Privacy statement for the customer register of the information service about beneficial owners


Finnish Patent and Registration Office (PRH)
Mailing address: Finnish Patent and Registration Office, FI-00091 PRH, Finland
Street address: Sörnäisten rantatie 13 C, Helsinki, Finland
Tel. +358 29 509 5000

Representative of controller

Ms Kirsi Lahtinen
Tel. +358 029 509 5808

Data protection officer

Mr Olli Vento
Tel. +358 029 509 5743

Purpose of and legal basis for processing personal data

Under the provisions of the EU General Data Protection Regulation and the 5th EU Anti-Money Laundering Directive, a prerequisite for access to beneficiary owner details is that the customer is identified and provides a report on the purpose of using the details.

The Finnish Patent and Registration Office (PRH) collects information about customers it discloses details to about the actual beneficial owners of companies. Customers’ requests for beneficiary owner details are stored in an electronic case management system at the PRH.

The processing is necessary to comply with the controller’s legal obligation.

Personal data and categories of data subjects in the register

The name and personal identity code of the customer requesting the details are recorded. If the customer has no Finnish personal identity code, the date of birth is recorded.

If the person is requesting the details on behalf of a company, the Finnish Business ID of the company and the person’s position in the company are recorded.

Sources of information

The information is collected from the report on the purpose of use signed by the person requesting the details.

Disclosure of personal data to third parties

As a rule, no data are disclosed from the register to anyone. The data can only be disclosed within the limits that the legislation in effect will oblige and permit.

Personal data are disclosed on request in accordance with sections 13 and 16(3) of the Finnish Act on the Openness of Government Activities (Laki viranomaisten toiminnan julkisuudesta 621/1999). Confidential data are only disclosed with the consent of the person in question, or on request to a party in accordance with the Act on the Openness of Government Activities, or based on a legal right.

The data can be disclosed to the police or other competent authorities for criminal investigation, always based on a specified request from the authority.

Transfer of personal data to countries outside the EU or the EEA or to international organisations

No data are transferred to countries outside the EU or the EEA or to international organisations.

Storage periods of personal data

The registered personal data are stored for 5 years.

Profiling and automated decision-making

The registered data are not used for profiling, and no automated decision-making is performed on the data.

Right of access to personal data

The data subject has the right to check what personal data about them have been entered into the register, or to find out that there are no such register entries. The data subject can ask the controller for access to their personal data. Read our instructions on how to request access to data.

Right to rectification of data

The data subject has the right to demand that the controller rectify without undue delay any inaccurate or incorrect personal data concerning them. Read our instructions on rectification of data.

Right to restriction of processing

The data subject has the right to demand that the controller restrict the processing of data, if the data subject contests the accuracy of the personal data. The idea is to restrict the processing while the controller verifies the accuracy of the personal data.

Right to lodge complaint with supervisory authority

The data subject has the right to lodge a complaint with the supervisory authority (the Data Protection Ombudsman).

Printable version
Latest update 11.07.2019