Data Protection / GDPR

In this page we have gathered information on how Rantalainen’s data protection policies regarding GPDR (General Data Protection Regulation), which came into force on 25.05.2018. The GDPR contains obligations to companies who process personal data.

Updated at 9.8.2022

GDPR in a nutshell

The GDPR contains new obligations regarding processing of personal data and data protection. Integral in the new regulation is the risk-based approach and data controller’s obligation to demonstrate that its processing activities are compliant with the requirements of the GDPR. The Data controller is required to handle sensitive data with caution. Additionally, the data controller must be able to demonstrate that it is operating according to the regulation.
Additional information about the GDPR can be found from:
Data Protection Ombudsman

Rantalainen’s contractual reform

Rantalainen is updating existing service agreements with its customers to be compliant with the General Data Protection Regulation. Simultaneously Rantalainen will update the accounting firm conditions (KL2004), which have been in use since 2004. In the new conditions (TAL2018), which are widely applied in the accounting industry, various matters are taken into consideration regarding the development and shift of accounting services. Simultaneously the understandability and readability of the terms have been improved.

We at Rantalainen have also taken the EU General Data Protection Regulation (GDPR) into account in the new conditions by composing a separate data protection agreement. In the renewed terms, the requirements that electronic services and electronic communication with authorities constitute, are also considered. Additionally, the contract responsibilities are defined more precisely than earlier, due to the development of information technology.

Simultaneously with the renewal of the conditions, we at Rantalainen have expanded our liability insurance to answer to the requirements of our new services and increased the accounting firm’s contractual liability limit in the event of damage. The limit has been raised from the industry standard 10.000 euros to 100.000 euros this applies to each of our customers.

Customer-specific exceptions from the contract terms, which have been specifically agreed upon, will stay in effect unless otherwise agreed upon.

The contracts will be updated digitally. The contact persons of our clients will receive a link through which they can digitally sign and accept the new conditions. If the client wishes, the contract update can be delivered and signed in paper form.

Updated service agreements

The updated service agreements consist of the documents below

Attachment	Description	Download
Accounting services contract	Customer specific contract regarding the production of services	–
General conditions	Taloushallintoliitto’s general conditions (TAL2018)
RAN GDPR 2018	Rantalainen’s modified conditions based on Taloushallintoliitto’s general conditions
Attachment 1-A	Record of Processing Activities
Attachment 1-B	The Accounting Firm’s Data Security of Personal Data
Attachment 1-C	A record and instructions on personal data processing provided by the client	–
Attachment 2-B	Information security of personal data in software

Rantalainen as a personal data processor

Information security in ensured by both technical and organizational measures. Personal data processing is executed in a appropriate and secure manner. Personal data processing and data security is illustrated in the documents above attachment 1-A and 1-B.

Software and subcontractors used by Rantalainen

Software used by Rantalainen, software providers and subcontractors who are responsible for them are for their part personal data processors. Below we have listed links to the software providers and subcontractors data security web sites. Additionally, the data security of different softwares is illustrated in the attachment 2-B.

Visma Privacy page, Visma Solutionsin Privacy page, Visma security and privacy (Visma Fivaldi, Autoinvoice, Entry, Expense, L7, Netvisor, Escan, Financial Overview)
Procountor Security pages, Finago Privacy page, Mepco Privacy page (Accountor Procountor, Mepco, Etasku)
Aditro GDPR (Aditro VIRA Personec W)
Espina Privacy Page (Espina Kasperi)
Bezala Privacy page (Bezala)
Lemonsoft Oy Privacy page, Lemonsoft Oy Privacy page attachment (Lemonsoft)
Suomi.fi Privacy Page (Suomi.fi)
Admicom Privacy Page (Admicom, OpusCapita)
Heeros GDPR (Heeros)
Netbaron Privacy page (Netbaron)
Telia Inmics-Nebula (IT)

Data Protection Officer

Rantalainen’s acting data protection officer is director of legal affairs Kimmo Martikainen (kimmo.martikainen@rantalainen.fi, 040 555 8081)

Your contact person in contractual issues

Primarily service managers, service executives and your personal contact person will address your questions. However, if you prefer you may also contact the persons below.

Kimmo Martikainen

Sopimukselliset ja EU-tietosuojaan
liittyvät asiat
Lakiasiainjohtaja, varatuomari

kimmo.martikainen@rantalainen.fi

040 555 8081

Toni Borgman

Järjestelmien tekninen suojaus
IT-päällikkö

toni.borgman@rantalainen.fi

045 329 8511

Toni Takala

Järjestelmien tekninen suojaus
Kehityspäällikkö

toni.takala@rantalainen.fi

044 753 5706

Laura Flück

Avtalsärenden på svenska
Utvecklingschef

laura.fluck@rantalainen.fi

010 324 3235

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
csrftoken	1 year	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gaupseller	1 minute	No description
_gat_UA-5372016-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
AnalyticsSyncHistory	1 month	No description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
CONSENT	16 years 3 months 16 hours 10 minutes	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
gid	2 years	Google Analytics installs this cookie to store a unique value when the user visits each page.
giosg_chat_id_1235	2 years	No description
giosg_gid_1235	2 years	No description
giosg_gsessid_1235	30 minutes	No description
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
iutk	5 months 27 days	This cookie is used by Issuu analytic system. The cookies is used to gather information regarding visitor activity on Issuu products.
li_gc	2 years	No description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
sgid	2 years	No description available.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.