Privacy notice

1. General information

This Privacy Notice contains information required by the EU General Data Protection Regulation (hereinafter the GDPR) and the national data protection laws for data subjects, such as for the controller’s customer and for the supervisory authority.

2. Controller and its contact information

Name: OP-Services Ltd
Street address: Gebhardinaukio 1, 00510 Helsinki
The controller’s contact person: Valtter Rajakannas
Telephone: +358 40 660 9858

3. Data Protection Officer’s contact information

OP Financial Group’s Data Protection Officer
OP Financial Group
Postal address: P.O. Box 308, 00013 OP
Email address:

4. Personal data file

Marketing personal data file applying those interested in the Developer Portal channel.

Those interested in the Developer Portal channel can order an info letter through the page, by way of which OP will email up-to-date information on topical matters concerning the developer channel. The purpose of use of personal data:

  • Newsletter
  • Email marketing
  • Information and communication

6. Personal data groups

Personal data groupBasic informationConsent
Content of group informationData subject's nameConsent and prohibitions issued by the data subject governing personal data processing
Data subject's contact information

7. Recipients or recipient groups of personal data

Any personal data obtained may be used within OP Financial Group as permitted by law. In addition, personal data may be disclosed for example to:

  • the authorities in statutory cases and any other official rules and regulations

OP’s suppliers and partners which assist in organising communication and events related to developer cooperation. When disclosing personal data included in the data file, the controller takes into account the requirements of mandatory legislation, including the controller’s confidentiality obligations.

8. Transfer of personal data

The controller uses suppliers in data processing. The controller concludes appropriate agreements on personal data processing with such suppliers.

As a rule, the controller does not transfer data in this data file outside of the EU / EEA. However, if the data were transferred outside of the EU / EEA in an individual case, the controller will always apply transfer mechanisms permitted by law, such as standard contractual clauses based on data protection legislation, that guarantee appropriate protection of personal data.

9. Personal data retention period or criteria for determining the period

The data will be retained for three years, after which it will be deleted according to the deletion processes applied by the controller.

The controller may process the personal data for direct marketing purposes in accordance with applicable legislationfor example by transferring the personal data to a direct marketing personal data file.

10. Personal data sources and updating personal data

Personal data is collected primarily from the data subjects themselves.

11. Data subject’s rights

Data subjects have the right to receive the controller’s confirmation of whether their personal data is processed or not, or whether they have been processed.

If the controller processes a data subject’s personal data, the latter has the right to receive the information in this document and a copy of the personal data being processed or have been processed.

The controller may charge a reasonable administrative fee for additional copies requested by the data subject.

If the data subject submits a request electronically and has not requested any other form of delivery, the information will be delivered in a commonly used electronic format, provided that the data can be delivered in a secure manner.

The data subject also has the right to ask the controller to rectify or delete his/her personal data.

The data subject will have the right in certain cases to request the controller to restrict the processing of his/her personal data or to otherwise oppose the processing.

The data subject may also request transfer of data he/she has provided from a system to another on the basis of the Data Protection Regulation. Data subjects may forbid the processing of their personal data for direct marketing purposes.

All of the above requests must be submitted to the above contact person of the controller.

Data subjects considering that their personal data is not processed legally have the right to file a complaint with the supervising authority.

If the controller proces ses the data subject’s personal data on the basis of consent, the data subject has the right to withdraw such consent. Such cancellation may, however, have an ef-fect on the use and functionalities of the service. Cancelling the consent and banning communication must be performed by contacting the controller. The cancellation of consent does not affect the lawfulness of processing performed based on the consent prior to its cancellation.

13. Organisation of protection of data file

The controller processes personal data securely in accordance with applicable laws. The controller has protected the data appropriately in technical and organisational terms. The following tools used to protect the filing system include:

  • protection of equipment and data files
  • access control
  • user identity verification
  • access rights
  • registration of usage events
  • processing guidelines and supervision

The controller also requires that its suppliers and other parners ensure appropriate protection of the personal data to be processed.