Privacy and cookies

We treat personal information in accordance with the Finnish Personal Data Act and the law on investment services. In all our activities, we respect the requirements of confidentiality and privacy.

Korkia Privacy Policy

In this Privacy Policy we describe the collection, usage, storage and sharing practices of personal data. Within the Korkia Group, the data controllers are Korkia Oy, Korkia Asset Management Oy, Korkia Consulting Oy, Korkia Corporate Finance Oy, Korkia Investment Sales Oy, Korkia Private Equity Oy (former Wallstreet Private Equity Oy, name change pending), and Korkia Venture Insight Oy. Details of the controllers can be found on our webpage.

When we refer to “you”, we mean you as a customer, a potential customer, our customer’s employee or other relevant parties, such as beneficial owners, authorised representatives, corporate cardholders and associated parties.

This Privacy Policy covers the following areas:

1. What personal data we collect
2. How we may use your personal data and the lawful basis for doing so
3. Who we may disclose your personal data to
4. How we protect your personal data
5. Your privacy rights
6. Cookies
7. How long we keep your personal data
8. How changes to this Privacy Policy and the Cookies policy will be made
9. Contacting us or the data protection authority


1. What personal data we collect

The personal data we collect can be grouped into the following categories:

  • Identification information: national identification number and name.
  • Contact information: phone numbers and addresses.
    Financial information: credit history, insurance history.
  • Information related to legal requirements: country of taxation or foreign tax payer reference, customer due diligence and anti-money laundering requirements.
  • Special Categories of Data: information concerning health might be needed for some insurance- products.

Korkia has an obligation to collect and document personal identification information, for example, by taking a copy of a passport, driving license or equivalent. Personal information is usually collected directly from the customer or gained from the use of Korkia’s services. To keep the information up to date, we may need more additional information.

Personal data collection

We collect information you provide directly to us. For example, when becoming a new customer, we collect personal data, such as name, national identification number, e-mail address and phone number, income and debt information to be able to provide you with the product or service in question. We also collects information which you provide us with such as messages you have sent us, e.g. feedback or a request in our digital channels. Calls and chat conversations with you may also be recorded and logged for verification of orders, documentation, and for quality and improvement purposes. For security purposes, we may have cameras in our offices.

Personal data from third parties

In addition to the Korkia Group companies and the communities we work with, we can also collect personal information from:

  • Publicly available and other external sources; register held by governmental agencies (such as population registers and registers held by tax authorities, company registration offices, enforcement authorities, etc.), sanction lists (held by international organisations such as the EU and UN as well as national organisations such as Office of Foreign Assets Control (OFAC)).
  • Registers held by credit-rating agencies and other commercial information providers providing information on e.g. beneficial owners and politically exposed persons.
  • In connection with payments, we collect information from remitters, shops, banks, payment service providers and others.
2. How we may use your personal data and the lawful basis for doing so

We use your personal data to comply with legal and contractual obligations as well as to provide you with offers, advice and services.

The main purpose of our processing of personal data is to collect, verify, and process personal data prior to giving an offer and entering into a contract with you as well as documenting, administering and completing tasks for the performance of contracts. Examples of the performance of a contract:

  • processes required to conclude a financial management agreement
  • customer service during the contract period

In addition to the performance of contract, processing of personal data also takes place for us to fulfil our obligations under law, other regulations or authority decisions. Examples of processing due to legal obligations:

  • Know Your Customer requirements
  • Preventing, detecting, and investigating money laundering, terrorist financing, and fraud
  • Sanctions screening
  • Bookkeeping regulations
  • Reporting to tax authorities, police authorities, enforcements authorities, supervisory authorities
  • Risk management obligations
  • Other obligations related to service or product specific (for example investment services, securities, funds and other investment products) legislation

Our goal is to develop and optimize our product portfolio and customer service. Personal data is also processed in connection with marketing, product and customer analysis. Marketing activities, processes, business and systems development, including testing, are based on the processing of personal data.

There may be situations when we will ask for your consent to process your personal data. The consent will contain information on that specific processing activity. If you have given consent to a processing of your personal data you can always withdraw the consent.

3. Who we may disclose your personal data to

Providing services and compliance with contracts may require the sharing of personal data.

We may share your personal data with others such as authorities, Korkia Group companies, suppliers, payment service providers and business partners. Before sharing we will always ensure that we respect relevant financial industry secrecy obligations.

We also disclose personal data to authorities to the extent we are under statutory obligation to do so. Such authorities include tax authorities, police authorities, enforcements authorities and supervisory authorities.

We have entered into agreements with selected suppliers, which include processing of personal data on behalf of us. Examples thereof are suppliers of IT development, maintenance, hosting and support.

Third country transfers

In some cases, we may also transfer personal data to organisations in so-called third countries (countries outside of the European Economic Area). Such transfers can be made if any of the following conditions apply:

  • the EU Commission has decided that there is an adequate level of protection in the country in question.
  • other appropriate safeguards have been taken, for example the use of the standard contractual clauses (EU model-clauses) approved by the EU Commission or the data processor has valid Binding Corporate Rules (BCR) in place, or
  • that there are exceptions in special situations, such as to fulfill a contract with you or your consent to the specific transfer.
4. How we protect your personal data

Keeping your personal data safe and secure is at the centre of how we do business. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, and unauthorized access, disclosure, alteration and destruction.

5. Your privacy rights

You as a data subject have rights in respect of personal data we hold on you. You have the following rights;

A) request access to your personal data. You have a right to access the personal data we are keeping about you. In many cases this information is already present to you in your online services from us. Your right to access may, however, be restricted by legislation, protection of other persons’ privacy and consideration for the Korkia Group’s business concept and business practices. The Korkia Group’s know-how, business secrets as well as internal assessments and material may restrict your right of access.

B) request correction of incorrect or incomplete data. If the data are incorrect or incomplete, you are entitled to have the data rectified, with the restrictions that follow from legislation.

C) request erasure. You have the right request erasure of your data in case:

  • you withdraw your consent to the processing and there is no other legitimate reason for processing,
  • you object to the processing and there is no justified reason for continuing the processing,
  • you object to processing for direct marketing,
  • processing is unlawful or
  • when processing personal data on minors, if the data was collected in connection with the provision of information society services.

Due to the financial sector legislation we are in many cases obliged to retain personal data on you during your customer relationship, and even after that, e.g. to comply with a statutory obligation or where processing is carried out to manage legal claims.

D) limitation of processing of personal data. If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of these data to only storage. The processing will only be restricted to storage, until the correctness of the data can be established, or it can be checked whether our legitimate interests override your interests.

If you are not entitled to erasure of the data which we have registered about you, you may instead request that we restrict the processing of these data to only storage. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of these data be restricted to storage. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this.

E) object to processing based on our legitimate interest. You can always object to the processing of personal data about you for direct marketing and profiling in connection to such marketing.

F) data portability. You have a right to receive personal data that you have provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the basis consent or of fulfilling a contract. Where secure and technically feasible the data can also be transmitted to another data controller by us.

Your request to exercise your rights as listed above will be assessed given the circumstances in the individual case. Please note that we may also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

6. Cookies

Korkia collect, process and analyse data regarding the use of our webpages. Traffic data is data connected to visitors on the webpage and data handled in communication fields for sending, distributing or making messages available.

We use cookies and similar technologies to deliver products and services to you, provide a secure online environment, to manage our marketing and provide a better online experience, track our website performance and to make our website content more relevant to you. The data will not be used to identify individual visitors. If you choose to accept only essential cookies, you may still use our websites and some services, however your access to some functionality and areas of our website or services may be restricted substantially.

7. How long we process your personal data

We will keep your data for as long as they are needed for the purposes for which your data was collected and processed or required by laws and regulations.

Where we keep your data for other purposes than those of the performance of a contract, such as for anti-money laundering, bookkeeping and regulatory capital adequacy requirements, we keep the data only if necessary and/or mandated by laws and regulations for the respective purpose.

Specific examples are:

  • Preventing, detecting and investigating money laundering, terrorist financing and fraud: minimum five years after termination of the business connection or the performance of the individual transaction
  • Detection and investigation of money laundering, terrorist financing and fraud: at least five years after the end of a business relationship or after an individual transaction
  • Bookkeeping regulations: up to ten years
  • Other service or product specific regulations (such as investment services, securities, funds and other investment products): up to seven years
  • Details on performance of an agreement: up to ten years after end of customer relationship to defend against possible claims

The above is only for explanatory purposes.

There may be divergences within the Korkia Group due to the local laws of different countries.

8. How changes to this Privacy Policy and the Cookies policy will be made

To develop our services, we reserve the right to make changes to the Privacy Statement from time to time.

If the changes are significant, we will provide a more prominent notice, when we are required to do so by applicable law.

9. Contacting us or the data protection authority

If you have any questions or concerns regarding our privacy policy, you can contact Korkia’s customer service. You can send your contact by e-mail to or by mail to Korkia Oy, Keskuskatu 8 B, 00100 Helsinki.

You can also make a complaint or contact the Data Protection Authority: Office of the Data Protection Ombudsman, Ratapihantie 9, 00520 Helsinki, PL 800, 00521 Helsinki