Siirry suoraan sisältöön
BR Capital Oy – Privacy Policy

BR Capital Oy is committed to respecting and protecting the privacy of its customers. This privacy policy sets out the information required by the EU General Data Protection Regulation (EU) 2016/679 (hereinafter ”GDPR”) and other applicable data protection laws concerning the processing of personal data carried out by the company.

Controller and Contact Information

BR Capital Oy (Business ID: 3577893-9)

oscar.bernard@brcapital.fi

Purposes and Legal Bases for Processing Personal Data

We process personal data for the following purposes:

  • To provide the services offered by BR Capital.
  • To identify and verify the customer.
  • To manage customer relationships.
  • To market products and services to existing and potential customers.
  • To develop BR Capital’s services and business operations.

The primary legal bases for processing personal data are:

  • Performance of a contract with the customer.
  • Legitimate interests of BR Capital (such as delivering, marketing, and developing our services).

In some cases, processing may also be based on the data subject’s consent or on a legal obligation.

Personal Data Stored in the Customer Register

BR Capital’s customer register stores data about individuals and companies who are or have been customers, as well as potential customers.

The customer register contains the following personal data:

  • The name of the company or individual, business ID or date of birth, phone number, banking connections, book-entry account number, postal, billing, email, and web address.
  • The name, phone number, address details, date of birth, title or profession, and email address of the company’s contact person or beneficial owner.
  • Additional information provided by the customer themselves.
  • Information and history related to managing the customer relationship, such as communication history, offers, contracts, customer classifications, and information concerning the customer’s investment experience and knowledge.

Data Sources for the Customer Register

We collect data primarily from the customer themselves or their representative. We may also receive data from cooperation partners. Data may be collected from third-party sources, such as public registers maintained by authorities, credit information registers, commercial data providers, or public sources such as company websites and announcements. Personal data may also be collected automatically when visiting our website.

Personal Data Retention Period

Personal data is retained for the duration of the customer relationship and for five years after the relationship has ended. Personal data of potential customers is stored for five years from the date of collection. Certain personal data may be stored for a longer period if required by law (e.g. under Accounting Act) or if necessary for BR Capital to establish, exercise, or defend legal claims. When there is no longer a lawful basis for retaining the data, it will be deleted.

Personal Data Processors and Disclosure of Personal Data

BR Capital uses external service providers to whom personal data may be disclosed. Such service providers (for example, Microsoft) may process personal data only on behalf of BR Capital and strictly for the purposes defined by us.

Personal data may be disclosed to third parties, such as cooperation partners, when necessary for the performance of a contract. Data may also be disclosed to authorities when required by law.

Personal data is primarily stored within the EU. Transfers outside the EU or EEA occur only if the requirements set out in the GDPR for international data transfers are met.

Data Subject Rights

Data subjects have the right to:

  • Right of access: to receive confirmation of the personal data we process and obtain a copy of the personal data.
  • Right to rectification or erasure: to request correction or deletion of inaccurate, outdated, or unnecessary personal data.
  • Right to withdraw consent: when processing is based on consent.
  • Right to restriction of processing and right to object when processing is based on BR Capital’s legitimate interests.
  • Right to data portability: to receive personal data they have provided in a machine-readable format and transfer it to another controller, when applicable.
  • Right to lodge a complaint with the supervisory authority. In Finland, the competent authority is the Office of the Data Protection Ombudsman.

Requests concerning data subject rights can be submitted by email to oscar.bernard@brcapital.fi. We may request additional information to verify identity before fulfilling a request.