Privacy Notice
Clients and Website Visitors
Last updated: 15 October 2025
This Privacy Notice explains how Regulyn Ltd. (“we”) process your personal data as a client or visitor of our website. We process personal data in accordance with applicable data protection legislation.
1. Controller
The controller of your personal data is Regulyn Ltd. (Business ID 3572857-9), a boutique legal advisory firm. Our principal place of business is in Finland, and you may contact us using the details provided below.
2. What personal data do we process and why?
We collect and process the following categories of personal data as part of client relationship management, the performance of engagements, website maintenance and to meet statutory obligations:
Contact details:
e.g. name, position, organisation, email address, phone number and postal address
Payment information:
e.g. bank account number, reference details, payment history and identification data required under sanctions legislation
Client information:
e.g. organisation, names and email addresses of contact persons, identifiers relating to the engagement, and any personal data provided in the course of our communication
Marketing and event information:
e.g. time of registration, feedback from webinars or events, name and email of newsletter subscribers, and data processed in connection with marketing activities
Cookies and technical data:
e.g. cookie preferences, browser type
Special categories of personal data:
In certain engagements, we may process special categories of personal data, such as health data, when there is an appropriate legal basis. Such data is always protected with enhanced safeguards.
Personal data is obtained either directly from the data subject (for example, when you register for a webinar) or from public sources (for example, your organisation’s website).
3. On what basis do we process personal data?
We rely on different legal bases depending on the type and purpose of processing. The main legal bases are:
Legal obligation (e.g., accounting obligations or sanctions compliance)
Performance of a contract (e.g., carrying out a client engagement)
Legitimate interest (e.g., preventing misuse of our website and carrying out marketing activities to promote our business)
Consent (e.g., subscribing to a newsletter)
If processing is based on consent, you may withdraw your consent at any time. You can withdraw consent by contacting us via the contact form or directly through the link provided in the newsletter.
Providing personal data is not a statutory requirement. However, providing the necessary personal data is required for us to enter into an engagement and verify client information.
We do not use personal data for automated decision-making or profiling.
We have carried out a legitimate interest assessment demonstrating that limited processing for misuse prevention and marketing communications is justified.
4. How and where is personal data processed?
Personal data may also be processed by service providers (such as our accountant) who are contractually required to process personal data appropriately. Typical recipients include providers of accounting services and essential software solutions.
Personal data is not regularly disclosed to other controllers. In exceptional circumstances, such as when required by a competent authority, personal data may be disclosed strictly in accordance with applicable legislation.
As a rule, personal data is processed within the EU/EEA. In certain cases, personal data may be transferred outside the EU/EEA. When this occurs, we ensure appropriate protection and a lawful transfer mechanism—such as the European Commission’s Standard Contractual Clauses.
5. How is personal data protected and how long is it retained?
We protect personal data with a range of technical and organisational measures. In practice, this includes data encryption, user authentication, two-factor authentication, regular backups and contractual safeguards such as confidentiality agreements.
Personal data is retained for as long as it is appropriate and necessary. For example, data relating to accounting is retained for statutory periods, typically 2–10 years.
Examples of retention periods:
Payment information: depending on the content, 2–10 years
Client information: generally 2 years from the completion of the engagement; certain statutory data may be retained longer
Marketing and event information: generally 2 years from the last interaction
Data based on consent: retained for the duration of the consent; unnecessary data is erased at least every 2 years
When the retention period ends, personal data is deleted or anonymised.
6. What rights can you exercise?
Your rights under applicable data protection laws, particularly the General Data Protection Regulation (GDPR), depend partly on the legal basis for processing. Please note that certain rights may be applicable in all situations.
As a data subject, you have the right to:
receive information on the processing of your personal data
access your data
rectify inaccurate or incomplete data
request erasure of data
restrict processing
transfer data from one system to another
not be subject to automated decision-making without a lawful basis
If you have requested rectification, erasure or restriction of processing, we will notify other processors of personal data where required.
You can exercise your rights by contacting us through the contact form. Requests can be submitted directly via the form. Please note that we may need to verify your identity before fulfilling your request for security reasons.
You also have the right to lodge a complaint with the competent supervisory authority. In Finland, this is the Office of the Data Protection Ombudsman:
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4, 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Email: tietosuoja(at)om.fi
8. Where can you get more information?
You can contact us if you have questions or wish to receive additional information on how we process your personal data. You can reach us conveniently via the contact form. We generally respond within 5 business days.