Privacy Policy

1. Data Controller

Sukuselvitys.fi
Business ID: 3224836-9
Phone: +358 45 144 2299 (phone support open Mon–Fri 9–16)
Email: asiakaspalvelu@sukuselvitys.fi

2. Contact Person for Data Protection Matters

Data protection enquiries:
asiakaspalvelu@sukuselvitys.fi

3. Name of the Register

Sukuselvitys.fi customer register

4. Purpose and Legal Basis for Processing Personal Data

Personal data is processed for the following purposes:

• Receiving the order and verifying the identity and authorisation of the person placing the order (an heir, surviving spouse, universal legatee, or their authorised representative)
• Investigating the deceased's residential history and ordering official certificates from authorities on behalf of the customer (Evangelical Lutheran Church regional registers, the Orthodox Church, the Digital and Population Data Services Agency DVV, the National Archives, and where necessary the Swedish Tax Agency Skatteverket, the Church of Sweden Svenska kyrkan, and the Swedish National Archives Riksarkivet)
• Reviewing received documents to ensure that the genealogical report is unbroken
• Delivering the order confirmation, progress updates and completed documents by email
• Processing payment and invoicing authority fees in connection with the order
• Fulfilling accounting obligations (Finnish Accounting Act 1336/1997)
• Customer service regarding questions about the progress of the order

The legal basis for processing is performance of a contract (GDPR Art. 6(1)(b)). Providing personal data is a prerequisite for the delivery of the service. Without the required information, we cannot order the genealogical report from the authorities.

For the website's analytics cookies, the legal basis is consent (GDPR Art. 6(1)(a)). Analytics data is collected only after the user has given consent via the cookie banner.

5. Data Content of the Register

The following data is stored in the register:

• Customer details: name, email address, phone number, postal address (if paper delivery selected), relationship to the deceased
• Deceased's details: name, date of birth, date of death, last municipality of residence, church membership, other known residential history
• Order details: order number, date, selected delivery method, payment information
• Communication: customer service correspondence

We do not collect data that is not necessary for the provision of the service. We do not process personal data for marketing purposes and we do not carry out profiling.

6. Regular Sources of Data

Data is obtained from the customer directly via the order form.

7. Data Retention Period

Order data is retained for 10 years in accordance with the retention period required by the Finnish Accounting Act (1336/1997). Customer service correspondence is deleted 2 years after the order has been completed.

Once the retention period has expired, the data is deleted automatically. Data is not retained longer than required by legislation or necessitated by the purpose of processing.

8. Disclosure and Transfer of Data

Data is disclosed only to the authorities necessary for carrying out the genealogical report:

In Finland:

• Evangelical Lutheran Church regional registers (EVL)
• Digital and Population Data Services Agency (DVV)
• National Archives (where necessary)
• Finnish Orthodox Church central register (where necessary)

In Sweden (where necessary, if the deceased resided in Sweden):

• Skatteverket (Swedish Tax Agency / population register)
• Svenska kyrkan (Church of Sweden / archives)
• Riksarkivet (Swedish National Archives, where necessary)

Data is not disclosed to other third parties and is not used for marketing purposes. All disclosures to authorities take place within the EU/EEA. With regard to Google Analytics 4, analytics data may be processed on Google's servers within the EU/EEA; Google has committed to the safeguards required by the EU General Data Protection Regulation.

9. Third-Party Services

The following third-party services are used in the provision of the service:

• Paytrail Oyj (2122839-7) — payment service provider. Paytrail processes payment transaction data in accordance with its own privacy policy.
• Email service — for delivering order confirmations and customer communications. Messages are sent via an encrypted SMTP connection.
• Google Analytics 4 — website usage analytics. Data is collected only with the user's consent. GA4 cookies do not contain identifiable personal data. More information: cookie policy.

We do not use third-party services for marketing, profiling or targeted advertising.

10. Principles of Data Security

Data is processed via secure connections (HTTPS/TLS). Access to data is restricted to the personnel required for order processing. Login to the administration panel requires two-factor authentication (2FA). Staff have been instructed in data protection matters.

11. Data Accuracy

We strive to keep personal data accurate and up to date. The customer may request correction of their data by contacting our customer service. The customer is responsible for the accuracy of the information provided at the time of ordering.

12. Rights of the Data Subject

Under the EU General Data Protection Regulation, you have the following rights:

• Right of access: you may request a copy of the data stored about you
• Right to rectification: inaccurate or incomplete data will be corrected upon request
• Right to erasure: you may request the deletion of your data, unless a statutory retention obligation (e.g. the Accounting Act) prevents it
• Right to restriction — you may request the restriction of processing, for example while the accuracy of the data is being verified
• Right to data portability: you may request your data in a machine-readable format
• Withdrawal of consent — you may withdraw your consent regarding analytics cookies at any time via the cookie banner or your browser settings
• Right to lodge a complaint: you may file a complaint with the Data Protection Ombudsman if you consider that the processing of your personal data violates the GDPR

Requests regarding the exercise of your rights should be sent to asiakaspalvelu@sukuselvitys.fi. We will respond to requests within one month. For security reasons, we may need to verify your identity before fulfilling a request.

13. Supervisory Authority

Office of the Data Protection Ombudsman
Lintulahdenkuja 4, 00530 Helsinki, Finland
tietosuoja.fi
Phone: +358 29 566 6700

14. Changes to the Privacy Policy

We reserve the right to update this privacy policy. Any significant changes will be communicated on the website. The current version is always available on this page.