Privacy Notice
In this privacy notice we inform you of how BDO Oy and its group companies collect and process personal data of our clients and other individuals relating to our client assignments, our prospective clients, service providers and other business contacts, and of what the data protection rights of the data subjects are in relation to the processing.
We process all personal data in a manner that ensures confidentiality data security and in accordance with the applicable data protection legislation. Our processing is conducted transparently and only for specific and lawful purposes to the extent and for the period necessary for the purpose. for which it is processed. The personal data is updated when required.
This privacy notice applies only to the processing of personal data carried out by BDO Oy and its groups companies as identified below.
The principal controller for the processing of the personal data is BDO Oy. BDO Oy’s group companies BDO Audiator Oy and BDO Erityistarkastus Oy are joint controllers together with BDO Oy. In this privacy notice the companies mentioned above are jointly referred to as “BDO”.
The Data Protection Officer of BDO is Helge Vuoti.
We are part of the international BDO network, referred to in this privacy notice as the “BDO Network”. The BDO Network is a global network of independent member firms offering auditing and consulting services with presence in more than 160 countries.
Personal data that we process
We process personal data of our current, former and potential clients and their contact persons, authorized representatives, beneficiaries and other persons whose personal data may be needed to manage the client relationship.
The personal data processed includes contact details such as name, personal identification number, address, telephone number, e-mail address, name of employer, and job title/position. In connection with our client onboarding process, we will also process data and documents confirming the identity and background, such as holdings by beneficiaries, of the client’s representatives and beneficiaries.
We may also request feedback on our services from our clients.
The personal data is mainly obtained from the client, and in some instances from the client’s website or from third parties, such as trade registers or other publicly available sources.
Purpose of the processing
We process personal data in connection with client requests or queries, offers and contract negotiations regarding our professional services, and for performing agreed client assignments and administering client relationships, including, for example, providing access to systems and services, and for client communication. The processing is based on our performance of contract.
Prior to our acceptance of clients and assignments and during the client relationship and performance of the assignment, we process personal data in order to carry out auditor independence and conflicts of interest checks as required by the legislation applicable to auditors, as well as for identification of clients and performance of other measures required by the anti-money laundering legislation. The processing is necessary to meet BDO's legal obligations.
We will also process personal data to meet accounting and tax legislation obligations applicable to us. The processing is necessary to meet our legal obligations.
We process personal data for internal administrative purposes such as invoicing, collection of payments and other needs of our financial administration, for administering internal support services, for development of our operations and service offerings, for risk management measures such as insurance and documentation of our work and, where necessary, for establishment, exercise or defence of legal claims. The processing is justified by our legitimate interest in relation to our client assignments.
Processing and storage periods
Personal data processed to fulfil our legal obligations under anti money laundering legislation is deleted five (5) years after the business relationship ended.
Personal data processed to fulfil our legal obligations under accounting legislation, such as invoicing data, is deleted six (6) years after the expiry of the relevant accounting period.
Personal data that we process for the purpose of fulfilling our contract with the client, are processed for as long as necessary for us to complete and administer the assignment, and to fulfil our commitments and exercise our rights related to the contractual relationship.
After completion of the assignment, the assignment related data and documentation, including personal data, are stored for eleven (11) years from completion of the assignment, unless a longer storage period has been agreed with the client, or further processing is necessary for establishment, exercise or defence of legal claims.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
Personal data may be processed by companies belonging to the BDO Network in connection with client acceptance processes.
We disclose personal data to authorities where required by EU or national law, to authorities supervising our activities, to collection agencies and our advisors in connection with the establishment, exercise or defense of legal claims.
Transfers of data outside the EU/EEA
We do not regularly transfer personal data outside the EU/EEA, with the exception of transfers in connection with our client acceptance processes within the BDO Network.
Any transfers outside the EU/EEA will be in accordance with applicable data protection legislation and based on appropriate transfer mechanisms. In case of transfers within the BDO Network, BDO's Binding Corporate Rules for data controllers and processors, which are binding on all member firms, will apply.
Personal data that we process
We process personal data of suppliers, subcontractors and other business partners and their representatives and employees that we engage in connection with our business activities for the administration of the relevant business relationship.
The personal data we process includes the data subject’s contact information, such as name, telephone number, email address, address and job title. Depending on the services we also process personal data related to the relevant services such as cv-information and invoice work specifications.
The personal data is obtained directly from the data subject or from the relevant supplier, subcontractor, public databases and other business partner as employer of the data subject.
Purpose of the processing
The personal data of suppliers, sub-contractors and other business partners and/or their representatives and employees are processed for the purposes of the contract we have entered into with them, such as procuring the service, management and use of the services, administration of the contractual relationship, communication, invoice processing and payment, accounting and tax purposes. If the supplier or subcontractor is involved in a customer assignment that relates to a publicly traded company, the supplier will be added to the insider register.
In case the data subjects are representatives or employees of the relevant business partner, their personal data is processed on the basis of our legitimate interest to be able to administer contracts and exercise our rights and fulfil our obligations in relation to their employer. When our contracting party is an individual, we process the personal data based on performance of contract.
Where necessary, we may process the personal data for establishment, exercise or defence of legal claims based on our legitimate interest.
Processing and storage periods
Personal data that we process for the purpose of our contract with the business partner are processed for as long as is necessary for us to administer the contractual relationship, exercise our rights, and fulfil our obligations in relation to the contractual relationship.
Personal data processed to fulfil our legal obligations under accounting legislation, such as invoicing data, is deleted after six (6) years from the end of the relevant accounting period.
Contracts and related documentation that may contain personal are deleted ten (11) years after the expiry of the contract, unless further processing is necessary for establishment, exercise or defence of legal claims.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may also use other subcontractors for the performance of our services and in connection with our business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
We may disclose personal data to our clients to whom subcontracted services are provided, to authorities where required by EU or national law, to authorities supervising our activities and to our advisors in connection with the establishment, exercise or defense of legal claims.
Transfers of data outside the EU/EEA
The personal data is not transferred outside the EU/EEA.
Personal data that we process
When performing statutory audit assignments, we are data controllers in relation to the personal data processed in the context of those assignments. We will process personal data as necessary to perform the audit assignment in accordance with applicable laws and good auditing practice.
The personal data we process may vary depending on the audit performed and the audited entity. Typically, we process personal data of the audited entity’s owners, authorized representatives, management and employees. We ask the audited entity to disclose personal data only to the extent necessary to perform the assignment.
The personal data that we process includes personal details such as name, personal id, nationality and place of residence; contact information such as address, telephone number and e-mail address. In respect of employees and management we process details of employment such as employee number, department, position and job title, salary and benefits, insurance and pensions, banking details, tax data; health and absence data, such as medical certificates and data on sick leaves, leaves of absence and parental leaves; trade union affiliation and other personal data necessary to conduct the audit in accordance with applicable law and good auditing practice.
In respect of owners, we typically process ownership data and in respect of board members remuneration data, as well as other personal data that may be necessary to conduct the audit in accordance with applicable law and good auditing practice.
We process special category personal data, such as health information, trade union affiliation or tax information, which includes information on religious confession, only to the extent absolutely necessary to conduct the audit.
The personal data processed to conduct the audit is mainly obtained from the audited entity or from third parties, such as group companies, suppliers, tax authorities, trade registers or other publicly available sources. In the context of audit assignments, we process personal data of individuals with whom we do not have a direct relationship.
Purpose of the processing
The purpose of the processing is to perform the audit assignment in accordance with applicable laws and good auditing practice. The processing of personal data is based on our performance of our contract with the audit client to carry out the audit in order to meet with their legal obligations.
Processing and storage periods
The personal data will be processed for the time necessary to carry out the audit. The data will be stored six (6) years from the end of the year in which the audit or any further measures due to the audit (such as legal processes) are completed. In project audits, the materials related to the assignment will be retained for thirteen (13) years from the completion of the assignment. This retention period is based on possible subsequent audits that various funding agencies may conduct afterwards.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
We may disclose personal data to authorities where required by EU or national law, to authorities supervising our activities, and our advisors in connection with the establishment, exercise or defense of legal claims.
Transfers of data outside the EU/EEA
The personal data is not transferred outside the EU/EEA.
Personal data that we process
When performing personal income tax return assignments, we are data controllers in relation to the personal data processed in the context of those assignments. We will process personal data as necessary to perform the assignment.
The personal data we process may vary depending on the assignment. We ask the client to disclose personal data only to the extent necessary to perform the assignment.
We process the personal data of our client. The personal data that we process includes personal details such as name, date of birth, gender, marital status, kinship, place of residence, personal id, email address, telephone number, postal address, salary information, other income, investments, fringe benefits, tax status, shareholdings, bank account information, title, employer, terms of employment, other information related to the employment and other personal data necessary to conduct the assignment.
We process special category personal data, such as trade union affiliation and information on religious confession, only to the extent absolutely necessary to conduct assignment.
The personal data processed to conduct the assignment is mainly obtained from the client.
Purpose of the processing
The purpose of the processing is to perform the assignment. The processing of personal data is based on our performance of our contract with the client to carry out the assignment.
Processing and storage periods
The personal data will be processed for the time necessary to carry out the audit. The data will be stored eleven (11) years from the end of the year in which the assignment or any further measures due to the assignment (such as legal processes) are completed.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
We may disclose personal data to authorities where required by EU or national law, to authorities supervising our activities, and our advisors in connection with the establishment, exercise or defense of legal claims.
Transfers of data outside the EU/EEA
The personal data is not transferred outside the EU/EEA.
Personal data that we process
The personal data we process includes our current, former and potential clients’ and their contact persons’ personal data such as name, contact details (e-mail address, address and telephone number), organization they represent and position. This data is collected in connection with client registration, when you contact us directly or send us a contact request, when you subscribe for our newsletter, when you register for our events or from third parties or publicly available sources.
Purpose of the processing
We process the personal data in connection with marketing our services and other communications regarding our activities, including for example sending newsletters and other communications, direct contacts in order to promote our activities and services, and invitations to our events.
We tailor our marketing efforts in order to provide communications and offer services and events that may be relevant and interesting based on your professional role and the organization and business area you represent.
When you subscribe for our newsletters or other communications, we process your data based on your consent. In connection with other marketing effort, we process your personal data based on our legitimate interest to promote our business by reaching out to you with information about our services for the purpose of establishing or maintaining a business relationship.
Processing and storage periods
When the processing is based on consent we will process your personal data until you withdraw your consent, or the service subscribed for ceases.
When the processing is based on our legitimate interest, you have the right to unsubscribe from our direct marketing efforts at any time. When you unsubscribe, we will immediately stop processing your personal data for such purposes. We may, however, continue communicating with you regarding business relationships you or the organization you represent may have with us.
If you have not previously unsubscribed from our marketing communications, personal data processed for marketing purposes will be deleted five (5) years from the expiry of our client relationship or a subscription, or from the commencement of the processing, unless we have established another relationship with you justifying further marketing efforts.
Access to and transfers of the personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
If we organize joint marketing campaigns together with other parties, your personal data may be shared with those parties.
Transfers of data outside the EU/EEA
Personal data processed for marketing purposes will not be transferred outside the EU/EEA.
Personal data that we process
The personal data we process includes name, contact details (e-mail address, address and telephone number), organization and position of persons registering or participating in our events. In connection with the registration, we may also ask for voluntary information regarding allergies and food preferences. The information is collected directly from the data subject.
We may take photographs and/or make other recordings at our events. Photography will always be separately informed of at the event and/or will be limited to separately marked areas, enabling participants to choose whether to participate in photographs or not.
If the event is recorded or being live streamed, this will be informed in connection with the registration and at the event. The audience will generally not be displayed, and if persons other than the presenter may appear in the recording/stream, this will be separately informed beforehand.
Purpose of the processing
We process the personal data in order to organize our events and to communicate with registrants/participants. Information on allergies and/or food preferences are processed for catering purposes at the event. This data is processed on the basis of consent given when registering for an event.
The contact data may also be processed for requests for feedback and for marketing purposes based on our legitimate interest.
Photographs and recordings are processed for promoting our activities on our website, in printed materials and on social media based on our legitimate interest.
Processing and storage periods
We process your personal data for one (1) year after the event is completed or until you withdraw your consent.
Food allergy and preference data will be deleted after the event is completed.
Photos and videos from our events will be deleted two (2) years after the end of the event.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
If an event is organized in collaboration with other parties, your personal data may be shared with those parties.
Photographs and recordings may be published on our website, in printed materials and on social media.
Transfers of data outside the EU/EEA
We do not transfer your data outside the EU/EEA, except for marketing material containing photographs and recordings which may be accessible from outside the EU/EEA.
This privacy notice applies only to the www.bdo.fi web site and not to websites of other BDO Network companies or other organizations which may be embedded in this website or to which this website may link or redirect. Such websites are provided by the entities managing them and are not the responsibility of BDO. We encourage website visitors to review the privacy notices of such other websites before disclosing any personal information.
What personal data we process
When you visit our web site, we may collect technical information such as your IP (Internet Protocol) address, details of the pages you visit on our website, other pages you visit on the internet, and which browser you used.
Our web site collects standard internet log and technical data to measure and improve the effectiveness of this website, to help diagnose problems with our server, to administer this website, to see where website traffic is coming from and to identify our users. We may also collect other information, such as website usage activity and preferences, also known as demographic or profile data. In this connection we may use “cookies” to collect this information. For more information, please see our Cookie Policy.
We may collect personal data voluntarily submitted by you when you:
- contact us to request information about our services or send us other inquiries or feedback (please see Personal data related to the administration of client relationships);
- subscribe to our newsletters or download material from our website (please see Personal data processed for marketing purposes)
- register to participate in an event, (please see Personal data processed in connection with our events).
The personal data that we collect may vary depending on the purpose, but are typically contact details, such as name, email address, and telephone number, employer and position, information disclosed in connection with an inquiry or feedback, and in connection with job applications cv-data.
We collect the minimum amount of personal data to enable us to deal with your request or to provide a service to you. We will indicate where the provision of information is voluntary or compulsory. We normally only request additional information where necessary to provide an appropriate response to your request. Failure to provide the information that we request may, however, prevent or delay our response or provision of the requested service.
Purpose of the processing
We do not require registration for access to our website but requesting any of the activities or services offered through our website, may require disclosure of certain personal data that we need for the relevant activities or to provide the services. The personal data will be processed in accordance with our privacy notices addressing the purposes for which the personal data was provided to us.
We may ask for your consent to certain processing of personal data. In such event you have the right to withdraw your consent at any time.
We may also process the personal data for marketing purposes (please see Personal data processed for marketing purposes), or to develop our services by analysing information on use of our website. Such processing is based on our legitimate interests.
Processing and storage periods
We will process your personal data retrieved from our website for the period necessary for the purpose for which your personal data was submitted. We may also use the personal data for marketing purposes. Please see our other privacy notices for details regarding the processing times related to the particular processing activities.
The processing period for personal data obtained through the use of cookies varies depending on the cookie placed on your device. Permanent cookies are stored on your device for a longer period as defined in the cookie or until deleted by the user. Temporary session cookies are stored on your device for the duration of the browsing session and are deleted when the user closes their browser. Read more about our cookie duration times in our Cookie Policy.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
We may share your personal information with other member firms within the BDO Network (for example for the purposes of customer insights or service optimisation) provided that such processing is consistent with the purpose for which we the personal data was collected.
We may disclose personal data to authorities where required by EU or national law, to authorities supervising our activities, and our advisors in connection with the establishment, exercise or defense of legal claims.
Transfers of data outside the EU/EEA
In order to provide services to you via our web site we may need to transfer your personal information outside the EU/EEA. Any transfers outside the EU/EEA will be in accordance with applicable data protection legislation and based on appropriate transfer mechanisms. In case of transfers within the BDO Network, BDO's Binding Corporate Rules for data controllers and processors, which are binding on all member firms, will apply.
Personal data that we process
The personal data we process includes names of persons visiting our offices and premises and the name of the organization they represent. Visitors may be asked to sign in at the reception.
The personal data we process consists of CCTV recording footage of persons visiting the monitored premises as well as dates and times of the recordings.
CCTV surveillance is in use in our offices in Helsinki and in Turku. Information of the CCTV surveillance is provided by signs displayed in the monitored areas.
Purpose of the processing
The purpose of the processing is to control access to and protect the staff and information and other property in our offices. CCTV footage may be used for the purpose of investigating any criminal or fraudulent actions or damage or accident incidents in the premises. The processing is based on our legitimate interest.
Processing and storage periods
We process the visitor data in order to organize the visit and during the visit. We will delete the information within three (3) months from the visit. CCTV footage is deleted three (3) months after recording, unless further processing is necessary for investigation of incidents or establishment, exercise or defence of a legal claim.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
We do not disclose visitor or CCTV footage data, except where necessary to authorities or our advisors in order to investigate an incident and for the establishment, exercise or defense of a possible legal claim, or where required by EU or national law.
Transfers of data outside the EU/EEA
We do not transfer the personal data outside the EU/EEA.
Personal data that we process
We process personal data of venture capitalists, family offices and serial buyers and their contact persons.
The personal data processed includes contact details such as name,, e-mail address and name of employer.
Purpose of the processing
We process personal data in order to contact the investors when our client is looking for an investor.
When the processing is based on our legitimate interest, you have the right to unsubscribe from our contacting efforts at any time. When you unsubscribe, we will immediately stop processing your personal data for such purposes. We may, however, continue communicating with you regarding business relationships you or the organization you represent may have with us.
Processing and storage periods
Personal data is deleted on request of the data subject.
Access to and transfers of personal data
The personal data is processed by BDO’s employees who need to process the personal data for the performance of their respective duties, and who have committed themselves to confidentiality regarding such processing. The data is processed in electronic databases which are protected by appropriate technical safeguards, as well as by personal user id:s and passwords.
Our providers of IT systems and services may have access to the personal data when providing the services agreed with them. We may use subcontractors also for the performance of our services and in connection with our other business activities. We require all our subcontractors to comply with the applicable data protection legislation requiring them to process the personal data in compliance with law and securely.
Personal data may be processed by companies belonging to the BDO Network in connection with client acceptance processes, as well as by BDO Network companies providing certain IT services to us.
We disclose personal data to authorities where required by EU or national law, to authorities supervising our activities, to collection agencies and our advisors in connection with the establishment, exercise or defense of legal claims.
Transfers of data outside the EU/EEA
Any transfers outside the EU/EEA will be in accordance with applicable data protection legislation and based on appropriate transfer mechanisms. In case of transfers within the BDO Network, BDO's Binding Corporate Rules for data controllers and processors, which are binding on all member firms, will apply.
Your rights in relation to our processing of your personal data are described below. If you would like to exercise your data subject rights, please contact us by e-mail: tietosuoja@bdo.fi or by mail: BDO Oy / Tietosuoja, Porkkalankatu 3, 00180 Helsinki.
Access: You have the right to receive confirmation from us that we are processing your personal data, and the right to access and receive a copy of your personal data that we process,
Rectification: You have the right to request, the rectification or completion of any inaccurate or incomplete personal data relating to you. Please notify us of any changes to your personal data so that we can update your personal data as soon as possible. If you have access to the personal data that we process you should primarily amend the information on your own initiative.
Withdrawal of consent: If we process your personal data on the basis of your consent, you have the right to withdraw your consent to further processing at any time.
Erasure: You have the right to request that your personal data or parts of your personal data be erased, for example if the personal data is no longer necessary for the purposes for which it was collected, or if the personal data has been processed unlawfully. However, the right to erasure may not apply to processing that is necessary for us to comply with a legal obligation or based on our legitimate interest.
Restriction: You have the right to request restriction of the processing of your personal data in certain circumstances, such as during the processing of your request to rectify or erase your data. However, the right to restriction may not apply to processing that is necessary for us to comply with a legal obligation or based on our legitimate interest.
Objection: You have the right to object to the processing of your personal data based on balancing of interest when the processing is based on legitimate interest, for example in respect of direct marketing purposes.
Data portability: You have the right to request that we transfer your personal data in a readable format to another organization, provided that you have supplied the data, the processing is based on performance of contract or consent, and the processing is automated.
Direct marketing: If you do not wish to receive future marketing communication from us, you can unsubscribe from such communications by notifying us by email to: tietosuoja@bdo.fi. We may, however, continue communicating with you regarding business relationships you or the organization you represent may have with us.
Contact information
If you have questions about the processing of personal data described in this privacy notice, or if you are dissatisfied with how we process your personal data, please contact us by e-mail: tietosuoja@bdo.fi or by mail: BDO Oy / Tietosuoja, Porkkalankatu 3, 00180 Helsinki.
If you feel that any of your data protection rights have been violated, you also have the right to lodge a complaint with the applicable supervisory authority. The contact information of the Finnish Data Protection Authority is available at www.tietosuoja.fi.
Updates
We may, from time to time, make changes to this privacy notice reflecting changes in our processing procedures or changing legal requirements. Any changes we make will be posted on this page. Please review this privacy notice from time to time to check whether we have made any changes or additions to the way we process personal data.
Last updated: 3.9.2024