Papula-Nevinpat Privacy Notice

This privacy notice includes information about how Papula-Nevinpat processes the personal data. All personal data is processed under this Privacy Notice and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679; the “GDPR“) and other applicable national data protection laws in Finland (“Data Protection Law”)

Papula-Nevinpat Privacy Notice includes the following information:

1. Registrar and responsible person contacts details
2. Collection of the personal data and the purpose thereof
3. Data processing
4. Transfer and disclosure of the personal data
5. Where is the data processed
6. Right to verify the data and request correction

1. Registrar and responsible person contact details

The Registrar is Papula-Nevinpat, Mechelininkatu 1 A, 00180 Helsinki, reg. no 0236098-2. The responsible contact person is Heidi Mikkola, tel. +358 9 34800 60.

2. Collection of the personal data and the purpose thereof

Papula-Nevinpat collects data through the following channels and for the following purposes:

– News, publications and events activities:

When signing up to an email list or registering to a seminar or event organized by Papula-Nevinpat, the information provided is used for the purpose of arranging the event, as well as for marketing and other communications. The personal data is used for these purposes until informed that such information is no longer wanted. This can be done at any time by clicking the “unsubscribe” button in any of our send outs or by contacting us at email address This use of the personal data is based on our legitimate interest in marketing our services or keeping in touch with various stakeholders.

The personal data used is the data that has been provided to Papula-Nevinpat, namely names, title, position, email-address, phone numbers, language preferences and other information. In connection with events where the food is served, also dietary and other preferences may be collected at the request.

Any such data disclosed will be deleted unless there is a reason to use the data under Data Protection Law.

– Client information:

Papula-Nevinpat collects information provided by or on behalf of the clients or generated by us in the course of providing services to our clients. This collection of data is based on our legitimate interest as an Intellectual Property firm when providing professional services.
Papula-Nevinpat also uses personal data collected in connection with client matters to fulfill the assignments instructed by the clients. The personal data collected relates to identification, contact details and matter-related background information provided by the clients, their representatives or their counterparties.

Papula-Nevinpat will store personal data related to the client matters for as long as it is required to fulfill the agreed assignment under applicable legislation or the Rules of the Association of Finnish Patent Attorneys.

In some cases the personal data have been supplemented by information retrieved from other sources, including searches via publicly available search engines, sector specific newsletters, social media and client’s website, for the purpose of completing the proper handling of the professional assignment.

3. Whistleblowing channel

Papula-Nevinpat offers a whistleblowing reporting channel in accordance with EU Directive (2019/1937) for our staff and stakeholders to be able to safely report any misconducts they may have observed. All reports will be handled properly and confidentially as required by law (Act on the Protection of Persons Reporting Infringements of European Union and National Law 1171/2022). The confidentiality of the identity of the whistleblower, the person concerned and any other parties referred to in the report will be protected in all cases. The information of the report will only be accessible to authorized persons who are bound by the obligation of confidentiality. The identity information will not be disclosed to outsiders without the whistleblower’s consent. The information will be deleted once the statutory obligations of Papula-Nevinpat have been fulfilled and the information needs no longer be stored, and in any event within the statutory time limit.

4. Data processing

Papula-Nevinpat will only process personal data for the purposes for which it was collected and as set out above, and personal data will only be available to authorized employees holding a position that requires them to process personal data to perform their work. Personal data is not processed for no longer than is necessary for the particular purpose. We fully comply with our statutory retention obligations and our internal retention time policies.

Papula-Nevinpat has taken appropriate technical and organizational measures to keep personal data secure to ensure that only authorized persons are given access to the personal data. We also have internal policies in place for secure processing of personal data.

5. Transfer and disclosure of the personal data

Papula-Nevinpat will not disclose personal data to any third parties unless required to do so under applicable laws, to prepare for legal proceedings or defend a claim, or to perform services for our clients.

However, the personal data may be transferred to and processed by third-party providers (sub-contractors) which perform services for Papula-Nevinpat to enable these companies to perform the services requested by Papula-Nevinpat.

Only personal data that is necessary to fulfill the purposes stated above will be provided to these companies. All third-party providers (sub-contractors) must follow the instructions and applicable agreements that are in place between Papula-Nevinpat and its third-party providers (sub-contractors), and must implement appropriate technical and organizational measures for the protection of the personal data.

6. Where is the data processed

Papula-Nevinpat processes personal data on servers within the EU/EEA.

However, in the specific assignments and when instructed by the clients, the personal data will be transferred outside the EU/EEA. The level of information protection in countries outside the EU/EEA may be lower than that offered within the EEA. Where this is the case, Papula-Nevinpat will implement appropriate measures under the GDPR to ensure that any personal data remains protected and secure. The personal data is transferred only to the trustful parties within internally accepted network of local attorneys to fulfill the client’s instructions.

7. Right to verify the data and request correction

Each party included in Papula-Nevinpat Registers has a right:

– to request access to their personal data. This includes e.g. the right to be informed whether or not personal data is being processed, what personal data is being processed, and the purpose of the processing. This includes also the right to request that inaccurate or incomplete personal data be corrected,

– to object to certain processing of personal data, including for example processing of personal data for marketing purposes,

– to request that the personal data be erased if e.g. the personal data is no longer necessary for the purposes for which it was collected, the processing is unlawful, or the personal data has to be erased to enable us to comply with a legal requirement.

– to withdraw the consent: in cases where the processing is based on consent, such consent can be withdrawn at any time.

– to opt-out from marketing at any time any marketing material is sent. This can be also done at any time by contacting

If you have any questions regarding processing of personal data by Papula-Nevinpat, please feel free to contact