Privacy Policy

1. Data Controller
Proprius Partners Oy (3284496-1)
Visiting address: Uudenmaankatu 7 B 3, 00120 Helsinki
Postal address: Uudenmaankatu 7 B 3, 00120 Helsinki
Phone: 044 9818 644
Email: info@proprius.fi

2. Contact Person for Register Matters
Proprius Partners Oy / Niko Fagernäs, CEO
Visiting address: Uudenmaankatu 7 B 3, 00120 Helsinki
Postal address: Uudenmaankatu 7 B 3, 00120 Helsinki
Phone: 044 9818 644
Email: niko.fagernas@proprius.fi

3. Name of the Register
Proprius Partners Oy Customer Register.

4. Legal Basis and Purpose of Processing Personal Data
Customer personal data is processed based on the consent of fund customers and investment service customers for opening a customer relationship, and based on contractual necessity for executing agreements, customer due diligence, customer relationship management, customer communication, and customer reporting.
Additionally, customer personal data is processed to fulfill obligations required by legislation and based on the legitimate interests of Proprius Partners Oy for the establishment, exercise, or defense of legal claims.

5. Categories of Data Subjects
Customers who have subscribed to Proprius Partners Oy’s special investment funds, entered into discretionary asset management agreements, and applied for customer relationships, as well as their representatives and beneficial owners.

6. Contents of the Register
We only collect personal data provided by the customer or the customer’s representative that is relevant and necessary for the purposes described in this privacy policy. We may also obtain information from the sources listed in section 8. All telephone calls to Proprius Partners Oy may be electronically recorded.
Fund Customers
Customer identification and contact information:
Personal identity code/business ID, name, address, country of residence, domicile country, phone numbers (fax number), email, citizenships, tax residence countries, tax identification numbers, communication language, legal form, name of bank account holder, name of authorized bank account user, information about any representative, representative identification and contact details, purpose of service use, information on whether the customer is a politically exposed person (PEP), wealth information, and origin of funds.
For corporate entities, additional data collected includes: principal line of business, address of principal place of business, beneficial owners and their identification data, information regarding identification procedures, and when necessary information on the activities, nature, and scope of a beneficial owner’s operations, purpose of service use, PEP status of the customer, representative, or beneficial owner, financial position, and origin of funds.
Customer relationship information:
Banking and account details, identification document information, number of fund units, acquisition and market value of units, sector and industry codes, records of customer communications, data change logs, and customer relationship start date.

Asset Management Customers
Customer identification and contact information:
Name, personal identity code, business ID, LEI code, address, country of residence, phone numbers (fax number), email, citizenships, country of birth, tax residence countries, tax identification numbers, GIIN number, communication language, legal form, information about any representative and representative identification and contact details, and purpose of service use.
Additional data includes principal business activity, address of principal place of business, beneficial owners and their identification data, identification procedure information, information regarding the activities and scope of beneficial owners when necessary, purpose of service use, PEP status, and origin of funds.
For customer classification purposes, data collected includes business sector, balance sheet total, turnover, own funds, large transactions carried out by the customer, investment assets value, and professional experience in the financial sector.
For suitability assessments, collected information includes occupation, previous occupation where necessary, education, marital status, family relationships, employer, employment relationship, investment experience and knowledge, investment objectives, risk tolerance, investment horizon, sustainability preferences and possible adjustments, ability to bear losses, risk profile, financial situation, wealth information, and origin of wealth.
Customer relationship information:
Banking and account details, information about managed assets under discretionary management agreements, agreements, powers of attorney, identification documents, transaction orders, transactions, meetings, reports, customer-related electronic communications, and customer relationship start date.

7. Data Retention Period
Data is deleted when the customer relationship ends to the extent that retention is not required or permitted by law or legitimate interest.
Retention periods vary according to legislation. For example:
Anti-money laundering and anti-terrorism financing legislation requires retention for at least five years after the end of the customer relationship or individual transaction.
Under the Investment Services Act, customer-related electronic communications that may lead to transactions must be retained for five years, and at the request of the Financial Supervisory Authority for up to seven years.
Accounting materials must be retained for ten years according to accounting legislation.
Proprius Partners Oy may also retain data concerning customers, representatives, and beneficial owners to safeguard legitimate interests, such as legal proceedings or claims.

8. Regular Sources of Information
Basic customer register information is collected from the customer, the customer’s representative, and documentation provided by them.
Information may also be obtained from:
The Digital and Population Data Services Agency
Suomen Asiakastieto Oy
The Finnish Business Information System

9. Regular Disclosures of Data
Data may be disclosed to authorities where required by law and to supervised entities and cooperation partners when legally entitled to receive such data.
Otherwise, data is disclosed only with the consent or authorization of the data subject.

10. Transfer of Data Outside the EU or EEA
Data is stored within the EU and EEA. Data may only be transferred outside the EU or EEA on grounds permitted by data protection legislation.
If data is transferred outside the EU or EEA, Proprius Partners Oy ensures an adequate level of data protection as required by applicable law.

11. Principles of Register Protection
Proprius Partners Oy processes personal data in a manner intended to ensure appropriate security, including protection against unauthorized processing and accidental loss, destruction, or damage.
Appropriate technical and organizational measures are used, including firewalls, encryption technologies, secure facilities, access control, access management, and training and instructions for employees and subcontractors processing personal data.
All parties processing personal data are bound by confidentiality obligations based on legislation and agreements.

12. Right of Access
Data subjects have the right under the GDPR to inspect the data stored about them.
However, access to certain information may be restricted under anti-money laundering and anti-terrorism financing laws and for the prevention and investigation of crimes.
Requests must be submitted in writing or in person to the person responsible for register matters and include:
Name
Personal identity code
Postal address
Phone number
Responses are provided within one month of receiving the request.

13. Right to Rectification
Data subjects have the right to update and correct their personal data by meeting with a representative of the controller, through remote identification by phone, or by written request.
The data subject is responsible for notifying the controller of changes in contact or identification information.

14. Right to Erasure
Under applicable data protection legislation, data subjects may request deletion or restriction of processing of their personal data, except where retention is required by anti-money laundering, anti-terrorism financing, or crime prevention laws.
Because Proprius Partners Oy has statutory obligations to retain customer data after the customer relationship ends, deletion or restriction requests generally cannot be fully complied with.
The company also independently deletes, corrects, or supplements inaccurate, unnecessary, incomplete, or outdated data.

15. Direct Marketing Prohibition
Data subjects have the right to prohibit direct marketing.
Marketing consent or prohibition may be provided electronically, by phone, through customer service, or during customer meetings.
Necessary customer communications related to customer relationship management and service provision will still be sent.

16. Right to Data Portability
Under applicable data protection legislation, data subjects have the right to request transfer of their data to another controller.
However, the company has legal obligations to retain certain personal data, and therefore such transfer requests may not always be fulfilled.

17. Profiling
Proprius Partners Oy does not use personal data for automated decision-making or profiling.

18. Right to Lodge a Complaint
Data subjects have the right to lodge a complaint with the Finnish Data Protection Ombudsman if they believe their personal data has been processed unlawfully.
Contact details of the Data Protection Ombudsman:
PO Box 800, 00531 Helsinki
Email: tietosuoja@om.fi
Phone: 029 566 6700

1. Data Controller
Proprius Partners Oy (Business ID: 3284496-1)
Visiting address: Uudenmaankatu 7 B 3, FI-00120 Helsinki, Finland
Postal address: Uudenmaankatu 7 B 3, FI-00120 Helsinki, Finland
Phone: +358 44 9818 644
Email: info@proprius.fi

2. Contact Person for Matters Concerning the Register
Proprius Partners Oy / Niko Fagernäs, Managing Director
Uudenmaankatu 7 B 3, FI-00120 Helsinki, Finland
Phone: +358 44 9818 644

3. Name of the Register
Proprius Partners Oy Marketing Register

4. Purpose of the Processing of Personal Data
Personal data relating to customers or potential customers is processed for direct marketing purposes based on the data subject’s consent and the legitimate interests of Proprius Partners Oy.

5. Categories of Data Subjects
The Marketing Register contains personal data relating to customers and potential customers.

6. Contents of the Register
In addition to contact information (name, telephone number, email address, and Business ID), the Marketing Register may contain, for example, the following information concerning corporate entities:
Name, email address, and telephone number of the company representative;
The company’s taxable income;
Information related to the company’s acquisition history; and
Other information retained for a limited period, such as participation in events or functions organized by Proprius Partners Oy.
All telephone calls to Proprius Partners Oy may be recorded electronically.

7. Data Retention Period
Personal data required for marketing purposes will be retained for as long as the data subject has not:
Withdrawn their consent to the use of their personal data;
Objected to the processing of their personal data; or
Requested the deletion of personal data provided for marketing purposes.

8. Regular Sources of Information
Contact information is collected from:
Publicly available sources;
The data subjects themselves;
Their representatives; and
Events organized by Proprius Partners Oy.

9. Regular Disclosure of Data
Personal data may be disclosed to authorities where required by law and to entities supervised by authorities or other cooperation partners where they have a legal right to obtain such information.
In all other cases, personal data may only be disclosed with the consent or authorization of the data subject.

10. Transfers of Data Outside the EU or EEA
Personal data is stored within the European Union (EU) and the European Economic Area (EEA).
Data may be transferred outside the EU or EEA only on grounds permitted under applicable data protection legislation.
Where personal data is transferred outside the EU or EEA, Proprius Partners Oy will ensure an adequate level of protection in accordance with applicable legal requirements.

11. Principles of Data Protection
Proprius Partners Oy processes personal data in a manner intended to ensure an appropriate level of security, including protection against unauthorized processing and against accidental loss, destruction, or damage.
To achieve this, Proprius Partners Oy employs appropriate technical and organizational safeguards, including:
Firewalls;
Encryption technologies;
Secure facilities;
Appropriate access control and access management measures; and
Guidance and training for employees and subcontractors involved in the processing of personal data.
All parties processing personal data are bound by confidentiality obligations arising from legislation and contractual confidentiality provisions.

12. Right of Access
Under the General Data Protection Regulation (GDPR), data subjects have the right to access the personal data stored concerning them.
However, access to certain information may be restricted, including information protected under legislation concerning the prevention of money laundering and terrorist financing, as well as information required for the prevention and investigation of crimes.
Requests for access must be submitted in writing or made in person to the individual responsible for register matters at Proprius Partners Oy.
The request must include:
Name;
Personal identity code;
Postal address; and
Telephone number.
A response will be provided no later than one month after receipt of the request.

13. Right to Rectification
Under the GDPR, data subjects have the right to update and correct their personal data, except for information that they are not entitled to inspect.
Corrections may be requested by:
Meeting with the person responsible for register matters; or
Submitting a written request to the person responsible for register matters at Proprius Partners Oy.
Data subjects are responsible for notifying the controller of any changes to their contact details or customer due diligence information.
The accuracy and currency of information are reviewed in connection with meetings and assignments.

14. Right to Erasure, Restriction of Processing, Objection to Processing, and the Right to be Forgotten
Data subjects have the right to:
Withdraw their consent to direct marketing;
Restrict the use of their personal data;
Object to the processing of their personal data; and
Exercise their right to be forgotten,
except where retention of certain information is required under legislation concerning the prevention of money laundering and terrorist financing or for the prevention and investigation of crimes.
A written request for deletion, restriction of processing, objection to processing, or erasure may be submitted at any time to the person responsible for register matters at Proprius Partners Oy.

15. Right to Lodge a Complaint with a Supervisory Authority
Data subjects have the right to lodge a complaint with the Finnish Data Protection Ombudsman if they believe that their personal data has been processed in violation of applicable legislation.
Contact details of the Data Protection Ombudsman:
Data Protection Ombudsman
P.O. Box 800
FI-00531 Helsinki, Finland
Email: tietosuoja@om.fi
Telephone: +358 29 566 6700

16. Right to Data Portability
Because customer personal data is not processed by automated means for the purposes of data portability, requests to transfer personal data from one system to another cannot be fulfilled.

17. Profiling
Proprius Partners Oy does not use personal data for automated decision-making or profiling.

We continuously develop our services and may therefore amend and update this Privacy Policy from time to time.

Changes may also arise due to amendments to data protection legislation.

Where changes introduce new purposes for the processing of personal data, we will inform affected individuals in advance and obtain consent where required.

This Privacy Policy was originally drafted on 15 February 2023 and subsequently updated on:

• 8 March 2023
• 18 October 2024
• 6 October 2025