Privacy policy

1. General information

This Description of file contains the information that is specified in the EU General Data Protection Regulation (hereafter the GDPR) and in the Finnish Personal Data Act to be provided for the a data subject (controller’s customer) and for the super-vising authority.

2. The controller and controller’s contact information

Name: OP-Services Ltd
Street address: Gebhardinaukio 1, 00510, Helsinki
The controller’s contact person: Arto Oinonen
Telephone: +358 50 464 1077

3. Data Protection Officer’s contact information

OP Financial Group’s Data Protection Officer
OP Financial Group
Postal address: P.O. Box 308, 00013 OP
Email address:

4. Personal Data File

Marketing personal data file applying those interested in the Developer Portal channel

Those interested in the Developer Portal channel can order an info letter through the page, by way of which OP will email up-to-date information on topical matters concerning the developer channel.

The purpose of use of personal data:

Email marketing
Information and communication

6. Personal data groups

Personal data groupBasic informationConsent
Content of group informationData subject's nameConsent and prohibitions issued by the data subject governing personal data processing
Data subject's contact information

7. Recipients or recipient groups of personal data

Any personal data obtained may be used within OP Financial Group as permitted by the law. In addition, personal data may be given, for example, to:

  • the authorities in statutory cases

  • OP’s suppliers and partners which assist in organising communication and events related to developer cooperation

8. Transfer of personal data

The controller uses suppliers in data processing but no data will be transferred outside of the EU or EEA.

9. Personal data retention period and criteria for determining the period

The data will be retained for three years, after which it will be deleted according to the deletion processes applied by the controller.

The controller may use personal data for direct marketing purposes under applicable legislation, for example by transferring the personal data to a direct marketing personal data file.

10. Personal data sources, and updating personal data

Personal data is collected primarily from the data subjects themselves.

11. Data subject’s rights

Data subjects have the right to receive the controller’s confirmation of whether their personal data is processed or not, or whether they have been processed. If the controller processes a data subject’s personal data, the latter has the right to receive the information in this document and a copy of the personal data being processed or have been processed. The controller may charge a reasonable administrative fee for additional copies requested by the data subject. If the data subject submits a request electronically and has not requested any other form of delivery, the information will be delivered in a commonly used electronic format, provided that the data can be delivered via a secure channel. The data subject also has the right to ask the controller to rectify or delete his/her personal data. When Finland begins applying the Data Protection Regulation, the data subject will have the right in certain cases to ask the controller to restrict the processing of his/her personal data or to otherwise oppose the processing. The data subject may also request transfer of data he/she has provided from a system to another on the basis of the Data Protection Regulation. Data subjects may forbid the processing of their personal data for direct marketing purposes.

All of the above requests must be submitted to the above contact person of the controller.

Data subjects considering that their personal data is not processed legally have the right to file a complaint to the supervising authority.

If the controller processes the data subject’s personal data on the basis of consent, the data subject has the right to withdraw such consent. Such cancellation may, however, have an effect on the use and functionalities of the service. Cancelling the consent and banning communication must be performed by contacting the controller.

13. Organisation of protection of data file

The controller has protected the data appropriately in technical and organisational terms. The following tools used to protect the filing system include:

  • protection of equipment and data files
  • access control
  • user identity verification
  • access rights
  • registration of usage events
  • processing guidelines and supervision

The controller also requires of its suppliers the appropriate protection of personal data to be processed.