepted. By accepting the terms and conditions, the data subject consents to the fact that the information required for the provision of services and access to the service may, however, be disclosed to third parties without the data subject’s express consent.
The information may be disclosed to different authorities as required by applicable law.
Personal data will not be transferred outside the EU or the European Economic Area unless required by applicable law.
Registry security principles
The data controller shall ensure that the personal data of the data subject are stored in a data-secure manner. The controller has extensive organizational and technical measures in place to protect personal data.
The company’s premises have a monitoring and alarm system. The written material is in separately locked rooms. The said material shall be kept for the time required by the law in force at the time. Personal information is only available to a limited number of staff.
The information entered in the register is confidential. The staff has given a commitment to keep the information they receive in the course of their work confidential. Access to the register requires a personal username and password. The controller shall endeavor to correct any errors found without undue delay.
All information stored in the register shall be encrypted in accordance with generally valid and secure principles. The data stored in the register is encrypted during both transmission and storage, and the stored data is encrypted at multiple levels.
Automatic decision making and profiling
The service can perform automatic decision making and user profiling as part of the service’s functionality. In connection with automatic decision-making, the information in the register and, possibly, the services of third parties that enable the use of the service are used. These situations may be related to, for example, checking the user’s creditworthiness, opening the billing function and ensuring the introduction of the service, for example on behalf of the user’s age.
By accepting the terms and conditions, the data subject consents to the use of automated decision-making and profiling without the separate consent of the data subject on a transaction-by-transaction basis.
Under the Data Protection Regulation, the data subject has the following rights:
A) Each registrant has the right to check their data, which has been stored in the personal data register by logging in to the PlusID service with their own user IDs, or a request for register data can be made to PlusID Oy by e-mail to the above address (see “Registrar’s contact information”). In response, the data subject shall also be informed of the origin of the data, their purpose and information on where the data may be disclosed. The data subject shall present in the request for verification his or her identification information necessary for searching for the information.
The data subject may also make a request for personal data by post to:
PlusID Oy, “Request for verification of PlusID information”, PO Box 164, FI-00701 Helsinki
B) Every data subject has the right to request the correction of incorrect information about him or her that is in the customer register. A request for the correction of register information can be made to PlusID Oy by e-mail or post. In his request for rectification, the customer must provide the identification information necessary to search for the information and the changes he requires to be made. A processing fee may be charged for repeated requests from the data subject.
If incorrect, unnecessary, incomplete or otherwise outdated information is discovered on your own initiative through staff or automated inspections, such information will be corrected or deleted immediately.
D) The data subject may also refer a matter concerning his or her data protection rights to the Office of the Data Protection Officer. The website address of the Data Protection Commissioner is: tietosuoja.fi
The service uses the local data storage and / or cookies of the user’s browser. Cookies are used to ensure the functionality, security, development and quality of the service. The user can delete cookies or stored data at any time from their browser. The PlusID service may not work in all respects without permission to store data and / or cookies.