top of page
Homepage
Contact Us
Contact Us

Privacy Policy

1. Data Controller

Name: A2Z Tilitoimisto Oy (Operating under auxiliary name: Nortax Accounting)
Business ID: 3567524-3
Address: Uusiraja 9 A 5, 01350 Vantaa
Contact Person: Arslan Ijaz / info@nortax.fi
 

2. Legal Framework and Compliance

This policy is drafted in compliance with the EU General Data Protection Regulation (GDPR) (2016/679) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018). As an accounting firm, we also adhere to the data retention requirements specified in the Finnish Accounting Act (Kirjanpitolaki 1336/1997).
 

3. Purpose and Legal Basis for Processing

We process personal data for the following purposes:

  • Provision of accounting, bookkeeping, and payroll services (Contractual necessity).

  • Compliance with legal obligations (e.g., tax reporting, anti-money laundering laws).

  • Customer relationship management and communication.

  • Legal basis: GDPR Article 6(1)(b) [Contract] and 6(1)(c) [Legal Obligation].
     

4. Content of the Data Register

The data processed may include:

  • Client contact details (name, email, phone, address).

  • Employee data for payroll (social security numbers, salary details, bank accounts).

  • Financial data (invoices, receipts, tax information).
     

5. Retention Period

Personal data is retained only as long as necessary for the purposes defined above. According to the Finnish Accounting Act, accounting records must be kept for at least 6 to 10 years, depending on the document type.
 

6. Rights of the Data Subject

Under the GDPR, individuals have the following rights:

  • Right of access to their data.

  • Right to rectification of inaccurate data.

  • Right to erasure ('right to be forgotten') – subject to legal retention duties.

  • Right to restrict processing.

  • Right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu).
     

7. Disclosure and Transfer of Data

Data is shared with the Finnish Tax Administration (Vero) and relevant authorities as required by law. We use secure IT systems and cloud-based accounting software. If data is transferred outside the EEA, we ensure Standard Contractual Clauses (SCCs) or other legal safeguards are in place.
 

8. Updates to this Policy

We reserve the right to update this policy to reflect changes in legislation or our processing methods. The latest version will always be available on our website.

bottom of page