Privacy Policy
This privacy policy describes the practices and principles related to the processing of personal data. It helps you understand what personal data we collect and why, as well as how we process, protect, retain, and delete your personal data when you use the tilitoimisto.fi service.
Updated: 25.5.2026
User Groups and Data Processed
Financial management companies who wish to reach small businesses through the tilitoimisto.fi service:
Contact details such as name, phone number, and email address
Entrepreneurs who wish to find, compare, and contact financial management companies:
- Contact details such as name, phone number, and email address
- When you enter into a service agreement with your chosen accountant, Know Your Customer (KYC) data required by anti-money laundering legislation is also processed:
- Personal identity number and date of birth
- Address details
- Role and ownership share in the company
- PEP information (Politically Exposed Person)
- Country of taxation and birth, nationality
- Beneficial ownership information of the company
In connection with the chat service, the following may also be processed with your consent:
- IP address
- Website usage data
Why Do We Process Personal Data?
Tilitoimisto.fi is a platform service produced by Easor Oyj that brings together entrepreneurs looking for an accountant, financial management companies and financial management software. Through the website, an entrepreneur can find a skilled financial management partner and the financial management software they need, all under the same platform.
Financial management companies are independently responsible for providing accounting services; Easor provides the software used.
KYC data required by anti-money laundering legislation is processed to fulfil statutory obligations and obligations related to regulatory proceedings.
Regular Sources of Data
We most often receive your data directly from you, for example in the following situations:
- You call our customer service or send a message via chat
- Through contact forms on the tilitoimisto.fi website
- You become a contract partner of Easor as a financial management company and register as a user of the service
- When, as an entrepreneur, you enter into a service agreement with your chosen financial management company
Disclosure of Data and Use of Processors
The financial management company discloses client and contract data to Easor, among other things, for the purpose of customer identification required by anti-money laundering legislation.
In certain cases, personal data must be disclosed to authorities if required by applicable law or regulation, or by a request from a judicial or administrative authority.
List of processors:
| Company | Role |
|---|---|
| Enfo Oyj | Data centre services provider in Finland |
| Microsoft Oy | Cloud services provider within the European Union |
| GOsome Oy | Website administrator |
| Seravo Oy | Website administrator |
| Tawk.to (USA) | Chat service provider |
| Tracklution Oy | Marketing measurement and tracking system |
Transfer of Data Outside the EU/EEA
As a general rule, personal data is not transferred outside the European Union or the European Economic Area.
If data is transferred outside the EU/EEA, it is ensured that the country is one that the European Commission considers to provide an adequate level of data protection, that the recipient is certified under the Data Privacy Framework (DPF) (for recipients located in the United States), or that the transfer takes place using the standard contractual clauses published by the European Commission.
Processors that transfer data outside the EU/EEA:
tawk.to (United States; the processor is a DPF-certified company)
How Long Do We Retain Data?
Easor processes personal data of the contact person of financial management company for the duration of the contractual relationship.
The financial management company data is removed from the website within one (1) month of the termination of the cooperation agreement between Easor and the financial management company.
Data received through contact forms and chat is retained for six (6) months, after which it is deleted.
KYC data required by anti-money laundering legislation is retained for five years from the end of the client relationship, as required by law.
Rights of the Data Subject
Under Articles 15–22 of the European Union General Data Protection Regulation, the data subject has the right to:
- Access their personal data
- Rectification of data
- Erasure of data
- Restriction of processing
- Data portability
- Object to the processing of their personal data
- Lodge a complaint with a supervisory authority
You may at any time object to the processing of your personal data for direct marketing purposes.
The exercise of some of the data subject’s rights may be restricted by other mandatory legislation, on the basis of which Easor has the right and obligation to justifiably refuse rectification, erasure, restriction of processing, or portability of data. Processing may continue if it is necessary for the establishment, exercise, or defence of legal claims.
The data subject must submit a written request based on their rights by email to their financial management company, or to dataprotection@easor.com.
Data Controller and Contact Details
The financial management company acts as the data controller for their own client register.
The contact details of each financial management company can be found in the company profile in the service.
Data controller for the financial management company register:
Easor Oyj
3574738-2
Yrttipellontie 2
90230 Oulu
Tel. 0207 525 110 (switchboard)
dataprotection@easor.com
Data Breach Notification Practices
Notification to the data subject is made by the data controller if a personal data breach is likely to result in a high risk to the rights and freedoms of that person. The notification will describe the nature of the breach and the measures taken, as required by the GDPR.
The data controller is obliged to notify the data protection authority within 72 hours of becoming aware of a breach, if the breach is likely to result in a high risk to the rights and freedoms of a natural person. The notification is made in accordance with the instructions of the Data Protection Ombudsman in force at the time.
Limitations
This privacy policy does not apply to third-party websites, applications, or services that may be accessible through additional services offered by partners in the service.
By opening a partner’s website, the customer leaves the kirjanpitaja.fi service, at which point the third party may collect and share data it has gathered about the customer.
We always recommend reviewing the privacy practices of any third-party service before allowing the collection and use of your personal data in those services.