Privacy Policy for Guarantee and Miniloan Services

Controller and Contact Information

Guarantee Foundation, Business ID 0858294-9
Teollisuuskatu 21, 00510 Helsinki
tietoturva[at]takuusaatio.fi
In data protection matters, please use the above email address.

Name of Register

The customer register of social finance services (“customer register”). Social finance services include guarantee services for consolidation loans and the Guarantee Foundation’s miniloan services.

Data subjects include current and potential customers of the Guarantee Foundation’s social finance services. Potential customers are people who express an interest in the Guarantee Foundation’s social finance services (guarantee, miniloan) by submitting an individualised service application to the Foundation.

Purpose and Reason for Processing Personal Data

Purposes of Personal Data Processing

The Guarantee Foundation’s social finance services require the processing of personal data. The Guarantee Foundation’s customer register contains, for example, personal data necessary for guarantee, credit, and debt collection activities. Your personal data is used so that we can make decisions on applications, provide you with personal advice, and manage the customer relationship.

For example, we process personal data to:

• make and manage agreements
• conduct customer service and manage customer relationships, including customer communication
• provide services
• develop the controller’s operations
• monitor and analyse the use of our services for statistical purposes
• manage risks.

The data is not used for automated decision-making or profiling.

Legal Basis for Processing

The legal basis for the processing of personal data under the EU General Data Protection Regulation is:

• a person’s consent (given in pursuance of the application for a miniloan or guarantee)
• the legitimate interest of the controller (customer relationship: the customer relationship is formed by submitting an application for a miniloan or guarantee to the Foundation and, for people who receive a positive decision, it continues until the end of the contractual relation)
• a contractual relation or the actions needed to form it.

The Register’s Data Content

The personal data we collect depends on the customer relationship and the service in question. Below is a list of examples of the types of information we collect, but not all of them apply to every customer. We collect general information to identify you as a customer, to better serve you in different service channels, and to communicate with you.

The personal data stored in the register includes:

• Basic information: name, social security number or date of birth, and contact information such as address, telephone number and email address of the data subject and those living in their household.
• Background information: for example, information on the data subject’s family, employment situation, situation in life, financial standing (including income, expenses, spending, payment of debts, property) and debt situation.
• Consents: consents given by the data subject to process personal data.
• Customer information: what service the customer is granted, and all necessary information related to it at different stages of the customer relationship.
• Customer relationship management data: tasks and events related to customer relationship management.
• Recordings and content of messages: recordings and messages, in various formats, in which the data subject is a party, such as emails or communications through another
  channel.
• Special Personal Data Categories: special categories of personal data, as defined in Article 9 of the GDPR, which have an impact on the assessment of solvency, such as health status and trade union membership.