Our business is mainly based on the processing of personal and company data. Taking into account and having respect for data protection and privacy are an essential part of our business activities. Legislation and public authorities impose higher than average demands on our operations. By good management of data protection, we want to make sure that we are able to offer our clients high quality services also in the future.
In this Privacy Statement approved by the management, we have defined the principles and procedures by which we aim to grant high quality services and a high standard of data protection.
Enento Group consists of several different entities, and all of these follow the principles explained in this Privacy Statement. To learn on a more detailed level how different entities of the Group process personal data, please read the privacy notices available on entity websites.
Acquisition and processing of data
We acquire our data from reliable sources only. Our data sources comprise the data subjects, authorities and reliable partners. The registration of data is based on law or on agreements made with the suppliers. The high standard of data is secured by agreements. The acquisition and recording processes of data are continuously developed to maintain the quality standard of data also going forward.
Our data systems and the services provided by us have been designed and built taking into account data security and data protection. The data processing processes are controlled and improved on a continuous basis. In the data systems, the need of the personnel to process data in their own duties has been taken into account by generating rights of use on different levels.
The services provided by us are produced professionally and confidentially. The professionalism of the personnel is ensured by continuous training, which also includes training in data protection. The personnel have undertaken to keep secret all confidential data obtained in the work.
Enento Group has designated employees to handle matters concerning data protection and privacy. The Group has also appointed a Data Protection Officer to advise and monitor data protection work and provide training to employees. Together with these specialists our personnel are dedicated to developing data protection in our Group and keeping the data safe.
Data groups formed of Personal data
Personal Credit Data
Personal credit data are credit data on a private natural person, a data subject. The processing of personal credit data is strictly regulated by different local legislation. These legislations define e.g. which personal data we are allowed to process, for which purposes and for how long. Personal credit data mainly comprise payment default data confirmed by the authorities and also data on existing loans in some jurisdictions.
Personal data shall be processed in compliance with good processing practices formed. These practices are followed and developed on a continuous basis. We have negotiated with the data protection authorities on several practical matters relating to the processing of personal credit data.
The use of our services providing access to personal credit data always requires a client contract. Based on the client contract, the users of data are given personal user IDs, with which it is possible to make a credit data inquiry on a consumer. In connection of a consumer credit data inquiry, we always register the purpose of use for the personal credit data, supplied by the client. In this way, we aim to make sure that the personal credit data are used in accordance with the law.
Personal data of persons with business involvement
A person with business involvement is a data subject who is or has been e.g. a person in charge of a company, decision maker in a company or owner of a company. Personal data of data subjects with business involvement may be processed under different legislation than the personal data of consumers but this data is still personal data and treated this way.
Personal data of data subjects with business involvement have mainly been obtained from the local official registers. Data on data subjects with business involvement are also obtained from companies themselves.
Data on companies engaging in business activities are often public and easily available to all.
At present in the Group, company data are used for several purposes. For companies it is important that enough reliable, up-to-date data are available on companies. For us it is very important that our clients using the data are given the right information of the company’s financial standing. To ensure this, we process company data competently, according to good processing practice, and taking into account the interest of companies in the databases. Data on companies are principally gathered from official registers and we also collect data from companies themselves.
Disclosure of data to clients
The most important value of our company is the satisfied client. To ensure this, we produce and provide our clients with high-quality data and services. Another important value of our company is reliability. The co-operation with clients is based on mutual trust and we want to be a reliable partner also going forward.
To provide high-quality services and act reliably also includes ensuring security and protection of personal data. Thus, it is important for us also to see that the confidential data obtained from the clients and concerning the clients stay confidential. We require from our clients that privacy and data protection be taken into account in the use of our data. In client contracts, our clients undertake to follow data protection. We work continuously to make sure that the data are used according to good data processing practices by technical solutions in our systems, by instructions directed to the users, and by other respective ways. We actively follow the processing of our data and if we discover use in contrary to the contract, we shall immediately intervene.
Data Subject Rights
To reinforce the reliability of our company and the social acceptability of our operations we highly value Data Subject Rights of data subjects whose data we process. We respect these rights and aim to ensure that data subjects are able to effectively exercise their Data Subject Rights when wanting to do so.
We have published privacy notices on entity websites describing the processing we do, including information on e.g. which data we process, for which purposes and for how long. Also, information on how data subjects can exercise their Data Subject Rights is explained in the privacy notices. We are also -depending on the local legislation- obliged to e.g. inform the data subject when there is first payment default entry recorded for them or when a third party collects their personal data from our systems.
If our databases contain an error, it is corrected as soon as possible. We have generated appropriate practices for the error correction.
We also have a specific process to report, investigate and document possible data breaches and we will inform Controllers whose data we process about incidents as soon as possible.
Co-operation with different interest groups and authorities
Enento Group co-operates with different interest groups and authorities. Because the operation of Enento Group is socially significant, we co-operate with different administrative sectors. We are in co-operation with interest groups in the commercial and economic life and with those representing the data subjects.
Enento Group participates in international activities. We have undertaken to comply with the rules of good data processing practice of the federations of international credit information agencies FEBIS (Federation of Business Information Services) and ACCIS (Association of Consumer Credit Information Suppliers).
Data protection has an important status in commercial co-operation. The different data protection legislation in different countries and the way of processing data are part of the international activities. In Enento Group, it is important to know international legislation and data protection since we operate in different countries and jurisdictions. We use the international co-operation network as support. Thus, we make sure that the data produced by us and provided by our foreign co-operation partners are processed according to the law also in international matters.
The authority controlling Data protection
Local Data Protection Authorities are authorities who guide, advise and control the processing of personal data in accordance with GDPR and local data protection legislation. We at Enento Group follow updates and news in data protection and privacy landscape both on local and European level carefully. We update our processes and documentation accordingly and make sure our employees are aware of how to process personal data in compliance with the law.